last executing test programs: 31.106185456s ago: executing program 0 (id=742): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00'}, 0x18) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x0, 0x0) openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0xc2d41, 0x0) 28.267501835s ago: executing program 0 (id=757): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) getpid() mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000440), 0x8, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) r3 = inotify_init1(0x80000) inotify_add_watch(r3, 0x0, 0x114) chdir(&(0x7f00000003c0)='./bus\x00') r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r4, &(0x7f0000010200)=ANY=[], 0x118) 27.274287353s ago: executing program 0 (id=760): socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000040), 0x2, 0x6}}, 0x20) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000000)={0x0, 0x18, 0xfa00, {0x3, 0x0, 0x2, 0x9}}, 0x20) close_range(r0, 0xffffffffffffffff, 0x0) 26.823098148s ago: executing program 0 (id=762): fsopen(&(0x7f0000000140)='zonefs\x00', 0x1) r0 = socket$can_bcm(0x1d, 0x2, 0x2) userfaultfd(0x80001) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101097, 0x0) mount$bind(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b100a, 0x0) mremap(&(0x7f0000064000/0x3000)=nil, 0x3000, 0x600000, 0x3, &(0x7f0000a00000/0x600000)=nil) r1 = open(0x0, 0x64842, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) socket$inet(0x2, 0x5, 0x1) socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24008000}, 0x4000) pwritev2(r1, &(0x7f0000000240)=[{}], 0x1, 0x7c00, 0x0, 0x3) read$FUSE(r1, 0x0, 0x0) mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0) ioctl$UFFDIO_ZEROPAGE(r1, 0x402c5839, 0x0) connect$can_bcm(r0, 0x0, 0x0) socket(0x10, 0x80003, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) 26.447854665s ago: executing program 0 (id=765): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001c00)=@base={0xb, 0x5, 0x7, 0x9, 0x1}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b708000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r0, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) bpf$MAP_CREATE(0x300000000000000, &(0x7f0000000100)=@base={0x18, 0x4, 0x41, 0x0, 0x1, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x4002, 0x5}, 0x48) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0) sendmsg$NFNL_MSG_CTHELPER_DEL(0xffffffffffffffff, 0x0, 0x40000) syz_open_dev$ttys(0xc, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) gettid() close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) bind$unix(r2, 0x0, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/cpuinfo\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x20000023896) r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$TCSETSW(r5, 0x5403, &(0x7f00000000c0)={0x5, 0xc, 0x3d, 0x7fff, 0x14, "71feaf33432ed6fe90107884be157e88b3e578"}) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002000)='devtmpfs\x00', 0x0, &(0x7f0000002040)='dirsync') 24.9713765s ago: executing program 0 (id=769): r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = syz_open_dev$tty1(0xc, 0x4, 0x2) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r2, 0x84, 0x1e, &(0x7f0000000000), &(0x7f0000000040)=0x4) r3 = dup(r1) write$UHID_INPUT(r3, 0x0, 0x0) r4 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) write$rfkill(r4, &(0x7f0000000080)={0x0, 0x1, 0x3, 0x3, 0xfd}, 0x8) mincore(&(0x7f0000ffd000/0x1000)=nil, 0x1000, &(0x7f0000000240)=""/3) write$rfkill(r4, &(0x7f0000000340)={0x6, 0x0, 0x3, 0x0, 0x1}, 0x8) preadv(r0, &(0x7f0000000180)=[{&(0x7f00000001c0)}], 0x1, 0x1, 0x8000) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'lo\x00', 0x0}) openat$uinput(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x28, 0x24, 0x4ee4e6a52ff56541, 0x40000, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}, {0x0, 0xfff3}}, [@TCA_STAB={0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x4000400}, 0x0) getsockopt$sock_cred(r5, 0x1, 0x11, 0x0, &(0x7f0000000100)) fcntl$setstatus(r0, 0x4, 0x2000) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r7, 0x6, 0xd, &(0x7f0000000040)='dctcp', 0x5) bind$inet6(r7, &(0x7f0000000080)={0xa, 0x2, 0x200, @loopback, 0x7}, 0x1c) setsockopt$inet6_tcp_int(r7, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4) sendto$inet6(r7, &(0x7f0000004080)="611c", 0x2, 0x20000045, &(0x7f0000000140)={0xa, 0x2, 0xffff, @loopback, 0x3}, 0x1c) r8 = socket$packet(0x11, 0x3, 0x300) r9 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a00009040000010301010009210008000122010009058103"], 0x0) syz_usb_control_io$hid(r9, &(0x7f0000000040)={0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="00000c000000070001", @ANYRESOCT=r9], 0x0, 0x0, 0x0}, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000080)={'erspan0\x00', 0x0}) r11 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r11, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3400000013000100000000000000000007000000", @ANYRES32=r10, @ANYBLOB="000000000000000014001a80100004800c00058008"], 0x34}}, 0x0) 23.271536778s ago: executing program 32 (id=769): r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = syz_open_dev$tty1(0xc, 0x4, 0x2) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r2, 0x84, 0x1e, &(0x7f0000000000), &(0x7f0000000040)=0x4) r3 = dup(r1) write$UHID_INPUT(r3, 0x0, 0x0) r4 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) write$rfkill(r4, &(0x7f0000000080)={0x0, 0x1, 0x3, 0x3, 0xfd}, 0x8) mincore(&(0x7f0000ffd000/0x1000)=nil, 0x1000, &(0x7f0000000240)=""/3) write$rfkill(r4, &(0x7f0000000340)={0x6, 0x0, 0x3, 0x0, 0x1}, 0x8) preadv(r0, &(0x7f0000000180)=[{&(0x7f00000001c0)}], 0x1, 0x1, 0x8000) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'lo\x00', 0x0}) openat$uinput(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x28, 0x24, 0x4ee4e6a52ff56541, 0x40000, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}, {0x0, 0xfff3}}, [@TCA_STAB={0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x4000400}, 0x0) getsockopt$sock_cred(r5, 0x1, 0x11, 0x0, &(0x7f0000000100)) fcntl$setstatus(r0, 0x4, 0x2000) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r7, 0x6, 0xd, &(0x7f0000000040)='dctcp', 0x5) bind$inet6(r7, &(0x7f0000000080)={0xa, 0x2, 0x200, @loopback, 0x7}, 0x1c) setsockopt$inet6_tcp_int(r7, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4) sendto$inet6(r7, &(0x7f0000004080)="611c", 0x2, 0x20000045, &(0x7f0000000140)={0xa, 0x2, 0xffff, @loopback, 0x3}, 0x1c) r8 = socket$packet(0x11, 0x3, 0x300) r9 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a00009040000010301010009210008000122010009058103"], 0x0) syz_usb_control_io$hid(r9, &(0x7f0000000040)={0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="00000c000000070001", @ANYRESOCT=r9], 0x0, 0x0, 0x0}, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000080)={'erspan0\x00', 0x0}) r11 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r11, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3400000013000100000000000000000007000000", @ANYRES32=r10, @ANYBLOB="000000000000000014001a80100004800c00058008"], 0x34}}, 0x0) 14.342210127s ago: executing program 1 (id=798): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x8080, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000340)={'pimreg1\x00', 0x1}) gettid() r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000040000000800000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) timer_create(0x0, 0x0, &(0x7f0000000380)) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$getownex(r5, 0x10, 0x0) sendto$inet6(r6, 0x0, 0x0, 0x20000841, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @empty}, 0x1c) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) r8 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/resume', 0x149a82, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0x0, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$NFULNL_MSG_CONFIG(r7, &(0x7f0000000340)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="04000100000000000000000000000e0d0000000000000500c100050001"], 0x30}, 0x1, 0x0, 0x0, 0x4040000}, 0x0) write$cgroup_int(r8, &(0x7f0000000040)=0x1c9, 0x12) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000006c0)='sched_switch\x00', r2}, 0x10) 12.738992985s ago: executing program 1 (id=802): syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="120100007516b7108c0d0e008f8e0018030109021b0001000000000904080001030000000905", @ANYBLOB="8fcf"], 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000140), 0x4, 0x0) sendmsg$TIPC_NL_BEARER_GET(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[], 0x18}, 0x1, 0x0, 0x0, 0x48860}, 0x20040800) ioctl$EVIOCGKEYCODE_V2(r0, 0x80284504, &(0x7f0000000040)=""/185) 10.291306446s ago: executing program 4 (id=813): syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x1000421, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x10, 0x0, &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r3}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x18) ioctl$USBDEVFS_CLEAR_HALT(0xffffffffffffffff, 0x80045515, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, 0x0, 0x0) r4 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r4, &(0x7f0000000000), 0x10) setsockopt$CAN_RAW_ERR_FILTER(r4, 0x65, 0x2, &(0x7f0000000300)=0x1, 0x4) dup3(0xffffffffffffffff, r4, 0x0) r5 = socket(0x10, 0x3, 0x0) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r5, 0x89f3, &(0x7f0000000500)={'gre0\x00', &(0x7f0000000280)={'tunl0\x00', 0x0, 0x710, 0x1100, 0x1, 0x0, {{0x5, 0x4, 0x0, 0x1, 0x14, 0x0, 0x0, 0x5, 0x2f, 0x0, @empty, @private}}}}) 10.181552177s ago: executing program 1 (id=815): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00'}, 0x18) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x0, 0x0) openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0xc2d41, 0x0) 9.224472881s ago: executing program 4 (id=817): prlimit64(0x0, 0xe, &(0x7f0000000700)={0x8, 0x200000000000008c}, 0x0) sendmsg$TIPC_NL_PUBL_GET(0xffffffffffffffff, 0x0, 0x80) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) iopl(0x3) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={0x0, 0xffffffffffffffff, 0x0, 0x6}, 0x18) r3 = syz_open_dev$sndpcmc(&(0x7f0000000480), 0x1, 0x0) ioctl$SNDRV_PCM_IOCTL_HW_REFINE_OLD(r3, 0xc1004110, &(0x7f0000000000)={0x8, [0x6, 0x7fffffff, 0x3], [{0x3, 0xffffffff, 0x0, 0x1}, {0x35, 0x35}, {0x0, 0x100000c}, {0xffffffff}, {0x0, 0xb76}, {0x3, 0x200}, {0x0, 0xfffffffd}, {0x3, 0x10000}, {0x0, 0x82}, {0x1000000, 0x6}, {0x1, 0xffffffff}, {0x4, 0x8}], 0xe}) 7.952537597s ago: executing program 4 (id=820): syz_open_dev$sndpcmp(&(0x7f0000000500), 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f00000013c0)=0x80000000001, 0x4) connect$inet6(r0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYBLOB="240000001a"], 0x24}}, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x3, [@func={0x2, 0x0, 0x0, 0xc, 0x2}]}, {0x0, [0x0]}}, 0x0, 0x27}, 0x28) syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000280)='./file0\x00', 0x0, &(0x7f0000000000)={[{@debug}, {@delalloc}, {@resuid}, {@test_dummy_encryption}, {@nodiscard}, {@grpid}, {@acl}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x40}}], [{@obj_user={'obj_user', 0x3d, '\'),]\x1c^,)-\\,\\}'}}, {@fsuuid={'fsuuid', 0x3d, {[0x32, 0x39, 0x65, 0x35, 0x62, 0x63, 0x35, 0x33], 0x2d, [0x31, 0x64, 0x34, 0x33], 0x2d, [0x61, 0x51, 0x35, 0x32], 0x2d, [0x61, 0x34, 0x33], 0x2d, [0x63, 0x62, 0x34, 0x39, 0x37, 0x66, 0x30]}}}, {@dont_appraise}, {@mask={'mask', 0x3d, '^MAY_READ'}}]}, 0x1, 0xbb4, &(0x7f00000017c0)="$eJzs3M1rXOUaAPDnnHy2zb2TXi6X27tpLpdLC+I0raTYIthKxY0LQbdCQzopIdMPkkhNmsVE/wFR14IbQS1KF3bdjYJbN1q3FhdCkdgoiGjkzEeSJjNJ2k5yYvL7wZvzvvOcOe/z5DBzzgszE8CeNZD9SSMORcT5JKJQfzyNiO5qrzeiUttvYX525Jf52ZEkFhdf/jGJJCLuz8+ONI6V1LcH6oPeiPjquST+8ebaeSenZ8aHy+XSRH18bOrS1WOT0zNPjl0avli6WLp8/OTTQyeGTg6eGmpbrb9+d+bWz/994fvKbx/9fuOndz5I4kz01WMr66hX/dgGYmDpf7JSZ0QMt+H4O0FHvZ6VdSadGzwp3eKkAABoKV1xD/evKERHLN+8FeLzr3NNDgAAAGiLxY6IRQAAAGCXS6z/AQAAYJdrfA7g/vzsSKPl+4mE7XXvbET01+pfqLdapDMq1W1vdEXE/vtJrPxaa1J72mMbiIi73576NGvR5HvIW60yFxH/bnb+k2r9/fVvQq+uP42IwTbMP7Bq/Feq/0wb5s+7fgD2pttnaxeytde/dOn+J5pc/zqbXLseRd7Xv8b938Ka+7/l+jta3P+9tMk5rn/43rVWsaz+Z249/0mjZfNn28cq6iHcm4v4T2ez+pOl+pMW9Z/f5ByFP66VWsXyrn/x/Ygj0bz+hmT93yc6NjpWLg3W/jadY+7LoY9bzZ93/dn539+i/o3O/9UHjtT6R31ePXfuZqvYxvWnP3Qnr1R73fVHXh+empo4HtGdvLj28RPr19vYp3GMrP6j/1v/9d+s/uw9oVL/P2SVz9W32fiNVXM+e+P6Z+vVn6398jz/Fx7x/L+1yTn+/8XbR1vFVq5/s5bNfzeprYUBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoCGNiL5I0mJEJNV+mhaLEQci4p+xPy1fmZx6YvTKa5cvZLGI/uhKR8fKpcGIKNTGSTY+Xu0vj0+sGj8VEQcj4t3Cvuq4OHKlfCHv4gEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFhyICL6IkmLEZFGxEIhTYvFvLMCAAAA2q4/7wQAAACALWf9DwAAALuf9T8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABb7ODh23eSiKic3ldtme56rCvXzICtluadAJCbjrwTAHLTmXcCQG4eco3vdgF2oWSDeG/LSE/bcwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABg5zpy6PadJCIqp/dVW6a7Hutq+ozD25gdsJXSvBMActOxXrBz+/IAtp+XOOxdzdf4wF6SbBDvXd6n8mCkZ8tyAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGDn6au2JC1GRFrtp2mxGPG3iOiPrmR0rFwajIi/R8Q3ha6ebNyTd9IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC03eT0zPhwuVya0NHRybeT7Iw0ap2835kAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMjD5PTM+HC5XJqYzDsTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIG+T0zPjw+VyaWITnZsPs/OKTt41AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACQnz8DAAD//9b4DfQ=") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x6) close(0x3) syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/net\x00') r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xb, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000180000002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000004c0)={r3, 0x3, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x44) 6.601029839s ago: executing program 5 (id=822): socket$netlink(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) sendmsg$BATADV_CMD_GET_MESH(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0, 0x32}}, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000ac0)=@base={0x6, 0x4, 0x1010, 0x89}, 0x50) r5 = syz_open_procfs(0x0, &(0x7f0000000080)='smaps\x00') preadv(r5, &(0x7f00000000c0)=[{&(0x7f0000000640)=""/4112, 0x1010}], 0x1, 0x4000, 0x0) syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) r6 = syz_open_dev$dri(&(0x7f0000000080), 0x40100001, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r6, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r5, 0xc02064b9, &(0x7f00000002c0)={&(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000280)=[0x0, 0x0, 0x0, 0x0], 0x5, 0x0, 0xe0e0e0e0}) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000180)=ANY=[@ANYBLOB="68000000100039042cbd7000eaffffff000003e4", @ANYRES32=r1, @ANYBLOB="83000400000000004800128008000100736974003c000280050009002900000019"], 0x68}, 0x1, 0x0, 0x0, 0x8000}, 0x4040) 6.512348028s ago: executing program 1 (id=823): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) r0 = getpid() r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) bind$llc(0xffffffffffffffff, 0x0, 0x0) listen(0xffffffffffffffff, 0x31a4) listen(0xffffffffffffffff, 0x2) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000200)=@framed={{0x18, 0x0, 0x0, 0x0, 0x20000}}, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x6a, '\x00', 0x0, 0x2}, 0x94) syz_open_dev$cec(&(0x7f0000000000), 0x0, 0xc8c01) 6.170259592s ago: executing program 1 (id=824): mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x1) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x80, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f0000006300)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0x34014c40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}}, 0x50) syz_fuse_handle_req(r0, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000001d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20, 0x0, 0x0, {0x0, 0x1a}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_fuse_handle_req(r0, &(0x7f0000004200)="a28096c80abf3543ecde7564abff5085d2227ebcb0f164ae92706ad0b083a3f469a3efd15b4921e9c3063b98b3082068e7c31950dde842eac55df0f991453cad62a6956b0b6f7b8cf49b506a3060fe1127eca99663ade8efa89ee189acb5f3b92f6bc4c46621c803eed0d0bb5f32384870ed08f89d4f74445762fb99715e083c4c92a8878be19ffacc30d0f2da64f971cd40563163adc15670ecf25cd3ad96138967c4b53ad9d04b5193ab5fb674aa0030a9d703d1baf810ce897f969121f142161919e583c275671b999e7f363891dfdfdf3556d01b86ee29eca8fccbfeaf1771395148706cc6e6be7ce29fc9ffef061b5420950c1a525bf75ad06edec51538d1c5bbc77da72dc90fd9998936fffdda2427e5a68966c7e2208f76304680182ec73007e482f034195712af922db2726195d997708734db9e7825a864be00b2a4f800881fc0363f5e618398454f35b148b4ccb88d418269fac868a8ba4a2d5b4f06a1ac01b5ad158b842e05adca22c7372585bf4ce95560b6c1e021a3ed2ff7bd3b6b3c7734c3b66d7e4c460096312082f89b16baa6e73814aa60925780cd92cd65087e260ec046fc363264366a9df2c849c0644911303946adad544521ceb469a3e193ecc9a7876403fac461a4a70d6193b2451189a5c5120b3535e9edf619108af7f517b58abd3fa7fb1ab832213430d2e6901076fba9c9e1acc6c6f48ff0e419bbc45589745a176f52a7407ad5e3dd49acb31b47862806f47077dda04905e45a80a12cbcd4d2dd9fe66c2d1f99394fed8ec60961cd2dc7115a96ece432fac86d51bebb08b95f447a83792fe80291fca7b298c9043ef2c26f0f7e42798d3f54c84b94c24c76c555d83ecc53b99bb22d71845e5cf21a5ba7fbeffeb6306e1730db14561b950a3f24bcfd78d4ab0d97de8054bb1a6077ae7cca6e45d846d3df82298d07212922742cb0facac3b77edfbab90e9ee2d4f7b0ee9b17bb11ec5e5721340d84cb6bd93428167e69b47759172557acda313c3decdfc6fe9336bfade459f43b39d0f2289f9142db280f4ee668e650e12858c577e12e2b9a57ee66c834be97979bcbe94747fa5d8d0b7d3a9f8f218df1bf960f828429a1efe838616b18faf6629236ddbded43a093efae163228e5c38fd7714743c2fcca47e3382bcfb1ab893fd7377527b4ec43f3fa60ebd338161d8de7cad65b15579e4af258f5fe3a63c2637a15703207029b0899b5427767647baef11e291358e6e54f6f13d3d2ca7a5e7969e04d2733b3b9ab822c69a3cfac097384de5071a9b74a656136d55eb1000008747b509fd610ff62b4950ef71c934fe21a48a4931d3d9458b415f112cee65c660f5490e982341da1c58634b3967ca6f3596d20cc90f508382156e36f16539093240ef5f2aa6a2c0dff2a67df30dcf50bf6e0b82a3d49f2d532a8dde1b3ceefcf0837190b74186090d1c18b59917d7efce1adfb238ef4a7b1d22c4cef09320221de883e97e6882466508de06fcdabad3b741bdca2cff879d57ddda52f42b3dcb8a78cfc05826af7e4ff155960ff8491194f4d321ef195990abaeeefdcb852d1e1e3703f317385a9458b6c2dd9db830f757ec29c9939fc7313e639fe485bc1e41ddaaef3fbf1f7cc527c8fad0d21b8082482caad7bee440e5097665f636c3dfec82f8c98afb6243bc3944939675a594277d278ba4361461f7da52e224e4ce5dee4a467bf6ae9f67b61ac6eb0a440406abac2016eec907e241c57f5f44be47290fd0fef785ff04df3810ccd637b4d97a84bae8486a36f75d872e645fe46625969fc2d1f032c56ed44bd98ea27bd9b6ddc8eb2dc2ec9f90f2f1ca1bd20e37ac58b03c84c872f4ba47310654986641460dfdd531ac62a76ad87b89c103ac5c9c2e7e70c66447b3412d4a1e5cbc30e16939505116c04de33ae054ed366de8d1f971c2de439957a194e22a488f58d7efd46439177f3f3c45a1475927eecd846d3d2e6a2ab5c7f8addd99062c2fc6b272d1f51bb8f22f1b6f8bb3faf8aa85e5eb9abf7df5cf8f26267323808b0833a987989cbe59205e7ad06556e2d1b8a4873ca1cbcbc8d43abc145fd4eb832e7a58ab2c793d003ce7b1850ce45eb7480417a1e9eb9d39a1028a2a04a2aa649c098c4f8eee514db5f6021173bb254b8e22b150b2ca01dc7ff235db46ed78d07f43d1adab13b8445d1b32069eb45f9d389fcf5a3f7d3ebe243c5b1fe17b1f5a3d571b65f21b9e471e818172554dc956749b99cb7a5f303ec480d7194a2ba86e204f06aa1becdddc8c49082c527e7064ac2ad77dc05639d3d2a7778f6943ed6105ebf6f0b9e94fddbe05c236ec000f4d1d4e496b10068211ab68ada4c7f7ac61f5f5ba5f1810d5bbe87ff4f8356af0d3f682baedb0ad8f8488b277421f0a03fc5e3095ee34bc4472d8f17e3f7013cf2f79f5ff3ea4b6bae56d1365a33b09bfa9a496323f7da923b7e29dce4beb80035f13130004c96e56d7ef6ca6c101d20c27a218e623227c33c9e488b17e7ae9ac20da8240501f7b614a1730f164553fe479ef149866e4ea47296814284a3d3eb7cbb294289ffb996e0eb053b9c16e54cf267832e3d360eb196ed51305630223309ea97215628f01ec9d3ea48096418d5e962cac5063460f0a18772ec7ce66d14a1cce14b52c40bbbfafccbf1e76f09e57ff0718048e5b993157a6cf4718826b1e09430413a3596a15c4a620fa8c8e1d1663e5739f9f790ddbb3be0e00187d43717d659242467d8681ac10303346157f894d9037641417010e9654c6a5b22383e73a5a37128f50078a980c30930321aa5c5e7851d5d392ddce3a14a96916fa8421ae6728f37f5de7c3e98feb4babd4e1bd2315d595e209d52748f70adc2284fcdaa6ad880470d2a071f3490aaf3491fb64b4547419e8eccdc491a8921156cb4811ad1e66514a32b0b31b641438881f28c1e6461b4f451938999af671e8c6a5cd0c072a9fe4cdbefe24ca616f3d0a15ac97cca835b1a440e04fa28340c6044176c8ecc8ee0d033d47db8a0aacfa0eabdfa1c9509fc2604008f01cbafeb5bd2b503b809ed672340b9a576593f1ef388391b54b605e7a15bef7b1345627a34fca57738b0f8f4f19eea93c903495274a4425a1a1cc6c4c6e335b631df5185c95b485a4257867b5347a40e4e14dcc560f061fd4fd265137dc68afd548adde778f1330f769acb1ccf5da14ff6992c24e210ea6e6179421881b803393bc6974e37106c5b5b3b5d0b3469f8969bffb7e4ceb2c98e928e74366492d27235ae4c74a2f48511aeeaa53a2beafa7a331b50e454c507af1b63350a5cef35668a5b9325014192277e509561008b3601088f79d42eaa8b1e4ae2000b31749e2b8094312ddb7f3c1cd625ef885c11fa22a66e374b52b3425e0b8016154e1fd8471339e32e7373d63ab646d893fbe09ae07b06074c01401ea76b3c382a9d32f24f93c789964e16bc4206ecd75c10917ab84ffd8d6cdf4cd28fd90375ff28518f8c1a3befc538e1b9e427fb671988d29f2fb2fcd039f4d341c84eb4d7cf600ddaba88bb094e4d87a1419180149f491368e648b69985b05ac39a4ecdd3c5135f3a5c8ad7792dacb6470144bb9e67805a211efb3ec9ccaf8e0901345fb19e4da579e1fbe86a1207f4f13c3436009c2c640b7cf3f8b77ca7bd994bf93308027359c6dd1b7db1e153fc0821968ef36c003b6c73fe890f4de24f5c6458dbaaf3819edeaa91783c3cfc7e773689236248195c7bbd60113f2476fa3687621d668d1728ee433d2f8f4db707345d30f1e52ab87a2a0afd547c6bb06500f59f17facde48f693490e22494b75d11df1a143b85068d143ef6a9bb5937a9df380c8948f1a01e9675e18409edb0f6b9605b68e34632fcce472dc50b90b0f6dcd57931f78e1e8861a0fb62e72b0baad6f9d23c1cfb0f19b25013c8d9fcd786a2f6f79768b5fb398f7b2baa31ce8156d1fc4a46c1c463fdf30360d42aeed2ef11611d0b7f654bb51052fd4dc39328f8ec4c58bbda05e6f1b3c8f6d8adca0268f2410e9a4a7d63b6616006d0e02f6edacc10e5c54fd85f15a8bd7648a293f23d6a699bd9a675250475a73a96d7475e4fabb89fb5e7de5d7a3479aa485c0befc60d0ac4fd5ac6dbecceb06cad86e219fc0ce4720758917811a3215f8d13e413bfb64fc065fc421aede0b56691797dac428c7e463479fa591b9072c309b7533e427c5cc11a1f6cf9a5b995d328d796d874c5b55dfc12a5039b413ce319cf5ba1f355c4e0717d32650b43e18010f37f048731931c52c4f36eb969dda702afe96c2a5241350a67ba2d026946189c5e281293c9a8e2cff3784776f1de78b917101b54e5ab00c045ea15f28a0e3f509962cf8bd3385d85250737eae5c34ece86b86669c13b00308a3b13c0ac3c83ff26fb52a4aa83c1233a9490cb9ca917a056908931751bddb88a62379a713395f0764e4a393faf253a4026d0472270e6036287d56850df1751543484d65b3062155b6300e0024241c59a862ae769c1a9232a2d9fb24705177a09cceb3eefbf9f106f67e01be14cdeb4d2fc7d8661df3e75de5ccd09a7e559f028fb9837c621ea0045b4d1b679067f246339c974631aa7134d4e910efb28d3c48929cef1df7e6c73668762d55086b6c59c36ac90154135fd7ca4e4047dd0aa161fa982d8edf9c0cb9666477e096c55718f6e4742415fefd4f696d1f1ccd6322bc19496ddebd36282a7c707d5b44113e30678e6e33ab7d34be04a59ac614d6a54134490998be02636fa91633d6294781c2b9a54c611c0045cfcfe81f49aa21b29d835cd2047c854486fd8e65a2ebf629f7ced602b9dd107bfde483e5c9b5cbba4a08cdce09920bda9978b7fc2b4a89bf1573a26389e52090fdf5dccf22111dc8c42fd3c8c477092895398086cc22cca665269e193fc650742a361a44b857d258429f701f22e9b7615bc3dab78c1479a41cf8575cdb17169470b347adfc03e03daea3e269725cfc72df5664b9df36d2f2b55013b71133e0b80577a47182511ebb308b6248d457bd2af7b28e77182c305241178c4124ab102771fd5a8c3dacb8775de881301d71587c76bcf0a97a72ad244d0c42fd71aceec32dd48bb5c9a95b391166c832ac5bac8c7cae4d18b3f7d9f2e4782fdf97732e3d51f67bbb57f989ee0d7589dbd0c2a5c63840e914b9d7d720fa120acbffebf816b588b2ccc052e7fa78992e0ea39dd21a122add41195f8e2e1acd777c1a4e8ef4362fef441feb4d9252c6bfbd2742152300a32027776e3341620d3c8d9365e10e81adcca7d87a0e555c98a0353c692557d90ee9be3fbaab766abf93e2462149fd99c92a5fc58d899ee75535cd1fe1386c5ab0b157c2102039d6015258f59cef3f15b951893a30ae839f740402a30b34e7be73796286403c5beb0853d856d83f1b00b48328f56dcb32e1faab08a3435b1482bf18b21c95aefeaafa7fd761c7f28d416fcde06bf7aee5c6e9eb50e55874253ba3f1d0ce2505b4fc7c3fc996bfbb8446bafe84f5bea94bfd7ca5aeaf237fe793b66e5c521d4092e4e1f9bde1dfcfe53fa55005d21cfa833a338fd9792614129336060e10d1911862070761aa20c2902eb7c5a355eff4cf6253d7102a2ca1fead4c53b57d576d104c081310d92797e4e2e8c269d19910d0d4cedf30fa28ba680c00137f83de940624229b6a125ce5233c6cf4a3640b74f58f288dad8451fbe37641c5559a5f3caf1299c8bfb230723652278fe378efd8e459b9da26cffeb58468a6301dbc06d713ba2d8d43d9038f5f2dc8b831ba58a88eeb5b1786b21e398aeeeb7c1f3d6f01d82b3947862fb9e7cbd7da5d04c5fcd34da28d53e2246e3ac1e3a619ad174efa6435eaa0fc94d610799ce0158421dce046306eb5042143daa336d52206b12610ea6389cdda49bf5af1d4ee42ac090a94ae7b7612073f3a5c36a2245eda887f41478f7d20f18667f941f71eebcfa76c1ab28f2a49a3bd56bd3f4e6bd079ab3fe2d94782236e83585a03e52907abaef7456a95d5d3f3d37efdc035dbfd7c41b8ba0af2df8adf1cf24f7ff0beccd3d26bc91caf42314ef7e466f74e19ae0df2e2298fc2f694a7ec134632035585d530e7e19f65c256f001d75382d9825ef741bc213af186377d9ca10d3722354e1897ca5c23ac6a52c9ad0e6b686e1776f7ec65df033e8f4d5db80c1bc354093b319cb70df93d610667675816328c99322f14e636b95f04e6497f139d508b453f53ddb5c289d849fd5407c9bdcefd1642abd46e28cb4e94371bdc606eeb67c9fe17747c68f2d50e82711da4d3edb0eda06f41b7f93fa8fb4d83cf21c79da67000bac2275508217ade1659fa8d24e5f8efb9f4bd21073ebef3d06368eb03fa3cf0d638448bd055ed20d292033ffdba538559c8ff9a2a5c8f83b5c393643d6585d1df994c3be43e72b8f3f53114d2a5f6bcedb573842b23b6a3eb7fca8495bf03bd03fde7b19bd39a16cec49e01f38e671af33cae082d9788e3202799bc466babec2080528d0609c0b731964719093735b4c1e73bd0705637c47516922197c552baeaf3516b5e3bbc2cd1afa3ef8215196ed580d9561092f620b897e98e786a0c7cbb0eedda8063292ba6482497f5f6bb62fb5ab4c97cb7658dc6579718eb97b547fcf47ced1426561af93a15fb4dc6d3d93b868644943c2c94b23b0570bbb81df2666c24f5abccfcdd71e209f3bb43c01d17f9bc8b9af2c26762fc6a741a150b7d1186e4f35175f3c315243e1c11e92c43a1fc492eef5a13c77a81fcf514ebfd0f8e645dae15a07e86b2f01fda065db4505a5eea83cb616f744f6bee731be191c65449c02603556d5a51422cf9c2f19f8d6843e0c1091e0708aa271e91f71c8602b9fa72189e036b7cb6af1569f21269283de94a6d7fe5849fd433d5b719c80419873db0587fc29786cc598d896fb16360bddd2ce12e54d05418f4f5e5f2d7aafe9fcd6268cbe2e9e6329ffb6c67fab8f3ce673028cc06aaa6b857556bba3b44d3fab5b6e875e70a2f3ad4b2ff76f31ead3462d3801ba373b3c2f545e94f57021575e2947f81f53283fc0a5137fd44fa3d074c92de54a0a3465c858f5a7ef08313faddbc3663e4e0167f3cba39612057a7518fbfb031f5ad0f9f75831973ebd733b82e554bf3fdec84e51f65dab6028c6c51366d9d4700fdf255e4c7bd70766e7f2281b3f2a5363f85ce49f9135904d14bcb117ad754c2594dcdca2d30e40ff265b5accfb116f64ed99aad570c4c5a91efdbb984ac651d8721405a0342cf77f448c17a152eabf29e88950558a86d0074e1cefab1eb7c366682f686ee1338737e675ea58eb8b4c86b9f28a6f6e96459f29e3b4dc59ff044c61a0dcc5c31d803e6e98420e446229ccdec3d0f705e92ffe016bb3696373eadab7f35ccf65ab4d9be09a085ce21bbd7c0555376e4d7fe68b5e7a64f48b5127825fb2be598d991f9c1a54bf52713417dcc599e812d85513a537e6eafa738edc972b67e065595d11678449bce6cd3d69800a649b560d0e057c502ca3e72e97820829ecfea801192c3f4e2c8763c095a43ee6fe45fe8730130937668df1d4ee577ada28238be03286481f2d2a004cc4d48856e71fbd64f1a0043a4520ecbbf1b3abdc96b87a27be8495a20542967aa4cd3a44a11502419a083d84e97abfde0901b66dde48388649a0ed6d93b9f20c530e990c7c52370a114d800d6ab3f6687d6bbc105b63738fe05fa6cac98ad6663936bb18cb923264e4c921012b68a26a70977446b8f15f9d62467d8b356560c183a6bd6cd76ec868c3bd94a595cd7bf996755a508a814980c5e588b275200c45afd900c8c2de329ec2484b0e3ecd7b0960e5e3425881d1ff7f8bd8b20f5cc98ffc3acb77f5e88775a4bd3ab9f9eb027e27d3af55ebdf4eebab48ea911128d668d00fc3f5b5480aa0d9a4af563ba577384448e5425157133d59e1cef3c722f33700bd372825046b1fa5824e405154a3af1440bc2b75acfbd07cf92e8c162587e74b5ab66b1c6aeab3ad5fa3ee91da4900ef30ad04baea326df912517dd96e1696b4a91faa66675978a375e81f25464a1073dc6737af08d7e25956bb31d438548a7da38662d49db812a8cf1d6cc65f5c63879fd9ee7fd2a66ca3fc1a768cb239aab88c87206470b4c60592afeb6d69ed97a8f990155862ba4e22b64804142c131a23792937aa8a8696e165c24d7692a04bb4471b0f0d2507fe7c8618421428fc7a0acc984ca5cc6bacb772e8a717bbaa646f9643275910a6037afaf5a80678d18edda138a4e13d06d04a5d06431eab48738225cf1567e960e765728dc12e91b91c6f2b33dfb6e033aa68c1c2334d24335abc4a7a1df5636dec29091da54d5f5a1fff41e4a35a0c2f04f968f7d78e2f51c73577e2192bb20f289aaba5a175c2ed533855bd9ed9a842ad482136dd5e0cf45eb5e2d31ff62a3be1cf8a94a58316e74f4ab9fc54f3a0bb83beef0f355993bdea2c83e61cdc796bf2564ae51fae616799e8711998cd88d35cd9824452fdd65226174b46792cb87f4dd282e4e6f67eb66da413ad877ed6ce775f7e19bc93f48bb9e5ec04009de3c042aeacf7f4b25ad6b30e017303f64fe07ac79e8744aab6926d117f13513d0469cef335fe1d0d787c2d0b2c031a9521786ac10e9f8b768271680337f2c3262abdccb5d3107c632bf1f74c83ee91f49988222fb080cc8faa9b1a02526d8b6087e0b2354173d29016b3309587c16f057dd812aa63c3169150de81f3af97d082a8f8da4ce4f909ff649821d7f96d97613552e8cc4902e046ecfa329b1d980ff5ece69b8f1615fdff5244f41cec0af924624ae1641ecae5fa26c5fb9006e57100ee71377ced7c255ae17a0845e2ee0287c62c1852f93877f9f86157ca9675d383fff5cd6f2b001ec0136c07cf37f5ace1853122c2baa1092d418e2a490c4a5c8f56b828ce1bafeef4e77f095d6b4ed99d56f66812cb19be540ebe5d52e7eff2d69cbb8477e11514f7e3604bf9999f78c2f1ca6f60a2216b87fa0f25269c425b7d50709b200912b3b7899c95e12d6e9c4dacc19e327721860e0477a53e6793fbb7fb9704a848f395f48c24a6e79b9e1358cc3497251de88b8d3a7b22c6d8af1a7fab81530d9f0cc98f62debb222b54780d89794238532717b447d71b46a60ed481c21db85b590b31720009695ecffd4ef029964e5d5149622233ac013e960a005c924f73ea82c318455546c53d74aa3f7e2ff26aa074c40a55aba8b08027fc19b596eec6c4f89bae39e74b9aad88344f7cc5ad3eefa5095f2ab47222e9a357ecd71c6700ac576025201490d9e446603dfd4bda7617dd500981b2d2ab8c43882a5208494cb3f8ebc720bca8a7cf6c80bd7aaaf89507bb3412ea490a78973f12cc30413e9df1458917ea3d68b438d424c1314bc8d01939c5a5a842438281e62d0c800dee704b2a6cd3e1e4b885a6b26b894a98765fa3308c9e4b87f93625faecdb17c29a27cd243bf6030a67874ec9f2443cf8154261ac2a834c01cbe1f314ee7aa3ca552e1648cf8b42a63f249e3538026e09e44d69dc259adb0d1a0cbccb5a5dd5d0dccc90d023da79d5634188ff060f7e35a5f9d7ad99546824d63975d4452de876093f4e997dc46eedcd80a9eebf5e4f077fbb10c7d9e19a3419e7b845972a3b62613c5404a209b16fa88e0ff49d7b4f21fecc1f773c5b4be61021e0cab8602c6e8257649303aaeafcbb178e7a460ff07f219c46eb6fe5bf8113723e454003bd707767c107daf4255751daaf8decf35262640058924eb6587868b2c08230b317e97396ebc928ba8d274ca0eed0bfcb637676003c64e8c1e1a0420b6c96a44226061ced41b8448382abd2f3d0c472afcde231fbc9ee90c2f1132f8e2391246f95ad93354c7460e20de996ad0f61b13b27646887a637cede90b94b7d8c3130f0fe060e8d955c711a2700b302a75bdeb32a0a6802ea795cb114f5f82a1a381a86bbff88b299e47728b746dff964c94c52b661b9429376b1320b46081426b7c340206dc0da151bf84be2a49e78b6b5938753d2b1be8d9e67c43c5d70e72519f5f90d0500e84ee38f82b191ac4d968b0a37901fd923cb289d585693ac3c3f8a94fca6df45e694e199a9cd0b1bc1fa7394bcc96aae670dca6605a998793b7e067ac410ba631057b8b76fcbe9524df820c02efef1608b743cd2aa6d60d3d8e476fa12d3acc329f8272b087d89471177ed531fec1f9c24a975ca2fcd8c246a33e291a3f00b7f234052067a0059c86762475256bb5e7dac6f121a0925506b18933c6e314915d4b3b2130aafc2483ef22ff8bb7b887565b1bd22fabca22037d8fc9437f675c5313526266f60bb7c7c47f30c7d567ed142ea5ec367c4298328d20e5344f01c0c90cf8a6302f4d84b6ba7495fba314a05ba29b63bb6d458fdb05a4411136958309f418fb178e19aa09ff9e62b29732fb2986c96e738f7a688cb2122dbb8f2ad9a5f28bc49ec0c462413552afee8e403259b55ad6dc334dde7f2d306929dd01f2aa6036cafd41874522689301b81c9e50e86828894140356db0a3317b081ed9d8148c41e77e6bda6287762532b86eb91f5480915680deb8a91fb8656b7f0109064865d2b846af0861f67d3f720d6e306540cd7b68f095ef3690b88ea93fb6a402ff5697597cda83171f159e85307d1a8c01611189bd4eb4f0453ab88d43ae181a562a76902a67c687514079d6f4304d9a7c0fa24b6e86074ea0a9fd8187c120312078f5ebfa674adc0303734bf8f6b5585943706594192ad64c9f7d9794fb83758924f862855ddd50bff58b522c43d73c03289baec628cd693cab93101b1e473b76532510e10f03e86812fea6f2d6f5467dcf29e6d7cf8524f383a0ded3f0951c3ffb171a6b8a6d97b5fa8899a19f1a3d0e934a1d4741076e4394ba225158f697bf7d5651717c6950229a0be22e8120d76a414edbcd03d505264b7ede8272ccbd6dbdcebaf11daf6a652f6f9eb74ba7a3ecc942892891388005ae5d971e4e79d696564906dffd44845b704a9abc2fa5ba1bb69a548423a08044ad6d0e365db7e6bea0f3844a452759716cb98dcf326001ec90c1c343174098cdf47ea2e13341058ca014d2a30e9ba3c526de72a6e387181bf76a278c9cbc518d8c374a3f1d9802a39464a100903dbec16f8f095f5d82d9d09507281e4f7fe0ce4fbeced193902a5f658af2a4c1d0952dabdc6ae5830b6b5a2c3f5b8d33a73665990822e5f4a7ce5366755a1615543bdf78299c71e890e0bedb6ec277b10a389d6a3ba9c037221421279e51ab50fb115de2076cc99444202e88ebd9d0fbe4e60234b7b761495ac6c9e615ddac8176164a88fb6d6cc2b52672c8949afe3efc1e87a598896bc93e421423844fcaafe65af898a015b3bcaf623ebeef9a57155af5278ceb52b995f7ca466d9e18b05e86380679e0257cff6d0c6750078462f2ee4701d6d8289ed848b877cf5918625b7937060d667c11119881c30809056892352c6c53c01e395af6866ea350e6f21fa3db772c1177c759999973b51e11ffc590800", 0x2000, &(0x7f0000000c80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000580)={0x78, 0x0, 0x6, {0xfeffffffffffffff, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3966, 0x1, 0x8000, 0xfffffffc, r2, r3, 0x3, 0x4}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r4 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x80101, 0x101) write$tcp_congestion(r4, &(0x7f00000000c0)='lp\x00', 0xfffffdef) 5.424581586s ago: executing program 5 (id=826): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x40081}, 0x4000) recvmmsg(r0, &(0x7f0000002c00)=[{{0x0, 0x0, 0x0}, 0x1ff001}, {{0x0, 0x0, 0x0}, 0x1}, {{0x0, 0x0, 0x0}, 0x6393}, {{0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000800)=""/202, 0xca}, {&(0x7f00000002c0)=""/230, 0xe6}, {&(0x7f0000003e00)=""/4111, 0x100f}], 0x3}, 0x8101}, {{0x0, 0x0, 0x0}, 0x40}, {{0x0, 0x0, 0x0}, 0x9}, {{0x0, 0x0, &(0x7f0000000ac0)=[{&(0x7f0000000580)=""/152, 0x98}, {&(0x7f0000000b80)=""/231, 0xe7}, {&(0x7f0000001a00)=""/4096, 0x1000}, {&(0x7f0000002e00)=""/4087, 0xff7}, {&(0x7f0000000440)=""/117, 0x75}, {&(0x7f0000000240)=""/100, 0x64}, {&(0x7f0000000080)=""/118, 0x76}, {&(0x7f0000000100)=""/12, 0xc}, {&(0x7f0000000a00)=""/166, 0xa6}], 0x9}, 0x4db}, {{0x0, 0x0, 0x0}, 0x8}], 0x8, 0x40010020, 0x0) 5.221415136s ago: executing program 5 (id=827): syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x1000421, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x10, 0x0, &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r3}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x18) ioctl$USBDEVFS_CLEAR_HALT(0xffffffffffffffff, 0x80045515, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, 0x0, 0x0) r4 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r4, &(0x7f0000000000), 0x10) setsockopt$CAN_RAW_ERR_FILTER(r4, 0x65, 0x2, &(0x7f0000000300)=0x1, 0x4) dup3(0xffffffffffffffff, r4, 0x0) r5 = socket(0x10, 0x3, 0x0) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r5, 0x89f3, &(0x7f0000000500)={'gre0\x00', &(0x7f0000000280)={'tunl0\x00', 0x0, 0x710, 0x1100, 0x1, 0x0, {{0x5, 0x4, 0x0, 0x1, 0x14, 0x0, 0x0, 0x5, 0x2f, 0x0, @empty, @private}}}}) 5.187684839s ago: executing program 2 (id=828): write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000cc0)={'syz1\x00', {0xfff9, 0x2, 0x240, 0x9b99}, 0x9, [0x6, 0x8, 0x5, 0x9, 0x8, 0x155f, 0x6, 0x5, 0x25cd, 0x1, 0xa4, 0x6, 0xa2b9, 0x6, 0x7, 0xe4, 0x9, 0xfc000000, 0x3, 0xbbf, 0x4a732f64, 0x8, 0x9, 0xd, 0x2, 0x12a3, 0x6, 0x1, 0x2, 0x4, 0x7, 0x81, 0x8a, 0x79, 0x2, 0x4, 0x0, 0x91, 0x4, 0x4, 0x7, 0x2, 0x5, 0x400, 0x7fff, 0x5, 0xa7, 0x81, 0x9, 0xf9a2, 0x80000001, 0xff, 0x0, 0x2, 0x2, 0x3, 0x7, 0x1, 0x7ff, 0x4, 0x4007f, 0xffffffff, 0x6, 0x6], [0x9, 0x3, 0x6, 0x5f, 0x4, 0xc66, 0xa8a9, 0x73, 0x8e, 0x10001, 0x7, 0x5, 0x2, 0x9, 0x4, 0x5, 0x1000, 0x0, 0x200b398, 0x400000, 0x0, 0x2, 0x1c, 0x7, 0x1, 0x2, 0x54f5bad8, 0x8, 0xfffffffd, 0x400, 0xffff58b9, 0x4c2336d3, 0x4, 0x0, 0xfffffff8, 0x401, 0x46, 0xf1, 0x4, 0xab00000, 0x5, 0x6, 0x2, 0x5, 0x3ff, 0x1ff, 0x1, 0x7fff, 0x762, 0x1cb, 0x1, 0x4, 0x6, 0x438, 0x2, 0x9, 0x95, 0x8000, 0x5, 0xfffffff9, 0x200004, 0x1000, 0xfffff801, 0x5], [0x2, 0x1, 0xffff, 0x3, 0x2, 0x2e6bf783, 0x80000001, 0xb, 0x5, 0x491, 0x8d3, 0x6, 0x8, 0x3ff, 0x2, 0x400, 0x40, 0x6, 0xee4b, 0x7, 0x5, 0x0, 0x5, 0x9, 0x0, 0x3, 0x9, 0x3, 0xc7, 0xfff, 0x100006, 0x8000, 0x400, 0x3e55, 0xff, 0xd3, 0x7, 0x3435, 0x3, 0x9, 0xfd, 0x401, 0x101, 0xdd80, 0x60a2, 0x17fc, 0x9d26, 0x5, 0x8, 0x2, 0x2, 0x6, 0x8000, 0xf45, 0x3, 0xd500, 0x8, 0x77, 0x9, 0xfffffffc, 0x10000, 0x1, 0x8, 0x1], [0xa772, 0x1, 0x5, 0x1afa, 0xbfc, 0x8, 0x7c81, 0x7f, 0x56, 0x40, 0xff, 0x5, 0x7fffffff, 0x7, 0xe, 0x9, 0x81, 0x3, 0x9d86, 0xd, 0xfffffff7, 0x8, 0x40f1, 0x2, 0x3, 0x6, 0x80000001, 0x7777, 0x1, 0x2, 0x100, 0xd8ce, 0x7fffffff, 0x624dfaee, 0xc, 0x7f, 0x1000, 0x1ff, 0x2000005, 0xffffffff, 0x10000, 0x0, 0x8001, 0x7fff, 0x1000, 0x6, 0xf, 0xe, 0x5337, 0x26d, 0x6, 0xfffffff9, 0x4, 0xfffffff9, 0x9, 0x4, 0x463f, 0x4, 0xdab, 0x1, 0x8, 0x13ffd, 0x1, 0x1b18]}, 0x45c) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, 0x0) ioctl$KVM_SET_IRQCHIP(r2, 0x8208ae63, &(0x7f0000000880)={0x0, 0x0, @pic={0x2a, 0xc0, 0x7, 0x6, 0xfb, 0x2, 0xf, 0x4, 0x3, 0x0, 0x3, 0x58, 0x9e, 0x6, 0x6, 0x7f}}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xfff, 0x0, 0x180, 0x4, 0x14, 0xf1, 0x0, 0x7fffffffffffe, 0x5, 0x5, 0x6, 0x0, 0x45, 0x4, 0xbdb], 0x1, 0x1c4213}) execve(0x0, &(0x7f0000000400)={[&(0x7f0000000140)='syz1\x00']}, &(0x7f0000000600)={[&(0x7f0000000440)='syz1\x00', &(0x7f0000000480)='syz1\x00', &(0x7f0000000640)='/dev/k\x00\x00\x00\x00\x00\x00\x00\x00L\xbf\xd2\xd9\x8c[Q\xe1\xcc', &(0x7f0000000500)='\x00', &(0x7f0000000540)='/d/\xb8&\xdc\x9cB\xb4']}) ioctl$KVM_RUN(r3, 0xae80, 0x0) r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r5 = dup(r4) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil}) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f00000000c0)="c20000361e0f01c3660fd2eff30f10f1b961020000b80e000000ba000000000f30b98d0200000f320b99f3530000660f6af7c4e2f91d20", 0x37}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r4, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) 4.501259087s ago: executing program 4 (id=829): r0 = socket$nl_route(0x10, 0x3, 0x0) openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) r1 = socket(0x10, 0x3, 0x6) r2 = socket(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newqdisc={0x88, 0x24, 0xf0b, 0x70bd26, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0xffff}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0x2, [], 0x0, [0x4, 0x2, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c4, 0x0, 0x800, 0x0, 0x3dc], [0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000]}}}}]}, 0x88}}, 0x20000000) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000003c0)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x10000, {0x0, 0x0, 0x0, r3, {0x0, 0xfff2}, {0x1, 0xffff}, {0x2, 0x3}}, [@qdisc_kind_options=@q_pfifo_fast={0xf}]}, 0x34}, 0x1, 0x0, 0x0, 0x8041}, 0x800) 4.389409018s ago: executing program 4 (id=830): socket$inet6_udp(0xa, 0x2, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000080)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x404, &(0x7f0000000400)={[{@errors_remount}, {@resuid}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x68}}, {@barrier}, {@grpjquota}, {@quota}]}, 0x1, 0x42f, &(0x7f0000000940)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+Ninib4qjQ4bXO/hkpdLh6rrrQF066etiQ9iUUq2bRn+1/w9EKVZP3kC8+mlXGwdsq0qlUnmg/eGlCvA/lkS3WwB0R/FFn81/i22Hhh53hRsv1SZAWdy38q12pC/SvEx/0/y2k4Yj4szSP19lW2zPfQgAgAbfZ+OfZ1uN/9Kovy90b76GMhgR90XEwYg4FRGHIuL+iGrZByPioU3W37xIsnb8k17fUmAblI3/XszXthrHf8XoLwZLee5ANf7+5OxseeZ4/p6MRP/uLD++Th0/vPLbF+2O1Y//si2rvxgL5u243re78TXTkwuTdxJzvRufRAz1tYo/WVkJSCLicEQMbbGO2ae/Odru2O3jX0cH1pkqX0c8VTv/S9EUfyFZf31y7J4ozxwfK66KtX759eqb7eq/o/g7IDv/e1te/yvxDyb167Xzm6/j6h+ft53TbPX635W83bDvw8mFhUvjEbuS12uNrt8/0VRuYrV8Fv/Isdb9/2CsvhNHIiK7iB+OiEci4tG87Y9FxOMRcWyd+H96+Yn3th7/9srin97U+V9N7IrmPa0TpfM/ftdQ6eBm4s/O/8lqaiTfs5HPv420a2tXMwAAAPz3pBGxP5J0dCWdpqOjtd/wH4q9aXlufuGZs3MfXJyuPSMwGP1pcadroO5+6Hg+rS/yE035E/l94y9Le6r50am58nS3g4cet69N/8/8Wep264Bt53kt6F36P/Qu/R96l/4PvatF/9/TjXYAO6/V9//HXWgHsPOa+r9lP+gh5v/Qu/R/6F36P/Sk+T1x+4fkJSTWJCK9K5ohsU2Jbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMa/AQAA//9QOObV") r0 = creat(&(0x7f0000000240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x192) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(0xffffffffffffffff, 0xc0505350, 0x0) r2 = socket(0xa, 0x1, 0x0) setsockopt$inet6_MCAST_MSFILTER(r2, 0x29, 0x30, &(0x7f0000001a00)=ANY=[], 0x610) write$cgroup_type(r0, &(0x7f0000000200), 0x175d9003) syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000140)='./file2\x00', 0x0, &(0x7f0000000500)=ANY=[@ANYRES16=0x0, @ANYRES8, @ANYRES8=0x0, @ANYBLOB="b71fe84fda50cf6fbefac5a5891d03a05027c0e6658ea94f09636160112a47b688552b72051bf0111daffbe0adef82589ee2fac726c31d20f98aa1f9761873cd604dab0d22b4b321f4c20044c5a8e018b51e52342814e4c33a7f4807781862b524b303c604203d95ef2faa04cfd7ddc4f2edca0adeae0088a8e16969e9000a6a9d85bf9d4ee333cf03763ad6506f66797f154f0923a63f106d908d1cf2a884e57ab63950b9883c40449a94847df80ca39e9394f8de077bfd7f0c81e773158bd33c339a0f92997d172adcde0c53c97cce8a0f42c862a0c88c9a25ccf6799b85dadc245f608d6cb5ded47e4a20ad821132952cc1884e1473794144bbd01594b306a04fc39f13202b4447f8bbccc51a6c4b555b46a2df7f0fe979ef6c31ef8c81a81c26e71f96ea1d8ed245277259bdf970db1f41c75d8384b6b23cf44e9b04527874daf6c34e4deda0da670addd7c8f5eab4410908517c88940d", @ANYRES16], 0xfe, 0x1518, &(0x7f00000022c0)="$eJzs3AuYjtX6MPB1r7UehqS3SQ7Dutf98KbBMkmSQ0IOSZIkSU4JSZMkCYkhp6QhCTlOmhyGkBymMWmcz4eckyZbmiQJySlZ38Vub7uv/W/v/7f39/e/9ty/61rXrPt93nu99zP3XPOu55lr3u96jqrXon7tZkQk/iXw5y9JQogYIcQwIcR1QohACFEptlLspeP5FCT9ay/C/r0eTrvaFbCrifufu3H/czfuf+7G/c/duP+5G/c/d+P+527cf8Zys22zi13PI/cOvv+fm/H7/3+QnPKTv9pQ/sZe/40U7n/uxv3P3bj/uRv3P3fj/udu3P//fLX+4Bj3P3fj/jOWm/31XvAF7/3/gvvRPP5nx9X++WOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxljuc9VdoIcRf5le7LsYYY4wxxhhjjP37+LxXuwLGGGOMMcYYY4z9/wdCCiW0CEQekVfEiHwiv7hGFBDXioLiOhER14tYcYMoJG4UhUURUVQUE3GiuCghjEBhBYlQlBSlRFTcJEqLm0W8KCPKinLCifIiQdwiKohbRUVxm6gkbheVxR2iiqgqqonq4k5RQ9wlaopaora4W9QRdUU9UV/cIxqIe0VDcZ9oJO4XjcUDool4UDQVD4lm4mHRXDwiWohHRUvxmGglWos2oq1o9/+U/5LoK14W/UR/kSQGiIHiFTFIDBZDxFAxTLwqhovXxAjxukgWI8Uo8YYYLd4UY8RbYqwYJ8aLt8UEMVFMEpPFFDFVpIh3xDTxrkgV74npYoaYKWaJNDFbzBHvi7linpgvPhALxIdioVgkFoslIl18JDLEUpEpPhbLxCciSywXK8RKsUqsFmvEWrFOrBcbxEaxSWwWW8RWsU18KraLHWKn2CV2iz1ir/hM7BOfi/3iC5Etvvxv5p/5v/J7gQABEiRo0JAH8kAMxEB+yA8FoAAUhIIQgQjEQiwUgkJQGApDUSgKcRAHJaAEICAQEJSEkhCFKJSG0hAP8VAWyoIDBwmQABXgVqgIFaESVILKUBmqQFWoCtWhOtSAGlATakJtqA11oA7Ug3pwD9wD90JDaAiNoBE0hsbQBJpAU2gKzaAZNIfm0AJaQEtoCa2gFbSBNtAO2kF7aA8doAN0gk7QGTpDF+gCiZAIXaErdINu0B26Qw/oAT2hJ/SC3tAbXoKX4GV4GfpDHTkABsJAGASDYAgMhaHwKgyH1+A1eB2SYSSMgjfgDXgTxsBpGAvjYDyMhxpyIkyCyUByKqRACkyDaZAKqTAdZsAMmAVpMBvmwByYC/NgHnwAC+BD+BAWwSJYAumQDhmwFDIhE5bBGciC5bACVsIqWA2rYC2sg7WwATbCBtgMm2ErbIVP4VPYATtgF+yCPbAHPoPP4HP4HJIhG7LhAByAg3AQDsEhyIEcOAyH4QgcgaNwFI7BMTgOJ+AknIBTcApOwxk4C2fhPJyHC/BC3DfN95RZnyzkJVpqmUfmkTEyRuaX+WUBWUAWlAVlREZkrIyVhWQhWVgWlkVlURkn42QJWUKiREkylCVlSRmVUVlalpbxMl6WlWWlk04myARZQVaQFWVFWUneLivLO2QVWVV2dNVldVlDdnI1ZS1ZW9aWdWRdWU/Wl/VlA9lANpQNZSPZSDaWjWUT+aBsKgfAEHhYXupMCzkSWspR0Eq2lm1kW/kmPC7byzHQQXaUneSTchyMhS6yvUuUz8iuchJ0k8/JyfC87CGnQk/5ouwle8s+8iXZV3Zw/WR/OR0GyIFyFgySg+UQOVTOhbryUsfqyddlshwpR8k35BJ4U46Rb8mxcpwcL9+WE+REOUlOllPkVJki35HT5LsyVb4np8sZcqacJdPkbDlHvi/nynlyvvxALpAfyoVykVwsl8h0+ZHMkEtlpvxYLpOfyCy5XK6QK+UquVqukWvlOrlebpAb5Sa5WW6RW+U2+ancLnfInXKX3C33yL3yM7lPfi73yy9ktvxSHpB/kgflV/KQ/FrmyG/kYfmtPCK/k0fl9/KY/EEelyfkSfmjPCV/kqflGXlWnpPn5c/ygvxFXpReCgVKKqW0ClQelVfFqHwqv7pGFVDXqoLqOhVR16tYdYMqpG5UhVURVVQVU3GquCqhjEJlFalQlVSlVFTdpEqrm1W8KqPKqnLKqfIqQd2iKqhbVUV1m6qkbleV1R2qiqqqqqnq6k5VQ92laqpaqra6W9VRdVU9VV/doxqoe1VDdZ9qpO5XjdUDqol6UDVVD6lm6mHVXD2iWqhHVUv1mGqlWqs2qq1qpx5X7dUTqoPqqDqpJ1Vn9ZTqop5WieoZ1VU9q7qp51R39bzqoV5QPdWLqpfqrfqoX9RF5VU/1V8lqQFqoHpFDVKD1RA1VA1Tr6rh6jU1Qr2uktVINUq9oUarN9UY9ZYaq8ap8eptNUFNVJPUZDVFTVUp6h01Tb2rUtV7arqaoWaqWSpNzVZDfl1p/j+R/+7fyR9x+dW3qm3qU7Vd7VA71S61W+1Re9VetU/tU/vVfpWtstUBdUAdVAfVIXVI5agcdVgdVkfUEXVUHVXH1DF1XJ1Q59SP6pT6SZ1WZ9QZdU6dV+fVhV+/B0KDllpprQOdR+fVMTqfzq+v0QX0tbqgvk5H9PU6Vt+gC+kbdWFdRBfVxXScLq5LaKNRW0061CV1KR3VN+nS+mYdr8vosrqcdrq8TtC3/Mv5/6i+drqdbq/b6w66g+6kO+nOurPuorvoRJ2ou+quupvuprvr7rqH7qF76p66l+6l++g+uq/uq/vpfjpJJ+mB+hU9SA/WQ/RQPUy/qofr4XqEHqGTdbIepUfp0Xq0HqPH6LF6rB6vx+sJeoKepCfpKXqKTtEpepqeplN1qp6up+uZeqZO02l6jp6j5+q5er6erxfoBXqhXqgX68U6XafrDJ2hM3WmXqaX6Sy9XC/XK/VKvVqv1mv1Wr1er9cb9Ua9WW/WWXqb3qa36+16p96pd+vdeq/eq/fpfXq/3q+zdbY+oA/og/qgPqQP6Rydow/rw/qIPqKP6qP6mD6mj+vj+qQ+qU/pU/q0Pq3P6rP6vD6vL+gL+qK+eGnbF8hABjrQQZ4gTxATxAT5g/xBgaBAUDAoGESCSBAbxAaFghuDwkGRoGhQLIgLigclAhNgYAMKwqBkUCqIBjcFpYObg/igTFA2KBe4oHyQENwSVAhuDSoGtwWVgtuDysEdQZWgalAtqB7cGdQI7gpqBrWC2sHdQZ2g7l/+DhXcGzQM7gsaBfcHjYMHgibBg0HT4KGgWfBw0Dx4JGgRPBq0DB4LWgWtgzZB26DdP7t+UC+oH9wTNPjD9b0/XeQJ18/0N0lmgBloXjGDzGAzxAw1w8yrZrh5zYwwr5tkM9KMMm+Y0eZNM8a8ZcaacWa8edtMMBPNJDPZTDFTTYp5x0wz75pU856ZbmaYmWaWSTOzzRzzvplr5pn55gOzwHxoFppFZrFZYtLNRybDLDWZ5mOzzHxissxys8KsNKvMarPGrDXrzHqzwWw0m8xms8VsNdvMp2a72WF2ml1mt9lj9prPzD7zudlvvjDZ5ktzwPzJHDRfmUPma5NjvjGHzbfmiPnOHDXfm2PmB3PcnDAnzY/mlPnJnDZnzFlzzpw3P5sL5hdz0fhLm/tLb++oUWMezIMxGIP5MT8WwAJYEAtiBCMYi7FYCAthYSyMRbEoxmEclsASeAkhYUksiVGMYmksjfEYj2WxLDp0mIAJWAErYEWsiJWwElbGylgFq2A1rIZ34p14F96FtbAW3o13Y12si/WxPjbABtgQG2IjbISNsTE2wSbYFJtiM2yGzbE5tsAW2BJbYitshW2wDbbDdtge22MH7ICdsBN2xs7YBbtgIiZiV+yK3bAbdsfu2AN7YE/sib2wF/bBPtgX+2K/c/0wCZNwIA7EQTgIh+AQHIbDcDgOxxE4ApMxGUfhKByNo3EMjsGxOA7H49s4ASfiJJyMU3AqpmAKTsNpmIqpOB2n40yciWmYhnNwDs7FuTgf5+MCXIALcSEuxsWYjumYgRmYiZm4DJdhFmbhClyBq3AVrsE1uA7X4QbcgJtwE27BLbgNt+F23I47cSfuxt24F/fiPtyH+3E/ZmM2HsADeBAP4iE8hDmYg4fxMB7BI3gUj+IxPIbH8TiexJN4Ck/haTyNZ/Esnsef8QL+ghfRY4yVIr+9xhaw19qC9jobY/PZv42L2mI2zha3JayxhW2R38RorY23ZWxZW846W94m2Ft+F1exVW01W93eaWvYu2zN38UN7L22ob3PNrL32/r2nt/Eje0Dtol91Da1j9lmtrVtbtvaFvZR29I+ZlvZ1raNbWs726dsF/u0TbTP2K722d/FGXapXWfX2w12o91nP7dn7Tl7xH5nz9ufbT/b3w6zr9rh9jU7wr5ukxuN/G1sR9rx9m07wU60k+xkO8VO/V08086yaXa2nWPft3PtvN/F6fYju8Bm2oV2kV1sl1yOL9WUaT+2y+wnNssutyvsSrvKrrZr7Nq/1rrSbrZb7Fa7135mt9sddqfdZXfbPZfjS+ex335hs+2X9rD91h60X9lD9qjNsd9cji+d31H7vT1mf7DH7Ql70v5oT9mf7Gl75vL5Xzr3H+0v9qL1VhCQJEWaAspDeSmG8lF+uoYK0LVUkK6jCF1PsXQDFaIbqTAVoaJUjOKoOJUgQ0iWiEIqSaUoSjdRabqZ4qkMlaVy5Kg8JdAtVIFupYp0G1Wi26ky3UFVqCpVo+p0J9Wgu6gm1aLadDfVobpUj+rTPdSA7qWGdB81ovupMT1ATehBakoPUTN6mJrTI9SCHqWW9Bi1otbUhtpSO3qc2tMT1IE6Uid6kjrTU9SFnqZEeoa60rPUjZ6j7vQ89aAXqCe9SL2oN/Whl6gvvUz9qD8l0QAaSK/QIBpMQ2goDaNXaTi9RiPodUqmkTSK3qDR9CaNobdoLI2j8fQ2TaCJNIkm0xSaSin0Dk2jdymV3qPpNINm0ixKo9k0h96nuTSP5tMHtIA+pIW0iBbTEkqnjyiDllImfUzL6BPKouW0glbSKlpNa2gtraP1tIE20ibaTFtoK22jT2k77aCdtIt20x7aS5/RPvqc9tMXlE1f0gH6Ex2kr+gQfU059A0dpm/pCH1HR+l7OkY/0HE6QSfpRzpFP9FpOkNn6Rydp5/pAv1CF8mTCCGUoQp1GIR5wrxhTJgvzB9eExYIrw0LhteFkfD6MDa8ISwU3hgWDouERcNiYVxYPCwRmhBDG1IYhiXDUmE0vCksHd4cxodlwrJhudCF5cOE8JawQnhrWDG8LawU3h5WDu8Iq4RVw0fvrx7eGdYI7wprhrXC2uHdYZ2wblgvrB/eEzYI7w0bhveFjcL7w4rhA2GT8MGwafhQ2Cx8OGwePhK2CB8NW4aPha3C1mGbsG3YLnw8bB8+EXYIO4adwifDzuFTYZfw6TAxfCbsGj77D48nhQPCgeEr4Suh9/epxdEl0fToR9GM6NJoZvTj6LLoJ9Gs6PLoiujK6Kro6uia6Nrouuj66Iboxuim6ObolujWqPf18woHTjrltAtcHpfXxbh8Lr+7xhVw17qC7joXcde7WHeDK+RudIVdEVfUFXNxrrgr4YxDZx250JV0pVzU3eRKu5tdvCvjyrpyzrnyLsG1de1cO9fePeE6uI6uk3vSPemeck+5p93T7hnX1T3rurnnXHf3vOvhXnAvuBddL9fb9XEvub7uZdfP9XdJLskNdAPdIDfIDXFD8vy6B3Mj3AiX7JLdKDfKjXaj3Rg3xo11Y914N95NcBPcJDfJTXFTXIpLcdPcNJfqUt10N93NdDNdmktzc9wcN9fNdfPdfLcgfoFb6Ba6xW6xS3fpLsNluEyX6Za5ZS7LZbkVboVb5Va5NW6NW+fWuQ1ug9vkNrktbovb5ra57W672+l2ut1ut9vr9rp9bp/b7/a7bJftDrgD7qA76A65r12O+8Yddt+6I+47d9R97465H9xxd8KddD+6U+4nd9qdcWfdOXfe/ewuuF/cReddSuSdyLTIu5HUyHuR6ZEZkZmRWZG0yOzInMj7kbmReZH5kQ8iCyIfRhZGFkUWR5ZE0iMfRTIiSyOZkY8jyyKfRLIiyyMrIisjqyKrI94X3x76kr6Uj/qbfGl/s4/3ZXxZX847X94n+Ft8BX+rr+hv85X87b6yv8NX8VV9Nf+Yb+Vb+za+rW/nH/ft/RO+g+/oO/knfWf/lO/in/aJ/hnf1T/ru/nnfHf/vO/hX/A9/Yu+l+/t+/iXfF//su/n+/skP8AP9K/4QX6wH+KH+mH+VT/cv+ZH+Nd9sh/pR/k3/Gj/ph/j3/Jj/Tg/3r/tJ/iJfpKf7Kf4qT7Fv+On+Xd9qn/PT/cz/Ew/y6f52X6Of9/P9fP8fP+BX+A/9Av9Ir/YL/Hp/iOf4Zf6TP+xX+Y/8Vl+uV/hV/pVfrVf49f6dX693+A3+k1+s9/it/pt/lO/3e/wO/0uv9vv8Xv9Z36f/9zv91/4bP+lP+D/5A/6r/wh/7XP8d/4w/5bf8R/54/67/0x/4M/7k/4k/5Hf8r/5E/7M/6sP+fP+5/9Bf+Lv8j/s8YYY4wx9k9JPfTHxwf8ncfkr+OSgUKIa3cUy/nb41oIsanwn+eDZVzniBDimf49H/7LqFMnKSnp1+dmKRGUWiSEiFzJv3wZ8mu8XHQST4lE0VFU+Lv1DZa9z9MfrA/HvY/eLkT+v8mJEVfiK+vf+l+s//iT4zMqh2djf7v+hV/3m5fqjy4SIr7UlZx84kp8Zf2K/8X6Rdr/Uf1ZSuT7KkWIDn+TU0Bcia+snyCeEM+KxN88kzHGGGOMMcYY+7PBslr3f3D9efn6PE5fDi8/nFf8Nf6H1+eMMcYYY4wxxhi7+p7v3efpxxMTO3bnCU94wpO/Tq72bybGGGOMMcbYv9uVTf/VroQxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGMu9/ic+TuxqnyNjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDF2tf2fAAAA///9QkNA") mkdir(&(0x7f00000000c0)='./bus\x00', 0x0) rename(&(0x7f0000000000)='./bus/file0\x00', 0x0) 4.281453828s ago: executing program 3 (id=831): prlimit64(0x0, 0xe, &(0x7f0000000700)={0x8, 0x200000000000008c}, 0x0) sendmsg$TIPC_NL_PUBL_GET(0xffffffffffffffff, 0x0, 0x80) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) iopl(0x3) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={0x0, 0xffffffffffffffff, 0x0, 0x6}, 0x18) r3 = syz_open_dev$sndpcmc(&(0x7f0000000480), 0x1, 0x0) ioctl$SNDRV_PCM_IOCTL_HW_REFINE_OLD(r3, 0xc1004110, &(0x7f0000000000)={0x8, [0x6, 0x7fffffff, 0x3], [{0x3, 0xffffffff, 0x0, 0x1}, {0x35, 0x35}, {0x0, 0x100000c}, {0xffffffff}, {0x0, 0xb76}, {0x3, 0x200}, {0x0, 0xfffffffd}, {0x3, 0x10000}, {0x0, 0x82}, {0x1000000, 0x6}, {0x1, 0xffffffff}, {0x4, 0x8}], 0xe}) 4.179988188s ago: executing program 5 (id=832): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000820004000000000000000c00850000000f00000095"], &(0x7f00000001c0)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r3) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r3, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c) listen(r4, 0x0) r5 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r5, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) r6 = accept(r3, 0x0, 0x0) sendmsg$TEAM_CMD_OPTIONS_SET(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={0x0, 0xfffffdef}}, 0x1) 4.170549429s ago: executing program 2 (id=833): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x22) rmdir(&(0x7f0000000080)='./cgroup/../file0\x00') r3 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_SET_BINARY(r3, 0x6, 0x0, 0x0, 0x0) r4 = fsmount(r3, 0x0, 0xc) r5 = openat$cgroup_subtree(r4, &(0x7f0000000100), 0x2, 0x0) write$cgroup_subtree(r5, &(0x7f0000000980)={[{0x2d, 'pids'}]}, 0x1f) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x0) 3.333365932s ago: executing program 3 (id=834): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00'}, 0x18) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x0, 0x0) openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0xc2d41, 0x0) 3.289501106s ago: executing program 2 (id=835): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) r0 = getpid() r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) bind$llc(0xffffffffffffffff, 0x0, 0x0) listen(0xffffffffffffffff, 0x31a4) listen(0xffffffffffffffff, 0x2) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000200)=@framed={{0x18, 0x0, 0x0, 0x0, 0x20000}}, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x6a, '\x00', 0x0, 0x2}, 0x94) syz_open_dev$cec(&(0x7f0000000000), 0x0, 0xc8c01) 3.166763448s ago: executing program 5 (id=836): sendmsg(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[], 0x208}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[], 0x208}, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000a40)) recvmmsg(0xffffffffffffffff, &(0x7f0000001f40)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000a80)=""/4096, 0x1000}}], 0x1, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x10000, &(0x7f0000000140)={[{@nobh}, {@auto_da_alloc}, {@data_err_ignore}, {@nojournal_checksum}, {@dioread_nolock}, {@minixdf}]}, 0x6, 0x4dd, &(0x7f0000001180)="$eJzs3M9vFFUcAPDvbLu0gGhFREGUAhobE1soKBy8YGLiQRMjHuTYtJUABQztQQiRkhg8k3g3XkyMN/0D9Gg8+QfgwYOJISGGC+BpzezOtNvd2e0u/UXZzyfZ9r2ZN/Pem5k3+/a9nQ2gZw2nf5KIpyLidgzEM7Xo0gTDtX8P7l2bfHjv2mTMVyqn/k2q6e6n8Uy+3fYsMlKKKH2VNOywZvbK1fMTMzPTl7P42NyFz8dmr1x98+yFiTPTZ6Yvjp84cezokeNvj7/VfaUK8kvrdX/vl5f27Xn/9K0PJ/vz5YPZ//p6tNTfXTGG26x7rbtdPfZ21IWT5uN0fV0LQ8cGs8u6nLb/azMHT290gYB1U6lUKgOtV89XGt1oWgJsWklsdAmAjZG/0aeff/PXOnU9Hgt3T9Y+AKX1fpC9amv6o5SlKTd8vl1NwxHx6fx/36avaDcO8dcaFQAA6Dm/nsx7gmnfb7Cu/1GK3XXpns7mUIYi4tmI2BkRz0XEroh4PqKa9oWIeLExgySi0ib/XQ3xxfx/zmYRSndWXMk20v7fO9nc1tL+X977i6G+LLYjIu8wTx/OjslIlAc+OzszfaTF/rcsk399/y99pfnnfcGsHHf6GwbopibmJh6tts3u3ojY299Y/6Q/PXH5NE4SEXsiYm8X+x2qC59944d9C5Hy0nTL17+qUjCl1/V8XJHKdxGv187/fCw5/4s5Ju3nJ8cGY2b68Fh6FRwuzOP3P25+VLR8R9v65/n/3bjZe8d/ObXyimfS87+t7vqPfP52sf5DSUSyMF87G1Hp6y6Pm39+Xd3v8KHmdY96/W9JPqmG8/b1xcTc3OUjEVuSD5qXjy9um8fz9Gn9Rw4Vt/+d2TbpkXgpItKL+OWIeCUi9mdlPxARByOioGoLfnv31XOt1nV4/a+ZtP5Thfe/Jed/cb6+w0C+cbqk7/yB2w9b3Dw6O//HqqGRbEnx/S9ZcovotKQrO3oAAACwOZSi+t3/0uhCuFQaHa2NAe2KbaWZS7Nz+yPi4lTtGYGhKJfyka7aeHA5ycc/h+ri4w3xo9m48Td9W6vx0clLM1MbXXnocdurbT5pav+pf7oc5wU2oVWYRwM2qeXa/+5b61QQYN15/4feVdf+51skmfdNGXgyef+H3lXU/q/Hj22fXXDPgM2voi1DT9P+oXf1x8cL4epjz4VP2wJPIu//0JO6fa6/u0BloHjVYBT8YsDg2hRja0FeXQTODazWgUp7VqtYr3JEdJZ466NkkXcBW//CQ6m7HQ5E86q+aLdV0sXvOOSB9Kgsm/jM7hWc0/nvaxsvXZX/JspqX70/LbbTcoene5UC63wjAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAWCP/BwAA//8Nsc+t") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040), 0x208e24b) 2.769919827s ago: executing program 2 (id=837): socket$netlink(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) sendmsg$BATADV_CMD_GET_MESH(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0, 0x32}}, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000ac0)=@base={0x6, 0x4, 0x1010, 0x89}, 0x50) r5 = syz_open_procfs(0x0, &(0x7f0000000080)='smaps\x00') preadv(r5, &(0x7f00000000c0)=[{&(0x7f0000000640)=""/4112, 0x1010}], 0x1, 0x4000, 0x0) syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) r6 = syz_open_dev$dri(&(0x7f0000000080), 0x40100001, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r6, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r5, 0xc02064b9, &(0x7f00000002c0)={&(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000280)=[0x0, 0x0, 0x0, 0x0], 0x5, 0x0, 0xe0e0e0e0}) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000180)=ANY=[@ANYBLOB="68000000100039042cbd7000eaffffff000003e4", @ANYRES32=r1, @ANYBLOB="83000400000000004800128008000100736974003c000280050009002900000019"], 0x68}, 0x1, 0x0, 0x0, 0x8000}, 0x4040) 2.03081211s ago: executing program 3 (id=838): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000001400), 0x2, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='status\x00') preadv(r1, &(0x7f0000000080)=[{&(0x7f0000000040)=""/46, 0x2e}], 0x1, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000080)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x2, @empty, 0xa098}, {0xa, 0x2, 0xfffffffe, @dev={0xfe, 0x80, '\x00', 0x1c}}, r2, 0x40099d}}, 0x48) writev(r0, &(0x7f0000000040)=[{&(0x7f0000000100), 0x86}], 0x2) 2.005637183s ago: executing program 1 (id=839): bpf$MAP_CREATE(0x0, 0x0, 0x48) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x3}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socket$inet6_udplite(0xa, 0x2, 0x88) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/consoles\x00', 0x0, 0x0) read$FUSE(r3, &(0x7f0000000080)={0x2020}, 0x2020) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_ADD_COUNTERS(r4, 0x29, 0x41, &(0x7f00000020c0)={'mangle\x00', 0x2, [{}, {}]}, 0x48) 1.905553372s ago: executing program 3 (id=840): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001c00)=@base={0xb, 0x5, 0x7, 0x9, 0x1}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b708000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r0, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) openat$vcsa(0xffffffffffffff9c, 0x0, 0x842, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0) sendmsg$NFNL_MSG_CTHELPER_DEL(0xffffffffffffffff, 0x0, 0x40000) syz_open_dev$ttys(0xc, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) gettid() close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) bind$unix(r2, 0x0, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/cpuinfo\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x20000023896) r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$TCSETSW(r5, 0x5403, &(0x7f00000000c0)={0x5, 0xc, 0x3d, 0x7fff, 0x14, "71feaf33432ed6fe90107884be157e88b3e578"}) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002000)='devtmpfs\x00', 0x0, &(0x7f0000002040)='dirsync') 1.447319187s ago: executing program 4 (id=841): syz_usb_connect(0x0, 0x35, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0xca, 0x9b, 0xd4, 0x10, 0x1199, 0xb000, 0xa898, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x30, 0x2, 0x0, 0x17, 0xb5, 0x1b}}]}}]}}, 0x0) syz_usb_connect$uac1(0x2, 0x71, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010102000000406b1d010140000102030109025f0003010920a50904000000010100000a2401"], 0x0) sendmsg$DEVLINK_CMD_SB_POOL_GET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x14, 0x0, 0x1, 0x0, 0x25dfdbfc, {0x53}}, 0x14}}, 0x0) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043ef50d"], 0xf8) 1.260623716s ago: executing program 3 (id=842): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x102, 0x0) close(r1) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0xb}, {0xffff, 0xffff}, {0x0, 0xfff3}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x28, 0x2, {{0x100, 0x7, 0x6361, 0x5, 0xffffffed, 0x6}, [@TCA_NETEM_LATENCY64={0xc, 0xa, 0x6}]}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r4) sendmsg$TIPC_CMD_ENABLE_BEARER(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) 1.056262606s ago: executing program 5 (id=843): syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000180)='./bus\x00', 0x2000804, &(0x7f0000000480)={[{@numtail}, {@iocharset={'iocharset', 0x3d, 'iso8859-5'}}, {@shortname_win95}, {@shortname_win95}, {@rodir}, {@utf8no}, {@shortname_winnt}, {@shortname_win95}, {@fat=@check_normal}, {@fat=@codepage={'codepage', 0x3d, '866'}}, {@utf8}, {@numtail}, {@rodir}, {@shortname_lower}, {@utf8no}, {@rodir}]}, 0x1, 0x289, &(0x7f00000001c0)="$eJzs3c1qA1UUAOAzzaRJdJEsXInQAV24Kq1P0CIVxIKgZKEutNgUpAmFFgJVMXblE7hx6/O4EV/AB1Dc2YU4ks7kTyctkbQp+n2bHs69J/fM3KHtZm4+eWVwfnpxdXbz5c/RbCaxdRAHcZtEJ7Zi4uuo9NOv1XkA4Jm7zfP4LS80itT14oz6ksp069GbAwAexfzf/033AgA8jfc/+PCdw+Pjo/eyrBkx+GbYTaL4WYwfnsVn0Y9e7EU7/ojIp4r4rbePjyLNxjrx2mA07I4rBx//UH7+4S8Rd/X70Y5Odf1+VpirHw279XihXP+gH713v492vFRd/8as/jYv66O7Ha+/Otf/brTjx0/jIvpxGsX/OpP6r/az7M3829+/+GicHdcno2G3EacLdyqvPfXeAAAAAAAAAAAAAAAAAAAAAADw37WbTXUWz9+ZHPx/z/g95wON5s7n2cuyLE+K+bP6NF5OI93ktQMAAAAAAAAAAAAAAAAAAMBzcXX9+flJv9+7XGswea2/Yij+XMw0ImLJ56QPr7WzaodRK1vrJxGrXVc9GneVD0+urXjHWuN+epdJGuvbgmSaac0P7USx1jjTKoK5zGpLfPfPjWvGXTB5us5PkmWbOwmaVQ/JGoK84vGrLa3a/numVV5BxeTWPatvv/ives7bS4aSiKhPb2Y51KqeXF/vPXy630EAAAAAAAAAAAAAAAAAAEBh9tJvxeDNBhoCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgA2Yff//CsGoLF42J6+NgzTKzIYvEQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgP+BvwIAAP//XAxp4w==") open(0x0, 0x0, 0x100) creat(&(0x7f0000000080)='./file0\x00', 0x0) 1.040406887s ago: executing program 2 (id=844): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) getpid() mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000440), 0x8, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) r3 = inotify_init1(0x80000) inotify_add_watch(r3, &(0x7f0000000200)='./file0\x00', 0x114) chdir(0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r4, &(0x7f0000010200)=ANY=[], 0x118) 789.243392ms ago: executing program 3 (id=845): syz_mount_image$vfat(&(0x7f0000000440), &(0x7f0000000080)='./file0\x00', 0x800090, &(0x7f0000009f00)=ANY=[@ANYBLOB="73686f72746e616d653d6d697865642c6e66732c726f6469722c6e6f6e756d7461696c3d302c757466383d312c757466383d302c696f636861727365743d6d616363656e746575726f2c726f6469722c636865636b3d7374726963742c757466383d312c757466383d302c726f6469722c636f6465706167653d3835322c726f6469722c696f636861727365743d6b6f69382d72752c756e695f786c6174653d302c73686f72746e616d653d77696e39352c756e695f786c6174653d302c756e695f786c6174653d312c73686f72746e616d653d77696e39352c726f6469722c6e6e6f6e756d55492fc57461696c3d312c756e695f786c6174653d302c73686f72746e616d653d6d697865642c757466383d312c73686f72746e616d653d6c6f7765722c75746638"], 0x6, 0x2d7, &(0x7f0000000640)="$eJzs3btrZGUUAPBzJ3ceajFTWIngBS2sls22NhNkF8RULlOsFhrcXZDMIOxCxAeOW4mdjaV/gSD4h2hhZynYCnausHDlvnYee50ZJRPR/H6Q5OT7vnO/cx8kt8nJO8/PTm9ncffBJz/HYJBEZ9yPeJjEKDrR+CxWjL8MAOC/7GGex295pWX6py825A72WBcAsD9bfv/X0vLzrWLFdxdXGwCwHzdvvfn60fHx9TeybBA3Zp+fTZKIKL5W80d3472Yxp24GsN4FFG+KHSjfFsowht5ns/TrDCKl2bzs0mROXv7+/r4R79GlPmHMYxROfT4baPMf+34+mFWWcqfF3U8Xe8/LvKvxTCefZy8kn+tJT8mvXj5xaX6r8Qwfnw33o9p3C6LWOR/ephlr+Zf/f7xW0V5RX4yP5v0y3UL+UGz+fyC7xEAAAAAAAAAAAAAAAAAAAAAAP8/V+reOf0o+/cUQ3X/nYNHxTfdyBqj1f48VX7SHGjRHyg6eZ7P8/i66a9zNcuyvF64yE/jubRuLAgAAAAAAAAAAAAAAAAAAACX3P0PPzo9mU7v3DuXoOkGkEbEHzcj/ulxxksjL8Tmxf16z5PptFOHq2vS5ZE4aNYkERvLKE7inC7LtuCpJ2qug2++bc1Kq74Lxcf61GD7pt32vf5m8EG3uo6ta5qn6/Qkab+G/WhGBsWNi/Ub14v23buxNtL7qwqbR3G30+m1Tg3XR4bbLl3vmTKYb1hT3La2qR/K4JVfqrKXzmJlca+8qq1H7tbBUvras7HT8xyDKv3JnxWJbh0AAAAAAAAAAAAAAAAAALBXi7/+bZl8sDG1k/f3VhYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXKjF///fJUhXk3fI6sW9+//WuQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHB5/BkAAP//UXpTZA==") syz_open_procfs(0xffffffffffffffff, 0x0) fsmount(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) syz_emit_ethernet(0x6a, &(0x7f00000004c0)={@random="d93f47151094", @remote, @val={@void, {0x8100, 0x0, 0x0, 0x3}}, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "1200b0", 0x30, 0x3a, 0x0, @empty, @mcast2, {[], @dest_unreach={0x4, 0x2, 0x0, 0x0, '\x00', {0x0, 0x6, "277382", 0x0, 0x32, 0x0, @private1, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}}}}}}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f00000001c0)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee3, 0x8031, 0xffffffffffffffff, 0xffffd000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48) r3 = socket$nl_route(0x10, 0x3, 0x0) socket$packet(0x11, 0x3, 0x300) sendmsg$nl_route(r3, 0x0, 0x0) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, 0x0) fchown(0xffffffffffffffff, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0) 0s ago: executing program 2 (id=846): r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000280)=ANY=[@ANYBLOB="12014101f2c59620d016b8108edee501030109022400010000100009040002020083ec0009050602000202000a09058202"], 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000003c0)={0x10, &(0x7f00000002c0)={0x0, 0x30, 0xc, "48277ad8ac8de9a2014f4719"}, 0x0, 0x0}) syz_usb_control_io$sierra_net(r0, 0x0, &(0x7f0000000b80)={0x10, &(0x7f0000000540)={0x0, 0x5, 0x28, "199862813587465c749f5d1c76fcd921ce21397150956b149a5ec0711e11d7481762faa3009f7ab6"}, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, &(0x7f0000000680)={0x44, &(0x7f0000000e40)={0x40, 0x9, 0x4, '\x00\x00G\x00'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) kernel console output (not intermixed with test programs): 1: new high-speed USB device number 3 using dummy_hcd [ 100.682058][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #40!!! [ 100.705900][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #02!!! [ 100.717509][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #02!!! [ 100.735371][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #82!!! [ 100.814705][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #182!!! [ 100.824130][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #182!!! [ 100.833578][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #18a!!! [ 100.843100][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #18a!!! [ 103.139943][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #40!!! [ 103.155954][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #82!!! [ 103.416041][ T4292] usb 4-1: unable to read config index 0 descriptor/all [ 103.423096][ T4292] usb 4-1: can't read configurations, error -61 [ 103.635931][ T4292] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 103.846029][ T4292] usb 4-1: device descriptor read/64, error -71 [ 103.977997][ T4292] usb usb4-port1: attempt power cycle [ 105.606425][ T4683] loop0: detected capacity change from 0 to 32768 [ 105.655448][ T4683] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz.0.108 (4683) [ 105.736209][ T4683] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 105.745142][ T4683] BTRFS info (device loop0): setting nodatacow, compression disabled [ 105.753295][ T4683] BTRFS info (device loop0): disabling tree log [ 105.759596][ T4683] BTRFS info (device loop0): turning on sync discard [ 105.766580][ T4683] BTRFS info (device loop0): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 105.776262][ T4683] BTRFS info (device loop0): force zstd compression, level 3 [ 105.783743][ T4683] BTRFS info (device loop0): using free space tree [ 105.790313][ T4683] BTRFS info (device loop0): has skinny extents [ 105.930443][ T4674] loop3: detected capacity change from 0 to 32768 [ 105.967622][ T4683] BTRFS info (device loop0): enabling ssd optimizations [ 106.003228][ T4660] loop1: detected capacity change from 0 to 40427 [ 106.026047][ T4674] BTRFS: device fsid 3d39d0ba-bdae-447e-827b-b091e1a68885 devid 1 transid 8 /dev/loop3 scanned by syz.3.107 (4674) [ 106.088249][ T4660] F2FS-fs (loop1): build fault injection attr: rate: 0, type: 0x7 [ 106.183055][ T4660] F2FS-fs (loop1): Unrecognized mount option "barrier" or missing value [ 106.484408][ T4674] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 106.506101][ T4674] BTRFS info (device loop3): using free space tree [ 106.512669][ T4674] BTRFS info (device loop3): has skinny extents [ 107.106010][ T4674] BTRFS info (device loop3): enabling ssd optimizations [ 107.373396][ T26] audit: type=1800 audit(1760784004.515:4): pid=4674 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.107" name="file1" dev="loop3" ino=260 res=0 errno=0 [ 108.556046][ T4752] loop1: detected capacity change from 0 to 16 [ 108.602339][ T4752] erofs: (device loop1): mounted with root inode @ nid 36. [ 108.621544][ T4752] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 108.630811][ T4752] overlayfs: option "volatile" is meaningless in a non-upper mount, ignoring it. [ 108.640123][ T4752] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 109.026724][ T4760] loop1: detected capacity change from 0 to 256 [ 109.146807][ T4760] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 110.858543][ T4743] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 111.346317][ T4743] usb 5-1: New USB device found, idVendor=05ac, idProduct=0290, bcdDevice=dc.1b [ 111.411288][ T4743] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 111.657375][ T4743] usb 5-1: config 0 descriptor?? [ 111.709176][ T4743] input: bcm5974 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input6 [ 112.312634][ T4797] ieee802154 phy0 wpan0: encryption failed: -22 [ 112.962729][ T4792] loop2: detected capacity change from 0 to 4096 [ 113.038295][ T1325] usb 5-1: USB disconnect, device number 2 [ 113.077641][ T4792] ntfs3: Unknown parameter 'windows_names' [ 113.093387][ T4801] loop1: detected capacity change from 0 to 764 [ 116.781621][ T4854] loop2: detected capacity change from 0 to 40427 [ 116.840020][ T4854] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 116.847878][ T4854] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 116.866450][ T4854] F2FS-fs (loop2): invalid crc value [ 116.927414][ T4854] F2FS-fs (loop2): Found nat_bits in checkpoint [ 116.991667][ T4854] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 116.999175][ T4854] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 117.902961][ T26] audit: type=1800 audit(1760784014.505:5): pid=4870 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.133" name="file1" dev="loop2" ino=10 res=0 errno=0 [ 118.597192][ T4182] attempt to access beyond end of device [ 118.597192][ T4182] loop2: rw=2049, want=40968, limit=40427 [ 119.673122][ T4888] loop0: detected capacity change from 0 to 512 [ 119.727500][ T4888] EXT4-fs (loop0): Ignoring removed nobh option [ 119.754349][ T4888] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 119.839470][ T4888] EXT4-fs error (device loop0): ext4_orphan_get:1401: inode #15: comm syz.0.136: iget: bad i_size value: 38620345925642 [ 119.866998][ T4888] EXT4-fs error (device loop0): ext4_orphan_get:1406: comm syz.0.136: couldn't read orphan inode 15 (err -117) [ 119.906426][ T4888] EXT4-fs (loop0): mounted filesystem without journal. Opts: nobh,auto_da_alloc,data_err=ignore,nojournal_checksum,dioread_nolock,minixdf,,errors=continue. Quota mode: writeback. [ 120.737579][ T4899] bond0: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 121.020571][ T4899] bond0: (slave lo): Error: Device can not be enslaved while up [ 121.468304][ T4891] EXT4-fs error (device loop0): ext4_validate_block_bitmap:429: comm ext4lazyinit: bg 0: block 5: invalid block bitmap [ 122.016871][ T4344] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 724 with error 28 [ 122.032981][ T4344] EXT4-fs (loop0): This should not happen!! Data will be lost [ 122.032981][ T4344] [ 122.045740][ T4344] EXT4-fs (loop0): Total free blocks count 0 [ 122.052167][ T4344] EXT4-fs (loop0): Free/Dirty block details [ 122.059555][ T4344] EXT4-fs (loop0): free_blocks=0 [ 122.064717][ T4344] EXT4-fs (loop0): dirty_blocks=724 [ 122.096070][ T4241] usb 5-1: new low-speed USB device number 3 using dummy_hcd [ 122.103131][ T4344] EXT4-fs (loop0): Block reservation details [ 122.132256][ T4344] EXT4-fs (loop0): i_reserved_data_blocks=724 [ 122.205636][ T4923] loop1: detected capacity change from 0 to 764 [ 122.395974][ T4743] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 122.656230][ T4743] usb 4-1: Using ep0 maxpacket: 32 [ 122.672652][ T4241] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 123.385952][ T4241] usb 5-1: config 0 has no interface number 0 [ 123.441443][ T4241] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 123.514098][ T4241] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8 [ 123.552222][ T4241] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 123.597985][ T4942] loop2: detected capacity change from 0 to 4096 [ 123.604645][ T4241] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 123.693309][ T4241] usb 5-1: config 0 descriptor?? [ 123.749368][ T4743] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 123.766338][ T4908] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 123.787356][ T4743] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 123.824422][ T4241] iowarrior 5-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 123.832452][ T4743] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 123.876112][ T4743] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 123.885101][ T4949] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 123.935447][ T4743] usb 4-1: config 0 descriptor?? [ 123.977462][ T4743] hub 4-1:0.0: USB hub found [ 124.055969][ T4908] udc-core: couldn't find an available UDC or it's busy [ 124.075205][ T4908] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 124.184947][ T4954] overlayfs: upper fs does not support tmpfile. [ 124.198065][ T4241] usb 5-1: USB disconnect, device number 3 [ 124.199266][ T4743] hub 4-1:0.0: 1 port detected [ 124.252783][ T4954] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 124.331425][ T4954] overlayfs: failed to set xattr on upper [ 124.379734][ T4954] overlayfs: ...falling back to index=off,metacopy=off. [ 124.399895][ T4954] overlayfs: conflicting lowerdir path [ 124.406498][ T4743] hub 4-1:0.0: hub_hub_status failed (err = -71) [ 124.413229][ T4743] hub 4-1:0.0: config failed, can't get hub status (err -71) [ 124.546039][ T4743] usbhid 4-1:0.0: can't add hid device: -71 [ 124.554782][ T4743] usbhid: probe of 4-1:0.0 failed with error -71 [ 124.646841][ T4743] usb 4-1: USB disconnect, device number 6 [ 124.886428][ T4945] loop0: detected capacity change from 0 to 40427 [ 124.989973][ T4945] F2FS-fs (loop0): build fault injection attr: rate: 0, type: 0x7 [ 125.048975][ T4945] F2FS-fs (loop0): Unrecognized mount option "barrier" or missing value [ 125.565280][ T4978] nfs4: Unknown parameter 'smackfshat' [ 130.180546][ T5033] netlink: 'syz.3.162': attribute type 6 has an invalid length. [ 131.067336][ T5037] overlayfs: failed to resolve './bus': -2 [ 133.587508][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.600355][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.907532][ T5051] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 135.357829][ T5071] loop0: detected capacity change from 0 to 16 [ 135.404707][ T5071] erofs: (device loop0): mounted with root inode @ nid 36. [ 135.453757][ T26] audit: type=1800 audit(1760784032.605:6): pid=5071 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.177" name="file1" dev="loop0" ino=86 res=0 errno=0 [ 146.173525][ T5149] loop1: detected capacity change from 0 to 512 [ 147.078119][ T5157] loop4: detected capacity change from 0 to 512 [ 147.220211][ T5149] EXT4-fs (loop1): inline encryption not supported [ 147.231204][ T5149] EXT4-fs (loop1): Ignoring removed nobh option [ 147.506394][ T5149] EXT4-fs warning (device loop1): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 147.566281][ T5149] EXT4-fs warning (device loop1): dx_probe:881: Enable large directory feature to access it [ 147.580904][ T5149] EXT4-fs warning (device loop1): dx_probe:966: inode #2: comm syz.1.197: Corrupt directory, running e2fsck is recommended [ 147.581305][ T5157] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 147.598291][ T5149] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -117 [ 147.618311][ T5149] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2228: inode #15: comm syz.1.197: corrupted in-inode xattr [ 147.744003][ T5157] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 147.758018][ T5149] EXT4-fs error (device loop1): ext4_orphan_get:1406: comm syz.1.197: couldn't read orphan inode 15 (err -117) [ 147.800413][ T5149] EXT4-fs (loop1): mounted filesystem without journal. Opts: dioread_lock,noblock_validity,inlinecrypt,jqfmt=vfsold,auto_da_alloc,grpjquota=.journal_checksum,barrier=0x0000000000000000,nobh,grpid,,,errors=continue. Quota mode: writeback. [ 147.827499][ T5157] EXT4-fs warning (device loop4): ext4_expand_extra_isize_ea:2825: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 147.862330][ T5157] EXT4-fs (loop4): 1 truncate cleaned up [ 147.896017][ T5157] EXT4-fs (loop4): mounted filesystem without journal. Opts: errors=remount-ro,resuid=0x0000000000000000,debug_want_extra_isize=0x0000000000000068,barrier,lazytime,quota,. Quota mode: writeback. [ 149.960822][ T5184] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 150.162021][ T5187] loop4: detected capacity change from 0 to 1024 [ 150.255109][ T5187] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 152.262690][ T5181] loop0: detected capacity change from 0 to 40427 [ 152.305662][ T5181] F2FS-fs (loop0): build fault injection attr: rate: 0, type: 0x7 [ 152.331555][ T5181] F2FS-fs (loop0): Unrecognized mount option "barrier" or missing value [ 153.526822][ T5206] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 154.346986][ T5219] tipc: Enabling of bearer rejected, failed to enable media [ 154.386697][ T5219] device syzkaller0 entered promiscuous mode [ 154.556230][ T4550] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 154.838440][ T5225] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 155.036822][ T4550] usb 1-1: New USB device found, idVendor=05ac, idProduct=0290, bcdDevice=dc.1b [ 155.069172][ T4550] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 155.213221][ T4550] usb 1-1: config 0 descriptor?? [ 155.309915][ T4550] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input7 [ 155.636165][ T5210] loop2: detected capacity change from 0 to 32768 [ 155.860276][ T5229] loop1: detected capacity change from 0 to 40427 [ 155.900346][ T5229] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 155.908522][ T5229] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 156.151222][ T5229] F2FS-fs (loop1): invalid crc value [ 156.199132][ T5210] XFS (loop2): Mounting V5 Filesystem [ 156.252137][ T5229] F2FS-fs (loop1): Found nat_bits in checkpoint [ 156.312655][ T5229] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 156.320015][ T5229] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 156.618945][ T5210] XFS (loop2): Ending clean mount [ 156.652026][ T5210] XFS (loop2): Quotacheck needed: Please wait. [ 156.839768][ T5210] XFS (loop2): Quotacheck: Done. [ 157.097265][ T4182] XFS (loop2): Unmounting Filesystem [ 157.146141][ T4718] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 157.288926][ T4344] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 157.330426][ T4255] usb 1-1: USB disconnect, device number 2 [ 157.338595][ T4344] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 158.466032][ T4718] usb 4-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 158.475475][ T4718] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 158.517354][ T4718] usb 4-1: config 0 descriptor?? [ 158.949106][ T5267] loop1: detected capacity change from 0 to 1024 [ 159.185562][ T5267] EXT4-fs (loop1): Unrecognized mount option "euid=00000000000000000000" or missing value [ 159.786207][ T4718] usb 4-1: Cannot set autoneg [ 159.800730][ T4718] MOSCHIP usb-ethernet driver: probe of 4-1:0.0 failed with error -71 [ 159.865313][ T4718] usb 4-1: USB disconnect, device number 7 [ 161.047758][ T5285] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 162.506218][ T4740] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 162.549270][ T5301] loop1: detected capacity change from 0 to 256 [ 162.804425][ T5301] FAT-fs (loop1): Unrecognized mount option "uni_x|ate=1" or missing value [ 162.977906][ T4740] usb 4-1: New USB device found, idVendor=05ac, idProduct=0290, bcdDevice=dc.1b [ 163.040042][ T4740] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 163.055009][ T4740] usb 4-1: config 0 descriptor?? [ 163.112464][ T4740] input: bcm5974 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input8 [ 163.209300][ T5306] loop1: detected capacity change from 0 to 512 [ 163.290536][ T5306] EXT4-fs (loop1): DAX enabled. Warning: EXPERIMENTAL, use at your own risk [ 163.318771][ T5306] EXT4-fs (loop1): DAX unsupported by block device. [ 163.452839][ T5313] loop4: detected capacity change from 0 to 2048 [ 163.574664][ T5313] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 164.713273][ T5322] overlayfs: upper fs needs to support d_type. [ 164.735305][ T5322] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 164.743453][ T5322] overlayfs: failed to set xattr on upper [ 164.749400][ T5322] overlayfs: ...falling back to index=off,metacopy=off. [ 165.366824][ T4241] usb 4-1: USB disconnect, device number 8 [ 166.731214][ T5339] IPv6: NLM_F_CREATE should be specified when creating new route [ 166.740243][ T5339] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 166.747667][ T5339] IPv6: NLM_F_CREATE should be set when creating new route [ 167.830399][ T4241] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 167.958912][ T4718] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 170.625919][ T4718] usb 3-1: Using ep0 maxpacket: 16 [ 170.646161][ T4241] usb 4-1: device descriptor read/all, error -71 [ 170.696040][ T4718] usb 3-1: device descriptor read/all, error -71 [ 172.981471][ T5394] loop1: detected capacity change from 0 to 512 [ 173.043045][ T5394] EXT4-fs (loop1): DAX enabled. Warning: EXPERIMENTAL, use at your own risk [ 173.096543][ T5394] EXT4-fs (loop1): DAX unsupported by block device. [ 173.136174][ T4718] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 173.556877][ T4718] usb 3-1: New USB device found, idVendor=05ac, idProduct=0290, bcdDevice=dc.1b [ 173.608207][ T4718] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 173.821848][ T4718] usb 3-1: config 0 descriptor?? [ 173.894674][ T4718] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input9 [ 174.020550][ T4768] usb 3-1: USB disconnect, device number 4 [ 174.083603][ T5402] loop4: detected capacity change from 0 to 512 [ 174.326451][ T5402] EXT4-fs (loop4): Ignoring removed nobh option [ 174.439033][ T5402] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 174.916071][ T5402] EXT4-fs error (device loop4): ext4_orphan_get:1401: inode #15: comm syz.4.267: iget: bad i_size value: 38620345925642 [ 174.969031][ T5402] EXT4-fs error (device loop4): ext4_orphan_get:1406: comm syz.4.267: couldn't read orphan inode 15 (err -117) [ 174.991855][ T5402] EXT4-fs (loop4): mounted filesystem without journal. Opts: nobh,auto_da_alloc,data_err=ignore,nojournal_checksum,dioread_nolock,minixdf,,errors=continue. Quota mode: writeback. [ 175.514236][ T5423] loop2: detected capacity change from 0 to 40427 [ 175.569367][ T5423] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 175.577387][ T5423] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 175.600466][ T5423] F2FS-fs (loop2): invalid crc value [ 175.649636][ T5423] F2FS-fs (loop2): Found nat_bits in checkpoint [ 175.710067][ T5423] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 175.717198][ T5423] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 176.600774][ T4412] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 176.628463][ T4412] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 176.934167][ T5439] loop4: detected capacity change from 0 to 256 [ 177.096347][ T5439] FAT-fs (loop4): Directory bread(block 64) failed [ 177.113240][ T5439] FAT-fs (loop4): Directory bread(block 65) failed [ 177.133596][ T5439] FAT-fs (loop4): Directory bread(block 66) failed [ 177.192509][ T5439] FAT-fs (loop4): Directory bread(block 67) failed [ 177.216233][ T5439] FAT-fs (loop4): Directory bread(block 68) failed [ 177.236329][ T5439] FAT-fs (loop4): Directory bread(block 69) failed [ 177.263433][ T5439] FAT-fs (loop4): Directory bread(block 70) failed [ 177.277060][ T5439] FAT-fs (loop4): Directory bread(block 71) failed [ 177.294081][ T5439] FAT-fs (loop4): Directory bread(block 72) failed [ 177.314241][ T4718] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 177.328162][ T5439] FAT-fs (loop4): Directory bread(block 73) failed [ 177.393960][ T5443] loop0: detected capacity change from 0 to 8192 [ 177.409166][ T5439] netlink: 16 bytes leftover after parsing attributes in process `syz.4.276'. [ 178.586510][ T4718] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 129, using maximum allowed: 30 [ 178.622651][ T5462] netlink: 'syz.4.280': attribute type 21 has an invalid length. [ 178.630727][ T5462] netlink: 132 bytes leftover after parsing attributes in process `syz.4.280'. [ 178.640056][ T5462] netlink: 20 bytes leftover after parsing attributes in process `syz.4.280'. [ 178.660278][ T4718] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 129 [ 178.895462][ T4718] usb 4-1: New USB device found, idVendor=17ef, idProduct=6004, bcdDevice= 0.00 [ 179.023454][ T4718] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 179.267289][ T4718] usb 4-1: config 0 descriptor?? [ 180.498273][ T4718] wacom 0003:17EF:6004.0001: hidraw0: USB HID v0.00 Device [HID 17ef:6004] on usb-dummy_hcd.3-1/input0 [ 180.779643][ T4718] usb 4-1: USB disconnect, device number 11 [ 180.819501][ T5481] loop2: detected capacity change from 0 to 4096 [ 180.874841][ T5486] fido_id[5486]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory [ 180.937024][ T5490] loop1: detected capacity change from 0 to 512 [ 181.018288][ T5490] EXT4-fs (loop1): DAX enabled. Warning: EXPERIMENTAL, use at your own risk [ 181.041633][ T5490] EXT4-fs (loop1): DAX unsupported by block device. [ 181.152789][ T5481] EXT4-fs (loop2): Test dummy encryption mode enabled [ 181.166062][ T5481] EXT4-fs (loop2): Unrecognized mount option "obj_user=')" or missing value [ 183.421719][ T5506] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 183.726178][ T154] Bluetooth: (null): Invalid header checksum [ 183.732480][ T154] Bluetooth: (null): Invalid header checksum [ 183.877135][ T154] Bluetooth: (null): Invalid header checksum [ 183.897162][ T5506] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 184.085985][ T5506] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 184.104328][ T154] Bluetooth: (null): Invalid header checksum [ 185.219135][ T5516] netlink: 'syz.1.295': attribute type 21 has an invalid length. [ 185.244018][ T5516] netlink: 132 bytes leftover after parsing attributes in process `syz.1.295'. [ 185.302717][ T5516] netlink: 20 bytes leftover after parsing attributes in process `syz.1.295'. [ 186.115955][ T4740] Bluetooth: hci4: command 0x0406 tx timeout [ 186.122862][ T4740] Bluetooth: hci2: command 0x0406 tx timeout [ 186.153317][ T4740] Bluetooth: hci0: command 0x0406 tx timeout [ 186.183800][ T4740] Bluetooth: hci1: command 0x0406 tx timeout [ 186.208949][ T4740] Bluetooth: hci3: command 0x0406 tx timeout [ 187.605993][ T5541] netlink: 72 bytes leftover after parsing attributes in process `syz.4.301'. [ 188.497993][ T5544] bridge0: port 2(bridge_slave_1) entered disabled state [ 188.507549][ T5544] bridge0: port 1(bridge_slave_0) entered disabled state [ 188.574122][ T5544] bridge0: port 2(bridge_slave_1) entered blocking state [ 188.581301][ T5544] bridge0: port 2(bridge_slave_1) entered forwarding state [ 188.590775][ T5544] bridge0: port 1(bridge_slave_0) entered blocking state [ 188.597950][ T5544] bridge0: port 1(bridge_slave_0) entered forwarding state [ 188.706859][ T5544] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 188.712606][ T5551] loop3: detected capacity change from 0 to 4096 [ 188.850849][ T5555] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 188.923829][ T5551] overlayfs: upper fs does not support tmpfile. [ 188.936584][ T5551] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 188.944007][ T5551] overlayfs: failed to set xattr on upper [ 188.968815][ T5551] overlayfs: ...falling back to index=off,metacopy=off. [ 189.002120][ T5557] loop2: detected capacity change from 0 to 512 [ 189.215034][ T5557] EXT4-fs (loop2): DAX enabled. Warning: EXPERIMENTAL, use at your own risk [ 189.392063][ T5557] EXT4-fs (loop2): DAX unsupported by block device. [ 191.382257][ T5624] netlink: 'syz.4.308': attribute type 21 has an invalid length. [ 191.390238][ T5624] netlink: 132 bytes leftover after parsing attributes in process `syz.4.308'. [ 191.399291][ T5624] netlink: 20 bytes leftover after parsing attributes in process `syz.4.308'. [ 191.783019][ T5551] syz.3.303 (5551) used greatest stack depth: 19200 bytes left [ 191.945502][ T4718] NILFS (loop3): DAT doesn't have a block to manage vblocknr = 648518346341351424 [ 192.004133][ T5627] netlink: 'syz.0.310': attribute type 1 has an invalid length. [ 192.026389][ T5627] device bond1 entered promiscuous mode [ 192.032566][ T5627] 8021q: adding VLAN 0 to HW filter on device bond1 [ 192.062130][ T5627] bond1: (slave gretap1): making interface the new active one [ 192.069912][ T5627] device gretap1 entered promiscuous mode [ 192.079232][ T5627] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 192.096307][ T5599] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready [ 192.116617][ T4718] NILFS error (device loop3): nilfs_bmap_truncate: broken bmap (inode number=12) [ 192.317862][ T4718] Remounting filesystem read-only [ 192.323139][ T4718] NILFS (loop3): error -5 truncating bmap (ino=12) [ 195.008564][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 195.014947][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.284435][ T5658] loop4: detected capacity change from 0 to 512 [ 195.290980][ T4234] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 195.438402][ T5655] loop2: detected capacity change from 0 to 40427 [ 195.539163][ T5660] Cannot find set identified by id 65534 to match [ 195.550824][ T5655] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 195.558837][ T5655] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 195.569293][ T5658] EXT4-fs (loop4): Test dummy encryption mode enabled [ 195.587595][ T5655] F2FS-fs (loop2): invalid crc value [ 195.602410][ T5658] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 195.657211][ T5658] EXT4-fs error (device loop4): ext4_orphan_get:1427: comm syz.4.319: bad orphan inode 131083 [ 195.669554][ T5655] F2FS-fs (loop2): Found nat_bits in checkpoint [ 195.692450][ T5658] EXT4-fs (loop4): mounted filesystem without journal. Opts: test_dummy_encryption,init_itable,noload,,errors=continue. Quota mode: none. [ 195.742935][ T5664] loop0: detected capacity change from 0 to 4096 [ 195.773590][ T5655] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 195.781161][ T5655] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 195.864713][ T5669] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 195.889429][ T5664] NILFS error (device loop0): nilfs_readdir: zero-length directory entry [ 195.929778][ T5671] loop3: detected capacity change from 0 to 512 [ 195.949685][ T5664] Remounting filesystem read-only [ 196.153319][ T5671] EXT4-fs (loop3): DAX enabled. Warning: EXPERIMENTAL, use at your own risk [ 196.202074][ T5671] EXT4-fs (loop3): DAX unsupported by block device. [ 196.337973][ T5607] Bluetooth: (null): Invalid header checksum [ 196.344081][ T5607] Bluetooth: (null): Invalid header checksum [ 196.995724][ T5603] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 197.010987][ T5603] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 198.924029][ T5694] netlink: 'syz.2.324': attribute type 21 has an invalid length. [ 198.932327][ T5694] netlink: 132 bytes leftover after parsing attributes in process `syz.2.324'. [ 198.941574][ T5694] netlink: 20 bytes leftover after parsing attributes in process `syz.2.324'. [ 201.113705][ T5707] loop4: detected capacity change from 0 to 4096 [ 201.164597][ T5713] loop2: detected capacity change from 0 to 512 [ 201.185977][ T5713] EXT4-fs (loop2): DAX enabled. Warning: EXPERIMENTAL, use at your own risk [ 201.203664][ T5707] ntfs3: loop4: Different NTFS' sector size (4096) and media sector size (512) [ 201.217818][ T5713] EXT4-fs (loop2): DAX unsupported by block device. [ 201.781519][ T5707] ntfs3: loop4: Failed to load $Extend. [ 203.376763][ T5703] loop3: detected capacity change from 0 to 32768 [ 203.449997][ T5735] netlink: 'syz.1.339': attribute type 21 has an invalid length. [ 203.458364][ T5735] netlink: 132 bytes leftover after parsing attributes in process `syz.1.339'. [ 203.467755][ T5735] netlink: 20 bytes leftover after parsing attributes in process `syz.1.339'. [ 204.931815][ T5744] loop4: detected capacity change from 0 to 512 [ 205.236569][ T5744] EXT4-fs (loop4): Ignoring removed nobh option [ 205.242912][ T5744] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 205.489399][ T5744] EXT4-fs error (device loop4): ext4_orphan_get:1401: inode #15: comm syz.4.340: iget: bad i_size value: 38620345925642 [ 205.697648][ T5744] EXT4-fs error (device loop4): ext4_orphan_get:1406: comm syz.4.340: couldn't read orphan inode 15 (err -117) [ 205.888650][ T5760] loop1: detected capacity change from 0 to 512 [ 205.994608][ T5744] EXT4-fs (loop4): mounted filesystem without journal. Opts: nobh,auto_da_alloc,data_err=ignore,nojournal_checksum,dioread_nolock,minixdf,,errors=continue. Quota mode: writeback. [ 206.368107][ T5760] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 206.545933][ T5760] EXT4-fs (loop1): 1 truncate cleaned up [ 206.551639][ T5760] EXT4-fs (loop1): mounted filesystem without journal. Opts: errors=remount-ro,resuid=0x0000000000000000,debug_want_extra_isize=0x0000000000000068,barrier,grpjquota=,quota,. Quota mode: writeback. [ 207.628265][ T5772] loop3: detected capacity change from 0 to 16 [ 207.741217][ T5772] erofs: (device loop3): mounted with root inode @ nid 36. [ 208.389792][ T5780] erofs: (device loop3): z_erofs_fill_inode_lazy: per-inode big pcluster without sb feature for nid 36 [ 208.401551][ T5780] erofs: (device loop3): z_erofs_readpage: failed to read, err [-117] [ 208.411374][ T5780] erofs: (device loop3): z_erofs_fill_inode_lazy: per-inode big pcluster without sb feature for nid 36 [ 208.422499][ T5780] erofs: (device loop3): z_erofs_readpage: failed to read, err [-117] [ 210.692704][ T4255] Bluetooth: hci4: command 0x0405 tx timeout [ 210.718023][ T5790] netlink: 'syz.4.353': attribute type 21 has an invalid length. [ 210.726755][ T5790] netlink: 132 bytes leftover after parsing attributes in process `syz.4.353'. [ 210.735784][ T5790] netlink: 20 bytes leftover after parsing attributes in process `syz.4.353'. [ 211.962065][ T5800] xt_hashlimit: max too large, truncated to 1048576 [ 213.513570][ T5809] loop0: detected capacity change from 0 to 512 [ 213.789403][ T5822] loop3: detected capacity change from 0 to 256 [ 213.804328][ T5809] EXT4-fs (loop0): Ignoring removed nobh option [ 213.821040][ T5809] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 213.958877][ T5809] EXT4-fs error (device loop0): ext4_orphan_get:1401: inode #15: comm syz.0.359: iget: bad i_size value: 38620345925642 [ 214.031405][ T5809] EXT4-fs error (device loop0): ext4_orphan_get:1406: comm syz.0.359: couldn't read orphan inode 15 (err -117) [ 214.115374][ T5809] EXT4-fs (loop0): mounted filesystem without journal. Opts: nobh,auto_da_alloc,data_err=ignore,nojournal_checksum,dioread_nolock,minixdf,,errors=continue. Quota mode: writeback. [ 217.133681][ T5856] loop3: detected capacity change from 0 to 40427 [ 217.180356][ T5856] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 217.188246][ T5856] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 217.201517][ T5856] F2FS-fs (loop3): invalid crc value [ 217.289694][ T5856] F2FS-fs (loop3): Found nat_bits in checkpoint [ 217.347545][ T5856] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 217.354637][ T5856] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 219.904914][ T5603] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 220.088076][ T5603] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 220.121608][ T5878] loop1: detected capacity change from 0 to 512 [ 221.143287][ T5878] EXT4-fs (loop1): Ignoring removed nobh option [ 221.159492][ T5878] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 221.334067][ T5894] overlayfs: failed to resolve './file0': -2 [ 221.487705][ T5878] EXT4-fs error (device loop1): ext4_orphan_get:1401: inode #15: comm syz.1.378: iget: bad i_size value: 38620345925642 [ 221.560923][ T5878] EXT4-fs error (device loop1): ext4_orphan_get:1406: comm syz.1.378: couldn't read orphan inode 15 (err -117) [ 221.746951][ T5878] EXT4-fs (loop1): mounted filesystem without journal. Opts: nobh,auto_da_alloc,data_err=ignore,nojournal_checksum,dioread_nolock,minixdf,,errors=continue. Quota mode: writeback. [ 222.247948][ T5911] program syz.2.386 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 222.266893][ T5897] EXT4-fs error (device loop1): ext4_validate_block_bitmap:429: comm ext4lazyinit: bg 0: block 5: invalid block bitmap [ 222.896336][ T5915] loop3: detected capacity change from 0 to 256 [ 223.017784][ T5915] exfat: Unknown parameter 'º>RýoÊ:' [ 225.506507][ T5915] loop3: detected capacity change from 0 to 40427 [ 225.742949][ T5915] F2FS-fs (loop3): build fault injection attr: rate: 23, type: 0x1ffff [ 225.751301][ T5915] F2FS-fs (loop3): Unrecognized mount option "errors=continue" or missing value [ 225.865261][ T5930] loop2: detected capacity change from 0 to 512 [ 226.271286][ T5930] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 227.013386][ T5930] EXT4-fs (loop2): 1 truncate cleaned up [ 227.033098][ T5930] EXT4-fs (loop2): mounted filesystem without journal. Opts: errors=remount-ro,resuid=0x0000000000000000,debug_want_extra_isize=0x0000000000000068,barrier,grpjquota=,quota,. Quota mode: writeback. [ 228.434545][ T5946] overlayfs: failed to resolve './file0': -2 [ 228.844085][ T5949] loop1: detected capacity change from 0 to 2048 [ 229.283205][ T5938] loop4: detected capacity change from 0 to 32768 [ 229.336093][ T5949] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [ 229.373289][ T5949] UDF-fs: Scanning with blocksize 512 failed [ 229.446612][ T5949] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 230.110718][ T26] audit: type=1800 audit(1760784127.265:7): pid=5966 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.396" name="file1" dev="loop1" ino=818 res=0 errno=0 [ 230.133245][ T5938] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 230.603371][ T4186] ocfs2: Unmounting device (7,4) on (node local) [ 235.474405][ T6004] netlink: 'syz.3.409': attribute type 1 has an invalid length. [ 236.732616][ T6009] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address [ 236.766977][ T6009] bond1: (slave vxcan3): Error -22 calling dev_set_mtu [ 237.353904][ T6013] bond1: (slave bridge1): Enslaving as an active interface with a down link [ 237.379127][ T6027] netlink: 'syz.1.416': attribute type 5 has an invalid length. [ 237.445959][ T1106] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 239.136137][ T1106] usb 5-1: New USB device found, idVendor=05ac, idProduct=0290, bcdDevice=dc.1b [ 239.145323][ T1106] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 239.164755][ T1106] usb 5-1: config 0 descriptor?? [ 239.302650][ T1106] input: bcm5974 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input13 [ 241.254457][ T6044] loop1: detected capacity change from 0 to 4096 [ 241.300213][ T6044] EXT4-fs (loop1): Test dummy encryption mode enabled [ 241.349629][ T6044] EXT4-fs (loop1): Unrecognized mount option "obj_user=')" or missing value [ 241.935534][ T1106] usb 5-1: USB disconnect, device number 4 [ 242.239416][ T6061] loop0: detected capacity change from 0 to 128 [ 242.382156][ T6061] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 243.216622][ T6061] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 243.368401][ T26] audit: type=1800 audit(1760784140.525:8): pid=6061 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.427" name="file1" dev="loop0" ino=104 res=0 errno=0 [ 246.626793][ T6095] usb usb1: usbfs: interface 0 claimed by hub while 'syz.2.432' sets config #1 [ 247.478059][ T4718] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 247.559035][ T6100] loop2: detected capacity change from 0 to 256 [ 248.216233][ T4718] usb 2-1: New USB device found, idVendor=05ac, idProduct=0290, bcdDevice=dc.1b [ 248.722773][ T4718] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 248.779208][ T4718] usb 2-1: config 0 descriptor?? [ 248.900307][ T4718] input: bcm5974 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input14 [ 249.237424][ T6107] loop2: detected capacity change from 0 to 512 [ 249.300500][ T6107] EXT4-fs (loop2): Ignoring removed nobh option [ 249.312307][ T6107] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 249.420609][ T6107] EXT4-fs error (device loop2): ext4_orphan_get:1401: inode #15: comm syz.2.438: iget: bad i_size value: 38620345925642 [ 249.474952][ T6107] EXT4-fs error (device loop2): ext4_orphan_get:1406: comm syz.2.438: couldn't read orphan inode 15 (err -117) [ 249.490195][ T6107] EXT4-fs (loop2): mounted filesystem without journal. Opts: nobh,auto_da_alloc,data_err=ignore,nojournal_checksum,dioread_nolock,minixdf,,errors=continue. Quota mode: writeback. [ 249.579348][ T6117] EXT4-fs error (device loop2): ext4_validate_block_bitmap:429: comm syz.2.438: bg 0: block 5: invalid block bitmap [ 249.666539][ T6117] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1092 with error 28 [ 249.779087][ T6117] EXT4-fs (loop2): This should not happen!! Data will be lost [ 249.779087][ T6117] [ 250.052432][ T6117] EXT4-fs (loop2): Total free blocks count 0 [ 250.125682][ T6117] EXT4-fs (loop2): Free/Dirty block details [ 250.169592][ T6117] EXT4-fs (loop2): free_blocks=0 [ 250.200718][ T6117] EXT4-fs (loop2): dirty_blocks=1092 [ 250.277510][ T6117] EXT4-fs (loop2): Block reservation details [ 250.318040][ T6117] EXT4-fs (loop2): i_reserved_data_blocks=1092 [ 250.611987][ T4255] usb 2-1: USB disconnect, device number 2 [ 250.633362][ T6134] loop1: detected capacity change from 0 to 256 [ 252.041396][ T6134] exfat: Deprecated parameter 'namecase' [ 252.085922][ T6134] exfat: Deprecated parameter 'namecase' [ 252.091667][ T6134] exfat: Unknown parameter 'keep_last_dots' [ 252.206312][ T26] audit: type=1326 audit(1760784149.325:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6142 comm="syz.3.448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a885b0fc9 code=0x7ffc0000 [ 252.747373][ T26] audit: type=1326 audit(1760784149.325:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6142 comm="syz.3.448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=268 compat=0 ip=0x7f9a885b0fc9 code=0x7ffc0000 [ 252.902469][ T26] audit: type=1326 audit(1760784149.325:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6142 comm="syz.3.448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a885b0fc9 code=0x7ffc0000 [ 252.946866][ T26] audit: type=1326 audit(1760784149.325:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6142 comm="syz.3.448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f9a885b0fc9 code=0x7ffc0000 [ 253.081131][ T6134] x_tables: duplicate underflow at hook 4 [ 253.173993][ T26] audit: type=1326 audit(1760784149.325:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6142 comm="syz.3.448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a885b0fc9 code=0x7ffc0000 [ 253.288223][ T26] audit: type=1326 audit(1760784149.325:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6142 comm="syz.3.448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f9a885b0fc9 code=0x7ffc0000 [ 253.404993][ T26] audit: type=1326 audit(1760784149.325:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6142 comm="syz.3.448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a885b0fc9 code=0x7ffc0000 [ 253.549496][ T26] audit: type=1326 audit(1760784149.325:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6142 comm="syz.3.448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f9a885b0fc9 code=0x7ffc0000 [ 253.641966][ T26] audit: type=1326 audit(1760784149.325:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6142 comm="syz.3.448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a885b0fc9 code=0x7ffc0000 [ 253.745877][ T26] audit: type=1326 audit(1760784149.335:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6142 comm="syz.3.448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=288 compat=0 ip=0x7f9a885b0fc9 code=0x7ffc0000 [ 253.905975][ T6111] bridge0: port 2(bridge_slave_1) entered disabled state [ 253.913518][ T6111] bridge0: port 1(bridge_slave_0) entered disabled state [ 254.241480][ T4255] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 254.621787][ T4255] usb 2-1: New USB device found, idVendor=05ac, idProduct=0290, bcdDevice=dc.1b [ 254.634378][ T4255] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 254.655045][ T4255] usb 2-1: config 0 descriptor?? [ 254.724730][ T4255] input: bcm5974 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input15 [ 255.037090][ T6166] loop2: detected capacity change from 0 to 512 [ 255.068185][ T6166] EXT4-fs (loop2): Ignoring removed nobh option [ 255.072815][ T6111] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 255.081873][ T6166] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 255.184498][ T6166] EXT4-fs error (device loop2): ext4_orphan_get:1401: inode #15: comm syz.2.454: iget: bad i_size value: 38620345925642 [ 255.200902][ T6166] EXT4-fs error (device loop2): ext4_orphan_get:1406: comm syz.2.454: couldn't read orphan inode 15 (err -117) [ 255.221682][ T6166] EXT4-fs (loop2): mounted filesystem without journal. Opts: nobh,auto_da_alloc,data_err=ignore,nojournal_checksum,dioread_nolock,minixdf,,errors=continue. Quota mode: writeback. [ 255.248618][ T6111] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 255.709487][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.716113][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.989692][ T5596] EXT4-fs error (device loop2): ext4_validate_block_bitmap:429: comm kworker/u4:15: bg 0: block 5: invalid block bitmap [ 256.158315][ T5596] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 256.277667][ T5596] EXT4-fs (loop2): This should not happen!! Data will be lost [ 256.277667][ T5596] [ 256.350993][ T5596] EXT4-fs (loop2): Total free blocks count 0 [ 256.385839][ T5596] EXT4-fs (loop2): Free/Dirty block details [ 256.424954][ T5596] EXT4-fs (loop2): free_blocks=0 [ 256.458126][ T5596] EXT4-fs (loop2): dirty_blocks=5528 [ 256.489295][ T5596] EXT4-fs (loop2): Block reservation details [ 256.524107][ T5596] EXT4-fs (loop2): i_reserved_data_blocks=5528 [ 256.746099][ T5596] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 2052 with max blocks 2048 with error 28 [ 256.764645][ T5596] EXT4-fs (loop2): This should not happen!! Data will be lost [ 256.764645][ T5596] [ 256.949696][ T4718] usb 2-1: USB disconnect, device number 3 [ 258.790098][ T6111] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 258.805236][ T6111] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 258.814916][ T6111] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 258.829838][ T6111] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 258.870564][ T6191] loop1: detected capacity change from 0 to 512 [ 258.923563][ T6194] loop4: detected capacity change from 0 to 4096 [ 258.941013][ T6191] EXT4-fs (loop1): Ignoring removed nobh option [ 258.951567][ T6191] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 258.984733][ T6194] EXT4-fs (loop4): Test dummy encryption mode enabled [ 258.996257][ T6194] EXT4-fs (loop4): Unrecognized mount option "obj_user=')" or missing value [ 259.008626][ T6191] EXT4-fs error (device loop1): ext4_orphan_get:1401: inode #15: comm syz.1.461: iget: bad i_size value: 38620345925642 [ 259.033960][ T6191] EXT4-fs error (device loop1): ext4_orphan_get:1406: comm syz.1.461: couldn't read orphan inode 15 (err -117) [ 259.093400][ T6191] EXT4-fs (loop1): mounted filesystem without journal. Opts: nobh,auto_da_alloc,data_err=ignore,nojournal_checksum,dioread_nolock,minixdf,,errors=continue. Quota mode: writeback. [ 259.269793][ T6192] EXT4-fs error (device loop1): ext4_validate_block_bitmap:429: comm syz.1.461: bg 0: block 5: invalid block bitmap [ 259.434210][ T6192] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 916 with error 28 [ 259.764422][ T6192] EXT4-fs (loop1): This should not happen!! Data will be lost [ 259.764422][ T6192] [ 259.847247][ T6192] EXT4-fs (loop1): Total free blocks count 0 [ 259.853294][ T6192] EXT4-fs (loop1): Free/Dirty block details [ 259.890680][ T6192] EXT4-fs (loop1): free_blocks=0 [ 259.895692][ T6192] EXT4-fs (loop1): dirty_blocks=916 [ 259.922006][ T6192] EXT4-fs (loop1): Block reservation details [ 259.940696][ T6192] EXT4-fs (loop1): i_reserved_data_blocks=916 [ 260.475893][ T6219] loop3: detected capacity change from 0 to 1024 [ 261.366136][ T4227] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 261.514701][ T6223] netlink: 'syz.1.472': attribute type 21 has an invalid length. [ 261.530650][ T6223] netlink: 156 bytes leftover after parsing attributes in process `syz.1.472'. [ 261.540835][ T6219] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:476: comm syz.3.471: Invalid block bitmap block 0 in block_group 0 [ 261.562815][ T6219] __quota_error: 2 callbacks suppressed [ 261.562830][ T6219] Quota error (device loop3): write_blk: dquota write failed [ 261.578778][ T6219] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 261.594640][ T6219] EXT4-fs error (device loop3): ext4_acquire_dquot:6209: comm syz.3.471: Failed to acquire dquot type 0 [ 261.596723][ T6223] netlink: 4 bytes leftover after parsing attributes in process `syz.1.472'. [ 261.633584][ T6219] EXT4-fs error (device loop3): ext4_free_blocks:6218: comm syz.3.471: Freeing blocks not in datazone - block = 0, count = 4096 [ 261.701438][ T6225] IPv6: ADDRCONF(NETDEV_CHANGE): bpq0: link becomes ready [ 261.732674][ T6219] EXT4-fs error (device loop3): ext4_read_inode_bitmap:140: comm syz.3.471: Invalid inode bitmap blk 0 in block_group 0 [ 261.773413][ T5607] Quota error (device loop3): remove_tree: Getting block too big (0 >= 8) [ 261.786225][ T4227] usb 3-1: New USB device found, idVendor=05ac, idProduct=0290, bcdDevice=dc.1b [ 261.804199][ T4227] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 261.816320][ T5607] EXT4-fs error (device loop3): ext4_release_dquot:6245: comm kworker/u4:20: Failed to release dquot type 0 [ 261.839274][ T6219] EXT4-fs error (device loop3) in ext4_free_inode:362: Corrupt filesystem [ 261.862935][ T4227] usb 3-1: config 0 descriptor?? [ 261.870025][ T6219] EXT4-fs (loop3): 1 orphan inode deleted [ 261.901443][ T6219] EXT4-fs (loop3): mounted filesystem without journal. Opts: €; ,errors=continue. Quota mode: writeback. [ 261.926541][ T4227] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input16 [ 262.056716][ T6230] loop0: detected capacity change from 0 to 4096 [ 262.161963][ T6230] EXT4-fs (loop0): Test dummy encryption mode enabled [ 262.173704][ T6230] EXT4-fs (loop0): Unrecognized mount option "obj_user=')" or missing value [ 262.286002][ T26] audit: type=1326 audit(1760784159.435:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6238 comm="syz.3.478" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f9a885b0fc9 code=0x0 [ 263.104397][ T6245] loop0: detected capacity change from 0 to 256 [ 263.248752][ T6245] FAT-fs (loop0): Directory bread(block 64) failed [ 263.255355][ T6245] FAT-fs (loop0): Directory bread(block 65) failed [ 263.303751][ T6245] FAT-fs (loop0): Directory bread(block 66) failed [ 263.322650][ T1325] usb 3-1: USB disconnect, device number 5 [ 263.340395][ T6245] FAT-fs (loop0): Directory bread(block 67) failed [ 263.367928][ T6245] FAT-fs (loop0): Directory bread(block 68) failed [ 263.407292][ T6245] FAT-fs (loop0): Directory bread(block 69) failed [ 263.476897][ T6245] FAT-fs (loop0): Directory bread(block 70) failed [ 263.500651][ T6245] FAT-fs (loop0): Directory bread(block 71) failed [ 263.528001][ T6245] FAT-fs (loop0): Directory bread(block 72) failed [ 263.534590][ T6245] FAT-fs (loop0): Directory bread(block 73) failed [ 264.577938][ T6245] process 'syz.0.479' launched '/dev/fd/4' with NULL argv: empty string added [ 264.687435][ T6245] attempt to access beyond end of device [ 264.687435][ T6245] loop0: rw=524288, want=1768, limit=256 [ 264.788994][ T6259] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 264.827727][ T6245] attempt to access beyond end of device [ 264.827727][ T6245] loop0: rw=0, want=1744, limit=256 [ 264.852526][ T6259] overlayfs: missing 'lowerdir' [ 265.173447][ T6268] loop2: detected capacity change from 0 to 4096 [ 265.278829][ T6268] EXT4-fs (loop2): Test dummy encryption mode enabled [ 265.291610][ T6268] EXT4-fs (loop2): Unrecognized mount option "obj_user=')" or missing value [ 265.406054][ T1325] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 265.726001][ T4255] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 265.953732][ T1325] usb 4-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc [ 265.978221][ T1325] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 266.012543][ T1325] usb 4-1: Product: syz [ 266.037744][ T1325] usb 4-1: Manufacturer: syz [ 266.042397][ T1325] usb 4-1: SerialNumber: syz [ 266.093592][ T1325] usb 4-1: config 0 descriptor?? [ 266.126160][ T4255] usb 5-1: New USB device found, idVendor=05ac, idProduct=0290, bcdDevice=dc.1b [ 266.145722][ T4255] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 266.177817][ T1325] i2c-tiny-usb 4-1:0.0: version 6d.cc found at bus 004 address 012 [ 266.226648][ T4255] usb 5-1: config 0 descriptor?? [ 266.289247][ T4255] input: bcm5974 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input17 [ 266.496788][ T6277] binder: BINDER_SET_CONTEXT_MGR already set [ 266.539207][ T6277] binder: 6276:6277 ioctl 4018620d 200000000040 returned -16 [ 266.631305][ T6277] binder: 6276:6277 ioctl c0306201 200000000240 returned -11 [ 266.696012][ T1325] (null): failure reading functionality [ 266.774372][ T1325] i2c i2c-1: connected i2c-tiny-usb device [ 267.654559][ T6292] mmap: syz.0.496 (6292) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst. [ 267.699391][ T6292] netlink: 4 bytes leftover after parsing attributes in process `syz.0.496'. [ 267.739435][ T6292] device bridge_slave_1 left promiscuous mode [ 267.745848][ T6292] bridge0: port 2(bridge_slave_1) entered disabled state [ 267.762829][ T1325] usb 4-1: USB disconnect, device number 12 [ 267.784337][ T4241] usb 5-1: USB disconnect, device number 5 [ 267.973237][ T6292] device bridge_slave_0 left promiscuous mode [ 268.006112][ T6292] bridge0: port 1(bridge_slave_0) entered disabled state [ 269.076248][ T6305] loop4: detected capacity change from 0 to 47 [ 269.349789][ T6311] loop3: detected capacity change from 0 to 512 [ 269.380720][ T6314] syz.1.505 uses obsolete (PF_INET,SOCK_PACKET) [ 269.429122][ T6311] EXT4-fs (loop3): Ignoring removed nobh option [ 269.435679][ T6311] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 269.536858][ T6311] EXT4-fs error (device loop3): ext4_orphan_get:1401: inode #15: comm syz.3.503: iget: bad i_size value: 38620345925642 [ 269.574436][ T6311] EXT4-fs error (device loop3): ext4_orphan_get:1406: comm syz.3.503: couldn't read orphan inode 15 (err -117) [ 269.593327][ T6311] EXT4-fs (loop3): mounted filesystem without journal. Opts: nobh,auto_da_alloc,data_err=ignore,nojournal_checksum,dioread_nolock,minixdf,,errors=continue. Quota mode: writeback. [ 269.623984][ T6316] device vlan2 entered promiscuous mode [ 269.636167][ T4718] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 269.646189][ T6316] device team0 entered promiscuous mode [ 269.651879][ T6316] device team_slave_0 entered promiscuous mode [ 269.658853][ T6316] device team_slave_1 entered promiscuous mode [ 270.096848][ T4718] usb 5-1: Using ep0 maxpacket: 32 [ 270.981703][ T4718] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 271.003090][ T4718] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 271.059804][ T4718] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 271.120618][ T4718] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 271.155515][ T4718] usb 5-1: config 0 descriptor?? [ 271.306126][ T6318] EXT4-fs error (device loop3): ext4_validate_block_bitmap:429: comm ext4lazyinit: bg 0: block 5: invalid block bitmap [ 271.353024][ T6335] loop2: detected capacity change from 0 to 512 [ 271.367533][ T5599] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 271.381943][ T4718] hub 5-1:0.0: USB hub found [ 271.386868][ T5599] EXT4-fs (loop3): This should not happen!! Data will be lost [ 271.386868][ T5599] [ 271.666923][ T5599] EXT4-fs (loop3): Total free blocks count 0 [ 271.673201][ T5599] EXT4-fs (loop3): Free/Dirty block details [ 271.685443][ T5599] EXT4-fs (loop3): free_blocks=0 [ 271.702560][ T6335] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 271.738302][ T5599] EXT4-fs (loop3): dirty_blocks=2976 [ 271.762801][ T5599] EXT4-fs (loop3): Block reservation details [ 271.784134][ T6335] EXT4-fs (loop2): 1 truncate cleaned up [ 271.795276][ T5599] EXT4-fs (loop3): i_reserved_data_blocks=2976 [ 271.809231][ T6335] EXT4-fs (loop2): mounted filesystem without journal. Opts: errors=remount-ro,resuid=0x0000000000000000,debug_want_extra_isize=0x0000000000000068,barrier,grpjquota=,quota,. Quota mode: writeback. [ 271.941769][ T5599] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 2052 with max blocks 924 with error 28 [ 271.962210][ T5599] EXT4-fs (loop3): This should not happen!! Data will be lost [ 271.962210][ T5599] [ 272.020399][ T4718] hub 5-1:0.0: 1 port detected [ 272.046486][ T4718] hub 5-1:0.0: config failed, can't get hub status (err -5) [ 272.256384][ T4718] usbhid 5-1:0.0: can't add hid device: -71 [ 272.265939][ T4718] usbhid: probe of 5-1:0.0 failed with error -71 [ 272.308400][ T4718] usb 5-1: USB disconnect, device number 6 [ 272.812567][ T6350] loop3: detected capacity change from 0 to 256 [ 272.839775][ T6350] exfat: Deprecated parameter 'namecase' [ 272.886590][ T6350] exfat: Deprecated parameter 'namecase' [ 273.105988][ T6350] exfat: Deprecated parameter 'utf8' [ 273.111494][ T6350] exfat: Deprecated parameter 'utf8' [ 273.234056][ T6350] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x5417aa89, utbl_chksum : 0xe619d30d) [ 276.139905][ T6391] loop9: detected capacity change from 0 to 7 [ 276.188966][ T6391] Dev loop9: unable to read RDB block 7 [ 276.215744][ T6391] loop9: AHDI p3 p4 [ 276.227074][ T6391] loop9: partition table partially beyond EOD, truncated [ 276.243391][ T6391] loop9: p3 size 4227858431 extends beyond EOD, truncated [ 276.264728][ T26] audit: type=1326 audit(1760784173.415:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6398 comm="syz.4.534" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f51765d9fc9 code=0x7ffc0000 [ 276.297425][ T26] audit: type=1326 audit(1760784173.415:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6398 comm="syz.4.534" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f51765d9fc9 code=0x7ffc0000 [ 276.321668][ T26] audit: type=1326 audit(1760784173.425:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6398 comm="syz.4.534" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f51765d9fc9 code=0x7ffc0000 [ 276.344979][ T26] audit: type=1326 audit(1760784173.435:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6398 comm="syz.4.534" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f51765d9fc9 code=0x7ffc0000 [ 276.414262][ T26] audit: type=1326 audit(1760784173.435:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6398 comm="syz.4.534" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f51765d9fc9 code=0x7ffc0000 [ 276.481413][ T26] audit: type=1326 audit(1760784173.435:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6398 comm="syz.4.534" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f51765d9fc9 code=0x7ffc0000 [ 276.541563][ T4291] udevd[4291]: inotify_add_watch(7, /dev/loop9p3, 10) failed: No such file or directory [ 276.570352][ T26] audit: type=1326 audit(1760784173.435:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6398 comm="syz.4.534" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f51765d9fc9 code=0x7ffc0000 [ 276.605918][ T1325] usb 1-1: new full-speed USB device number 4 using dummy_hcd [ 276.666863][ T26] audit: type=1326 audit(1760784173.435:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6398 comm="syz.4.534" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f51765d9fc9 code=0x7ffc0000 [ 276.715304][ T26] audit: type=1326 audit(1760784173.435:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6398 comm="syz.4.534" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f51765d9fc9 code=0x7ffc0000 [ 276.801754][ T26] audit: type=1326 audit(1760784173.435:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6398 comm="syz.4.534" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f51765d9fc9 code=0x7ffc0000 [ 277.831312][ T1325] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 277.863802][ T6417] loop2: detected capacity change from 0 to 128 [ 277.876071][ T1325] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 278.113002][ T6421] IPv6: NLM_F_CREATE should be specified when creating new route [ 278.516555][ T1325] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 278.732650][ T1325] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 278.902491][ T1325] usb 1-1: Product: syz [ 278.925945][ T1325] usb 1-1: Manufacturer: syz [ 279.140668][ T1325] usb 1-1: SerialNumber: syz [ 279.876555][ T1325] usb 1-1: can't set config #1, error -71 [ 279.898048][ T1325] usb 1-1: USB disconnect, device number 4 [ 280.427604][ T1325] usb 1-1: new full-speed USB device number 5 using dummy_hcd [ 281.475952][ T1325] usb 1-1: unable to get BOS descriptor or descriptor too short [ 281.525999][ T1325] usb 1-1: not running at top speed; connect to a high speed hub [ 281.554916][ T6459] loop4: detected capacity change from 0 to 128 [ 281.778097][ T1325] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 281.788558][ T1325] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 282.046589][ T1325] usb 1-1: string descriptor 0 read error: -22 [ 282.062797][ T1325] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 282.260726][ T1325] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 282.617980][ T1325] usb 1-1: 0:2 : does not exist [ 282.641406][ T4227] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 282.735486][ T4227] hid-generic 0000:0000:0000.0002: hidraw0: HID v0.00 Device [syz1] on syz0 [ 282.748726][ T6468] loop4: detected capacity change from 0 to 1024 [ 282.900187][ T6452] netlink: 'syz.1.550': attribute type 13 has an invalid length. [ 282.965080][ T6452] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 283.134818][ T5618] hfsplus: b-tree write err: -5, ino 4 [ 284.081510][ T6488] loop3: detected capacity change from 0 to 256 [ 284.109781][ T6486] loop4: detected capacity change from 0 to 764 [ 284.358622][ T26] kauditd_printk_skb: 3 callbacks suppressed [ 284.358639][ T26] audit: type=1800 audit(1760784181.455:35): pid=6488 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.562" name="...ile1" dev="loop3" ino=1048605 res=0 errno=0 [ 284.655134][ T6497] loop1: detected capacity change from 0 to 512 [ 284.703059][ T6497] EXT4-fs (loop1): Ignoring removed nobh option [ 284.743445][ T6497] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 285.691270][ T6497] EXT4-fs error (device loop1): ext4_orphan_get:1401: inode #15: comm syz.1.564: iget: bad i_size value: 38620345925642 [ 285.701367][ T6507] device syzkaller0 entered promiscuous mode [ 285.723646][ T6497] EXT4-fs error (device loop1): ext4_orphan_get:1406: comm syz.1.564: couldn't read orphan inode 15 (err -117) [ 285.752152][ T6497] EXT4-fs (loop1): mounted filesystem without journal. Opts: nobh,auto_da_alloc,data_err=ignore,nojournal_checksum,dioread_nolock,minixdf,,errors=continue. Quota mode: writeback. [ 285.789376][ T6504] loop3: detected capacity change from 0 to 4096 [ 285.800317][ T6507] tipc: Started in network mode [ 285.805243][ T6507] tipc: Node identity 62d6627c3353, cluster identity 4711 [ 285.870425][ T6504] EXT4-fs (loop3): Test dummy encryption mode enabled [ 285.887644][ T6507] tipc: Enabled bearer , priority 0 [ 285.895902][ T6504] EXT4-fs (loop3): Unrecognized mount option "obj_user=')" or missing value [ 285.904938][ T1325] usb 1-1: USB disconnect, device number 5 [ 285.930844][ T6509] EXT4-fs error (device loop1): ext4_validate_block_bitmap:429: comm syz.1.564: bg 0: block 5: invalid block bitmap [ 286.066487][ T6509] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 416 with error 28 [ 286.168618][ T6509] EXT4-fs (loop1): This should not happen!! Data will be lost [ 286.168618][ T6509] [ 286.178492][ T6509] EXT4-fs (loop1): Total free blocks count 0 [ 286.184959][ T6509] EXT4-fs (loop1): Free/Dirty block details [ 286.191759][ T6509] EXT4-fs (loop1): free_blocks=0 [ 286.203947][ T6509] EXT4-fs (loop1): dirty_blocks=416 [ 286.209410][ T6509] EXT4-fs (loop1): Block reservation details [ 286.215589][ T6509] EXT4-fs (loop1): i_reserved_data_blocks=416 [ 286.242984][ T6506] tipc: Resetting bearer [ 286.318597][ T4354] udevd[4354]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 286.347170][ T6506] tipc: Disabling bearer [ 286.668116][ T6521] loop0: detected capacity change from 0 to 64 [ 286.708551][ T6522] loop3: detected capacity change from 0 to 512 [ 286.822670][ T6522] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 286.834348][ T6527] usb usb1: usbfs: interface 0 claimed by hub while 'syz.1.573' sets config #-1 [ 286.856620][ T6527] usb usb1: usbfs: interface 0 claimed by hub while 'syz.1.573' sets config #1 [ 286.945375][ T6522] ext4 filesystem being mounted at /123/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 287.347906][ T6536] loop1: detected capacity change from 0 to 764 [ 287.757044][ T6544] tipc: Enabled bearer , priority 0 [ 287.778302][ T6544] device syzkaller0 entered promiscuous mode [ 287.808544][ T6544] tipc: Resetting bearer [ 287.823688][ T6543] tipc: Resetting bearer [ 287.846951][ T6543] tipc: Disabling bearer [ 288.451378][ T6551] netlink: 'syz.0.580': attribute type 6 has an invalid length. [ 288.515677][ T26] audit: type=1326 audit(1760784185.665:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6552 comm="syz.1.582" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b914bffc9 code=0x7ffc0000 [ 288.550887][ T6553] loop1: detected capacity change from 0 to 512 [ 288.565861][ T26] audit: type=1326 audit(1760784185.695:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6552 comm="syz.1.582" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f2b914bffc9 code=0x7ffc0000 [ 288.588375][ C1] vkms_vblank_simulate: vblank timer overrun [ 288.635905][ T26] audit: type=1326 audit(1760784185.695:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6552 comm="syz.1.582" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f2b914c0003 code=0x7ffc0000 [ 288.657941][ C1] vkms_vblank_simulate: vblank timer overrun [ 288.671158][ T6553] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 288.715891][ T26] audit: type=1326 audit(1760784185.695:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6552 comm="syz.1.582" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f2b914bea7f code=0x7ffc0000 [ 288.747208][ T6553] EXT4-fs (loop1): 1 truncate cleaned up [ 288.778299][ T6553] EXT4-fs (loop1): mounted filesystem without journal. Opts: max_batch_time=0x0000000000000004,max_batch_time=0x0000000000000002,debug_want_extra_isize=0x000000000000006a,user_xattr,errors=remount-ro,nombcache,. Quota mode: none. [ 288.798910][ T26] audit: type=1326 audit(1760784185.705:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6552 comm="syz.1.582" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7f2b914c0057 code=0x7ffc0000 [ 288.822567][ C1] vkms_vblank_simulate: vblank timer overrun [ 288.829499][ T26] audit: type=1326 audit(1760784185.705:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6552 comm="syz.1.582" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f2b914be810 code=0x7ffc0000 [ 288.861546][ T26] audit: type=1326 audit(1760784185.705:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6552 comm="syz.1.582" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f2b914bfbcb code=0x7ffc0000 [ 288.986695][ T26] audit: type=1326 audit(1760784185.755:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6552 comm="syz.1.582" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f2b914bec2a code=0x7ffc0000 [ 289.008632][ C1] vkms_vblank_simulate: vblank timer overrun [ 289.116313][ T26] audit: type=1326 audit(1760784185.755:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6552 comm="syz.1.582" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f2b914bec2a code=0x7ffc0000 [ 289.138328][ C1] vkms_vblank_simulate: vblank timer overrun [ 289.528784][ T6577] IPv6: NLM_F_CREATE should be specified when creating new route [ 290.154643][ T6583] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(14) [ 290.161863][ T6583] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 290.215490][ T6583] vhci_hcd vhci_hcd.0: Device attached [ 290.231634][ T6585] loop0: detected capacity change from 0 to 764 [ 290.265437][ T6587] vhci_hcd vhci_hcd.0: pdev(2) rhport(1) sockfd(16) [ 290.272181][ T6587] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 290.285912][ T6587] vhci_hcd vhci_hcd.0: Device attached [ 290.333185][ T6583] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 290.353967][ T6590] vhci_hcd vhci_hcd.0: pdev(2) rhport(2) sockfd(19) [ 290.360727][ T6590] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 290.400941][ T6590] vhci_hcd vhci_hcd.0: Device attached [ 290.415965][ T6583] vhci_hcd vhci_hcd.0: pdev(2) rhport(4) sockfd(23) [ 290.422813][ T6583] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 290.466832][ T4397] usb 37-1: new low-speed USB device number 2 using vhci_hcd [ 290.515658][ T6583] vhci_hcd vhci_hcd.0: Device attached [ 290.643569][ T6587] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(26) [ 290.650312][ T6587] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 290.708961][ T6590] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 290.783541][ T6587] vhci_hcd vhci_hcd.0: Device attached [ 291.149669][ T6583] vhci_hcd vhci_hcd.0: pdev(2) rhport(6) sockfd(30) [ 291.156339][ T6583] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 291.210594][ T6583] vhci_hcd vhci_hcd.0: Device attached [ 291.250648][ T6600] vhci_hcd: connection closed [ 291.254955][ T5579] vhci_hcd: stop threads [ 291.268312][ T6598] vhci_hcd: connection closed [ 291.268982][ T6592] vhci_hcd: connection closed [ 291.274339][ T6591] vhci_hcd: connection closed [ 291.288464][ T5579] vhci_hcd: release socket [ 291.348954][ T5579] vhci_hcd: disconnect device [ 291.365924][ T6584] vhci_hcd: connection reset by peer [ 291.419179][ T5579] vhci_hcd: stop threads [ 291.423697][ T5579] vhci_hcd: release socket [ 291.455878][ T5579] vhci_hcd: disconnect device [ 291.473988][ T5579] vhci_hcd: stop threads [ 291.488576][ T5579] vhci_hcd: release socket [ 291.570675][ T5579] vhci_hcd: disconnect device [ 291.582516][ T6617] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 291.606217][ T5579] vhci_hcd: stop threads [ 291.625254][ T5579] vhci_hcd: release socket [ 291.634120][ T5579] vhci_hcd: disconnect device [ 291.644784][ T5579] vhci_hcd: stop threads [ 291.651955][ T5579] vhci_hcd: release socket [ 291.660504][ T5579] vhci_hcd: disconnect device [ 291.681451][ T6617] device batadv_slave_0 entered promiscuous mode [ 291.738809][ T6617] netlink: 16 bytes leftover after parsing attributes in process `syz.3.599'. [ 291.862889][ T6619] netlink: 'syz.4.598': attribute type 6 has an invalid length. [ 292.143669][ T1325] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 292.159334][ T6605] vhci_hcd: connection closed [ 292.162001][ T5599] vhci_hcd: stop threads [ 292.471772][ T5599] vhci_hcd: release socket [ 292.594222][ T5599] vhci_hcd: disconnect device [ 292.853979][ T6627] netlink: 'syz.2.602': attribute type 1 has an invalid length. [ 292.919760][ T6632] netlink: 68 bytes leftover after parsing attributes in process `syz.3.604'. [ 292.931570][ T6629] netlink: 20 bytes leftover after parsing attributes in process `syz.4.603'. [ 293.006869][ T1325] usb 1-1: Using ep0 maxpacket: 16 [ 293.018316][ T6636] loop4: detected capacity change from 0 to 1024 [ 293.105546][ T6627] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address [ 293.126751][ T1325] usb 1-1: config 3 has an invalid interface number: 155 but max is 0 [ 293.139137][ T1325] usb 1-1: config 3 has an invalid interface association descriptor of length 3, skipping [ 293.154157][ T26] kauditd_printk_skb: 10 callbacks suppressed [ 293.154173][ T26] audit: type=1800 audit(1760784190.315:55): pid=6636 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.606" name="file1" dev="loop4" ino=20 res=0 errno=0 [ 293.184928][ T1325] usb 1-1: config 3 has an invalid descriptor of length 0, skipping remainder of the config [ 293.215182][ T6627] bond1: (slave vxcan3): Error -22 calling dev_set_mtu [ 293.238413][ T6640] loop3: detected capacity change from 0 to 764 [ 293.244391][ T1325] usb 1-1: config 3 has no interface number 0 [ 293.254549][ T1325] usb 1-1: config 3 interface 155 has no altsetting 0 [ 293.486236][ T6643] loop1: detected capacity change from 0 to 4096 [ 293.518466][ T6638] bond1: (slave gretap1): making interface the new active one [ 293.530033][ T6638] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 293.543109][ T6643] EXT4-fs (loop1): Test dummy encryption mode enabled [ 293.544058][ T6637] device macvlan2 entered promiscuous mode [ 293.576498][ T6643] EXT4-fs (loop1): Unrecognized mount option "obj_user=')" or missing value [ 293.592472][ T6637] device bond1 entered promiscuous mode [ 293.596006][ T1325] usb 1-1: New USB device found, idVendor=05a9, idProduct=264a, bcdDevice=e5.4c [ 293.611679][ T1325] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 293.625300][ T1325] usb 1-1: Product: syz [ 293.630033][ T1325] usb 1-1: Manufacturer: syz [ 293.631555][ T6637] device gretap1 entered promiscuous mode [ 293.634768][ T1325] usb 1-1: SerialNumber: syz [ 293.659690][ T6637] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 293.673271][ T6637] bond1: (slave macvlan2): the slave hw address is in use by the bond; giving it the hw address of gretap1 [ 293.690645][ T6637] device bond1 left promiscuous mode [ 293.845237][ T6637] device gretap1 left promiscuous mode [ 294.723336][ T6652] comedi comedi2: das16m1: I/O port conflict (0x4f2e,16) [ 294.811047][ T6658] loop2: detected capacity change from 0 to 512 [ 294.846097][ T1325] usb 1-1: Found UVC 0.00 device syz (05a9:264a) [ 294.853841][ T1325] usb 1-1: No valid video chain found. [ 294.880703][ T1325] usb 1-1: USB disconnect, device number 6 [ 294.946302][ T6658] EXT4-fs (loop2): Ignoring removed nobh option [ 294.952652][ T6658] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 295.743602][ T6658] EXT4-fs error (device loop2): ext4_orphan_get:1401: inode #15: comm syz.2.613: iget: bad i_size value: 38620345925642 [ 295.781981][ T6658] EXT4-fs error (device loop2): ext4_orphan_get:1406: comm syz.2.613: couldn't read orphan inode 15 (err -117) [ 295.815208][ T4200] Bluetooth: hci2: Dropping invalid advertising data [ 295.823045][ T4200] Bluetooth: hci2: Malicious advertising data. [ 295.885310][ T6658] EXT4-fs (loop2): mounted filesystem without journal. Opts: nobh,auto_da_alloc,data_err=ignore,nojournal_checksum,dioread_nolock,minixdf,,errors=continue. Quota mode: writeback. [ 295.915927][ T4397] vhci_hcd: vhci_device speed not set [ 296.168768][ T6680] loop1: detected capacity change from 0 to 4096 [ 296.225682][ T6685] loop0: detected capacity change from 0 to 1024 [ 296.246700][ T5579] EXT4-fs error (device loop2): ext4_validate_block_bitmap:429: comm kworker/u4:13: bg 0: block 5: invalid block bitmap [ 296.269190][ T6680] EXT4-fs (loop1): Test dummy encryption mode enabled [ 296.285481][ T6680] EXT4-fs (loop1): Unrecognized mount option "obj_user=')" or missing value [ 296.318453][ T5579] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 584 with error 28 [ 296.351828][ T5579] EXT4-fs (loop2): This should not happen!! Data will be lost [ 296.351828][ T5579] [ 296.355279][ T6685] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 296.417701][ T5579] EXT4-fs (loop2): Total free blocks count 0 [ 296.423784][ T5579] EXT4-fs (loop2): Free/Dirty block details [ 296.430127][ T5579] EXT4-fs (loop2): free_blocks=0 [ 296.435101][ T5579] EXT4-fs (loop2): dirty_blocks=584 [ 296.440484][ T5579] EXT4-fs (loop2): Block reservation details [ 296.446654][ T5579] EXT4-fs (loop2): i_reserved_data_blocks=584 [ 297.369922][ T1106] usb usb38-port1: Cannot enable. Maybe the USB cable is bad? [ 297.398194][ T6695] loop3: detected capacity change from 0 to 512 [ 297.461966][ T6695] EXT4-fs (loop3): Ignoring removed nobh option [ 297.516098][ T6695] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 297.602663][ T6695] EXT4-fs error (device loop3): ext4_orphan_get:1401: inode #15: comm syz.3.626: iget: bad i_size value: 38620345925642 [ 297.640562][ T6704] loop0: detected capacity change from 0 to 4096 [ 297.674693][ T6695] EXT4-fs error (device loop3): ext4_orphan_get:1406: comm syz.3.626: couldn't read orphan inode 15 (err -117) [ 297.696070][ T1106] usb usb38-port1: Cannot enable. Maybe the USB cable is bad? [ 297.706898][ T6695] EXT4-fs (loop3): mounted filesystem without journal. Opts: nobh,auto_da_alloc,data_err=ignore,nojournal_checksum,dioread_nolock,minixdf,,errors=continue. Quota mode: writeback. [ 297.708226][ T6708] netlink: 8 bytes leftover after parsing attributes in process `syz.2.629'. [ 297.741778][ T1106] usb usb38-port1: attempt power cycle [ 297.755552][ T6677] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(8) [ 297.762291][ T6677] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 297.774091][ T6677] vhci_hcd vhci_hcd.0: Device attached [ 297.786052][ T6686] vhci_hcd vhci_hcd.0: pdev(4) rhport(1) sockfd(11) [ 297.792719][ T6686] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 297.807288][ T6686] vhci_hcd vhci_hcd.0: Device attached [ 297.862252][ T6717] EXT4-fs error (device loop3): ext4_validate_block_bitmap:429: comm syz.3.626: bg 0: block 5: invalid block bitmap [ 297.876303][ T6677] vhci_hcd vhci_hcd.0: pdev(4) rhport(2) sockfd(10) [ 297.883133][ T6677] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 297.976315][ T6717] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 180 with error 28 [ 298.042242][ T6677] vhci_hcd vhci_hcd.0: Device attached [ 298.066300][ T6677] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 298.074882][ T6717] EXT4-fs (loop3): This should not happen!! Data will be lost [ 298.074882][ T6717] [ 298.098569][ T1106] usb usb38-port1: Cannot enable. Maybe the USB cable is bad? [ 298.545588][ T1106] usb usb38-port1: Cannot enable. Maybe the USB cable is bad? [ 298.812809][ T4718] vhci_hcd: vhci_device speed not set [ 298.827438][ T6717] EXT4-fs (loop3): Total free blocks count 0 [ 298.833454][ T6717] EXT4-fs (loop3): Free/Dirty block details [ 298.858123][ T6714] vhci_hcd: connection closed [ 298.858376][ T5579] vhci_hcd: stop threads [ 298.868030][ T6711] vhci_hcd: connection closed [ 298.886757][ T6709] vhci_hcd: connection closed [ 298.892508][ T1106] usb usb38-port1: unable to enumerate USB device [ 298.895920][ T4718] usb 41-1: new full-speed USB device number 2 using vhci_hcd [ 298.900816][ T5579] vhci_hcd: release socket [ 298.915931][ T6710] vhci_hcd: sendmsg failed!, ret=-32 for 48 [ 298.932452][ T6717] EXT4-fs (loop3): free_blocks=0 [ 298.963586][ T5579] vhci_hcd: disconnect device [ 298.967406][ T5579] vhci_hcd: stop threads [ 298.967426][ T5579] vhci_hcd: release socket [ 298.967492][ T5579] vhci_hcd: disconnect device [ 298.967664][ T5579] vhci_hcd: stop threads [ 298.967674][ T5579] vhci_hcd: release socket [ 298.967727][ T5579] vhci_hcd: disconnect device [ 298.976263][ T6717] EXT4-fs (loop3): dirty_blocks=184 [ 298.976324][ T6717] EXT4-fs (loop3): Block reservation details [ 298.976339][ T6717] EXT4-fs (loop3): i_reserved_data_blocks=184 [ 299.016450][ T5579] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 180 with max blocks 4 with error 28 [ 299.016487][ T5579] EXT4-fs (loop3): This should not happen!! Data will be lost [ 299.016487][ T5579] [ 299.353142][ T6735] loop0: detected capacity change from 0 to 256 [ 300.206003][ T4550] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 300.486254][ T4550] usb 3-1: Using ep0 maxpacket: 32 [ 300.786633][ T4550] usb 3-1: config 0 interface 0 has no altsetting 0 [ 301.412335][ T6755] netlink: 12 bytes leftover after parsing attributes in process `syz.4.640'. [ 301.635442][ T6731] bridge0: port 2(bridge_slave_1) entered disabled state [ 301.642882][ T6731] bridge0: port 1(bridge_slave_0) entered disabled state [ 301.662151][ T4550] usb 3-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 301.672444][ T4550] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 301.686011][ T4550] usb 3-1: Product: syz [ 301.690346][ T4550] usb 3-1: Manufacturer: syz [ 301.695175][ T4550] usb 3-1: SerialNumber: syz [ 301.737876][ T4550] usb 3-1: config 0 descriptor?? [ 302.697835][ T6770] loop1: detected capacity change from 0 to 2048 [ 302.750878][ T6770] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [ 302.771105][ T6770] UDF-fs: Scanning with blocksize 512 failed [ 302.785462][ T6770] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 302.825394][ T26] audit: type=1800 audit(1760784199.975:56): pid=6770 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.643" name="file1" dev="loop1" ino=818 res=0 errno=0 [ 303.169614][ T6731] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 303.261683][ T7] usb 3-1: USB disconnect, device number 6 [ 304.422439][ T5603] Bluetooth: hci5: Frame reassembly failed (-84) [ 304.436021][ T4718] vhci_hcd: vhci_device speed not set [ 304.443589][ T6782] Bluetooth: received HCILL_WAKE_UP_IND in state 2 [ 304.621128][ T6731] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 304.630158][ T6731] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 304.639864][ T6731] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 304.648856][ T6731] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 304.756352][ T6776] netlink: 'syz.1.645': attribute type 6 has an invalid length. [ 304.918944][ T6784] loop3: detected capacity change from 0 to 4096 [ 305.129504][ T6784] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024) [ 305.178142][ T6788] device syzkaller0 entered promiscuous mode [ 305.388604][ T6784] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 4096) [ 305.707708][ T6797] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 305.842172][ T6784] NILFS error (device loop3): nilfs_bmap_lookup_contig: broken bmap (inode number=12) [ 305.894904][ T6784] Remounting filesystem read-only [ 305.964101][ T4185] NILFS (loop3): disposed unprocessed dirty file(s) when detaching log writer [ 306.436301][ T4234] Bluetooth: hci5: command 0x1003 tx timeout [ 306.448868][ T4197] Bluetooth: hci5: sending frame failed (-49) [ 306.965391][ T6814] loop4: detected capacity change from 0 to 4096 [ 307.018225][ T6814] EXT4-fs (loop4): Test dummy encryption mode enabled [ 307.049733][ T6814] EXT4-fs (loop4): Unrecognized mount option "obj_user=')" or missing value [ 307.341431][ T6825] netlink: 'syz.1.660': attribute type 6 has an invalid length. [ 307.856975][ T26] audit: type=1326 audit(1760784205.015:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6829 comm="syz.3.661" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a885b0fc9 code=0x7ffc0000 [ 307.913035][ T26] audit: type=1326 audit(1760784205.045:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6829 comm="syz.3.661" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a885b0fc9 code=0x7ffc0000 [ 307.935317][ C0] vkms_vblank_simulate: vblank timer overrun [ 308.449535][ T6840] loop3: detected capacity change from 0 to 64 [ 308.511467][ T26] audit: type=1326 audit(1760784205.055:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6829 comm="syz.3.661" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7f9a885b0fc9 code=0x7ffc0000 [ 308.534038][ T4740] Bluetooth: hci5: command 0x1001 tx timeout [ 308.541366][ T4197] Bluetooth: hci5: sending frame failed (-49) [ 308.733507][ T26] audit: type=1326 audit(1760784205.055:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6829 comm="syz.3.661" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a885b0fc9 code=0x7ffc0000 [ 308.755723][ C0] vkms_vblank_simulate: vblank timer overrun [ 308.779016][ T26] audit: type=1326 audit(1760784205.055:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6829 comm="syz.3.661" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a885b0fc9 code=0x7ffc0000 [ 308.801775][ C0] vkms_vblank_simulate: vblank timer overrun [ 309.724282][ T6849] tipc: Enabling of bearer rejected, failed to enable media [ 309.874877][ T6852] loop0: detected capacity change from 0 to 512 [ 309.913140][ T6853] loop3: detected capacity change from 0 to 4096 [ 309.994815][ T6852] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 310.128269][ T6852] EXT4-fs (loop0): 1 truncate cleaned up [ 310.134064][ T6852] EXT4-fs (loop0): mounted filesystem without journal. Opts: errors=remount-ro,resuid=0x0000000000000000,debug_want_extra_isize=0x0000000000000068,barrier,grpjquota=,quota,. Quota mode: writeback. [ 310.158605][ T4185] ntfs3: loop3: ntfs_evict_inode r=5 failed, -22. [ 310.177211][ T4185] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 310.596096][ T4718] Bluetooth: hci5: command 0x1009 tx timeout [ 311.610929][ T6873] loop4: detected capacity change from 0 to 16 [ 311.644659][ T6873] erofs: (device loop4): mounted with root inode @ nid 36. [ 312.110442][ T6881] netlink: 'syz.4.675': attribute type 6 has an invalid length. [ 312.474491][ T6886] ieee802154 phy0 wpan0: encryption failed: -22 [ 312.516293][ T6882] loop3: detected capacity change from 0 to 1024 [ 313.836930][ T6893] device syzkaller0 entered promiscuous mode [ 314.785053][ T150] block nbd3: Attempted send on invalid socket [ 314.795033][ T150] blk_update_request: I/O error, dev nbd3, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 314.816501][ T6910] vxfs: unable to read disk superblock at 1 [ 314.858733][ T1490] block nbd3: Attempted send on invalid socket [ 314.865169][ T1490] blk_update_request: I/O error, dev nbd3, sector 16 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 314.882376][ T6910] vxfs: unable to read disk superblock at 8 [ 314.908911][ T6910] vxfs: can't find superblock. [ 315.257794][ T6917] overlayfs: missing 'lowerdir' [ 315.464583][ T6919] netlink: 'syz.0.689': attribute type 6 has an invalid length. [ 315.648961][ T6921] loop3: detected capacity change from 0 to 2048 [ 315.754403][ T6921] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 316.298423][ T6935] capability: warning: `syz.3.695' uses 32-bit capabilities (legacy support in use) [ 317.150757][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.159468][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.409615][ T6955] overlayfs: missing 'lowerdir' [ 317.670576][ T6958] loop2: detected capacity change from 0 to 256 [ 317.826394][ T6958] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 318.014228][ T6962] netlink: 'syz.1.704': attribute type 6 has an invalid length. [ 318.172457][ T26] audit: type=1326 audit(1760784215.325:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6968 comm="syz.1.709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b914bffc9 code=0x7ffc0000 [ 318.236279][ T26] audit: type=1326 audit(1760784215.355:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6968 comm="syz.1.709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b914bffc9 code=0x7ffc0000 [ 318.346430][ T26] audit: type=1326 audit(1760784215.355:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6968 comm="syz.1.709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2b914bffc9 code=0x7ffc0000 [ 318.421739][ T26] audit: type=1326 audit(1760784215.355:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6968 comm="syz.1.709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b914bffc9 code=0x7ffc0000 [ 318.432315][ T6972] loop2: detected capacity change from 0 to 4096 [ 318.456463][ T6977] tipc: Enabling of bearer rejected, failed to enable media [ 318.520293][ T26] audit: type=1326 audit(1760784215.355:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6968 comm="syz.1.709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b914bffc9 code=0x7ffc0000 [ 318.598953][ T6972] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 318.660946][ T6972] ntfs3: loop2: Failed to load $Extend. [ 319.958479][ T6986] netlink: 12 bytes leftover after parsing attributes in process `syz.2.712'. [ 320.065171][ T6990] netlink: 24 bytes leftover after parsing attributes in process `syz.1.714'. [ 320.132170][ T6986] bridge1: port 1(veth0_to_bond) entered blocking state [ 320.172915][ T6986] bridge1: port 1(veth0_to_bond) entered disabled state [ 320.191079][ T6986] device veth0_to_bond entered promiscuous mode [ 320.802633][ T7003] overlayfs: missing 'workdir' [ 320.996079][ T4740] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 321.266111][ T4740] usb 3-1: Using ep0 maxpacket: 32 [ 321.426166][ T4740] usb 3-1: unable to get BOS descriptor or descriptor too short [ 321.644033][ T7009] netlink: 'syz.0.720': attribute type 6 has an invalid length. [ 321.652149][ T7011] tipc: Started in network mode [ 321.726074][ T7011] tipc: Node identity e6f0398776a5, cluster identity 4711 [ 321.733364][ T7011] tipc: Enabled bearer , priority 0 [ 321.746175][ T4740] usb 3-1: config 128 has an invalid interface number: 127 but max is 3 [ 321.754745][ T4740] usb 3-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config [ 321.765155][ T4740] usb 3-1: config 128 has 1 interface, different from the descriptor's value: 4 [ 321.774318][ T4740] usb 3-1: config 128 has no interface number 0 [ 321.780693][ T4740] usb 3-1: config 128 interface 127 altsetting 14 endpoint 0x5 has an invalid bInterval 0, changing to 7 [ 321.792206][ T4740] usb 3-1: config 128 interface 127 altsetting 14 endpoint 0x5 has invalid wMaxPacketSize 0 [ 321.807818][ T7013] device syzkaller0 entered promiscuous mode [ 321.834803][ T7016] loop0: detected capacity change from 0 to 512 [ 321.845559][ T4740] usb 3-1: config 128 interface 127 has no altsetting 0 [ 321.860886][ T7011] tipc: Resetting bearer [ 321.869593][ T7010] tipc: Resetting bearer [ 321.871746][ T7018] loop4: detected capacity change from 0 to 512 [ 321.897311][ T7010] tipc: Disabling bearer [ 321.903516][ T7016] EXT4-fs (loop0): Ignoring removed nobh option [ 321.910674][ T7016] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 321.937025][ T7016] EXT4-fs error (device loop0): ext4_orphan_get:1401: inode #15: comm syz.0.722: iget: bad i_size value: 38620345925642 [ 321.957435][ T7018] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 321.963133][ T7016] EXT4-fs error (device loop0): ext4_orphan_get:1406: comm syz.0.722: couldn't read orphan inode 15 (err -117) [ 321.993975][ T7016] EXT4-fs (loop0): mounted filesystem without journal. Opts: nobh,auto_da_alloc,data_err=ignore,nojournal_checksum,dioread_nolock,minixdf,,errors=continue. Quota mode: writeback. [ 321.995611][ T7018] EXT4-fs (loop4): 1 truncate cleaned up [ 322.046350][ T7018] EXT4-fs (loop4): mounted filesystem without journal. Opts: errors=remount-ro,resuid=0x0000000000000000,debug_want_extra_isize=0x0000000000000068,barrier,grpjquota=,quota,. Quota mode: writeback. [ 322.106123][ T4740] usb 3-1: language id specifier not provided by device, defaulting to English [ 322.259346][ T4740] usb 3-1: New USB device found, idVendor=0582, idProduct=295c, bcdDevice=d4.55 [ 322.259912][ T7023] loop1: detected capacity change from 0 to 1024 [ 322.302706][ T4740] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 322.321899][ T4740] usb 3-1: Product: syz [ 322.327769][ T4740] usb 3-1: Manufacturer: syz [ 322.332563][ T4740] usb 3-1: SerialNumber: syz [ 322.803402][ T7023] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 322.876077][ T5599] EXT4-fs error (device loop0): ext4_validate_block_bitmap:429: comm kworker/u4:16: bg 0: block 5: invalid block bitmap [ 322.932140][ T5599] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 400 with error 28 [ 322.986143][ T4740] usb 3-1: USB disconnect, device number 7 [ 323.140479][ T5599] EXT4-fs (loop0): This should not happen!! Data will be lost [ 323.140479][ T5599] [ 323.155888][ T5599] EXT4-fs (loop0): Total free blocks count 0 [ 323.196525][ T5599] EXT4-fs (loop0): Free/Dirty block details [ 323.230388][ T5599] EXT4-fs (loop0): free_blocks=0 [ 323.235624][ T5599] EXT4-fs (loop0): dirty_blocks=400 [ 323.330407][ T5599] EXT4-fs (loop0): Block reservation details [ 323.510841][ T5599] EXT4-fs (loop0): i_reserved_data_blocks=400 [ 324.066879][ T4354] udevd[4354]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:128.127/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 324.859314][ T7057] loop3: detected capacity change from 0 to 1024 [ 324.974958][ T7063] loop4: detected capacity change from 0 to 512 [ 325.003517][ T7066] loop2: detected capacity change from 0 to 512 [ 325.006470][ T7057] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 325.021089][ T7063] EXT4-fs (loop4): Ignoring removed nobh option [ 325.029146][ T7063] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 325.054464][ T7070] loop0: detected capacity change from 0 to 64 [ 325.099360][ T7066] EXT4-fs (loop2): Ignoring removed nobh option [ 325.106048][ T7066] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 325.118651][ T7063] EXT4-fs error (device loop4): ext4_orphan_get:1401: inode #15: comm syz.4.738: iget: bad i_size value: 38620345925642 [ 325.255450][ T7066] EXT4-fs error (device loop2): ext4_orphan_get:1401: inode #15: comm syz.2.737: iget: bad i_size value: 38620345925642 [ 325.290127][ T7063] EXT4-fs error (device loop4): ext4_orphan_get:1406: comm syz.4.738: couldn't read orphan inode 15 (err -117) [ 325.369066][ T7066] EXT4-fs error (device loop2): ext4_orphan_get:1406: comm syz.2.737: couldn't read orphan inode 15 (err -117) [ 325.401781][ T7066] EXT4-fs (loop2): mounted filesystem without journal. Opts: nobh,auto_da_alloc,data_err=ignore,nojournal_checksum,dioread_nolock,minixdf,,errors=continue. Quota mode: writeback. [ 325.474747][ T7063] EXT4-fs (loop4): mounted filesystem without journal. Opts: nobh,auto_da_alloc,data_err=ignore,nojournal_checksum,dioread_nolock,minixdf,,errors=continue. Quota mode: writeback. [ 325.487173][ T7075] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 325.614706][ T7078] EXT4-fs error (device loop2): ext4_validate_block_bitmap:429: comm syz.2.737: bg 0: block 5: invalid block bitmap [ 325.682403][ T7078] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 600 with error 28 [ 325.761662][ T7078] EXT4-fs (loop2): This should not happen!! Data will be lost [ 325.761662][ T7078] [ 325.839878][ T7078] EXT4-fs (loop2): Total free blocks count 0 [ 325.870168][ T7078] EXT4-fs (loop2): Free/Dirty block details [ 325.876223][ T7078] EXT4-fs (loop2): free_blocks=0 [ 325.881202][ T7078] EXT4-fs (loop2): dirty_blocks=600 [ 325.886525][ T7078] EXT4-fs (loop2): Block reservation details [ 325.892652][ T7078] EXT4-fs (loop2): i_reserved_data_blocks=600 [ 325.918132][ T5599] EXT4-fs error (device loop4): ext4_validate_block_bitmap:429: comm kworker/u4:16: bg 0: block 5: invalid block bitmap [ 325.950241][ T5599] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 712 with error 28 [ 326.005276][ T5599] EXT4-fs (loop4): This should not happen!! Data will be lost [ 326.005276][ T5599] [ 326.027482][ T5599] EXT4-fs (loop4): Total free blocks count 0 [ 326.033528][ T5599] EXT4-fs (loop4): Free/Dirty block details [ 326.089478][ T5599] EXT4-fs (loop4): free_blocks=0 [ 326.154203][ T5599] EXT4-fs (loop4): dirty_blocks=712 [ 326.179011][ T5599] EXT4-fs (loop4): Block reservation details [ 326.217529][ T5599] EXT4-fs (loop4): i_reserved_data_blocks=712 [ 326.385485][ T7086] overlayfs: missing 'workdir' [ 326.579343][ T26] audit: type=1326 audit(1760784223.735:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7088 comm="syz.4.743" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f51765d9fc9 code=0x7ffc0000 [ 326.772286][ T26] audit: type=1326 audit(1760784223.755:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7088 comm="syz.4.743" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f51765d9fc9 code=0x7ffc0000 [ 326.898145][ T7094] genirq: Flags mismatch irq 31. 00000000 (pcmmio) vs. 00000000 (virtio1-input.0) [ 326.943727][ T26] audit: type=1326 audit(1760784223.775:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7088 comm="syz.4.743" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f51765d9fc9 code=0x7ffc0000 [ 326.966265][ C0] vkms_vblank_simulate: vblank timer overrun [ 327.045864][ T26] audit: type=1326 audit(1760784223.775:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7088 comm="syz.4.743" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f51765d9fc9 code=0x7ffc0000 [ 327.067981][ C0] vkms_vblank_simulate: vblank timer overrun [ 327.086885][ T7101] loop3: detected capacity change from 0 to 1024 [ 327.122181][ T7107] capability: warning: `syz.2.751' uses deprecated v2 capabilities in a way that may be insecure [ 327.155578][ T26] audit: type=1326 audit(1760784223.775:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7088 comm="syz.4.743" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f51765d9fc9 code=0x7ffc0000 [ 327.233959][ T26] audit: type=1326 audit(1760784223.775:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7088 comm="syz.4.743" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7f51765d9fc9 code=0x7ffc0000 [ 327.273260][ T7101] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 327.287131][ T26] audit: type=1326 audit(1760784223.775:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7088 comm="syz.4.743" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f51765d9fc9 code=0x7ffc0000 [ 327.310415][ T26] audit: type=1326 audit(1760784223.775:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7088 comm="syz.4.743" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f51765d9fc9 code=0x7ffc0000 [ 327.334392][ T26] audit: type=1326 audit(1760784223.775:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7088 comm="syz.4.743" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f51765dbee7 code=0x7ffc0000 [ 327.357118][ T26] audit: type=1326 audit(1760784223.775:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7088 comm="syz.4.743" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7f51765dbe5c code=0x7ffc0000 [ 327.598664][ T7114] loop1: detected capacity change from 0 to 4096 [ 328.091989][ T7119] loop3: detected capacity change from 0 to 512 [ 328.146092][ T7119] EXT4-fs (loop3): Ignoring removed nobh option [ 328.185011][ T7119] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 328.258508][ T7119] EXT4-fs error (device loop3): ext4_orphan_get:1401: inode #15: comm syz.3.754: iget: bad i_size value: 38620345925642 [ 328.330610][ T7119] EXT4-fs error (device loop3): ext4_orphan_get:1406: comm syz.3.754: couldn't read orphan inode 15 (err -117) [ 328.353251][ T7119] EXT4-fs (loop3): mounted filesystem without journal. Opts: nobh,auto_da_alloc,data_err=ignore,nojournal_checksum,dioread_nolock,minixdf,,errors=continue. Quota mode: writeback. [ 328.469006][ T7] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 328.693775][ T5607] EXT4-fs error (device loop3): ext4_validate_block_bitmap:429: comm kworker/u4:20: bg 0: block 5: invalid block bitmap [ 328.756068][ T7] usb 5-1: Using ep0 maxpacket: 16 [ 328.939598][ T7] usb 5-1: config 254 has an invalid interface number: 235 but max is 0 [ 328.975923][ T5607] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 976 with error 28 [ 328.990893][ T7] usb 5-1: config 254 has an invalid descriptor of length 255, skipping remainder of the config [ 329.127387][ T7] usb 5-1: config 254 has no interface number 0 [ 329.154633][ T5607] EXT4-fs (loop3): This should not happen!! Data will be lost [ 329.154633][ T5607] [ 329.222877][ T7] usb 5-1: config 254 interface 235 altsetting 2 has an invalid endpoint with address 0xFF, skipping [ 329.293545][ T5607] EXT4-fs (loop3): Total free blocks count 0 [ 329.347293][ T7] usb 5-1: config 254 interface 235 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 329.361452][ T5607] EXT4-fs (loop3): Free/Dirty block details [ 329.385884][ T5607] EXT4-fs (loop3): free_blocks=0 [ 329.390888][ T5607] EXT4-fs (loop3): dirty_blocks=976 [ 329.445591][ T5607] EXT4-fs (loop3): Block reservation details [ 329.452003][ T5607] EXT4-fs (loop3): i_reserved_data_blocks=976 [ 329.463005][ T7] usb 5-1: config 254 interface 235 has no altsetting 0 [ 329.511772][ T7139] loop1: detected capacity change from 0 to 512 [ 329.589488][ T7139] EXT4-fs (loop1): Ignoring removed nobh option [ 329.655980][ T7] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a0, bcdDevice=2b.f1 [ 329.683391][ T7] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 329.692561][ T7] usb 5-1: Product: syz [ 329.703812][ T7] usb 5-1: Manufacturer: syz [ 329.704352][ T7139] EXT4-fs error (device loop1): ext4_do_update_inode:5204: inode #3: comm syz.1.759: corrupted inode contents [ 329.710914][ T7] usb 5-1: SerialNumber: syz [ 329.751946][ T7139] EXT4-fs error (device loop1): ext4_dirty_inode:6040: inode #3: comm syz.1.759: mark_inode_dirty error [ 329.778400][ T7139] EXT4-fs error (device loop1): ext4_do_update_inode:5204: inode #3: comm syz.1.759: corrupted inode contents [ 329.793601][ T7139] EXT4-fs error (device loop1): __ext4_ext_dirty:183: inode #3: comm syz.1.759: mark_inode_dirty error [ 329.805110][ T7106] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 329.838737][ T7] usbtest 5-1:254.235: couldn't get endpoints, -22 [ 329.854526][ T7] usbtest: probe of 5-1:254.235 failed with error -22 [ 329.862876][ T7139] EXT4-fs error (device loop1): ext4_acquire_dquot:6209: comm syz.1.759: Failed to acquire dquot type 0 [ 330.001152][ T4189] usb 5-1: USB disconnect, device number 7 [ 330.007497][ T7139] EXT4-fs error (device loop1): ext4_do_update_inode:5204: inode #16: comm syz.1.759: corrupted inode contents [ 330.015587][ T7153] loop3: detected capacity change from 0 to 128 [ 330.082962][ T7139] EXT4-fs error (device loop1): ext4_dirty_inode:6040: inode #16: comm syz.1.759: mark_inode_dirty error [ 330.139756][ T7139] EXT4-fs error (device loop1): ext4_do_update_inode:5204: inode #16: comm syz.1.759: corrupted inode contents [ 330.142375][ T7153] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 330.206220][ T7139] EXT4-fs error (device loop1): __ext4_ext_dirty:183: inode #16: comm syz.1.759: mark_inode_dirty error [ 330.227195][ T7153] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 330.285329][ T7139] EXT4-fs error (device loop1): ext4_do_update_inode:5204: inode #16: comm syz.1.759: corrupted inode contents [ 330.353195][ T7139] EXT4-fs error (device loop1) in ext4_orphan_del:305: Corrupt filesystem [ 330.382797][ T7139] EXT4-fs error (device loop1): ext4_do_update_inode:5204: inode #16: comm syz.1.759: corrupted inode contents [ 330.413340][ T7139] EXT4-fs error (device loop1): ext4_truncate:4273: inode #16: comm syz.1.759: mark_inode_dirty error [ 330.452537][ T7139] EXT4-fs error (device loop1) in ext4_process_orphan:347: Corrupt filesystem [ 330.517582][ T7139] EXT4-fs (loop1): 1 truncate cleaned up [ 330.532711][ T7139] EXT4-fs (loop1): mounted filesystem without journal. Opts: resuid=0x0000000000000000,nobh,,errors=continue. Quota mode: writeback. [ 330.618392][ T7139] ext4 filesystem being mounted at /158/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 332.245826][ T4740] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 334.294619][ T7177] netlink: 'syz.3.772': attribute type 6 has an invalid length. [ 334.612729][ T7183] loop2: detected capacity change from 0 to 4096 [ 334.660440][ T7183] EXT4-fs (loop2): Test dummy encryption mode enabled [ 334.728159][ T7183] EXT4-fs (loop2): Unrecognized mount option "obj_user=')" or missing value [ 334.766819][ T4740] usb 2-1: device descriptor read/all, error -71 [ 334.813005][ T7178] chnl_net:caif_netlink_parms(): no params data found [ 334.923347][ T7190] loop1: detected capacity change from 0 to 512 [ 335.082619][ T7190] EXT4-fs (loop1): Ignoring removed nobh option [ 335.132337][ T7190] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 335.181774][ T7178] bridge0: port 1(bridge_slave_0) entered blocking state [ 335.189020][ T7190] EXT4-fs error (device loop1): ext4_orphan_get:1401: inode #15: comm syz.1.775: iget: bad i_size value: 38620345925642 [ 335.201854][ T7178] bridge0: port 1(bridge_slave_0) entered disabled state [ 335.211076][ T7178] device bridge_slave_0 entered promiscuous mode [ 335.217321][ T7190] EXT4-fs error (device loop1): ext4_orphan_get:1406: comm syz.1.775: couldn't read orphan inode 15 (err -117) [ 335.221264][ T7178] bridge0: port 2(bridge_slave_1) entered blocking state [ 335.242339][ T7178] bridge0: port 2(bridge_slave_1) entered disabled state [ 335.256590][ T7178] device bridge_slave_1 entered promiscuous mode [ 335.329450][ T7190] EXT4-fs (loop1): mounted filesystem without journal. Opts: nobh,auto_da_alloc,data_err=ignore,nojournal_checksum,dioread_nolock,minixdf,,errors=continue. Quota mode: writeback. [ 335.409347][ T7191] EXT4-fs error (device loop1): ext4_validate_block_bitmap:429: comm syz.1.775: bg 0: block 5: invalid block bitmap [ 335.469069][ T7191] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 396 with error 28 [ 335.535513][ T7178] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 335.550459][ T7191] EXT4-fs (loop1): This should not happen!! Data will be lost [ 335.550459][ T7191] [ 335.587275][ T7191] EXT4-fs (loop1): Total free blocks count 0 [ 335.594812][ T7178] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 335.621075][ T7191] EXT4-fs (loop1): Free/Dirty block details [ 335.643910][ T7191] EXT4-fs (loop1): free_blocks=0 [ 335.669320][ T7191] EXT4-fs (loop1): dirty_blocks=396 [ 335.694591][ T7191] EXT4-fs (loop1): Block reservation details [ 335.721644][ T7191] EXT4-fs (loop1): i_reserved_data_blocks=396 [ 335.798887][ T7178] team0: Port device team_slave_0 added [ 335.826614][ T7178] team0: Port device team_slave_1 added [ 335.893632][ T7178] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 335.965415][ T7178] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 336.084571][ T7178] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 336.199476][ T7216] netlink: 'syz.3.782': attribute type 6 has an invalid length. [ 336.208593][ T7178] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 336.216273][ T7178] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 336.265892][ T4189] Bluetooth: hci1: command 0x0409 tx timeout [ 336.310968][ T7178] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 336.401738][ T7178] device hsr_slave_0 entered promiscuous mode [ 336.416686][ T7178] device hsr_slave_1 entered promiscuous mode [ 336.435837][ T7178] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 336.445159][ T7178] Cannot create hsr debugfs directory [ 337.648443][ T7227] binder: 7226:7227 unknown command 1074553619 [ 337.677789][ T7227] binder: 7226:7227 ioctl c0306201 200000000040 returned -22 [ 337.725907][ T7227] binder: 7226:7227 ioctl 40044591 0 returned -22 [ 337.799454][ T7228] binder: 7226:7228 unknown command 1074553620 [ 337.825613][ T7228] binder: 7226:7228 ioctl c0306201 200000000640 returned -22 [ 337.893174][ T7178] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 337.904596][ T7178] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 337.916350][ T7178] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 337.926636][ T7178] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 338.320014][ T7178] 8021q: adding VLAN 0 to HW filter on device bond0 [ 338.356185][ T4227] Bluetooth: hci1: command 0x041b tx timeout [ 338.369906][ T7178] 8021q: adding VLAN 0 to HW filter on device team0 [ 338.455429][ T7178] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 338.466726][ T7178] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 338.485425][ T5607] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 338.546791][ T5607] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 338.584593][ T7254] loop2: detected capacity change from 0 to 1024 [ 338.588039][ T5607] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 338.637444][ T5607] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 338.654472][ T5607] bridge0: port 1(bridge_slave_0) entered blocking state [ 338.661746][ T5607] bridge0: port 1(bridge_slave_0) entered forwarding state [ 338.682489][ T7254] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 338.687077][ T5607] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 338.702577][ T5607] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 338.711652][ T5607] bridge0: port 2(bridge_slave_1) entered blocking state [ 338.718996][ T5607] bridge0: port 2(bridge_slave_1) entered forwarding state [ 338.728191][ T5607] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 338.738122][ T5607] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 338.751225][ T5607] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 338.764780][ T5607] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 338.774617][ T5607] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 338.784399][ T5607] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 338.794061][ T5607] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 338.803058][ T5607] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 338.812744][ T5607] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 338.821621][ T5607] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 338.836378][ T5607] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 338.882022][ T5607] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 338.906671][ T5607] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 338.972588][ T7265] loop4: detected capacity change from 0 to 512 [ 338.984903][ T7265] EXT4-fs (loop4): Ignoring removed nobh option [ 338.991491][ T7265] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 339.042365][ T7265] EXT4-fs error (device loop4): ext4_orphan_get:1401: inode #15: comm syz.4.791: iget: bad i_size value: 38620345925642 [ 339.056476][ T7265] EXT4-fs error (device loop4): ext4_orphan_get:1406: comm syz.4.791: couldn't read orphan inode 15 (err -117) [ 339.111840][ T7265] EXT4-fs (loop4): mounted filesystem without journal. Opts: nobh,auto_da_alloc,data_err=ignore,nojournal_checksum,dioread_nolock,minixdf,,errors=continue. Quota mode: writeback. [ 339.160031][ T5607] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 339.280636][ T5607] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 339.304984][ T7178] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 339.456951][ T7276] EXT4-fs error (device loop4): ext4_validate_block_bitmap:429: comm syz.4.791: bg 0: block 5: invalid block bitmap [ 339.536439][ T7277] netlink: 'syz.3.792': attribute type 6 has an invalid length. [ 339.632569][ T7276] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 240 with error 28 [ 339.645482][ T7276] EXT4-fs (loop4): This should not happen!! Data will be lost [ 339.645482][ T7276] [ 339.655518][ T7276] EXT4-fs (loop4): Total free blocks count 0 [ 339.661945][ T7276] EXT4-fs (loop4): Free/Dirty block details [ 339.669196][ T7276] EXT4-fs (loop4): free_blocks=0 [ 339.674321][ T7276] EXT4-fs (loop4): dirty_blocks=240 [ 339.680073][ T7276] EXT4-fs (loop4): Block reservation details [ 339.686495][ T7276] EXT4-fs (loop4): i_reserved_data_blocks=240 [ 340.036834][ T7282] loop4: detected capacity change from 0 to 4096 [ 340.073444][ T7282] EXT4-fs (loop4): Test dummy encryption mode enabled [ 340.118226][ T7282] EXT4-fs (loop4): Unrecognized mount option "obj_user=')" or missing value [ 340.840507][ T4189] Bluetooth: hci1: command 0x040f tx timeout [ 342.073665][ T5596] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 342.107685][ T5596] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 342.192640][ T5596] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 342.216729][ T5596] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 342.253945][ T5596] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 342.262076][ T5596] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 342.358933][ T7178] device veth0_vlan entered promiscuous mode [ 342.440176][ T7178] device veth1_vlan entered promiscuous mode [ 342.555419][ T5596] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 342.584354][ T5596] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 342.622789][ T5596] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 342.651638][ T5596] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 342.661762][ T7178] device veth0_macvtap entered promiscuous mode [ 342.697487][ T7178] device veth1_macvtap entered promiscuous mode [ 342.935479][ T7178] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 343.139619][ T7178] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 343.436674][ T7178] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 343.468136][ T4227] Bluetooth: hci1: command 0x0419 tx timeout [ 343.484827][ T7178] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 343.495585][ T7178] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 343.515816][ T7178] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 343.537287][ T7178] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 343.563542][ T5607] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 343.579789][ T5607] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 343.604346][ T5607] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 343.656927][ T5607] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 343.714261][ T7178] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 343.741550][ T7178] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 343.758472][ T7178] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 343.772472][ T7178] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 343.789762][ T7178] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 343.805410][ T7178] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 343.822030][ T7178] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 343.842638][ T5596] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 343.854449][ T5596] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 343.938609][ T7178] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 343.964623][ T7178] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 343.995829][ T7178] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 344.004943][ T7178] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 344.258650][ T7322] netlink: 'syz.4.806': attribute type 1 has an invalid length. [ 344.375831][ T4743] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 344.376947][ T5579] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 344.408427][ T5579] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 344.466263][ T5579] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 344.503050][ T5607] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 344.562688][ T5607] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 344.653643][ T5596] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 344.830530][ T4743] usb 2-1: Using ep0 maxpacket: 16 [ 344.876765][ T7339] tipc: Started in network mode [ 344.881708][ T7339] tipc: Node identity 7eefd88a1884, cluster identity 4711 [ 344.889637][ T7339] tipc: Enabled bearer , priority 0 [ 344.898501][ T7339] device syzkaller0 entered promiscuous mode [ 344.920592][ T7339] tipc: Resetting bearer [ 344.950839][ T7338] tipc: Resetting bearer [ 344.956975][ T4743] usb 2-1: config 0 has an invalid interface number: 8 but max is 0 [ 344.969446][ T4743] usb 2-1: config 0 has no interface number 0 [ 344.990265][ T4743] usb 2-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 345.002231][ T4743] usb 2-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 345.003503][ T7338] tipc: Disabling bearer [ 345.145962][ T4743] usb 2-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 345.161565][ T4743] usb 2-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 345.186984][ T4743] usb 2-1: Product: syz [ 345.200571][ T4743] usb 2-1: SerialNumber: syz [ 345.221496][ T4743] usb 2-1: config 0 descriptor?? [ 345.298050][ T4743] cm109 2-1:0.8: invalid payload size 0, expected 4 [ 345.314741][ T4743] input: CM109 USB driver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.8/input/input18 [ 345.509834][ T13] usb 2-1: USB disconnect, device number 6 [ 345.526182][ C1] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 345.534477][ C1] cm109 2-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 345.556173][ T13] cm109 2-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 348.637347][ T7374] netlink: 'syz.2.818': attribute type 6 has an invalid length. [ 348.953761][ T7376] loop4: detected capacity change from 0 to 4096 [ 349.024809][ T7376] EXT4-fs (loop4): Test dummy encryption mode enabled [ 349.069653][ T7376] EXT4-fs (loop4): Unrecognized mount option "obj_user=')" or missing value [ 349.649120][ T7380] loop3: detected capacity change from 0 to 512 [ 349.704367][ T7380] EXT4-fs (loop3): Ignoring removed nobh option [ 349.726171][ T7380] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 349.768419][ T7380] EXT4-fs error (device loop3): ext4_orphan_get:1401: inode #15: comm syz.3.821: iget: bad i_size value: 38620345925642 [ 349.831036][ T7380] EXT4-fs error (device loop3): ext4_orphan_get:1406: comm syz.3.821: couldn't read orphan inode 15 (err -117) [ 349.901453][ T7380] EXT4-fs (loop3): mounted filesystem without journal. Opts: nobh,auto_da_alloc,data_err=ignore,nojournal_checksum,dioread_nolock,minixdf,,errors=continue. Quota mode: writeback. [ 350.525175][ T7390] netlink: 20 bytes leftover after parsing attributes in process `syz.5.822'. [ 351.184497][ T5596] EXT4-fs error (device loop3): ext4_validate_block_bitmap:429: comm kworker/u4:15: bg 0: block 5: invalid block bitmap [ 351.252802][ T5596] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1940 with error 28 [ 351.300929][ T5596] EXT4-fs (loop3): This should not happen!! Data will be lost [ 351.300929][ T5596] [ 351.310847][ T5596] EXT4-fs (loop3): Total free blocks count 0 [ 351.318020][ T5596] EXT4-fs (loop3): Free/Dirty block details [ 351.323964][ T5596] EXT4-fs (loop3): free_blocks=0 [ 351.329507][ T5596] EXT4-fs (loop3): dirty_blocks=1940 [ 351.334835][ T5596] EXT4-fs (loop3): Block reservation details [ 351.340938][ T5596] EXT4-fs (loop3): i_reserved_data_blocks=1940 [ 352.331153][ T7412] loop4: detected capacity change from 0 to 512 [ 352.369088][ T7412] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 352.566549][ T7412] EXT4-fs (loop4): 1 truncate cleaned up [ 352.580803][ T7412] EXT4-fs (loop4): mounted filesystem without journal. Opts: errors=remount-ro,resuid=0x0000000000000000,debug_want_extra_isize=0x0000000000000068,barrier,grpjquota=,quota,. Quota mode: writeback. [ 354.781658][ T7439] loop5: detected capacity change from 0 to 512 [ 354.937843][ T7438] netlink: 20 bytes leftover after parsing attributes in process `syz.2.837'. [ 355.201272][ T7439] EXT4-fs (loop5): Ignoring removed nobh option [ 355.213420][ T7439] EXT4-fs (loop5): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 355.305076][ T7439] EXT4-fs error (device loop5): ext4_orphan_get:1401: inode #15: comm syz.5.836: iget: bad i_size value: 38620345925642 [ 355.327073][ T7439] EXT4-fs error (device loop5): ext4_orphan_get:1406: comm syz.5.836: couldn't read orphan inode 15 (err -117) [ 355.398742][ T7439] EXT4-fs (loop5): mounted filesystem without journal. Opts: nobh,auto_da_alloc,data_err=ignore,nojournal_checksum,dioread_nolock,minixdf,,errors=continue. Quota mode: writeback. [ 355.515289][ T7454] device syzkaller0 entered promiscuous mode [ 355.537590][ T7454] tipc: Enabled bearer , priority 0 [ 355.563104][ T7452] tipc: Resetting bearer [ 355.647916][ T7452] tipc: Disabling bearer [ 355.663971][ T5603] EXT4-fs error (device loop5): ext4_validate_block_bitmap:429: comm kworker/u4:18: bg 0: block 5: invalid block bitmap [ 355.708307][ T5603] EXT4-fs (loop5): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1348 with error 28 [ 355.721223][ T5603] EXT4-fs (loop5): This should not happen!! Data will be lost [ 355.721223][ T5603] [ 355.731987][ T5603] EXT4-fs (loop5): Total free blocks count 0 [ 355.739043][ T5603] EXT4-fs (loop5): Free/Dirty block details [ 355.745221][ T5603] EXT4-fs (loop5): free_blocks=0 [ 355.750649][ T5603] EXT4-fs (loop5): dirty_blocks=1348 [ 355.756875][ T5603] EXT4-fs (loop5): Block reservation details [ 355.763240][ T5603] EXT4-fs (loop5): i_reserved_data_blocks=1348 [ 355.946261][ T7460] loop3: detected capacity change from 0 to 256 [ 355.965936][ T4718] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 356.226038][ T4718] usb 5-1: Using ep0 maxpacket: 16 [ 356.346452][ T4718] usb 5-1: config 0 has an invalid interface number: 48 but max is 0 [ 356.371343][ T4718] usb 5-1: config 0 has no interface number 0 [ 356.419549][ T4718] usb 5-1: config 0 interface 48 has no altsetting 0 [ 356.637282][ T4718] usb 5-1: New USB device found, idVendor=1199, idProduct=b000, bcdDevice=a8.98 [ 356.657132][ T4718] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 356.665231][ T4718] usb 5-1: Product: syz [ 356.680188][ T4718] usb 5-1: Manufacturer: syz [ 356.684842][ T4718] usb 5-1: SerialNumber: syz [ 356.702432][ T4718] usb 5-1: config 0 descriptor?? [ 356.985559][ T7453] udc-core: couldn't find an available UDC or it's busy [ 357.007084][ T7453] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 357.008173][ T7467] loop5: detected capacity change from 0 to 256 [ 357.104022][ T4234] usb 5-1: USB disconnect, device number 8 [ 357.117855][ T4200] Bluetooth: hci3: Unknown advertising packet type: 0xd49b [ 357.117967][ T4200] Bluetooth: hci3: Unknown advertising packet type: 0x1bb5 [ 357.127640][ T4200] ================================================================== [ 357.143357][ T4200] BUG: KASAN: slab-out-of-bounds in hci_le_meta_evt+0x12c0/0x3b80 [ 357.151404][ T4200] Read of size 1 at addr ffff8880225b3c01 by task kworker/u5:8/4200 [ 357.159754][ T4200] [ 357.162093][ T4200] CPU: 1 PID: 4200 Comm: kworker/u5:8 Not tainted syzkaller #0 [ 357.169697][ T4200] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 357.179858][ T4200] Workqueue: hci3 hci_rx_work [ 357.184580][ T4200] Call Trace: [ 357.187875][ T4200] [ 357.190831][ T4200] dump_stack_lvl+0x168/0x230 [ 357.195538][ T4200] ? show_regs_print_info+0x20/0x20 [ 357.200771][ T4200] ? load_image+0x3b0/0x3b0 [ 357.205294][ T4200] ? _raw_spin_lock_irqsave+0xb0/0xf0 [ 357.210695][ T4200] print_address_description+0x60/0x2d0 [ 357.216280][ T4200] ? hci_le_meta_evt+0x12c0/0x3b80 [ 357.221432][ T4200] kasan_report+0xdf/0x130 [ 357.226057][ T4200] ? hci_le_meta_evt+0x12c0/0x3b80 [ 357.231204][ T4200] hci_le_meta_evt+0x12c0/0x3b80 [ 357.236173][ T4200] ? hci_event_packet+0x2b0/0x12f0 [ 357.241320][ T4200] ? release_firmware_map_entry+0x190/0x190 [ 357.247240][ T4200] ? hci_remote_host_features_evt+0x280/0x280 [ 357.253333][ T4200] ? __mutex_unlock_slowpath+0x19e/0x6a0 [ 357.259000][ T4200] ? mutex_unlock+0x10/0x10 [ 357.263530][ T4200] ? lock_chain_count+0x20/0x20 [ 357.268416][ T4200] hci_event_packet+0xe05/0x12f0 [ 357.273514][ T4200] ? asm_sysvec_reschedule_ipi+0x16/0x20 [ 357.279191][ T4200] ? rcu_lock_release+0x20/0x20 [ 357.284073][ T4200] ? kasan_check_range+0x7b/0x290 [ 357.289129][ T4200] ? hci_send_to_monitor+0x9c/0x4a0 [ 357.294354][ T4200] hci_rx_work+0x255/0xa10 [ 357.298816][ T4200] process_one_work+0x863/0x1000 [ 357.303808][ T4200] ? worker_detach_from_pool+0x240/0x240 [ 357.309469][ T4200] ? lockdep_hardirqs_off+0x70/0x100 [ 357.314801][ T4200] ? _raw_spin_lock_irq+0xab/0xe0 [ 357.319887][ T4200] ? _raw_spin_lock_irqsave+0xf0/0xf0 [ 357.325285][ T4200] ? wq_worker_running+0x97/0x170 [ 357.330784][ T4200] worker_thread+0xaa8/0x12a0 [ 357.335630][ T4200] ? _raw_spin_unlock_irqrestore+0x82/0x100 [ 357.341568][ T4200] ? lockdep_hardirqs_on+0x94/0x140 [ 357.346808][ T4200] ? lockdep_hardirqs_on+0x94/0x140 [ 357.352033][ T4200] ? _raw_spin_unlock_irqrestore+0xaa/0x100 [ 357.358064][ T4200] kthread+0x436/0x520 [ 357.362165][ T4200] ? rcu_lock_release+0x20/0x20 [ 357.367037][ T4200] ? kthread_blkcg+0xd0/0xd0 [ 357.371654][ T4200] ret_from_fork+0x1f/0x30 [ 357.376118][ T4200] [ 357.379152][ T4200] [ 357.381493][ T4200] Allocated by task 7453: [ 357.385828][ T4200] __kasan_kmalloc+0xb5/0xf0 [ 357.390444][ T4200] __alloc_skb+0x22c/0x750 [ 357.394879][ T4200] vhci_write+0xbc/0x450 [ 357.399138][ T4200] vfs_write+0x712/0xd00 [ 357.403398][ T4200] ksys_write+0x14d/0x250 [ 357.407743][ T4200] do_syscall_64+0x4c/0xa0 [ 357.412179][ T4200] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 357.418099][ T4200] [ 357.420439][ T4200] The buggy address belongs to the object at ffff8880225b3800 [ 357.420439][ T4200] which belongs to the cache kmalloc-1k of size 1024 [ 357.434508][ T4200] The buggy address is located 1 bytes to the right of [ 357.434508][ T4200] 1024-byte region [ffff8880225b3800, ffff8880225b3c00) [ 357.448238][ T4200] The buggy address belongs to the page: [ 357.453893][ T4200] page:ffffea0000896c00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x225b0 [ 357.464066][ T4200] head:ffffea0000896c00 order:3 compound_mapcount:0 compound_pincount:0 [ 357.472423][ T4200] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 357.480443][ T4200] raw: 00fff00000010200 ffffea0001d1b400 0000000600000006 ffff888016841dc0 [ 357.489054][ T4200] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 357.497742][ T4200] page dumped because: kasan: bad access detected [ 357.504293][ T4200] page_owner tracks the page as allocated [ 357.510028][ T4200] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4185, ts 67320112320, free_ts 67288970634 [ 357.529265][ T4200] get_page_from_freelist+0x1b77/0x1c60 [ 357.534842][ T4200] __alloc_pages+0x1e1/0x470 [ 357.539457][ T4200] new_slab+0xc0/0x4b0 [ 357.543541][ T4200] ___slab_alloc+0x81e/0xdf0 [ 357.548142][ T4200] __kmalloc_node_track_caller+0x1fc/0x3a0 [ 357.553963][ T4200] __alloc_skb+0x22c/0x750 [ 357.558398][ T4200] rtmsg_fib+0xe7/0x4b0 [ 357.562565][ T4200] fib_table_insert+0x987/0x1b20 [ 357.567511][ T4200] fib_magic+0x2c1/0x390 [ 357.571768][ T4200] fib_add_ifaddr+0x140/0x5e0 [ 357.576455][ T4200] fib_inetaddr_event+0x13c/0x1c0 [ 357.581669][ T4200] blocking_notifier_call_chain+0x103/0x1b0 [ 357.587574][ T4200] __inet_insert_ifa+0x9e9/0xbc0 [ 357.592524][ T4200] inet_rtm_newaddr+0x940/0x1800 [ 357.597472][ T4200] rtnetlink_rcv_msg+0x9b9/0xe60 [ 357.602416][ T4200] netlink_rcv_skb+0x1e0/0x430 [ 357.607192][ T4200] page last free stack trace: [ 357.611867][ T4200] free_unref_page_prepare+0x637/0x6c0 [ 357.617365][ T4200] free_unref_page+0x94/0x280 [ 357.622052][ T4200] __unfreeze_partials+0x1a5/0x200 [ 357.627263][ T4200] put_cpu_partial+0x12d/0x190 [ 357.632032][ T4200] qlist_free_all+0x35/0x90 [ 357.636552][ T4200] kasan_quarantine_reduce+0x150/0x160 [ 357.642019][ T4200] __kasan_slab_alloc+0x2f/0xd0 [ 357.646878][ T4200] slab_post_alloc_hook+0x4c/0x380 [ 357.652002][ T4200] kmem_cache_alloc_trace+0x103/0x2a0 [ 357.657376][ T4200] netdevice_event+0x324/0x900 [ 357.662178][ T4200] raw_notifier_call_chain+0xcb/0x160 [ 357.667557][ T4200] dev_set_mac_address+0x2c4/0x3d0 [ 357.672684][ T4200] dev_set_mac_address_user+0x2d/0x50 [ 357.678063][ T4200] do_setlink+0x80d/0x3980 [ 357.682488][ T4200] rtnl_newlink+0x1419/0x17d0 [ 357.687167][ T4200] rtnetlink_rcv_msg+0x9b9/0xe60 [ 357.692116][ T4200] [ 357.694441][ T4200] Memory state around the buggy address: [ 357.700073][ T4200] ffff8880225b3b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 357.708149][ T4200] ffff8880225b3b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 357.716209][ T4200] >ffff8880225b3c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 357.724266][ T4200] ^ [ 357.728344][ T4200] ffff8880225b3c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 357.736589][ T4200] ffff8880225b3d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 357.744648][ T4200] ================================================================== [ 357.752759][ T4200] Disabling lock debugging due to kernel taint [ 357.759002][ C1] vkms_vblank_simulate: vblank timer overrun [ 357.774495][ T4200] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 357.781746][ T4200] CPU: 1 PID: 4200 Comm: kworker/u5:8 Tainted: G B syzkaller #0 [ 357.790749][ T4200] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 357.800829][ T4200] Workqueue: hci3 hci_rx_work [ 357.805539][ T4200] Call Trace: [ 357.808875][ T4200] [ 357.811822][ T4200] dump_stack_lvl+0x168/0x230 [ 357.816534][ T4200] ? show_regs_print_info+0x20/0x20 [ 357.821762][ T4200] ? load_image+0x3b0/0x3b0 [ 357.826305][ T4200] panic+0x2c9/0x7f0 [ 357.830239][ T4200] ? bpf_jit_dump+0xd0/0xd0 [ 357.834925][ T4200] ? _raw_spin_unlock_irqrestore+0xf6/0x100 [ 357.840858][ T4200] ? _raw_spin_unlock+0x40/0x40 [ 357.845733][ T4200] ? hci_le_meta_evt+0x12c0/0x3b80 [ 357.850914][ T4200] check_panic_on_warn+0x80/0xa0 [ 357.855887][ T4200] ? hci_le_meta_evt+0x12c0/0x3b80 [ 357.861032][ T4200] end_report+0x6d/0xf0 [ 357.865206][ T4200] kasan_report+0x102/0x130 [ 357.869741][ T4200] ? hci_le_meta_evt+0x12c0/0x3b80 [ 357.874884][ T4200] hci_le_meta_evt+0x12c0/0x3b80 [ 357.876091][ T4768] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 357.879839][ T4200] ? hci_event_packet+0x2b0/0x12f0 [ 357.892436][ T4200] ? release_firmware_map_entry+0x190/0x190 [ 357.898367][ T4200] ? hci_remote_host_features_evt+0x280/0x280 [ 357.904504][ T4200] ? __mutex_unlock_slowpath+0x19e/0x6a0 [ 357.910166][ T4200] ? mutex_unlock+0x10/0x10 [ 357.914701][ T4200] ? lock_chain_count+0x20/0x20 [ 357.919810][ T4200] hci_event_packet+0xe05/0x12f0 [ 357.924810][ T4200] ? asm_sysvec_reschedule_ipi+0x16/0x20 [ 357.930482][ T4200] ? rcu_lock_release+0x20/0x20 [ 357.935378][ T4200] ? kasan_check_range+0x7b/0x290 [ 357.940430][ T4200] ? hci_send_to_monitor+0x9c/0x4a0 [ 357.945655][ T4200] hci_rx_work+0x255/0xa10 [ 357.950101][ T4200] process_one_work+0x863/0x1000 [ 357.955070][ T4200] ? worker_detach_from_pool+0x240/0x240 [ 357.960730][ T4200] ? lockdep_hardirqs_off+0x70/0x100 [ 357.966042][ T4200] ? _raw_spin_lock_irq+0xab/0xe0 [ 357.971092][ T4200] ? _raw_spin_lock_irqsave+0xf0/0xf0 [ 357.976490][ T4200] ? wq_worker_running+0x97/0x170 [ 357.981544][ T4200] worker_thread+0xaa8/0x12a0 [ 357.986246][ T4200] ? _raw_spin_unlock_irqrestore+0x82/0x100 [ 357.992164][ T4200] ? lockdep_hardirqs_on+0x94/0x140 [ 357.997389][ T4200] ? lockdep_hardirqs_on+0x94/0x140 [ 358.002606][ T4200] ? _raw_spin_unlock_irqrestore+0xaa/0x100 [ 358.008542][ T4200] kthread+0x436/0x520 [ 358.012734][ T4200] ? rcu_lock_release+0x20/0x20 [ 358.017617][ T4200] ? kthread_blkcg+0xd0/0xd0 [ 358.022228][ T4200] ret_from_fork+0x1f/0x30 [ 358.026659][ T4200] [ 358.029793][ T4200] Kernel Offset: disabled [ 358.034125][ T4200] Rebooting in 86400 seconds..