last executing test programs: 1m7.120026764s ago: executing program 0 (id=103): syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000480)=ANY=[@ANYBLOB="1201000300000010ac0518024000010203010902240001010810000904000901030102"], &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x0}) 1m4.742651819s ago: executing program 0 (id=111): setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0) r0 = syz_open_dev$ttys(0xc, 0x2, 0x1) socket$nl_route(0x10, 0x3, 0x0) fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) setitimer(0x0, 0x0, 0x0) inotify_init1(0x0) bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0) add_key$keyring(&(0x7f00000000c0), &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff) 1m2.644279562s ago: executing program 0 (id=114): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_emit_ethernet(0x4a, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) geteuid() ioctl$USBDEVFS_IOCTL(0xffffffffffffffff, 0xc0105512, &(0x7f0000000200)) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=@newlink={0x2c, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x42004}, [@IFLA_XDP={0x4}, @IFLA_GROUP={0x8}]}, 0x2c}}, 0x0) sendmsg$ETHTOOL_MSG_PAUSE_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=ANY=[@ANYBLOB='d\x00\x00\x00', @ANYRES16, @ANYBLOB="01002cbd7000fedbdf2516000000050002000000000040000180140002007465616d300000000000000000000000140002007465"], 0x64}, 0x1, 0x0, 0x0, 0x100}, 0x20044000) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) mkdir(0x0, 0x0) mount$overlay(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000340), 0x1000000, &(0x7f0000000500)={[{@workdir={'workdir', 0x3d, './bus/file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@uuid_on}, {@xino_off}]}) 1m2.247496351s ago: executing program 0 (id=116): syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x3000490, &(0x7f0000000200)={[{@lazytime}, {@usrjquota}, {@usrjquota}, {@norecovery}, {@auto_da_alloc}, {@max_batch_time={'max_batch_time', 0x3d, 0x80000001}}, {@grpquota}, {@barrier_val}, {@nombcache}, {}, {}, {@nodiscard}]}, 0x45, 0x7b1, &(0x7f00000004c0)="$eJzs3c9rHNcdAPDvrFY/7VYqFFr3JCi0BuNV5ap2C4Wq9FAKNRjaUw+1xWotHK20RrsylhCJTQjkEkhCbsnF5/y8hFzz45BL8n8EGyeRTRxyCAqzP6SVtCvvOtKuHX8+MNZ7M2/2ve+82TfPmtFuAE+tyfSfTMSJiHg5iRivr08iYrCaykbM1so92NzIp0sSW1v/+Sqplrm/uZGPpn1Sx+qZX0fExy9EnMrsr7e8tr44VywWVur5qcrS1any2vrpK0tzC4WFwvLZ6ZmZM+f+dO7s4cX6zefrx++88s/fvzP73fO/evelT5KYjeP1bc1xHJbJmKwfk8H0EO7yj8OurG/ef7aDQk1nQPYoG0OX0o4ZqPfKiRiPgYP6Z7SXLQMAjspzEbHVzkDbLQDAEy2pXf//1u92AAC90vg9wP3NjXxj6e9vJHrr7t8jYqQWf+P+Zm1Ltn7PbqR6H3TsfrLrzkgSEROHUP9kRLzxwf/fSpc4ovuQAK3cuBkRlyYm94//yb5nFrr1h9arF5ozk3s2Gv+gdz5M5z9/bjX/y2zPf6LF/Ge4xXv3UTz8/Z+5fQjVtJXO//7a9Gzbg6b46yYG6rmfVed8g8nlK8VCOrb9PCJOxuBwmp8+oI6T976/125b8/zv61efeTOtP/25UyJzOzu8e5/5ucrcj4m52d2bEb/Jtoo/Hf+Hq/2ftJn/Xuiwjn/95cXX221L40/jbSz74z9aW7ciftey/5PtMsmBzydOVU+HqcZJ0cJ7szHWrv7J7E7/p0taf+P/Ar2Q9v/YwfFPJM3Pa5Y7funtp8U+uzX+UbtCzed/6/hbn/9DyX+r6aH6uutzlcrKdMRQ8u/968/s7NvIN8qn8Z/8bev3f2P8a3H+/y99/UsdHojsnS/ffvT4j1Ya/3xX/d91IkYeLA60q7+z/p/ZtU8n41+nDXzU4wYAAAAAAAAAAAAAAAAAAAAAAAAA3chExPFIMrntdCaTy9W+w/uXMZYplsqVU5dLq8vzUf2u7IkYzDQ+6nK86fNQp+ufh9/In9mT/2NE/CIiXhsereZz+VJxvt/BAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDdsTbf/5/6YnhP4YF+tBAAOBIjLuwA8LRJstl+NwEA6LWRrkqPHlk7AIDe6e76DwD8FLj+A8DT5yHX/71/BgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADdunD+fLpsfbu5kU/z89fWVhdL107PF8qLuaXVfC5fWrmaWyiVFoqFXL601PaFbtR+FEulqzOxvHp9qlIoV6bKa+sXl0qry5WLV5bmFgoXC4M9iwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOldeW1+cKxYLKxJ9SSx+WuuHx6U9Et0l4kat/x6X9hxeIoZ2RonR/gxOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAE+AHwIAAP//4VQjgA==") setxattr$incfs_metadata(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380), 0x0, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x401c2, 0xb) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x14913e, 0x0) write$binfmt_script(r0, &(0x7f0000000280), 0x208e24b) removexattr(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)=@known='user.incfs.metadata\x00') 1m1.667733082s ago: executing program 0 (id=118): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r1, 0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x15, &(0x7f00000003c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r3}, 0x10) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000001300)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x0, 0x0, 0x4}, {0x0, [0x0, 0x51]}}, 0x0, 0x1c, 0x0, 0x1, 0x0, 0x0, @void, @value}, 0x28) 59.900487283s ago: executing program 0 (id=123): r0 = getpid() prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_mount_image$iso9660(&(0x7f0000000240), &(0x7f0000000300)='./file2\x00', 0x0, &(0x7f0000000000)=ANY=[], 0x1, 0x7fb, &(0x7f0000000340)="$eJzs3U1oHOfdAPD/yLIjK+9rQt4Xv8Y4zsTJCzY4ykp2FEQOyWY1kidZ7YrdVbApJTG1HIzlJNgN1DrU8aWlpSXtqcckh17aU+mlpdBCC21PhfbaWyDQQ9LSQg9tAyozs7IkWx/+kD9Ifz9hzTPPPDPP/5ldz39H0swEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBJY7JWG02imbfmTqYba0x22jObLF/e3i/WTDbpNyIp/sXQUOyrqvb978rivcW3Q3GgmjsQQ8VkKBYf3vvI8/8zOLC8/iYBbbfB9SovXV48f3phYf7iPQzkLvjmz9bMfn84bnLPTmetvNvOZ+rTWZp32+nE+HjtmRNT3XQqb2bdU91eNpM2Olm91+6khxtH0tGJiWNpNnKqPdeanqw3s3Swqnzu6bFabTx9eWQ2q3e67dYzL490GyfyZjNvTZcrFouLNs8Vb8RX8l7ay+ozaXr23ML8sbUh7b4hyKLR6Jqaz5ZWzx146pGP3/nob+fmx7Ya7lhtbGx0dGxsdDyJiFptcKXi2Ylnn6vVBmvXiRta3NM3LQ+gbT6Cw+0b6Of/aEYerZiLk5Gu+9WIyehEO2Zi5Q28ennfcv7//2f+/LvN+n1vVf6vsvzAgX0ri/dHmf8PVnMHN8r/Vd+7Htog5rv1tTL+S3E5FuN8nI6FWIj5uHhX+ku2b1sD2xvZdGTRijy60Y48ZqJe1qT9mjQmYjzGoxavxYmYim6kMRV5NCOLbpyKbvQiK99RjehEFvXoRTs6kcbhaMSRSGM0JmIijkUaWYzEqWjHXLRiOiajXm7lbJwr9/ux6+La+9XXf/rG7z9+v3y1lhuNbraL340oG/11k0Y3JHP5n1sWEb/arsM33JGl5fwPAAAAfG4l5U/fi/P/nfFYWZrKm9kXtlhrsPj27r2JEAAAALhT5W/+DxSTnUXpsUiK8//a2kY/3Hl/ggMAAAC2RVJeY5dExHA8XpWWL5eq3e/YAAAAgO1R/v7/YDEZjrhSVjj/BwAAgM+ZV3/cL1x/j/2Plu+xOzD7UPLzv0SnszM5/sHJp5IL9aJd/cKOar3+5NVrW+xN7U+if0PBclvjg4sPF/ODjexAsnzz3M8eqqaflt/3D15bfW0cL+6uapMkKQK4OrthALEmgD39UVwLoJyLb8UTVZsnzlTTM8tLqtEOT+XNbKTRbj4/GvX6noFedrL3zpvnvhLl8L/RmtmTxNlzC/MjX3pr4UwZy9ViK1cv9Md7w30UN4llqb8H4rEb725cbGpneSFGv9/hqt/a6vEPXNpTFAZuoc+vxaH/KtscGq7aDq8d/1DR5+jIRqMfrsY3unbkO/r3g1gvilP9ueuieLKqffLwk9VknSjGNoui2Bdjq6Po74Rb2xfrRhGPRMT7T1w5+fdft5Ps2FZRHLvDKADul7PlXX+KLFSloyoL/XOpEkkyGLFzV6zJO9UKN3uUS8petniSz81n938sbXJEP1y1OVx9nhjcv05eqV07ohdNqiP62+fe/k3/iH78B9/74IsHf/uj287rQ8tNdi8XHv3lwwNRRrG7H8Vif0lnZ/Lta5mkyqofFvUfbthvtzmWFLtwx5cvvB17L11efPrchdNvzL8x/+bY2LHx2vFa7dkk6b94S+UnBrkHgHUcioNVIt/wGTsbPIWn/ABQ5e7jm51V74jk0Wt/UlDkxLdiIc7E0fJqg4h4fP1+h1f9GcLRONQPdv2z1uFVT3g5usW55a6IftuxLdsOr3q8zIr/++7dfD0A4F44tEUe3jD/rzp3P7rFeffaXH6kantkOYKNc3lEvHBv9wYA/GfIOp8mw72vJ51OPvva6MTEaL13Iks77cYraSefnM7SvNXLOjFYb01n6Wyn3Ws32s2i8Go+mXXT7tzsbLvTS6fanXS23c1Plk9+T/uPfu9mM/VWL290Z5tZvZuljXarV2/00sm820hn515q5t0TWadcuTubNfKpvFHv5e1W2m3PdRrZSJp2s2xVw3wya/XyqbwottLZTj5T71yNiObcTJZOZt1GJ5/ttasNLveVt6banZlys3/ac7/3NgA8GC5dXjx/emFh/uLtFf5YFJbvDrxR4417H3JjYQC4D1ay9Cf/ff0yP3wHAAAAAAAAAAAAAIAHwx1e/3fp8uJ3/rWmZvcdb3BNYWizNktX1rvoMFlaWrqFLnbHFm129XfVto7rHhWubst2Bja5uPNBKCQbL3r9hRfOb7T6S1f2nbi5Lrb8nzIYEf1LXd/9ZNdP3qsWvXhbwxm49bX+EBHzFy/tilvraynZpM39PS4BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwHr+HQAA//8q4WK8") r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r5 = fanotify_init(0x200, 0x0) fanotify_mark(r5, 0x201, 0x4800003e, r4, 0x0) r6 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r7, 0xc0502100, &(0x7f0000000340)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_SEND(r7, 0xc0182101, &(0x7f0000000200)={r8}) ioctl$SECCOMP_IOCTL_NOTIF_SEND(r6, 0xc0182101, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0xe, 0x4, 0x4, 0x3, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x0, 0x0, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r9 = getpid() sched_setscheduler(r9, 0x2, &(0x7f0000000200)=0x6) 59.775108616s ago: executing program 32 (id=123): r0 = getpid() prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_mount_image$iso9660(&(0x7f0000000240), &(0x7f0000000300)='./file2\x00', 0x0, &(0x7f0000000000)=ANY=[], 0x1, 0x7fb, &(0x7f0000000340)="$eJzs3U1oHOfdAPD/yLIjK+9rQt4Xv8Y4zsTJCzY4ykp2FEQOyWY1kidZ7YrdVbApJTG1HIzlJNgN1DrU8aWlpSXtqcckh17aU+mlpdBCC21PhfbaWyDQQ9LSQg9tAyozs7IkWx/+kD9Ifz9hzTPPPDPP/5ldz39H0swEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBJY7JWG02imbfmTqYba0x22jObLF/e3i/WTDbpNyIp/sXQUOyrqvb978rivcW3Q3GgmjsQQ8VkKBYf3vvI8/8zOLC8/iYBbbfB9SovXV48f3phYf7iPQzkLvjmz9bMfn84bnLPTmetvNvOZ+rTWZp32+nE+HjtmRNT3XQqb2bdU91eNpM2Olm91+6khxtH0tGJiWNpNnKqPdeanqw3s3Swqnzu6bFabTx9eWQ2q3e67dYzL490GyfyZjNvTZcrFouLNs8Vb8RX8l7ay+ozaXr23ML8sbUh7b4hyKLR6Jqaz5ZWzx146pGP3/nob+fmx7Ya7lhtbGx0dGxsdDyJiFptcKXi2Ylnn6vVBmvXiRta3NM3LQ+gbT6Cw+0b6Of/aEYerZiLk5Gu+9WIyehEO2Zi5Q28ennfcv7//2f+/LvN+n1vVf6vsvzAgX0ri/dHmf8PVnMHN8r/Vd+7Htog5rv1tTL+S3E5FuN8nI6FWIj5uHhX+ku2b1sD2xvZdGTRijy60Y48ZqJe1qT9mjQmYjzGoxavxYmYim6kMRV5NCOLbpyKbvQiK99RjehEFvXoRTs6kcbhaMSRSGM0JmIijkUaWYzEqWjHXLRiOiajXm7lbJwr9/ux6+La+9XXf/rG7z9+v3y1lhuNbraL340oG/11k0Y3JHP5n1sWEb/arsM33JGl5fwPAAAAfG4l5U/fi/P/nfFYWZrKm9kXtlhrsPj27r2JEAAAALhT5W/+DxSTnUXpsUiK8//a2kY/3Hl/ggMAAAC2RVJeY5dExHA8XpWWL5eq3e/YAAAAgO1R/v7/YDEZjrhSVjj/BwAAgM+ZV3/cL1x/j/2Plu+xOzD7UPLzv0SnszM5/sHJp5IL9aJd/cKOar3+5NVrW+xN7U+if0PBclvjg4sPF/ODjexAsnzz3M8eqqaflt/3D15bfW0cL+6uapMkKQK4OrthALEmgD39UVwLoJyLb8UTVZsnzlTTM8tLqtEOT+XNbKTRbj4/GvX6noFedrL3zpvnvhLl8L/RmtmTxNlzC/MjX3pr4UwZy9ViK1cv9Md7w30UN4llqb8H4rEb725cbGpneSFGv9/hqt/a6vEPXNpTFAZuoc+vxaH/KtscGq7aDq8d/1DR5+jIRqMfrsY3unbkO/r3g1gvilP9ueuieLKqffLwk9VknSjGNoui2Bdjq6Po74Rb2xfrRhGPRMT7T1w5+fdft5Ps2FZRHLvDKADul7PlXX+KLFSloyoL/XOpEkkyGLFzV6zJO9UKN3uUS8petniSz81n938sbXJEP1y1OVx9nhjcv05eqV07ohdNqiP62+fe/k3/iH78B9/74IsHf/uj287rQ8tNdi8XHv3lwwNRRrG7H8Vif0lnZ/Lta5mkyqofFvUfbthvtzmWFLtwx5cvvB17L11efPrchdNvzL8x/+bY2LHx2vFa7dkk6b94S+UnBrkHgHUcioNVIt/wGTsbPIWn/ABQ5e7jm51V74jk0Wt/UlDkxLdiIc7E0fJqg4h4fP1+h1f9GcLRONQPdv2z1uFVT3g5usW55a6IftuxLdsOr3q8zIr/++7dfD0A4F44tEUe3jD/rzp3P7rFeffaXH6kantkOYKNc3lEvHBv9wYA/GfIOp8mw72vJ51OPvva6MTEaL13Iks77cYraSefnM7SvNXLOjFYb01n6Wyn3Ws32s2i8Go+mXXT7tzsbLvTS6fanXS23c1Plk9+T/uPfu9mM/VWL290Z5tZvZuljXarV2/00sm820hn515q5t0TWadcuTubNfKpvFHv5e1W2m3PdRrZSJp2s2xVw3wya/XyqbwottLZTj5T71yNiObcTJZOZt1GJ5/ttasNLveVt6banZlys3/ac7/3NgA8GC5dXjx/emFh/uLtFf5YFJbvDrxR4417H3JjYQC4D1ay9Cf/ff0yP3wHAAAAAAAAAAAAAIAHwx1e/3fp8uJ3/rWmZvcdb3BNYWizNktX1rvoMFlaWrqFLnbHFm129XfVto7rHhWubst2Bja5uPNBKCQbL3r9hRfOb7T6S1f2nbi5Lrb8nzIYEf1LXd/9ZNdP3qsWvXhbwxm49bX+EBHzFy/tilvraynZpM39PS4BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwHr+HQAA//8q4WK8") r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r5 = fanotify_init(0x200, 0x0) fanotify_mark(r5, 0x201, 0x4800003e, r4, 0x0) r6 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r7, 0xc0502100, &(0x7f0000000340)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_SEND(r7, 0xc0182101, &(0x7f0000000200)={r8}) ioctl$SECCOMP_IOCTL_NOTIF_SEND(r6, 0xc0182101, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0xe, 0x4, 0x4, 0x3, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x0, 0x0, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r9 = getpid() sched_setscheduler(r9, 0x2, &(0x7f0000000200)=0x6) 22.655422292s ago: executing program 2 (id=223): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000001740)={'syz1\x00', {}, 0x0, [0x1], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) write$uinput_user_dev(r0, &(0x7f0000000580)={'syz0\x00', {0x4, 0x1ff, 0xe943, 0x1}, 0x4, [0xd, 0x400, 0x0, 0xc, 0x99a, 0x21e, 0x22d0, 0x7, 0x3, 0x1, 0x2, 0x80000000, 0xfffffffd, 0x3, 0xb8, 0xb9e, 0x40400000, 0x9, 0x8, 0x3, 0x2, 0x4, 0x7, 0x3, 0x0, 0x1, 0x1, 0x0, 0x6, 0x8, 0xffff0000, 0x1, 0x9, 0x7, 0x7f, 0x7fffffff, 0xf, 0x9, 0xffff8000, 0xd5, 0x9, 0xfffffffb, 0x4, 0x4, 0x9, 0x4, 0x10001, 0x7ff, 0xff, 0x6, 0x6ba8, 0x4ec, 0x800, 0x8, 0xbec, 0x7, 0x7, 0x4, 0x4, 0x3, 0x6, 0x81, 0x610, 0x101], [0x4, 0xf, 0x0, 0xc4, 0x8, 0x4, 0x7e, 0x2, 0x9, 0x7fff, 0x6, 0x7fff, 0x81, 0xf, 0xad4, 0x2, 0xd3, 0x5, 0x7, 0x101, 0x3, 0xffff0293, 0x7, 0xcf, 0x66, 0x5, 0x0, 0x80000000, 0x7ff, 0x10000, 0x0, 0x2, 0x3, 0x5, 0xfffff233, 0x8, 0x8, 0x5, 0xfe, 0x1, 0x0, 0xfffffffc, 0x5, 0x9, 0x3, 0xca, 0xd, 0x4, 0x8000, 0xb3, 0xfffffff7, 0x9, 0x30, 0x2, 0x7ff, 0x1, 0x9, 0x0, 0xfffffff9, 0x3, 0x45c, 0x7, 0x1, 0x7], [0x0, 0x9, 0x5, 0x1, 0xfffffffd, 0x101, 0xffffffff, 0x6, 0x7, 0x464, 0x9, 0xfffff800, 0x8b, 0x2a8e30b, 0xd, 0x3, 0x9, 0x10001, 0x7, 0xffff, 0x0, 0x5, 0x7800000, 0x800, 0x80, 0x68e, 0xeb, 0x6, 0x9, 0x7, 0xffffffff, 0x101, 0x9, 0x1, 0xc, 0xb31d, 0x3, 0xd, 0x100, 0x980, 0x10, 0x602b, 0xa22, 0x0, 0x3, 0x30000000, 0x2, 0x7, 0x9d5, 0x68ce, 0x8, 0x3, 0xa, 0xf8, 0x2, 0x7fffffff, 0xffffffff, 0x0, 0x8000, 0x9, 0xe, 0x7fffffff, 0x6, 0x8252], [0x70, 0x3, 0x5, 0x5, 0x8, 0x4, 0x800, 0x7ff, 0x9, 0x6, 0x7ff, 0x1, 0x8, 0x9, 0x240, 0x5c56, 0x2, 0xa9, 0x4, 0x0, 0x8, 0x3b5, 0x9, 0xf, 0x7fffffff, 0x3, 0x2, 0x10, 0x7, 0x2, 0x2, 0x1de, 0x5, 0x9f86, 0x1, 0x9, 0x8, 0xf, 0x2, 0xffff, 0x8001, 0xfffffc7e, 0x61c, 0xc4c4, 0x81, 0x3, 0x9, 0x5f9, 0x9, 0x4, 0x6, 0xe, 0x3, 0x6, 0x7, 0x9a6d, 0x101, 0x7fff, 0x1, 0x8001, 0xffffffff, 0x2, 0x9, 0x5]}, 0x45c) 22.119774254s ago: executing program 2 (id=224): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_emit_ethernet(0x4a, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) geteuid() ioctl$USBDEVFS_IOCTL(0xffffffffffffffff, 0xc0105512, &(0x7f0000000200)) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=@newlink={0x2c, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x42004}, [@IFLA_XDP={0x4}, @IFLA_GROUP={0x8}]}, 0x2c}}, 0x0) sendmsg$ETHTOOL_MSG_PAUSE_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=ANY=[@ANYBLOB='d\x00\x00\x00', @ANYRES16, @ANYBLOB="01002cbd7000fedbdf2516000000050002000000000040000180140002007465616d300000000000000000000000140002007465"], 0x64}, 0x1, 0x0, 0x0, 0x100}, 0x20044000) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) mkdir(0x0, 0x0) mount$overlay(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000340), 0x1000000, &(0x7f0000000500)={[{@workdir={'workdir', 0x3d, './bus/file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@uuid_on}, {@xino_off}]}) 21.045447224s ago: executing program 2 (id=225): connect$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x0, 0x0, @dev, 0x9}, 0x1c) r0 = socket$igmp6(0xa, 0x3, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) times(0x0) socket$nl_xfrm(0x10, 0x3, 0x6) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488) sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x9506, &(0x7f0000000100)=[{&(0x7f0000000000)="2c10", 0x58c}], 0x1, 0x0, 0x0, 0x2c}, 0x44004) 19.893522359s ago: executing program 2 (id=229): prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = inotify_init() r2 = inotify_add_watch(r1, &(0x7f0000000280)='.\x00', 0x25000001) inotify_rm_watch(r1, r2) add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe) syz_mount_image$ext4(&(0x7f0000000700)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x8052, &(0x7f00000001c0)={[{@noauto_da_alloc}, {@init_itable_val={'init_itable', 0x3d, 0x6}}, {@dioread_nolock}]}, 0x3, 0x4de, &(0x7f0000000c40)="$eJzs3E1oXNUeAPD/nUma9Ot1Xl9f32utmlrFYDFp02q7EKSi4EJBrKAuQ5KW2rSRJgVbqkxB6lIK7sWlWxdu1U0RV4LbuhSkUKSbtoI4cmfunZlMZ5ImmWSM+f1gMufcr3POPffcOfeczASwYQ2lf5Ja+GZE7IiIQusGQ7W3e3euTNy/c2UiypXKyd+S6m5303gmO0xszSLDhYjCx0ljRZPZS5fPjk9PT13I4qNz594fnb10+dkzg9mS48ePHjl87Pmx55ZeqDbppeW6u/ejmX17Xn33+usTffnyPLXmcnTLUAy1y0rVU91OrMe2N4WTvh5mhCUpRURaXf3V9r8jirFQ5ZXXMGfAaqtUKpWBzqvLlVZXH1gCrFtJ9DoHQG/kH/Tp82/+atcR2LQ63Y+eu32i9gCUlvte9op4vLowHwfpb3m+7aahiHin/Pvn6StWaRwCAKDZtyfynmBL/69Umxn54+KNF9P3f2VzKKWI+HdE7IyI/0TEroj4b0Tsjoj/RcT/W45fjIjKAukPtcTr6dcnoQq3ulTUttL+3wvZ3Faj/zcvA6ViFtsekXeYpw5l52Q4+gdOnZmeOrxAGt+9/NOnndY19//SV5p+3hfM8nGrr2WAbnJ8bnzZBW5x+2rE3r7W8id9EUl9JiCJiD0RsXcJxy01hc888+W+eqR//naLl7+q0nYerQvzTJUvIp6u1X855tV/I8Vk3vzkufHTU6enzo/V5ydHB2N66tBoehUcapvGDz9ee6NT+ouW/+tfWnd55dg3J7OWtXJp/W9puv4jn79tlL+URCT1+drZpadx7edPOj7TLPf635S8VQ3nz6UfjM/NXTgcsSl57cHlY41983j6HuVa+YcPtG//O7N90jPxSESkF/GjEfFY1J4Q07zvj4gnIuLAAuX//qUn31t++VdXWv7Jlvtfrebn1X9jvr5TIMnmBtusKp7df/N+h5vHw9X/0WpoOFvS/v6XzLtFdMpp/mmXLvlzxWcPAAAA1odCRGxrGkvaFoXCyEhtDGhXbClMz8zOHTw1c/H8ZLouohT9hXykqzYe3J/k45+lpvhYS/xINm78WXFzNT4yMTM92dOSA1urbT4pjES8XWxq/6lfuzPEDPyd+b4WbFwLtf+0E7/7+hpmBlhTD//5f+PDVc0IsOaa2n+nb/iXl/F/X8A64PkfaFj8h37cM2D9q2jLsKEtqf0f9COA8E/SF2/Ww4We5gRYa/r/sCEt+r3+FQUqA+1XDcaDG8fgwgcsxvKysblNWj0JpD2rnqS+eTl75b+m0HGbKCztgAPRnTo9tcKzUb4we3p31y/+Sva/8t2uwa/WpJ22C/TkdgQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANB1fwUAAP//KyHgnQ==") socket$inet6_tcp(0xa, 0x1, 0x0) 15.527083803s ago: executing program 1 (id=241): r0 = socket$inet_udp(0x2, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bd2) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x7) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x53cb1000) syz_clone(0x0, 0x0, 0xfffffe11, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x200008}, 0x1c) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast1}, 0x10) 11.607203315s ago: executing program 1 (id=249): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioprio_set$uid(0x3, 0xee00, 0x0) 10.62312037s ago: executing program 1 (id=255): semop(0x0, &(0x7f0000000240)=[{0x2, 0x7fff, 0x1000}], 0x1) semop(0x0, &(0x7f0000000100)=[{0x2, 0xd5db}], 0x1) semop(0x0, &(0x7f00000002c0)=[{0x1, 0x0, 0x1800}, {0x2, 0x9, 0x1000}], 0x2) 9.925996501s ago: executing program 5 (id=256): syz_mount_image$vfat(&(0x7f0000000100), &(0x7f0000000640)='./bus\x00', 0x0, &(0x7f0000000080)=ANY=[], 0x1, 0x1268, &(0x7f0000002500)="$eJzs3U9rI2UcB/Bf2vTv2qbquroL4oNeFCFue/DkpcguiAWl2gUVhFmbamialCYUIuLWkyfBlyHq0ZsgvoFevHgWBJFePO5BHGmT1aZJu7ptU5HP5zIPzzzfeWYyzMCE+TF7L32+sb7WLK9lrRgpFKK4ORbFuylSjMRodOzEc7d+/OnJN956+9XFpaUbyyndXHxz/sWU0uxT373z0ddPf9+6dOub2W8nYnfu3b3fFn7evbJ7de+Pr6LaTNVmqjdaKUu3G41WdrtWSavV5no5pddrlaxZSdV6s7LVs36t1tjcbKesvjozvblVaTZTVm+n9Uo7tQqptdVO2ftZtZ7K5XKamQ5OY+XLu3meR+T5WIxHnuf5VEzHpXgoZmI2SjEXD8cj8WhcjsfiSjweT8TVg1EXvd8AAAAAAAAAAAAAAAAAAADw/3Kf+v+C+n8AAAAAAAAAAAAAAAAAAAA4f0fr/4sRvv8PAAAAAAAAAAAAAAAAAAAAQ3af7/8fqf9/Xv0/AAAAAAAAAAAAAAAAAAAAnIfJzmI5pcmIjU+3V7ZXOstO/+JaVKMWlbgepfg9Dqr/Ozrtm68s3bieDszFCxt3uvk72yujvfn5sVLMFQbm5zv51JufiOnD+YUoxeXB8y8MzE/Gs8/s5z/p5MtRih/ei0bUYjWi0D36g/zH8ym9/NrSVG/+2v64Y42e82kBAACAs1ROf+l/ft/pDhq4vrOq+3yeuiMLJ/w/cOT5vBjXihd11NzTbH+4ntVqla0HbIwfv53x0225r1GIiCwO98xO/7K8P/mZTfGgjdGhTjp28phTnNMo/gd+zDNo/PrFoZ7JGO7sI91LIqvt3z//WSp28vxcd2zgxThxUur4e0ZhCPclhuPvk37RewIAAAAAAAAAAMC/MfDtv6mI6Hsf8IO+nnuvh/fG+7d8/OyfDeEIAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/mQHjgUAAAAAhPlbp9GxAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwFcBAAD///ME0UM=") sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000480)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r3, 0x1, 0x41, &(0x7f0000000080)=0x9e7, 0x4) bind$inet(r3, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r3, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r3, &(0x7f0000007fc0), 0x800001d, 0x0) 9.692058119s ago: executing program 1 (id=257): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000240), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r2, 0x0) r3 = dup(r1) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8) gettid() timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) openat(0xffffffffffffff9c, 0x0, 0x281c2, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 8.508736319s ago: executing program 1 (id=259): r0 = socket$inet_udp(0x2, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bd2) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x7) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x53cb1000) syz_clone(0x0, 0x0, 0xfffffe11, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x200008}, 0x1c) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast1}, 0x10) 6.91322511s ago: executing program 4 (id=265): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioprio_set$uid(0x3, 0xee00, 0x0) 6.844503019s ago: executing program 5 (id=266): openat$ptmx(0xffffffffffffff9c, 0x0, 0x10001, 0x0) socket(0x40000000015, 0x805, 0x0) r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000000c0), 0xe2600, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) read$FUSE(r2, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000740)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(0xffffffffffffffff, 0x84, 0x6d, 0x0, 0x0) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000140)={0x28, 0x2, 0x0, 0x0, &(0x7f0000ffd000/0x3000)=nil, 0x3000}) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000001400)={0x28, 0x2, 0x0, 0x0, &(0x7f00006a2000/0x2000)=nil, 0x2000, 0x1000000002}) ioctl$IOMMU_IOAS_COPY(r0, 0x3b83, &(0x7f0000000180)={0x28, 0x6, 0x0, 0x0, 0xa93, 0x0, 0x3fff}) r5 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r5, 0x54a2) 6.832829962s ago: executing program 2 (id=267): setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0x5, 0x0, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x30000, 0x2, 0x11, 0xffffffffffffffff, 0x0) socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) syslog(0x4, &(0x7f0000000180)=""/210, 0xd2) 5.50231966s ago: executing program 4 (id=268): syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000300)='./file0\x00', 0x248, &(0x7f0000000100), 0xfd, 0x499, &(0x7f0000000480)="$eJzs3MtrHVUYAPBvbm6SvhNrfbRWG61i8ZE0adWCgg8QXCgIuqgriUlaatNGmghtCTZKqRtBC+5FcCP6F7hyJepKcKt7KRTpptXVlcnMXG+Se/O6SW7a+/vBNHMyZ+acb86cmTMzmQbQtvrSf5KIHRHxR0T0RESpNsPWbErz3boxPfLPjemRJCqVt/5O0tXi5o3pkSJrkv/cniXK6YZKl5N4qU65kxcunh4eHx87l6cHps58MDB54eLTp84Mnxw7OXZ26Nixo0cGn3t26Jk1iTOt0819H03s3/vaO1ffGDl+9b1fvk8ithXLa+No0vM91dnp6j6Z77E1Kmyz2Fkzn5RbWBFWpDsi0ubqnO3/PdFxeVd1WU+8+klLKwesq0qlUhlqvHimAtzBkmh1DYDWKC706f1vMW3Q0GNTuP5ydgOUxn0rn7Il5ew5SHd2b7Rzncrvi4jjM/9+lU6x4ucQnetUKwDgTvZjOv55qs74rxxxb02+Xfm7od6IuCsidkfE3RGxJyLuiSzvfRFxf/1i+t5tUH7fvPTC8U/pWhPhLSkd/72Qv9uaO/6rvgXr7chTO2fj70xOnBofO5zvk0PR2Z2mB+tuPYmYSX/+/nmj8mvHf+mUll+MBfN6XCt3z11ndHhquOnAc9c/jthXrhd/EuX/o4i9EbFvlWWceuLb/XN/01GdWzr+RazBe6bK1xGPZ+0/E/PiLySLv58c2BLjY4cHiqNioV9/u/Jmo/Kz+EuxePxbmw+0gbT9t9U7/l+sxt+b1L6vnVywia6lyrjy56cN72lWe/x3JW/PKfz88NTUucGIruT1hb+vecBdpM+PfjebP43/0MH6/X93vk4a/wMRkR7ED0bEQxFxIK/7wxHxSEQcXCT+n1959P2G8R9o4vhfA2n8o3XPf43afwUzW/ItnP7ph0blV9u/aLC67X+0SMxWajnnv+XWdDX7DAAAAG43pYjYEUmpvzpfKvX3Z38vvye2lcYnJqeePDHx4dnR7BuB3ugsFU+6emqehw7mz4aL9FCevpSnj+TPjb/s2Dqb7h+ZGB9tdfDQ5rY36P+pvzpaXTtg3fleC9qX/g/ta/X935kDbndL9OLSRtUD2Hiu4tC+6vX/S7WJJLK/kgfuOK7/0L6q/f+LZWSu+dxr/sebwO1nset/pWcDKwJsOON/aEur+q5/M83ENxGL50k2S1VXNPNZM6uXN6CGUWrh/ulqSaMMdUS08JAoL/d/tYgLlUtNF9rqMxMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDa+C8AAP//uhfcIQ==") openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x10b242, 0x108) setxattr$trusted_overlay_upper(&(0x7f0000000180)='./file1\x00', &(0x7f00000001c0), &(0x7f0000000180)=ANY=[], 0x841, 0x0) lgetxattr(0x0, 0x0, 0x0, 0x0) 5.501863735s ago: executing program 5 (id=269): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000004200)=ANY=[@ANYBLOB="12010000e2793b10d10501200010010203010902120001000000000904"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000640)={0x84, &(0x7f0000000100)={0x40, 0x14}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, &(0x7f0000000b00)={0x84, &(0x7f0000000700)={0x40, 0x18, 0x2, "106e"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 4.810973276s ago: executing program 3 (id=271): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_TID_CONFIG(r1, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r0, @ANYBLOB='IS\x00\x00\x00\x00\x00\x00\x00\x00-'], 0x38}}, 0xc0) 4.286407435s ago: executing program 3 (id=272): r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_INIT(r0, 0x0, 0xc8, &(0x7f0000000180), 0x4) ioctl$BTRFS_IOC_QGROUP_CREATE(r0, 0x4010942a, &(0x7f00000000c0)={0x1, 0x36b}) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50) pwrite64(0xffffffffffffffff, &(0x7f0000000000)='2', 0x1, 0x4fed0) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r1, 0x0, 0x0) write$binfmt_misc(r1, &(0x7f0000000000), 0xd) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000680), 0x60001) close_range(0xffffffffffffffff, r2, 0x2) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000040), 0x20100, 0x0) syz_emit_vhci(&(0x7f00000004c0)=ANY=[@ANYBLOB="03c900f993190a9ef144f6fa5699a630b7742b9499a0dd514343aedd833463e7cfbc553a14e5d6858a79cfe800299f29a971154b764c9d66fbdf187d8264155ff24455d4440cb9a9d1ef2c731b28e401386a15c91a2a7cc360ba5edc67b3af2d4bab93b13bc8eae8060c59bcc1502dae997400bcdf5fe3523234d0996ceb3c9df8fe1d33fcaf875799942ef28839c3e9992687b9c42f380d18daa09d6c6a2a6f492ca7b8566c3132e26bbabf90f4a30eacf86922c7b1328cec4a689d00"], 0xfd) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040ec3ca1c0c"], 0x7) 3.977123389s ago: executing program 4 (id=273): syz_mount_image$exfat(&(0x7f0000001500), &(0x7f0000000180)='./file1\x00', 0x8000, &(0x7f0000000400)=ANY=[@ANYRES64=0x0], 0x1, 0x14fe, &(0x7f0000001580)="$eJzs3QuYjtX6MPB1r7UexjTxNslhWPe6H940WCZJckiSQ5IkSZJTQtIkSUJiyCkJSchxkhyGkBwmJo3z+ZBz0mRLkiSnnML6rqndtve//b/s/e39//y/Pffvutb1rvtaz72etd6beZ/nuebwQ9fhtZrUrt6IiMS/BH57SRFCxAghBgkh8gkhAiFE+fjy8dnjeRSk/GsnYf9ej6Zd6xWwa4nrn7Nx/XM2rn/OxvXP2bj+ORvXP2fj+udsXH/GcrKtMwvfwC3ntn/9+X/Mby/8/P//Q/z5n7Nx/f/TnM7zzxzN9f9Pctl7/89lcP1zNq5/zsb1z9m4/jkb1z9n4/ozlpNd6+fP3K5tu9b//hhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOM5Qzn/BVaCPF7/1qvizHGGGOMMcYYY/8+Pve1XgFjjDHGGGOMMcb+54GQQgktApFL5BYxIo+IFdeJOHG9yCvyiYi4QcSLG0V+cZMoIAqKQqKwSBBFRFFhBAorSISimCguouJmUULcIhJFSVFKlBZOlBFJ4lZRVtwmyonbRXlxh6gg7hQVRSVRWVQRd4mq4m5RTdwjqot7RQ1RU9QStcV9oo64X9QVD4h64kFRXzwkGoiHRUPxiGgkHhWNxWOiiXhcNBVPiGaiuWghWopW/1f5r4ie4lXRS/QWKaKP6CteE/1EfzFADBSDxOtisHhDDBFviqFimBgu3hIjxNtipHhHjBKjxRjxrhgrxonxYoKYKCaJVPGemCzeF1PEB2KqmCamixkiTcwUs8SHYraYI+aKj8Q88bGYLxaIhWKRSBefiMViicgQn4ql4jORKZaJ5WKFWClWidVijVgr1on1YoPYKDaJzWKL2Co+F9vEdrFD7BS7xG6xR3wh9oovxT7xlcgSX/+T+Wf/S343ECBAggQNGnJBLoiBGIiFWIiDOMgLeSECEYiHeMgP+aEAFIBCUAgSIAGKQlFAQCAgKAbFIApRKAElIBESoRSUAgcOkiAJysJtUA7KQXkoDxWgAlSESlAJqkAVqApVoRpUg+pQHWpADagFteA+uA/uh7pQF+pBPagP9aEBNICG0BAaQSNoDI2hCTSBptAUmkEzaAEtoBW0gtbQGtpAG2gH7aA9tIcO0AGSIRk6QkfoBJ2gM3SGLtAFukJX6AbdoTu8Aq/Aq/Aq9IYasg/0hb7QD/rBABgIA+F1GAxvwBvwJgyFYTAc3oK34G0YCWdgFIyGMTAGqspxMB4mAMlJkAqpMBkmwxSYAlNhGkyDGZAGM2EWzILZMAfmwEcwDz6Gj2EBLIBFkA7psBiWQAZkwFI4C5mwDJbDClgJq2AlrIG1sAbWwwZYD5tgE2yBLfA5fA7bYTvshJ2wG3bDF/AFfAlfwlDIgizYD/vhAByAg3AQDsEhOAyH4QgcgaNwFI7BMTgOJ+AknIDTcBrOwFk4B+fgAlyAi3ARLsPl7P/8MpuWWuaSuWSMjJGxMlbGyTiZV+aVERmR8TJe5pf5ZQFZQBaShWSCTJBFZVGJEiXJUBaTxWRURmUJWUImykRZSpaSTjqZJJNkWVlWlpPlZHl5h6wg75QVZSXZ1lWRVWRV2c5Vk/fI6rK6rCFrylqytqwt68g6sq6sK+vJerK+rC8byIdlQ9kHBsCjMrsyTeQwaCqHQzPZXLaQLeXb8KRsLUdCG9lWtpNPy9EwCjrI1i5ZPic7yvHQSb4gJ8CLsoucBF3ly7Kb7C57yFdkT9nG9ZK95VToI/vKGdBP9pcD5EA5G2rK7IrVkm/KoXKYHC7fkovgbTlSviNHydFyjHxXjpXj5Hg5QU6Uk2SqfE9Olu/LKfIDOVVOk9PlDJkmZ8pZ8kM5W86Rc+VHcp78WM6XC+RCuUimy0/kYrlEZshP5VL5mcyUy+RyuUKulKvkarlGrpXr5Hq5QW6Um+RmuUVulZ/LbXK73CF3yl1yt9wjv5B75Zdyn/xKZsmv5X75J3lAfiMPym/lIfmdPCy/l0fkD/Ko/FEekz/J4/KEPClPydPyZ3lGnpXn5Hl5Qf4iL8pL8rL0UihQUimlVaByqdwqRuVRseo6FaeuV3lVPhVRN6h4daPKr25SBVRBVUgVVgmqiCqqjEJlFalQFVPFVVTdrEqoW1SiKqlKqdLKqTIqSd2qyqrbVDl1uyqv7lAV1J2qoqqkKqsq6i5VVd2tqql7VHV1r6qhaqpaqra6T9VR96u66gFVTz2o6quHVAP1sGqoHlGN1KOqsXpMNVGPq6bqCdVMNVctVEvVSj2pWqunVBvVVrVTT6v26hnVQT2rktVzqqN6XnVSL6jO6kXVRb2kuqqXVTfVXfVQl9Rl5VUv1VulqD6qr3pN9VP91QA1UA1Sr6vB6g01RL2phqpharh6S41Qb6uR6h01So1WY9S7aqwap8arCWqimqRS1XtqsnpfTVEfqKlqmpquZqg0NVMN+PNMc/+B/Pf/Tv6QX8++RW1Vn6ttarvaoXaqXWq32qP2qL1qr9qn9qkslaX2q/3qgDqgDqqD6pA6pA6rw+qIOqKOqqPqmDqmjqsT6rw6pU6rn9UZdVadVefVBXVBXfzzeyA0aKmV1jrQuXRuHaPz6Fh9nY7T1+u8Op+O6Bt0vL5R59c36QK6oC6kC+sEXUQX1Uajtpp0qIvp4jqqb9Yl9C06UZfUpXRp7XQZnaRv/Zfzr7a+VrqVbq1b6za6jW6n2+n2ur3uoDvoZJ2sO+qOupPupDvrzrqL7qK76q66m+6me+geuqfuqb0QIkWn6L76Nd1P99cD9EA9SL+uB+vBeogeoofqoXq4Hq5H6BF6pB6pR+lReoweo8fqsXq8Hq8n6ok6VafqyXqynqKn6Kl6qp6up+s0naZn6Vl6tp6t5+q5ep6ep+fr+XqhXqjTdbperBfrDJ2hl+qlOlMv08v0Cr1Cr9Kr9Bq9Rq/T6/QGvUFv0pt0pv79GzR36B16l96l9+g9eq/eq/fpfTpLZ+n9er8+oA/og/qgPqQP6cP6sD6ij+ij+qg+po/p4/q4PqlP6tP6tD6jz+hz+py+oC/oi/qivqwvZ1/2BTKQgQ50kCvIFcQEMUFsEBvEBXFB3iBvEAkiQXwQH+QPbgoKBAWDQkHhICEoEhQNTICBDSgIg2JB8SAa3ByUCG4JEoOSQamgdOCCMkFScGtQNrgtKBfcHpQP7ggqBHcGFYNKQeWgSnBXUDW4O6gW3BNUD+4NagQ1g1pB7eC+oE5wf1A3eCCoFzwY1A8eChoEDwcNg0eCRsGjQePgsaBJ8HjQNHgiaBY0D1oELYNW/9b5vT9T8CnXy/Q2KaaP6WteM/1MfzPADDSDzOtmsHnDDDFvmqFmmBlu3jIjzNtmpHnHjDKjzRjzrhlrxpnxZoKZaCaZVPOemWzeN1PMB2aqmWammxkmzcw0s8yHZraZY+aaj8w887GZbxaYhWaRSTefmMVmickwn5ql5jOTaZaZ5WaFWWlWmdVmjVlr1pn1ZoPZaDaZzWaL2Wo+N9vMdrPD7DS7zG6zx3xh9povzT7zlckyX5v95k/mgPnGHDTfmkPmO3PYfG+OmB/MUfOjOWZ+MsfNCXPSnDKnzc/mjDlrzpnz5oL5xVw0l8xl47Mv7rM/3lGjxlyYC2MwBmMxFuMwDvNiXoxgBOMxHvNjfiyABbAQFsIETMCiWBSzERIWw2IYxSiWwBKYiIlYCkuhQ4dJmIRlsSyWw3JYHstjBayAFbEiVsbs+5G78G68G+/Be/BevBdrYk2sjbWxDtbBulgX62E9rI/1sQE2wIbYEBthI2yMjbEJNsGm2BSbYTNsgS2wFbbC1tga22AbbIftsD22xw7YAZMxGTtiR+yEnbAzdsYu2AW7Ylfsht2wB/bAntgTe2EvTMEU7It9sR/2wwE4AAfhIByMg3EIDsGhOBSH43AcgSNwJI7EUTgax+C7OBbH4XicgBNxEqZiKk7GyTgFp+BUnIrTcTqmYRrOwlk4G2fjXJyL83Aezsf5uBAXYjqm42JcjBmYgUtxKWZiJi7H5bgSV+JqXI1rcS2ux/W4ETfiZtyMW3ErbsNtuAN34C7chXtwD+7FvbgP92EWZuF+3I8H8AAexIN4CA/hYTyMR/AIHsWjeAyP4XE8DifxJJ7G03gGz+A5PIcX8Be8iJfwMnqMsXlsrL3OxtnrbV6bz8bYPL2FEH+JC9nCNsEWsUWtsQVswb+J0VqbaEvaUra0dbaMTbK3/iGuaCvZyraKvctWtXfban+I69j7bV37gK1nH7S17X1/E9e3D9kG9nHb0D5hG9nmtrFtaZvYx21T+4RtZpvbFralbW+fsR3sszbZPmc72uf/EC+2S+xau86utxvsXvulPWfP2yP2B3vB/mJ72d52kH3dDrZv2CH2TTvUDvtDPMa+a8facXa8nWAn2kl/iKfbGTbNzrSz7Id2tp3zhzjdfmLn2Qw73y6wC+2iX+PsNWXYT+1S+5nNtMvscrvCrrSr7Gq75i9rXWE32c12i91jv7Db7Ha7w+60u+zuX+PsfeyzX9ks+7U9bL+3B+w39qA9ag/Z736Ns/d31P5oj9mf7HF7wp60p+xp+7M9Y8/+uv/svZ+yl+xl660gIEmKNAWUi3JTDOWhWLqO4uh6ykv5KEI3UDzdSPnpJipABakQFaYEKkJFyRCSJaKQilFxitLNVIJuoUQqSaWoNDkqQ0l0K5Wl26gc3U7l6Q6qQHdSRapElakK3UVV6W6qRvdQdbqXalBNqkW16T6qQ/dTXXqA6tGDVJ8eogb0MDWkR6gRPUqN6TFqQo9TU3qCmlFzakEtqRU9Sa3pKWpDbakdPU3t6RnqQM9SMj1HHel56kQvUGd6kbrQS9SVXqZu1J160CvUk16lXtSbUqgP9aXXqB/1pwE0kAbR6zSY3qAh9CYNpWE0nN6iEfQ2jaR3aBSNpjH0Lo2lcTSeJtBEmkSp9B5NpvdpCn1AU2kaTacZlEYzaRZ9SLNpDs2lj2gefUzzaQEtpEWUTp/QYlpCGfQpLaXPKJOW0XJaQStpFa2mNbSW1tF62kAbaRNtpi20lT6nbbSddtBO2kW7aQ99QXvpS9pHX1EWfU376U90gL6hg/QtHaLv6DB9T0foBzpKP9Ix+omO0wk6SafoNP1MZ+gsnaPzdIF+oYt0iS6TJxFCKEMV6jAIc4W5w5gwTxgbXhfGhdeHecN8YSS8IYwPbwzzhzeFBcKCYaGwcJgQFgmLhibE0IYUhmGxsHgYDW8OS4S3hIlhybBUWDp0YZkwKbw1LBveFpYLbw/Lh3eEFcI7w4phpbByWCW8K6wa3h1WC+8Jq4f3hjXCmmGtsHZ4X1gnvD+sGz4Q1gsfDMuFD4UNwofDhuEjYaPw0bBx+FjYJHw8bBo+ETYLm4ctwpZhq/DJsHX4VNgmbBu2C58O24fPhB3CZ8Pk8LmwY/j8VcdTwj5h3/C18LXQ+wfUwuiiaHr0k+ji6JJoRvTT6NLoZ9HM6LLo8uiK6Mroqujq6Jro2ui66ProhujG6Kbo5uiWqPe1cwsHTjrltAtcLpfbxbg8LtZd5+Lc9S6vy+ci7gYX7250+d1NroAr6Aq5wi7BFXFFnXHorCMXumKuuIu6m10Jd4tLdCVdKVfaOVfGJbmWrpVr5Vq7p1wb19a1c0+7p90z7hn3rHvWPec6uuddJ/eC6+xedF3cS+4l97Lr5rq7Hu4V19O96nq53i7Fpbi+rq/r5/q5AW6AG+QGucFusBvihrihbqgb7oa7EW6EG+lGulFulBvjxrixbqwb78a7iW6iS3WpbrKb7Ka4KW6qm+qmu+kuzaW5WW6Wm+1mu7lurpvn5rn5br5b6Ba6dJfuFrvFLsNluKVuqct0mW65W+5WupVutVvt1rq1br1b7za6jW6z2+y2uq1um9vmdrgdbpfb5fa4PW6v2+v2uX0uy2W5/W6/O+AOuIPuW3fIfecOu+/dEfeDO+p+dMfcT+64O+FOulPutPvZnXFn3Tl33l1wv7iL7pK77LxLjbwXmRx5PzIl8kFkamRaZHpkRiQtMjMyK/JhZHZkTmRu5KPIvMjHkfmRBZGFkUWR9MgnkcWRJZGMyKeRpZHPIpmRZZHlkRWRlZFVEe+LbAt9MV/cR/3NvoS/xSf6kr6UL+2dL+OT/K2+rL/Nl/O3+/L+Dl/B3+kr+kq+sn/CN/PNfQvf0rfyT/rW/infxrf17fzTvr1/xnfwz/pk/5zv6J/3nfwLvrN/0XfxL/mu/mXfzXf3Pfwrvqd/1ffyvX2K7+P7+td8P9/fD/AD/SD/uh/s3/BD/Jt+qB/mh/u3/Aj/th/p3/Gj/Gg/xr/rx/pxfryf4Cf6ST7Vv+cn+/f9FP+Bn+qn+el+hk/zM/0s/6Gf7ef4uf4jP89/7Of7BX6hX+TT/Sd+sV/iM/ynfqn/zGf6ZX65X+FX+lV+tV/j1/p1fr3f4Df6TX6z3+K3+s/9Nr/d7/A7/S6/2+/xX/i9/ku/z3/ls/zXfr//kz/gv/EH/bf+kP/OH/bf+yP+B3/U/+iP+Z/8cX/Cn/Sn/Gn/sz/jz/pz/ry/4H/xF/0lf5l/Zo0xxhhj7B+irjLe57/JkX/u9xVCXL+98KH/Or6xwG/9/rkT2keEEM/17vro761GjZSUlD8fm6lEUHyBECJyJT+XuBIvE+3EMyJZtBVl/zIe81fn6i+7X6CrzB+9Q4jYv8rJzv89vjL/bX93//3luHlXnX+BEInFr+TkEVfiK/OX+2/mL9j6KvPn+SZViDZ/lRMnrsRX5k8ST4nnRfLfHMkYY4wxxhhjjP2mv6zc+Wr3t9n35wn6Sk5ucSX+e/fnjDHGGGOMMcYY+9/lxe49nn0yObltZ+78T3V8vt/e6v8t6+EOd/6BzrX+ysQYY4wxxhj7d7ty0X+tV8IYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjOVc/y9+ndjv57ra3xpkjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHG/lP9nwAAAP//sjE7Eg==") mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0) syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, 0x0) chdir(&(0x7f0000000000)='./bus\x00') chdir(&(0x7f0000000140)='./bus\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) creat(&(0x7f0000000f80)='./bus\x00', 0x189) chdir(&(0x7f00000000c0)='./bus\x00') getpid() r0 = socket$inet6(0xa, 0x1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x8, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bind$inet6(r0, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) preadv(0xffffffffffffffff, &(0x7f0000000840)=[{&(0x7f00000008c0)=""/98, 0x62}], 0x1, 0x47, 0x20000000) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x1db) 3.391628777s ago: executing program 2 (id=274): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @empty}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bd2) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x53cb1000) syz_clone(0x0, 0x0, 0xfffffe11, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read(r2, 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) openat$uinput(0xffffffffffffff9c, 0x0, 0x802, 0x0) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r3, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x200008}, 0x1c) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r4, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast1}, 0x10) r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$HCIINQUIRY(r6, 0x800448f0, &(0x7f0000000000)={0x3, 0x5, "44e520", 0xa, 0x7}) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) r8 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x2, 0x7fff0000}]}) close_range(r8, 0xffffffffffffffff, 0x2) signalfd(r7, &(0x7f00000000c0)={[0x8]}, 0x8) 3.325764574s ago: executing program 3 (id=275): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f00000026c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000d0000000b70000000000000095000000000000003fba6a7d36d9b18ed812a2e2c49e8020a6f4e0e4a9446ca2b5f1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f010c5077da80fb982c1e9400c603146cea484a415b76966118b64f751a0f241b072e90080008002d75593a280000c93e64c227c95aa0b784625704f07a72c2918451ebdcf4cef7f9606056fe5c34665c0af9360a1f7a5e6b607130c89f18c0c1089d8b85880000c29c48b45ef4adf634be763288d01aa27ae8b09e13e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468082089b302d7bff8f06f7f918d65eae391cb41336023cdcedb5e0125ebbccbddcf10cb2364149215108355ee570f8078be5cab389cd65e7133719acd97cfa107d40224edc5465a932b77e74e712a0d42bc6099ad23000000803a90bce6dc3a13871765df961c2ed3b1006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f40cab87b1586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9f081d6a08000000ea2b1a52496dfcaf99431412fd13f4cec49669e443dcb924cfe5f3185418d60532be9c4d2ec7c32f2095e63c8cdc28f74d043ef8dba2f23b01a9ae44cf945b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142bdda5e6c5d50b83bae616b5054d1e7c13b1355d6f4a8245eaa4997da9c77af40000000000000005f58351d599e9b61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a41326eea31ae4e0f75057df3c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57010000009700ce0b4b8bc22941330000000000000000000300000000000000000000000010008bc0d955f2a83366b99711e6e8861c46495ba585a4b2d02edc3e28dd279a896249ed85b9806f0b6c4a000000002b43dcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad883ef07000000000000006da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff72943327d830689da6b53ffffffff631c7771429d1200000033ed846197fcff5e1c7c3d1d6e3a52872baef9753fffffffffffffe09fec2271fe010cd7bb2366fde4a59429738fcc917a57f94f6c453cea623cc5ee0c2a5ff870ce5dfd3467decb05cfd9fcd41df54cdbd9d10a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce978275d5bc8955778567bc79e13b78249788f11f708008b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe7d7fa29822aea68a660e717a04becff0f719107000000000000002d7e927123d8ecbbc55bf404571be54c72d978cf2804107f0238abccd32368e57040906df0042e19000000000000002c06f815312e086dd022c074eb8a322fb0bf47c0a8d154b405a07feaf3dd95f6ef44cd1fe582786105c7df8be4877084d4173731efe895efc71f665c4d75cf2458e35d2c9062ece84c99e061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb2b5e518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad055e4af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457ac0eaaa99bf0bdc14ae358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df9b3fdf242b985bf16b99c9cc0ad1857036f1a985f369191ae954febb3df464bfe0f773ee9afe72f32a2befb89d3777399f5874c553a2ebe9061fe86e669642e09c0e5a3bb6d163118e4cbe024fd452277c3887d6116c6cc9d8046c216c1f8a9778cb26e22a2a998de5eaeadea10d3cfb41b92ecbb422a40da8daccf080842a486721737390cbf3a74cb2003efb9a101b51ab63e9600040000b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde6e4a4304e50c349f4f9ecee27defd83871c5191e10096e7e60fc3541a2c905a1a95e9571bf38aebd15172f94e3245c582909e2a3bce109b6000000000000000000d6d5210d7560eb92d6a97a27602b81f7636df1535bef1497f90100000000000000abf9010000007740890200d627e87306703be8672dc84eeadba6a41891c170d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288a0268893373750d10a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7ef8c08acaf30235b920500d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69b93e9960ff5f74562adae283d9756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff85000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a31c72ad53bc19faa5401120000793ac48c1b539c75ab40743b00020000a1f68df75cf43f8ecc8d3726602111b40e761fd210a1920382f14d12ca3c3431ee97471c781d0d1280fb00818654a53b6df4b2c97cc1c98d85fda8f80fe908b65550b4412331d73062197655b7f0469250a5989cef0e10773920ed3ccee42d2c3eb80159da5c002511e6eb93842054cfce2ac306cb6e472db3fd67a49b6855a694a8d359add43907003223a47a7fae4f3748d5a432825bc40a03aaef1c8488d86dc211dd2a3ba71e0f45492ef1f8b65ccb3dcd251a61b152d02c29ca0a3328fa7753a5cddea1acaae55ae8263fb284b7a6ab2a8826c1b948207c498cf4824ab1ea3225a53072423b907c6682f8999e0311da5b8378bc841e1787e3a8128dda381a26cb2b365702ff8a27831375b2ddaa2f56e21169f7ca4fd9655ccd4a584acd244e965a0afedaff7c415ff682a4044b3381cc2df28278c9a6824c52048a7cfabda294925cc0956bffa8e950ff5e49f41ae600d830207bf728cd9807933c3c16d80bbea611a18becc2dc38ca0a6f5740f340b76edcd100fcffff007231dcef58c7b88b5aeedaf9626cb51ce1737c10ab37d4f98a934b0f900e0eb639878a1200629f5503cf679154d27681d7a3744cbcd42af59407c9c8e39c5271868917954e604352ba26171d004f1cb2976fab3fa19c7d3ef9678bff79f5155524f061378f94fb453786c3a6f78b10d383b49e31d1568bd43ee34ce6e6be235aa6207285665c2fba773671da41959f51610963b48930658e2d6125a26085001345b0473240b7e5e91811312c43663e76f711c6529ecdec75c7ea1cf0f8f8fff40247d59bbde2ebb8659197e0f37a71be1b12a182ed7de3acba28561a04b807f7a4647e2ea6d8fb92541d07c3d5e4ba077d3cad9f8ba1919592014c00c8eccb2ca5d48ba7b1c3fb185a4bb79700cf51f818b0c701c8de47d12281a67bdaf4b0c50bee9e8f5936250df2e15c1172e7ea6619f7db330700d1e9e42a035e6fd532f61fbfed9c4a7124a1e38eee50a6bbcd1d4e3f68c3f27dd9a70f1a7c6046237ddfb0b26e197322226367d998010458cd4df10af249ce717f6f45e5176e0ddae3054d7289d4e13ab0912703ee39ce264572b89194fdf7acecc35cf8309d4b680a08eed367dad855fce210f1a7c7222dd360eafb4bef7d58bf83362930af6e3f3f851abdc0003bdf9401b533019e90feb069189100007a82df8d9b5f44ebf9355e7b1b01c9470608d4f306d21004730396a4d6c6d46e1ffac97aa93c36123532a36186575266be4981c847160079421d0137801e553069f8d025c40f287378810defc7f2ed4e15f6af17b21153394f8bcfa6a23a77c8d61c9bbc127a57b8d631f36558d9093dee08bc53d97a8003363421738650a22c8fd87b13026799caf58e59951b125e7f161ca34e2c0dd65a23d01a3cb191e743de07247c7f993cf01166fa2ac1ba02f60550e63a7f50422e478c6b5d87f9bd0567a279a9d85a380db25c43bd0529ad783b9d64aaac1b793afb44b7126e17d2b7c0d6be650de7eeef3f3605af344015d03c3e7819145cb9fe1978c98bf9cf10773db59505ae33708c728844c872dfd2cb0b29008000000000000005ca18cb72f0944d0e4fea0a0abd0285bdaf1b000000c089d640c2facb0d1e6243873ac4b1e1068c45c715b68effb7d58d1f9e726dbf6bd910ca4ce0e075658ede42192cf393a50dcc197b03402fed75083628e5dd38213d353b9049e71f037064b05e73ec00c710f1ffc5737d397d555d1cf8859cc030ea8dc3c6a5b3b6fa1c81707479db1833d593a271253aa11efd936b74784f2fc286814848e92d8ee541bc179813297a0a4cc3c8f80c28701185bea091f32475e859479b734727afc110e1abcff460172fd1b42e3c0e2a4bf94a060069000010000087c7572a1e7596f89e5c3d5e70640c90815f77b7b13d0000000085a1e1e84900000000000000000000000000b422fc160a458ee5a91a2471e6e56fdabec6c73ce8983fc68f0b7cdcdde632e6f54a07620e8aa116ce9e84fc3cd5e8288a333dcebb233da9186796995ba69487d8f77d2f8800f02d690fc70a08b231cad1bdcf3740a95d4dd1cfe0f417f275493cf33b19ffff93dfdaf7eb00b8ad87cdf7c21bab5af8e2bac54ee5597e6508c1158124a538c36f9bb11fea7d8b8c7e954b1bc7811654a6636b33f271d0923e9ecd1b724b8feffadfc23c07000000f0785fb722f346d6a5dffe1884d4d0cd8f00000092c85ed44db68ab800001f00000000406e6ed9b219ad07125381087298e75965d1cc5932ddf9e66351b9332a34bee3e3d562c914c629933f0b8724cf680889ade72558d191d9890c69a718f9018586c5131c8dc8e0379bafda1a0fd2997ff115215ce23dca8db7236c1554cdaaadcce2f31834c1bd1908d8e1b361034db56be76acb7654a195bc3e98df3a5dffd5b0783883ef7da3433110e37f7c7cb7f3800de7f99abf910d6949e062747a9c87dcfcc716d6a9c0ec53b9cffe3cfd1df69a76f373d7f997edb9b80bdea1a99c2a6fbb25e035deadaadd7917ebfedd6304a19491769476208684e343f86b4d55a7dbbb07283cb1e35a138d24ebc5b4f8e35a82d3a7f84cb1e02a5a92b53567088be0b1ca023ccd518c0e0715b1c8760801a419ebd2e26440ff7493019bdb655cc88d72d6d7b6bca5a2e19b63ec52fce43d8c53a8031e64026e0d36b6401064c49a729f11ab377f7132c5232bb80195dd5d43d29646a9378eea0761b7ed9d2172e33ed87c7413c843b180cc00000000006bedf2ed716ca43a941119b96d82b26d9061de240d85ec2cfa462bd52104489bb7a7548d7cc53627031e909c69cb824233975a1ea645de63522407c3a240a37e946f30ebf075ea97846a0a8d2286f3f446b1b99ab83a12ddf8a1c06294eadc3eb3e339591afd5c00000000000000000000000000000000000000000000000000579dad8347a3d16976bb7483840b32db0158fb6c809349333325a7866ca5d3133e33ef1a183cefdb65a79fa71800988c8445029e024822dbcfcab49c3a0aec9bd43e6e14078b260700d849a2aa14c9b593f6dcb1de334c065ecfd65031606e55949c185bcda9fde4f9b46a76b8a24bbcd31b22373eb0473248150cd179405ee1af1183b0c0ce3483dc1d9bf732b0751b78fb211d6706b55960c6431afbc02b3c7e08086573939290bb9e590a3875f02a828b07f1dc7df9c8e5da22dfb9dacbf5529e4e994128d835f85465173ea7bbcc519a0c9798ce8b1b07567e3e07169c8c3e4da8bf725c050000000000000000000000000000000000000000004775abdf0c62728eb55a9e2849a1ce05bed60dfe4cc9fa43f9684297c02382c0a35829be7a86305792a9d2e80ca9e8fc50f31f6e0fa810303da03d8b74b42c1ebaf16bb343256405a3a07229a54de09a97b269cd29e8b2f0b0d46c51a6a93eec37f4bc6e29a8e19120ae050ab682662e9b2cc3263a4aba62b63ca9123a53c0f4bf3c4463b8144c89bf058a0af0ae9fc2b7cdfc4817703e267cddc193637d7fd97646090da37093657643daae3840c7f5c10f93524f7ae4791ec6e9d9722e5f670ccb358e051a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000480)={@ifindex, r0, 0x2f, 0x0, 0x4, @void, @value}, 0x20) 3.131864271s ago: executing program 3 (id=276): setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x23, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x24, 0x0, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000000)=0x15) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) bpf$BPF_LINK_CREATE_XDP(0x1c, 0x0, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000280)={@local, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="200000001100010100"/18, @ANYRES32=r3], 0x20}}, 0x0) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r4, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x24, 0x24, 0x6, [@struct={0x3, 0x2, 0x0, 0x4, 0x0, 0x3ff, [{0x3, 0x3}, {0xfffffff8, 0x0, 0xfffffffc}]}]}, {0x0, [0x0, 0x2e, 0x2e, 0x2e]}}, &(0x7f0000000140)=""/143, 0x42, 0x8f, 0x1, 0x0, 0x0, @void, @value}, 0x28) write$binfmt_misc(r4, &(0x7f0000000000), 0x6) 2.896518795s ago: executing program 3 (id=277): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = inotify_init() r2 = inotify_add_watch(r1, &(0x7f0000000280)='.\x00', 0x25000001) inotify_rm_watch(r1, r2) add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe) syz_mount_image$ext4(&(0x7f0000000700)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x8052, &(0x7f00000001c0)={[{@noauto_da_alloc}, {@init_itable_val={'init_itable', 0x3d, 0x6}}, {@dioread_nolock}]}, 0x3, 0x4de, &(0x7f0000000c40)="$eJzs3E1oXNUeAPD/nUma9Ot1Xl9f32utmlrFYDFp02q7EKSi4EJBrKAuQ5KW2rSRJgVbqkxB6lIK7sWlWxdu1U0RV4LbuhSkUKSbtoI4cmfunZlMZ5ImmWSM+f1gMufcr3POPffcOfeczASwYQ2lf5Ja+GZE7IiIQusGQ7W3e3euTNy/c2UiypXKyd+S6m5303gmO0xszSLDhYjCx0ljRZPZS5fPjk9PT13I4qNz594fnb10+dkzg9mS48ePHjl87Pmx55ZeqDbppeW6u/ejmX17Xn33+usTffnyPLXmcnTLUAy1y0rVU91OrMe2N4WTvh5mhCUpRURaXf3V9r8jirFQ5ZXXMGfAaqtUKpWBzqvLlVZXH1gCrFtJ9DoHQG/kH/Tp82/+atcR2LQ63Y+eu32i9gCUlvte9op4vLowHwfpb3m+7aahiHin/Pvn6StWaRwCAKDZtyfynmBL/69Umxn54+KNF9P3f2VzKKWI+HdE7IyI/0TEroj4b0Tsjoj/RcT/W45fjIjKAukPtcTr6dcnoQq3ulTUttL+3wvZ3Faj/zcvA6ViFtsekXeYpw5l52Q4+gdOnZmeOrxAGt+9/NOnndY19//SV5p+3hfM8nGrr2WAbnJ8bnzZBW5x+2rE3r7W8id9EUl9JiCJiD0RsXcJxy01hc888+W+eqR//naLl7+q0nYerQvzTJUvIp6u1X855tV/I8Vk3vzkufHTU6enzo/V5ydHB2N66tBoehUcapvGDz9ee6NT+ouW/+tfWnd55dg3J7OWtXJp/W9puv4jn79tlL+URCT1+drZpadx7edPOj7TLPf635S8VQ3nz6UfjM/NXTgcsSl57cHlY41983j6HuVa+YcPtG//O7N90jPxSESkF/GjEfFY1J4Q07zvj4gnIuLAAuX//qUn31t++VdXWv7Jlvtfrebn1X9jvr5TIMnmBtusKp7df/N+h5vHw9X/0WpoOFvS/v6XzLtFdMpp/mmXLvlzxWcPAAAA1odCRGxrGkvaFoXCyEhtDGhXbClMz8zOHTw1c/H8ZLouohT9hXykqzYe3J/k45+lpvhYS/xINm78WXFzNT4yMTM92dOSA1urbT4pjES8XWxq/6lfuzPEDPyd+b4WbFwLtf+0E7/7+hpmBlhTD//5f+PDVc0IsOaa2n+nb/iXl/F/X8A64PkfaFj8h37cM2D9q2jLsKEtqf0f9COA8E/SF2/Ww4We5gRYa/r/sCEt+r3+FQUqA+1XDcaDG8fgwgcsxvKysblNWj0JpD2rnqS+eTl75b+m0HGbKCztgAPRnTo9tcKzUb4we3p31y/+Sva/8t2uwa/WpJ22C/TkdgQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANB1fwUAAP//KyHgnQ==") socket$inet6_tcp(0xa, 0x1, 0x0) 2.806957489s ago: executing program 4 (id=278): socket$inet6_sctp(0xa, 0x1, 0x84) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0) write$UHID_CREATE2(r1, 0x0, 0x119) pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_open_dev$hidraw(&(0x7f0000002300), 0x0, 0x14a042) close_range(r0, 0xffffffffffffffff, 0x204000000000000) 2.433589269s ago: executing program 5 (id=279): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioprio_set$uid(0x3, 0xee00, 0x0) 1.798304381s ago: executing program 4 (id=280): openat$ptmx(0xffffffffffffff9c, 0x0, 0x10001, 0x0) socket(0x40000000015, 0x805, 0x0) r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000000c0), 0xe2600, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) read$FUSE(r2, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000740)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(0xffffffffffffffff, 0x84, 0x6d, 0x0, 0x0) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000140)={0x28, 0x2, 0x0, 0x0, &(0x7f0000ffd000/0x3000)=nil, 0x3000}) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000001400)={0x28, 0x2, 0x0, 0x0, &(0x7f00006a2000/0x2000)=nil, 0x2000, 0x1000000002}) ioctl$IOMMU_IOAS_COPY(r0, 0x3b83, &(0x7f0000000180)={0x28, 0x6, 0x0, 0x0, 0xa93, 0x0, 0x3fff}) r5 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r5, 0x54a2) 1.784033333s ago: executing program 1 (id=281): socket$nl_route(0x10, 0x3, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(0x0, 0x0) ftruncate(r1, 0x40001) connect$inet(r0, &(0x7f0000000180)={0x2, 0x0, @remote}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, 0x0, 0x0) syz_emit_vhci(0x0, 0x6) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x53cb1000) syz_clone(0x0, 0x0, 0xfffffe11, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) openat$ttyS3(0xffffffffffffff9c, 0x0, 0x400, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000280), 0x80a00, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r3, 0xc0285700, &(0x7f0000000080)={0x1, "0600000000000000c64c3b6e6ff82a75e5318fca4288c2ffbdbec772020acd2c", 0xffffffffffffffff}) ioctl$SYNC_IOC_MERGE(r4, 0xc0303e03, &(0x7f00000000c0)={"e50d1af80100007ea25edd00ff000000080000f6907ff16b7e00", r4, 0xffffffffffffffff}) ppoll(&(0x7f0000000100)=[{r5, 0x408}, {r4, 0x25c0}], 0x2, &(0x7f0000000140), 0x0, 0x0) 1.195985066s ago: executing program 5 (id=282): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000000000000002004000b7080000000000007b8af8ff00000000b708000000020000"], &(0x7f0000000000)='GPL\x00', 0x8, 0x0, 0x0, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000240)={0x3, 0x4, 0x3, 0x6}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = syz_io_uring_setup(0x10d, &(0x7f0000000140), &(0x7f00000000c0)=0x0, &(0x7f0000000280)=0x0) write$binfmt_aout(0xffffffffffffffff, &(0x7f0000000200)=ANY=[@ANYBLOB="0000000000000000000000800080000014000091ff0f00004500f5ff06ff00010100fc5e15f4c3d3fbd80dad0000ab"], 0x125) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_SHUTDOWN={0x22, 0x41, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x1}) connect$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0x7, @mcast1, 0x6}, 0x1c) sendto$inet6(0xffffffffffffffff, &(0x7f0000000100)="80000fdc2208a1ce", 0x8, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000006280)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) io_uring_enter(r2, 0x3516, 0x0, 0x0, 0x0, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000300)={0xffffffffffffffff, 0x9, 0x8}, 0xc) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000380)={'ip6gre0\x00', 0x0}) r5 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r5, 0x0) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r5, 0x84, 0x7b, &(0x7f0000000080)={0x0, 0x1}, &(0x7f00000000c0)=0x8) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, &(0x7f0000000100)={r6, 0x0, 0x0}, &(0x7f0000000240)=0xc) timerfd_create(0x0, 0x0) 545.919516ms ago: executing program 4 (id=283): syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x2000480, &(0x7f0000000000)={[{@jqfmt_vfsv0}, {@errors_remount}]}, 0x1, 0x784, &(0x7f00000007c0)="$eJzs3c1rHOUfAPDvbJKmSfv7JYKg9RQQNFC6MTW2Ch4qHkSwUNCz7bLZhppNtmQ3pQkBW0TwIqh4EPTSsy/15tWXq/4XHqSlalqseJDI7Eu7bXbTTZvdDeTzgck+z8xsnue7z8wzz+wMOwHsWRPpn0zEoYj4KIkYq89PImKomhqMOFFb7/b6Wj6dktjYePOPpLrOrfW1fDS9J3WgnnkyIn58P+JwZnO55ZXV+VyxWFiq56cqC+enyiurR84t5OYKc4XFY9MzM0ePv3D82M7F+tcvqwevf/zas9+c+Oe9J65++FMSJ+JgfVlzHDtlIibqn8lQ+hHe49WdLqzPkn5XgIeS7poDtb08DsVYDFRTbYz0smYAQLe8GxEbAMAekzj+A8Ae0/ge4Nb6Wr4x9fcbid668UpE7K/F37i+WVsyWL9mt796HXT0VnLPlZEkIsZ3oPyJiPjiu7e/Sqfo0nVIgFYuXY6IM+MTm/v/ZNM9C9v13FYLN4arLxP3zdb/Qe98n45/Xmw1/svcGf9Ei/HPcIt992E8eP/PXNuBYtpKx38vN93bdrsp/rrxgXruf9Ux31By9lyxkPZt/4+IyRgaTvPT1VVb3wU1efPfm+3Kbx7//fnJO1+m5aevd9fIXBscvvc9s7lK7lHjbrhxOeKpwVbxJ3faP2kz/j3VYRmvv/TB5+2WpfGn8TamzfF318aViGdatv/dtky2vD9xqro5TDU2iha+/fWz0XblN7d/OqXlN84FeiFt/9Gt4x9Pmu/XLG+/jJ+vjP3QbtmD42+9/e9L3qqm99XnXcxVKkvTEfuSNzbPP3r3vY18Y/00/smnW+//W23/6TnhmQ7jH7z++9cPH393pfHPbqv9t5+4ent+oF35nbX/TDU1WZ/TSf/XaQUf5bMDAAAAAAAAAAAAAAAAAAAAAAAAgE5lIuJgJJnsnXQmk83WnuH9eIxmiqVy5fDZ0vLibFSflT0eQ5nGT12ONf0e6nT99/Ab+aP35Z+PiMci4tPhkWo+my8VZ/sdPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADUHWjz/P/Ub8P9rh0A0DX7+10BAKDnHP8BYO/Z3vF/pGv1AAB6x/k/AOw9HR//z3S3HgBA7zj/BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoMtOnTyZTht/r6/l0/zshZXl+dKFI7OF8nx2YTmfzZeWzmfnSqW5YiGbLy20/UeXai/FUun8TCwuX5yqFMqVqfLK6umF0vJi5fS5hdxc4XRhqGeRAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDnyiur87lisbAksWViZHdUY9ckBmNXVEOia4nmXmKkfx0UAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwC73XwAAAP//+Lkq2Q==") r0 = open(&(0x7f0000000200)='./bus\x00', 0x14507e, 0x0) r1 = creat(&(0x7f0000000300)='./bus\x00', 0x0) write$binfmt_elf64(r1, &(0x7f0000000140)=ANY=[], 0xfd14) sendfile(r0, r0, 0x0, 0x100000000) readv(r0, &(0x7f0000000140)=[{&(0x7f0000000040)=""/14, 0xe}], 0x1) 486.086054ms ago: executing program 3 (id=284): ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000380)={'sit0\x00', 0x0}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000240), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r2, 0x0) r3 = dup(r1) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0x9, @ipv4={'\x00', '\xff\xff', @multicast1}}, 0x1c) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000}) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_RUN(r4, 0xae80, 0x0) 0s ago: executing program 5 (id=285): r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_INIT(r0, 0x0, 0xc8, &(0x7f0000000180), 0x4) ioctl$BTRFS_IOC_QGROUP_CREATE(r0, 0x4010942a, &(0x7f00000000c0)={0x1, 0x36b}) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50) pwrite64(0xffffffffffffffff, &(0x7f0000000000)='2', 0x1, 0x4fed0) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r1, 0x0, 0x0) write$binfmt_misc(r1, &(0x7f0000000000), 0xd) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000680), 0x60001) close_range(0xffffffffffffffff, r2, 0x2) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000040), 0x20100, 0x0) syz_emit_vhci(&(0x7f00000004c0)=ANY=[@ANYBLOB="03c900f993190a9ef144f6fa5699a630b7742b9499a0dd514343aedd833463e7cfbc553a14e5d6858a79cfe800299f29a971154b764c9d66fbdf187d8264155ff24455d4440cb9a9d1ef2c731b28e401386a15c91a2a7cc360ba5edc67b3af2d4bab93b13bc8eae8060c59bcc1502dae997400bcdf5fe3523234d0996ceb3c9df8fe1d33fcaf875799942ef28839c3e9992687b9c42f380d18daa09d6c6a2a6f492ca7b8566c3132e26bbabf90f4a30eacf86922c7b1328cec4a689d00"], 0xfd) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040ec3ca1c0c"], 0x7) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.10' (ED25519) to the list of known hosts. [ 56.637579][ T5820] cgroup: Unknown subsys name 'net' [ 56.753971][ T5820] cgroup: Unknown subsys name 'cpuset' [ 56.761591][ T5820] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 58.061038][ T5820] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 60.362179][ T5834] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 60.374545][ T5844] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 60.386773][ T5847] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 60.395913][ T5847] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 60.404735][ T5847] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 60.412937][ T5847] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 60.422483][ T5847] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 60.431596][ T5847] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 60.434208][ T5848] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 60.440865][ T5847] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 60.447113][ T5848] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 60.455001][ T5847] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 60.468250][ T5847] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 60.477568][ T5847] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 60.485112][ T5847] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 60.494313][ T5847] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 60.498157][ T5850] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 60.509231][ T5850] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 60.511314][ T53] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 60.516833][ T5850] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 60.532350][ T5850] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 60.539424][ T53] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 60.548542][ T5850] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 60.548883][ T53] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 60.564461][ T53] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 60.572038][ T53] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 60.579421][ T5850] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 60.587344][ T53] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 60.595015][ T53] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 60.595243][ T5850] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 60.943601][ T5831] chnl_net:caif_netlink_parms(): no params data found [ 61.015060][ T5837] chnl_net:caif_netlink_parms(): no params data found [ 61.143073][ T5842] chnl_net:caif_netlink_parms(): no params data found [ 61.184467][ T5832] chnl_net:caif_netlink_parms(): no params data found [ 61.253964][ T5831] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.263898][ T5831] bridge0: port 1(bridge_slave_0) entered disabled state [ 61.272446][ T5831] bridge_slave_0: entered allmulticast mode [ 61.279607][ T5831] bridge_slave_0: entered promiscuous mode [ 61.288200][ T5830] chnl_net:caif_netlink_parms(): no params data found [ 61.307779][ T5837] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.314920][ T5837] bridge0: port 1(bridge_slave_0) entered disabled state [ 61.322348][ T5837] bridge_slave_0: entered allmulticast mode [ 61.329598][ T5837] bridge_slave_0: entered promiscuous mode [ 61.343130][ T5831] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.350347][ T5831] bridge0: port 2(bridge_slave_1) entered disabled state [ 61.357619][ T5831] bridge_slave_1: entered allmulticast mode [ 61.366013][ T5831] bridge_slave_1: entered promiscuous mode [ 61.380327][ T5837] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.388165][ T5837] bridge0: port 2(bridge_slave_1) entered disabled state [ 61.396920][ T5837] bridge_slave_1: entered allmulticast mode [ 61.403560][ T5837] bridge_slave_1: entered promiscuous mode [ 61.452302][ T5837] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 61.494665][ T5837] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 61.507414][ T5842] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.514590][ T5842] bridge0: port 1(bridge_slave_0) entered disabled state [ 61.522316][ T5842] bridge_slave_0: entered allmulticast mode [ 61.529637][ T5842] bridge_slave_0: entered promiscuous mode [ 61.540020][ T5831] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 61.552540][ T5831] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 61.574342][ T5832] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.581837][ T5832] bridge0: port 1(bridge_slave_0) entered disabled state [ 61.589468][ T5832] bridge_slave_0: entered allmulticast mode [ 61.596042][ T5832] bridge_slave_0: entered promiscuous mode [ 61.620126][ T5842] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.630301][ T5842] bridge0: port 2(bridge_slave_1) entered disabled state [ 61.637653][ T5842] bridge_slave_1: entered allmulticast mode [ 61.644243][ T5842] bridge_slave_1: entered promiscuous mode [ 61.669652][ T5832] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.679897][ T5832] bridge0: port 2(bridge_slave_1) entered disabled state [ 61.687937][ T5832] bridge_slave_1: entered allmulticast mode [ 61.694492][ T5832] bridge_slave_1: entered promiscuous mode [ 61.712177][ T5837] team0: Port device team_slave_0 added [ 61.747811][ T5837] team0: Port device team_slave_1 added [ 61.755390][ T5832] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 61.768730][ T5842] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 61.780413][ T5842] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 61.791752][ T5831] team0: Port device team_slave_0 added [ 61.814144][ T5832] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 61.847635][ T5831] team0: Port device team_slave_1 added [ 61.853654][ T5830] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.861102][ T5830] bridge0: port 1(bridge_slave_0) entered disabled state [ 61.868695][ T5830] bridge_slave_0: entered allmulticast mode [ 61.875497][ T5830] bridge_slave_0: entered promiscuous mode [ 61.895848][ T5832] team0: Port device team_slave_0 added [ 61.918822][ T5842] team0: Port device team_slave_0 added [ 61.932285][ T5830] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.939782][ T5830] bridge0: port 2(bridge_slave_1) entered disabled state [ 61.947122][ T5830] bridge_slave_1: entered allmulticast mode [ 61.953943][ T5830] bridge_slave_1: entered promiscuous mode [ 61.972082][ T5832] team0: Port device team_slave_1 added [ 61.986581][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 61.993889][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.020196][ T5837] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 62.043113][ T5842] team0: Port device team_slave_1 added [ 62.079242][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 62.086231][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.112316][ T5837] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 62.136508][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 62.143591][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.177070][ T5831] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 62.190419][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 62.197743][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.224303][ T5831] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 62.239399][ T5830] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 62.250929][ T5830] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 62.260794][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 62.269069][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.295494][ T5832] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 62.308151][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 62.315189][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.341728][ T5832] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 62.354590][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 62.362109][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.388356][ T5842] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 62.401015][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 62.408133][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.434597][ T5842] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 62.501708][ T5830] team0: Port device team_slave_0 added [ 62.514462][ T5830] team0: Port device team_slave_1 added [ 62.538058][ T5831] hsr_slave_0: entered promiscuous mode [ 62.544390][ T5831] hsr_slave_1: entered promiscuous mode [ 62.567052][ T5837] hsr_slave_0: entered promiscuous mode [ 62.568749][ T5840] Bluetooth: hci0: command tx timeout [ 62.572672][ T5850] Bluetooth: hci1: command tx timeout [ 62.587528][ T5837] hsr_slave_1: entered promiscuous mode [ 62.593697][ T5837] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 62.601618][ T5837] Cannot create hsr debugfs directory [ 62.636748][ T5840] Bluetooth: hci3: command tx timeout [ 62.646966][ T5840] Bluetooth: hci2: command tx timeout [ 62.663107][ T5842] hsr_slave_0: entered promiscuous mode [ 62.669700][ T5842] hsr_slave_1: entered promiscuous mode [ 62.675895][ T5842] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 62.683942][ T5842] Cannot create hsr debugfs directory [ 62.695426][ T5832] hsr_slave_0: entered promiscuous mode [ 62.703176][ T5832] hsr_slave_1: entered promiscuous mode [ 62.709278][ T5832] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 62.717156][ T5840] Bluetooth: hci4: command tx timeout [ 62.721630][ T5832] Cannot create hsr debugfs directory [ 62.730177][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 62.737502][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.763792][ T5830] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 62.809030][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 62.816298][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.842513][ T5830] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 62.958655][ T5830] hsr_slave_0: entered promiscuous mode [ 62.964960][ T5830] hsr_slave_1: entered promiscuous mode [ 62.971271][ T5830] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 62.979929][ T5830] Cannot create hsr debugfs directory [ 63.219125][ T5837] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 63.232149][ T5837] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 63.241610][ T5837] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 63.260711][ T5837] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 63.296004][ T5832] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 63.310110][ T5832] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 63.329964][ T5832] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 63.343688][ T5832] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 63.398415][ T5842] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 63.414459][ T5842] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 63.425277][ T5842] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 63.457027][ T5842] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 63.505010][ T5831] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 63.516307][ T5831] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 63.557512][ T5831] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 63.573838][ T5831] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 63.586479][ T5830] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 63.610175][ T5830] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 63.622385][ T5830] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 63.638726][ T5837] 8021q: adding VLAN 0 to HW filter on device bond0 [ 63.659147][ T5830] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 63.702588][ T5837] 8021q: adding VLAN 0 to HW filter on device team0 [ 63.733568][ T32] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.740915][ T32] bridge0: port 1(bridge_slave_0) entered forwarding state [ 63.756499][ T3456] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.763674][ T3456] bridge0: port 2(bridge_slave_1) entered forwarding state [ 63.795040][ T5832] 8021q: adding VLAN 0 to HW filter on device bond0 [ 63.889574][ T5832] 8021q: adding VLAN 0 to HW filter on device team0 [ 63.918833][ T5842] 8021q: adding VLAN 0 to HW filter on device bond0 [ 63.943299][ T5831] 8021q: adding VLAN 0 to HW filter on device bond0 [ 63.959396][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.966508][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 63.977861][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.985091][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 64.053695][ T5842] 8021q: adding VLAN 0 to HW filter on device team0 [ 64.082461][ T5830] 8021q: adding VLAN 0 to HW filter on device bond0 [ 64.099118][ T5831] 8021q: adding VLAN 0 to HW filter on device team0 [ 64.128242][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.135394][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 64.145972][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.153255][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 64.213944][ T3456] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.221135][ T3456] bridge0: port 1(bridge_slave_0) entered forwarding state [ 64.249910][ T5830] 8021q: adding VLAN 0 to HW filter on device team0 [ 64.280587][ T3456] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.287783][ T3456] bridge0: port 2(bridge_slave_1) entered forwarding state [ 64.309065][ T3456] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.316218][ T3456] bridge0: port 1(bridge_slave_0) entered forwarding state [ 64.340618][ T3456] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.347891][ T3456] bridge0: port 2(bridge_slave_1) entered forwarding state [ 64.367953][ T5837] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 64.415310][ T5842] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 64.476148][ T5832] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 64.490863][ T5831] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 64.549963][ T5837] veth0_vlan: entered promiscuous mode [ 64.599247][ T5837] veth1_vlan: entered promiscuous mode [ 64.641213][ T5840] Bluetooth: hci0: command tx timeout [ 64.641223][ T5850] Bluetooth: hci1: command tx timeout [ 64.716899][ T5840] Bluetooth: hci2: command tx timeout [ 64.718128][ T5850] Bluetooth: hci3: command tx timeout [ 64.775513][ T5837] veth0_macvtap: entered promiscuous mode [ 64.798315][ T5850] Bluetooth: hci4: command tx timeout [ 64.809616][ T5842] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 64.829447][ T5837] veth1_macvtap: entered promiscuous mode [ 64.900908][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 64.934195][ T5830] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 64.962698][ T5831] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 64.973137][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 65.003285][ T5837] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.012946][ T5837] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.023265][ T5837] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.033028][ T5837] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.064812][ T5842] veth0_vlan: entered promiscuous mode [ 65.091247][ T5832] veth0_vlan: entered promiscuous mode [ 65.103159][ T5832] veth1_vlan: entered promiscuous mode [ 65.132314][ T5842] veth1_vlan: entered promiscuous mode [ 65.185550][ T5832] veth0_macvtap: entered promiscuous mode [ 65.196240][ T5832] veth1_macvtap: entered promiscuous mode [ 65.245748][ T5842] veth0_macvtap: entered promiscuous mode [ 65.260956][ T5831] veth0_vlan: entered promiscuous mode [ 65.283878][ T5842] veth1_macvtap: entered promiscuous mode [ 65.303026][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.313251][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.323288][ T5831] veth1_vlan: entered promiscuous mode [ 65.340231][ T5830] veth0_vlan: entered promiscuous mode [ 65.354212][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 65.367817][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.378854][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 65.389239][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 65.400320][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.412579][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 65.444102][ T5842] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 65.455047][ T5842] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.465196][ T5842] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 65.475987][ T5842] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.488782][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 65.500461][ T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.511316][ T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.520525][ T5832] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.529979][ T5832] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.539100][ T5832] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.548778][ T5832] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.576398][ T5842] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 65.587687][ T5842] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.604198][ T5842] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 65.615605][ T5842] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.627996][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 65.665883][ T5837] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 65.705020][ T5842] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.714448][ T5842] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.723579][ T5842] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.732828][ T5842] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.772192][ T5830] veth1_vlan: entered promiscuous mode [ 65.798059][ T5830] veth0_macvtap: entered promiscuous mode [ 65.807303][ T5830] veth1_macvtap: entered promiscuous mode [ 65.822892][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 65.833986][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.844276][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 65.855871][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.867101][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 65.877886][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.891296][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 66.005565][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 66.187890][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.198259][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 66.209858][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.223417][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 66.234747][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.250732][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 66.288656][ T5831] veth0_macvtap: entered promiscuous mode [ 66.313665][ T5916] netlink: 'syz.3.4': attribute type 3 has an invalid length. [ 66.335796][ T5831] veth1_macvtap: entered promiscuous mode [ 66.353579][ T5830] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.364583][ T5830] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.374354][ T5830] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.383740][ T5830] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.500652][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 66.515581][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.545331][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 66.556451][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.572232][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 66.585989][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.596372][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 66.603780][ T5921] loop3: detected capacity change from 0 to 256 [ 66.607279][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.622191][ T5921] ======================================================= [ 66.622191][ T5921] WARNING: The mand mount option has been deprecated and [ 66.622191][ T5921] and is ignored by this kernel. Remove the mand [ 66.622191][ T5921] option from the mount to silence this warning. [ 66.622191][ T5921] ======================================================= [ 66.659485][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 66.660988][ T5921] exfat: Deprecated parameter 'utf8' [ 66.701826][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 66.716506][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.723148][ T5921] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 66.729337][ T5850] Bluetooth: hci1: command tx timeout [ 66.744296][ T5840] Bluetooth: hci0: command tx timeout [ 66.744990][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 66.761146][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.771558][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 66.782350][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.792762][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 66.803384][ T5840] Bluetooth: hci3: command tx timeout [ 66.806747][ T5840] Bluetooth: hci2: command tx timeout [ 66.809671][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.825698][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 66.841247][ T5831] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.851969][ T5831] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.862749][ T5831] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.871834][ T5831] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.880943][ T5840] Bluetooth: hci4: command tx timeout [ 66.990822][ T5925] loop3: detected capacity change from 0 to 1024 [ 67.045050][ T5925] UDF-fs: warning (device loop3): udf_fill_super: No partition found (2) [ 67.063663][ T3630] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.075248][ T3630] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.095979][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.104959][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.819720][ T1785] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.845970][ T1785] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.884009][ T3630] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.928416][ T3630] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.972021][ T1785] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 68.022187][ T1785] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 68.132110][ T32] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 68.247177][ T32] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 68.324284][ T5933] loop3: detected capacity change from 0 to 8192 [ 68.435609][ T32] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 68.513793][ T5935] warning: `syz.4.5' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 68.532959][ T32] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 68.615032][ T3630] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 68.685008][ T3630] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 68.694003][ T5933] process 'syz.3.9' launched '/dev/fd/4/./file1' with NULL argv: empty string added [ 68.798126][ T5840] Bluetooth: hci1: command tx timeout [ 68.803596][ T5840] Bluetooth: hci0: command tx timeout [ 68.877556][ T5840] Bluetooth: hci3: command tx timeout [ 68.886038][ T5850] Bluetooth: hci2: command tx timeout [ 68.969784][ T5850] Bluetooth: hci4: command tx timeout [ 69.096903][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 69.117178][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 69.248143][ T29] audit: type=1326 audit(1733227394.355:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5942 comm="syz.1.2" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f1a57ff19 code=0x7ffc0000 [ 69.395869][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 69.510455][ T29] audit: type=1326 audit(1733227394.355:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5942 comm="syz.1.2" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f1a57ff19 code=0x7ffc0000 [ 69.600751][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 69.802398][ T29] audit: type=1326 audit(1733227394.355:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5942 comm="syz.1.2" exe="/root/syz-executor" sig=0 arch=c000003e syscall=305 compat=0 ip=0x7f2f1a57ff19 code=0x7ffc0000 [ 70.019061][ T5950] loop2: detected capacity change from 0 to 1024 [ 70.157602][ T5954] xt_NFQUEUE: number of total queues is 0 [ 70.718043][ T29] audit: type=1326 audit(1733227394.355:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5942 comm="syz.1.2" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f1a57ff19 code=0x7ffc0000 [ 70.847810][ T29] audit: type=1326 audit(1733227394.365:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5942 comm="syz.1.2" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f1a57ff19 code=0x7ffc0000 [ 70.872329][ T5949] Bluetooth: MGMT ver 1.23 [ 70.962161][ T5950] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 71.238207][ T5969] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 72.025376][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 72.032050][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 72.223991][ T5979] loop0: detected capacity change from 0 to 256 [ 72.231309][ T5979] exfat: Invalid uid '0x00000000ffffffff' [ 72.234944][ T5830] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 72.535555][ T5986] loop2: detected capacity change from 0 to 2048 [ 72.595995][ T5986] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 72.626153][ T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!! [ 72.711965][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 72.721196][ T0] NOHZ tick-stop error: local softirq work is pending, handler #208!!! [ 72.786974][ T5994] loop0: detected capacity change from 0 to 128 [ 72.802233][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 72.839045][ T5994] FAT-fs (loop0): error, invalid access to FAT (entry 0x0fffff00) [ 72.867160][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 72.910114][ T5994] FAT-fs (loop0): Filesystem has been set read-only [ 72.940240][ T5994] FAT-fs (loop0): error, invalid access to FAT (entry 0x0fffff00) [ 73.117620][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 74.669748][ T5988] Bluetooth: hci3: Opcode 0x0401 failed: -4 [ 75.469249][ T5919] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 75.660769][ T5919] usb 2-1: Using ep0 maxpacket: 16 [ 75.702125][ T5919] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 75.779850][ T5919] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 75.854697][ T5919] usb 2-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice=10.00 [ 75.891911][ T5919] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 75.907325][ T5919] usb 2-1: Product: syz [ 75.920552][ T5919] usb 2-1: Manufacturer: syz [ 75.964224][ T5919] usb 2-1: SerialNumber: syz [ 76.059936][ T5919] usb 2-1: config 0 descriptor?? [ 76.182092][ T5850] Bluetooth: hci3: command 0x0401 tx timeout [ 76.310582][ T6043] loop2: detected capacity change from 0 to 256 [ 76.513883][ T5850] Bluetooth: hci3: unexpected event for opcode 0x0c1c [ 76.896374][ T6043] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x4f8593fa, utbl_chksum : 0xe619d30d) [ 76.937660][ T6043] exFAT-fs (loop2): valid_size(100667392) is greater than size(4096) [ 77.958089][ T5850] Bluetooth: min 0 < 6 [ 79.075356][ T2152] usb 2-1: USB disconnect, device number 2 [ 79.129436][ T6069] loop4: detected capacity change from 0 to 1024 [ 79.339651][ T6081] loop2: detected capacity change from 0 to 512 [ 79.362353][ T6081] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=885ec01c, mo2=0002] [ 79.405134][ T6081] EXT4-fs (loop2): orphan cleanup on readonly fs [ 79.472179][ T6081] EXT4-fs warning (device loop2): ext4_enable_quotas:7156: Failed to enable quota tracking (type=2, err=-22, ino=15). Please run e2fsck to fix. [ 79.532221][ T6081] EXT4-fs (loop2): Cannot turn on quotas: error -22 [ 79.542661][ T6081] EXT4-fs error (device loop2): ext4_ext_check_inode:524: inode #13: comm syz.2.54: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0) [ 79.597937][ T6081] EXT4-fs error (device loop2): ext4_orphan_get:1394: comm syz.2.54: couldn't read orphan inode 13 (err -117) [ 79.644296][ T6081] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 79.831172][ T5850] Bluetooth: min 0 < 6 [ 80.004548][ T5850] Bluetooth: hci1: command tx timeout [ 80.038228][ T5830] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 80.326923][ T5885] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 80.507647][ T5885] usb 1-1: Using ep0 maxpacket: 16 [ 80.763988][ T5885] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 81.060001][ T6102] loop4: detected capacity change from 0 to 764 [ 81.106836][ T5885] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 81.716514][ T6102] rock: directory entry would overflow storage [ 81.723065][ T6102] rock: sig=0x4654, size=5, remaining=4 [ 82.683029][ T29] audit: type=1326 audit(1733227407.105:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6094 comm="syz.4.61" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f337417ff19 code=0x7fc00000 [ 82.687628][ T5885] usb 1-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice=10.00 [ 82.714950][ T5840] Bluetooth: hci4: command tx timeout [ 82.715060][ T5885] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 82.729111][ T5885] usb 1-1: Product: syz [ 82.736952][ T5885] usb 1-1: Manufacturer: syz [ 82.741608][ T5885] usb 1-1: SerialNumber: syz [ 82.883609][ T119] cfg80211: failed to load regulatory.db [ 82.959158][ T5885] usb 1-1: config 0 descriptor?? [ 83.114819][ T29] audit: type=1326 audit(1733227407.105:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6094 comm="syz.4.61" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f337417ff19 code=0x7fc00000 [ 84.011899][ T29] audit: type=1326 audit(1733227407.105:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6094 comm="syz.4.61" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f337417ff19 code=0x7fc00000 [ 84.041107][ T5884] usb 1-1: USB disconnect, device number 2 [ 84.048867][ T29] audit: type=1326 audit(1733227407.105:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6094 comm="syz.4.61" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f337417ff19 code=0x7fc00000 [ 84.091961][ T29] audit: type=1326 audit(1733227407.105:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6094 comm="syz.4.61" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f337417ff19 code=0x7fc00000 [ 84.165389][ T29] audit: type=1326 audit(1733227407.105:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6094 comm="syz.4.61" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f337417ff19 code=0x7fc00000 [ 84.199508][ T29] audit: type=1326 audit(1733227407.105:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6094 comm="syz.4.61" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f337417ff19 code=0x7fc00000 [ 84.226847][ T29] audit: type=1326 audit(1733227407.105:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6094 comm="syz.4.61" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f337417ff19 code=0x7fc00000 [ 84.251968][ T29] audit: type=1326 audit(1733227407.105:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6094 comm="syz.4.61" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f337417ff19 code=0x7fc00000 [ 84.274900][ T29] audit: type=1326 audit(1733227407.105:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6094 comm="syz.4.61" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f337417ff19 code=0x7fc00000 [ 84.778502][ T6116] xt_NFQUEUE: number of total queues is 0 [ 84.938623][ T6111] 9pnet_fd: Insufficient options for proto=fd [ 85.171501][ T5840] Bluetooth: min 0 < 6 [ 86.096767][ T5884] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 86.329539][ T5884] usb 1-1: Using ep0 maxpacket: 8 [ 86.956738][ T5884] usb 1-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 87.024073][ T5884] usb 1-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 87.036545][ T5884] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 87.215783][ T5884] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 87.297240][ T5884] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 87.305294][ T5884] usb 1-1: Product: syz [ 87.309687][ T5884] usb 1-1: Manufacturer: syz [ 87.314319][ T5884] usb 1-1: SerialNumber: syz [ 87.906865][ T5840] Bluetooth: hci1: command tx timeout [ 88.453264][ T5884] usb 1-1: 0:2 : does not exist [ 88.553178][ T5884] usb 1-1: USB disconnect, device number 3 [ 88.808237][ T5838] udevd[5838]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 89.097645][ T25] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 89.251391][ T6150] loop0: detected capacity change from 0 to 764 [ 89.946792][ T25] usb 3-1: Using ep0 maxpacket: 16 [ 89.959446][ T6150] rock: directory entry would overflow storage [ 89.965737][ T6150] rock: sig=0x4654, size=5, remaining=4 [ 89.976139][ T25] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 89.991249][ T25] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 90.053371][ T25] usb 3-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice=10.00 [ 90.073170][ T25] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 90.124196][ T25] usb 3-1: Product: syz [ 90.142380][ T25] usb 3-1: Manufacturer: syz [ 90.176727][ T25] usb 3-1: SerialNumber: syz [ 90.199020][ T25] usb 3-1: config 0 descriptor?? [ 90.211884][ T29] kauditd_printk_skb: 61 callbacks suppressed [ 90.211902][ T29] audit: type=1326 audit(1733227415.355:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6146 comm="syz.0.78" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d6ed7ff19 code=0x7fc00000 [ 90.256752][ T29] audit: type=1326 audit(1733227415.355:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6146 comm="syz.0.78" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f6d6ed7ff19 code=0x7fc00000 [ 90.340319][ T29] audit: type=1326 audit(1733227415.355:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6146 comm="syz.0.78" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d6ed7ff19 code=0x7fc00000 [ 90.683435][ T29] audit: type=1326 audit(1733227415.355:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6146 comm="syz.0.78" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d6ed7ff19 code=0x7fc00000 [ 90.714884][ T29] audit: type=1326 audit(1733227415.355:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6146 comm="syz.0.78" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d6ed7ff19 code=0x7fc00000 [ 90.779792][ T29] audit: type=1326 audit(1733227415.355:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6146 comm="syz.0.78" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d6ed7ff19 code=0x7fc00000 [ 91.515074][ T29] audit: type=1326 audit(1733227415.355:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6146 comm="syz.0.78" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d6ed7ff19 code=0x7fc00000 [ 91.538502][ T29] audit: type=1326 audit(1733227415.355:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6146 comm="syz.0.78" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d6ed7ff19 code=0x7fc00000 [ 91.561047][ T29] audit: type=1326 audit(1733227415.355:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6146 comm="syz.0.78" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d6ed7ff19 code=0x7fc00000 [ 91.583207][ T29] audit: type=1326 audit(1733227415.355:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6146 comm="syz.0.78" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d6ed7ff19 code=0x7fc00000 [ 91.830413][ T6161] loop4: detected capacity change from 0 to 1024 [ 91.856894][ T6161] EXT4-fs: Ignoring removed nobh option [ 91.863218][ T6161] EXT4-fs: Ignoring removed orlov option [ 92.126761][ T25] usb 3-1: USB disconnect, device number 2 [ 92.460068][ T6161] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 93.054733][ T5832] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 93.206878][ T6175] loop0: detected capacity change from 0 to 2048 [ 93.214057][ T6175] udf: Bad value for 'lastblock' [ 93.304596][ T6175] bridge0: port 2(bridge_slave_1) entered disabled state [ 93.313771][ T6175] bridge0: port 1(bridge_slave_0) entered disabled state [ 93.388067][ T6175] bridge0: entered allmulticast mode [ 93.460853][ T6175] bridge_slave_1: left allmulticast mode [ 93.492362][ T6175] bridge_slave_1: left promiscuous mode [ 93.510588][ T6175] bridge0: port 2(bridge_slave_1) entered disabled state [ 93.561557][ T5840] Bluetooth: hci4: unknown advertising packet type: 0x2c [ 93.561624][ T5840] Bluetooth: hci4: unknown advertising packet type: 0x30 [ 93.570662][ T5840] Bluetooth: hci4: unknown advertising packet type: 0x6e [ 93.633450][ T6175] bridge_slave_0: left allmulticast mode [ 93.648066][ T6175] bridge_slave_0: left promiscuous mode [ 93.724257][ T6175] bridge0: port 1(bridge_slave_0) entered disabled state [ 95.036213][ T6196] loop2: detected capacity change from 0 to 764 [ 95.181225][ T6196] rock: directory entry would overflow storage [ 95.187610][ T6196] rock: sig=0x4654, size=5, remaining=4 [ 95.587372][ T29] kauditd_printk_skb: 57 callbacks suppressed [ 95.613160][ T29] audit: type=1326 audit(1733227420.735:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6190 comm="syz.2.90" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f206897ff19 code=0x7fc00000 [ 95.724121][ T29] audit: type=1326 audit(1733227420.735:146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6190 comm="syz.2.90" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f206897ff19 code=0x7fc00000 [ 95.835870][ T29] audit: type=1326 audit(1733227420.735:147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6190 comm="syz.2.90" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f206897ff19 code=0x7fc00000 [ 95.876313][ T29] audit: type=1326 audit(1733227420.735:148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6190 comm="syz.2.90" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f206897ff19 code=0x7fc00000 [ 95.905135][ T29] audit: type=1326 audit(1733227420.735:149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6190 comm="syz.2.90" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f206897ff19 code=0x7fc00000 [ 95.928259][ T29] audit: type=1326 audit(1733227420.735:150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6190 comm="syz.2.90" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f206897ff19 code=0x7fc00000 [ 95.950953][ T29] audit: type=1326 audit(1733227420.735:151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6190 comm="syz.2.90" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f206897ff19 code=0x7fc00000 [ 95.973276][ T5886] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 96.054414][ T29] audit: type=1326 audit(1733227420.735:152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6190 comm="syz.2.90" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f206897ff19 code=0x7fc00000 [ 96.166718][ T5886] usb 2-1: Using ep0 maxpacket: 16 [ 96.173792][ T5886] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 96.187035][ T5886] usb 2-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice=10.00 [ 96.196425][ T5886] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 96.206709][ T29] audit: type=1326 audit(1733227420.735:153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6190 comm="syz.2.90" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f206897ff19 code=0x7fc00000 [ 96.218858][ T5886] usb 2-1: Product: syz [ 96.270214][ T5886] usb 2-1: Manufacturer: syz [ 96.295326][ T5886] usb 2-1: SerialNumber: syz [ 96.331599][ T5886] usb 2-1: config 0 descriptor?? [ 96.366854][ T29] audit: type=1326 audit(1733227420.735:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6190 comm="syz.2.90" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f206897ff19 code=0x7fc00000 [ 99.367334][ T25] usb 2-1: USB disconnect, device number 3 [ 99.426967][ T6235] Bluetooth: hci3: Opcode 0x0401 failed: -4 [ 99.449059][ T6239] loop1: detected capacity change from 0 to 2048 [ 99.537043][ T6239] udf: Bad value for 'lastblock' [ 99.546776][ T2152] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 99.717619][ T2152] usb 1-1: Using ep0 maxpacket: 16 [ 99.726394][ T2152] usb 1-1: unable to get BOS descriptor or descriptor too short [ 99.737700][ T2152] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 99.761745][ T6239] bridge0: port 2(bridge_slave_1) entered disabled state [ 99.769746][ T6239] bridge0: port 1(bridge_slave_0) entered disabled state [ 99.777977][ T6239] bridge0: entered allmulticast mode [ 99.789056][ T2152] usb 1-1: config 1 interface 0 altsetting 9 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 99.838512][ T2152] usb 1-1: config 1 interface 0 has no altsetting 0 [ 99.879349][ T2152] usb 1-1: New USB device found, idVendor=05ac, idProduct=0218, bcdDevice= 0.40 [ 99.899005][ T2152] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 99.962925][ T2152] usb 1-1: Product: syz [ 99.986812][ T2152] usb 1-1: Manufacturer: syz [ 100.016736][ T2152] usb 1-1: SerialNumber: syz [ 100.166085][ T6242] loop1: detected capacity change from 0 to 2048 [ 100.204240][ T6242] vfat: Unknown parameter 'nnonumtail' [ 100.276434][ T2152] appletouch 1-1:1.0: Could not find int-in endpoint [ 100.315120][ T2152] appletouch 1-1:1.0: probe with driver appletouch failed with error -5 [ 100.366787][ T2152] usbhid 1-1:1.0: couldn't find an input interrupt endpoint [ 100.416759][ T2152] usb 1-1: USB disconnect, device number 4 [ 101.031797][ T6253] loop4: detected capacity change from 0 to 764 [ 101.053564][ T6253] rock: directory entry would overflow storage [ 101.060529][ T6253] rock: sig=0x4654, size=5, remaining=4 [ 101.146785][ T29] kauditd_printk_skb: 56 callbacks suppressed [ 101.146807][ T29] audit: type=1326 audit(1733227426.275:211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6247 comm="syz.4.108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f337417ff19 code=0x7fc00000 [ 101.326872][ T5850] Bluetooth: hci3: command 0x0401 tx timeout [ 101.368155][ T6259] syz.0.111 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 101.416947][ T29] audit: type=1326 audit(1733227426.275:212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6247 comm="syz.4.108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f337417ff19 code=0x7fc00000 [ 101.453194][ T29] audit: type=1326 audit(1733227426.275:213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6247 comm="syz.4.108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f337417ff19 code=0x7fc00000 [ 101.497798][ T29] audit: type=1326 audit(1733227426.275:214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6247 comm="syz.4.108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f337417ff19 code=0x7fc00000 [ 101.528057][ T29] audit: type=1326 audit(1733227426.275:215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6247 comm="syz.4.108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f337417ff19 code=0x7fc00000 [ 101.556697][ T29] audit: type=1326 audit(1733227426.275:216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6247 comm="syz.4.108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f337417ff19 code=0x7fc00000 [ 101.579966][ T29] audit: type=1326 audit(1733227426.275:217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6247 comm="syz.4.108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f337417ff19 code=0x7fc00000 [ 101.622576][ T29] audit: type=1326 audit(1733227426.275:218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6247 comm="syz.4.108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f337417ff19 code=0x7fc00000 [ 101.647233][ T29] audit: type=1326 audit(1733227426.275:219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6247 comm="syz.4.108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f337417ff19 code=0x7fc00000 [ 101.673151][ T29] audit: type=1326 audit(1733227426.275:220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6247 comm="syz.4.108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f337417ff19 code=0x7fc00000 [ 103.191966][ T6271] overlayfs: failed to resolve './bus/file0': -2 [ 103.530167][ T6278] loop0: detected capacity change from 0 to 2048 [ 103.616940][ T5886] usb 2-1: new full-speed USB device number 4 using dummy_hcd [ 103.635577][ T6278] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 103.792674][ T5886] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 103.816740][ T5886] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 103.868117][ T5886] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 103.888730][ T5886] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 103.917265][ T5842] EXT4-fs error (device loop0): ext4_readdir:261: inode #11: block 34: comm syz-executor: path /24/file0/lost+found: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=0, rec_len=1025, size=2048 fake=0 [ 103.979278][ T5886] usb 2-1: Product: syz [ 103.984298][ T5842] EXT4-fs error (device loop0): ext4_empty_dir:3135: inode #11: block 34: comm syz-executor: bad entry in directory: rec_len % 4 != 0 - offset=4096, inode=0, rec_len=1025, size=2048 fake=0 [ 103.984397][ T5886] usb 2-1: Manufacturer: syz [ 104.016876][ T5886] usb 2-1: SerialNumber: syz [ 104.097862][ T5842] EXT4-fs error (device loop0): ext4_readdir:261: inode #11: block 34: comm syz-executor: path /24/file0/lost+found: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=0, rec_len=1025, size=2048 fake=0 [ 104.192482][ T5842] EXT4-fs error (device loop0): ext4_empty_dir:3135: inode #11: block 34: comm syz-executor: bad entry in directory: rec_len % 4 != 0 - offset=4096, inode=0, rec_len=1025, size=2048 fake=0 [ 104.207997][ T5886] usb 2-1: selecting invalid altsetting 1 [ 104.303283][ T5842] EXT4-fs error (device loop0): ext4_readdir:261: inode #11: block 34: comm syz-executor: path /24/file0/lost+found: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=0, rec_len=1025, size=2048 fake=0 [ 104.355342][ T5842] EXT4-fs error (device loop0): ext4_empty_dir:3135: inode #11: block 34: comm syz-executor: bad entry in directory: rec_len % 4 != 0 - offset=4096, inode=0, rec_len=1025, size=2048 fake=0 [ 104.458449][ T5842] EXT4-fs error (device loop0): ext4_readdir:261: inode #11: block 34: comm syz-executor: path /24/file0/lost+found: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=0, rec_len=1025, size=2048 fake=0 [ 104.483049][ T5842] EXT4-fs error (device loop0): ext4_empty_dir:3135: inode #11: block 34: comm syz-executor: bad entry in directory: rec_len % 4 != 0 - offset=4096, inode=0, rec_len=1025, size=2048 fake=0 [ 104.509495][ T5842] EXT4-fs error (device loop0): ext4_readdir:261: inode #11: block 34: comm syz-executor: path /24/file0/lost+found: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=0, rec_len=1025, size=2048 fake=0 [ 104.536152][ T5842] EXT4-fs error (device loop0): ext4_empty_dir:3135: inode #11: block 34: comm syz-executor: bad entry in directory: rec_len % 4 != 0 - offset=4096, inode=0, rec_len=1025, size=2048 fake=0 [ 104.762060][ T6288] loop2: detected capacity change from 0 to 2048 [ 104.824988][ T6293] loop4: detected capacity change from 0 to 128 [ 104.981529][ T6288] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 105.037923][ T5886] cdc_ncm 2-1:1.0: failed GET_NTB_PARAMETERS [ 105.049945][ T6293] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 105.052214][ T5886] cdc_ncm 2-1:1.0: bind() failure [ 105.351119][ T5842] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 105.520193][ T3555] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 105.615429][ T3555] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 105.754943][ T5830] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 105.914772][ T5830] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 106.146165][ T5840] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 106.175392][ T5840] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 106.201399][ T5840] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 106.236474][ T5840] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 106.251363][ T5840] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 106.258884][ T5840] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 106.309216][ T3555] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 106.478672][ T6316] loop4: detected capacity change from 0 to 1024 [ 106.527397][ T25] usb 2-1: USB disconnect, device number 4 [ 106.581173][ T6316] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=804ec119, mo2=0002] [ 106.639145][ T6316] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 106.672828][ T3555] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 107.050281][ T5832] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 107.306752][ T81] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 107.368609][ T6310] chnl_net:caif_netlink_parms(): no params data found [ 107.436550][ T6331] loop4: detected capacity change from 0 to 2048 [ 107.466923][ T81] usb 2-1: Using ep0 maxpacket: 16 [ 107.587324][ T6331] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 107.615944][ T81] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 107.669280][ T81] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 107.709871][ T81] usb 2-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 107.793750][ T81] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 107.831213][ T81] usb 2-1: config 0 descriptor?? [ 107.972253][ T5832] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 108.209016][ T6327] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 108.321471][ T5850] Bluetooth: hci4: command tx timeout [ 108.351313][ T6327] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 108.672940][ T6327] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 108.678986][ T6358] loop4: detected capacity change from 0 to 512 [ 108.727708][ T6358] EXT4-fs: Ignoring removed nobh option [ 108.788784][ T6327] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 108.879510][ T6358] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 108.926952][ T81] hid (null): bogus close delimiter [ 108.957289][ T6358] ext4 filesystem being mounted at /28/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 108.996436][ T81] hid-generic 0003:0158:0100.0001: unknown main item tag 0x0 [ 109.005969][ T81] hid-generic 0003:0158:0100.0001: unknown main item tag 0x0 [ 109.013728][ T81] hid-generic 0003:0158:0100.0001: bogus close delimiter [ 109.025167][ T81] hid-generic 0003:0158:0100.0001: item 0 0 2 10 parsing failed [ 109.047423][ T81] hid-generic 0003:0158:0100.0001: probe with driver hid-generic failed with error -22 [ 109.118571][ T81] usb 2-1: USB disconnect, device number 5 [ 109.261787][ T6364] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.135: bg 0: block 224: padding at end of block bitmap is not set [ 109.313484][ T6364] EXT4-fs (loop4): Remounting filesystem read-only [ 109.408047][ T6364] syz.4.135 (6364) used greatest stack depth: 17816 bytes left [ 109.872102][ T3555] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 109.975068][ T3555] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 110.090892][ T5845] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 110.104387][ T3555] bond0 (unregistering): Released all slaves [ 110.121402][ T6368] loop2: detected capacity change from 0 to 512 [ 110.128627][ T6368] EXT4-fs: Ignoring removed i_version option [ 110.149408][ T6368] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 110.149757][ T5845] hid-generic 0000:0000:0000.0002: hidraw0: HID v0.00 Device [syz1] on syz0 [ 110.171681][ T6368] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 110.203059][ T6368] EXT4-fs (loop2): 1 truncate cleaned up [ 110.229410][ T6368] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 110.317749][ T5832] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 110.332996][ T3630] __quota_error: 56 callbacks suppressed [ 110.333011][ T3630] Quota error (device loop4): dquot_write_dquot: Can't write quota structure (error -5). Quota may get out of sync! [ 110.352008][ T3630] Quota error (device loop4): dquot_write_dquot: Can't write quota structure (error -5). Quota may get out of sync! [ 110.407951][ T5850] Bluetooth: hci4: command tx timeout [ 110.434933][ T29] audit: type=1800 audit(1733227435.585:277): pid=6368 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.137" name="file1" dev="loop2" ino=15 res=0 errno=0 [ 110.612642][ T6310] bridge0: port 1(bridge_slave_0) entered blocking state [ 110.625966][ T6310] bridge0: port 1(bridge_slave_0) entered disabled state [ 110.656253][ T5830] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 110.836977][ T6310] bridge_slave_0: entered allmulticast mode [ 110.844989][ T6310] bridge_slave_0: entered promiscuous mode [ 111.648558][ T6378] Bluetooth: hci3: Opcode 0x0401 failed: -4 [ 111.791902][ T6398] loop1: detected capacity change from 0 to 512 [ 111.832686][ T6398] EXT4-fs (loop1): blocks per group (95) and clusters per group (32768) inconsistent [ 112.025639][ T6310] bridge0: port 2(bridge_slave_1) entered blocking state [ 112.032413][ T6408] loop4: detected capacity change from 0 to 256 [ 112.034382][ T6310] bridge0: port 2(bridge_slave_1) entered disabled state [ 112.045868][ T6409] cgroup: Unknown subsys name 'cpuset' [ 112.046887][ T6310] bridge_slave_1: entered allmulticast mode [ 112.106828][ T6310] bridge_slave_1: entered promiscuous mode [ 112.119080][ T6408] exFAT-fs (loop4): bogus number of FAT structure [ 112.125559][ T6408] exFAT-fs (loop4): failed to read boot sector [ 112.229923][ T6408] exFAT-fs (loop4): failed to recognize exfat type [ 112.313649][ T6310] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 112.348510][ T6399] loop2: detected capacity change from 0 to 4096 [ 112.355400][ T6399] ext3: Bad value for 'sb' [ 112.476797][ T5850] Bluetooth: hci4: command tx timeout [ 112.659142][ T6310] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 113.846759][ T5850] Bluetooth: hci3: command 0x0401 tx timeout [ 114.247376][ T3555] hsr_slave_0: left promiscuous mode [ 114.360481][ T3555] hsr_slave_1: left promiscuous mode [ 114.443885][ T3555] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 114.482605][ T3555] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 114.510133][ T3555] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 114.524552][ T3555] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 114.560133][ T5850] Bluetooth: hci4: command tx timeout [ 114.649816][ T3555] veth1_macvtap: left promiscuous mode [ 114.655760][ T3555] veth0_macvtap: left promiscuous mode [ 114.898123][ T6437] loop1: detected capacity change from 0 to 1024 [ 114.915403][ T6437] EXT4-fs: Ignoring removed nobh option [ 114.921737][ T6437] EXT4-fs: Ignoring removed orlov option [ 114.940846][ T3555] veth1_vlan: left promiscuous mode [ 115.127526][ T3555] veth0_vlan: left promiscuous mode [ 115.187561][ T6437] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 115.281014][ T29] audit: type=1800 audit(1733227440.435:278): pid=6436 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.154" name="bus" dev="loop1" ino=18 res=0 errno=0 [ 115.375037][ T5831] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 115.673454][ T6444] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 116.621333][ T6455] loop1: detected capacity change from 0 to 128 [ 118.156424][ T3555] team0 (unregistering): Port device team_slave_1 removed [ 119.658530][ T3555] team0 (unregistering): Port device team_slave_0 removed [ 121.011230][ T6473] xt_NFQUEUE: number of total queues is 0 [ 121.424014][ T6310] team0: Port device team_slave_0 added [ 121.473506][ T6310] team0: Port device team_slave_1 added [ 121.618040][ T81] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 121.786730][ T81] usb 2-1: Using ep0 maxpacket: 16 [ 121.798346][ T81] usb 2-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice=10.00 [ 121.813803][ T81] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 121.856782][ T81] usb 2-1: Product: syz [ 121.876673][ T81] usb 2-1: Manufacturer: syz [ 121.881330][ T81] usb 2-1: SerialNumber: syz [ 121.938356][ T81] usb 2-1: config 0 descriptor?? [ 122.003842][ T6494] loop4: detected capacity change from 0 to 512 [ 122.004472][ T81] ftdi_sio 2-1:0.0: FTDI USB Serial Device converter detected [ 122.019101][ T81] usb 2-1: Detected FT-X [ 122.048576][ T6494] EXT4-fs (loop4): Test dummy encryption mode enabled [ 122.048763][ T6310] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 122.062552][ T6310] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 122.071690][ T6494] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 122.088669][ T6310] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 122.092169][ T6310] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 122.117165][ T6310] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 122.143833][ T6310] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 122.159960][ T6499] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 122.311226][ T81] ftdi_sio ttyUSB0: Unable to read latency timer: -32 [ 122.532673][ T81] ftdi_sio 2-1:0.0: GPIO initialisation failed: -32 [ 122.593637][ T81] usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 122.610510][ T6494] EXT4-fs warning (device loop4): ext4_expand_extra_isize_ea:2863: Unable to expand inode 11. Delete some EAs or run e2fsck. [ 122.685826][ T6494] EXT4-fs (loop4): 1 truncate cleaned up [ 123.680746][ T6310] hsr_slave_0: entered promiscuous mode [ 123.697856][ T6494] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 123.744743][ T6310] hsr_slave_1: entered promiscuous mode [ 123.803058][ T6310] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 123.811036][ T6310] Cannot create hsr debugfs directory [ 124.088712][ T6494] fscrypt (loop4): Missing crypto API support for AES-256-XTS (API name: "xts(aes)") [ 124.111136][ T6310] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 124.135605][ T6513] fscrypt (loop4): Missing crypto API support for AES-256-XTS (API name: "xts(aes)") [ 124.174345][ T6310] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 124.260541][ T6310] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 124.400209][ T6310] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 124.449352][ T5886] usb 2-1: USB disconnect, device number 6 [ 124.462136][ T5886] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 124.538195][ T5832] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 124.701581][ T5886] ftdi_sio 2-1:0.0: device disconnected [ 125.063683][ T6310] 8021q: adding VLAN 0 to HW filter on device bond0 [ 126.039798][ T5840] Bluetooth: hci1: command 0x0406 tx timeout [ 126.092099][ T6310] 8021q: adding VLAN 0 to HW filter on device team0 [ 126.109195][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 126.116483][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 126.227060][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 126.234286][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 126.749751][ T6310] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 126.934857][ T6567] kvm: emulating exchange as write [ 127.089692][ T6569] loop2: detected capacity change from 0 to 8192 [ 127.477754][ T6310] veth0_vlan: entered promiscuous mode [ 127.528212][ T6310] veth1_vlan: entered promiscuous mode [ 127.641581][ T6310] veth0_macvtap: entered promiscuous mode [ 127.693400][ T6310] veth1_macvtap: entered promiscuous mode [ 127.791137][ T6310] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 127.826758][ T6310] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 127.856697][ T6310] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 127.896852][ T6310] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 127.936845][ T6310] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 127.966774][ T6310] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 128.011083][ T6310] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 128.047082][ T6310] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 128.097925][ T6310] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 128.149827][ T6310] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 128.204935][ T6310] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 128.226754][ T6310] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 128.250705][ T6310] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 128.292223][ T6310] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 128.556699][ T6310] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 128.608788][ T6310] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 128.619391][ T6310] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 128.630345][ T6310] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 128.641833][ T6310] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 128.650761][ T6310] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 128.659527][ T6310] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 128.686768][ T6310] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 128.916741][ T5886] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 128.931809][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 128.976928][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 129.046758][ T32] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 129.063965][ T32] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 129.113688][ T5886] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 129.165691][ T5886] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 129.187738][ T6605] loop2: detected capacity change from 0 to 256 [ 129.195538][ T6605] vfat: Bad value for 'fmask' [ 129.202037][ T5886] usb 5-1: New USB device found, idVendor=054c, idProduct=03d5, bcdDevice= 0.00 [ 129.216860][ T5886] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 129.376809][ T81] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 129.378898][ T5886] usb 5-1: config 0 descriptor?? [ 129.952879][ T6624] loop2: detected capacity change from 0 to 128 [ 130.046438][ T5886] input: HID 054c:03d5 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:054C:03D5.0003/input/input6 [ 130.080647][ T5886] sony 0003:054C:03D5.0003: input,hidraw0: USB HID v0.00 Joystick [HID 054c:03d5] on usb-dummy_hcd.4-1/input0 [ 130.294865][ T6624] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 130.326576][ T81] usb 2-1: Using ep0 maxpacket: 16 [ 130.340783][ T5886] usb 5-1: USB disconnect, device number 2 [ 130.427085][ T6624] ext4 filesystem being mounted at /43/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 130.716440][ T6638] loop3: detected capacity change from 0 to 1024 [ 130.926846][ T5885] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 130.998384][ T6638] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 131.059791][ T81] usb 2-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice=10.00 [ 131.075023][ T81] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 131.088575][ T81] usb 2-1: Product: syz [ 131.092941][ T81] usb 2-1: Manufacturer: syz [ 131.112130][ T81] usb 2-1: SerialNumber: syz [ 131.210564][ T81] usb 2-1: config 0 descriptor?? [ 131.232282][ T81] ftdi_sio 2-1:0.0: FTDI USB Serial Device converter detected [ 131.256916][ T81] usb 2-1: Detected FT-X [ 131.700615][ T81] ftdi_sio ttyUSB0: Unable to read latency timer: -32 [ 131.838462][ T5837] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 131.992176][ T81] ftdi_sio 2-1:0.0: GPIO initialisation failed: -32 [ 132.010267][ T81] usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 132.315025][ T5885] usb 3-1: Using ep0 maxpacket: 32 [ 132.681178][ T6658] loop5: detected capacity change from 0 to 8192 [ 132.751492][ T5885] usb 3-1: New USB device found, idVendor=1557, idProduct=8150, bcdDevice=29.ed [ 132.766084][ T5885] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 132.782253][ T5885] usb 3-1: Product: syz [ 132.832709][ T5885] usb 3-1: Manufacturer: syz [ 132.841862][ T5885] usb 3-1: SerialNumber: syz [ 132.858863][ T5885] usb 3-1: config 0 descriptor?? [ 133.308380][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.314973][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.429241][ T119] usb 2-1: USB disconnect, device number 7 [ 133.461710][ T119] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 133.512920][ T119] ftdi_sio 2-1:0.0: device disconnected [ 133.528413][ T5885] rtl8150 3-1:0.0: couldn't reset the device [ 133.534571][ T5885] rtl8150 3-1:0.0: probe with driver rtl8150 failed with error -5 [ 133.579131][ T5885] usb 3-1: USB disconnect, device number 3 [ 133.838233][ T6676] netlink: 'syz.4.194': attribute type 3 has an invalid length. [ 134.182727][ T5830] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 134.315644][ T6681] loop4: detected capacity change from 0 to 512 [ 134.346534][ T6681] EXT4-fs: Ignoring removed orlov option [ 134.592915][ T6681] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 134.605884][ T6681] ext4 filesystem being mounted at /42/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 135.000206][ T6702] loop3: detected capacity change from 0 to 512 [ 135.079762][ T5832] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 135.227403][ T6702] EXT4-fs (loop3): blocks per group (95) and clusters per group (32768) inconsistent [ 135.333087][ T6708] netlink: 'syz.4.198': attribute type 3 has an invalid length. [ 137.866786][ T119] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 138.028530][ T119] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 138.090595][ T5885] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 138.107698][ T119] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 138.118592][ T5885] hid-generic 0000:0000:0000.0004: hidraw0: HID v0.00 Device [syz1] on syz0 [ 138.128504][ T119] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 138.197972][ T119] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 138.226354][ T119] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 138.248849][ T119] usb 5-1: config 0 descriptor?? [ 138.670047][ T119] plantronics 0003:047F:FFFF.0005: No inputs registered, leaving [ 138.731255][ T119] plantronics 0003:047F:FFFF.0005: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 138.753019][ T6740] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 139.336779][ T119] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 139.500814][ T5885] usb 5-1: USB disconnect, device number 3 [ 139.531145][ T119] usb 6-1: Using ep0 maxpacket: 16 [ 139.602028][ T119] usb 6-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice=10.00 [ 139.670542][ T119] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 139.765417][ T119] usb 6-1: Product: syz [ 139.824360][ T119] usb 6-1: Manufacturer: syz [ 139.837914][ T119] usb 6-1: SerialNumber: syz [ 139.854974][ T119] usb 6-1: config 0 descriptor?? [ 139.870268][ T119] ftdi_sio 6-1:0.0: FTDI USB Serial Device converter detected [ 139.884476][ T119] usb 6-1: Detected FT-X [ 140.085355][ T119] ftdi_sio ttyUSB0: Unable to read latency timer: -32 [ 140.327523][ T119] ftdi_sio 6-1:0.0: GPIO initialisation failed: -32 [ 140.335638][ T119] usb 6-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 140.828014][ T5850] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 140.837375][ T5850] Bluetooth: hci2: Injecting HCI hardware error event [ 140.848510][ T5840] Bluetooth: hci2: hardware error 0x00 [ 141.270673][ T6773] loop4: detected capacity change from 0 to 1024 [ 141.354518][ T3555] hfsplus: b-tree write err: -5, ino 4 [ 141.570040][ T6776] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 142.055354][ T81] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 142.068943][ T81] hid-generic 0000:0000:0000.0006: hidraw0: HID v0.00 Device [syz1] on syz0 [ 142.106847][ T81] usb 6-1: USB disconnect, device number 2 [ 142.133593][ T81] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 142.179067][ T81] ftdi_sio 6-1:0.0: device disconnected [ 142.335091][ T6791] loop5: detected capacity change from 0 to 1024 [ 142.374900][ T6791] EXT4-fs: Ignoring removed nobh option [ 142.381332][ T6791] EXT4-fs: Ignoring removed orlov option [ 142.669283][ T6791] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 142.711704][ T6310] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 143.049817][ T6814] input: syz1 as /devices/virtual/input/input7 [ 143.359039][ T5840] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 143.978619][ T6830] overlayfs: failed to resolve './bus/file0': -2 [ 144.002982][ T6779] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 144.797630][ T6841] loop5: detected capacity change from 0 to 256 [ 145.571448][ T6841] exFAT-fs (loop5): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 146.781444][ T29] audit: type=1800 audit(1733227471.905:279): pid=6841 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.226" name="file1" dev="loop5" ino=1048620 res=0 errno=0 [ 146.998321][ T6867] loop4: detected capacity change from 0 to 1024 [ 147.005641][ T6867] EXT4-fs: Ignoring removed nobh option [ 147.011807][ T6867] EXT4-fs: Ignoring removed orlov option [ 147.289423][ T6867] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 147.346729][ T5884] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 147.367457][ T5832] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 147.529303][ T5884] usb 2-1: Using ep0 maxpacket: 16 [ 147.541055][ T6845] Bluetooth: hci3: Opcode 0x0401 failed: -4 [ 147.549845][ T5884] usb 2-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice=10.00 [ 147.559113][ T5884] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 147.599472][ T5884] usb 2-1: Product: syz [ 147.608294][ T5884] usb 2-1: Manufacturer: syz [ 147.656885][ T5884] usb 2-1: SerialNumber: syz [ 147.677439][ T6878] loop5: detected capacity change from 0 to 512 [ 147.708645][ T6878] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 147.724279][ T6873] loop2: detected capacity change from 0 to 512 [ 147.732621][ T5884] usb 2-1: config 0 descriptor?? [ 147.751892][ T5884] ftdi_sio 2-1:0.0: FTDI USB Serial Device converter detected [ 147.776864][ T5884] usb 2-1: Detected FT-X [ 147.850614][ T6878] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 147.930719][ T6878] ext4 filesystem being mounted at /9/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 147.982020][ T5884] ftdi_sio ttyUSB0: Unable to read latency timer: -32 [ 147.990491][ T6873] EXT4-fs error (device loop2): __ext4_iget:4984: inode #11: block 16: comm syz.2.229: invalid block [ 148.003680][ T6878] syz.5.235 uses obsolete (PF_INET,SOCK_PACKET) [ 148.333475][ T5884] ftdi_sio 2-1:0.0: GPIO initialisation failed: -32 [ 148.342263][ T5884] usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 148.395881][ T6873] EXT4-fs error (device loop2): ext4_orphan_get:1394: comm syz.2.229: couldn't read orphan inode 11 (err -117) [ 148.423929][ T6873] EXT4-fs (loop2): 1 truncate cleaned up [ 148.494791][ T6873] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 148.534715][ T6310] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 149.002191][ T6890] overlayfs: failed to resolve './bus/file0': -2 [ 149.456977][ T5840] Bluetooth: hci3: command 0x0401 tx timeout [ 150.005781][ T5886] usb 2-1: USB disconnect, device number 8 [ 150.012031][ T119] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 150.058932][ T5886] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 150.118785][ T5886] ftdi_sio 2-1:0.0: device disconnected [ 150.235031][ T119] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 150.509264][ T119] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 150.530415][ T119] usb 5-1: New USB device found, idVendor=054c, idProduct=03d5, bcdDevice= 0.00 [ 150.542025][ T119] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 150.555108][ T119] usb 5-1: config 0 descriptor?? [ 150.720305][ T6872] EXT4-fs error (device loop2): ext4_validate_block_bitmap:432: comm ext4lazyinit: bg 0: block 16: invalid block bitmap [ 150.994147][ T119] input: HID 054c:03d5 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:054C:03D5.0007/input/input8 [ 151.089798][ T119] sony 0003:054C:03D5.0007: input,hidraw0: USB HID v0.00 Joystick [HID 054c:03d5] on usb-dummy_hcd.4-1/input0 [ 151.185190][ T119] usb 5-1: USB disconnect, device number 4 [ 151.342665][ T6928] loop5: detected capacity change from 0 to 8192 [ 151.782333][ T6943] loop4: detected capacity change from 0 to 256 [ 151.817413][ T6943] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 151.996833][ T29] audit: type=1800 audit(1733227477.135:280): pid=6947 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.245" name="file1" dev="loop4" ino=1048625 res=0 errno=0 [ 154.005576][ T7011] loop5: detected capacity change from 0 to 512 [ 154.141657][ T7011] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 154.207636][ T7011] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 154.221425][ T7011] ext4 filesystem being mounted at /18/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 154.404328][ T6310] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 155.880588][ T7029] loop5: detected capacity change from 0 to 8192 [ 157.453617][ T7051] loop4: detected capacity change from 0 to 256 [ 157.483729][ T7051] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 159.299754][ T5830] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 160.064606][ T7067] loop4: detected capacity change from 0 to 512 [ 160.232551][ T7067] EXT4-fs error (device loop4): ext4_expand_extra_isize_ea:2813: inode #11: comm syz.4.268: corrupted xattr block 95: invalid header [ 160.255003][ T7067] EXT4-fs error (device loop4): ext4_validate_block_bitmap:432: comm syz.4.268: bg 0: block 7: invalid block bitmap [ 160.353690][ T7074] loop3: detected capacity change from 0 to 164 [ 160.396884][ T5884] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 160.756179][ T7067] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6550: Corrupt filesystem [ 160.776549][ T7067] EXT4-fs error (device loop4): ext4_xattr_delete_inode:2977: inode #11: comm syz.4.268: corrupted xattr block 95: invalid header [ 160.886985][ T5884] usb 6-1: Using ep0 maxpacket: 16 [ 160.892109][ T7067] EXT4-fs warning (device loop4): ext4_evict_inode:276: xattr delete (err -117) [ 160.892215][ T7067] EXT4-fs (loop4): 1 orphan inode deleted [ 160.915190][ T7067] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 160.938888][ T5884] usb 6-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice=10.00 [ 160.951582][ T5884] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 160.971826][ T5884] usb 6-1: Product: syz [ 160.976073][ T5884] usb 6-1: Manufacturer: syz [ 160.987296][ T5884] usb 6-1: SerialNumber: syz [ 161.030521][ T5884] usb 6-1: config 0 descriptor?? [ 161.065714][ T5884] ftdi_sio 6-1:0.0: FTDI USB Serial Device converter detected [ 161.076403][ T5884] usb 6-1: Detected FT-X [ 161.308902][ T5884] ftdi_sio ttyUSB0: Unable to read latency timer: -32 [ 161.585234][ T5832] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 161.594987][ T5884] ftdi_sio 6-1:0.0: GPIO initialisation failed: -5 [ 161.603295][ T5884] usb 6-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 161.741813][ T5840] Bluetooth: hci3: unexpected event for opcode 0x0c1c [ 161.893395][ T7085] loop4: detected capacity change from 0 to 256 [ 162.050078][ T7085] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 163.110130][ T5886] usb 6-1: USB disconnect, device number 3 [ 163.131597][ T5886] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 163.193224][ T5886] ftdi_sio 6-1:0.0: device disconnected [ 163.250178][ T7098] loop3: detected capacity change from 0 to 512 [ 163.523820][ T7098] EXT4-fs error (device loop3): __ext4_iget:4984: inode #11: block 16: comm syz.3.277: invalid block [ 163.551247][ T7098] EXT4-fs error (device loop3): ext4_orphan_get:1394: comm syz.3.277: couldn't read orphan inode 11 (err -117) [ 163.654543][ T7098] EXT4-fs (loop3): 1 truncate cleaned up [ 163.695674][ T7098] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 163.860371][ T7101] Bluetooth: hci3: Opcode 0x0401 failed: -4 [ 165.059225][ T5837] EXT4-fs error (device loop3): ext4_lookup:1813: inode #17: comm syz-executor: iget: bad extended attribute block 6904 [ 165.158363][ T5837] EXT4-fs error (device loop3): ext4_lookup:1813: inode #17: comm syz-executor: iget: bad extended attribute block 6904 [ 165.325963][ T7099] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 165.596682][ C0] ------------[ cut here ]------------ [ 165.602460][ C0] WARNING: CPU: 0 PID: 7120 at kernel/workqueue.c:2257 __queue_work+0xcd3/0xf50 [ 165.611499][ C0] Modules linked in: [ 165.615396][ C0] CPU: 0 UID: 0 PID: 7120 Comm: syz.1.281 Not tainted 6.12.0-next-20241128-syzkaller #0 [ 165.625117][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 165.635162][ C0] RIP: 0010:__queue_work+0xcd3/0xf50 [ 165.640435][ C0] Code: ff e8 d1 ea 37 00 90 0f 0b 90 e9 b2 fe ff ff e8 c3 ea 37 00 eb 13 e8 bc ea 37 00 eb 0c e8 b5 ea 37 00 eb 05 e8 ae ea 37 00 90 <0f> 0b 90 48 83 c4 60 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc [ 165.660131][ C0] RSP: 0000:ffffc90000007b08 EFLAGS: 00010046 [ 165.666189][ C0] RAX: ffffffff81678a3d RBX: 0000000000000100 RCX: ffff88803154bc00 [ 165.674150][ C0] RDX: 0000000000000100 RSI: 0000000000000100 RDI: 0000000000000000 [ 165.682118][ C0] RBP: 0000000000010000 R08: ffffffff81677e68 R09: 1ffffffff20333d6 [ 165.690176][ C0] R10: dffffc0000000000 R11: ffffffff81679270 R12: ffff88807803e800 [ 165.698135][ C0] R13: ffff88807803e9c0 R14: dffffc0000000000 R15: 0000000000000008 [ 165.706087][ C0] FS: 00007f2f1b34f6c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 165.714999][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 165.721564][ C0] CR2: 00000000fffffc40 CR3: 00000000620d0000 CR4: 00000000003526f0 [ 165.729520][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 165.737479][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 165.745431][ C0] Call Trace: [ 165.748699][ C0] [ 165.751530][ C0] ? __warn+0x165/0x4d0 [ 165.755676][ C0] ? __queue_work+0xcd3/0xf50 [ 165.760357][ C0] ? report_bug+0x2b3/0x500 [ 165.764882][ C0] ? __queue_work+0xcd3/0xf50 [ 165.769558][ C0] ? handle_bug+0x60/0x90 [ 165.773892][ C0] ? exc_invalid_op+0x1a/0x50 [ 165.778556][ C0] ? asm_exc_invalid_op+0x1a/0x20 [ 165.783584][ C0] ? __pfx_delayed_work_timer_fn+0x10/0x10 [ 165.789392][ C0] ? __queue_work+0xe8/0xf50 [ 165.793964][ C0] ? __queue_work+0xcbd/0xf50 [ 165.798634][ C0] ? __queue_work+0xcd3/0xf50 [ 165.803296][ C0] ? __queue_work+0xcbd/0xf50 [ 165.807962][ C0] ? call_timer_fn+0xa8/0x650 [ 165.812630][ C0] call_timer_fn+0x187/0x650 [ 165.817228][ C0] ? call_timer_fn+0xc0/0x650 [ 165.821889][ C0] ? __pfx_delayed_work_timer_fn+0x10/0x10 [ 165.827678][ C0] ? __pfx_call_timer_fn+0x10/0x10 [ 165.832773][ C0] ? __pfx_delayed_work_timer_fn+0x10/0x10 [ 165.838565][ C0] ? do_raw_spin_unlock+0x13c/0x8b0 [ 165.843751][ C0] ? rcu_is_watching+0x15/0xb0 [ 165.848502][ C0] ? __pfx_delayed_work_timer_fn+0x10/0x10 [ 165.854293][ C0] ? __pfx_delayed_work_timer_fn+0x10/0x10 [ 165.860128][ C0] __run_timer_base+0x695/0x8e0 [ 165.864976][ C0] ? __pfx___run_timer_base+0x10/0x10 [ 165.870342][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 165.876681][ C0] ? do_raw_spin_unlock+0x13c/0x8b0 [ 165.881896][ C0] run_timer_softirq+0xb7/0x170 [ 165.886748][ C0] handle_softirqs+0x2d4/0x9b0 [ 165.891522][ C0] ? __irq_exit_rcu+0xf7/0x220 [ 165.896286][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 165.901566][ C0] ? irqtime_account_irq+0xd4/0x1e0 [ 165.906758][ C0] __irq_exit_rcu+0xf7/0x220 [ 165.911361][ C0] ? __pfx___irq_exit_rcu+0x10/0x10 [ 165.916729][ C0] irq_exit_rcu+0x9/0x30 [ 165.920996][ C0] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 165.926634][ C0] [ 165.929560][ C0] [ 165.932474][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 165.938442][ C0] RIP: 0010:lock_is_held_type+0x13b/0x190 [ 165.944623][ C0] Code: 75 44 48 c7 04 24 00 00 00 00 9c 8f 04 24 f7 04 24 00 02 00 00 75 4c 41 f7 c4 00 02 00 00 74 01 fb 65 48 8b 04 25 28 00 00 00 <48> 3b 44 24 08 75 42 89 d8 48 83 c4 10 5b 41 5c 41 5d 41 5e 41 5f [ 165.964249][ C0] RSP: 0000:ffffc90002ed6b60 EFLAGS: 00000206 [ 165.970409][ C0] RAX: 0de81e41c27e9100 RBX: 0000000000000000 RCX: 0000000080000000 [ 165.978412][ C0] RDX: dffffc0000000000 RSI: ffffffff8c0aa8a0 RDI: ffffffff8c5f8da0 [ 165.986389][ C0] RBP: 0000000000000003 R08: ffffffff942c4887 R09: 1ffffffff2858910 [ 165.994356][ C0] R10: dffffc0000000000 R11: fffffbfff2858911 R12: 0000000000000246 [ 166.002325][ C0] R13: ffff88803154bc00 R14: 00000000ffffffff R15: ffffffff8e96e828 [ 166.010305][ C0] mem_cgroup_from_task+0x62/0x120 [ 166.015414][ C0] ? get_mem_cgroup_from_mm+0x38/0x2a0 [ 166.020860][ C0] get_mem_cgroup_from_mm+0xd7/0x2a0 [ 166.026129][ C0] __mem_cgroup_charge+0x16/0x80 [ 166.031062][ C0] shmem_alloc_and_add_folio+0x8a1/0x13d0 [ 166.036799][ C0] ? __pfx_filemap_get_entry+0x10/0x10 [ 166.042251][ C0] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 166.048411][ C0] ? shmem_allowable_huge_orders+0x580/0x660 [ 166.054397][ C0] shmem_get_folio_gfp+0x5a9/0x20a0 [ 166.059587][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 166.065564][ C0] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 166.071300][ C0] ? ktime_get_coarse_real_ts64_mg+0x57/0x220 [ 166.077356][ C0] ? seqcount_lockdep_reader_access+0x157/0x220 [ 166.083580][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 166.088768][ C0] shmem_write_begin+0x17e/0x460 [ 166.093697][ C0] ? __pfx_shmem_write_begin+0x10/0x10 [ 166.099152][ C0] ? fault_in_iov_iter_readable+0x236/0x280 [ 166.105030][ C0] generic_perform_write+0x344/0x6d0 [ 166.110329][ C0] ? __pfx_generic_perform_write+0x10/0x10 [ 166.116135][ C0] ? __pfx_generic_write_checks+0x10/0x10 [ 166.121870][ C0] ? file_update_time+0x2ab/0x450 [ 166.126900][ C0] shmem_file_write_iter+0xf9/0x120 [ 166.132113][ C0] __kernel_write_iter+0x42a/0x940 [ 166.137247][ C0] ? __pfx_shmem_file_write_iter+0x10/0x10 [ 166.143051][ C0] ? __pfx___kernel_write_iter+0x10/0x10 [ 166.148678][ C0] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 166.154653][ C0] ? iov_iter_bvec+0x4e/0x180 [ 166.159340][ C0] dump_user_range+0x4f1/0x970 [ 166.164122][ C0] ? __pfx_dump_user_range+0x10/0x10 [ 166.169420][ C0] ? __pfx_elf_coredump_extra_notes_write+0x10/0x10 [ 166.175996][ C0] ? __kmalloc_cache_noprof+0x243/0x390 [ 166.181552][ C0] ? dump_emit+0x99/0xd0 [ 166.185786][ C0] elf_core_dump+0x3e9f/0x4790 [ 166.190554][ C0] ? __pfx_elf_core_dump+0x10/0x10 [ 166.195652][ C0] ? mark_lock+0x9a/0x360 [ 166.199976][ C0] ? __lock_acquire+0x1397/0x2100 [ 166.204990][ C0] ? __pfx_cmp_vma_size+0x10/0x10 [ 166.210013][ C0] ? rcu_read_lock_any_held+0xb7/0x160 [ 166.215463][ C0] ? getname_kernel+0x140/0x2f0 [ 166.220303][ C0] do_coredump+0x214b/0x2e60 [ 166.224896][ C0] ? __pfx_do_coredump+0x10/0x10 [ 166.229841][ C0] ? proc_coredump_connector+0x1e8/0x750 [ 166.235459][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 166.241440][ C0] ? __pfx_proc_coredump_connector+0x10/0x10 [ 166.247415][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 166.252600][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 166.257781][ C0] get_signal+0x140b/0x1750 [ 166.262281][ C0] ? __pfx_get_signal+0x10/0x10 [ 166.267123][ C0] ? __pfx_force_sig_fault+0x10/0x10 [ 166.272399][ C0] arch_do_signal_or_restart+0x96/0x860 [ 166.277936][ C0] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 166.284174][ C0] ? irqentry_exit_to_user_mode+0x53/0x250 [ 166.289970][ C0] irqentry_exit_to_user_mode+0x7e/0x250 [ 166.295595][ C0] exc_page_fault+0x590/0x8b0 [ 166.300266][ C0] asm_exc_page_fault+0x26/0x30 [ 166.305107][ C0] RIP: 0033:0x7f2f1a57ff21 [ 166.309528][ C0] Code: 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 166.329210][ C0] RSP: 002b:00000000fffffe10 EFLAGS: 00010217 [ 166.335264][ C0] RAX: 0000000000000000 RBX: 00007f2f1a745fa0 RCX: 00007f2f1a57ff19 [ 166.343339][ C0] RDX: 0000000000000000 RSI: 00000000fffffe10 RDI: 0000000000000000 [ 166.351385][ C0] RBP: 00007f2f1a5f3986 R08: 0000000000000000 R09: 0000000000000000 [ 166.359343][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 166.367300][ C0] R13: 0000000000000000 R14: 00007f2f1a745fa0 R15: 00007ffc73ede8b8 [ 166.375270][ C0] [ 166.378288][ C0] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 166.385551][ C0] CPU: 0 UID: 0 PID: 7120 Comm: syz.1.281 Not tainted 6.12.0-next-20241128-syzkaller #0 [ 166.395249][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 166.407822][ C0] Call Trace: [ 166.411093][ C0] [ 166.413925][ C0] dump_stack_lvl+0x241/0x360 [ 166.418597][ C0] ? __pfx_dump_stack_lvl+0x10/0x10 [ 166.423787][ C0] ? __pfx__printk+0x10/0x10 [ 166.428363][ C0] ? _printk+0xd5/0x120 [ 166.432505][ C0] ? __init_begin+0x41000/0x41000 [ 166.437516][ C0] ? vscnprintf+0x5d/0x90 [ 166.441834][ C0] panic+0x349/0x880 [ 166.445713][ C0] ? __warn+0x174/0x4d0 [ 166.449859][ C0] ? __pfx_panic+0x10/0x10 [ 166.454358][ C0] __warn+0x344/0x4d0 [ 166.458332][ C0] ? __queue_work+0xcd3/0xf50 [ 166.462999][ C0] report_bug+0x2b3/0x500 [ 166.467323][ C0] ? __queue_work+0xcd3/0xf50 [ 166.471992][ C0] handle_bug+0x60/0x90 [ 166.476167][ C0] exc_invalid_op+0x1a/0x50 [ 166.480682][ C0] asm_exc_invalid_op+0x1a/0x20 [ 166.485522][ C0] RIP: 0010:__queue_work+0xcd3/0xf50 [ 166.490810][ C0] Code: ff e8 d1 ea 37 00 90 0f 0b 90 e9 b2 fe ff ff e8 c3 ea 37 00 eb 13 e8 bc ea 37 00 eb 0c e8 b5 ea 37 00 eb 05 e8 ae ea 37 00 90 <0f> 0b 90 48 83 c4 60 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc [ 166.510489][ C0] RSP: 0000:ffffc90000007b08 EFLAGS: 00010046 [ 166.516541][ C0] RAX: ffffffff81678a3d RBX: 0000000000000100 RCX: ffff88803154bc00 [ 166.524500][ C0] RDX: 0000000000000100 RSI: 0000000000000100 RDI: 0000000000000000 [ 166.532461][ C0] RBP: 0000000000010000 R08: ffffffff81677e68 R09: 1ffffffff20333d6 [ 166.540417][ C0] R10: dffffc0000000000 R11: ffffffff81679270 R12: ffff88807803e800 [ 166.548383][ C0] R13: ffff88807803e9c0 R14: dffffc0000000000 R15: 0000000000000008 [ 166.556516][ C0] ? __pfx_delayed_work_timer_fn+0x10/0x10 [ 166.562314][ C0] ? __queue_work+0xe8/0xf50 [ 166.566918][ C0] ? __queue_work+0xcbd/0xf50 [ 166.571587][ C0] ? __queue_work+0xcbd/0xf50 [ 166.576340][ C0] ? call_timer_fn+0xa8/0x650 [ 166.581013][ C0] call_timer_fn+0x187/0x650 [ 166.585589][ C0] ? call_timer_fn+0xc0/0x650 [ 166.590248][ C0] ? __pfx_delayed_work_timer_fn+0x10/0x10 [ 166.596126][ C0] ? __pfx_call_timer_fn+0x10/0x10 [ 166.601335][ C0] ? __pfx_delayed_work_timer_fn+0x10/0x10 [ 166.607129][ C0] ? do_raw_spin_unlock+0x13c/0x8b0 [ 166.612340][ C0] ? rcu_is_watching+0x15/0xb0 [ 166.617093][ C0] ? __pfx_delayed_work_timer_fn+0x10/0x10 [ 166.622881][ C0] ? __pfx_delayed_work_timer_fn+0x10/0x10 [ 166.628674][ C0] __run_timer_base+0x695/0x8e0 [ 166.633515][ C0] ? __pfx___run_timer_base+0x10/0x10 [ 166.638873][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 166.645184][ C0] ? do_raw_spin_unlock+0x13c/0x8b0 [ 166.650375][ C0] run_timer_softirq+0xb7/0x170 [ 166.655217][ C0] handle_softirqs+0x2d4/0x9b0 [ 166.659977][ C0] ? __irq_exit_rcu+0xf7/0x220 [ 166.664728][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 166.670002][ C0] ? irqtime_account_irq+0xd4/0x1e0 [ 166.675185][ C0] __irq_exit_rcu+0xf7/0x220 [ 166.679768][ C0] ? __pfx___irq_exit_rcu+0x10/0x10 [ 166.684968][ C0] irq_exit_rcu+0x9/0x30 [ 166.689204][ C0] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 166.694839][ C0] [ 166.697757][ C0] [ 166.700681][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 166.706681][ C0] RIP: 0010:lock_is_held_type+0x13b/0x190 [ 166.712431][ C0] Code: 75 44 48 c7 04 24 00 00 00 00 9c 8f 04 24 f7 04 24 00 02 00 00 75 4c 41 f7 c4 00 02 00 00 74 01 fb 65 48 8b 04 25 28 00 00 00 <48> 3b 44 24 08 75 42 89 d8 48 83 c4 10 5b 41 5c 41 5d 41 5e 41 5f [ 166.732039][ C0] RSP: 0000:ffffc90002ed6b60 EFLAGS: 00000206 [ 166.738167][ C0] RAX: 0de81e41c27e9100 RBX: 0000000000000000 RCX: 0000000080000000 [ 166.746147][ C0] RDX: dffffc0000000000 RSI: ffffffff8c0aa8a0 RDI: ffffffff8c5f8da0 [ 166.754140][ C0] RBP: 0000000000000003 R08: ffffffff942c4887 R09: 1ffffffff2858910 [ 166.762108][ C0] R10: dffffc0000000000 R11: fffffbfff2858911 R12: 0000000000000246 [ 166.770082][ C0] R13: ffff88803154bc00 R14: 00000000ffffffff R15: ffffffff8e96e828 [ 166.778097][ C0] mem_cgroup_from_task+0x62/0x120 [ 166.783256][ C0] ? get_mem_cgroup_from_mm+0x38/0x2a0 [ 166.788732][ C0] get_mem_cgroup_from_mm+0xd7/0x2a0 [ 166.794012][ C0] __mem_cgroup_charge+0x16/0x80 [ 166.798942][ C0] shmem_alloc_and_add_folio+0x8a1/0x13d0 [ 166.804662][ C0] ? __pfx_filemap_get_entry+0x10/0x10 [ 166.810196][ C0] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 166.816337][ C0] ? shmem_allowable_huge_orders+0x580/0x660 [ 166.822391][ C0] shmem_get_folio_gfp+0x5a9/0x20a0 [ 166.827581][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 166.833545][ C0] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 166.839250][ C0] ? ktime_get_coarse_real_ts64_mg+0x57/0x220 [ 166.845296][ C0] ? seqcount_lockdep_reader_access+0x157/0x220 [ 166.851522][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 166.856709][ C0] shmem_write_begin+0x17e/0x460 [ 166.861632][ C0] ? __pfx_shmem_write_begin+0x10/0x10 [ 166.867078][ C0] ? fault_in_iov_iter_readable+0x236/0x280 [ 166.872958][ C0] generic_perform_write+0x344/0x6d0 [ 166.878243][ C0] ? __pfx_generic_perform_write+0x10/0x10 [ 166.884057][ C0] ? __pfx_generic_write_checks+0x10/0x10 [ 166.889782][ C0] ? file_update_time+0x2ab/0x450 [ 166.894796][ C0] shmem_file_write_iter+0xf9/0x120 [ 166.899984][ C0] __kernel_write_iter+0x42a/0x940 [ 166.905106][ C0] ? __pfx_shmem_file_write_iter+0x10/0x10 [ 166.910909][ C0] ? __pfx___kernel_write_iter+0x10/0x10 [ 166.916533][ C0] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 166.922507][ C0] ? iov_iter_bvec+0x4e/0x180 [ 166.927176][ C0] dump_user_range+0x4f1/0x970 [ 166.931960][ C0] ? __pfx_dump_user_range+0x10/0x10 [ 166.937248][ C0] ? __pfx_elf_coredump_extra_notes_write+0x10/0x10 [ 166.943822][ C0] ? __kmalloc_cache_noprof+0x243/0x390 [ 166.949355][ C0] ? dump_emit+0x99/0xd0 [ 166.953584][ C0] elf_core_dump+0x3e9f/0x4790 [ 166.958347][ C0] ? __pfx_elf_core_dump+0x10/0x10 [ 166.963471][ C0] ? mark_lock+0x9a/0x360 [ 166.967814][ C0] ? __lock_acquire+0x1397/0x2100 [ 166.972834][ C0] ? __pfx_cmp_vma_size+0x10/0x10 [ 166.977864][ C0] ? rcu_read_lock_any_held+0xb7/0x160 [ 166.983323][ C0] ? getname_kernel+0x140/0x2f0 [ 166.988195][ C0] do_coredump+0x214b/0x2e60 [ 166.992791][ C0] ? __pfx_do_coredump+0x10/0x10 [ 166.997738][ C0] ? proc_coredump_connector+0x1e8/0x750 [ 167.003355][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 167.009320][ C0] ? __pfx_proc_coredump_connector+0x10/0x10 [ 167.015292][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 167.020478][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 167.025658][ C0] get_signal+0x140b/0x1750 [ 167.030169][ C0] ? __pfx_get_signal+0x10/0x10 [ 167.035013][ C0] ? __pfx_force_sig_fault+0x10/0x10 [ 167.040289][ C0] arch_do_signal_or_restart+0x96/0x860 [ 167.046280][ C0] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 167.052431][ C0] ? irqentry_exit_to_user_mode+0x53/0x250 [ 167.058314][ C0] irqentry_exit_to_user_mode+0x7e/0x250 [ 167.063951][ C0] exc_page_fault+0x590/0x8b0 [ 167.068618][ C0] asm_exc_page_fault+0x26/0x30 [ 167.073457][ C0] RIP: 0033:0x7f2f1a57ff21 [ 167.077944][ C0] Code: 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 167.097543][ C0] RSP: 002b:00000000fffffe10 EFLAGS: 00010217 [ 167.103608][ C0] RAX: 0000000000000000 RBX: 00007f2f1a745fa0 RCX: 00007f2f1a57ff19 [ 167.111597][ C0] RDX: 0000000000000000 RSI: 00000000fffffe10 RDI: 0000000000000000 [ 167.119558][ C0] RBP: 00007f2f1a5f3986 R08: 0000000000000000 R09: 0000000000000000 [ 167.127526][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 167.135506][ C0] R13: 0000000000000000 R14: 00007f2f1a745fa0 R15: 00007ffc73ede8b8 [ 167.143487][ C0] [ 167.146648][ C0] Kernel Offset: disabled [ 167.151065][ C0] Rebooting in 86400 seconds..