last executing test programs: 2m19.408751751s ago: executing program 0 (id=1003): ioctl$vim2m_VIDIOC_STREAMOFF(0xffffffffffffffff, 0x40045612, &(0x7f0000000080)=0x2) r0 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f0000000340)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 'syz1\x00', 0x0}) ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r0, 0xc1105518, &(0x7f0000000040)={{0x80000000, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x1, [0x4d6b, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x100000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x6, 0x4, 0x6]}) 2m19.030259857s ago: executing program 0 (id=1007): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000400)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000140)={0x28, 0x6, r1, 0x0, &(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x800}) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000000)={0x28, 0x4, r1, 0x0, &(0x7f00004f9000/0x3000)=nil, 0x3000}) ioctl$IOMMU_IOAS_COPY(r0, 0x3b83, &(0x7f0000000040)={0x28, 0x5, r1, r1, 0x3, 0xfffffffffffffffa, 0x3fff}) ioctl$IOMMU_IOAS_MAP(r0, 0x3b85, &(0x7f0000000280)={0x28, 0x6, r1, 0x0, &(0x7f0000000380)="19", 0x1, 0x5}) ioctl$IOMMU_IOAS_MAP(r0, 0x3b85, &(0x7f0000000080)={0x28, 0x6, r1, 0x0, &(0x7f0000000200)='W', 0x1, 0x7a}) ioctl$IOMMU_IOAS_MAP(r0, 0x3b85, &(0x7f00000001c0)={0x28, 0x2, r1, 0x0, &(0x7f0000000340), 0x0, 0x6}) ioctl$IOMMU_IOAS_MAP(r0, 0x3b85, &(0x7f0000000300)={0x28, 0x6, r1, 0x0, &(0x7f00000002c0)="ec", 0x1, 0x3}) 2m16.808269714s ago: executing program 0 (id=1011): r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r0, &(0x7f0000000080), 0x10) sendmsg$can_bcm(r0, &(0x7f00000001c0)={&(0x7f0000000040), 0x10, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="0500"/12, @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES64, @ANYRESHEX=0x0, @ANYBLOB], 0x48}}, 0x0) 2m16.033371763s ago: executing program 0 (id=1012): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$F2FS_IOC_RELEASE_VOLATILE_WRITE(r0, 0xf504, 0x0) socket(0x11, 0x800000003, 0x0) socket$netlink(0x10, 0x3, 0x6) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) getsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, 0x0, &(0x7f0000000100)) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r3, 0x1, 0x3c, &(0x7f0000000180)=0x800001, 0x4) sched_setattr(0x0, 0x0, 0x0) syz_80211_inject_frame(0x0, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) socket$rds(0x15, 0x5, 0x0) r4 = gettid() r5 = syz_open_dev$video4linux(&(0x7f0000000000), 0x0, 0x109580) ioctl$VIDIOC_DQEVENT(r5, 0x80885659, 0x0) rt_sigqueueinfo(r4, 0x21, 0x0) ioctl$VIDIOC_S_CTRL(r5, 0xc008561c, &(0x7f00000000c0)={0xc, 0xe}) socket$nl_netfilter(0x10, 0x3, 0xc) 2m4.935451245s ago: executing program 0 (id=1034): r0 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000180)={0x42, 0x0, 0x2}, 0x10) sendmsg$tipc(r0, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x10) 2m4.135964423s ago: executing program 0 (id=1037): socket$inet6_tcp(0xa, 0x1, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) socket(0x10, 0x3, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = socket$kcm(0x2, 0x200000000000001, 0x0) sendmsg$inet(r1, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x300048c1) sendmsg$inet(r1, &(0x7f0000000040)={0x0, 0xeafbff3, &(0x7f0000000000)=[{&(0x7f0000000300)="b8", 0xfffffdef}], 0x1, 0x0, 0x0, 0x10000000}, 0x52cc) 1m47.380763432s ago: executing program 32 (id=1037): socket$inet6_tcp(0xa, 0x1, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) socket(0x10, 0x3, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = socket$kcm(0x2, 0x200000000000001, 0x0) sendmsg$inet(r1, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x300048c1) sendmsg$inet(r1, &(0x7f0000000040)={0x0, 0xeafbff3, &(0x7f0000000000)=[{&(0x7f0000000300)="b8", 0xfffffdef}], 0x1, 0x0, 0x0, 0x10000000}, 0x52cc) 1m47.319343702s ago: executing program 5 (id=1071): syz_mount_image$minix(&(0x7f00000003c0), &(0x7f0000000040)='./bus\x00', 0x280085e, &(0x7f0000000100)=ANY=[], 0xa, 0x229, &(0x7f00000005c0)="$eJzs2z1PFEEcx/HfPtxxoIARtTCaEI1oI+dDZWHUjoo3QEXgVOIaUbSAmAiNWphQ2dlYmZhYWBqDnbHyBViY2GmIFJdYWbBmz32Am3vO3a4e30/D7Pxm2NkNc/eH5QRgz7qqcVmylA8OjhUOrI9ZWS8JQEr88Ou26yfsKATQ324OZ70CANnYuia9OCX9LD+ck5OPyoKgAvi6KWlj4olWFeb2gKRXnyU3rh+21qSjbphbBQ1W1xcvpdPRfGvIqD+C+UNxvm9HMhjnZ05G59+vYY1oNBckBzUW5vPx/CNN6x23reoIAID+ZGmyWd5wgK3rC17pXN08V8nP183zlfxCk/xifDwQt2aeTz9471/eDvLJuTvefKNlAqjB7mD/fzmetJ0m+9+ts/+rf08AkL6l5ZVbs57nP5IqjdK9sCdsRH8RSHocY0xXGtEzhxYGR08ojSj4Hjt6HHP6+oR57d27CjtZ2Kik3tyof7ihGtG3qb/3JO6xe3HndzVO/Pj9ePHZ23etDH7T5ins+KduZqNUrhojW+rhdY0bu2DWK7Q23Vr1/TZPWvPlIvnngEK3X4kApK14//ZicWl55eyCI+lGKRe94U9936xU9sXG9T2A/1fypl8rXTN6/N2H0x8//Spfev20gzNfkfTBfCAIAAAAAAAAAAAAAADadkiHs14CAAAAgJSYn/65O9Ltjy5lfY0AAAAAAAAAAAAAAAAAAPSbPwEAAP//dhAJcA==") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) openat$uhid(0xffffffffffffff9c, 0x0, 0x802, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee6, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x50032, 0xffffffffffffffff, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r3, 0x0, 0x0) setsockopt$IP_VS_SO_SET_ADD(r3, 0x0, 0x482, 0x0, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) mlock(&(0x7f00007d8000/0x800000)=nil, 0x800000) syz_clone(0x206000, 0x0, 0x0, 0x0, 0x0, 0x0) mlock(&(0x7f00007d8000/0x800000)=nil, 0x800000) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) 1m45.31730226s ago: executing program 5 (id=1076): openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x381841, 0x0) socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdir(&(0x7f00000020c0)='./file1\x00', 0x32) sendmsg$MPTCP_PM_CMD_GET_ADDR(0xffffffffffffffff, 0x0, 0x8000) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001080)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000070000000900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a3000000000080005400000000d08000640ffffff000800034000000038980a00000c0a01010000000000000000070000000900020073797a31000000000900010073797a30000000006c0a03801c0000800800034000000002100002800c00028008000180000000007c020080100007800bcfa1f1be70726f787900000c000780080001006f736600100007800b00010074756e6e656c00000900090073797a31000000000c000540000000000000000428020280340002800900020073797a3100000000080001800000000008000180000000000900020073797a320000000008000340000000020c00028008000180fffffffd580001002917be74e13750cc5ba3ec95891a9c851b57b5db814ccc26f8e8d94a07b46234d73650541cd02480b69a3a4bea058fc668d4a742b2f7d711ccd03fe6d704a7676c5c98f3dadd2506ebdf9f15e23245cf42bd4a3c5b0001006fcf06f1493a270ef65cadc7d12f00e40913271183b6a64330c9e19c929c9800791ed8e1571cff431de5a6bb551bfc9cf93db5a152951890f01630fa415e01d62b50b9dafc1d4d2d1efeb03d2f7385fee5aafb26337c8c003c00028008000180fffffffc080003400000000308000180fffffffd0900020073797a310000000008000180fffffffc0900020073797a32000000004f00010049c9773d2053ad2c90002901753975e5ac85043343ad3b27d50d751ca3ca3f6d01f0d61ac152636f784a82769a493ef8c972381ac9737f042131a4ec0789318d7687d76b3a4bb613f0a21600a2000100fea8ab902345276448e74b24c91485a630fd70368e1723cb1f30b9202b5e66dc999943be802eb6283406be28b2f63194284c9238a3f78867e107e08b1d6444e38f552ad3cd34fc37ebd44d1f560a61add2829065e9c5ba602a383672a4f9efbc552a4f1259710edbb67bbc2e2c0d0ef305fbf66562b6317058da3c63eb6ce2df36eedcdbb0fdf2ce11bbe8273a20f7aa37de03941e2313bc635083b6632700000c0004400000000000000005b40100800c00054000000000000000000c000540000000000000000774000640a0aaed71e16a6293785c370ae7d55b8153042fdb9182dc15613fc7dd6a41f6aeff856b1df0aa0b467e0de19e15452d703323632691bacc2c5d4b5b3197577c694aaa1b33eecc13cee6e3272797dde739ca786f3f23bcc8837595702992c5868bd314327b80fab205ec51564fb6e4a1f750000a804c00028008000340000000010900020073797a31000000000900020073797a300000000008000340000000010900020073797a310000000008000180ffffffff0900020073797a30000000000c0005400000000000000a32840001801800028008000180fffffffd0900020073797a30000000002c00028008000340000000020900020073797a320000000008000340000000030900020073797a31000000003c00028008000180fffffffd08000180fffffffe0900020073797a31000000000900020073797a3000000000080003400000000408000180ffffffff44000180400002800900020073797a320000000008000340000000010900020073797a320000000008000180fffffffb0900020073797a310000000008000180fffffffb4402008034020180910001007dfdf795fc43e51ac887d0ad157725d637916590acc0daa933a43aae834dda5a02732502065524cd30bdce065074a39ae9401a037840cb03263dbd1ff3dace8426c964881e53de8a1ee16fe3b16f12bccc23903cdc7a31f0363f8e51c6ff70803e7c81acd93d396b9438832894f32f04e8093916b9aedd03ef1634da7d6aa11566dce4ec2577e77e7eb4c422d100000001010100df249b61cf7d9c465a17444c2380403e69ce9a8790f4c15ab623e20893574d6a51353776cdac146efaacb1f9c03304b7bc2843474388cb0c590326191d1300324ce899f84a1da7921d99a6a0848ed4b3c5c28a1e15e6f801a3187a05e81c86c083baa87cd57782874c7499a4cddfff9155c1d28ac001a2f65c865d59607d27083d13092583300eb541e138da4b68f25d91eef81b0c408b20a4f82e690e49cf86f3e8e97c4c650da407d0c8e3e2bea6099d780eb0f496ecc348f2070d4905215a697470a92d40038267046674ff3655471e890f26febfaa772619305fcd8f63375a0f086f4e8e0965b3a4c99489d4c7b8645c16a41e51d87af7853772190000000c00028008000180ffffffff8900010081df80a853cb96bf4e4230a1c1c4a1fc175e569f6aea498818e9f0df3d804eaf0dcd8b54097221a813e161ec9d6ead8435b4ea6cd1b89842ef3276a6f95ec4f9bf9fc4129a9b125d20394ccf068695b8e16a7347f194c16be7b8dec1976a4581d701dd1eb140dc10153278695802e5c4adebba9b98c37f50eac382bf1142a6a7af93f3dc120000000c0005400000000000000001d803008040010b80100001800b00010072656a65637400001c0001800a00010071756575650000000c000280060001400005000030000180080001006677640024000280080002400000001608000140000000020800034000000002080001400000000a980001800b0001007461726765740000880002800800024000005b05610003001c10198697749122b928b08661fb1170df935ae8864db3b1df3e464dd55498c134a26e711c0c19f5c846ba6568bbab8f4420a7fc267e83775279529aaaad9c68ea857dba13431ac4dc545ba31d5b00939037e16c756486704f46c5fe860000000f0001004d41535155455241444500000800024000000001380001800a0001006d617463680000002800028008000240000000020c000100706b7474797065000e000100636f6e6e747261636b000000100001800a000100696e6e65720000000c0005400000000000000010cc0007800a00010072616e6765000000bc0002800800014000000000a8000480a3000100f8f9909611b24e3aca61d2debb80695292d0b975a49eef2dd5ecfa71f8e4c39d5128dd02d531c6a84e262b803aadaf64e07d0b292225d38d433f551bb0b71f57e975df9ec2bb1b8eca5ed76f9e1f93808afd"], 0xb40}}, 0x30009000) mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0) r4 = fsopen(&(0x7f0000000040)='afs\x00', 0x0) fgetxattr(r4, &(0x7f0000000400)=@known='trusted.overlay.opaque\x00', &(0x7f0000000440)=""/113, 0x71) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, &(0x7f00000005c0)='#mS\xb2j\xcb\xa18:.)\xc7\xcb\xc5\xd8\x91\xa1\"\xd5\r\xd5\x80\x98y\xbd\xd7a\x87\x82\xd5\xd7p\xb1I\x04T\x9a\xae\xa8*v_(\x94]\xdf\xf1\x95!\xb3+\x1aD\xda\xe9\xe6\xda\x92U\xaaN\xff\xca\xb37-<3\xb28\xb8:UQ\x95|\xe5\xaa\x0e\xe7{\xd4T\x84\x83\x86\x9d\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xfe\x96\\BA\x00\x00\x00\x00\x00\x00', 0x0) syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000140)='./file0\x00', 0x810410, &(0x7f00000001c0)=ANY=[], 0x2, 0x1d6, &(0x7f0000000200)="$eJzsmb/P0kAYx7937Quvb4yJi4OLg68Ro5S2qGEhBhN3E/DXJpFK0AIGagIkDsTFxdHBxNV/wMHBycHNzVUHNTFxkNG55o5re7ZAwKmJz2c4vvfc3XPPHfAloSAI4r/l+7ffX59frbUuADiKQxRV/KeRzOHa/C8vH59/Ub/26s3n1x8Gx55cSedjAMJw+/2PAHjfMBBEnRSH6rUFHusb4Din9C0wnFH6LjhuKu2B4Y7SDzQ9jPbwPeve0O/c7/meLRpHNK5oqvr+JoDFnKEDYF+eLQyZNj6ezh62fd8bpcVeGO2TGdpVbLo/WV+Do676oj7xft1+9nQuKrZU3NbuzwGHo3QVDE2layjCsqzkSrTznzST/MY258+DOF7ORRkk8iVYOiK+0HHkxOLdx+yqH3kp/h+ENC4AmaFPB7vkEQ7wd6SgTGDlqsSfmAmc1fzJhBn7RyXoP6qMp7Nyr9/uel1v4LrVy/ZF277kVqQRLdsN/rcv/elAy7+XtUhJgRUwaQfByJkAwciJ++6y1Ry3+Xb4S67h0v84SqeXOcRHRR67uLqe6LeBSy16JWNt8QRBEARBEARBEARBEARBEDtxCkz+C6oeVIVrcK/L2X8CAAD//+lAY1E=") 1m42.123812426s ago: executing program 5 (id=1079): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000001a40)=""/102392, 0x18ff8) r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x101040) openat$rtc(0xffffffffffffff9c, 0x0, 0x288100, 0x0) r2 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$IP_VS_SO_SET_ADD(r2, 0x0, 0x482, &(0x7f0000000000)={0x6, @local, 0x0, 0x0, 'lc\x00'}, 0x2c) setsockopt$IP_VS_SO_SET_ADD(r2, 0x0, 0x483, &(0x7f0000000000)={0x6, @local, 0x0, 0x0, 'sh\x00'}, 0x2c) ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, 0x0) sched_setparam(0x0, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$SNDCTL_SEQ_OUTOFBAND(r3, 0x40085112, &(0x7f0000000000)=@e={0xff, 0xa, 0x0, 0x0, @SEQ_NOTEON}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(0xffffffffffffffff, 0x40605346, &(0x7f0000000280)={0x0, 0x0, {0x3, 0x2, 0x7fff}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r1, 0x40505412, &(0x7f0000000500)={0x0, 0x18a, 0x0, 0x0, 0xc}) bpf$BPF_PROG_TEST_RUN(0x1c, 0x0, 0x0) 1m39.622484694s ago: executing program 5 (id=1083): syz_mount_image$minix(&(0x7f00000003c0), &(0x7f0000000040)='./bus\x00', 0x280085e, &(0x7f0000000100)=ANY=[], 0xa, 0x229, &(0x7f00000005c0)="$eJzs2z1PFEEcx/HfPtxxoIARtTCaEI1oI+dDZWHUjoo3QEXgVOIaUbSAmAiNWphQ2dlYmZhYWBqDnbHyBViY2GmIFJdYWbBmz32Am3vO3a4e30/D7Pxm2NkNc/eH5QRgz7qqcVmylA8OjhUOrI9ZWS8JQEr88Ou26yfsKATQ324OZ70CANnYuia9OCX9LD+ck5OPyoKgAvi6KWlj4olWFeb2gKRXnyU3rh+21qSjbphbBQ1W1xcvpdPRfGvIqD+C+UNxvm9HMhjnZ05G59+vYY1oNBckBzUW5vPx/CNN6x23reoIAID+ZGmyWd5wgK3rC17pXN08V8nP183zlfxCk/xifDwQt2aeTz9471/eDvLJuTvefKNlAqjB7mD/fzmetJ0m+9+ts/+rf08AkL6l5ZVbs57nP5IqjdK9sCdsRH8RSHocY0xXGtEzhxYGR08ojSj4Hjt6HHP6+oR57d27CjtZ2Kik3tyof7ihGtG3qb/3JO6xe3HndzVO/Pj9ePHZ23etDH7T5ins+KduZqNUrhojW+rhdY0bu2DWK7Q23Vr1/TZPWvPlIvnngEK3X4kApK14//ZicWl55eyCI+lGKRe94U9936xU9sXG9T2A/1fypl8rXTN6/N2H0x8//Spfev20gzNfkfTBfCAIAAAAAAAAAAAAAADadkiHs14CAAAAgJSYn/65O9Ltjy5lfY0AAAAAAAAAAAAAAAAAAPSbPwEAAP//dhAJcA==") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) openat$uhid(0xffffffffffffff9c, 0x0, 0x802, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee6, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x50032, 0xffffffffffffffff, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, 0x0, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) mlock(&(0x7f00007d8000/0x800000)=nil, 0x800000) syz_clone(0x206000, 0x0, 0x0, 0x0, 0x0, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) 1m38.209277609s ago: executing program 5 (id=1090): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0) fcntl$lock(r0, 0x7, &(0x7f0000000000)={0x1, 0x0, 0x7, 0xfff}) fcntl$lock(r0, 0x25, &(0x7f0000001480)={0x0, 0x0, 0x400000000d240, 0x3ff}) ioctl$vim2m_VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000140)=@multiplanar_overlay={0xa, 0x3, 0x4, 0x10, 0x9, {0x0, 0xea60}, {0x3, 0x4, 0x0, 0x1, 0x4, 0x6, "3e301f13"}, 0xfffffff9, 0x3, {0x0}, 0x1fb}) fcntl$lock(r0, 0x24, &(0x7f0000000140)={0x2, 0x1, 0xd63e, 0x2}) 1m34.813670413s ago: executing program 5 (id=1095): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000001a40)=""/102392, 0x18ff8) r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x101040) openat$rtc(0xffffffffffffff9c, 0x0, 0x288100, 0x0) r2 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$IP_VS_SO_SET_ADD(r2, 0x0, 0x482, &(0x7f0000000000)={0x6, @local, 0x0, 0x0, 'lc\x00'}, 0x2c) setsockopt$IP_VS_SO_SET_ADD(r2, 0x0, 0x483, &(0x7f0000000000)={0x6, @local, 0x0, 0x0, 'sh\x00'}, 0x2c) r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) sched_setparam(0x0, 0x0) r4 = openat$sequencer2(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$SNDCTL_SEQ_OUTOFBAND(r4, 0x40085112, &(0x7f0000000000)=@e={0xff, 0xa, 0x0, 0x0, @SEQ_NOTEON}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r3, 0xc08c5332, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r3, 0x40605346, &(0x7f0000000280)={0x0, 0x0, {0x3, 0x2, 0x7fff}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r1, 0x40505412, &(0x7f0000000500)={0x0, 0x18a, 0x0, 0x0, 0xc}) bpf$BPF_PROG_TEST_RUN(0x1c, 0x0, 0x0) 1m32.836895627s ago: executing program 33 (id=1095): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000001a40)=""/102392, 0x18ff8) r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x101040) openat$rtc(0xffffffffffffff9c, 0x0, 0x288100, 0x0) r2 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$IP_VS_SO_SET_ADD(r2, 0x0, 0x482, &(0x7f0000000000)={0x6, @local, 0x0, 0x0, 'lc\x00'}, 0x2c) setsockopt$IP_VS_SO_SET_ADD(r2, 0x0, 0x483, &(0x7f0000000000)={0x6, @local, 0x0, 0x0, 'sh\x00'}, 0x2c) r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) sched_setparam(0x0, 0x0) r4 = openat$sequencer2(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$SNDCTL_SEQ_OUTOFBAND(r4, 0x40085112, &(0x7f0000000000)=@e={0xff, 0xa, 0x0, 0x0, @SEQ_NOTEON}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r3, 0xc08c5332, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r3, 0x40605346, &(0x7f0000000280)={0x0, 0x0, {0x3, 0x2, 0x7fff}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r1, 0x40505412, &(0x7f0000000500)={0x0, 0x18a, 0x0, 0x0, 0xc}) bpf$BPF_PROG_TEST_RUN(0x1c, 0x0, 0x0) 39.245247185s ago: executing program 2 (id=1232): syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="043e0b06c9000600e1b1"], 0xe) 38.881633089s ago: executing program 2 (id=1237): r0 = socket$inet(0x2, 0x3, 0x8d) setsockopt$inet_msfilter(r0, 0x0, 0x8, &(0x7f00000000c0)=ANY=[@ANYRESDEC], 0x1) getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000380)={0x0, @local, @local}, &(0x7f00000003c0)=0xe6) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_inet6_SIOCSIFADDR(r2, 0x8916, &(0x7f0000000000)={@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x3b, r1}) r3 = socket(0xa, 0x1, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) ioctl(r2, 0x8916, &(0x7f0000000000)) ioctl(r3, 0x8936, &(0x7f0000000000)) 37.636108244s ago: executing program 2 (id=1240): mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, &(0x7f0000000100)=0x1, 0x8, 0x0) get_mempolicy(0x0, 0x0, 0x0, &(0x7f0000266000/0x4000)=nil, 0x3) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r0, &(0x7f00000007c0)={0x1f, 0x0, @any, 0x4}, 0xe) listen(r0, 0xffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r1 = getpid() r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB, @ANYRESOCT=r2], 0x2c}}, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r5, 0xffffffffffffffff, 0x0) 33.416934302s ago: executing program 2 (id=1244): r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r0, &(0x7f0000000380)={{0x6, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0xa}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r1, &(0x7f0000000300)={{0x6, @rose, 0xffffffff}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}]}, 0x48) listen(r0, 0x1ad72f7) accept4$netrom(r0, 0x0, 0x0, 0x80000) r2 = accept4(r0, 0x0, 0x0, 0x80800) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x40c}}, 0x0) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) close_range(r3, 0xffffffffffffffff, 0x0) 31.603815486s ago: executing program 4 (id=1249): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) syz_open_dev$vbi(&(0x7f0000000040), 0x3, 0x2) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000440)=ANY=[@ANYBLOB="2b64657669aee0bb9aac93a3cf657a6572202b726c696d6974202b68756765746c62202b726c696d6974202b63707561636374202b6d656d6f7279202b637075736574202b6e65745f636c7320d7d860b98628f7628da6b623c0c01c345aa1c95cb952bd7644707458c2c3270b72b0d8d93ee94fc68505735f93d76630217fd90168f313e5219ef4ef4d6621cf43ac6a573633cd2ddf073744f3505a7cd3ef544005df508b427b6b5a86cbc890f57a00ec46ac908752782459dca5b9fb2af15bd948077984b97e68cf0f563cec381207000000000000004730a67c05856b6f511ea597af7d8d1d0ddc0bf235bf05ca5f296145d21f0351144afc7ce28ba7fb8a982163c6a3fa686b48af44b2e746fab3619cb9f78d75e8e96ea39f2d6c00000000000000"], 0x4d) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(r1, 0x84, 0x19, &(0x7f0000000300)={0x0, 0xd6}, 0x8) 31.549171134s ago: executing program 2 (id=1251): syz_mount_image$minix(&(0x7f00000003c0), &(0x7f0000000040)='./bus\x00', 0x280085e, &(0x7f0000000100)=ANY=[], 0xa, 0x229, &(0x7f00000005c0)="$eJzs2z1PFEEcx/HfPtxxoIARtTCaEI1oI+dDZWHUjoo3QEXgVOIaUbSAmAiNWphQ2dlYmZhYWBqDnbHyBViY2GmIFJdYWbBmz32Am3vO3a4e30/D7Pxm2NkNc/eH5QRgz7qqcVmylA8OjhUOrI9ZWS8JQEr88Ou26yfsKATQ324OZ70CANnYuia9OCX9LD+ck5OPyoKgAvi6KWlj4olWFeb2gKRXnyU3rh+21qSjbphbBQ1W1xcvpdPRfGvIqD+C+UNxvm9HMhjnZ05G59+vYY1oNBckBzUW5vPx/CNN6x23reoIAID+ZGmyWd5wgK3rC17pXN08V8nP183zlfxCk/xifDwQt2aeTz9471/eDvLJuTvefKNlAqjB7mD/fzmetJ0m+9+ts/+rf08AkL6l5ZVbs57nP5IqjdK9sCdsRH8RSHocY0xXGtEzhxYGR08ojSj4Hjt6HHP6+oR57d27CjtZ2Kik3tyof7ihGtG3qb/3JO6xe3HndzVO/Pj9ePHZ23etDH7T5ins+KduZqNUrhojW+rhdY0bu2DWK7Q23Vr1/TZPWvPlIvnngEK3X4kApK14//ZicWl55eyCI+lGKRe94U9936xU9sXG9T2A/1fypl8rXTN6/N2H0x8//Spfev20gzNfkfTBfCAIAAAAAAAAAAAAAADadkiHs14CAAAAgJSYn/65O9Ltjy5lfY0AAAAAAAAAAAAAAAAAAPSbPwEAAP//dhAJcA==") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) openat$uhid(0xffffffffffffff9c, 0x0, 0x802, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee6, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x50032, 0xffffffffffffffff, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r2, 0x0, 0x0) setsockopt$IP_VS_SO_SET_ADD(r2, 0x0, 0x482, 0x0, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) mlock(&(0x7f00007d8000/0x800000)=nil, 0x800000) syz_clone(0x206000, 0x0, 0x0, 0x0, 0x0, 0x0) 25.86083215s ago: executing program 4 (id=1267): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='devpts\x00', 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={0x0, r0}, 0x18) umount2(&(0x7f00000002c0)='./file0\x00', 0x0) 25.541183891s ago: executing program 4 (id=1270): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) read$msr(0xffffffffffffffff, &(0x7f0000002000)=""/102400, 0x19000) r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) setsockopt$sock_int(r0, 0x1, 0x2a, &(0x7f0000000140)=0x2f, 0x4) recvmmsg(r0, &(0x7f0000008880), 0x483, 0x44000102, 0x0) syz_emit_ethernet(0xbe, &(0x7f0000000000)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698dfa871c51852e4451b57d037ad3c045942824251d7d17b5191584cdd4fbe40a27424d", "bcfd56f1373669caaa2f19935e6996c7096ffe4f3a4745a8f762b964", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) 23.435831477s ago: executing program 4 (id=1275): r0 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000240)='/proc/asound/card0/oss_mixer\x00', 0x298f3cc22e12b39a, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) write$proc_mixer(r0, &(0x7f0000000580)=ANY=[@ANYBLOB='LINE1 \'Master Capture\' 00000000000000000000\nCD'], 0x178) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x11, 0x3, &(0x7f0000000200)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00', r2}, 0x10) dup3(r1, r0, 0x0) 22.841702364s ago: executing program 2 (id=1277): syz_init_net_socket$netrom(0x6, 0x5, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) syz_open_procfs$namespace(0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'netdevsim0\x00', 0x0}) bpf$MAP_CREATE(0x0, &(0x7f0000000900)=@base={0x1, 0x7, 0x2261, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', r2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) 22.799642224s ago: executing program 4 (id=1278): syz_mount_image$minix(&(0x7f00000003c0), &(0x7f0000000040)='./bus\x00', 0x280085e, &(0x7f0000000100)=ANY=[], 0xa, 0x229, &(0x7f00000005c0)="$eJzs2z1PFEEcx/HfPtxxoIARtTCaEI1oI+dDZWHUjoo3QEXgVOIaUbSAmAiNWphQ2dlYmZhYWBqDnbHyBViY2GmIFJdYWbBmz32Am3vO3a4e30/D7Pxm2NkNc/eH5QRgz7qqcVmylA8OjhUOrI9ZWS8JQEr88Ou26yfsKATQ324OZ70CANnYuia9OCX9LD+ck5OPyoKgAvi6KWlj4olWFeb2gKRXnyU3rh+21qSjbphbBQ1W1xcvpdPRfGvIqD+C+UNxvm9HMhjnZ05G59+vYY1oNBckBzUW5vPx/CNN6x23reoIAID+ZGmyWd5wgK3rC17pXN08V8nP183zlfxCk/xifDwQt2aeTz9471/eDvLJuTvefKNlAqjB7mD/fzmetJ0m+9+ts/+rf08AkL6l5ZVbs57nP5IqjdK9sCdsRH8RSHocY0xXGtEzhxYGR08ojSj4Hjt6HHP6+oR57d27CjtZ2Kik3tyof7ihGtG3qb/3JO6xe3HndzVO/Pj9ePHZ23etDH7T5ins+KduZqNUrhojW+rhdY0bu2DWK7Q23Vr1/TZPWvPlIvnngEK3X4kApK14//ZicWl55eyCI+lGKRe94U9936xU9sXG9T2A/1fypl8rXTN6/N2H0x8//Spfev20gzNfkfTBfCAIAAAAAAAAAAAAAADadkiHs14CAAAAgJSYn/65O9Ltjy5lfY0AAAAAAAAAAAAAAAAAAPSbPwEAAP//dhAJcA==") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) openat$uhid(0xffffffffffffff9c, 0x0, 0x802, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee6, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x50032, 0xffffffffffffffff, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r3, 0x0, 0x0) setsockopt$IP_VS_SO_SET_ADD(r3, 0x0, 0x482, 0x0, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) mlock(&(0x7f00007d8000/0x800000)=nil, 0x800000) syz_clone(0x206000, 0x0, 0x0, 0x0, 0x0, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) 20.810190173s ago: executing program 6 (id=1281): mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, &(0x7f0000000100)=0x1, 0x8, 0x0) get_mempolicy(0x0, 0x0, 0x0, &(0x7f0000266000/0x4000)=nil, 0x3) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r0, &(0x7f00000007c0)={0x1f, 0x0, @any, 0x4}, 0xe) listen(r0, 0xffffffff) sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8) r1 = getpid() r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB, @ANYRESOCT=r2], 0x2c}}, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r5, 0xffffffffffffffff, 0x0) 20.663749179s ago: executing program 4 (id=1282): syz_mount_image$fuse(0x0, &(0x7f0000000240)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000080)=0x200000000) syz_emit_ethernet(0x4e, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x0) dup2(r0, r0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x4, 0x4, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x71, 0x11, 0x70}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10153, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket$inet_mptcp(0x2, 0x1, 0x106) semctl$IPC_RMID(0x0, 0x0, 0x0) r4 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) bind$802154_raw(r4, &(0x7f0000000000)={0x24, @none={0x0, 0xffff}}, 0x14) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000140)=0x1) close_range(r0, 0xffffffffffffffff, 0x0) 16.871006159s ago: executing program 7 (id=1289): syz_mount_image$minix(&(0x7f00000003c0), &(0x7f0000000040)='./bus\x00', 0x280085e, &(0x7f0000000100)=ANY=[], 0xa, 0x229, &(0x7f00000005c0)="$eJzs2z1PFEEcx/HfPtxxoIARtTCaEI1oI+dDZWHUjoo3QEXgVOIaUbSAmAiNWphQ2dlYmZhYWBqDnbHyBViY2GmIFJdYWbBmz32Am3vO3a4e30/D7Pxm2NkNc/eH5QRgz7qqcVmylA8OjhUOrI9ZWS8JQEr88Ou26yfsKATQ324OZ70CANnYuia9OCX9LD+ck5OPyoKgAvi6KWlj4olWFeb2gKRXnyU3rh+21qSjbphbBQ1W1xcvpdPRfGvIqD+C+UNxvm9HMhjnZ05G59+vYY1oNBckBzUW5vPx/CNN6x23reoIAID+ZGmyWd5wgK3rC17pXN08V8nP183zlfxCk/xifDwQt2aeTz9471/eDvLJuTvefKNlAqjB7mD/fzmetJ0m+9+ts/+rf08AkL6l5ZVbs57nP5IqjdK9sCdsRH8RSHocY0xXGtEzhxYGR08ojSj4Hjt6HHP6+oR57d27CjtZ2Kik3tyof7ihGtG3qb/3JO6xe3HndzVO/Pj9ePHZ23etDH7T5ins+KduZqNUrhojW+rhdY0bu2DWK7Q23Vr1/TZPWvPlIvnngEK3X4kApK14//ZicWl55eyCI+lGKRe94U9936xU9sXG9T2A/1fypl8rXTN6/N2H0x8//Spfev20gzNfkfTBfCAIAAAAAAAAAAAAAADadkiHs14CAAAAgJSYn/65O9Ltjy5lfY0AAAAAAAAAAAAAAAAAAPSbPwEAAP//dhAJcA==") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) openat$uhid(0xffffffffffffff9c, 0x0, 0x802, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee6, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x50032, 0xffffffffffffffff, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r2, 0x0, 0x0) setsockopt$IP_VS_SO_SET_ADD(r2, 0x0, 0x482, 0x0, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) mlock(&(0x7f00007d8000/0x800000)=nil, 0x800000) syz_clone(0x206000, 0x0, 0x0, 0x0, 0x0, 0x0) 16.057658113s ago: executing program 6 (id=1292): r0 = socket$inet_smc(0x2b, 0x1, 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e2a, @local}, 0x10) listen(r0, 0xd) 15.939203514s ago: executing program 1 (id=1293): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWFLOWTABLE={0x34, 0x16, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x14, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_PRIORITY={0x8}, @NFTA_FLOWTABLE_HOOK_NUM={0x8}]}]}, @NFT_MSG_DELFLOWTABLE={0x38, 0x16, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x4}, @NFTA_FLOWTABLE_FLAGS={0x8}]}], {0x14, 0x10}}, 0xb4}}, 0x0) 15.822400955s ago: executing program 6 (id=1294): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x5, 0x1000086}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = socket$inet(0x2, 0x3, 0x4) setsockopt$inet_opts(r1, 0x0, 0x4, &(0x7f0000000000)="8907040400", 0x5) fsopen(0x0, 0x0) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f00000000c0)='bond0\x00', 0x10) connect$inet(r1, &(0x7f0000000080)={0x2, 0x4e20, @private=0xa010100}, 0x10) sendmmsg$inet(r1, &(0x7f0000000f40)=[{{&(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10, 0x0}}], 0x68000, 0x0) sched_setaffinity(0x0, 0x0, 0x0) syz_open_dev$vim2m(&(0x7f0000000040), 0x40000000000c1, 0x2) r2 = syz_open_dev$MSR(0x0, 0x0, 0x0) read$msr(r2, 0x0, 0x0) rmdir(0x0) r3 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$USBDEVFS_SUBMITURB(r3, 0x8038550a, &(0x7f0000000040)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000240)={0x20, 0xc, 0x0, 0x1ff}, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_open_procfs(0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) syz_init_net_socket$x25(0x9, 0x5, 0x0) 14.949489147s ago: executing program 1 (id=1295): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000e00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r4, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r4, &(0x7f00000103c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r4, &(0x7f0000000340)={0x50, 0x0, r5, {0x7, 0x1f, 0x0, 0x17040039, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}, 0x50) syz_fuse_handle_req(r4, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r6 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x80101, 0x0) write$tcp_congestion(r6, &(0x7f00000000c0)='lp\x00', 0xfffffdef) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000800)={'wg2\x00'}) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) dup2(r6, r4) syz_io_uring_setup(0x1111, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) 13.649592573s ago: executing program 1 (id=1296): ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000500)={'team0\x00', 0x0}) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000001240)=@newqdisc={0x3c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r0, {0x0, 0xffff}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0xc, 0x2, [@TCA_TAPRIO_ATTR_FLAGS={0x8, 0xa, 0xffffff01}]}}]}, 0x3c}}, 0x90) 7.140096839s ago: executing program 34 (id=1277): syz_init_net_socket$netrom(0x6, 0x5, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) syz_open_procfs$namespace(0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'netdevsim0\x00', 0x0}) bpf$MAP_CREATE(0x0, &(0x7f0000000900)=@base={0x1, 0x7, 0x2261, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', r2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) 6.801582674s ago: executing program 1 (id=1299): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, 0x0) sendmsg$BATADV_CMD_SET_MESH(0xffffffffffffffff, 0x0, 0x20044000) bind$inet6(r0, 0x0, 0x0) sendmsg$IPCTNL_MSG_CT_GET_DYING(0xffffffffffffffff, 0x0, 0x4090) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0xc004743e, 0x20001439) getpeername$packet(0xffffffffffffffff, 0x0, 0x0) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f00000042c0)={0x2020}, 0x2020) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, &(0x7f0000000140)={0x8000, 0x1, 0x4}) connect$netrom(r1, &(0x7f0000000440)={{0x6, @bcast, 0x1}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @bcast]}, 0x48) r4 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r4, 0x0, 0x0) 6.647040919s ago: executing program 6 (id=1301): userfaultfd(0x80001) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00') r5 = openat$binfmt(0xffffffffffffff9c, r4, 0x42, 0x1ff) close(r5) execveat$binfmt(0xffffffffffffff9c, r4, 0x0, &(0x7f0000000700)={[&(0x7f0000000500)='\x00\x00\x00', &(0x7f0000000540)='&\'.\xad,^%,-!:\',!\\\x00']}, 0x0) r6 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r6, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0x0, @dev}, 0x2}}, 0x2e) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0) 4.771206176s ago: executing program 35 (id=1282): syz_mount_image$fuse(0x0, &(0x7f0000000240)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000080)=0x200000000) syz_emit_ethernet(0x4e, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x0) dup2(r0, r0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x4, 0x4, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x71, 0x11, 0x70}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10153, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket$inet_mptcp(0x2, 0x1, 0x106) semctl$IPC_RMID(0x0, 0x0, 0x0) r4 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) bind$802154_raw(r4, &(0x7f0000000000)={0x24, @none={0x0, 0xffff}}, 0x14) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000140)=0x1) close_range(r0, 0xffffffffffffffff, 0x0) 4.750282391s ago: executing program 6 (id=1304): mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, &(0x7f0000000100)=0x1, 0x8, 0x0) get_mempolicy(0x0, 0x0, 0x0, &(0x7f0000266000/0x4000)=nil, 0x3) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r0, &(0x7f00000007c0)={0x1f, 0x0, @any, 0x4}, 0xe) listen(r0, 0xffffffff) sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8) r1 = getpid() r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB, @ANYRESOCT=r2], 0x2c}}, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r5, 0xffffffffffffffff, 0x0) 4.720048831s ago: executing program 3 (id=1305): setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x10}, 0x1c) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, &(0x7f00000000c0)={0x0, 0x0, 0x0, 'queue0\x00'}) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) socket$nl_route(0x10, 0x3, 0x0) close(r0) 3.953645028s ago: executing program 3 (id=1306): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='devpts\x00', 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000f00)='kfree\x00', r0}, 0x18) umount2(0x0, 0x0) 3.724580668s ago: executing program 3 (id=1307): syz_mount_image$minix(&(0x7f00000003c0), &(0x7f0000000040)='./bus\x00', 0x280085e, &(0x7f0000000100)=ANY=[], 0xa, 0x229, &(0x7f00000005c0)="$eJzs2z1PFEEcx/HfPtxxoIARtTCaEI1oI+dDZWHUjoo3QEXgVOIaUbSAmAiNWphQ2dlYmZhYWBqDnbHyBViY2GmIFJdYWbBmz32Am3vO3a4e30/D7Pxm2NkNc/eH5QRgz7qqcVmylA8OjhUOrI9ZWS8JQEr88Ou26yfsKATQ324OZ70CANnYuia9OCX9LD+ck5OPyoKgAvi6KWlj4olWFeb2gKRXnyU3rh+21qSjbphbBQ1W1xcvpdPRfGvIqD+C+UNxvm9HMhjnZ05G59+vYY1oNBckBzUW5vPx/CNN6x23reoIAID+ZGmyWd5wgK3rC17pXN08V8nP183zlfxCk/xifDwQt2aeTz9471/eDvLJuTvefKNlAqjB7mD/fzmetJ0m+9+ts/+rf08AkL6l5ZVbs57nP5IqjdK9sCdsRH8RSHocY0xXGtEzhxYGR08ojSj4Hjt6HHP6+oR57d27CjtZ2Kik3tyof7ihGtG3qb/3JO6xe3HndzVO/Pj9ePHZ23etDH7T5ins+KduZqNUrhojW+rhdY0bu2DWK7Q23Vr1/TZPWvPlIvnngEK3X4kApK14//ZicWl55eyCI+lGKRe94U9936xU9sXG9T2A/1fypl8rXTN6/N2H0x8//Spfev20gzNfkfTBfCAIAAAAAAAAAAAAAADadkiHs14CAAAAgJSYn/65O9Ltjy5lfY0AAAAAAAAAAAAAAAAAAPSbPwEAAP//dhAJcA==") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) openat$uhid(0xffffffffffffff9c, 0x0, 0x802, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee6, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x50032, 0xffffffffffffffff, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r1, 0x0, 0x0) setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, 0x0, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) mlock(&(0x7f00007d8000/0x800000)=nil, 0x800000) syz_clone(0x206000, 0x0, 0x0, 0x0, 0x0, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) 3.592748687s ago: executing program 7 (id=1308): r0 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'wlan0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000540)=@newqdisc={0x38, 0x24, 0xd0f, 0x70bd26, 0x0, {0x60, 0x0, 0x0, r1, {0x0, 0x6}, {0xffff, 0xffff}, {0x0, 0x9}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0xc, 0x2, [@TCA_HHF_BACKLOG_LIMIT={0x34, 0x1, 0x6}]}}]}, 0x38}}, 0x50) 2.84193272s ago: executing program 3 (id=1309): syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301) r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r0, &(0x7f00000000c0), 0x10) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[], 0x448}}, 0x0) sendmmsg$inet(r0, &(0x7f0000001b00)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000080)="050000007402b8f4191db62b", 0xc}, {&(0x7f0000000440)="9f336d70bf41f19e47e98b4015e3b0384d86a1ceb4e530554ebc8154bf392bcf9ce0b09f879bd7aaf9d086e3", 0x2c}], 0x2}}, {{0x0, 0x0, &(0x7f0000000100), 0x2}}], 0x40000000000003a, 0x0) 2.728711793s ago: executing program 7 (id=1310): r0 = socket(0x10, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000000)={'ip6gre0\x00', &(0x7f00000009c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, @loopback, @private1={0xfc, 0x1, '\x00', 0x1}}}) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f0000000440)={'syztnl1\x00', &(0x7f0000000640)={'ip6_vti0\x00', 0x0, 0x0, 0x0, 0x3, 0x5, 0x0, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010101}, @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x0, 0x0, 0x6}}) 2.540522182s ago: executing program 3 (id=1311): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) read$msr(0xffffffffffffffff, &(0x7f0000002000)=""/102400, 0x19000) r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) setsockopt$sock_int(r0, 0x1, 0x2a, &(0x7f0000000140)=0x2f, 0x4) recvmmsg(r0, &(0x7f0000008880), 0x483, 0x44000102, 0x0) syz_emit_ethernet(0xbe, &(0x7f0000000000)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698dfa871c51852e4451b57d037ad3c045942824251d7d17b5191584cdd4fbe40a27424d", "bcfd56f1373669caaa2f19935e6996c7096ffe4f3a4745a8f762b964", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0) 2.297545438s ago: executing program 7 (id=1312): bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x5, 0x4, 0x4, 0xa, 0x40, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) close(0x3) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='tlb_flush\x00', r0}, 0x10) 2.289771716s ago: executing program 1 (id=1313): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x48) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000100)=0x5) r4 = openat$userio(0xffffffffffffff9c, &(0x7f0000000080), 0x22242, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r4, 0x0, 0x0) read(r4, &(0x7f00000001c0)=""/93, 0x5d) r5 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x6, 0x4, &(0x7f0000000000)=ANY=[], &(0x7f00000005c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000200)={r5, 0x4000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, &(0x7f0000000280)="bf049f", 0x0, 0x8000}, 0x50) r6 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r6, &(0x7f0000000080), 0x10) sendmsg$can_bcm(r6, &(0x7f00000001c0)={&(0x7f0000000040), 0x4, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="0500"/12, @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES64, @ANYRESHEX=0x0, @ANYBLOB="0043e15aff000000010000000000000003020000b68c52d2be3c0d90"], 0x48}}, 0x0) write$USERIO_CMD_SEND_INTERRUPT(r4, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x6, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="b40900000000000061111000000000008510000002000000857f0000080000009500"], &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x4, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 2.229620821s ago: executing program 3 (id=1314): madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17) r0 = socket$netlink(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, 0x0, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0) mincore(&(0x7f0000409000/0x1000)=nil, 0x1000, &(0x7f0000000040)=""/203) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, 0x0, 0x0) 2.045441401s ago: executing program 7 (id=1315): userfaultfd(0x80001) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00') r5 = openat$binfmt(0xffffffffffffff9c, r4, 0x42, 0x1ff) close(r5) execveat$binfmt(0xffffffffffffff9c, r4, 0x0, &(0x7f0000000700)={[&(0x7f0000000500)='\x00\x00\x00', &(0x7f0000000540)='&\'.\xad,^%,-!:\',!\\\x00']}, 0x0) r6 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r6, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0x0, @dev}, 0x2}}, 0x2e) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0) 583.85913ms ago: executing program 7 (id=1316): setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x10}, 0x1c) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, &(0x7f00000000c0)={0x0, 0x0, 0x0, 'queue0\x00'}) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) socket$nl_route(0x10, 0x3, 0x0) close(r0) 41.890653ms ago: executing program 1 (id=1317): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='devpts\x00', 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000f00)='kfree\x00', r0}, 0x18) umount2(0x0, 0x0) 0s ago: executing program 6 (id=1318): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20f42, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000032680)=""/102400, 0x19000) bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0x2, 0x4e21, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, {0xa, 0x0, 0x0, @mcast2}}}, 0x48) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000140)={'\x00', 0x6132}) pselect6(0x40, &(0x7f00000000c0)={0x4, 0x5, 0x7, 0x4, 0x0, 0x5cf, 0x3, 0x5}, &(0x7f0000000100)={0x800, 0x3, 0x4, 0xfffffffffffff76c, 0x2, 0x8, 0x1ff, 0x7}, &(0x7f0000000180)={0x8000000000000001, 0x1, 0x7, 0x0, 0x4, 0x0, 0x8000000000000001, 0x3}, &(0x7f00000001c0)={0x0, 0x989680}, &(0x7f0000000240)={&(0x7f0000000200)={[0xa1]}, 0x8}) write$cgroup_subtree(r0, 0x0, 0xc54c295c) ptrace$peeksig(0x4209, 0x0, &(0x7f0000000280)={0x4, 0x1}, &(0x7f00000004c0)) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/pm_print_times', 0x149a82, 0x0) kernel console output (not intermixed with test programs): 707][ T5848] Bluetooth: hci4: command tx timeout [ 130.434891][ T6258] xt_l2tp: invalid flags combination: 8 [ 130.556217][ T6251] F2FS-fs (loop0): build fault injection attr: rate: 17008, type: 0x1fffff [ 130.564987][ T6251] F2FS-fs (loop0): build fault injection attr: rate: 0, type: 0x1f8 [ 130.587039][ T6251] F2FS-fs (loop0): invalid crc value [ 130.614481][ T6251] F2FS-fs (loop0): Found nat_bits in checkpoint [ 130.764723][ T6251] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 130.771980][ T6251] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 131.002056][ T8] usb 4-1: new full-speed USB device number 3 using dummy_hcd [ 131.750186][ T6268] loop2: detected capacity change from 0 to 64 [ 131.845691][ T8] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 131.854354][ T8] usb 4-1: config 0 has no interface number 0 [ 131.860475][ T8] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 131.872300][ T8] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 131.884598][ T8] usb 4-1: New USB device found, idVendor=056a, idProduct=0094, bcdDevice= 0.00 [ 131.895130][ T8] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 131.925360][ T5832] syz-executor: attempt to access beyond end of device [ 131.925360][ T5832] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 132.023548][ T5832] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 132.856877][ T8] usb 4-1: config 0 descriptor?? [ 133.026633][ T6278] Bluetooth: MGMT ver 1.23 [ 133.862521][ T8] usb 4-1: can't set config #0, error -71 [ 133.869463][ T8] usb 4-1: USB disconnect, device number 3 [ 133.991463][ T969] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 134.382842][ T969] usb 6-1: Using ep0 maxpacket: 8 [ 134.433808][ T969] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 7 [ 134.471486][ T969] usb 6-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b [ 134.489106][ T969] usb 6-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3 [ 134.512415][ T969] usb 6-1: Product: syz [ 134.525588][ T969] usb 6-1: Manufacturer: syz [ 134.536728][ T969] usb 6-1: SerialNumber: syz [ 134.561556][ T2145] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 135.013606][ T2145] usb 2-1: Using ep0 maxpacket: 16 [ 135.019069][ T969] usb 6-1: palm_os_3_probe - error -110 getting connection information [ 135.020656][ T2145] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 135.053034][ T2145] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 135.058092][ T969] visor 6-1:1.0: probe with driver visor failed with error -110 [ 135.122736][ T2145] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 135.137118][ T2145] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 135.178320][ T2145] usb 2-1: Product: syz [ 135.457834][ T2145] usb 2-1: Manufacturer: syz [ 135.491512][ T2145] usb 2-1: SerialNumber: syz [ 135.777502][ T2145] usb 2-1: 0:2 : does not exist [ 135.782208][ T969] usb 6-1: USB disconnect, device number 5 [ 135.825779][ T2145] usb 2-1: 5:0: failed to get current value for ch 0 (-22) [ 135.887597][ T2145] usb 2-1: USB disconnect, device number 2 [ 136.131997][ T5848] Bluetooth: hci1: command tx timeout [ 136.170794][ T6316] loop0: detected capacity change from 0 to 1024 [ 136.363453][ T969] usb 6-1: new full-speed USB device number 6 using dummy_hcd [ 136.567176][ T2145] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 136.592537][ T969] usb 6-1: config 0 has an invalid interface number: 1 but max is 0 [ 136.763061][ T969] usb 6-1: config 0 has no interface number 0 [ 136.951476][ T969] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 136.985594][ T969] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 137.051538][ T969] usb 6-1: New USB device found, idVendor=056a, idProduct=0094, bcdDevice= 0.00 [ 137.081552][ T969] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 137.090693][ T2145] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 137.123675][ T969] usb 6-1: config 0 descriptor?? [ 137.123685][ T2145] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 137.161508][ T2145] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 137.489980][ T2145] usb 4-1: config 0 descriptor?? [ 137.502384][ T1291] ieee802154 phy0 wpan0: encryption failed: -22 [ 137.521547][ T1291] ieee802154 phy1 wpan1: encryption failed: -22 [ 138.162965][ T2145] keytouch 0003:0926:3333.0001: fixing up Keytouch IEC report descriptor [ 138.219265][ T2145] input: HID 0926:3333 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0926:3333.0001/input/input5 [ 138.369842][ T969] usbhid 6-1:0.1: can't add hid device: -71 [ 138.391446][ T969] usbhid 6-1:0.1: probe with driver usbhid failed with error -71 [ 138.412081][ T969] usb 6-1: USB disconnect, device number 6 [ 138.456756][ T6304] loop2: detected capacity change from 0 to 40427 [ 138.476789][ T2145] keytouch 0003:0926:3333.0001: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.3-1/input0 [ 138.512885][ T6304] F2FS-fs (loop2): Unable to read 1th superblock [ 138.525660][ T6304] F2FS-fs (loop2): build fault injection attr: rate: 17008, type: 0x1fffff [ 138.646491][ T2145] usb 4-1: USB disconnect, device number 4 [ 138.727132][ T6304] F2FS-fs (loop2): build fault injection attr: rate: 0, type: 0x1f8 [ 139.284182][ T6304] F2FS-fs (loop2): invalid crc value [ 139.290917][ T6304] F2FS-fs (loop2): Failed to start F2FS issue_checkpoint_thread (-4) [ 140.440851][ T5941] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 140.477152][ T6347] Zero length message leads to an empty skb [ 140.621947][ T5941] usb 2-1: Using ep0 maxpacket: 8 [ 140.634391][ T5941] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 7 [ 140.857149][ T6353] loop2: detected capacity change from 0 to 1024 [ 140.916675][ T5941] usb 2-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b [ 140.957201][ T6353] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 141.141533][ T5941] usb 2-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3 [ 141.149920][ T5941] usb 2-1: Product: syz [ 141.154385][ T5941] usb 2-1: Manufacturer: syz [ 141.159270][ T5941] usb 2-1: SerialNumber: syz [ 141.557728][ T5833] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 141.561079][ T5941] usb 2-1: Invalid connection information received from device [ 141.898949][ T5941] usb 2-1: USB disconnect, device number 3 [ 142.792964][ T6371] loop2: detected capacity change from 0 to 1024 [ 144.284679][ T6384] loop3: detected capacity change from 0 to 40427 [ 144.294592][ T6384] F2FS-fs (loop3): Insane cp_payload (553648128 >= 504) [ 144.301827][ T6384] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 144.310745][ T6384] F2FS-fs (loop3): build fault injection attr: rate: 17008, type: 0x1fffff [ 144.319753][ T6384] F2FS-fs (loop3): build fault injection attr: rate: 0, type: 0x1f8 [ 144.330290][ T6384] F2FS-fs (loop3): invalid crc value [ 144.360065][ T6384] F2FS-fs (loop3): Found nat_bits in checkpoint [ 144.430548][ T6384] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 144.437684][ T6384] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 144.461838][ T8] usb 2-1: new full-speed USB device number 4 using dummy_hcd [ 144.904944][ T8] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 145.142652][ T8] usb 2-1: config 0 has no interface number 0 [ 146.198830][ T8] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 146.372729][ T8] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 146.383629][ T8] usb 2-1: New USB device found, idVendor=056a, idProduct=0094, bcdDevice= 0.00 [ 146.508806][ T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 146.591764][ T5834] syz-executor: attempt to access beyond end of device [ 146.591764][ T5834] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 146.625206][ T8] usb 2-1: config 0 descriptor?? [ 146.643027][ T5834] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 146.842003][ T8] usbhid 2-1:0.1: can't add hid device: -71 [ 146.848058][ T8] usbhid 2-1:0.1: probe with driver usbhid failed with error -71 [ 146.932436][ T8] usb 2-1: USB disconnect, device number 4 [ 147.732443][ T6408] loop1: detected capacity change from 0 to 1024 [ 147.850179][ T6408] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 147.937436][ T5837] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 148.343731][ T6414] loop1: detected capacity change from 0 to 1024 [ 148.431631][ T6414] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (24866!=20869) [ 148.488133][ T6414] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 148.556847][ T6414] EXT4-fs (loop1): invalid journal inode [ 149.027079][ T6419] Unsupported ieee802154 address type: 0 [ 150.061574][ T5855] Bluetooth: hci0: command 0x0406 tx timeout [ 151.508890][ T2930] hfsplus: b-tree write err: -5, ino 4 [ 152.126779][ T6439] loop1: detected capacity change from 0 to 128 [ 152.620260][ T5975] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 153.943093][ T6444] loop3: detected capacity change from 0 to 40427 [ 154.087266][ T6444] F2FS-fs (loop3): Insane cp_payload (553648128 >= 504) [ 154.094352][ T6444] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 154.133509][ T6444] F2FS-fs (loop3): build fault injection attr: rate: 17008, type: 0x1fffff [ 154.142233][ T6444] F2FS-fs (loop3): build fault injection attr: rate: 0, type: 0x1f8 [ 154.157464][ T6444] F2FS-fs (loop3): invalid crc value [ 154.177061][ T6444] F2FS-fs (loop3): Found nat_bits in checkpoint [ 154.249039][ T6444] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 154.258649][ T6444] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 154.311567][ T5975] usb 1-1: Using ep0 maxpacket: 8 [ 154.462057][ T5975] usb 1-1: device descriptor read/all, error -71 [ 154.471246][ T5834] syz-executor: attempt to access beyond end of device [ 154.471246][ T5834] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 154.531534][ T5834] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 155.344581][ T6457] loop4: detected capacity change from 0 to 512 [ 155.920218][ T6457] EXT4-fs error (device loop4): ext4_free_branches:1020: inode #11: comm syz.4.150: invalid indirect mapped block 256 (level 2) [ 155.938725][ T6457] EXT4-fs (loop4): 2 truncates cleaned up [ 155.946192][ T6457] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 156.293049][ T5835] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 156.341522][ T5975] usb 1-1: new full-speed USB device number 3 using dummy_hcd [ 156.596656][ T6465] loop4: detected capacity change from 0 to 1024 [ 156.679278][ T5975] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 156.821531][ T5975] usb 1-1: config 0 has no interface number 0 [ 156.860174][ T5975] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 156.924666][ T5975] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 156.969418][ T5975] usb 1-1: New USB device found, idVendor=056a, idProduct=0094, bcdDevice= 0.00 [ 157.003948][ T5975] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 157.052188][ T5975] usb 1-1: config 0 descriptor?? [ 157.558889][ T6472] loop4: detected capacity change from 0 to 1024 [ 157.610528][ T6473] loop3: detected capacity change from 0 to 1024 [ 157.612834][ T6472] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (24866!=20869) [ 157.696979][ T6472] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 157.708510][ T8] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 157.731538][ T6473] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 157.767958][ T6472] EXT4-fs (loop4): invalid journal inode [ 158.100526][ T8] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 158.112406][ T5975] usbhid 1-1:0.1: can't add hid device: -71 [ 158.118444][ T5975] usbhid 1-1:0.1: probe with driver usbhid failed with error -71 [ 158.126491][ T8] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 158.146616][ T5834] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 158.160778][ T8] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 158.168504][ T5975] usb 1-1: USB disconnect, device number 3 [ 158.242617][ T8] usb 6-1: config 0 descriptor?? [ 158.610414][ T6481] Unsupported ieee802154 address type: 0 [ 158.696902][ T8] keytouch 0003:0926:3333.0002: fixing up Keytouch IEC report descriptor [ 158.814726][ T8] input: HID 0926:3333 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:0926:3333.0002/input/input6 [ 159.280217][ T8] keytouch 0003:0926:3333.0002: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.5-1/input0 [ 159.367044][ T8] usb 6-1: USB disconnect, device number 7 [ 159.407097][ T6483] loop0: detected capacity change from 0 to 40427 [ 159.415901][ T6483] F2FS-fs (loop0): Insane cp_payload (553648128 >= 504) [ 159.424115][ T6483] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 159.918217][ T6483] F2FS-fs (loop0): build fault injection attr: rate: 17008, type: 0x1fffff [ 159.926941][ T6483] F2FS-fs (loop0): build fault injection attr: rate: 0, type: 0x1f8 [ 159.987196][ T6483] F2FS-fs (loop0): invalid crc value [ 159.999917][ T6483] F2FS-fs (loop0): Found nat_bits in checkpoint [ 160.111792][ T6483] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 160.118869][ T6483] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 161.126197][ T5832] syz-executor: attempt to access beyond end of device [ 161.126197][ T5832] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 161.341521][ T5832] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 163.152714][ T6507] loop1: detected capacity change from 0 to 40427 [ 163.170175][ T6507] F2FS-fs (loop1): Insane cp_payload (553648128 >= 504) [ 163.177171][ T6507] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 163.204881][ T6507] F2FS-fs (loop1): build fault injection attr: rate: 17008, type: 0x1fffff [ 163.214864][ T6507] F2FS-fs (loop1): build fault injection attr: rate: 0, type: 0x1f8 [ 163.285860][ T6507] F2FS-fs (loop1): invalid crc value [ 163.351556][ T6507] F2FS-fs (loop1): Found nat_bits in checkpoint [ 163.389230][ T6498] syz.4.161 (6498) used greatest stack depth: 20848 bytes left [ 163.409312][ T6507] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 163.417923][ T6507] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 163.643148][ T5837] syz-executor: attempt to access beyond end of device [ 163.643148][ T5837] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 163.692137][ T5837] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 164.954776][ T6530] loop2: detected capacity change from 0 to 128 [ 164.986669][ T6530] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256 [ 167.295337][ T6543] befs: (nullb0): No write support. Marking filesystem read-only [ 167.312432][ T6543] befs: (nullb0): invalid magic header [ 167.313122][ T6542] loop0: detected capacity change from 0 to 1024 [ 167.358641][ T6542] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (24866!=20869) [ 167.393725][ T6545] loop3: detected capacity change from 0 to 64 [ 167.418929][ T6545] 9pnet_fd: Insufficient options for proto=fd [ 167.486448][ T9] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 167.963113][ T6542] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 168.088519][ T6542] EXT4-fs (loop0): invalid journal inode [ 168.103319][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 168.119706][ T9] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 168.183579][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 168.220993][ T9] usb 3-1: config 0 descriptor?? [ 168.696812][ T9] keytouch 0003:0926:3333.0003: fixing up Keytouch IEC report descriptor [ 168.736773][ T6552] Unsupported ieee802154 address type: 0 [ 169.253457][ T6550] Driver unsupported XDP return value 0 on prog (id 36) dev N/A, expect packet loss! [ 169.298182][ T5848] Bluetooth: hci1: ACL packet for unknown connection handle 0 [ 169.701672][ T9] input: HID 0926:3333 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0926:3333.0003/input/input7 [ 169.932151][ T9] keytouch 0003:0926:3333.0003: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.2-1/input0 [ 170.052001][ T9] usb 3-1: USB disconnect, device number 2 [ 171.054261][ T6562] loop0: detected capacity change from 0 to 40427 [ 171.430164][ T6562] F2FS-fs (loop0): Insane cp_payload (553648128 >= 504) [ 171.437228][ T6562] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 171.447948][ T6562] F2FS-fs (loop0): build fault injection attr: rate: 17008, type: 0x1fffff [ 171.456628][ T6562] F2FS-fs (loop0): build fault injection attr: rate: 0, type: 0x1f8 [ 171.467351][ T6562] F2FS-fs (loop0): invalid crc value [ 171.494670][ T6562] F2FS-fs (loop0): Found nat_bits in checkpoint [ 171.996521][ T6562] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 172.006217][ T6562] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 175.205271][ T5832] syz-executor: attempt to access beyond end of device [ 175.205271][ T5832] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 175.231501][ T5832] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 175.246707][ T9] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 175.285350][ T9] hid-generic 0000:0000:0000.0004: hidraw0: HID v0.00 Device [syz1] on syz0 [ 176.081461][ T5911] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 176.241702][ T5911] usb 4-1: Using ep0 maxpacket: 16 [ 176.270131][ T5911] usb 4-1: config 0 has no interfaces? [ 176.277306][ T5911] usb 4-1: New USB device found, idVendor=056a, idProduct=0029, bcdDevice= 0.00 [ 176.317037][ T5911] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 177.376057][ T5911] usb 4-1: config 0 descriptor?? [ 177.542779][ T969] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 177.667585][ T5911] usb 4-1: USB disconnect, device number 5 [ 177.756514][ T969] usb 5-1: Using ep0 maxpacket: 16 [ 177.795953][ T969] usb 5-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice=10.00 [ 177.832807][ T969] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 177.921456][ T969] usb 5-1: Product: syz [ 177.949013][ T969] usb 5-1: Manufacturer: syz [ 177.984741][ T969] usb 5-1: SerialNumber: syz [ 178.122769][ T969] usb 5-1: config 0 descriptor?? [ 178.325543][ T969] ftdi_sio 5-1:0.0: FTDI USB Serial Device converter detected [ 179.182049][ T969] usb 5-1: Detected FT-X [ 179.259146][ T969] ftdi_sio ttyUSB0: Unable to read latency timer: -32 [ 179.779660][ T969] ftdi_sio 5-1:0.0: GPIO initialisation failed: -32 [ 180.086642][ T969] usb 5-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 180.234367][ T969] usb 5-1: USB disconnect, device number 3 [ 180.352437][ T969] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 180.401313][ T969] ftdi_sio 5-1:0.0: device disconnected [ 182.070899][ T6636] loop0: detected capacity change from 0 to 40427 [ 182.121551][ T6636] F2FS-fs (loop0): Insane cp_payload (553648128 >= 504) [ 182.128591][ T6636] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 182.137265][ T6636] F2FS-fs (loop0): build fault injection attr: rate: 17008, type: 0x1fffff [ 182.145969][ T6636] F2FS-fs (loop0): build fault injection attr: rate: 0, type: 0x1f8 [ 182.160543][ T6636] F2FS-fs (loop0): invalid crc value [ 182.213299][ T6636] F2FS-fs (loop0): Found nat_bits in checkpoint [ 182.355619][ T6636] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 182.363906][ T6636] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 182.832281][ T6652] loop3: detected capacity change from 0 to 512 [ 183.154451][ T6654] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 183.304744][ T6652] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 183.330575][ T6652] ext4 filesystem being mounted at /47/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 183.851534][ T5834] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 184.401740][ T5832] syz-executor: attempt to access beyond end of device [ 184.401740][ T5832] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 185.203958][ T5832] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 185.973768][ T6673] loop2: detected capacity change from 0 to 1024 [ 186.016206][ T6673] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (24866!=20869) [ 186.091465][ T6673] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 186.190135][ T6673] EXT4-fs (loop2): invalid journal inode [ 186.645205][ T6681] Unsupported ieee802154 address type: 0 [ 187.878509][ T6688] loop0: detected capacity change from 0 to 1024 [ 188.141183][ T6688] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 188.324377][ T5832] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 189.594444][ T6703] netlink: 8 bytes leftover after parsing attributes in process `syz.0.220'. [ 189.923777][ T6704] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 189.963892][ T6702] loop3: detected capacity change from 0 to 40427 [ 189.988863][ T6702] F2FS-fs (loop3): Insane cp_payload (553648128 >= 504) [ 189.997023][ T6702] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 190.005887][ T6702] F2FS-fs (loop3): build fault injection attr: rate: 17008, type: 0x1fffff [ 190.014580][ T6702] F2FS-fs (loop3): build fault injection attr: rate: 0, type: 0x1f8 [ 190.024305][ T6702] F2FS-fs (loop3): invalid crc value [ 190.062806][ T6702] F2FS-fs (loop3): Found nat_bits in checkpoint [ 190.137412][ T6702] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 190.145777][ T6702] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 191.825016][ T5834] syz-executor: attempt to access beyond end of device [ 191.825016][ T5834] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 191.862833][ T5834] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 191.997306][ T6726] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=none:owns=io+mem [ 195.939554][ T6749] netlink: 444 bytes leftover after parsing attributes in process `syz.3.234'. [ 196.002943][ T6750] loop3: detected capacity change from 0 to 16 [ 196.069632][ T6750] erofs (device loop3): mounted with root inode @ nid 36. [ 196.220169][ T6752] loop0: detected capacity change from 0 to 1024 [ 196.271159][ T6752] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (24866!=20869) [ 196.321451][ T6752] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 196.421075][ T6752] EXT4-fs (loop0): invalid journal inode [ 196.555590][ T6758] loop3: detected capacity change from 0 to 22 [ 196.581887][ T6758] MTD: Attempt to mount non-MTD device "/dev/loop3" [ 196.819113][ T6758] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 196.909903][ T6760] Unsupported ieee802154 address type: 0 [ 198.881852][ T6767] loop5: detected capacity change from 0 to 40427 [ 198.941572][ T1291] ieee802154 phy0 wpan0: encryption failed: -22 [ 198.948408][ T1291] ieee802154 phy1 wpan1: encryption failed: -22 [ 198.961247][ T6767] F2FS-fs (loop5): Insane cp_payload (553648128 >= 504) [ 198.968337][ T6767] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 198.977245][ T6767] F2FS-fs (loop5): build fault injection attr: rate: 17008, type: 0x1fffff [ 198.985947][ T6767] F2FS-fs (loop5): build fault injection attr: rate: 0, type: 0x1f8 [ 198.996029][ T6767] F2FS-fs (loop5): invalid crc value [ 199.005271][ T6767] F2FS-fs (loop5): Found nat_bits in checkpoint [ 199.085593][ T6767] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 199.092839][ T6767] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 199.278826][ T5843] syz-executor: attempt to access beyond end of device [ 199.278826][ T5843] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 199.466884][ T5843] F2FS-fs (loop5): Stopped filesystem due to reason: 3 [ 201.368775][ T6791] loop1: detected capacity change from 0 to 1024 [ 202.048594][ T6797] loop5: detected capacity change from 0 to 1024 [ 204.232478][ T6811] netlink: 444 bytes leftover after parsing attributes in process `syz.2.251'. [ 204.295061][ T6812] loop2: detected capacity change from 0 to 16 [ 204.355526][ T6812] erofs (device loop2): mounted with root inode @ nid 36. [ 208.737316][ T6844] loop5: detected capacity change from 0 to 1024 [ 208.803870][ T6844] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 209.193690][ T5843] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 211.591740][ T6867] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 212.062267][ T6869] loop1: detected capacity change from 0 to 512 [ 212.376763][ T6871] mkiss: ax0: crc mode is auto. [ 212.422915][ T6871] misc userio: Invalid payload size [ 212.437060][ T25] usb 4-1: new full-speed USB device number 6 using dummy_hcd [ 212.448609][ T6869] UDF-fs: warning (device loop1): udf_load_vrs: No VRS found [ 212.461612][ T6869] UDF-fs: Scanning with blocksize 512 failed [ 212.532664][ T6872] misc userio: Invalid payload size [ 212.996040][ T6869] UDF-fs: warning (device loop1): udf_load_vrs: No VRS found [ 213.166929][ T6869] UDF-fs: Scanning with blocksize 1024 failed [ 213.190338][ T25] usb 4-1: unable to get BOS descriptor or descriptor too short [ 213.204551][ T6869] UDF-fs: warning (device loop1): udf_load_vrs: No VRS found [ 213.373739][ T25] usb 4-1: unable to read config index 0 descriptor/start: -71 [ 213.401530][ T6869] UDF-fs: Scanning with blocksize 2048 failed [ 213.409458][ T25] usb 4-1: can't read configurations, error -71 [ 213.495697][ T6869] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 214.444364][ T6869] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 214.634151][ T5911] IPVS: starting estimator thread 0... [ 214.974703][ T6882] IPVS: using max 15 ests per chain, 36000 per kthread [ 215.687721][ T6903] loop1: detected capacity change from 0 to 1024 [ 215.769587][ T6903] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 216.472158][ T54] Bluetooth: hci2: command 0x0406 tx timeout [ 216.478275][ T54] Bluetooth: hci4: command 0x0406 tx timeout [ 216.484575][ T54] Bluetooth: hci1: command 0x0406 tx timeout [ 216.490607][ T54] Bluetooth: hci3: command 0x0406 tx timeout [ 216.497076][ T54] Bluetooth: hci5: command 0x0406 tx timeout [ 216.791470][ T5911] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 217.212266][ T5911] usb 5-1: device descriptor read/64, error -71 [ 217.661809][ T6921] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 218.333429][ T5911] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 218.742455][ T6924] loop5: detected capacity change from 0 to 1024 [ 218.809179][ T6924] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (24866!=20869) [ 218.870332][ T6924] EXT4-fs (loop5): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 218.892360][ T5837] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 218.932365][ T6924] EXT4-fs (loop5): invalid journal inode [ 219.438893][ T6932] Unsupported ieee802154 address type: 0 [ 220.540685][ T6956] loop3: detected capacity change from 0 to 512 [ 220.612186][ T6956] EXT4-fs error (device loop3): ext4_validate_block_bitmap:440: comm syz.3.294: bg 0: block 248: padding at end of block bitmap is not set [ 220.681801][ T6956] Quota error (device loop3): write_blk: dquota write failed [ 220.720361][ T6956] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 220.766237][ T6956] EXT4-fs error (device loop3): ext4_acquire_dquot:6925: comm syz.3.294: Failed to acquire dquot type 1 [ 221.754343][ T6956] EXT4-fs (loop3): 1 truncate cleaned up [ 221.787960][ T6956] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 221.820153][ T6956] ext4 filesystem being mounted at /61/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 221.904921][ T6956] Bluetooth: MGMT ver 1.23 [ 221.941470][ T2145] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 222.078237][ T5834] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 222.549182][ T2145] usb 2-1: device descriptor read/64, error -71 [ 224.264467][ T6972] loop3: detected capacity change from 0 to 40427 [ 224.395684][ T6972] F2FS-fs (loop3): Insane cp_payload (553648128 >= 504) [ 224.402770][ T6972] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 224.411223][ T2145] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 224.436834][ T6972] F2FS-fs (loop3): build fault injection attr: rate: 17008, type: 0x1fffff [ 224.445594][ T6972] F2FS-fs (loop3): build fault injection attr: rate: 0, type: 0x1f8 [ 224.456603][ T6972] F2FS-fs (loop3): invalid crc value [ 224.515246][ T6972] F2FS-fs (loop3): Found nat_bits in checkpoint [ 224.648017][ T6972] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 224.657379][ T6972] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 224.772284][ T5834] syz-executor: attempt to access beyond end of device [ 224.772284][ T5834] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 224.872720][ T5834] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 224.915630][ T6989] loop0: detected capacity change from 0 to 1024 [ 224.948724][ T6989] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (24866!=20869) [ 225.047096][ T6989] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 225.158448][ T6989] EXT4-fs (loop0): invalid journal inode [ 227.140840][ T7007] Unsupported ieee802154 address type: 0 [ 227.839836][ T7014] loop4: detected capacity change from 0 to 512 [ 228.006955][ T7014] EXT4-fs error (device loop4): ext4_validate_block_bitmap:440: comm syz.4.310: bg 0: block 248: padding at end of block bitmap is not set [ 228.053396][ T7014] Quota error (device loop4): write_blk: dquota write failed [ 228.061033][ T7014] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 228.073240][ T7014] EXT4-fs error (device loop4): ext4_acquire_dquot:6925: comm syz.4.310: Failed to acquire dquot type 1 [ 228.095348][ T7014] EXT4-fs (loop4): 1 truncate cleaned up [ 228.105592][ T7014] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 228.139524][ T7014] ext4 filesystem being mounted at /49/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 228.282080][ T8] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 228.431486][ T8] usb 1-1: device descriptor read/64, error -71 [ 228.698775][ T5835] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 229.421685][ T8] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 229.582288][ T8] usb 1-1: device descriptor read/64, error -71 [ 229.722185][ T8] usb usb1-port1: attempt power cycle [ 229.969701][ T7043] loop4: detected capacity change from 0 to 40427 [ 229.995724][ T7043] F2FS-fs (loop4): Insane cp_payload (553648128 >= 504) [ 230.002963][ T7043] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 230.011646][ T7043] F2FS-fs (loop4): build fault injection attr: rate: 17008, type: 0x1fffff [ 230.020952][ T7043] F2FS-fs (loop4): build fault injection attr: rate: 0, type: 0x1f8 [ 230.030778][ T7043] F2FS-fs (loop4): invalid crc value [ 230.076477][ T7043] F2FS-fs (loop4): Found nat_bits in checkpoint [ 230.142611][ T7043] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 230.149718][ T7043] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 230.295152][ T5835] syz-executor: attempt to access beyond end of device [ 230.295152][ T5835] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 230.346224][ T5835] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 230.532697][ T5975] usb 3-1: new full-speed USB device number 3 using dummy_hcd [ 230.782222][ T5975] usb 3-1: unable to get BOS descriptor or descriptor too short [ 230.903649][ T5975] usb 3-1: unable to read config index 0 descriptor/start: -71 [ 231.008045][ T5975] usb 3-1: can't read configurations, error -71 [ 231.108444][ T6740] Bluetooth: hci6: received HCILL_GO_TO_SLEEP_ACK in state 1 [ 231.128474][ T6740] Bluetooth: hci6: Frame reassembly failed (-84) [ 231.135114][ T6740] Bluetooth: hci6: Frame reassembly failed (-84) [ 231.161453][ T8] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 231.818220][ T8] usb 1-1: device descriptor read/8, error -71 [ 232.941588][ T5855] Bluetooth: hci6: Opcode 0x1003 failed: -110 [ 233.139535][ T7075] loop0: detected capacity change from 0 to 512 [ 234.458163][ T7084] loop4: detected capacity change from 0 to 22 [ 234.474122][ T7084] MTD: Attempt to mount non-MTD device "/dev/loop4" [ 234.491257][ T7084] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 234.514516][ T7075] EXT4-fs error (device loop0): ext4_validate_block_bitmap:440: comm syz.0.328: bg 0: block 248: padding at end of block bitmap is not set [ 234.585197][ T7075] Quota error (device loop0): write_blk: dquota write failed [ 234.634453][ T7075] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 234.667410][ T7075] EXT4-fs error (device loop0): ext4_acquire_dquot:6925: comm syz.0.328: Failed to acquire dquot type 1 [ 234.715158][ T7075] EXT4-fs (loop0): 1 truncate cleaned up [ 234.732379][ T7075] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 234.748710][ T7075] ext4 filesystem being mounted at /54/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 235.014690][ T7094] loop1: detected capacity change from 0 to 40427 [ 235.046157][ T7094] F2FS-fs (loop1): Insane cp_payload (553648128 >= 504) [ 235.053341][ T7094] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 235.062294][ T7094] F2FS-fs (loop1): build fault injection attr: rate: 17008, type: 0x1fffff [ 235.070940][ T7094] F2FS-fs (loop1): build fault injection attr: rate: 0, type: 0x1f8 [ 235.085053][ T7094] F2FS-fs (loop1): invalid crc value [ 235.125551][ T7094] F2FS-fs (loop1): Found nat_bits in checkpoint [ 235.261269][ T5832] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 235.656333][ T7094] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 235.663494][ T7094] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 236.876321][ T5901] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 236.886820][ T5837] syz-executor: attempt to access beyond end of device [ 236.886820][ T5837] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 236.922422][ T5837] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 237.025308][ T5901] usb 6-1: device descriptor read/64, error -71 [ 237.084061][ T2145] usb 1-1: new full-speed USB device number 8 using dummy_hcd [ 237.361716][ T5901] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 237.591839][ T5901] usb 6-1: device descriptor read/64, error -71 [ 238.011833][ T5901] usb usb6-port1: attempt power cycle [ 238.143174][ T2145] usb 1-1: unable to get BOS descriptor or descriptor too short [ 238.802070][ T2145] usb 1-1: unable to read config index 0 descriptor/start: -71 [ 238.851723][ T5901] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 238.852257][ T2145] usb 1-1: can't read configurations, error -71 [ 239.005506][ T7141] loop5: detected capacity change from 0 to 22 [ 239.052379][ T7141] MTD: Attempt to mount non-MTD device "/dev/loop5" [ 239.072705][ T7143] loop4: detected capacity change from 0 to 64 [ 239.091813][ T5901] usb 6-1: device not accepting address 10, error -71 [ 239.119893][ T7141] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 240.117110][ T7158] loop5: detected capacity change from 0 to 1024 [ 240.204773][ T7158] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (24866!=20869) [ 240.235143][ T7158] EXT4-fs (loop5): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 240.306285][ T7158] EXT4-fs (loop5): invalid journal inode [ 241.511458][ T7169] Unsupported ieee802154 address type: 0 [ 243.591498][ T2145] usb 6-1: new high-speed USB device number 12 using dummy_hcd [ 244.691679][ T2145] usb 6-1: Using ep0 maxpacket: 8 [ 244.921480][ T2145] usb 6-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 244.952302][ T2145] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 244.960329][ T2145] usb 6-1: Product: syz [ 245.035597][ T2145] usb 6-1: Manufacturer: syz [ 245.062207][ T2145] usb 6-1: SerialNumber: syz [ 245.088256][ T2145] usb 6-1: config 0 descriptor?? [ 245.313203][ T5902] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 245.363413][ T2145] usb 6-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 245.491653][ T5902] usb 1-1: device descriptor read/64, error -71 [ 245.557301][ T7195] loop4: detected capacity change from 0 to 22 [ 245.584986][ T7195] MTD: Attempt to mount non-MTD device "/dev/loop4" [ 245.620689][ T7195] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 245.731831][ T5902] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 245.892084][ T5902] usb 1-1: device descriptor read/64, error -71 [ 245.960515][ T7206] loop3: detected capacity change from 0 to 1024 [ 245.979888][ T7206] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (24866!=20869) [ 246.002170][ T7206] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 246.270416][ T5902] usb usb1-port1: attempt power cycle [ 246.309119][ T7206] EXT4-fs (loop3): invalid journal inode [ 246.621510][ T5902] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 246.724944][ T2145] dvb_usb_rtl28xxu 6-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 247.025771][ T2145] usb 6-1: USB disconnect, device number 12 [ 247.032101][ T5902] usb 1-1: device descriptor read/8, error -71 [ 247.051454][ T5901] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 247.391482][ T5902] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 247.457139][ T7216] Unsupported ieee802154 address type: 0 [ 247.474134][ T5901] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 247.563785][ T5901] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 247.622177][ T5901] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 247.968625][ T5901] usb 2-1: config 0 descriptor?? [ 248.924431][ T5901] keytouch 0003:0926:3333.0005: fixing up Keytouch IEC report descriptor [ 249.038438][ T5901] input: HID 0926:3333 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0926:3333.0005/input/input8 [ 249.116918][ T5902] usb 1-1: device descriptor read/8, error -71 [ 249.189771][ T5901] keytouch 0003:0926:3333.0005: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.1-1/input0 [ 249.248781][ T5901] usb 2-1: USB disconnect, device number 7 [ 249.251748][ T5902] usb usb1-port1: unable to enumerate USB device [ 249.281518][ T2145] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 249.465639][ T2145] usb 3-1: Using ep0 maxpacket: 16 [ 249.495802][ T2145] usb 3-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice=10.00 [ 249.514621][ T2145] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 249.541759][ T2145] usb 3-1: Product: syz [ 249.559608][ T2145] usb 3-1: Manufacturer: syz [ 249.575545][ T2145] usb 3-1: SerialNumber: syz [ 249.657548][ T2145] usb 3-1: config 0 descriptor?? [ 249.712024][ T2145] ftdi_sio 3-1:0.0: FTDI USB Serial Device converter detected [ 249.754671][ T2145] usb 3-1: Detected FT-X [ 249.913284][ T2145] ftdi_sio ttyUSB0: Unable to read latency timer: -32 [ 250.324664][ T2145] ftdi_sio 3-1:0.0: GPIO initialisation failed: -5 [ 250.337240][ T2145] usb 3-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 250.529375][ T2145] usb 3-1: USB disconnect, device number 5 [ 250.551918][ T2145] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 250.620010][ T2145] ftdi_sio 3-1:0.0: device disconnected [ 251.359554][ T7255] loop1: detected capacity change from 0 to 22 [ 251.392377][ T7255] MTD: Attempt to mount non-MTD device "/dev/loop1" [ 251.477736][ T7255] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 251.961032][ T7264] loop1: detected capacity change from 0 to 1024 [ 252.223460][ T7264] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (24866!=20869) [ 252.295700][ T7267] netlink: 444 bytes leftover after parsing attributes in process `syz.4.386'. [ 252.347680][ T7267] loop4: detected capacity change from 0 to 16 [ 252.400784][ T7267] erofs (device loop4): mounted with root inode @ nid 36. [ 252.783628][ T7264] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 252.843715][ T7264] EXT4-fs (loop1): invalid journal inode [ 253.267249][ T7271] befs: (nullb0): No write support. Marking filesystem read-only [ 253.278917][ T7271] befs: (nullb0): invalid magic header [ 253.384298][ T7272] Unsupported ieee802154 address type: 0 [ 254.209151][ T7274] loop4: detected capacity change from 0 to 64 [ 254.272900][ T7274] xt_l2tp: invalid flags combination: 8 [ 254.755950][ T7280] loop4: detected capacity change from 0 to 1024 [ 254.780918][ T5911] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 254.981524][ T5911] usb 3-1: device descriptor read/64, error -71 [ 255.231531][ T5911] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 255.431521][ T5911] usb 3-1: device descriptor read/64, error -71 [ 255.548575][ T5911] usb usb3-port1: attempt power cycle [ 255.756241][ T29] audit: type=1326 audit(1739171155.000:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7284 comm="syz.4.393" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f754158cde9 code=0x0 [ 255.936007][ T5911] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 256.005211][ T5911] usb 3-1: device descriptor read/8, error -71 [ 256.281752][ T5911] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 256.651732][ T5911] usb 3-1: device descriptor read/8, error -71 [ 256.901856][ T5911] usb usb3-port1: unable to enumerate USB device [ 257.876706][ T7307] netlink: 'syz.5.398': attribute type 10 has an invalid length. [ 257.930822][ T7307] 8021q: adding VLAN 0 to HW filter on device team0 [ 257.951663][ T7307] bond0: (slave team0): Enslaving as an active interface with an up link [ 258.602475][ T7305] fuse: Bad value for 'fd' [ 258.908834][ T7311] loop3: detected capacity change from 0 to 22 [ 258.987170][ T7311] MTD: Attempt to mount non-MTD device "/dev/loop3" [ 260.421948][ T7318] befs: (nullb0): No write support. Marking filesystem read-only [ 260.430002][ T7318] befs: (nullb0): invalid magic header [ 260.976814][ T7315] loop2: detected capacity change from 0 to 64 [ 261.010742][ T7311] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 261.020633][ T1291] ieee802154 phy0 wpan0: encryption failed: -22 [ 261.029287][ T7315] xt_l2tp: invalid flags combination: 8 [ 261.101734][ T1291] ieee802154 phy1 wpan1: encryption failed: -22 [ 261.275077][ T7325] virtio-fs: tag <(null)> not found [ 261.838468][ T7321] loop5: detected capacity change from 0 to 1024 [ 262.472947][ T7335] process 'syz.0.412' launched './file0' with NULL argv: empty string added [ 262.681492][ T29] audit: type=1326 audit(1739171161.910:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7337 comm="syz.5.411" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc6de78cde9 code=0x0 [ 263.878106][ T969] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 264.781416][ T969] usb 1-1: Using ep0 maxpacket: 8 [ 264.795747][ T969] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 264.818274][ T969] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 264.838893][ T969] usb 1-1: Product: syz [ 264.846965][ T969] usb 1-1: Manufacturer: syz [ 264.858358][ T969] usb 1-1: SerialNumber: syz [ 264.888194][ T969] usb 1-1: config 0 descriptor?? [ 265.234077][ T969] usb 1-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 265.468170][ T2145] libceph: connect (1)[c::]:6789 error -101 [ 265.575448][ T2145] libceph: mon0 (1)[c::]:6789 connect error [ 266.071827][ T7363] ceph: No mds server is up or the cluster is laggy [ 266.906608][ T7372] befs: (nullb0): No write support. Marking filesystem read-only [ 266.916478][ T7372] befs: (nullb0): invalid magic header [ 268.065112][ T969] dvb_usb_rtl28xxu 1-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 268.111966][ T969] usb 1-1: USB disconnect, device number 14 [ 268.132563][ T7381] loop5: detected capacity change from 0 to 64 [ 269.526066][ T7391] loop0: detected capacity change from 0 to 1024 [ 269.615468][ T29] audit: type=1326 audit(1739171168.870:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7389 comm="syz.5.427" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc6de78cde9 code=0x0 [ 273.909236][ T7423] befs: (nullb0): No write support. Marking filesystem read-only [ 273.917771][ T7423] befs: (nullb0): invalid magic header [ 274.350689][ T7447] loop1: detected capacity change from 0 to 1024 [ 274.429013][ T29] audit: type=1326 audit(1739171173.640:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7444 comm="syz.0.445" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4ea658cde9 code=0x0 [ 276.737252][ T7462] loop1: detected capacity change from 0 to 256 [ 276.841480][ T7462] exFAT-fs (loop1): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 277.114158][ T7460] loop3: detected capacity change from 0 to 1024 [ 278.803115][ T7478] loop4: detected capacity change from 0 to 16 [ 278.822430][ T7478] erofs (device loop4): mounted with root inode @ nid 36. [ 282.224709][ T5848] Bluetooth: hci4: command 0x0406 tx timeout [ 284.095368][ T29] audit: type=1326 audit(1739171183.350:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7501 comm="syz.5.462" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc6de78cde9 code=0x0 [ 288.852184][ T5848] Bluetooth: hci0: command 0x0406 tx timeout [ 290.376711][ T7555] loop3: detected capacity change from 0 to 40427 [ 290.406104][ T7555] F2FS-fs (loop3): Insane cp_payload (553648128 >= 504) [ 290.414378][ T7555] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 290.431984][ T7555] F2FS-fs (loop3): build fault injection attr: rate: 17008, type: 0x1fffff [ 290.440653][ T7555] F2FS-fs (loop3): build fault injection attr: rate: 0, type: 0x1f8 [ 290.820078][ T7555] F2FS-fs (loop3): invalid crc value [ 291.826506][ T7555] F2FS-fs (loop3): Failed to initialize F2FS segment manager (-4) [ 292.626536][ T7573] loop0: detected capacity change from 0 to 64 [ 292.720753][ T29] audit: type=1326 audit(1739171191.970:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7574 comm="syz.3.482" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9e8958cde9 code=0x0 [ 294.384682][ T5975] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 295.461710][ T5975] usb 2-1: Using ep0 maxpacket: 8 [ 295.470961][ T5975] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 295.481418][ T5975] usb 2-1: config 0 has no interfaces? [ 295.490779][ T5975] usb 2-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b [ 295.778107][ T5975] usb 2-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3 [ 295.811759][ T5975] usb 2-1: Product: syz [ 295.815962][ T5975] usb 2-1: Manufacturer: syz [ 295.864416][ T5975] usb 2-1: SerialNumber: syz [ 295.912481][ T5975] usb 2-1: config 0 descriptor?? [ 296.383596][ T969] usb 2-1: USB disconnect, device number 8 [ 296.422268][ T7609] loop5: detected capacity change from 0 to 40427 [ 296.429997][ T7609] F2FS-fs (loop5): Insane cp_payload (553648128 >= 504) [ 296.438242][ T7609] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 296.447870][ T7609] F2FS-fs (loop5): build fault injection attr: rate: 17008, type: 0x1fffff [ 296.456623][ T7609] F2FS-fs (loop5): build fault injection attr: rate: 0, type: 0x1f8 [ 296.472240][ T7609] F2FS-fs (loop5): invalid crc value [ 296.718312][ T7609] F2FS-fs (loop5): Found nat_bits in checkpoint [ 296.988316][ T7609] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 296.995522][ T7609] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 297.706207][ T5848] Bluetooth: hci0: command 0x0406 tx timeout [ 298.467999][ T5843] syz-executor: attempt to access beyond end of device [ 298.467999][ T5843] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 298.503538][ T5843] F2FS-fs (loop5): Stopped filesystem due to reason: 3 [ 298.540007][ T7614] loop4: detected capacity change from 0 to 4096 [ 299.520314][ T29] audit: type=1326 audit(1739171198.770:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7632 comm="syz.2.502" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa95838cde9 code=0x0 [ 304.272475][ T5911] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 304.583687][ T7667] loop3: detected capacity change from 0 to 40427 [ 304.619042][ T7667] F2FS-fs (loop3): Insane cp_payload (553648128 >= 504) [ 304.627208][ T7667] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 304.635806][ T7667] F2FS-fs (loop3): build fault injection attr: rate: 17008, type: 0x1fffff [ 304.644492][ T7667] F2FS-fs (loop3): build fault injection attr: rate: 0, type: 0x1f8 [ 304.654223][ T7667] F2FS-fs (loop3): invalid crc value [ 304.674122][ T7667] F2FS-fs (loop3): Found nat_bits in checkpoint [ 304.944414][ T5911] usb 3-1: Using ep0 maxpacket: 8 [ 305.070660][ T5848] Bluetooth: hci1: command 0x0406 tx timeout [ 305.217699][ T7667] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 305.224921][ T7667] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 305.893634][ T5911] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 305.933155][ T5911] usb 3-1: config 0 has no interfaces? [ 306.127148][ T5911] usb 3-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b [ 306.163474][ T5911] usb 3-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3 [ 306.227139][ T5911] usb 3-1: Product: syz [ 306.318535][ T5911] usb 3-1: Manufacturer: syz [ 306.327583][ T5911] usb 3-1: SerialNumber: syz [ 306.340335][ T5911] usb 3-1: config 0 descriptor?? [ 306.679375][ T5834] syz-executor: attempt to access beyond end of device [ 306.679375][ T5834] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 306.717635][ T5834] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 306.729709][ T5911] usb 3-1: USB disconnect, device number 10 [ 307.718288][ T7690] fuse: Bad value for 'fd' [ 307.823572][ T29] audit: type=1326 audit(1739171207.080:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7691 comm="syz.2.521" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa95838cde9 code=0x0 [ 311.182621][ T5848] Bluetooth: hci3: command 0x0406 tx timeout [ 311.331031][ T7714] fuse: Bad value for 'fd' [ 313.911587][ T8] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 314.081501][ T8] usb 1-1: Using ep0 maxpacket: 8 [ 314.103687][ T8] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 314.180560][ T8] usb 1-1: config 0 has no interfaces? [ 314.343455][ T8] usb 1-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b [ 314.624282][ T8] usb 1-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3 [ 314.722787][ T8] usb 1-1: Product: syz [ 314.727027][ T8] usb 1-1: Manufacturer: syz [ 314.769332][ T8] usb 1-1: SerialNumber: syz [ 314.805318][ T8] usb 1-1: config 0 descriptor?? [ 314.839652][ T7744] fuse: Bad value for 'fd' [ 315.961456][ T29] audit: type=1326 audit(1739171215.200:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7750 comm="syz.4.536" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f754158cde9 code=0x0 [ 317.286307][ T7760] loop1: detected capacity change from 0 to 16 [ 317.294906][ T7760] erofs (device loop1): mounted with root inode @ nid 36. [ 318.221970][ T46] usb 1-1: USB disconnect, device number 15 [ 318.284298][ T7764] fuse: Bad value for 'fd' [ 319.041636][ T5848] Bluetooth: hci1: command 0x0406 tx timeout [ 319.215899][ T7762] netlink: 4 bytes leftover after parsing attributes in process `syz.2.539'. [ 319.633920][ T7779] loop0: detected capacity change from 0 to 64 [ 320.975593][ T7786] loop3: detected capacity change from 0 to 64 [ 321.069264][ T7790] loop5: detected capacity change from 0 to 22 [ 321.501245][ T7790] MTD: Attempt to mount non-MTD device "/dev/loop5" [ 321.561493][ T7790] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 321.870776][ T1291] ieee802154 phy0 wpan0: encryption failed: -22 [ 321.881482][ T1291] ieee802154 phy1 wpan1: encryption failed: -22 [ 324.709426][ T7816] fuse: Bad value for 'fd' [ 324.775340][ T29] audit: type=1326 audit(1739171224.010:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7809 comm="syz.3.554" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9e8958cde9 code=0x0 [ 325.145163][ T7821] loop5: detected capacity change from 0 to 16 [ 325.233703][ T7821] erofs (device loop5): mounted with root inode @ nid 36. [ 325.826026][ T7823] befs: (nullb0): No write support. Marking filesystem read-only [ 325.834135][ T7823] befs: (nullb0): invalid magic header [ 328.473744][ T7841] loop1: detected capacity change from 0 to 64 [ 328.517748][ T7841] minix filesystem being mounted at /85/bus supports timestamps until 2106-02-07 (0xffffffff) [ 328.837479][ T7844] loop3: detected capacity change from 0 to 1024 [ 329.616119][ T7844] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 329.885956][ T7844] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:482: comm syz.3.564: Invalid block bitmap block 0 in block_group 0 [ 329.902127][ T7844] Quota error (device loop3): write_blk: dquota write failed [ 329.909542][ T7844] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 329.922179][ T7844] EXT4-fs error (device loop3): ext4_acquire_dquot:6925: comm syz.3.564: Failed to acquire dquot type 0 [ 329.948241][ T7844] EXT4-fs error (device loop3): ext4_free_blocks:6588: comm syz.3.564: Freeing blocks not in datazone - block = 0, count = 4096 [ 329.968383][ T7844] EXT4-fs error (device loop3): ext4_read_inode_bitmap:138: comm syz.3.564: Invalid inode bitmap blk 0 in block_group 0 [ 330.262084][ T7844] EXT4-fs error (device loop3) in ext4_free_inode:361: Corrupt filesystem [ 330.279848][ T7844] EXT4-fs (loop3): 1 orphan inode deleted [ 330.286957][ T7844] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 331.171853][ T52] Quota error (device loop3): do_check_range: Getting block 0 out of range 1-8 [ 331.181110][ T52] EXT4-fs error (device loop3): ext4_release_dquot:6948: comm kworker/u8:3: Failed to release dquot type 0 [ 331.304296][ T5834] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 331.527069][ T7861] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 331.867921][ T7867] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 334.773678][ T7886] loop5: detected capacity change from 0 to 16 [ 334.816007][ T7886] erofs (device loop5): mounted with root inode @ nid 36. [ 335.235728][ T7890] loop0: detected capacity change from 0 to 512 [ 335.355387][ T7890] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 335.376322][ T7890] ext4 filesystem being mounted at /98/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 335.460842][ T29] audit: type=1326 audit(6034138530.702:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7884 comm="syz.1.576" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f186b98cde9 code=0x0 [ 335.565878][ T7903] loop3: detected capacity change from 0 to 64 [ 335.664379][ T7903] minix filesystem being mounted at /109/bus supports timestamps until 2106-02-07 (0xffffffff) [ 337.053220][ T5832] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 337.541777][ T7914] loop1: detected capacity change from 0 to 4096 [ 337.561942][ T7914] ntfs3(loop1): Different NTFS sector size (4096) and media sector size (512). [ 337.821485][ T7914] ntfs3(loop1): ino=1a, mi_enum_attr [ 337.827122][ T7914] ntfs3(loop1): Mark volume as dirty due to NTFS errors [ 337.838714][ T7914] ntfs3(loop1): Failed to initialize $Extend/$ObjId. [ 340.492292][ T7935] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 341.752451][ T7942] befs: (nullb0): No write support. Marking filesystem read-only [ 341.760427][ T7942] befs: (nullb0): invalid magic header [ 342.205621][ T7931] loop1: detected capacity change from 0 to 32768 [ 342.545240][ T7950] loop4: detected capacity change from 0 to 512 [ 342.565526][ T7931] read_mapping_page failed! [ 342.574869][ T7931] jfs_mount: dbMount failed w/rc = -5 [ 342.655531][ T7931] Mount JFS Failure: -5 [ 343.247171][ T7950] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 343.321632][ T7950] ext4 filesystem being mounted at /96/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 343.395541][ T29] audit: type=1326 audit(6034138538.652:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7952 comm="syz.3.595" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9e8958cde9 code=0x0 [ 343.723718][ T5835] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 344.534562][ T7983] loop3: detected capacity change from 0 to 1024 [ 344.876779][ T7986] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 348.077810][ T8014] loop3: detected capacity change from 0 to 512 [ 349.276008][ T8014] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 349.351709][ T8014] ext4 filesystem being mounted at /114/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 349.458793][ T8023] loop1: detected capacity change from 0 to 256 [ 349.577608][ T8023] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d) [ 349.672097][ T8023] exfat filesystem being mounted at /92/file0 supports timestamps until 2107-12-31 (0x10391447f) [ 349.737269][ T5834] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 350.683759][ T29] audit: type=1326 audit(6034138545.942:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8030 comm="syz.4.616" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f754158cde9 code=0x0 [ 352.190260][ T8051] loop4: detected capacity change from 0 to 1024 [ 354.488648][ T8064] loop4: detected capacity change from 0 to 40427 [ 354.499412][ T8064] F2FS-fs (loop4): Insane cp_payload (553648128 >= 504) [ 354.506474][ T8064] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 354.518717][ T8064] F2FS-fs (loop4): build fault injection attr: rate: 17008, type: 0x1fffff [ 354.527422][ T8064] F2FS-fs (loop4): Unrecognized mount option "faudt_type=00000000000000000770" or missing value [ 354.942945][ T8062] syz.1.625 (8062): drop_caches: 2 [ 355.148716][ T8072] loop4: detected capacity change from 0 to 1024 [ 355.679819][ T8072] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 355.852025][ T5835] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 357.161484][ T29] audit: type=1326 audit(6034138552.392:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8091 comm="syz.1.634" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f186b98cde9 code=0x0 [ 358.319113][ T8110] loop3: detected capacity change from 0 to 16 [ 358.327086][ T8110] erofs (device loop3): mounted with root inode @ nid 36. [ 358.418477][ T8110] erofs (device loop3): bogus lookback distance 1388 @ lcn 42 of nid 36 [ 358.505571][ T8110] erofs (device loop3): failed to decompress -24 in[52, 4044] out[1851] [ 358.514687][ T8110] erofs (device loop3): read error -117 @ 43 of nid 36 [ 359.177380][ T8114] erofs (device loop3): bogus lookback distance 1388 @ lcn 42 of nid 36 [ 359.191535][ T8114] erofs (device loop3): failed to decompress -24 in[52, 4044] out[1851] [ 359.200402][ T8114] erofs (device loop3): read error -117 @ 43 of nid 36 [ 360.538588][ T8110] syz.3.639 (8110): drop_caches: 2 [ 360.707751][ T8120] loop1: detected capacity change from 0 to 1024 [ 360.861935][ T8122] loop4: detected capacity change from 0 to 1764 [ 361.173155][ T8125] iso9660: Corrupted directory entry in block 2 of inode 1920 [ 362.097204][ T8139] loop5: detected capacity change from 0 to 64 [ 362.128408][ T8139] minix filesystem being mounted at /103/bus supports timestamps until 2106-02-07 (0xffffffff) [ 362.607538][ T5911] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 363.513475][ T5911] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 363.651646][ T5911] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 363.660756][ T5911] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 363.695953][ T5911] usb 4-1: config 0 descriptor?? [ 363.841575][ T29] audit: type=1326 audit(6034138559.082:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8148 comm="syz.4.651" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f754158cde9 code=0x0 [ 364.132505][ T5911] keytouch 0003:0926:3333.0006: fixing up Keytouch IEC report descriptor [ 365.112687][ T5911] input: HID 0926:3333 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0926:3333.0006/input/input9 [ 365.894016][ T5911] keytouch 0003:0926:3333.0006: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.3-1/input0 [ 366.124537][ T5911] usb 4-1: USB disconnect, device number 8 [ 367.699698][ T8178] loop5: detected capacity change from 0 to 1024 [ 367.924177][ T8183] loop3: detected capacity change from 0 to 512 [ 367.968685][ T8183] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 368.062270][ T8183] EXT4-fs (loop3): 1 truncate cleaned up [ 368.068961][ T8183] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 368.114963][ T29] audit: type=1800 audit(6034138563.372:18): pid=8183 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.661" name="bus" dev="loop3" ino=18 res=0 errno=0 [ 369.309796][ T5834] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 370.538892][ T8206] loop5: detected capacity change from 0 to 64 [ 370.547452][ T8206] minix filesystem being mounted at /107/bus supports timestamps until 2106-02-07 (0xffffffff) [ 372.895922][ T8226] mkiss: ax0: crc mode is auto. [ 374.373433][ T29] audit: type=1326 audit(6034138569.622:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8216 comm="syz.2.671" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa95838cde9 code=0x0 [ 374.621481][ T5901] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 374.787052][ T5901] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 374.814266][ T5901] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 374.851074][ T5901] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 374.882455][ T5901] usb 5-1: config 0 descriptor?? [ 374.940945][ T8243] loop2: detected capacity change from 0 to 256 [ 375.405063][ T8251] mkiss: ax0: crc mode is auto. [ 375.419111][ T8251] misc userio: Invalid payload size [ 375.524050][ T8252] misc userio: Invalid payload size [ 376.587106][ T5901] keytouch 0003:0926:3333.0007: fixing up Keytouch IEC report descriptor [ 376.598538][ T5901] input: HID 0926:3333 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0926:3333.0007/input/input10 [ 376.636817][ T8243] vfat filesystem being mounted at /106/file0 supports timestamps until 2107-12-31 (0x10391447e) [ 377.173774][ T8257] hub 2-0:1.0: USB hub found [ 377.181706][ T8257] hub 2-0:1.0: 1 port detected [ 378.784687][ T5901] keytouch 0003:0926:3333.0007: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.4-1/input0 [ 378.846402][ T5901] usb 5-1: USB disconnect, device number 6 [ 379.498171][ T8264] befs: (nullb0): No write support. Marking filesystem read-only [ 379.506236][ T8264] befs: (nullb0): invalid magic header [ 379.566843][ T8271] loop4: detected capacity change from 0 to 64 [ 379.575535][ T8271] minix filesystem being mounted at /114/bus supports timestamps until 2106-02-07 (0xffffffff) [ 381.165693][ T8286] bridge0: port 3(vlan2) entered blocking state [ 381.205108][ T8286] bridge0: port 3(vlan2) entered disabled state [ 381.224795][ T8286] vlan2: entered allmulticast mode [ 381.240926][ T8286] bridge0: entered allmulticast mode [ 381.270174][ T8286] vlan2: left allmulticast mode [ 381.282566][ T8286] bridge0: left allmulticast mode [ 381.318923][ T29] audit: type=1326 audit(6034138576.572:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8287 comm="syz.5.691" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc6de78cde9 code=0x0 [ 382.933715][ T8278] syz.0.687 (8278): drop_caches: 2 [ 383.235257][ T8321] loop5: detected capacity change from 0 to 64 [ 383.241500][ T5911] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 383.258165][ T1291] ieee802154 phy0 wpan0: encryption failed: -22 [ 383.265277][ T1291] ieee802154 phy1 wpan1: encryption failed: -22 [ 383.324185][ T8321] minix filesystem being mounted at /114/bus supports timestamps until 2106-02-07 (0xffffffff) [ 383.423796][ T5911] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 383.670770][ T5911] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 384.518191][ T5911] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 384.567433][ T5911] usb 5-1: config 0 descriptor?? [ 384.966197][ T8334] mkiss: ax0: crc mode is auto. [ 384.979215][ T8334] misc userio: Invalid payload size [ 386.933124][ T5911] usbhid 5-1:0.0: can't add hid device: -71 [ 386.979806][ T5911] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 387.103960][ T5911] usb 5-1: USB disconnect, device number 7 [ 387.344127][ T8347] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem [ 389.012916][ T29] audit: type=1326 audit(6034138584.272:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8351 comm="syz.3.710" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9e8958cde9 code=0x0 [ 389.302163][ T8363] mkiss: ax0: crc mode is auto. [ 390.636153][ T8365] loop4: detected capacity change from 0 to 16 [ 390.683973][ T8365] erofs (device loop4): mounted with root inode @ nid 36. [ 390.839780][ T8365] erofs (device loop4): bogus lookback distance 1388 @ lcn 42 of nid 36 [ 390.855136][ T8365] erofs (device loop4): failed to decompress -24 in[52, 4044] out[1851] [ 390.878384][ T8365] erofs (device loop4): read error -117 @ 43 of nid 36 [ 391.847956][ T8377] loop1: detected capacity change from 0 to 64 [ 391.860974][ T8375] loop5: detected capacity change from 0 to 1024 [ 391.906345][ T8377] minix filesystem being mounted at /111/bus supports timestamps until 2106-02-07 (0xffffffff) [ 392.134384][ T8365] syz.4.714 (8365): drop_caches: 2 [ 393.621537][ T25] usb 6-1: new high-speed USB device number 13 using dummy_hcd [ 394.025261][ T25] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 394.067110][ T8331] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 394.085647][ T25] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 394.142385][ T8407] mkiss: ax0: crc mode is auto. [ 394.157835][ T8407] misc userio: Invalid payload size [ 394.348538][ T25] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 394.461599][ T8331] usb 2-1: Using ep0 maxpacket: 8 [ 394.824951][ T8331] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 7 [ 394.854392][ T25] usb 6-1: config 0 descriptor?? [ 394.899313][ T8331] usb 2-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b [ 394.939481][ T8331] usb 2-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3 [ 394.983232][ T8331] usb 2-1: Product: syz [ 395.006692][ T8331] usb 2-1: Manufacturer: syz [ 395.028399][ T8331] usb 2-1: SerialNumber: syz [ 395.414650][ T8331] usb 2-1: palm_os_3_probe - error -110 getting connection information [ 395.438389][ T25] keytouch 0003:0926:3333.0008: fixing up Keytouch IEC report descriptor [ 395.448997][ T8331] visor 2-1:1.0: probe with driver visor failed with error -110 [ 395.544846][ T25] input: HID 0926:3333 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:0926:3333.0008/input/input12 [ 395.883902][ T25] keytouch 0003:0926:3333.0008: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.5-1/input0 [ 396.137211][ T25] usb 6-1: USB disconnect, device number 13 [ 397.274980][ T8331] usb 2-1: USB disconnect, device number 9 [ 397.356698][ T8427] loop5: detected capacity change from 0 to 1024 [ 397.652410][ T8435] loop4: detected capacity change from 0 to 16 [ 397.698432][ T8435] erofs (device loop4): mounted with root inode @ nid 36. [ 399.376788][ T8435] syz.4.737 (8435): drop_caches: 2 [ 399.816326][ T8460] Unsupported ieee802154 address type: 0 [ 401.131261][ T8473] loop5: detected capacity change from 0 to 64 [ 401.369069][ T8473] minix filesystem being mounted at /122/bus supports timestamps until 2106-02-07 (0xffffffff) [ 401.492035][ T8331] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 401.811497][ T8331] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 401.837003][ T8331] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 402.083675][ T8331] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 402.844081][ T8331] usb 2-1: config 0 descriptor?? [ 403.166432][ T5899] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 403.319992][ T8331] keytouch 0003:0926:3333.0009: fixing up Keytouch IEC report descriptor [ 403.467814][ T8331] input: HID 0926:3333 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0926:3333.0009/input/input13 [ 403.531492][ T5899] usb 3-1: Using ep0 maxpacket: 8 [ 403.611325][ T5899] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 7 [ 403.776528][ T5899] usb 3-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b [ 403.834785][ T5899] usb 3-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3 [ 403.848535][ T8484] loop3: detected capacity change from 0 to 1024 [ 403.853241][ T5899] usb 3-1: Product: syz [ 403.876379][ T8331] keytouch 0003:0926:3333.0009: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.1-1/input0 [ 403.934142][ T5899] usb 3-1: Manufacturer: syz [ 403.938821][ T5899] usb 3-1: SerialNumber: syz [ 404.031475][ T8331] usb 2-1: USB disconnect, device number 10 [ 404.282230][ T5899] usb 3-1: palm_os_3_probe - error -32 getting connection information [ 404.300546][ T8491] loop5: detected capacity change from 0 to 64 [ 404.317117][ T5899] visor 3-1:1.0: probe with driver visor failed with error -32 [ 404.345354][ T8491] minix filesystem being mounted at /124/bus supports timestamps until 2106-02-07 (0xffffffff) [ 407.052270][ T8] usb 3-1: USB disconnect, device number 11 [ 411.132054][ T5848] Bluetooth: hci5: Malformed MSFT vendor event: 0x02 [ 411.604806][ T8525] loop1: detected capacity change from 0 to 64 [ 411.642608][ T8525] minix filesystem being mounted at /117/bus supports timestamps until 2106-02-07 (0xffffffff) [ 412.129308][ T8527] befs: (nullb0): No write support. Marking filesystem read-only [ 412.137281][ T8527] befs: (nullb0): invalid magic header [ 413.714245][ T8545] Unsupported ieee802154 address type: 0 [ 414.725379][ T8547] loop1: detected capacity change from 0 to 1024 [ 416.373057][ T8116] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 417.574893][ T8116] usb 3-1: Using ep0 maxpacket: 8 [ 417.592040][ T8116] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 7 [ 417.603450][ T8116] usb 3-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b [ 417.612758][ T8116] usb 3-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3 [ 417.620862][ T8116] usb 3-1: Product: syz [ 417.671672][ T8116] usb 3-1: Manufacturer: syz [ 417.694816][ T8116] usb 3-1: SerialNumber: syz [ 417.936763][ T8116] usb 3-1: palm_os_3_probe - error -32 getting connection information [ 417.957706][ T8116] visor 3-1:1.0: probe with driver visor failed with error -32 [ 418.329535][ T8584] netlink: 'syz.0.780': attribute type 12 has an invalid length. [ 420.676645][ T8599] loop4: detected capacity change from 0 to 128 [ 421.181790][ T969] usb 3-1: USB disconnect, device number 12 [ 421.563749][ T8606] netlink: 4 bytes leftover after parsing attributes in process `syz.5.788'. [ 421.612212][ T8611] loop2: detected capacity change from 0 to 1024 [ 421.974307][ T8618] Unsupported ieee802154 address type: 0 [ 423.390987][ T8625] loop5: detected capacity change from 0 to 4096 [ 423.796581][ T8625] ntfs3(loop5): Different NTFS sector size (2048) and media sector size (512). [ 425.070613][ T8646] loop4: detected capacity change from 0 to 512 [ 425.110559][ T8646] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 425.141743][ T8646] ext4 filesystem being mounted at /133/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 425.199488][ T8644] loop3: detected capacity change from 0 to 4096 [ 425.215129][ T8646] EXT4-fs error (device loop4): ext4_do_update_inode:5154: inode #2: comm syz.4.800: corrupted inode contents [ 425.229334][ T8644] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512). [ 425.244522][ T8646] EXT4-fs error (device loop4): ext4_dirty_inode:6042: inode #2: comm syz.4.800: mark_inode_dirty error [ 425.286822][ T5911] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 425.339776][ T8646] EXT4-fs error (device loop4): ext4_do_update_inode:5154: inode #2: comm syz.4.800: corrupted inode contents [ 425.592295][ T8646] EXT4-fs error (device loop4): __ext4_ext_dirty:207: inode #2: comm syz.4.800: mark_inode_dirty error [ 425.621523][ T5911] usb 2-1: Using ep0 maxpacket: 8 [ 426.290413][ T5911] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 7 [ 426.299527][ T29] audit: type=1800 audit(6034138621.542:22): pid=8657 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.799" name="file1" dev="loop3" ino=30 res=0 errno=0 [ 426.441094][ T5911] usb 2-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b [ 426.460700][ T5911] usb 2-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3 [ 426.501494][ T5911] usb 2-1: Product: syz [ 426.505733][ T5911] usb 2-1: Manufacturer: syz [ 426.539230][ T5911] usb 2-1: SerialNumber: syz [ 426.679483][ T5835] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 426.793905][ T5911] usb 2-1: palm_os_3_probe - error -32 getting connection information [ 426.829896][ T5911] visor 2-1:1.0: probe with driver visor failed with error -32 [ 426.894352][ T8668] tmpfs: Bad value for 'mpol' [ 428.316779][ T5974] usb 2-1: USB disconnect, device number 11 [ 429.350441][ T8691] Unsupported ieee802154 address type: 0 [ 430.661685][ T8695] loop5: detected capacity change from 0 to 512 [ 430.724161][ T8695] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 430.779594][ T8695] ext4 filesystem being mounted at /134/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 431.844988][ T5843] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 433.283680][ T8725] loop3: detected capacity change from 0 to 64 [ 433.325658][ T8725] minix filesystem being mounted at /148/bus supports timestamps until 2106-02-07 (0xffffffff) [ 433.701527][ T8331] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 433.713018][ T8730] loop2: detected capacity change from 0 to 1024 [ 433.740991][ T8730] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 434.408600][ T29] audit: type=1800 audit(6034138629.662:23): pid=8730 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.824" name="bus" dev="loop2" ino=18 res=0 errno=0 [ 434.481552][ T8331] usb 5-1: Using ep0 maxpacket: 8 [ 435.164548][ T8331] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 7 [ 435.195308][ T8730] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1217: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 435.255645][ T8331] usb 5-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b [ 435.275572][ T8730] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 4 with error 28 [ 435.301504][ T8331] usb 5-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3 [ 435.309640][ T8331] usb 5-1: Product: syz [ 435.330654][ T8331] usb 5-1: Manufacturer: syz [ 435.361519][ T8730] EXT4-fs (loop2): This should not happen!! Data will be lost [ 435.361519][ T8730] [ 435.376037][ T8331] usb 5-1: SerialNumber: syz [ 435.507879][ T8730] EXT4-fs (loop2): Total free blocks count 0 [ 435.514038][ T8730] EXT4-fs (loop2): Free/Dirty block details [ 435.520068][ T8730] EXT4-fs (loop2): free_blocks=68451041280 [ 435.525997][ T8730] EXT4-fs (loop2): dirty_blocks=64 [ 435.531141][ T8730] EXT4-fs (loop2): Block reservation details [ 435.537213][ T8730] EXT4-fs (loop2): i_reserved_data_blocks=4 [ 435.544525][ T8730] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 436.019060][ T8331] usb 5-1: palm_os_3_probe - error -32 getting connection information [ 436.051568][ T8331] visor 5-1:1.0: probe with driver visor failed with error -32 [ 437.210542][ T8764] Unsupported ieee802154 address type: 0 [ 437.878742][ T5901] usb 5-1: USB disconnect, device number 8 [ 438.150436][ T8773] ALSA: mixer_oss: invalid OSS volume '' [ 438.422482][ T8777] mkiss: ax0: crc mode is auto. [ 438.442109][ T8777] misc userio: Invalid payload size [ 438.571201][ T8778] misc userio: Invalid payload size [ 439.513001][ T8786] netlink: 68 bytes leftover after parsing attributes in process `syz.0.838'. [ 442.641705][ T8116] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 442.828641][ T8116] usb 4-1: Using ep0 maxpacket: 8 [ 442.842143][ T8116] usb 4-1: New USB device found, idVendor=04b4, idProduct=8613, bcdDevice=95.8f [ 442.871593][ T8116] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 442.901442][ T8116] usb 4-1: Product: syz [ 442.905667][ T8116] usb 4-1: Manufacturer: syz [ 442.910293][ T8116] usb 4-1: SerialNumber: syz [ 442.960262][ T8116] usb 4-1: config 0 descriptor?? [ 443.006238][ T8116] usbtest 4-1:0.0: FX2 device [ 443.033278][ T8116] usbtest 4-1:0.0: high-speed {control bulk-in bulk-out} tests (+alt) [ 443.264320][ T8331] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 443.817282][ T8814] ALSA: mixer_oss: invalid OSS volume '' [ 443.823279][ T8331] usb 1-1: Using ep0 maxpacket: 8 [ 443.839275][ T8331] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 7 [ 443.875175][ T8331] usb 1-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b [ 443.907257][ T8331] usb 1-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3 [ 443.941771][ T8331] usb 1-1: Product: syz [ 443.963817][ T8331] usb 1-1: Manufacturer: syz [ 443.984353][ T8331] usb 1-1: SerialNumber: syz [ 444.251568][ T8331] usb 1-1: Invalid connection information received from device [ 444.352632][ T5901] usb 4-1: USB disconnect, device number 9 [ 444.660622][ T8826] loop5: detected capacity change from 0 to 16 [ 444.682780][ T8826] erofs (device loop5): mounted with root inode @ nid 36. [ 444.753585][ T1291] ieee802154 phy0 wpan0: encryption failed: -22 [ 444.760084][ T1291] ieee802154 phy1 wpan1: encryption failed: -22 [ 445.763357][ T8834] Unsupported ieee802154 address type: 0 [ 446.251179][ T8829] loop3: detected capacity change from 0 to 1024 [ 446.986385][ T8] usb 1-1: USB disconnect, device number 16 [ 447.767978][ T8860] mkiss: ax0: crc mode is auto. [ 447.789461][ T8860] misc userio: Invalid payload size [ 447.907039][ T8861] misc userio: Invalid payload size [ 448.658878][ T8855] ALSA: mixer_oss: invalid OSS volume '' [ 449.591330][ T8870] befs: (nullb0): No write support. Marking filesystem read-only [ 449.790649][ T8870] befs: (nullb0): invalid magic header [ 450.381520][ T8879] netlink: 660 bytes leftover after parsing attributes in process `syz.4.867'. [ 450.499499][ T8880] loop4: detected capacity change from 0 to 16 [ 451.270138][ T8880] erofs (device loop4): mounted with root inode @ nid 36. [ 452.296578][ T5901] usb 6-1: new high-speed USB device number 14 using dummy_hcd [ 453.591509][ T5901] usb 6-1: Using ep0 maxpacket: 8 [ 453.616255][ T5901] usb 6-1: device descriptor read/all, error -71 [ 454.375761][ T8910] Unsupported ieee802154 address type: 0 [ 455.237435][ T8917] netlink: 4 bytes leftover after parsing attributes in process `syz.5.881'. [ 456.326538][ T8926] mkiss: ax0: crc mode is auto. [ 456.344569][ T8926] misc userio: Invalid payload size [ 456.457443][ T8927] misc userio: Invalid payload size [ 457.739142][ T5899] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 457.852305][ T8939] netlink: 660 bytes leftover after parsing attributes in process `syz.3.883'. [ 457.977765][ T8940] loop3: detected capacity change from 0 to 16 [ 458.761752][ T8940] erofs (device loop3): mounted with root inode @ nid 36. [ 459.021455][ T5899] usb 1-1: Using ep0 maxpacket: 8 [ 459.034404][ T5899] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 7 [ 459.043426][ T8937] netlink: 4 bytes leftover after parsing attributes in process `syz.4.885'. [ 459.053167][ T8937] bridge_slave_1: left allmulticast mode [ 459.058812][ T8937] bridge_slave_1: left promiscuous mode [ 459.065222][ T8937] bridge0: port 2(bridge_slave_1) entered disabled state [ 459.077684][ T5899] usb 1-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b [ 459.095924][ T5899] usb 1-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3 [ 459.107040][ T8937] bridge_slave_0: left allmulticast mode [ 459.112824][ T8937] bridge_slave_0: left promiscuous mode [ 459.119114][ T8937] bridge0: port 1(bridge_slave_0) entered disabled state [ 459.136755][ T5899] usb 1-1: Product: syz [ 459.141036][ T5899] usb 1-1: Manufacturer: syz [ 459.180996][ T5899] usb 1-1: SerialNumber: syz [ 459.431899][ T5899] usb 1-1: Invalid connection information received from device [ 459.789580][ T8964] netlink: 4 bytes leftover after parsing attributes in process `syz.3.897'. [ 461.083813][ T8947] loop5: detected capacity change from 0 to 32768 [ 461.134082][ T969] usb 1-1: USB disconnect, device number 17 [ 462.299354][ T8947] JBD2: Ignoring recovery information on journal [ 462.512972][ T8985] befs: (nullb0): No write support. Marking filesystem read-only [ 462.520953][ T8985] befs: (nullb0): invalid magic header [ 462.542999][ T8974] netlink: 20 bytes leftover after parsing attributes in process `syz.2.900'. [ 464.448958][ T8947] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode. [ 464.812594][ T8992] netlink: 648 bytes leftover after parsing attributes in process `syz.0.904'. [ 465.942782][ T5843] ocfs2: Unmounting device (7,5) on (node local) [ 466.483147][ T9009] mkiss: ax0: crc mode is auto. [ 466.501793][ T9009] misc userio: Invalid payload size [ 466.617695][ T9010] misc userio: Invalid payload size [ 469.996001][ T5899] IPVS: starting estimator thread 0... [ 470.164242][ T9039] befs: (nullb0): No write support. Marking filesystem read-only [ 470.172278][ T9039] befs: (nullb0): invalid magic header [ 471.001533][ T9037] IPVS: using max 16 ests per chain, 38400 per kthread [ 471.390315][ T9047] netlink: 648 bytes leftover after parsing attributes in process `syz.0.920'. [ 473.490570][ T9064] ALSA: mixer_oss: invalid OSS volume '' [ 474.389574][ T9071] loop4: detected capacity change from 0 to 128 [ 474.414337][ T9071] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 474.446593][ T9071] ext4 filesystem being mounted at /152/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 474.867551][ T9084] befs: (nullb0): No write support. Marking filesystem read-only [ 474.876537][ T9084] befs: (nullb0): invalid magic header [ 476.552398][ T5835] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 477.204918][ T9099] netlink: 648 bytes leftover after parsing attributes in process `syz.0.936'. [ 478.142029][ T969] IPVS: starting estimator thread 0... [ 478.290421][ T9105] IPVS: using max 15 ests per chain, 36000 per kthread [ 479.081137][ T9118] mkiss: ax0: crc mode is auto. [ 479.954959][ T9117] loop3: detected capacity change from 0 to 64 [ 480.079488][ T9117] minix filesystem being mounted at /171/bus supports timestamps until 2106-02-07 (0xffffffff) [ 482.334813][ T9129] ptm ptm1: ldisc open failed (-12), clearing slot 1 [ 482.770396][ T9143] befs: (nullb0): No write support. Marking filesystem read-only [ 482.872554][ T9143] befs: (nullb0): invalid magic header [ 483.151205][ T9150] loop5: detected capacity change from 0 to 128 [ 485.034170][ T9160] netlink: 444 bytes leftover after parsing attributes in process `syz.1.954'. [ 485.147479][ T9162] loop1: detected capacity change from 0 to 16 [ 485.316960][ T9162] erofs (device loop1): mounted with root inode @ nid 36. [ 488.653754][ T9187] mkiss: ax0: crc mode is auto. [ 488.672606][ T9187] misc userio: Invalid payload size [ 488.793771][ T9188] misc userio: Invalid payload size [ 490.931559][ T9201] loop4: detected capacity change from 0 to 128 [ 491.482077][ T9205] loop5: detected capacity change from 0 to 64 [ 491.505542][ T9205] minix filesystem being mounted at /162/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2106-02-07 (0xffffffff) [ 491.542504][ T9205] xt_l2tp: invalid flags combination: 8 [ 494.421144][ T9222] mkiss: ax0: crc mode is auto. [ 496.272886][ T9243] loop2: detected capacity change from 0 to 22 [ 496.346740][ T9243] MTD: Attempt to mount non-MTD device "/dev/loop2" [ 496.910114][ T9243] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 496.982397][ T9247] loop4: detected capacity change from 0 to 64 [ 497.090732][ T9247] minix filesystem being mounted at /162/bus supports timestamps until 2106-02-07 (0xffffffff) [ 499.624826][ T9270] mkiss: ax0: crc mode is auto. [ 499.643210][ T9270] misc userio: Invalid payload size [ 499.770651][ T9271] misc userio: Invalid payload size [ 501.306980][ T9285] mkiss: ax0: crc mode is auto. [ 502.173868][ T9289] loop3: detected capacity change from 0 to 1024 [ 504.065008][ T9313] loop4: detected capacity change from 0 to 128 [ 506.133919][ T1291] ieee802154 phy0 wpan0: encryption failed: -22 [ 506.140261][ T1291] ieee802154 phy1 wpan1: encryption failed: -22 [ 507.862023][ T9337] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 510.089842][ T9363] Unsupported ieee802154 address type: 0 [ 511.765139][ T9370] loop4: detected capacity change from 0 to 128 [ 512.622760][ T9372] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 512.662144][ T9372] batadv_slave_0: entered promiscuous mode [ 513.134132][ T9381] mkiss: ax0: crc mode is auto. [ 513.152235][ T9381] misc userio: Invalid payload size [ 513.591606][ T9383] misc userio: Invalid payload size [ 517.451617][ T5855] Bluetooth: hci5: command 0x0406 tx timeout [ 518.231601][ T9407] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1031'. [ 518.291867][ T5902] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 518.654515][ T5902] usb 4-1: Using ep0 maxpacket: 32 [ 518.667733][ T5902] usb 4-1: config index 0 descriptor too short (expected 29220, got 36) [ 518.691695][ T5902] usb 4-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 518.738526][ T5902] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 518.784893][ T5902] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 518.799115][ T5902] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 518.810088][ T5902] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 518.823695][ T5902] usb 4-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 518.998647][ T9423] loop2: detected capacity change from 0 to 128 [ 519.608036][ T5902] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 519.624904][ T5902] usb 4-1: config 0 descriptor?? [ 519.897005][ T5902] usblp 4-1:0.0: usblp0: USB Bidirectional printer dev 10 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 519.951780][ T46] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 520.478415][ T5902] usb 4-1: USB disconnect, device number 10 [ 520.534701][ T5902] usblp0: removed [ 520.586741][ T9432] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1039'. [ 520.621815][ T46] usb 5-1: Using ep0 maxpacket: 32 [ 520.697438][ T46] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0 [ 520.752809][ T46] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 0 [ 520.846155][ T46] usb 5-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c [ 520.908343][ T46] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 521.190475][ T46] usb 5-1: Product: syz [ 521.263964][ T9439] Unsupported ieee802154 address type: 0 [ 522.010782][ T46] usb 5-1: Manufacturer: syz [ 522.034118][ T46] usb 5-1: SerialNumber: syz [ 522.084631][ T46] usb 5-1: config 0 descriptor?? [ 522.228259][ T46] usb 5-1: can't set config #0, error -71 [ 522.386553][ T46] usb 5-1: USB disconnect, device number 9 [ 523.575414][ T9443] input: syz0 as /devices/virtual/input/input15 [ 523.735089][ T9448] loop4: detected capacity change from 0 to 512 [ 523.896056][ T9448] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 524.001580][ T9448] ext4 filesystem being mounted at /173/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 524.137930][ T9456] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem [ 525.827738][ T5835] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 525.989859][ T9462] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 526.057445][ T9462] batadv_slave_0: entered promiscuous mode [ 527.366811][ T9477] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1053'. [ 527.395036][ T9476] loop2: detected capacity change from 0 to 22 [ 527.442176][ T9476] MTD: Attempt to mount non-MTD device "/dev/loop2" [ 527.494721][ T9476] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 529.582424][ T9499] loop1: detected capacity change from 0 to 512 [ 529.815396][ T9499] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 529.906503][ T9508] Unsupported ieee802154 address type: 0 [ 530.561832][ T9499] ext4 filesystem being mounted at /170/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 532.822692][ T5837] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 533.075874][ T9521] loop4: detected capacity change from 0 to 64 [ 533.204017][ T9521] minix filesystem being mounted at /176/bus supports timestamps until 2106-02-07 (0xffffffff) [ 535.174092][ T9532] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem [ 535.813981][ T9538] loop5: detected capacity change from 0 to 64 [ 535.841571][ T9537] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1068'. [ 535.888982][ T9538] minix filesystem being mounted at /183/bus supports timestamps until 2106-02-07 (0xffffffff) [ 539.174006][ T9562] Unsupported ieee802154 address type: 0 [ 539.589792][ T9564] netlink: 444 bytes leftover after parsing attributes in process `syz.5.1076'. [ 539.720972][ T9565] loop5: detected capacity change from 0 to 16 [ 540.498054][ T9565] erofs (device loop5): mounted with root inode @ nid 36. [ 540.836850][ T9575] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 540.845767][ T9575] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 540.855146][ T9575] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 540.936446][ T9575] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 541.048624][ T9575] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 541.092752][ T9575] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 543.251703][ T5848] Bluetooth: hci0: command tx timeout [ 543.495432][ T9591] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1084'. [ 543.707084][ T9598] loop5: detected capacity change from 0 to 64 [ 543.728938][ T9573] chnl_net:caif_netlink_parms(): no params data found [ 543.754441][ T9598] minix filesystem being mounted at /186/bus supports timestamps until 2106-02-07 (0xffffffff) [ 544.689472][ T5843] syz-executor: attempt to access beyond end of device [ 544.689472][ T5843] loop5: rw=0, sector=1024, nr_sectors = 2 limit=64 [ 544.741721][ T5843] Buffer I/O error on dev loop5, logical block 512, async page read [ 544.749862][ T5843] syz-executor: attempt to access beyond end of device [ 544.749862][ T5843] loop5: rw=0, sector=113152, nr_sectors = 2 limit=64 [ 544.838523][ T5843] Buffer I/O error on dev loop5, logical block 56576, async page read [ 544.876544][ T9573] bridge0: port 1(bridge_slave_0) entered blocking state [ 544.879934][ T5843] Trying to free block not in datazone [ 545.128974][ T9573] bridge0: port 1(bridge_slave_0) entered disabled state [ 545.138823][ T5843] minix_free_block (loop5:21): bit already cleared [ 545.150320][ T5843] Bad inode number on dev loop5: 65085 is out of range [ 545.160861][ T5843] Bad inode number on dev loop5: 65085 is out of range [ 545.165210][ T9573] bridge_slave_0: entered allmulticast mode [ 545.244127][ T9622] netlink: 444 bytes leftover after parsing attributes in process `syz.1.1091'. [ 545.358525][ T9623] loop1: detected capacity change from 0 to 16 [ 546.118835][ T5848] Bluetooth: hci0: command tx timeout [ 546.172929][ T9573] bridge_slave_0: entered promiscuous mode [ 546.182063][ T9623] erofs (device loop1): mounted with root inode @ nid 36. [ 546.486001][ T9573] bridge0: port 2(bridge_slave_1) entered blocking state [ 546.827095][ T9573] bridge0: port 2(bridge_slave_1) entered disabled state [ 546.902032][ T9573] bridge_slave_1: entered allmulticast mode [ 547.104746][ T9573] bridge_slave_1: entered promiscuous mode [ 548.141542][ T5848] Bluetooth: hci0: command tx timeout [ 548.650670][ T9647] Unsupported ieee802154 address type: 0 [ 549.715963][ T9644] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1098'. [ 550.018820][ T35] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 550.123565][ T9573] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 550.221666][ T5848] Bluetooth: hci0: command tx timeout [ 550.404559][ T9573] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 550.906718][ T35] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 551.906270][ T9573] team0: Port device team_slave_0 added [ 551.942429][ T9573] team0: Port device team_slave_1 added [ 552.312633][ T35] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 552.581613][ T9573] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 552.611429][ T9573] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 552.688075][ T9573] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 552.724384][ T9573] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 552.750892][ T9573] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 552.752696][ T9575] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 552.801600][ T9575] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 552.819283][ T9575] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 552.832442][ T9573] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 552.845889][ T9575] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 552.862838][ T9575] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 552.871075][ T9575] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 553.369984][ T9678] loop1: detected capacity change from 0 to 32768 [ 553.385567][ T9678] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 553.393983][ T9678] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 553.414667][ T9678] gfs2: fsid=syz:syz.s: journal 0 mapped with 5 extents in 0ms [ 553.453290][ T35] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 553.469489][ T9678] gfs2: fsid=syz:syz.s: first mount done, others may mount [ 553.708675][ T9684] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1110'. [ 553.776180][ T8] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 553.939829][ T8] usb 5-1: config 255 has an invalid descriptor of length 0, skipping remainder of the config [ 554.802567][ T5898] IPVS: starting estimator thread 0... [ 554.829891][ T8] usb 5-1: config 255 has 0 interfaces, different from the descriptor's value: 1 [ 554.902310][ T9689] IPVS: using max 22 ests per chain, 52800 per kthread [ 554.931727][ T5848] Bluetooth: hci5: command tx timeout [ 555.031491][ T8] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 555.070280][ T9573] hsr_slave_0: entered promiscuous mode [ 555.076071][ T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 555.099305][ T9573] hsr_slave_1: entered promiscuous mode [ 555.117050][ T9573] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 555.134428][ T9573] Cannot create hsr debugfs directory [ 556.302500][ T8] usb 5-1: string descriptor 0 read error: -71 [ 556.313939][ T8] usb 5-1: USB disconnect, device number 10 [ 556.867007][ T35] bridge_slave_1: left allmulticast mode [ 556.906504][ T35] bridge_slave_1: left promiscuous mode [ 556.951911][ T35] bridge0: port 2(bridge_slave_1) entered disabled state [ 557.011833][ T5848] Bluetooth: hci5: command tx timeout [ 557.022755][ T35] bridge_slave_0: left allmulticast mode [ 557.028435][ T35] bridge_slave_0: left promiscuous mode [ 557.052948][ T35] bridge0: port 1(bridge_slave_0) entered disabled state [ 558.336989][ T9702] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 558.850346][ T9716] loop1: detected capacity change from 0 to 64 [ 558.917041][ T9716] minix filesystem being mounted at /184/bus supports timestamps until 2106-02-07 (0xffffffff) [ 559.061514][ T9702] usb 5-1: device descriptor read/64, error -71 [ 559.091681][ T5848] Bluetooth: hci5: command tx timeout [ 559.311584][ T9702] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 559.911478][ T9702] usb 5-1: device descriptor read/64, error -71 [ 560.101045][ T9702] usb usb5-port1: attempt power cycle [ 560.190536][ T9726] fuse: Unknown parameter 'group_i00000000000000000000' [ 561.488042][ T5848] Bluetooth: hci5: command tx timeout [ 562.822247][ T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 562.844102][ T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 562.904925][ T35] bond0 (unregistering): (slave team0): Releasing backup interface [ 562.942637][ T35] bond0 (unregistering): Released all slaves [ 563.043861][ T9746] loop4: detected capacity change from 0 to 512 [ 563.098340][ T9746] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 563.123692][ T9746] ext4 filesystem being mounted at /188/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 563.412774][ T5835] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 563.807545][ T9761] ALSA: mixer_oss: invalid OSS volume 'C' [ 563.821613][ T46] usb 5-1: new full-speed USB device number 14 using dummy_hcd [ 563.981661][ T46] usb 5-1: device descriptor read/64, error -71 [ 564.239346][ T46] usb 5-1: new full-speed USB device number 15 using dummy_hcd [ 564.356191][ T9673] chnl_net:caif_netlink_parms(): no params data found [ 564.380243][ T9573] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 564.492474][ T9573] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 564.511678][ T9702] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 564.540473][ T35] hsr_slave_0: left promiscuous mode [ 564.551273][ T35] hsr_slave_1: left promiscuous mode [ 564.551475][ T46] usb 5-1: device descriptor read/64, error -71 [ 564.566174][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 564.575439][ T35] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 564.589317][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 564.597072][ T35] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 564.648740][ T35] veth1_macvtap: left promiscuous mode [ 564.661035][ T35] veth0_macvtap: left promiscuous mode [ 564.671541][ T9702] usb 3-1: device descriptor read/64, error -71 [ 564.687927][ T46] usb usb5-port1: attempt power cycle [ 564.700245][ T9770] fuse: Unknown parameter 'group_id00000000000000000000' [ 564.929349][ T9702] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 565.084058][ T9702] usb 3-1: device descriptor read/64, error -71 [ 565.199624][ T9702] usb usb3-port1: attempt power cycle [ 565.281510][ T46] usb 5-1: new full-speed USB device number 16 using dummy_hcd [ 565.312190][ T46] usb 5-1: device descriptor read/8, error -71 [ 565.444259][ T35] team0 (unregistering): Port device team_slave_1 removed [ 565.486229][ T35] team0 (unregistering): Port device team_slave_0 removed [ 565.551536][ T9702] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 565.592251][ T46] usb 5-1: new full-speed USB device number 17 using dummy_hcd [ 565.594032][ T9702] usb 3-1: device descriptor read/8, error -71 [ 565.626906][ T46] usb 5-1: device descriptor read/8, error -71 [ 565.787565][ T46] usb usb5-port1: unable to enumerate USB device [ 566.309656][ T9702] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 566.347167][ T9702] usb 3-1: device descriptor read/8, error -71 [ 566.472368][ T9781] loop3: detected capacity change from 0 to 128 [ 566.508988][ T9702] usb usb3-port1: unable to enumerate USB device [ 567.575723][ T1291] ieee802154 phy0 wpan0: encryption failed: -22 [ 567.590815][ T1291] ieee802154 phy1 wpan1: encryption failed: -22 [ 567.624025][ T9789] loop1: detected capacity change from 0 to 512 [ 567.811607][ T9794] ALSA: mixer_oss: invalid OSS volume 'C' [ 567.872446][ T9789] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 567.911628][ T9789] ext4 filesystem being mounted at /189/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 568.744330][ T5837] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 569.264986][ T9573] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 570.136806][ T9573] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 570.811534][ T9702] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 570.883983][ T9673] bridge0: port 1(bridge_slave_0) entered blocking state [ 570.905188][ T9673] bridge0: port 1(bridge_slave_0) entered disabled state [ 570.920052][ T9673] bridge_slave_0: entered allmulticast mode [ 570.936144][ T9673] bridge_slave_0: entered promiscuous mode [ 570.964485][ T9673] bridge0: port 2(bridge_slave_1) entered blocking state [ 570.981796][ T9702] usb 3-1: device descriptor read/64, error -71 [ 570.998559][ T9673] bridge0: port 2(bridge_slave_1) entered disabled state [ 571.016595][ T9673] bridge_slave_1: entered allmulticast mode [ 571.029788][ T9673] bridge_slave_1: entered promiscuous mode [ 571.140654][ T9827] loop4: detected capacity change from 0 to 128 [ 571.808223][ T9573] 8021q: adding VLAN 0 to HW filter on device bond0 [ 571.851136][ T9573] 8021q: adding VLAN 0 to HW filter on device team0 [ 571.900031][ T9573] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 571.910716][ T9573] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 572.142788][ T9702] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 572.250089][ T35] IPVS: stop unused estimator thread 0... [ 572.259458][ T9673] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 572.326137][ T2930] bridge0: port 1(bridge_slave_0) entered blocking state [ 572.333476][ T2930] bridge0: port 1(bridge_slave_0) entered forwarding state [ 572.341552][ T9702] usb 3-1: device descriptor read/64, error -71 [ 572.423341][ T2930] bridge0: port 2(bridge_slave_1) entered blocking state [ 572.430505][ T2930] bridge0: port 2(bridge_slave_1) entered forwarding state [ 572.502085][ T9702] usb usb3-port1: attempt power cycle [ 572.502672][ T5902] usb 2-1: new full-speed USB device number 12 using dummy_hcd [ 572.876859][ T5902] usb 2-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 572.927571][ T5902] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 572.975338][ T5902] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 573.005104][ T9702] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 573.092962][ T9673] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 573.103403][ T9702] usb 3-1: device descriptor read/8, error -71 [ 573.239753][ T9673] team0: Port device team_slave_0 added [ 573.268484][ T9673] team0: Port device team_slave_1 added [ 573.342024][ T9702] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 573.358706][ T9573] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 573.377292][ T9673] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 573.391908][ T9702] usb 3-1: device descriptor read/8, error -71 [ 573.398705][ T9673] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 573.436582][ T9673] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 573.460606][ T9673] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 573.477166][ T9673] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 573.519628][ T9702] usb usb3-port1: unable to enumerate USB device [ 573.550140][ T9673] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 573.671674][ T9846] loop1: detected capacity change from 0 to 2048 [ 573.683368][ T9846] UDF-fs: error (device loop1): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 573.756446][ T9848] loop2: detected capacity change from 0 to 512 [ 573.764462][ T9673] hsr_slave_0: entered promiscuous mode [ 573.770954][ T9673] hsr_slave_1: entered promiscuous mode [ 573.791246][ T9673] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 573.818347][ T9673] Cannot create hsr debugfs directory [ 573.853648][ T9848] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 573.916646][ T9848] ext4 filesystem being mounted at /184/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 574.198918][ T5833] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 574.465280][ T9573] veth0_vlan: entered promiscuous mode [ 574.517249][ T9573] veth1_vlan: entered promiscuous mode [ 575.413925][ T9702] usb 2-1: USB disconnect, device number 12 [ 575.440153][ T9866] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1159'. [ 575.502346][ T9573] veth0_macvtap: entered promiscuous mode [ 575.643563][ T9573] veth1_macvtap: entered promiscuous mode [ 576.017470][ T9673] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 576.070461][ T9673] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 576.098997][ T9673] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 576.140305][ T9673] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 576.186611][ T9573] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 576.224481][ T9573] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 576.255858][ T9573] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 576.292396][ T9573] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 576.324681][ T9573] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 576.357565][ T9573] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 576.399544][ T9573] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 576.583623][ T9573] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 576.607893][ T9573] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 576.624248][ T9573] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 576.677795][ T9573] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 576.721163][ T9573] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 576.764783][ T9573] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 576.814761][ T9573] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 576.825896][ T9881] loop4: detected capacity change from 0 to 64 [ 576.834625][ T9573] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 576.844532][ T9573] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 576.844528][ T9881] minix filesystem being mounted at /199/bus supports timestamps until 2106-02-07 (0xffffffff) [ 576.854974][ T9573] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 576.856381][ T9573] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 577.032213][ T9573] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 577.274803][ T9573] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 577.290452][ T9573] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 577.299408][ T9573] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 578.606333][ T9895] loop2: detected capacity change from 0 to 512 [ 579.738786][ T1146] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 579.756755][ T1146] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 579.773550][ T9895] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 579.850166][ T9895] ext4 filesystem being mounted at /188/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 580.039866][ T9673] 8021q: adding VLAN 0 to HW filter on device bond0 [ 580.046841][ T6523] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 580.098401][ T6523] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 580.166863][ T9673] 8021q: adding VLAN 0 to HW filter on device team0 [ 580.216025][ T5833] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 580.248325][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 580.255558][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 580.317257][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 580.324469][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 582.337600][ T9920] uprobe: syz.6.1069:9920 failed to unregister, leaking uprobe [ 584.470304][ T9673] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 585.136415][ T9951] fuse: Bad value for 'user_id' [ 585.145587][ T9951] fuse: Bad value for 'user_id' [ 586.055053][ T9960] loop4: detected capacity change from 0 to 512 [ 586.157576][ T9960] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 586.252109][ T9960] ext4 filesystem being mounted at /202/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 586.524135][ T9976] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1185'. [ 587.085925][ T5835] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 587.347992][ T9673] veth0_vlan: entered promiscuous mode [ 587.403155][ T9673] veth1_vlan: entered promiscuous mode [ 587.526920][ T9987] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1188'. [ 587.840766][ T9673] veth0_macvtap: entered promiscuous mode [ 587.865501][ T9673] veth1_macvtap: entered promiscuous mode [ 587.982478][ T9673] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 588.639187][ T9673] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 588.671269][ T9673] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 588.721789][ T9673] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 588.791608][ T9673] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 588.845093][ T9673] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 588.890732][ T9673] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 588.931270][ T9673] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 589.097170][ T9673] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 589.524193][ T9673] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 589.547723][ T9673] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 589.619105][ T9673] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 589.660771][ T9673] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 589.708218][ T9673] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 589.761394][ T9673] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 589.783190][ T9673] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 589.816808][ T9673] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 589.863152][ T9673] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 589.903514][ T9673] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 590.484578][ T9673] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 590.534600][ T9673] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 590.586138][ T9673] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 590.655944][ T9673] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 590.687320][ T9673] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 590.727862][ T9673] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 590.761798][ T9673] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 591.098860][ T6523] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 591.138801][ T6523] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 591.496505][ T6523] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 591.531995][ T6523] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 592.705918][T10033] netlink: 444 bytes leftover after parsing attributes in process `syz.1.1202'. [ 592.822407][T10034] loop1: detected capacity change from 0 to 16 [ 592.920798][T10034] erofs (device loop1): mounted with root inode @ nid 36. [ 593.745153][T10039] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1204'. [ 594.389733][ T5848] Bluetooth: hci1: Malformed LE Event: 0x1b [ 596.474171][T10072] loop1: detected capacity change from 0 to 64 [ 596.513748][T10072] minix filesystem being mounted at /210/bus supports timestamps until 2106-02-07 (0xffffffff) [ 596.881968][T10076] misc userio: Invalid payload size [ 597.579623][T10081] misc userio: Invalid payload size [ 599.104035][T10086] netlink: 444 bytes leftover after parsing attributes in process `syz.2.1217'. [ 599.218937][T10087] loop2: detected capacity change from 0 to 16 [ 599.248384][T10087] erofs (device loop2): mounted with root inode @ nid 36. [ 600.962810][T10097] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1221'. [ 602.173515][T10106] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1225'. [ 604.930821][T10142] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1238'. [ 605.661208][T10153] loop3: detected capacity change from 0 to 64 [ 605.811676][ T5848] Bluetooth: hci2: command 0x0406 tx timeout [ 606.651176][T10153] minix filesystem being mounted at /227/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2106-02-07 (0xffffffff) [ 606.683447][ C0] vkms_vblank_simulate: vblank timer overrun [ 606.692426][T10153] xt_l2tp: invalid flags combination: 8 [ 611.318138][T10176] program syz.3.1247 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 611.543305][T10185] loop2: detected capacity change from 0 to 64 [ 611.577338][T10185] minix filesystem being mounted at /208/bus supports timestamps until 2106-02-07 (0xffffffff) [ 612.252955][T10198] loop1: detected capacity change from 0 to 64 [ 613.100211][T10198] minix filesystem being mounted at /215/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2106-02-07 (0xffffffff) [ 613.134576][T10198] xt_l2tp: invalid flags combination: 8 [ 616.244983][T10228] netlink: 20 bytes leftover after parsing attributes in process `syz.7.1264'. [ 617.860723][T10247] mkiss: ax0: crc mode is auto. [ 621.324316][T10270] loop4: detected capacity change from 0 to 64 [ 621.399369][T10270] minix filesystem being mounted at /217/bus supports timestamps until 2106-02-07 (0xffffffff) [ 624.813228][T10298] Unsupported ieee802154 address type: 0 [ 626.282663][T10305] loop7: detected capacity change from 0 to 64 [ 626.431547][T10305] minix filesystem being mounted at /17/bus supports timestamps until 2106-02-07 (0xffffffff) [ 626.855872][ T969] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 627.051761][ T969] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 627.088878][ T969] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 627.136459][ T969] usb 4-1: Product: syz [ 627.154310][ T969] usb 4-1: Manufacturer: syz [ 627.171310][ T969] usb 4-1: SerialNumber: syz [ 627.217678][ T969] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 627.850782][ T9702] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 629.184004][ T9702] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive [ 629.191960][ T1291] ieee802154 phy0 wpan0: encryption failed: -22 [ 629.198306][ T1291] ieee802154 phy1 wpan1: encryption failed: -22 [ 632.755071][ T9702] ath9k_htc: Failed to initialize the device [ 635.362207][T10166] usb 4-1: USB disconnect, device number 11 [ 635.445741][T10166] usb 4-1: ath9k_htc: USB layer deinitialized [ 638.217349][ T9575] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 638.241795][ T9575] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 638.261614][ T9575] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 638.299509][ T9575] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 638.323263][ T9575] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 638.330748][ T9575] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 639.235245][ T6999] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 639.254470][ T9575] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 639.272903][ T9575] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 639.291935][ T9575] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 639.303566][ T9575] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 639.311209][ T9575] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 639.318859][ T9575] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 639.346713][T10362] loop3: detected capacity change from 0 to 64 [ 639.355406][T10362] minix filesystem being mounted at /242/bus supports timestamps until 2106-02-07 (0xffffffff) [ 639.842706][ T6999] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 639.892323][T10365] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1308'. [ 640.106159][ T6999] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 640.317503][ T6999] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 640.452071][ T5848] Bluetooth: hci2: command tx timeout [ 641.380406][T10393] misc userio: Invalid payload size [ 641.921568][ T5848] Bluetooth: hci3: command tx timeout [ 642.037039][T10394] misc userio: Invalid payload size [ 642.374566][T10390] mkiss: ax0: crc mode is auto. [ 642.435206][T10349] chnl_net:caif_netlink_parms(): no params data found [ 642.611729][ T5848] Bluetooth: hci2: command tx timeout [ 642.625138][ T6999] bridge_slave_1: left allmulticast mode [ 642.658248][ T6999] bridge_slave_1: left promiscuous mode [ 642.680265][ T6999] bridge0: port 2(bridge_slave_1) entered disabled state [ 642.713526][ T6999] bridge_slave_0: left allmulticast mode [ 642.742321][ T6999] bridge_slave_0: left promiscuous mode [ 642.774814][ T6999] bridge0: port 1(bridge_slave_0) entered disabled state [ 643.433484][T10166] Oops: general protection fault, probably for non-canonical address 0xdffffc000000004b: 0000 [#1] PREEMPT SMP KASAN NOPTI [ 643.446329][T10166] KASAN: null-ptr-deref in range [0x0000000000000258-0x000000000000025f] [ 643.454750][T10166] CPU: 1 UID: 0 PID: 10166 Comm: kworker/1:10 Not tainted 6.14.0-rc2-syzkaller #0 [ 643.463954][T10166] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 643.474018][T10166] Workqueue: events l2cap_info_timeout [ 643.479499][T10166] RIP: 0010:__lock_acquire+0xe4/0x3c40 [ 643.484976][T10166] Code: 08 84 d2 0f 85 15 14 00 00 44 8b 0d ca 2d cc 0e 45 85 c9 0f 84 b4 0e 00 00 48 b8 00 00 00 00 00 fc ff df 4c 89 e2 48 c1 ea 03 <80> 3c 02 00 0f 85 96 2c 00 00 49 8b 04 24 48 3d a0 77 82 93 0f 84 [ 643.504596][T10166] RSP: 0018:ffffc90003fff880 EFLAGS: 00010016 [ 643.510675][T10166] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 643.518655][T10166] RDX: 000000000000004b RSI: 1ffff920007fff22 RDI: 0000000000000258 [ 643.526628][T10166] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000001 [ 643.534598][T10166] R10: ffffffff90625817 R11: 0000000000000013 R12: 0000000000000258 [ 643.542574][T10166] R13: ffff888029d1bc00 R14: 0000000000000000 R15: 0000000000000000 [ 643.550564][T10166] FS: 0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 643.559495][T10166] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 643.566080][T10166] CR2: 0000400000041000 CR3: 000000006bf96000 CR4: 0000000000350ef0 [ 643.574070][T10166] Call Trace: [ 643.577345][T10166] [ 643.580269][T10166] ? die_addr+0x3b/0xa0 [ 643.584459][T10166] ? exc_general_protection+0x155/0x230 [ 643.590032][T10166] ? asm_exc_general_protection+0x26/0x30 [ 643.595806][T10166] ? __lock_acquire+0xe4/0x3c40 [ 643.600695][T10166] ? srso_alias_return_thunk+0x5/0xfbef5 [ 643.606364][T10166] ? mark_held_locks+0x9f/0xe0 [ 643.611159][T10166] ? __pfx___lock_acquire+0x10/0x10 [ 643.616399][T10166] ? irqentry_exit+0x3b/0x90 [ 643.621047][T10166] ? srso_alias_return_thunk+0x5/0xfbef5 [ 643.626719][T10166] ? lockdep_hardirqs_on+0x7c/0x110 [ 643.631933][T10166] ? srso_alias_return_thunk+0x5/0xfbef5 [ 643.637610][T10166] lock_acquire.part.0+0x11b/0x380 [ 643.642751][T10166] ? l2cap_sock_ready_cb+0x41/0x170 [ 643.647973][T10166] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 643.653635][T10166] ? srso_alias_return_thunk+0x5/0xfbef5 [ 643.659312][T10166] ? rcu_is_watching+0x12/0xc0 [ 643.664081][T10166] ? srso_alias_return_thunk+0x5/0xfbef5 [ 643.669737][T10166] ? trace_lock_acquire+0x14e/0x1f0 [ 643.674944][T10166] ? __pfx___cancel_work+0x10/0x10 [ 643.680073][T10166] ? l2cap_sock_ready_cb+0x41/0x170 [ 643.685291][T10166] ? srso_alias_return_thunk+0x5/0xfbef5 [ 643.690946][T10166] ? lock_acquire+0x2f/0xb0 [ 643.695466][T10166] ? l2cap_sock_ready_cb+0x41/0x170 [ 643.700685][T10166] lock_sock_nested+0x3a/0xf0 [ 643.705376][T10166] ? l2cap_sock_ready_cb+0x41/0x170 [ 643.710594][T10166] l2cap_sock_ready_cb+0x41/0x170 [ 643.715638][T10166] l2cap_conn_start+0x15c/0xb00 [ 643.720508][T10166] ? __pfx_l2cap_conn_start+0x10/0x10 [ 643.725897][T10166] ? srso_alias_return_thunk+0x5/0xfbef5 [ 643.731560][T10166] ? srso_alias_return_thunk+0x5/0xfbef5 [ 643.737241][T10166] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 643.742915][T10166] ? srso_alias_return_thunk+0x5/0xfbef5 [ 643.748568][T10166] ? rcu_is_watching+0x12/0xc0 [ 643.753338][T10166] ? srso_alias_return_thunk+0x5/0xfbef5 [ 643.758993][T10166] ? trace_lock_acquire+0x14e/0x1f0 [ 643.764210][T10166] ? process_one_work+0x921/0x1ba0 [ 643.769336][T10166] ? srso_alias_return_thunk+0x5/0xfbef5 [ 643.774993][T10166] ? lock_acquire+0x2f/0xb0 [ 643.779516][T10166] ? process_one_work+0x921/0x1ba0 [ 643.784645][T10166] process_one_work+0x9c8/0x1ba0 [ 643.789608][T10166] ? __pfx_nsim_dev_hwstats_traffic_work+0x10/0x10 [ 643.796142][T10166] ? __pfx_process_one_work+0x10/0x10 [ 643.801557][T10166] ? srso_alias_return_thunk+0x5/0xfbef5 [ 643.807229][T10166] ? srso_alias_return_thunk+0x5/0xfbef5 [ 643.812886][T10166] ? assign_work+0x1a0/0x250 [ 643.817492][T10166] worker_thread+0x6c8/0xf00 [ 643.822102][T10166] ? srso_alias_return_thunk+0x5/0xfbef5 [ 643.827765][T10166] ? __kthread_parkme+0x148/0x220 [ 643.832798][T10166] ? srso_alias_return_thunk+0x5/0xfbef5 [ 643.838463][T10166] ? __pfx_worker_thread+0x10/0x10 [ 643.843607][T10166] kthread+0x3b2/0x750 [ 643.847697][T10166] ? __pfx_kthread+0x10/0x10 [ 643.852297][T10166] ? lock_acquire+0x2f/0xb0 [ 643.856818][T10166] ? __pfx_kthread+0x10/0x10 [ 643.861428][T10166] ret_from_fork+0x48/0x80 [ 643.865866][T10166] ? __pfx_kthread+0x10/0x10 [ 643.870465][T10166] ret_from_fork_asm+0x1a/0x30 [ 643.875246][T10166] [ 643.878259][T10166] Modules linked in: [ 643.882172][T10166] ---[ end trace 0000000000000000 ]--- [ 643.887626][T10166] RIP: 0010:__lock_acquire+0xe4/0x3c40 [ 643.893135][T10166] Code: 08 84 d2 0f 85 15 14 00 00 44 8b 0d ca 2d cc 0e 45 85 c9 0f 84 b4 0e 00 00 48 b8 00 00 00 00 00 fc ff df 4c 89 e2 48 c1 ea 03 <80> 3c 02 00 0f 85 96 2c 00 00 49 8b 04 24 48 3d a0 77 82 93 0f 84 [ 643.912764][T10166] RSP: 0018:ffffc90003fff880 EFLAGS: 00010016 [ 643.918830][T10166] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 643.926801][T10166] RDX: 000000000000004b RSI: 1ffff920007fff22 RDI: 0000000000000258 [ 643.934770][T10166] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000001 [ 643.942738][T10166] R10: ffffffff90625817 R11: 0000000000000013 R12: 0000000000000258 [ 643.950720][T10166] R13: ffff888029d1bc00 R14: 0000000000000000 R15: 0000000000000000 [ 643.958692][T10166] FS: 0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 643.967626][T10166] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 643.974213][T10166] CR2: 0000400000041000 CR3: 000000006bf96000 CR4: 0000000000350ef0 [ 643.982192][T10166] Kernel panic - not syncing: Fatal exception [ 643.988538][T10166] Kernel Offset: disabled [ 643.992867][T10166] Rebooting in 86400 seconds..