last executing test programs: 3.460041692s ago: executing program 0 (id=683): r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301) ioctl$USBDEVFS_CONTROL(r0, 0xc0185500, &(0x7f0000001240)={0x80, 0x0, 0xa00, 0x5, 0xe01, 0x3, &(0x7f0000000240)="0279d7a2da2c6b5f92c125aeefdf677127a1bfce465cc3c0c5f9d2eef646f57789415c387f9e2787c840677a7beae2873f37dd7c4f06700a42d5c781d854217a408d93ad12d49133d84708debbcbb9a57399c31c8db72528d014cc5df8fa3bb4420b19f55d087d17ec3bcd5fc918eeac04e5cbcbefd22546a7405e7e79d8120878a14a0ddc498768926f1208756c7000af32b65db3e0473e02412ee9aca258e0d162d55ce422ecb59019400659b53e01a25d1cf1435adf06370588dc0daea92c5c573d50746d4fb02b66f3a8dca49b8651d235d8579ffe8dc8da78660af2988846c05a9669d2c990ef48e5650c794c54fa96f50de9bbf7d1c38197be4a207e02c4181473ef669f5b720b4fad3f566c23c1b7614183fb433038185da6f88a686b50da9a6fe3dd45d62a816e5762ce81df6f6bfe1687d112562f2fa9b4b87030bc791949410e81a447728e4e6601f49d82163d3bdea2b58878a0a4b5912341e99250d9d9e33c15e66804d69f8b236ba3691d9045e54b0d402cbcbbf6c09914cddc3e6cb928d371b4b1bf63ba07079d4063cf9293e733667814636d0386505a5eaacd9bc91b7cdf72dc9d89c05e9594142e926bb9d8261ac07f604c8fab949a83347d77d0eaa0fdcd18a4ad6b8e26328910db173600e745f009b36ec3c72415d51642ee52f20244c4ccc91c13b0a743de5bbddba4b69d2dc56e1d463593f74abad323bf430aae4cad3a102fbffa4264ccc66b39f23b06ff0afcd9ba26313c36e41b3fb2136e08d0c5ae7790e1161f746d111168ca7a40a86b033ec853bd6b03a7ec63812c4a3e66baa98634d8c40f8cc4604d12ef824a19b26c4f7c525fe9792ea0fceee0150b0d141b3ac652a4708bb310330fa71f4000d5ab62d6c495d219e32caa7ac9c5847295086d243572ab7c9c0c131be8082f447cf68687e5935c281880f1633fa6bbc49a505c6b4bbf510affd14490b756d2a20742f06ae6b858d1485639ac6017e0a332adba2eab58c4834788194942bfbcc5437558032be467393a02b1252513496ead8279c676383495168449f84b05d34a82c70df805c053ff24afbd933888d88ae255875d4d8e48364b5c313fb086648d53e53f980ccca8ec90281ea98a66a955b03663cd6302d5d8bc35ed748a6a0d065e8d88f0f6ec09b7fdb4d16bff344d09395a4b232e6037b757a183588e150535387d2b1ef223e48e8e88796185dfe8e97424789e2992b5569cef575d2f63114e3e4c34976c4b2fd9f603ebce7e8bfd86d7002dd02e276353f95298a990509696c9c53817d9eee2dc3815265c5df78ad48bef85d5eee687f9aa2fbe2c42e25b433d3af512fc6f003b9c4fab1d74f46cb80b0c198ff50924fc3b66e77f91ab2520d0ef68b1ee456d915f85f4d3711531707703d8130a3282a89c0a94450d587ac18310ef7d4cc792923fe31f1314c8e545262050ce569b54672eb61b776b5fa3990a43a11708e128cb6ac9d30229518432a5f792ab2732ff32fc6b4054a971ac995f64a526948717abeffe2440678daed2d328aa9ca09d2fe812bb9075229d61127856a181b726aaf18b7b61c6633c62b37048adea193588b154fac26b9d8bdff3e64edf9ed066c99a71dca16acb3734d6fcb5dd15ae8bc09dea076cb549bf33688916c8808e992a0a405cd4c4f3ceb7514050f911dce97aa63c852716dea7103c40db6bd835d760b699a71d9e424df06f5f770048b76dfab34bd05f533db4f541646de3dd25c7230828e6e0b044151ebb293e149d239ac1099e72a1dcdca159ae67fd8bbea6665b9b288e6ed4ebc81d1412e07c3b3c9ed291648374d76ae66bed88178a3786af6d9dbe67627b8f4c02d646c5714d70cd647053841216c2e617c8a7fefabe8f8e6c3a34ae916568f2e05a1bd82a1b5ec81d2d2f39f76f463bd83199e020af5cf39d5497d04ec8fefb284368ffb4ee0fff5cf54dbcbb114dc8c9b598b0e1b9b7c12118d972a34cd246e18f2a491b42a0a63f85cf5f512cd5d93e936485a5d301b742bd51bb736ce996c86cc3d53af6e0c55182acc4b562daf904f0cf6b6fec34c177082fb6e7acf5c7918561b97a956aeb2efda6f0044d01539b2ebc930e6c93e646f1b7379fddde3a3bcd42913e1104881b1c5bc08f7000dbace7806155ed8b0576fa1ec4cffed46675e59decd379a52e5f06cae6bab1b6470c5a4f07f278aa3cd96ee10fa1e8cbd69f76f9a2a67f41ababa803a5e7f427b56dd3c5af766093dd5ec4f64857842cf3578ecb801205f112360944c9f49ebee3b4646b0b5676e3f15a5c114f4c0b382b80fe52eaaf764bb05bcb0ab348b927a29432870a17bdcf37cbc6bf21bee563d1fa6fad2b5b08ecb6f41e8419c74cbe7fdf40f3cf6fafcab8512e84f49fb8ba83ab11bb0e21467131a05578e23196094ba941c36456f11c8ab7dcfd0d8b189f3dac74397c568821bd72cc02f1228438d4bb77d341584afc33859fd9485bd084352a98e49aa8bcf8538430f923ede89c12a3c4e30a12ccaa2f935b782f85833eb82cec387a7331d606acb38045daaea5e5a3b6c109c4085105e5f9ade785fdffa7b76bd24f4fa9e5a5f0253f4062de9dc11704e4dc7fcb4764b3d48ee3552b0946709611d94d99fa55e6fc369725332585a2be8c563eb86b4cad5f97b39de067dcf8c644e7469214b583bee08526b6f2a3190915dc213526b84e19326d2ed7052a78dbf7f858878a34a81f4ad13780cb7a99a26ea8e9eb9758f028cd167e303f9fd9fb191debce77e7e681677b63e6f392b545f2dbbe7d3a0e853726c6ab3091318f1241775365f178800599b91fd8e069f345241a350d4943d54b3fa63ef5cb1964e5c0ee84f9f13bb955fe2a7430a9c3c98e1d8a6eaa743b11d6eb6d8fd77f657f679a1d01f292fbb13f1f2e92607d42a8fb58a766a8f24d0edb6967f2cf75376a056f3b9e2ff37f028beab13486519ad574fee0bce38f2c96a75cde1e4118d88e5a9622ee845462800e941e545607b62ef1f867c6d99f715005c00595f99a9a6b40ab5fd0e4e7cb52774652645427733747ce365ff1cfed2464ce826ef28c911a12abbc5c62e1d16152be1a62568c72fe3e8a6d58ec65e8f89e68a15664742208652280addafdcd6135f2c2b43d13f30344066f94cebfd244f7d0b4869c127490082fa152092e95d990ea6e7fd3d22563161c5835239dbd3f4026589e82aadbd9a0717f2321c43d625a6507f2fd74ab5a57b5309d4eb143693e499ee32eb455d4849c3ed1dfdc149189b81d03982228a743ccf00f1e7d49d8ae4daa47319e2ab7e278af2f8865651911cd8cec2aa431ae3d47c7859b63791fdcd34581b9bc7b33ba0ea79db536135c90cb49c7bb53bc9d7264a8ee98b3e7bdf93d1aa2930f33a3666b6b999cdf4c25d04a9ab43bde3e502c49706821e9ccc4ff5fcb4f63fbdfde09971de04596bf1264a430600cb3a496feef2b88a3c794a5ef3614456b9cfd090f17d70753414ce42f358dd57bea17e194bc61391827aa2df9e88fa31b190cba482b4d02a8844391257df66a79402b7ea6e450d778c27daf0cfe194685fd4b015a0e74e0bf5745dd89125ed969fc447d47495a6aba7ab5663070e437319c4da77475a0fe153698c4d1b9ad85d7c16a9ac75f5bbc0bed624cb850634d95cab13ae8bb1f560096fe4e71686c83279a916fdbfdadbc79cc3bb159b80c81b74408176e2bcbc077d61dce1e0748762b7d850950457c5211f147e948fd5a204621d323378f669b81946526dd28cf7b1fd5b72ffb0dd2138ceaee288e373d6a29724843c067e89f5ca1ec58afb19452a0fed153ddea54016f712d676f43c27179e442fe2d20ddb0dc0647a33a0e8a6a4c22cbee0177deb0a7c59151a535cb86701655578cf48c4521e47922734b4ce4cb8f5053897f8b3ed196a9a75fa7ebe9f70a5a3e2a6241b3b84a23cf6e266070d3f8fb898cc8676045a750e4452b68c24e8c05aaa0c8f6356888dcea58f325214b25a091ade3096fbee87a9094864049974b5272c969b264eaa1c7f23726cf3620ba2ec75741f042f4bdd53e75ca06ef2e027332e15b20cf81b72f951660aa09f5639f60cc9ec91972ba405b17bdea772b80520aa68f165b2e2682d1a26500f3436fc816ef289e8419ca6c1474886f0119498c9aa7aa3d5a79f104fff61a23680f5b21868a88ed8303d5c0c92bf5324e0e1c318c618587093783cebd32b80a7dc53582b463d60f7664c3c441e155b01d7980c5315a6d107b90f4ea629c40e90765ae6782a1fd5dae2feda979823e9ab0e0aa6e5aeba75fd1d490a90d4c9007f89c9ca1582d55ebe57a4df01205826ccc0dd0010ba163d0baa2918c7f19d200e3ac656d9a6601020f5c13b6d5d2e896413b57e0e9bdfbe6b2f4017a9f0d8bf0b989c3caf8571a402b266750d3f1516d55336bbc89d6cb21af9a3a9a5f50d4a36fec7280bb7b3bc6db4a361d6006fa97dca6420a13d56d9ddf4f0a7e1215c442c138951b196a014b214990723a2105b295bef4a9b0d10e7f9f1b1719de7ce10c969caab968975567b627b4a25db7029bdbad177290b15648655920a4ded0746b5ecb942682d1ded799fb7f6d17ba8cd9519f9959b943c971900ac9eaa169b1d0cff331b0c03f2c819c657e1c7899d9ab137aaef227ea899cba501c46582a17903bafb2fd4c443fa8ce4301f818500f0280dcde9ace780b06c7ebc2f02b2090edb8eed8bf03838014778034e332b4e55971fa02bcfa8ef34723f3d63529201fcd61d08bab69684839b7489da9da46f974e8c4e301f45b98cef9764a37bef951c1404d2ff548513e2c6757ea1edf8ab996f1fcf11c208471712e64262076532b1ce30247d4b8f7dfdd5bc8ca9a1398550ed90d8a08e4821c6636c21083aa61f13bd350ecbc00f1c251735df1568ea882d03a9910dd9ac3b725e96d564ab9bd620c913e4c773e2f7b6fba1f9a7bbb9bbaeb96df1d9ecd12e73a05c07e510f7cbb801dc067b048e2e24e8a5b77dd5e2ad8b2ea1880cc586b7c86fa8e6a7e1293bd42ba6e9b347dafd80c9f8f10e5714d5d659f"}) 3.459872692s ago: executing program 3 (id=684): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000080)=0x200000000) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000040)=0x1) 3.459393032s ago: executing program 2 (id=685): r0 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000000), 0x21182, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(0xffffffffffffffff, 0xc1105517, &(0x7f0000000340)={{0xfffffffe, 0x1, 0x0, 0x0, 'syz0\x00', 0x1}, 0x6, 0x100, 0x4, 0x0, 0x0, 0x0, 'syz1\x00', 0x0}) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) sched_setscheduler(0x0, 0x2, 0x0) r1 = gettid() r2 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000180), 0x40e02, 0x0) write$rfkill(r2, &(0x7f0000000300)={0xfffffffc, 0x2, 0x3, 0x41, 0x1}, 0x8) shmget$private(0x0, 0x3000, 0x10, &(0x7f0000003000/0x3000)=nil) write$rfkill(r2, &(0x7f0000000080)={0x53, 0x8, 0x0, 0x1, 0xcc}, 0x8) timer_create(0x0, &(0x7f0000000040)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r3 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000000480)="510a068ea8209e5cc9c1c51119b38c62ff3c1ab3ad7485ed007510fee1470ba298f9d27a0db318c0379e11d9d5d15e3ed835b8a2c661d99ee1b0cd46ffec1c8fb07bc1f6ab98976e4c200aec6f8c41586c7eb1cb6a6704000000000000008974b1a010cbd162125e17ed963997f4cada45540bb5439f3c6cb7da2a9332c08cf8ea96809ae9825f941e914a266a4bbc1324f9e64f3287a5c41d50d9cbf9540b1e4a8ca459633dfdd0e9af22057737380fb564c4fa432508d48f0541d0e204127500002200000000d13d58e14e41dca73d84e3df7a1bebb754625a6f7cd8af3c5590b027644c97b185ed74967d93e5921b43514ac1a518c3a1700622a533d0e9617d46927c0d8bd9a38b1c11a15ef22ef97a425742f44ce0296f3bf0f3d06026c808d30121f7f82b686bc7b174484bd4525d5ea0c857186123fb8002d1acda45008f66416fe0dff7ab2f220899eeec4493ffe4a5df3657a3677b1f04f2", 0x15c}], 0x1) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000040)={0x9, 0x6576, 0x9}) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000380)={0x0, 0xff23, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000440)=0x10) mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r3, 0x100000000) socketpair$unix(0x1, 0x5, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) socket(0x10, 0x803, 0x0) syz_open_procfs$namespace(0x0, 0x0) move_pages(0x0, 0x0, 0x0, &(0x7f0000001180), 0x0, 0x0) r4 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@float={0x4, 0x0, 0x0, 0x10, 0x8}]}}, 0x0, 0x26}, 0x28) socket$igmp(0x2, 0x3, 0x2) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x3, &(0x7f0000000400)=@framed={{0x18, 0x0, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x3}}, 0x0, 0x1, 0x0, 0x0, 0x40f00, 0x20, '\x00', 0x0, 0x0, r4}, 0x94) ioctl$PPPIOCSPASS(0xffffffffffffffff, 0x40107447, &(0x7f00000001c0)={0x0, &(0x7f0000000100)}) socket$igmp6(0xa, 0x3, 0x2) 3.309295095s ago: executing program 0 (id=687): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x18, 0x5, &(0x7f0000000540)=ANY=[@ANYBLOB="180000001800ff0f"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r0}, 0x18) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_mount_image$ext4(&(0x7f00000003c0)='ext4\x00', &(0x7f00000002c0)='./bus\x00', 0x404, &(0x7f00000005c0)={[{@discard}, {@bh}, {@nomblk_io_submit}]}, 0x1, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=") r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000240000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x18) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r2 = syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x862b01) write$char_usb(r2, 0x0, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) write$cgroup_int(r3, &(0x7f0000000000), 0xfffffd26) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'ipvlan0\x00'}) socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0) pwrite64(0xffffffffffffffff, &(0x7f0000001500)="9b63", 0x2, 0x2) socket$netlink(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40}, 0x40800) bpf$MAP_CREATE(0x0, 0x0, 0x39) r5 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_BLANKSCREEN(r5, 0x560e, &(0x7f0000000000)) ioctl$TIOCSWINSZ(r5, 0x5414, &(0x7f0000000040)={0x9, 0x2, 0x1000, 0x5}) 3.274885806s ago: executing program 3 (id=688): r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f00020000000905050200de7e001009058b1e20"], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000300)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) writev(r1, &(0x7f00000023c0)=[{&(0x7f00000003c0)="d04a15fb50ec4d9366f2472a83b95602e0eb2f1a588c0a5e618915fd07a8a88b07e455bcac374f32d10bedd7c3adab34d898b37b1454ce095149059f31dad144da29eab132c2f6c029072f4d7f619d02fce498761768d8d5599d735e34ef242654c70061f9022891c66eea11945791470020d32894cbdc4da814d8195264e4d3d1b2810ad6bb3b74f6cc9e4fcca72637276941810c90da0f14a2b306fe469ec7402a40a329c768ea3bc38f16b969eeb3b807e1253798b9bb16650681fcab0d938a7afd402b58076a18cd83776ead32b28e993919afc2eecb9644313c323d3a21d91e7d2ea864095d7d6918aff81077fec0ce15d1de836b0ea36201b51d680eec6d48e85a5e224c9217fe97895628d11e64c7e3bd975e17cf3c268b81bc6b707962248f232b7e8e27a6d081d55775cf5273f2c7aa2ba0e0974e42cebf68a65b3ed5007332ad3589ee768f62199c767329a3d3e40d2956adf45fb4e9c7d716d0b338bad25b85d350eb854ed44fe0eb85a861360d04c877e3ab4f94a24840af2ccb85cbce875707220bffe52849b64012660d7a5da32db8b07e13bdc74dbea4f003c88043587d75ed17ad00e615eac89eae0a6572b4e3d14acc63cf7f869651a90081705c588ebae1524242f378f32653697710714b42567378c0d8e5bab6d5524f49cf6c5ebc983ce533e4cc8f43487ef96d87727ba8af8263bf9f8617c0d1cd35afbde3f5964f03668aa1ee0f9172e62da47f07deba98718fa1736e84e84cfa35f20adf00c09ba2bf32f80bf4a302dbb0b994cd5cae14b467902d189356c5c66dd417d7a3345ceabbfd0c970d772bc60c1214cd8deecbd1b30863a2f431ff484373b8cf34fa76ea13e7a7de6d802e19b19f68d42be79031b1759b4cdcf888768d8cb7f3b93c18a9b4b63d6b66f6ebe304633847e2db2610735405845a238785ec8ff82c90662479d986420b47ae5ca6ece760f75bc1554a47b4205f1a040eeff2750bc66bb70c62103b4ee013dd2898a9205498f1236b0789661b5b45dcd7fa241cf91b48077dcb69445f27b261dc0d7ab88b5079ee96a85087e6ebcad5e110be23ae2b9b43109abd274eb54081ae84853c90e31b8e4f0b1acc9023eabb9f0671a8a1bf3237c1038a5d24eadc321bfe89cf2b238fc2af66380463343e31dd24b4cf36c275c1b87132d0a9dd11a3cec3873be9e9b627a06b8e1dfec2b47686173455fa6f2caf3b5ee9b19fecf81d021dad0b577666931246273a72289bd8f1a87bd62f8bffa975b7d882f671a351c7dbe97f53611e591daff8f684fdd40c5129b805d66bf41865158602b71f20d096b028c0740655e71318d88e7009e25e7f0fdea7b9bb7c2e1241d09588703f0589b6502882108fe39ab7b2a5dd9720c309f41e75efdbf0f84577076e8f641286ef3e089f7a9c4800b7fcde260cace55651e0d5fafbe3ceeedcae55516efbd59273901a2396620f6c8dddfe8da6d44c922bae05f599e972d56fa14e5cc00817110e097e8219ec0289aa3ac46242dea1b2846a48583c89df28ff94991dd0f27786b0d7913b41b26b25431c30d257c19de2710372451fde7f052a07f6300c0e53275db3bbb45cd829c521caff5d2024d54518370fb7eb57360235d2781f4566cb9eb3a26110a38b3a145edc48069a8ac7681835af0156f7967b44d8ad048e9274ffd35e3bcdd26459bfea181eeaa4ab502019da24e08fa901ccd127007f6ddd8a117730af477ce5a20d5fc3b66be16468c87c1643081b3c4ca78d4f6def10448e0ba60d5757bdd1b71608b8cb0df3e987990bdbcd00cb0a036d7990832131535b42fd3ec735f156a52338246275b188ffe481660525ea02191bcf9e184d6dbab2742bd5cf5a8e8a0cddddf90869b806e5ef0b3325779d61f38055137e2389f5407ebfff23d3a9b57876d04f1c7f099ac859966efb3f67dcf57cc001437f8797434c67f64003283b6ccf1144d38654f6caf32dce5c5d748f0febc9ab272447fc56f144a1063bdb7a1ae5686ed6dc548398a9c2687198d2194df28590acf2e3ab2e952c9f7199eb0d1e37e7d3f6acc64209fa1707b4353cff13941ed3cabed79cc8523dc7e67b57f63c1312f96173a708b67cb9f306ded37c8e18c53846addd85b62fa3669697693a966a578545f2ece450e0355f122ec2b1ea1d2b8fbb832c13ba1e4a339c420620f21686511ff32b14b2da51dce681f06e85b76508b9ebe6f18e899bd28e883579e5b4d38143f6e48e7dbc68494bbe367e825254e56797ceca8cd42d13d29f13e662ab7d333a8ad06f4c915e94f91fb777a4552426a18a7bdf2d3ce9b19291a276498259be8eea54d4296efa6decd9ed9a10dc705fa1938f6b08d8fcab51754a7618ba258d0d6a02e9aedb5b8cfa42c4bba3197a018ba6cfcc0a488153a3b24a3e3f910eb66203b3808e9f999fe590786b12493ede0303bb1a6a66aed3bb100e65c4345f1e30eae2ade2e08a4d7ed1d38ef871e58b19a7d973a6691e1b03aa690d90ecf40e3ee037a4edce655368ed8f00b6da43058ad48561e4243f702ce5931c71d4354a7a5f2e7c34d3f96e142ceb08ecc43e86d08cd1b6262a0b00236266937be57b1b749b504eb90aa0dfdaaac4822172034171533a729a24c9c0a10890ee958b0b20f25a81566497b0fb149daa1653db3c01556cde2cb149cf26caeb765c9bdc79869b52137ac3aea2efd77c93bb911921720bfca406485443cac77a64fa77eed579c95a99745a130b2223eed73ef76ecda4b1965f43676eda7f60a4f83d317369978195409725a1b77c930a8f40baff925235ea9bf6ccf695daa20dcce53a248e126558f9850d98350a302f9f1e518ddf864278e7399e278291885a4cee7361dfbb676d2b721c68d18fb4d6c4b700167ca100218c653a196ed6ec53faad379eae39b150178e5cfb2bf3a668e4a6b18fa8000851fcf7cf719adfea6b23271bffbd9ff977958732df1d12def6def5ab411dc1c95120067e5d71367644e55aec79f849335e388b52cf83dcef63b97a0bc11bc6a31f6e3b75aecb4c3d1bbe9c2dda2d5bf5808091070325b6a8bb59fb1300e533728243a1045f8130770df67970649a6469f08a22c2b19e8e88fef9e74cccd33d10982526498827ddc136d539e974a2072f8205abd4c602d49e171c9c9255990a21fc746ed30e52490d3581d8c214bd213c8abec565c76382b490a8dcc1aa8330a5f4c3015d094486807aa6b8d8771becf045619515fab47dd34d15ef07ee626b62363a35ba9dbc7541fe1403480fccdfa5b3a21b04d4b8536764be0cf7767cb23c6d6b81f50acee703b4cea8db10aed9eaeafedfd859bf19b1bdf91c98008ad646d3ea3bf050fb21bd48046fe1a04f5ca200f60ed5e3b0d92305459b35307e821db9bf1caf9240b0c282802a4f410b9526d29ca30e6e1ddf792823ab606b61fde8c636a6bb130449180f4ed5e08e1c5acec2d0fdaca43e5cdb3c8f18ec73a50bb8a46224468c713f9618ec8e7358ecc69892ee89bef9833b7b6c4d29142575f7730eaeb7f5a4eccdbf1473b8790cdc355c3576381c75fd29c6a1f113f2e387c81de190071aa8912bfd188a20cb97244d8a3f691e15692b677557b99d27a61bcc834f88c904ef791422cc8a46637185e300a3ce60d672194f80d03ecf02da6102ca40aa6f119aae5b61334af8308588e10a36f2781a2b15ff17a3d22036bb96f151d1239d065aea4773feab6d7d78bcf144714607a4c2dfaff781ff04855e424f7e2f66312843b99d2c1db37d3ae46930d334481b18db85e618a62931baf74113e722c96b14a94e074b9c4f3eaa1e0b5a757d4d6986d825e33ff704fa16fd50e6acefc84e5a1ddab5a1c0977c91e4bdd96af02fb5f4ca6861a35093f84f8e1e90e506cd63388946c0563a097b0342816a78f49fb5ba1a5a9588180f87b85f3f4eb7a0d67b989ea67536bc1a61788c48f0b8a80353b8b8371a29f6ffd7ec9fd434e5af66b2a63c47ed9e4a90a212c9ae4b4e89fb5d8f07c4172b3e681d9cfd7ba7df7411a16e28bb278401a901e3c0fc9d8c89061037741c62ec0a100ba3b4b52ed6ce3850815eb2957abe5cab9751a88736b3673897bad8be9589eeb35cdfe31e277fa700a5603821ae0b854813513ee703204a6b05e1972102eb2aaaf3b696a69d3eb63e26e7c3899be74f044268d02cfde601a1c4d4c3ffc544b8e83f34f4522e60b93eb981f9e32c4466e59b655af2e7a3fd9e320bf6fdbbe65ccdac1067da93290ddf47347a2be3237ae23a5a24446281aadcd15669bfe879e569e7643f6931af9b5ac8bf6372a4d7eef016d5b90d11889d831fd6fa82b2c6d406d51d9800941bcd4adf2af8ce331684722fd9656cc6d43924ac2a78c35aec73a5c888c02159fd40f0017cd4842c9ff6e1297933d8dc56ad2d176c5281c975159be56a891a7e1d9020b9c99f197a762adba2c702406e3fec4eb9adc527ec335b8351b31d2bd7bf7d6b2811cefa8a20cf5124e1c3e4c1f5df7d72bfb0b9f1edda872375540828ae905b05b43df9544ce45b307c98a1dd90b6d0693be6da2d6d0785c0d95922fd218307fcaf1b37fe71b23561fb2539c474685e019831f1652c48eb44ddb5d8214dd425e1eca9231b6f6397b116403a0fdb4526bbcd1b93d10d5535d97c6d0b672cedbe86205db45c38b88f87f2bfb5e77e182133eea2a36aa8d104ee66bb65fddad7f8a0fa8c9b424a4266eb92f702f1c3d1c114488c9c1ec60fd4014e6a4b73943772aef3eacefd636776e749f33816f8b2fb0b5c115c9d3c26af4069c7eb78b3d145ccbee2893ee3d78d282e5a42c2827049d9f0e3c9107a4d177a76fce7efd5f2938a019b63727dd66e4dfffe6cb4d21d0c72ed29fa39f33e6c4fa089a259d2974ea62ee734bb9beebe481f13e0912ebec8d0221629036458880fe5ab6e6f16e0382e1bd160998a199ed7686090d5655a1ac2d56eb1c0ec250e1545194db86b750dbf39badffcea745c3d82c4b9f96bb8da07790dac0f451a574d48bdde78c5196c0d7e56b67a2112979eaaa86bf169ceb292492023f81421f7c37c45ee16a0bcd1a32dd1cfe7d08e6c6a4859a208fa78090497f747829f17ef76526d8a2cfea319f68f736fc099a8492e2593cdcd1d7009c817b2d348e2cc4fdb27b224e7b2537bbb6ecfb6348b2c3c85fa77d8731636f11cc740954f13eaacabc12eef5d90cc4f74d2be16e095ec7df1e0e3c3bb29f99fbd02c4f54fe5239ef60d215869f5c21f894771559930d567e5827866f90600afbaf9b0b0aad037d429d13992fe224e7791703c919f2d40fb50122519ae5c649ae6f343bd94f50e6a52f493375053d0832c91cff9d1903d4af0d829da4397e9e8cc6ff3acccd77197d2918aec6789c7be8e447261f9f3a04ad3e6e99b6e2f9583a8f359832482a6d270f8cca68d7471ca61ae801e95ab4a82f3e9b609627effbd6ad41e36fb30bbd2491f207af0dd205af6aebb13b7e536c906b78d7c6672245ee61123457d15ce82c69c30faf9badcf72926cb0f0c017254429bdc99a2ffd4876a5e12395f058f1ba3406074b24b0fd7eba86383df9279d63fa2c420b32f51e198006eddddef69edcb5b2c5658f39ba892a8d1c158b75c0ae7ea4638501cf1cd7b9ba40e92c0e016d1ac6df11aca4ccc6d9d82ee94815d5f028413fb146e6c286875394c0bed45bb714cfa15eea0efef9b8157b53b6a635b6a516148096d5f4371558b08ec0ffc8dea797b82addae69016b4a4ae47bb96b9b6e5", 0xff5}], 0x1) 3.236668536s ago: executing program 2 (id=689): bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0xd, 0x4, &(0x7f0000000580)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x8, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94) open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) sched_setscheduler(0x0, 0x2, 0x0) syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb08004c000078ac1414000a0101004414050300000000000000000a010101000000008903ce070200"/61, @ANYRES32=0x41424344, @ANYRES32=0x41424344], 0x0) r0 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d77f10", 0x8, 0xfffffffffffffffe) r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0) add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = dup(r3) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r3, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 2.908679261s ago: executing program 0 (id=690): r0 = syz_clone(0x100411, 0x0, 0x0, 0x0, 0x0, 0x0) tkill(r0, 0x12) tkill(r0, 0x12) waitid(0x0, r0, 0x0, 0x8, &(0x7f0000000240)) 2.616033156s ago: executing program 3 (id=691): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) syz_clone(0x22023500, 0x0, 0x0, 0x0, 0x0, 0x0) 2.535822827s ago: executing program 0 (id=692): bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x2a}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1c, 0x2000000000000329, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000073"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d00"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000cc0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x8, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000200)='fdb_delete\x00', r0}, 0x18) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r1, 0x8924, &(0x7f0000000000)={'bridge_slave_0\x00', @random="010000201000"}) 2.3917026s ago: executing program 3 (id=693): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x18) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r1, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00) sendmsg$tipc(r2, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0) 2.344048011s ago: executing program 0 (id=694): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) r0 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) connect$bt_rfcomm(r0, &(0x7f0000000040)={0x1f, @none, 0x2}, 0xa) r1 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) connect$bt_rfcomm(r1, &(0x7f00000001c0)={0x1f, @none, 0x1}, 0xa) shutdown(r0, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) 2.065099896s ago: executing program 2 (id=696): sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) socket$nl_xfrm(0x10, 0x3, 0x6) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_netfilter(0x10, 0x3, 0xc) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000a80)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1088d8b8588d72ec29c48f0af5f2d9f51c4b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465ad32b77a74e802a0dc6bf25cca242bc6099ad2300000480006ef6c1ff0900000000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767042361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b6c7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae645ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48fc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1fb8f72cd317902f19e385be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa7956488bef241875f3b4b6ab7929a57affe760e797724f4fce1093b62d7e8c7123d890decacec55bf404e4e1f74b7eed82571be54c72d978cf906df0042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f870b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a998de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f154772f514216bdf57d2a40d40b51ab67903ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1594e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270bb29b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214d00000000d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c471c784ae7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec30cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd63bed8d31c31c37a373d4efd89f0000377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f0059161c5e0000000000000000000057d77480e0345effff6413258d1f6eb190aa28cbb4bafe34124172e436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fa03b84f63e022fe755f4007a4a899eaf52c4f491d8e97c862e29e457060000007ac691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104ebc1581848f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c716357d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c24936615ee68538e8fddd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426ca85e82ccf821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ad6acf5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba1c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63c41cbde2ba66ad81168070c8c6e18a6e452a31bdc4a60d637545ed4c8a1c649c3ce54ad3e16304d06a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c5140200000054d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c7340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a3bc38613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b9e6626f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f14eafe4b28ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1bfeef448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae0040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483f02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e9180100000000000000654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732e74dd690c57bdfdc1f069f9491bca7a8c59363799be70018c25ece5ad7307dc7a95c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2cdfb7fea73ca18874664d60a4b9423f3297bc8eb91b4ee1d73272ab28a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece98c077b358e752b439132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae2676384ff799783f55d7e5a1a092a01b965dc99cb7a9d98440c355927629f2bcf9dc2396eb2f5d25829715b24327642ac48f1201014a95e0e65e12cdf27e19043e3c5d3e798375cead35b9a93190a52cdecaaccc854a1d41ef365303f0e9b4fc969c9dab6df5e8a795b140fcc09e8a7b694d12932917facd8ceaa4e2d0d16bb0b95387fcd5ff136d8abddf94daf442bbff744591931872a36cf921ad69f2127386e8b0f9afee4da8d3fbec809fbb3ca0fded2859cf25d4c6155d396c5b9bd1a928923123f63f4c40688eae69990a9419456247bbaeb7948de84d2ff875414883bb1e503d4bfebc01bc12a53ea06bf38e571157bd642dac25dbee7832c58378374a39483d6721eec96c28911db21c0c006b42afc90000000000000000000000700000000000000000008ce4ea442c1a207108b35511186c5e860278f6463f52f3990ce08b1bfccc3cff4b5ae27b610aa9ba11b47d4f94c439e055cdbb2b12c983885c93ea4ab4ca1e02d831ae"], &(0x7f0000000100)='GPL\x00'}, 0x94) ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2182, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/consoles\x00', 0x0, 0x0) ioctl$TCXONC(r4, 0x540a, 0x0) 1.773716341s ago: executing program 1 (id=698): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x18, 0x5, &(0x7f0000000540)=ANY=[@ANYBLOB="180000001800ff0f"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r0}, 0x18) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_mount_image$ext4(&(0x7f00000003c0)='ext4\x00', &(0x7f00000002c0)='./bus\x00', 0x404, &(0x7f00000005c0)={[{@discard}, {@bh}, {@nomblk_io_submit}]}, 0x1, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=") r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000240000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x18) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r2 = syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x862b01) write$char_usb(r2, 0x0, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) write$cgroup_int(r3, &(0x7f0000000000), 0xfffffd26) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'ipvlan0\x00'}) socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0) pwrite64(0xffffffffffffffff, &(0x7f0000001500)="9b63", 0x2, 0x2) socket$netlink(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40}, 0x40800) bpf$MAP_CREATE(0x0, 0x0, 0x39) r5 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_BLANKSCREEN(r5, 0x560e, &(0x7f0000000000)) ioctl$TIOCSWINSZ(r5, 0x5414, &(0x7f0000000040)={0x9, 0x2, 0x1000, 0x5}) 1.459682066s ago: executing program 0 (id=699): r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f00020000000905050200de7e001009058b1e20"], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000300)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) writev(r1, &(0x7f00000023c0)=[{&(0x7f00000003c0)="d04a15fb50ec4d9366f2472a83b95602e0eb2f1a588c0a5e618915fd07a8a88b07e455bcac374f32d10bedd7c3adab34d898b37b1454ce095149059f31dad144da29eab132c2f6c029072f4d7f619d02fce498761768d8d5599d735e34ef242654c70061f9022891c66eea11945791470020d32894cbdc4da814d8195264e4d3d1b2810ad6bb3b74f6cc9e4fcca72637276941810c90da0f14a2b306fe469ec7402a40a329c768ea3bc38f16b969eeb3b807e1253798b9bb16650681fcab0d938a7afd402b58076a18cd83776ead32b28e993919afc2eecb9644313c323d3a21d91e7d2ea864095d7d6918aff81077fec0ce15d1de836b0ea36201b51d680eec6d48e85a5e224c9217fe97895628d11e64c7e3bd975e17cf3c268b81bc6b707962248f232b7e8e27a6d081d55775cf5273f2c7aa2ba0e0974e42cebf68a65b3ed5007332ad3589ee768f62199c767329a3d3e40d2956adf45fb4e9c7d716d0b338bad25b85d350eb854ed44fe0eb85a861360d04c877e3ab4f94a24840af2ccb85cbce875707220bffe52849b64012660d7a5da32db8b07e13bdc74dbea4f003c88043587d75ed17ad00e615eac89eae0a6572b4e3d14acc63cf7f869651a90081705c588ebae1524242f378f32653697710714b42567378c0d8e5bab6d5524f49cf6c5ebc983ce533e4cc8f43487ef96d87727ba8af8263bf9f8617c0d1cd35afbde3f5964f03668aa1ee0f9172e62da47f07deba98718fa1736e84e84cfa35f20adf00c09ba2bf32f80bf4a302dbb0b994cd5cae14b467902d189356c5c66dd417d7a3345ceabbfd0c970d772bc60c1214cd8deecbd1b30863a2f431ff484373b8cf34fa76ea13e7a7de6d802e19b19f68d42be79031b1759b4cdcf888768d8cb7f3b93c18a9b4b63d6b66f6ebe304633847e2db2610735405845a238785ec8ff82c90662479d986420b47ae5ca6ece760f75bc1554a47b4205f1a040eeff2750bc66bb70c62103b4ee013dd2898a9205498f1236b0789661b5b45dcd7fa241cf91b48077dcb69445f27b261dc0d7ab88b5079ee96a85087e6ebcad5e110be23ae2b9b43109abd274eb54081ae84853c90e31b8e4f0b1acc9023eabb9f0671a8a1bf3237c1038a5d24eadc321bfe89cf2b238fc2af66380463343e31dd24b4cf36c275c1b87132d0a9dd11a3cec3873be9e9b627a06b8e1dfec2b47686173455fa6f2caf3b5ee9b19fecf81d021dad0b577666931246273a72289bd8f1a87bd62f8bffa975b7d882f671a351c7dbe97f53611e591daff8f684fdd40c5129b805d66bf41865158602b71f20d096b028c0740655e71318d88e7009e25e7f0fdea7b9bb7c2e1241d09588703f0589b6502882108fe39ab7b2a5dd9720c309f41e75efdbf0f84577076e8f641286ef3e089f7a9c4800b7fcde260cace55651e0d5fafbe3ceeedcae55516efbd59273901a2396620f6c8dddfe8da6d44c922bae05f599e972d56fa14e5cc00817110e097e8219ec0289aa3ac46242dea1b2846a48583c89df28ff94991dd0f27786b0d7913b41b26b25431c30d257c19de2710372451fde7f052a07f6300c0e53275db3bbb45cd829c521caff5d2024d54518370fb7eb57360235d2781f4566cb9eb3a26110a38b3a145edc48069a8ac7681835af0156f7967b44d8ad048e9274ffd35e3bcdd26459bfea181eeaa4ab502019da24e08fa901ccd127007f6ddd8a117730af477ce5a20d5fc3b66be16468c87c1643081b3c4ca78d4f6def10448e0ba60d5757bdd1b71608b8cb0df3e987990bdbcd00cb0a036d7990832131535b42fd3ec735f156a52338246275b188ffe481660525ea02191bcf9e184d6dbab2742bd5cf5a8e8a0cddddf90869b806e5ef0b3325779d61f38055137e2389f5407ebfff23d3a9b57876d04f1c7f099ac859966efb3f67dcf57cc001437f8797434c67f64003283b6ccf1144d38654f6caf32dce5c5d748f0febc9ab272447fc56f144a1063bdb7a1ae5686ed6dc548398a9c2687198d2194df28590acf2e3ab2e952c9f7199eb0d1e37e7d3f6acc64209fa1707b4353cff13941ed3cabed79cc8523dc7e67b57f63c1312f96173a708b67cb9f306ded37c8e18c53846addd85b62fa3669697693a966a578545f2ece450e0355f122ec2b1ea1d2b8fbb832c13ba1e4a339c420620f21686511ff32b14b2da51dce681f06e85b76508b9ebe6f18e899bd28e883579e5b4d38143f6e48e7dbc68494bbe367e825254e56797ceca8cd42d13d29f13e662ab7d333a8ad06f4c915e94f91fb777a4552426a18a7bdf2d3ce9b19291a276498259be8eea54d4296efa6decd9ed9a10dc705fa1938f6b08d8fcab51754a7618ba258d0d6a02e9aedb5b8cfa42c4bba3197a018ba6cfcc0a488153a3b24a3e3f910eb66203b3808e9f999fe590786b12493ede0303bb1a6a66aed3bb100e65c4345f1e30eae2ade2e08a4d7ed1d38ef871e58b19a7d973a6691e1b03aa690d90ecf40e3ee037a4edce655368ed8f00b6da43058ad48561e4243f702ce5931c71d4354a7a5f2e7c34d3f96e142ceb08ecc43e86d08cd1b6262a0b00236266937be57b1b749b504eb90aa0dfdaaac4822172034171533a729a24c9c0a10890ee958b0b20f25a81566497b0fb149daa1653db3c01556cde2cb149cf26caeb765c9bdc79869b52137ac3aea2efd77c93bb911921720bfca406485443cac77a64fa77eed579c95a99745a130b2223eed73ef76ecda4b1965f43676eda7f60a4f83d317369978195409725a1b77c930a8f40baff925235ea9bf6ccf695daa20dcce53a248e126558f9850d98350a302f9f1e518ddf864278e7399e278291885a4cee7361dfbb676d2b721c68d18fb4d6c4b700167ca100218c653a196ed6ec53faad379eae39b150178e5cfb2bf3a668e4a6b18fa8000851fcf7cf719adfea6b23271bffbd9ff977958732df1d12def6def5ab411dc1c95120067e5d71367644e55aec79f849335e388b52cf83dcef63b97a0bc11bc6a31f6e3b75aecb4c3d1bbe9c2dda2d5bf5808091070325b6a8bb59fb1300e533728243a1045f8130770df67970649a6469f08a22c2b19e8e88fef9e74cccd33d10982526498827ddc136d539e974a2072f8205abd4c602d49e171c9c9255990a21fc746ed30e52490d3581d8c214bd213c8abec565c76382b490a8dcc1aa8330a5f4c3015d094486807aa6b8d8771becf045619515fab47dd34d15ef07ee626b62363a35ba9dbc7541fe1403480fccdfa5b3a21b04d4b8536764be0cf7767cb23c6d6b81f50acee703b4cea8db10aed9eaeafedfd859bf19b1bdf91c98008ad646d3ea3bf050fb21bd48046fe1a04f5ca200f60ed5e3b0d92305459b35307e821db9bf1caf9240b0c282802a4f410b9526d29ca30e6e1ddf792823ab606b61fde8c636a6bb130449180f4ed5e08e1c5acec2d0fdaca43e5cdb3c8f18ec73a50bb8a46224468c713f9618ec8e7358ecc69892ee89bef9833b7b6c4d29142575f7730eaeb7f5a4eccdbf1473b8790cdc355c3576381c75fd29c6a1f113f2e387c81de190071aa8912bfd188a20cb97244d8a3f691e15692b677557b99d27a61bcc834f88c904ef791422cc8a46637185e300a3ce60d672194f80d03ecf02da6102ca40aa6f119aae5b61334af8308588e10a36f2781a2b15ff17a3d22036bb96f151d1239d065aea4773feab6d7d78bcf144714607a4c2dfaff781ff04855e424f7e2f66312843b99d2c1db37d3ae46930d334481b18db85e618a62931baf74113e722c96b14a94e074b9c4f3eaa1e0b5a757d4d6986d825e33ff704fa16fd50e6acefc84e5a1ddab5a1c0977c91e4bdd96af02fb5f4ca6861a35093f84f8e1e90e506cd63388946c0563a097b0342816a78f49fb5ba1a5a9588180f87b85f3f4eb7a0d67b989ea67536bc1a61788c48f0b8a80353b8b8371a29f6ffd7ec9fd434e5af66b2a63c47ed9e4a90a212c9ae4b4e89fb5d8f07c4172b3e681d9cfd7ba7df7411a16e28bb278401a901e3c0fc9d8c89061037741c62ec0a100ba3b4b52ed6ce3850815eb2957abe5cab9751a88736b3673897bad8be9589eeb35cdfe31e277fa700a5603821ae0b854813513ee703204a6b05e1972102eb2aaaf3b696a69d3eb63e26e7c3899be74f044268d02cfde601a1c4d4c3ffc544b8e83f34f4522e60b93eb981f9e32c4466e59b655af2e7a3fd9e320bf6fdbbe65ccdac1067da93290ddf47347a2be3237ae23a5a24446281aadcd15669bfe879e569e7643f6931af9b5ac8bf6372a4d7eef016d5b90d11889d831fd6fa82b2c6d406d51d9800941bcd4adf2af8ce331684722fd9656cc6d43924ac2a78c35aec73a5c888c02159fd40f0017cd4842c9ff6e1297933d8dc56ad2d176c5281c975159be56a891a7e1d9020b9c99f197a762adba2c702406e3fec4eb9adc527ec335b8351b31d2bd7bf7d6b2811cefa8a20cf5124e1c3e4c1f5df7d72bfb0b9f1edda872375540828ae905b05b43df9544ce45b307c98a1dd90b6d0693be6da2d6d0785c0d95922fd218307fcaf1b37fe71b23561fb2539c474685e019831f1652c48eb44ddb5d8214dd425e1eca9231b6f6397b116403a0fdb4526bbcd1b93d10d5535d97c6d0b672cedbe86205db45c38b88f87f2bfb5e77e182133eea2a36aa8d104ee66bb65fddad7f8a0fa8c9b424a4266eb92f702f1c3d1c114488c9c1ec60fd4014e6a4b73943772aef3eacefd636776e749f33816f8b2fb0b5c115c9d3c26af4069c7eb78b3d145ccbee2893ee3d78d282e5a42c2827049d9f0e3c9107a4d177a76fce7efd5f2938a019b63727dd66e4dfffe6cb4d21d0c72ed29fa39f33e6c4fa089a259d2974ea62ee734bb9beebe481f13e0912ebec8d0221629036458880fe5ab6e6f16e0382e1bd160998a199ed7686090d5655a1ac2d56eb1c0ec250e1545194db86b750dbf39badffcea745c3d82c4b9f96bb8da07790dac0f451a574d48bdde78c5196c0d7e56b67a2112979eaaa86bf169ceb292492023f81421f7c37c45ee16a0bcd1a32dd1cfe7d08e6c6a4859a208fa78090497f747829f17ef76526d8a2cfea319f68f736fc099a8492e2593cdcd1d7009c817b2d348e2cc4fdb27b224e7b2537bbb6ecfb6348b2c3c85fa77d8731636f11cc740954f13eaacabc12eef5d90cc4f74d2be16e095ec7df1e0e3c3bb29f99fbd02c4f54fe5239ef60d215869f5c21f894771559930d567e5827866f90600afbaf9b0b0aad037d429d13992fe224e7791703c919f2d40fb50122519ae5c649ae6f343bd94f50e6a52f493375053d0832c91cff9d1903d4af0d829da4397e9e8cc6ff3acccd77197d2918aec6789c7be8e447261f9f3a04ad3e6e99b6e2f9583a8f359832482a6d270f8cca68d7471ca61ae801e95ab4a82f3e9b609627effbd6ad41e36fb30bbd2491f207af0dd205af6aebb13b7e536c906b78d7c6672245ee61123457d15ce82c69c30faf9badcf72926cb0f0c017254429bdc99a2ffd4876a5e12395f058f1ba3406074b24b0fd7eba86383df9279d63fa2c420b32f51e198006eddddef69edcb5b2c5658f39ba892a8d1c158b75c0ae7ea4638501cf1cd7b9ba40e92c0e016d1ac6df11aca4ccc6d9d82ee94815d5f028413fb146e6c286875394c0bed45bb714cfa15eea0efef9b8157b53b6a635b6a516148096d5f4371558b08ec0ffc8dea797b82addae69016b4a4ae47bb96b9b6e5", 0xff5}], 0x1) 1.119256611s ago: executing program 3 (id=700): r0 = syz_clone(0x100411, 0x0, 0x0, 0x0, 0x0, 0x0) tkill(r0, 0x12) tkill(r0, 0x12) waitid(0x0, r0, 0x0, 0x8, &(0x7f0000000240)) 1.100561792s ago: executing program 1 (id=701): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000047b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000007b00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000600000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='tlb_flush\x00', r2}, 0x10) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000008da4b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x18) 837.574256ms ago: executing program 1 (id=702): bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000540)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x50) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={0x0, 0x0, 0x29, 0x0, 0x1}, 0x28) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x300000000000000, &(0x7f0000000100)=@base={0x18, 0x4, 0x41, 0x0, 0x1, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x4002, 0x5}, 0x48) 699.875769ms ago: executing program 3 (id=703): sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000480)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) madvise(&(0x7f0000000000/0x2000)=nil, 0x8000000, 0x19) mremap(&(0x7f0000000000/0x9000)=nil, 0x600600, 0x200000, 0x3, &(0x7f0000a00000/0x600000)=nil) 681.263109ms ago: executing program 1 (id=704): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x43, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f00000002c0)='sched_kthread_work_queue_work\x00', r1}, 0x10) socketpair(0xf, 0x3, 0x2, &(0x7f00000001c0)) 549.281351ms ago: executing program 2 (id=705): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r0, &(0x7f0000000280)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f00000002c0)="9e", 0x1, 0x0, &(0x7f0000000200)={0xa, 0x4e23, 0x0, @loopback, 0xe}, 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000300)={0x0, 0x200002, 0x30}, 0xc) writev(r0, &(0x7f0000000180)=[{&(0x7f0000000040)='x', 0x1}], 0x1) sendmsg$inet6(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000380)='d', 0x1}], 0x1}, 0x40000851) writev(r0, 0x0, 0x0) 484.014832ms ago: executing program 1 (id=706): r0 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000000), 0x21182, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(0xffffffffffffffff, 0xc1105517, &(0x7f0000000340)={{0xfffffffe, 0x1, 0x0, 0x0, 'syz0\x00', 0x1}, 0x6, 0x100, 0x4, 0x0, 0x0, 0x0, 'syz1\x00', 0x0}) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) sched_setscheduler(0x0, 0x2, 0x0) r1 = gettid() r2 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000180), 0x40e02, 0x0) write$rfkill(r2, &(0x7f0000000300)={0xfffffffc, 0x2, 0x3, 0x41, 0x1}, 0x8) shmget$private(0x0, 0x3000, 0x10, &(0x7f0000003000/0x3000)=nil) write$rfkill(r2, &(0x7f0000000080)={0x53, 0x8, 0x0, 0x1, 0xcc}, 0x8) timer_create(0x0, &(0x7f0000000040)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r3 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000000480)="510a068ea8209e5cc9c1c51119b38c62ff3c1ab3ad7485ed007510fee1470ba298f9d27a0db318c0379e11d9d5d15e3ed835b8a2c661d99ee1b0cd46ffec1c8fb07bc1f6ab98976e4c200aec6f8c41586c7eb1cb6a6704000000000000008974b1a010cbd162125e17ed963997f4cada45540bb5439f3c6cb7da2a9332c08cf8ea96809ae9825f941e914a266a4bbc1324f9e64f3287a5c41d50d9cbf9540b1e4a8ca459633dfdd0e9af22057737380fb564c4fa432508d48f0541d0e204127500002200000000d13d58e14e41dca73d84e3df7a1bebb754625a6f7cd8af3c5590b027644c97b185ed74967d93e5921b43514ac1a518c3a1700622a533d0e9617d46927c0d8bd9a38b1c11a15ef22ef97a425742f44ce0296f3bf0f3d06026c808d30121f7f82b686bc7b174484bd4525d5ea0c857186123fb8002d1acda45008f66416fe0dff7ab2f220899eeec4493ffe4a5df3657a3677b1f04f2", 0x15c}], 0x1) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000040)={0x9, 0x6576, 0x9}) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000380)={0x0, 0xff23, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000440)=0x10) mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r3, 0x100000000) socketpair$unix(0x1, 0x5, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0) syz_open_procfs$namespace(0x0, 0x0) move_pages(0x0, 0x0, 0x0, &(0x7f0000001180), 0x0, 0x0) r4 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@float={0x4, 0x0, 0x0, 0x10, 0x8}]}}, 0x0, 0x26}, 0x28) socket$igmp(0x2, 0x3, 0x2) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x3, &(0x7f0000000400)=@framed={{0x18, 0x0, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x3}}, 0x0, 0x1, 0x0, 0x0, 0x40f00, 0x20, '\x00', 0x0, 0x0, r4}, 0x94) ioctl$PPPIOCSPASS(0xffffffffffffffff, 0x40107447, &(0x7f00000001c0)={0x0, &(0x7f0000000100)}) socket$igmp6(0xa, 0x3, 0x2) 374.944774ms ago: executing program 1 (id=707): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) r0 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) connect$bt_rfcomm(r0, &(0x7f0000000040)={0x1f, @none, 0x2}, 0xa) r1 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) connect$bt_rfcomm(r1, &(0x7f00000001c0)={0x1f, @none, 0x1}, 0xa) shutdown(r0, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) 284.845965ms ago: executing program 2 (id=708): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000000400000900000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r1}, 0x10) syz_clone(0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0) 0s ago: executing program 2 (id=709): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0xc9d7, 0x9, 0x1}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0, 0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f00000002c0)='mm_page_alloc\x00', r2}, 0x63) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x9d, 0x10001, 0x9, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r3, &(0x7f0000000080), &(0x7f0000001540)=""/155}, 0x20) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.57' (ED25519) to the list of known hosts. [ 82.654159][ T5779] cgroup: Unknown subsys name 'net' [ 82.789174][ T5779] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 84.500542][ T5779] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 86.193958][ T5794] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 86.218379][ T5794] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 86.230843][ T5794] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 86.239542][ T5794] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 86.248891][ T5794] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 86.273176][ T5803] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 86.282372][ T5803] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 86.290678][ T5806] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 86.298989][ T5806] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 86.309538][ T5106] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 86.351009][ T5106] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 86.373533][ T5807] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 86.378821][ T5803] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 86.381587][ T5807] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 86.392175][ T5803] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 86.396610][ T5106] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 86.409974][ T5807] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 86.412351][ T5803] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 86.426793][ T5806] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 86.429227][ T5807] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 86.434320][ T5806] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 86.444962][ T5807] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 86.459268][ T5807] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 86.466815][ T5807] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 86.966536][ T5796] chnl_net:caif_netlink_parms(): no params data found [ 87.069901][ T5798] chnl_net:caif_netlink_parms(): no params data found [ 87.096751][ T5790] chnl_net:caif_netlink_parms(): no params data found [ 87.307242][ T5796] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.315983][ T5796] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.324264][ T5796] bridge_slave_0: entered allmulticast mode [ 87.331993][ T5796] bridge_slave_0: entered promiscuous mode [ 87.345968][ T5797] chnl_net:caif_netlink_parms(): no params data found [ 87.372937][ T5796] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.380127][ T5796] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.387940][ T5796] bridge_slave_1: entered allmulticast mode [ 87.395810][ T5796] bridge_slave_1: entered promiscuous mode [ 87.481905][ T5796] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.495732][ T5796] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.596188][ T5798] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.606457][ T5798] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.618026][ T5798] bridge_slave_0: entered allmulticast mode [ 87.628090][ T5798] bridge_slave_0: entered promiscuous mode [ 87.671507][ T5796] team0: Port device team_slave_0 added [ 87.680382][ T5798] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.693705][ T5798] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.701106][ T5798] bridge_slave_1: entered allmulticast mode [ 87.708130][ T5798] bridge_slave_1: entered promiscuous mode [ 87.758434][ T5796] team0: Port device team_slave_1 added [ 87.789810][ T5790] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.797261][ T5790] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.805515][ T5790] bridge_slave_0: entered allmulticast mode [ 87.813023][ T5790] bridge_slave_0: entered promiscuous mode [ 87.847990][ T5798] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.860660][ T5798] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.883922][ T5790] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.891541][ T5790] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.898737][ T5790] bridge_slave_1: entered allmulticast mode [ 87.905956][ T5790] bridge_slave_1: entered promiscuous mode [ 87.913623][ T5797] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.921715][ T5797] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.928918][ T5797] bridge_slave_0: entered allmulticast mode [ 87.936020][ T5797] bridge_slave_0: entered promiscuous mode [ 87.949554][ T5796] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.956851][ T5796] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.982897][ T5796] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.997075][ T5796] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.005036][ T5796] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.031119][ T5796] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.068195][ T5797] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.075477][ T5797] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.083262][ T5797] bridge_slave_1: entered allmulticast mode [ 88.090293][ T5797] bridge_slave_1: entered promiscuous mode [ 88.108529][ T5798] team0: Port device team_slave_0 added [ 88.157681][ T5798] team0: Port device team_slave_1 added [ 88.180248][ T5790] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 88.229775][ T5790] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.241935][ T5797] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 88.256062][ T5797] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.269351][ T5796] hsr_slave_0: entered promiscuous mode [ 88.276476][ T5796] hsr_slave_1: entered promiscuous mode [ 88.284264][ T5798] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.291587][ T5798] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.317682][ T5798] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.351544][ T5798] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.358553][ T5798] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.384750][ T5798] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.431362][ T5797] team0: Port device team_slave_0 added [ 88.440385][ T5797] team0: Port device team_slave_1 added [ 88.449455][ T5790] team0: Port device team_slave_0 added [ 88.461045][ T5790] team0: Port device team_slave_1 added [ 88.481727][ T5807] Bluetooth: hci1: command tx timeout [ 88.481746][ T5799] Bluetooth: hci0: command tx timeout [ 88.482011][ T5799] Bluetooth: hci2: command tx timeout [ 88.560639][ T5799] Bluetooth: hci3: command tx timeout [ 88.591895][ T5798] hsr_slave_0: entered promiscuous mode [ 88.598601][ T5798] hsr_slave_1: entered promiscuous mode [ 88.605561][ T5798] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 88.614133][ T5798] Cannot create hsr debugfs directory [ 88.626871][ T5797] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.633918][ T5797] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.660255][ T5797] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.672412][ T5790] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.679395][ T5790] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.706536][ T5790] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.719293][ T5790] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.726365][ T5790] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.752337][ T5790] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.769112][ T5797] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.777236][ T5797] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.803412][ T5797] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.932959][ T5797] hsr_slave_0: entered promiscuous mode [ 88.939486][ T5797] hsr_slave_1: entered promiscuous mode [ 88.946798][ T5797] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 88.954691][ T5797] Cannot create hsr debugfs directory [ 88.977657][ T5790] hsr_slave_0: entered promiscuous mode [ 88.984333][ T5790] hsr_slave_1: entered promiscuous mode [ 88.991180][ T5790] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 88.998777][ T5790] Cannot create hsr debugfs directory [ 89.351586][ T5796] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 89.367677][ T5796] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 89.384737][ T5796] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 89.395473][ T5796] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 89.491529][ T5798] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 89.503499][ T5798] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 89.525605][ T5798] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 89.536303][ T5798] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 89.604325][ T5790] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 89.635610][ T5790] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 89.657022][ T5790] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 89.668843][ T5790] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 89.752554][ T5797] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 89.764498][ T5797] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 89.775376][ T5797] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 89.802292][ T5797] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 89.866768][ T5796] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.923803][ T5796] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.972419][ T3497] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.979771][ T3497] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.020083][ T3497] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.027592][ T3497] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.055425][ T5798] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.093218][ T5790] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.134713][ T5798] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.159426][ T54] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.166603][ T54] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.184185][ T5790] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.213580][ T54] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.220903][ T54] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.230553][ T54] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.237693][ T54] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.269296][ T54] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.276563][ T54] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.325385][ T5797] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.404825][ T5797] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.484736][ T54] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.492013][ T54] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.519145][ T54] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.526422][ T54] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.568914][ T5799] Bluetooth: hci2: command tx timeout [ 90.568930][ T5806] Bluetooth: hci1: command tx timeout [ 90.576740][ T5799] Bluetooth: hci0: command tx timeout [ 90.642501][ T5806] Bluetooth: hci3: command tx timeout [ 90.858500][ T5796] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.997889][ T5798] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.019494][ T5796] veth0_vlan: entered promiscuous mode [ 91.048924][ T5796] veth1_vlan: entered promiscuous mode [ 91.108038][ T5797] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.150288][ T5790] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.169665][ T5796] veth0_macvtap: entered promiscuous mode [ 91.193865][ T5796] veth1_macvtap: entered promiscuous mode [ 91.219973][ T5798] veth0_vlan: entered promiscuous mode [ 91.268321][ T5796] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.291793][ T5796] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.312728][ T5798] veth1_vlan: entered promiscuous mode [ 91.331357][ T5796] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.340230][ T5796] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.350204][ T5796] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.359526][ T5796] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.372487][ T5790] veth0_vlan: entered promiscuous mode [ 91.405133][ T5790] veth1_vlan: entered promiscuous mode [ 91.419018][ T5797] veth0_vlan: entered promiscuous mode [ 91.498096][ T5797] veth1_vlan: entered promiscuous mode [ 91.508148][ T5798] veth0_macvtap: entered promiscuous mode [ 91.528672][ T5798] veth1_macvtap: entered promiscuous mode [ 91.558176][ T5798] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.569447][ T5798] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.581418][ T5798] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.608116][ T5790] veth0_macvtap: entered promiscuous mode [ 91.631554][ T5798] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.642300][ T5798] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.656399][ T5798] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.667494][ T5790] veth1_macvtap: entered promiscuous mode [ 91.678477][ T48] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.690839][ T48] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.714467][ T5798] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.724086][ T5798] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.733204][ T5798] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.742848][ T5798] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.803060][ T5790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.814158][ T5790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.824137][ T5790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.835264][ T5790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.847826][ T5790] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.859054][ T5797] veth0_macvtap: entered promiscuous mode [ 91.867942][ T3449] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.877250][ T3449] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.901410][ T5790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.912977][ T5790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.924638][ T5790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.937783][ T5790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.949356][ T5790] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.959941][ T5797] veth1_macvtap: entered promiscuous mode [ 92.011348][ T5790] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.020121][ T5790] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.030004][ T5790] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.039520][ T5790] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.117617][ T3497] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.132931][ T3497] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.145761][ T5797] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 92.159212][ T5797] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.171456][ T5797] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 92.182775][ T5797] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.220715][ T5797] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 92.237553][ T5797] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.250147][ T5797] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 92.254558][ T9] cfg80211: failed to load regulatory.db [ 92.279657][ T5797] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 92.296554][ T5797] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.307387][ T5797] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 92.318253][ T5797] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.332046][ T5797] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 92.343752][ T5797] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.355712][ T5797] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 92.398695][ T5797] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.408558][ T5797] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.418194][ T5797] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.427223][ T5797] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.449594][ T3449] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.465637][ T3449] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.522949][ T3449] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.539707][ T3449] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.601261][ T34] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.613401][ T34] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.640968][ T5807] Bluetooth: hci1: command tx timeout [ 92.647026][ T5806] Bluetooth: hci0: command tx timeout [ 92.647051][ T5799] Bluetooth: hci2: command tx timeout [ 92.719572][ T3449] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.731660][ T5806] Bluetooth: hci3: command tx timeout [ 92.738490][ T3449] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.773199][ T5886] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 92.851463][ T34] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.894651][ T34] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.157242][ T5892] syzkaller1: entered promiscuous mode [ 93.172576][ T5892] syzkaller1: entered allmulticast mode [ 93.325656][ T5897] warning: `syz.0.6' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 94.346217][ T5918] syz.2.14[5918]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 94.409000][ T5918] loop2: detected capacity change from 0 to 1024 [ 94.446978][ T5918] EXT4-fs: Ignoring removed bh option [ 94.465150][ T5918] EXT4-fs: Ignoring removed nomblk_io_submit option [ 94.516935][ T5918] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 94.628209][ T5926] netlink: 20 bytes leftover after parsing attributes in process `syz.2.14'. [ 94.721152][ T5807] Bluetooth: hci0: command tx timeout [ 94.721162][ T5799] Bluetooth: hci1: command tx timeout [ 94.721217][ T5806] Bluetooth: hci2: command tx timeout [ 94.802427][ T5806] Bluetooth: hci3: command tx timeout [ 94.993177][ T5798] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 95.444289][ T27] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 95.770859][ T5931] syz.0.18 (5931) used greatest stack depth: 20112 bytes left [ 95.833165][ T27] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 95.937166][ T27] usb 3-1: config 1 has an invalid descriptor of length 48, skipping remainder of the config [ 96.253339][ T27] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 96.449402][ T27] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 48, changing to 9 [ 96.493823][ T27] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8240, setting to 1024 [ 96.558055][ T27] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 96.611067][ T27] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 96.619183][ T27] usb 3-1: Product: syz [ 96.654098][ T27] usb 3-1: Manufacturer: syz [ 96.712753][ T27] cdc_wdm 3-1:1.0: skipping garbage [ 96.731161][ T27] cdc_wdm 3-1:1.0: skipping garbage [ 96.775857][ T27] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device [ 96.797403][ T27] cdc_wdm 3-1:1.0: Unknown control protocol [ 96.882606][ T5806] Bluetooth: hci3: command tx timeout [ 97.014928][ C1] cdc_wdm 3-1:1.0: nonzero urb status received: -71 [ 97.021905][ C1] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes [ 97.028484][ C1] cdc_wdm 3-1:1.0: nonzero urb status received: -71 [ 97.035139][ C1] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes [ 97.046948][ C1] cdc_wdm 3-1:1.0: nonzero urb status received: -71 [ 97.053616][ C1] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes [ 97.065332][ C1] cdc_wdm 3-1:1.0: nonzero urb status received: -71 [ 97.072041][ C1] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes [ 97.078282][ C1] cdc_wdm 3-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 97.102011][ T5970] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 97.112372][ T5880] usb 3-1: USB disconnect, device number 2 [ 98.634062][ T5988] loop2: detected capacity change from 0 to 512 [ 98.719737][ T5988] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 98.764529][ T5988] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem [ 98.782095][ T5988] EXT4-fs (loop2): warning: checktime reached, running e2fsck is recommended [ 98.822780][ T5988] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042c01c, mo2=0002] [ 98.873177][ T5988] System zones: 0-2, 18-18, 34-34 [ 98.887251][ T5991] tipc: Started in network mode [ 98.937447][ T5991] tipc: Node identity 86d973bf5131, cluster identity 4711 [ 98.946172][ T5988] EXT4-fs error (device loop2): ext4_orphan_get:1399: inode #15: comm syz.2.38: iget: bad i_size value: 360287970189639680 [ 98.965086][ T5991] tipc: Enabled bearer , priority 0 [ 98.975860][ T5988] EXT4-fs error (device loop2): ext4_orphan_get:1404: comm syz.2.38: couldn't read orphan inode 15 (err -117) [ 98.992735][ T5999] syzkaller0: entered promiscuous mode [ 98.998286][ T5999] syzkaller0: entered allmulticast mode [ 99.020664][ T5988] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 99.210387][ T5991] tipc: Resetting bearer [ 99.236441][ T5990] tipc: Resetting bearer [ 99.278969][ T5990] tipc: Disabling bearer [ 99.584279][ T5798] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 100.017534][ T6014] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512 [ 100.059405][ T6014] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512 [ 100.448346][ T6014] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512 [ 100.744154][ T6014] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512 [ 100.830230][ T6014] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512 [ 100.858512][ T6014] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512 [ 100.930997][ T6014] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512 [ 100.952962][ T6014] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512 [ 100.971413][ T6014] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512 [ 100.983139][ T6014] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512 [ 101.414348][ T6045] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 101.627839][ T6049] loop1: detected capacity change from 0 to 512 [ 101.666798][ T6049] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 101.698877][ T6049] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem [ 101.752317][ T6049] EXT4-fs (loop1): warning: checktime reached, running e2fsck is recommended [ 101.798570][ T6049] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042c01c, mo2=0002] [ 101.829829][ T6049] System zones: 0-2, 18-18, 34-34 [ 101.930752][ T6049] EXT4-fs error (device loop1): ext4_orphan_get:1399: inode #15: comm syz.1.55: iget: bad i_size value: 360287970189639680 [ 101.988777][ T6049] EXT4-fs error (device loop1): ext4_orphan_get:1404: comm syz.1.55: couldn't read orphan inode 15 (err -117) [ 102.046009][ T6049] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 102.956432][ T5797] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 103.420093][ T6076] tipc: Enabled bearer , priority 0 [ 103.442160][ T6076] syzkaller0: entered promiscuous mode [ 103.447718][ T6076] syzkaller0: entered allmulticast mode [ 103.498009][ T6076] Zero length message leads to an empty skb [ 103.534424][ T6076] tipc: Resetting bearer [ 103.560973][ T6072] tipc: Resetting bearer [ 103.601580][ T6072] tipc: Disabling bearer [ 105.908621][ T6114] tipc: Started in network mode [ 105.921579][ T6114] tipc: Node identity 76af461c1207, cluster identity 4711 [ 105.928942][ T6114] tipc: Enabled bearer , priority 0 [ 106.014987][ T6118] syzkaller0: entered promiscuous mode [ 106.032655][ T6118] syzkaller0: entered allmulticast mode [ 106.112581][ T6114] tipc: Resetting bearer [ 106.150307][ T6112] tipc: Resetting bearer [ 106.157674][ T6122] loop1: detected capacity change from 0 to 1024 [ 106.174512][ T6122] EXT4-fs: Ignoring removed bh option [ 106.185481][ T6122] EXT4-fs: Ignoring removed nomblk_io_submit option [ 106.187054][ T6112] tipc: Disabling bearer [ 106.219578][ T6122] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 106.300613][ T5863] usb 3-1: new low-speed USB device number 3 using dummy_hcd [ 106.325927][ T6127] netlink: 20 bytes leftover after parsing attributes in process `syz.1.78'. [ 106.535263][ T5863] usb 3-1: unable to get BOS descriptor or descriptor too short [ 106.557205][ T5863] usb 3-1: unable to read config index 0 descriptor/start: -71 [ 106.580340][ T5863] usb 3-1: can't read configurations, error -71 [ 107.050660][ T5797] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 107.711247][ T5863] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 107.851511][ T6169] loop3: detected capacity change from 0 to 1024 [ 107.871843][ T6169] EXT4-fs: Ignoring removed bh option [ 107.877314][ T6169] EXT4-fs: Ignoring removed nomblk_io_submit option [ 107.943823][ T5863] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 107.985466][ T6169] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 108.002791][ T5863] usb 3-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 108.059962][ T5863] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 108.086804][ T6169] netlink: 20 bytes leftover after parsing attributes in process `syz.3.95'. [ 108.120780][ T5863] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 108.140984][ T5863] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 108.174712][ T5863] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 108.174768][ T5863] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 108.174791][ T5863] usb 3-1: Product: syz [ 108.174808][ T5863] usb 3-1: Manufacturer: syz [ 108.202919][ T5863] cdc_wdm 3-1:1.0: skipping garbage [ 108.202959][ T5863] cdc_wdm 3-1:1.0: skipping garbage [ 108.205746][ T5863] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device [ 108.205767][ T5863] cdc_wdm 3-1:1.0: Unknown control protocol [ 108.507083][ T5863] usb 3-1: USB disconnect, device number 4 [ 108.702650][ T5790] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 109.565229][ T6205] loop1: detected capacity change from 0 to 1024 [ 109.588968][ T6205] EXT4-fs: Ignoring removed bh option [ 109.604397][ T6205] EXT4-fs: Ignoring removed nomblk_io_submit option [ 109.648031][ T6205] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 109.832327][ T6212] netlink: 20 bytes leftover after parsing attributes in process `syz.1.107'. [ 109.940540][ T6215] binder: 6213:6215 ioctl c0306201 200000000180 returned -11 [ 110.211693][ T6222] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 110.518692][ T5797] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 110.539801][ T6234] tipc: Enabled bearer , priority 0 [ 110.556601][ T6234] syzkaller0: entered promiscuous mode [ 110.569991][ T6234] syzkaller0: entered allmulticast mode [ 110.625725][ T6233] tipc: Resetting bearer [ 110.709547][ T6233] tipc: Disabling bearer [ 110.999198][ T6245] loop1: detected capacity change from 0 to 512 [ 111.017215][ T6245] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 111.029483][ T6245] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem [ 111.059808][ T6245] EXT4-fs (loop1): warning: checktime reached, running e2fsck is recommended [ 111.072203][ T6245] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042c01c, mo2=0002] [ 111.105068][ T6245] System zones: 0-2, 18-18, 34-34 [ 111.121054][ T6245] EXT4-fs error (device loop1): ext4_orphan_get:1399: inode #15: comm syz.1.121: iget: bad i_size value: 360287970189639680 [ 111.159939][ T6245] EXT4-fs error (device loop1): ext4_orphan_get:1404: comm syz.1.121: couldn't read orphan inode 15 (err -117) [ 111.188097][ T6245] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 112.105335][ T6258] binder: 6257:6258 ioctl 4018620d 0 returned -22 [ 112.145464][ T5797] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 112.357282][ T6262] loop2: detected capacity change from 0 to 1024 [ 112.368455][ T6262] EXT4-fs: Ignoring removed bh option [ 112.381217][ T6262] EXT4-fs: Ignoring removed nomblk_io_submit option [ 112.426531][ T6262] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 113.785949][ T6268] netlink: 20 bytes leftover after parsing attributes in process `syz.2.126'. [ 113.824132][ T6273] tipc: Enabling of bearer rejected, failed to enable media [ 113.977074][ T5798] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 114.169456][ T6290] loop3: detected capacity change from 0 to 512 [ 114.191276][ T6294] binder: 6293:6294 ioctl 4018620d 0 returned -22 [ 114.236359][ T6290] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 114.265926][ T6290] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 114.384842][ T6290] EXT4-fs (loop3): warning: checktime reached, running e2fsck is recommended [ 114.399740][ T6290] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042c01c, mo2=0002] [ 114.424494][ T6290] System zones: 0-2, 18-18, 34-34 [ 114.437329][ T6290] EXT4-fs error (device loop3): ext4_orphan_get:1399: inode #15: comm syz.3.133: iget: bad i_size value: 360287970189639680 [ 114.450765][ T9] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 114.486254][ T6290] EXT4-fs error (device loop3): ext4_orphan_get:1404: comm syz.3.133: couldn't read orphan inode 15 (err -117) [ 114.567742][ T6290] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 114.696344][ T9] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 114.743800][ T9] usb 1-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=69.cf [ 114.783944][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 114.818392][ T9] usb 1-1: Product: syz [ 114.827874][ T6304] loop1: detected capacity change from 0 to 1024 [ 114.836157][ T6304] EXT4-fs: Ignoring removed bh option [ 114.841720][ T6304] EXT4-fs: Ignoring removed nomblk_io_submit option [ 114.855824][ T9] usb 1-1: Manufacturer: syz [ 114.882005][ T6304] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 114.888920][ T9] usb 1-1: SerialNumber: syz [ 115.239012][ T6308] netlink: 20 bytes leftover after parsing attributes in process `syz.1.138'. [ 115.514229][ T9] usb 1-1: config 0 descriptor?? [ 115.524396][ T9] usb 1-1: Found UVC 0.00 device syz (18ec:3288) [ 115.530879][ T9] usb 1-1: No valid video chain found. [ 115.543215][ T5790] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 115.703948][ T5797] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 115.790419][ T23] usb 1-1: USB disconnect, device number 2 [ 115.862210][ T6318] tipc: Started in network mode [ 115.864629][ T6321] binder: BINDER_SET_CONTEXT_MGR already set [ 115.867148][ T6318] tipc: Node identity 461c3b51e543, cluster identity 4711 [ 115.867341][ T6318] tipc: Enabled bearer , priority 0 [ 115.875489][ T6321] binder: 6320:6321 ioctl 4018620d 200000000040 returned -16 [ 115.895768][ T6318] syzkaller0: entered promiscuous mode [ 115.910249][ T6318] syzkaller0: entered allmulticast mode [ 115.950119][ T6317] tipc: Resetting bearer [ 116.001692][ T6317] tipc: Disabling bearer [ 116.494368][ T6337] loop2: detected capacity change from 0 to 512 [ 116.535215][ T6337] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 116.586185][ T6337] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem [ 116.612728][ T6337] EXT4-fs (loop2): warning: checktime reached, running e2fsck is recommended [ 116.626317][ T6337] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042c01c, mo2=0002] [ 116.634628][ T6337] System zones: 0-2, 18-18, 34-34 [ 116.674151][ T6337] EXT4-fs error (device loop2): ext4_orphan_get:1399: inode #15: comm syz.2.149: iget: bad i_size value: 360287970189639680 [ 116.710854][ T5863] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 116.751823][ T6337] EXT4-fs error (device loop2): ext4_orphan_get:1404: comm syz.2.149: couldn't read orphan inode 15 (err -117) [ 116.780360][ T6337] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 116.806778][ T6343] loop0: detected capacity change from 0 to 1024 [ 116.856989][ T6343] EXT4-fs: Ignoring removed bh option [ 116.877971][ T6343] EXT4-fs: Ignoring removed nomblk_io_submit option [ 116.927107][ T6347] binder: BINDER_SET_CONTEXT_MGR already set [ 116.933328][ T6347] binder: 6346:6347 ioctl 4018620d 200000000040 returned -16 [ 117.028712][ T6343] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 117.078663][ T5863] usb 4-1: device descriptor read/64, error -71 [ 117.411453][ T6343] netlink: 20 bytes leftover after parsing attributes in process `syz.0.151'. [ 117.432301][ T6351] netlink: 'syz.1.154': attribute type 16 has an invalid length. [ 117.440164][ T6351] netlink: 'syz.1.154': attribute type 3 has an invalid length. [ 117.479485][ T5863] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 117.510208][ T6351] netlink: 64066 bytes leftover after parsing attributes in process `syz.1.154'. [ 117.680680][ T5863] usb 4-1: device descriptor read/64, error -71 [ 117.764508][ T5798] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 117.801151][ T5796] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 117.837978][ T5863] usb usb4-port1: attempt power cycle [ 118.300697][ T5863] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 118.351336][ T5863] usb 4-1: device descriptor read/8, error -71 [ 118.641935][ T5863] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 118.691594][ T5863] usb 4-1: device descriptor read/8, error -71 [ 118.695516][ T6382] loop0: detected capacity change from 0 to 512 [ 118.721962][ T6382] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 118.736560][ T6382] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem [ 118.753404][ T6382] EXT4-fs (loop0): warning: checktime reached, running e2fsck is recommended [ 118.765714][ T6382] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042c01c, mo2=0002] [ 118.774462][ T6382] System zones: 0-2, 18-18, 34-34 [ 118.788283][ T6382] EXT4-fs error (device loop0): ext4_orphan_get:1399: inode #15: comm syz.0.164: iget: bad i_size value: 360287970189639680 [ 118.811400][ T6382] EXT4-fs error (device loop0): ext4_orphan_get:1404: comm syz.0.164: couldn't read orphan inode 15 (err -117) [ 118.819334][ T5863] usb usb4-port1: unable to enumerate USB device [ 118.830327][ T6382] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 119.877757][ T5796] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 119.963235][ T6398] input: syz0 as /devices/virtual/input/input6 [ 120.717540][ T6418] binder: 6417:6418 unknown command 0 [ 120.723595][ T6418] binder: 6417:6418 ioctl c0306201 2000000003c0 returned -22 [ 121.381707][ T6434] binder: 6433:6434 unknown command 0 [ 121.391176][ T6434] binder: 6433:6434 ioctl c0306201 2000000003c0 returned -22 [ 121.686492][ T6444] loop0: detected capacity change from 0 to 512 [ 121.694515][ T6444] ======================================================= [ 121.694515][ T6444] WARNING: The mand mount option has been deprecated and [ 121.694515][ T6444] and is ignored by this kernel. Remove the mand [ 121.694515][ T6444] option from the mount to silence this warning. [ 121.694515][ T6444] ======================================================= [ 121.823524][ T6444] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 121.871362][ T6444] EXT4-fs (loop0): orphan cleanup on readonly fs [ 121.880775][ T787] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 121.900338][ T6444] Quota error (device loop0): do_check_range: Getting block 196613 out of range 1-5 [ 121.910769][ T6444] Quota error (device loop0): qtree_read_dquot: Can't read quota structure for id 0 [ 121.920235][ T6444] EXT4-fs error (device loop0): ext4_acquire_dquot:6938: comm syz.0.186: Failed to acquire dquot type 1 [ 121.982774][ T6444] EXT4-fs (loop0): 1 truncate cleaned up [ 121.996261][ T6444] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 122.080914][ T787] usb 2-1: Using ep0 maxpacket: 16 [ 122.214484][ T787] usb 2-1: config 0 has an invalid interface number: 180 but max is 0 [ 123.300490][ C0] sched: RT throttling activated [ 123.300545][ T787] usb 2-1: config 0 has no interface number 0 [ 123.754639][ T787] usb 2-1: New USB device found, idVendor=0421, idProduct=0009, bcdDevice= 0.00 [ 123.765485][ T787] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 123.775857][ T5796] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 123.795567][ T787] usb 2-1: Product: syz [ 123.799979][ T787] usb 2-1: Manufacturer: syz [ 123.804746][ T787] usb 2-1: SerialNumber: syz [ 123.812240][ T787] usb 2-1: config 0 descriptor?? [ 123.828497][ T787] usb 2-1: bad CDC descriptors [ 123.844496][ T787] usb 2-1: bad CDC descriptors [ 124.040714][ T787] usb 2-1: USB disconnect, device number 2 [ 124.195324][ T6471] binder: 6469:6471 unknown command 0 [ 124.207600][ T6471] binder: 6469:6471 ioctl c0306201 2000000003c0 returned -22 [ 124.988260][ T6479] kvm: kvm [6478]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x100000000 [ 126.428570][ T6503] netlink: 'syz.0.207': attribute type 1 has an invalid length. [ 126.801173][ T787] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 126.970623][ T787] usb 1-1: device descriptor read/64, error -71 [ 127.250642][ T787] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 127.421965][ T787] usb 1-1: device descriptor read/64, error -71 [ 127.558126][ T787] usb usb1-port1: attempt power cycle [ 127.980600][ T787] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 128.032044][ T787] usb 1-1: device descriptor read/8, error -71 [ 128.323046][ T787] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 128.377054][ T787] usb 1-1: device descriptor read/8, error -71 [ 128.513416][ T787] usb usb1-port1: unable to enumerate USB device [ 128.643355][ T5849] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 128.845698][ T5849] usb 3-1: Using ep0 maxpacket: 8 [ 128.857122][ T5849] usb 3-1: config 0 has no interfaces? [ 128.879524][ T5849] usb 3-1: New USB device found, idVendor=04e2, idProduct=1412, bcdDevice=ca.10 [ 128.888812][ T5849] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 128.913066][ T5849] usb 3-1: Product: syz [ 128.917306][ T5849] usb 3-1: Manufacturer: syz [ 128.932977][ T5849] usb 3-1: SerialNumber: syz [ 128.959190][ T5849] usb 3-1: config 0 descriptor?? [ 129.210608][ T5849] usb 3-1: USB disconnect, device number 5 [ 129.965195][ T6529] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 130.351970][ T6540] netlink: 'syz.1.220': attribute type 5 has an invalid length. [ 130.369986][ T6540] netlink: 3657 bytes leftover after parsing attributes in process `syz.1.220'. [ 130.870768][ T5849] usb 4-1: new full-speed USB device number 6 using dummy_hcd [ 131.084031][ T5849] usb 4-1: config 9 has an invalid interface number: 62 but max is 0 [ 131.104364][ T5849] usb 4-1: config 9 has no interface number 0 [ 131.114930][ T5849] usb 4-1: config 9 interface 62 has no altsetting 0 [ 131.126581][ T5849] usb 4-1: New USB device found, idVendor=152d, idProduct=0567, bcdDevice=87.b3 [ 131.140597][ T5849] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 131.154274][ T5849] usb 4-1: Product: syz [ 131.158510][ T5849] usb 4-1: Manufacturer: syz [ 131.180701][ T5849] usb 4-1: SerialNumber: syz [ 131.549670][ T5849] usb-storage 4-1:9.62: USB Mass Storage device detected [ 131.581959][ T5849] usb-storage 4-1:9.62: Quirks match for vid 152d pid 0567: 5000000 [ 131.988285][ T5849] usb 4-1: USB disconnect, device number 6 [ 133.273344][ T1292] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.286302][ T1292] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.532334][ T968] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 133.730748][ T968] usb 1-1: Using ep0 maxpacket: 32 [ 133.750684][ T968] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 133.760167][ T968] usb 1-1: config 1 has no interface number 1 [ 133.770042][ T968] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 133.787980][ T968] usb 1-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 248, changing to 7 [ 133.803156][ T968] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 133.830542][ T968] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 133.848915][ T968] usb 1-1: Product: syz [ 133.860351][ T968] usb 1-1: Manufacturer: syz [ 133.865432][ T968] usb 1-1: SerialNumber: syz [ 134.088886][ T48] Bluetooth: hci4: Frame reassembly failed (-84) [ 134.125778][ T968] usb 1-1: 2:1 : format type 0 is detected, processed as PCM [ 134.136465][ T968] usb 1-1: 2:1 : sample bitwidth 218 in over sample bytes 2 [ 134.147820][ T968] usb 1-1: 2:1 : invalid UAC_FORMAT_TYPE desc [ 134.232595][ T968] usb 1-1: USB disconnect, device number 7 [ 134.612924][ T6630] overlayfs: missing 'lowerdir' [ 135.130943][ T6644] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 135.832839][ T6679] binder: 6677:6679 ioctl 40046205 0 returned -22 [ 136.080673][ T5806] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 136.687406][ T6714] binder: 6713:6714 ioctl c0306201 200000000100 returned -14 [ 136.713733][ T6715] binder: BINDER_SET_CONTEXT_MGR already set [ 136.721357][ T6715] binder: 6712:6715 ioctl 4018620d 200000000040 returned -16 [ 136.741914][ T6715] binder: 6712:6715 ioctl c0306201 200000000180 returned -11 [ 137.042419][ T6731] loop0: detected capacity change from 0 to 512 [ 137.055261][ T6731] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 137.185251][ T6731] EXT4-fs (loop0): orphan cleanup on readonly fs [ 137.207615][ T6731] Quota error (device loop0): do_check_range: Getting block 196613 out of range 1-5 [ 137.217676][ T6731] Quota error (device loop0): qtree_read_dquot: Can't read quota structure for id 0 [ 137.227249][ T6731] EXT4-fs error (device loop0): ext4_acquire_dquot:6938: comm syz.0.294: Failed to acquire dquot type 1 [ 137.245938][ T6731] EXT4-fs (loop0): 1 truncate cleaned up [ 137.259713][ T6731] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 138.883096][ T8] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 139.100620][ T8] usb 3-1: Using ep0 maxpacket: 16 [ 139.121934][ T8] usb 3-1: config 0 interface 0 altsetting 13 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 139.165399][ T8] usb 3-1: config 0 interface 0 has no altsetting 0 [ 139.194576][ T8] usb 3-1: New USB device found, idVendor=1b1c, idProduct=1b34, bcdDevice= 0.00 [ 139.234479][ T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 139.352117][ T8] usb 3-1: config 0 descriptor?? [ 139.402908][ T5796] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 139.783649][ T6757] netlink: 8 bytes leftover after parsing attributes in process `syz.3.306'. [ 139.812876][ T6773] binder: 6772:6773 ioctl 4018620d 0 returned -22 [ 139.832937][ T8] corsair 0003:1B1C:1B34.0001: hidraw0: USB HID v0.05 Device [HID 1b1c:1b34] on usb-dummy_hcd.2-1/input0 [ 140.023233][ T8] usb 3-1: USB disconnect, device number 6 [ 140.116444][ T6774] fido_id[6774]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory [ 140.406098][ T6778] GUP no longer grows the stack in syz.1.312 (6778): 200000002000-20000000a000 (200000001000) [ 140.423759][ T6778] CPU: 0 PID: 6778 Comm: syz.1.312 Not tainted 6.6.100-syzkaller #0 [ 140.431825][ T6778] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 140.441932][ T6778] Call Trace: [ 140.445248][ T6778] [ 140.448327][ T6778] dump_stack_lvl+0x16c/0x230 [ 140.453083][ T6778] ? show_regs_print_info+0x20/0x20 [ 140.458338][ T6778] ? load_image+0x3b0/0x3b0 [ 140.462899][ T6778] ? find_vma+0x12e/0x1b0 [ 140.467279][ T6778] __get_user_pages+0xfb9/0x1470 [ 140.472272][ T6778] ? populate_vma_page_range+0x370/0x370 [ 140.477941][ T6778] __gup_longterm_locked+0x1f92/0x2920 [ 140.483450][ T6778] ? pin_user_pages_remote+0x210/0x210 [ 140.488946][ T6778] ? ptrace_may_access+0x36/0x50 [ 140.493913][ T6778] ? __might_sleep+0xe0/0xe0 [ 140.498522][ T6778] ? __up_read+0x280/0x670 [ 140.502963][ T6778] pin_user_pages_remote+0x171/0x210 [ 140.508279][ T6778] ? pin_user_pages_fast+0xe0/0xe0 [ 140.513420][ T6778] ? down_read+0x1ac/0x2e0 [ 140.517860][ T6778] process_vm_rw+0x5d4/0xb60 [ 140.522489][ T6778] ? __ia32_sys_process_vm_writev+0xf0/0xf0 [ 140.528572][ T6778] ? lock_chain_count+0x20/0x20 [ 140.533468][ T6778] __x64_sys_process_vm_writev+0xe0/0xf0 [ 140.539243][ T6778] do_syscall_64+0x55/0xb0 [ 140.543707][ T6778] ? clear_bhb_loop+0x40/0x90 [ 140.548403][ T6778] ? clear_bhb_loop+0x40/0x90 [ 140.553099][ T6778] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 140.559015][ T6778] RIP: 0033:0x7f517a38e9a9 [ 140.563461][ T6778] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 140.583141][ T6778] RSP: 002b:00007f517b29f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000137 [ 140.591608][ T6778] RAX: ffffffffffffffda RBX: 00007f517a5b5fa0 RCX: 00007f517a38e9a9 [ 140.599603][ T6778] RDX: 0000000000000002 RSI: 00002000000012c0 RDI: 00000000000000df [ 140.607588][ T6778] RBP: 00007f517a410d69 R08: 0000000000000002 R09: 0000000000000000 [ 140.615573][ T6778] R10: 00002000000015c0 R11: 0000000000000246 R12: 0000000000000000 [ 140.623601][ T6778] R13: 0000000000000000 R14: 00007f517a5b5fa0 R15: 00007ffd0c772038 [ 140.631604][ T6778] [ 140.877880][ T6796] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=none:owns=io+mem [ 141.025563][ T6804] binder: 6803:6804 ioctl 4018620d 0 returned -22 [ 141.355270][ T6808] loop1: detected capacity change from 0 to 1024 [ 141.366762][ T6808] EXT4-fs: Ignoring removed bh option [ 141.372853][ T6808] EXT4-fs: Ignoring removed nomblk_io_submit option [ 141.865767][ T6808] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 142.101653][ T6808] syz.1.322[6808] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 142.101818][ T6808] syz.1.322[6808] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 142.266504][ T6816] netlink: 20 bytes leftover after parsing attributes in process `syz.1.322'. [ 142.608999][ T6823] capability: warning: `syz.0.326' uses deprecated v2 capabilities in a way that may be insecure [ 142.730619][ T5862] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 142.836118][ T5797] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 142.945848][ T5862] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 142.958684][ T5862] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 142.974118][ T5862] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 142.998781][ T5862] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 143.009422][ T5862] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 143.019697][ T5862] usb 4-1: Product: syz [ 143.029608][ T5862] usb 4-1: Manufacturer: syz [ 143.037961][ T5862] usb 4-1: SerialNumber: syz [ 143.073650][ T5862] hub 4-1:1.0: bad descriptor, ignoring hub [ 143.084074][ T5862] hub: probe of 4-1:1.0 failed with error -5 [ 143.307199][ T5862] usblp 4-1:1.0: usblp0: USB Unidirectional printer dev 7 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 143.349877][ T6829] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 143.392487][ T6829] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 143.937863][ T6849] loop0: detected capacity change from 0 to 1024 [ 143.947479][ T6849] EXT4-fs: Ignoring removed bh option [ 143.954390][ T6820] usb 4-1: reset high-speed USB device number 7 using dummy_hcd [ 143.963843][ T6849] EXT4-fs: Ignoring removed nomblk_io_submit option [ 144.012945][ T6849] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 144.031630][ T6849] syz.0.336[6849] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 144.031772][ T6849] syz.0.336[6849] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 144.073115][ T787] usb 2-1: new full-speed USB device number 3 using dummy_hcd [ 144.144532][ T6849] netlink: 20 bytes leftover after parsing attributes in process `syz.0.336'. [ 144.361229][ T787] usb 2-1: unable to get BOS descriptor or descriptor too short [ 144.374095][ T787] usb 2-1: not running at top speed; connect to a high speed hub [ 144.383514][ T787] usb 2-1: config 7 has an invalid interface number: 137 but max is 1 [ 144.392025][ T787] usb 2-1: config 7 has an invalid interface number: 112 but max is 1 [ 144.400397][ T787] usb 2-1: config 7 has no interface number 0 [ 144.406624][ T787] usb 2-1: config 7 has no interface number 1 [ 144.414209][ T787] usb 2-1: config 7 interface 112 altsetting 9 has an invalid endpoint with address 0x0, skipping [ 144.425463][ T787] usb 2-1: config 7 interface 112 altsetting 9 endpoint 0x9 has invalid maxpacket 1024, setting to 64 [ 144.474654][ T6863] loop2: detected capacity change from 0 to 512 [ 144.503193][ T787] usb 2-1: config 7 interface 112 altsetting 9 endpoint 0x7 has invalid maxpacket 1024, setting to 64 [ 144.577086][ T6863] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 144.617186][ T787] usb 2-1: config 7 interface 112 altsetting 9 endpoint 0x4 has invalid maxpacket 1023, setting to 64 [ 144.647385][ T6863] EXT4-fs (loop2): orphan cleanup on readonly fs [ 144.662572][ T6863] Quota error (device loop2): do_check_range: Getting block 196613 out of range 1-5 [ 144.673116][ T6863] Quota error (device loop2): qtree_read_dquot: Can't read quota structure for id 0 [ 144.682960][ T6863] EXT4-fs error (device loop2): ext4_acquire_dquot:6938: comm syz.2.340: Failed to acquire dquot type 1 [ 144.762041][ T6863] EXT4-fs (loop2): 1 truncate cleaned up [ 144.825057][ T6863] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 144.975689][ T787] usb 2-1: config 7 interface 112 altsetting 9 endpoint 0x3 has invalid maxpacket 608, setting to 64 [ 145.282519][ T787] usb 2-1: config 7 interface 112 altsetting 9 has a duplicate endpoint with address 0x7, skipping [ 145.334171][ T787] usb 2-1: config 7 interface 137 has no altsetting 0 [ 145.367429][ T787] usb 2-1: config 7 interface 112 has no altsetting 0 [ 145.447189][ T787] usb 2-1: New USB device found, idVendor=2eca, idProduct=c101, bcdDevice=fb.2f [ 145.481111][ T787] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 145.491535][ T5796] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 145.532114][ T787] usb 2-1: Product: syz [ 145.536356][ T787] usb 2-1: Manufacturer: syz [ 145.554146][ T787] usb 2-1: SerialNumber: syz [ 145.908453][ T787] usb 2-1: USB disconnect, device number 3 [ 146.271369][ T6867] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 146.327035][ T6867] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 146.753876][ T5798] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 147.323014][ T6890] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 147.368422][ T6892] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 147.380349][ T6890] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 147.409384][ T6892] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 148.260706][ T5849] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 148.506646][ T5849] usb 2-1: device descriptor read/64, error -71 [ 148.861723][ T5849] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 149.052984][ T5849] usb 2-1: device descriptor read/64, error -71 [ 149.172345][ T5849] usb usb2-port1: attempt power cycle [ 149.581305][ T5849] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 149.624323][ T5849] usb 2-1: device descriptor read/8, error -71 [ 149.902179][ T5849] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 149.943640][ T5849] usb 2-1: device descriptor read/8, error -71 [ 150.070762][ T5849] usb usb2-port1: unable to enumerate USB device [ 151.000661][ T5880] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 151.180578][ T5880] usb 3-1: Using ep0 maxpacket: 8 [ 151.188281][ T5880] usb 3-1: config 179 has an invalid interface number: 65 but max is 0 [ 151.205889][ T5880] usb 3-1: config 179 has no interface number 0 [ 151.212887][ T5880] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 151.233979][ T5880] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 151.252323][ T5880] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 151.263988][ T5880] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 151.293805][ T5880] usb 3-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 151.309010][ T5863] usb 4-1: USB disconnect, device number 7 [ 151.310229][ T5880] usb 3-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 151.335292][ T5880] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 151.352036][ T5863] usblp0: removed [ 151.400406][ T6935] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 151.888658][ T5863] usb 3-1: USB disconnect, device number 7 [ 151.888687][ C1] xpad 3-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 151.902996][ C1] xpad 3-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 152.880697][ T5880] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 153.035062][ T787] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 153.121155][ T5880] usb 3-1: config 0 interface 0 altsetting 128 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 153.149931][ T5880] usb 3-1: config 0 interface 0 altsetting 128 endpoint 0x81 has invalid wMaxPacketSize 0 [ 153.190702][ T5880] usb 3-1: config 0 interface 0 has no altsetting 0 [ 153.207881][ T5880] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 153.227389][ T5880] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 153.240745][ T787] usb 2-1: device descriptor read/64, error -71 [ 153.258314][ T5880] usb 3-1: config 0 descriptor?? [ 153.510662][ T787] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 153.694744][ T787] usb 2-1: device descriptor read/64, error -71 [ 153.844102][ T787] usb usb2-port1: attempt power cycle [ 153.909206][ T6986] input: syz1 as /devices/virtual/input/input8 [ 153.942326][ T5880] usb 3-1: string descriptor 0 read error: -22 [ 154.158246][ T5880] input: HID 256c:006d as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:256C:006D.0002/input/input9 [ 154.301503][ T787] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 154.357295][ T787] usb 2-1: device descriptor read/8, error -71 [ 154.369805][ T6994] binder: BINDER_SET_CONTEXT_MGR already set [ 154.387560][ T5880] uclogic 0003:256C:006D.0002: input,hidraw0: USB HID v0.00 Device [HID 256c:006d] on usb-dummy_hcd.2-1/input0 [ 154.408223][ T6994] binder: 6993:6994 ioctl 4018620d 200000000040 returned -16 [ 154.445904][ T6994] binder: 6993:6994 ioctl c0306201 200000000180 returned -11 [ 154.461313][ T5880] usb 3-1: USB disconnect, device number 8 [ 154.652862][ T787] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 154.681326][ T6997] fido_id[6997]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory [ 154.731983][ T787] usb 2-1: device descriptor read/8, error -71 [ 154.745283][ T7001] binder: BINDER_SET_CONTEXT_MGR already set [ 154.768589][ T7001] binder: 7000:7001 ioctl 4018620d 200000000040 returned -16 [ 154.874588][ T787] usb usb2-port1: unable to enumerate USB device [ 155.611988][ T7021] tipc: Enabled bearer , priority 0 [ 155.651525][ T7023] binder: 7022:7023 ioctl c0306201 0 returned -14 [ 155.712431][ T7021] syzkaller0: entered promiscuous mode [ 155.728402][ T7021] syzkaller0: entered allmulticast mode [ 155.746949][ T7021] tipc: Resetting bearer [ 155.797822][ T7020] tipc: Resetting bearer [ 156.006983][ T7034] process 'syz.3.405' launched './file0' with NULL argv: empty string added [ 156.112997][ T28] audit: type=1804 audit(1753435930.998:2): pid=7034 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.405" name="/newroot/104/bus/file1/file0" dev="overlay" ino=566 res=1 errno=0 [ 156.555134][ T7044] fuse: Bad value for 'fd' [ 156.687046][ T8] tipc: Node number set to 1688749596 [ 159.001557][ T7020] tipc: Disabling bearer [ 159.219348][ T7052] binder: 7051:7052 ioctl c0306201 0 returned -14 [ 159.496500][ T7063] syzkaller0: entered promiscuous mode [ 159.502348][ T7063] syzkaller0: entered allmulticast mode [ 159.655936][ T7067] loop0: detected capacity change from 0 to 1024 [ 159.669316][ T7067] EXT4-fs: Ignoring removed bh option [ 159.685308][ T7067] EXT4-fs: Ignoring removed nomblk_io_submit option [ 159.728700][ T7067] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 159.746719][ T5849] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 159.798459][ T7067] syz.0.418[7067] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 159.798599][ T7067] syz.0.418[7067] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 159.828754][ T7067] netlink: 20 bytes leftover after parsing attributes in process `syz.0.418'. [ 159.970706][ T5849] usb 3-1: Using ep0 maxpacket: 32 [ 159.972979][ T5849] usb 3-1: config 0 has an invalid interface number: 196 but max is 0 [ 159.973006][ T5849] usb 3-1: config 0 has no interface number 0 [ 159.973049][ T5849] usb 3-1: config 0 interface 196 altsetting 1 bulk endpoint 0x2 has invalid maxpacket 528 [ 159.973076][ T5849] usb 3-1: config 0 interface 196 has no altsetting 0 [ 159.976045][ T5849] usb 3-1: New USB device found, idVendor=05ac, idProduct=77c2, bcdDevice=eb.3a [ 159.976074][ T5849] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 159.976095][ T5849] usb 3-1: Product: syz [ 159.976111][ T5849] usb 3-1: Manufacturer: syz [ 159.976127][ T5849] usb 3-1: SerialNumber: syz [ 160.002045][ T5849] usb 3-1: config 0 descriptor?? [ 160.010049][ T7064] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 160.525586][ T5796] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 160.709506][ T5849] ipheth 3-1:0.196: ipheth_enable_ncm: usb_control_msg: 0 [ 160.742421][ T5849] ipheth 3-1:0.196: Apple iPhone USB Ethernet device attached [ 160.982378][ T5849] usb 3-1: USB disconnect, device number 9 [ 161.074012][ T5849] ipheth 3-1:0.196: Apple iPhone USB Ethernet now disconnected [ 161.228291][ T7090] netlink: 8 bytes leftover after parsing attributes in process `syz.1.426'. [ 161.390620][ T5880] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 161.560593][ T5880] usb 1-1: device descriptor read/64, error -71 [ 161.830634][ T5880] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 162.001116][ T5880] usb 1-1: device descriptor read/64, error -71 [ 162.077537][ T7121] syz.3.437[7121] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 162.077684][ T7121] syz.3.437[7121] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 162.111063][ T7121] netlink: 20 bytes leftover after parsing attributes in process `syz.3.437'. [ 162.125286][ T5880] usb usb1-port1: attempt power cycle [ 162.199552][ T7127] loop1: detected capacity change from 0 to 512 [ 162.210412][ T7127] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 162.255075][ T7127] EXT4-fs (loop1): orphan cleanup on readonly fs [ 162.268942][ T7127] Quota error (device loop1): do_check_range: Getting block 196613 out of range 1-5 [ 162.279999][ T7127] Quota error (device loop1): qtree_read_dquot: Can't read quota structure for id 0 [ 162.289724][ T7127] EXT4-fs error (device loop1): ext4_acquire_dquot:6938: comm syz.1.438: Failed to acquire dquot type 1 [ 162.333595][ T7127] EXT4-fs (loop1): 1 truncate cleaned up [ 162.359889][ T7127] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 163.250617][ T5880] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 163.339684][ T5880] usb 1-1: device descriptor read/8, error -71 [ 163.641291][ T5880] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 164.520884][ T5797] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 164.674135][ T5880] usb 1-1: device descriptor read/8, error -71 [ 164.807185][ T5880] usb usb1-port1: unable to enumerate USB device [ 165.293390][ T7138] netlink: 8 bytes leftover after parsing attributes in process `syz.3.443'. [ 168.294294][ T5880] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 168.559824][ T7193] binder: 7192:7193 ioctl c0306201 0 returned -14 [ 169.229543][ T5880] usb 1-1: device descriptor read/64, error -71 [ 169.520693][ T5880] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 169.859840][ T5880] usb 1-1: device descriptor read/64, error -71 [ 170.011139][ T5880] usb usb1-port1: attempt power cycle [ 170.440690][ T5880] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 170.491524][ T5880] usb 1-1: device descriptor read/8, error -71 [ 171.583603][ T7235] fuse: Bad value for 'fd' [ 172.402224][ T5849] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 172.600124][ T5849] usb 3-1: device descriptor read/64, error -71 [ 172.980799][ T5849] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 173.290643][ T5849] usb 3-1: device descriptor read/64, error -71 [ 173.420938][ T5849] usb usb3-port1: attempt power cycle [ 173.870773][ T5849] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 173.931454][ T5849] usb 3-1: device descriptor read/8, error -71 [ 174.240656][ T5849] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 174.301425][ T5849] usb 3-1: device descriptor read/8, error -71 [ 174.430949][ T5849] usb usb3-port1: unable to enumerate USB device [ 178.831096][ T5863] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 179.030735][ T5863] usb 3-1: device descriptor read/64, error -71 [ 180.800652][ T968] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 181.006327][ T968] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 181.020537][ T968] usb 2-1: config 1 has an invalid descriptor of length 48, skipping remainder of the config [ 181.042401][ T968] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 181.065606][ T968] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 48, changing to 9 [ 181.073362][ T7381] fuse: Bad value for 'fd' [ 181.087621][ T968] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8240, setting to 1024 [ 181.100709][ T5863] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 181.126674][ T968] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 181.146320][ T968] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 181.158260][ T968] usb 2-1: Product: syz [ 181.166878][ T968] usb 2-1: Manufacturer: syz [ 181.280244][ T968] cdc_wdm 2-1:1.0: skipping garbage [ 181.286919][ T968] cdc_wdm 2-1:1.0: skipping garbage [ 181.375577][ T968] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 181.390795][ T968] cdc_wdm 2-1:1.0: Unknown control protocol [ 181.647473][ C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 181.654169][ C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 181.689729][ T968] usb 2-1: USB disconnect, device number 12 [ 182.980880][ T7388] netlink: 8 bytes leftover after parsing attributes in process `syz.3.530'. [ 184.400581][ T787] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 184.564495][ T7441] fuse: Bad value for 'fd' [ 184.590718][ T787] usb 1-1: device descriptor read/64, error -71 [ 185.034278][ T787] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 189.383364][ T7454] netlink: 8 bytes leftover after parsing attributes in process `syz.2.549'. [ 190.590770][ T7489] binder: 7488:7489 ioctl c0306201 0 returned -14 [ 192.375635][ T7521] binder: 7520:7521 ioctl c0306201 0 returned -14 [ 193.767483][ T7539] fuse: Bad value for 'fd' [ 193.940912][ T7516] netlink: 8 bytes leftover after parsing attributes in process `syz.0.569'. [ 194.495260][ T7550] binder: 7549:7550 ioctl c0306201 0 returned -14 [ 194.644422][ T1292] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.651360][ T1292] ieee802154 phy1 wpan1: encryption failed: -22 [ 198.311968][ T7608] binder: BINDER_SET_CONTEXT_MGR already set [ 198.318030][ T7608] binder: 7606:7608 ioctl 4018620d 200000000040 returned -16 [ 205.578522][ T7721] fuse: Bad value for 'fd' [ 210.090796][ T5862] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 210.252198][ T7807] syz.3.675[7807] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 210.252344][ T7807] syz.3.675[7807] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 210.290539][ T5862] usb 3-1: Using ep0 maxpacket: 8 [ 210.323835][ T5862] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 210.353315][ T5862] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 210.380832][ T5862] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 210.404227][ T5862] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 210.432411][ T5862] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 210.452440][ T5862] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 210.690758][ T5862] usb 3-1: usb_control_msg returned -32 [ 210.712754][ T5862] usbtmc 3-1:16.0: can't read capabilities [ 210.761729][ T5862] usb 3-1: USB disconnect, device number 16 [ 211.885363][ T7839] loop0: detected capacity change from 0 to 1024 [ 211.893630][ T7839] EXT4-fs: Ignoring removed bh option [ 211.899092][ T7839] EXT4-fs: Ignoring removed nomblk_io_submit option [ 211.935193][ T7839] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 211.990157][ T7839] syz.0.687[7839] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 211.990300][ T7839] syz.0.687[7839] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 212.202127][ T5796] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 213.477724][ T7872] loop1: detected capacity change from 0 to 1024 [ 213.507354][ T7872] EXT4-fs: Ignoring removed bh option [ 213.527896][ T7872] EXT4-fs: Ignoring removed nomblk_io_submit option [ 213.577301][ T7872] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 213.629873][ T7872] syz.1.698[7872] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 213.630015][ T7872] syz.1.698[7872] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 213.993480][ T5797] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 214.020559][ T5880] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 214.141797][ T7882] syz.1.701[7882] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 214.141932][ T7882] syz.1.701[7882] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 214.210743][ T5880] usb 1-1: Using ep0 maxpacket: 8 [ 214.250391][ T5880] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 214.280850][ T5880] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 214.300536][ T5880] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 214.314592][ T5880] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 214.348363][ T5880] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 214.369251][ T5880] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 214.616729][ T5880] usb 1-1: usb_control_msg returned -32 [ 214.635755][ T5880] usbtmc 1-1:16.0: can't read capabilities [ 214.668771][ T5880] usb 1-1: USB disconnect, device number 18 [ 215.083070][ T7903] [ 215.085484][ T7903] ============================================ [ 215.091661][ T7903] WARNING: possible recursive locking detected [ 215.097851][ T7903] 6.6.100-syzkaller #0 Not tainted [ 215.102989][ T7903] -------------------------------------------- [ 215.109160][ T7903] syz.2.709/7903 is trying to acquire lock: [ 215.115105][ T7903] ffff88802f2fe238 (&trie->lock){....}-{2:2}, at: trie_delete_elem+0x96/0x6a0 [ 215.124046][ T7903] [ 215.124046][ T7903] but task is already holding lock: [ 215.131444][ T7903] ffff88802f2fea38 (&trie->lock){....}-{2:2}, at: trie_update_elem+0xca/0xea0 [ 215.140382][ T7903] [ 215.140382][ T7903] other info that might help us debug this: [ 215.148482][ T7903] Possible unsafe locking scenario: [ 215.148482][ T7903] [ 215.155962][ T7903] CPU0 [ 215.159268][ T7903] ---- [ 215.162566][ T7903] lock(&trie->lock); [ 215.166648][ T7903] lock(&trie->lock); [ 215.170732][ T7903] [ 215.170732][ T7903] *** DEADLOCK *** [ 215.170732][ T7903] [ 215.178880][ T7903] May be due to missing lock nesting notation [ 215.178880][ T7903] [ 215.187218][ T7903] 3 locks held by syz.2.709/7903: [ 215.192255][ T7903] #0: ffffffff8cd2fba0 (rcu_read_lock){....}-{1:2}, at: bpf_map_update_value+0x41d/0x720 [ 215.202235][ T7903] #1: ffff88802f2fea38 (&trie->lock){....}-{2:2}, at: trie_update_elem+0xca/0xea0 [ 215.211576][ T7903] #2: ffffffff8cd2fba0 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run4+0xfd/0x420 [ 215.220906][ T7903] [ 215.220906][ T7903] stack backtrace: [ 215.226798][ T7903] CPU: 0 PID: 7903 Comm: syz.2.709 Not tainted 6.6.100-syzkaller #0 [ 215.234873][ T7903] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 215.244941][ T7903] Call Trace: [ 215.248237][ T7903] [ 215.251176][ T7903] dump_stack_lvl+0x16c/0x230 [ 215.255877][ T7903] ? show_regs_print_info+0x20/0x20 [ 215.261092][ T7903] ? print_deadlock_bug+0x435/0x5d0 [ 215.266306][ T7903] __lock_acquire+0x5d40/0x7c80 [ 215.271181][ T7903] ? mark_lock+0x94/0x320 [ 215.275531][ T7903] ? verify_lock_unused+0x140/0x140 [ 215.280741][ T7903] ? __lock_acquire+0x1260/0x7c80 [ 215.285788][ T7903] lock_acquire+0x197/0x410 [ 215.290303][ T7903] ? trie_delete_elem+0x96/0x6a0 [ 215.295263][ T7903] ? read_lock_is_recursive+0x20/0x20 [ 215.300651][ T7903] ? verify_lock_unused+0x140/0x140 [ 215.305877][ T7903] _raw_spin_lock_irqsave+0xa8/0xf0 [ 215.311098][ T7903] ? trie_delete_elem+0x96/0x6a0 [ 215.316051][ T7903] ? _raw_spin_lock+0x40/0x40 [ 215.320754][ T7903] trie_delete_elem+0x96/0x6a0 [ 215.325544][ T7903] ? __cant_sleep+0x210/0x210 [ 215.330326][ T7903] bpf_prog_8c8ab8634bca3061+0x42/0x4c [ 215.335798][ T7903] bpf_trace_run4+0x1f9/0x420 [ 215.340491][ T7903] ? bpf_trace_run4+0xfd/0x420 [ 215.345271][ T7903] ? bpf_trace_run3+0x400/0x400 [ 215.350146][ T7903] ? percpu_ref_put+0x19/0x180 [ 215.354929][ T7903] ? percpu_ref_put+0xef/0x180 [ 215.359708][ T7903] __traceiter_mm_page_alloc+0x39/0x60 [ 215.365183][ T7903] __alloc_pages+0x429/0x460 [ 215.369797][ T7903] ? zone_statistics+0x170/0x170 [ 215.374752][ T7903] ? bpf_map_get_memcg+0x4e/0x4e0 [ 215.379829][ T7903] ? __lock_acquire+0x7c80/0x7c80 [ 215.384869][ T7903] ? __rwlock_init+0x150/0x150 [ 215.389649][ T7903] __kmalloc_large_node+0x8c/0x1e0 [ 215.394815][ T7903] ? bpf_map_kmalloc_node+0xbc/0x1b0 [ 215.400150][ T7903] __kmalloc_node+0x10f/0x230 [ 215.404868][ T7903] ? _raw_spin_lock+0x40/0x40 [ 215.409567][ T7903] bpf_map_kmalloc_node+0xbc/0x1b0 [ 215.414791][ T7903] trie_update_elem+0x166/0xea0 [ 215.419666][ T7903] ? asm_exc_page_fault+0x26/0x30 [ 215.424722][ T7903] bpf_map_update_value+0x660/0x720 [ 215.429951][ T7903] map_update_elem+0x57b/0x700 [ 215.434728][ T7903] __sys_bpf+0x652/0x800 [ 215.438979][ T7903] ? bpf_link_show_fdinfo+0x350/0x350 [ 215.444368][ T7903] ? lock_chain_count+0x20/0x20 [ 215.449234][ T7903] __x64_sys_bpf+0x7c/0x90 [ 215.453663][ T7903] do_syscall_64+0x55/0xb0 [ 215.458098][ T7903] ? clear_bhb_loop+0x40/0x90 [ 215.462787][ T7903] ? clear_bhb_loop+0x40/0x90 [ 215.467477][ T7903] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 215.473410][ T7903] RIP: 0033:0x7effe038e9a9 [ 215.477847][ T7903] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 215.497469][ T7903] RSP: 002b:00007effe129e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 215.505900][ T7903] RAX: ffffffffffffffda RBX: 00007effe05b5fa0 RCX: 00007effe038e9a9 [ 215.513884][ T7903] RDX: 0000000000000020 RSI: 0000200000000080 RDI: 0000000000000002 [ 215.521867][ T7903] RBP: 00007effe0410d69 R08: 0000000000000000 R09: 0000000000000000 [ 215.529854][ T7903] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 215.537840][ T7903] R13: 0000000000000000 R14: 00007effe05b5fa0 R15: 00007ffff32d20d8 [ 215.545835][ T7903]