last executing test programs: 9m56.048086705s ago: executing program 0 (id=305): bpf$PROG_LOAD(0x5, &(0x7f0000001540)={0xf, 0x13, &(0x7f0000000900)=ANY=[@ANYBLOB="18000000f7ffffff00000000000000001801000020756c0000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000101000085000000060000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000002000000850000001000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 9m55.82139224s ago: executing program 0 (id=308): syz_mount_image$squashfs(&(0x7f00000001c0), &(0x7f0000000200)='./file0\x00', 0x0, &(0x7f00000043c0)=ANY=[@ANYBLOB="003bfa093f92d25f4b42889f58b35b82edd6f82c49e007ed49b9ed030962f330bd57af2a"], 0x2, 0x1a2, &(0x7f0000000440)="$eJzs0D9rU1EYx/Hvc87JnwpVouJQwQYsxhuqyb1VB6fgFKEXHFwEg4Y0NsVETW8GW1roIgWp9i3oVEcVdBJRcC4OgoNel27SDMVBHCSSm1PB1+D5DPd3nx/cew5PK+pGGeD33kqDCgnNQT4iGGBSRp1So3xt5+82N0fBJTtv2HxmcyJaWr5db7ebi/mLeXL/FMCPpPtbRS84pugLFeTz3kqjLjdDBhU6ai4kN0vxEbpG13vMhBnn6A00g8IGlxVdGd72UKnXuVeKlpbPLHTq88355p0gmLlQPlcunw9KtxbazfIrxHsoiies4oVkQsa8VVI1HmybA0wL4rVUrKXYJ11jc1ufPjndR3m7DBDeFfpkvppWXl3lFNnrKKhyRHiKDpmaZUxhSA6qIlfUS/HNJ/MzpciuaX22cbc9t35Nya/0VkV2s+LvkCr4BEWfmeFqOMx71mOmYqoxWzE735iUN8MV7e/VrA2fz+10nBOQ5n6911v00/BBTEhQCAlyMJ78TiX3ysFb+40Nvuy/OI7jOI7jOI7jOP+BPwEAAP//LiJjdw==") syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f00000005c0)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@nogrpid}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH") lsetxattr$security_ima(0x0, 0x0, 0x0, 0x0, 0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r0, &(0x7f0000032680)=""/102392, 0x18ff8) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000440)=ANY=[@ANYBLOB="9feb010018000000000000007c0000007c00000002000000f3ff00000000000e0000000000000000000000000600000d00000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000c20"], 0x0, 0x96}, 0x28) r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, 0x0, 0x26}, 0x20) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000002b80)={0x6, 0x3, &(0x7f0000000200)=@framed, &(0x7f0000000280)='GPL\x00', 0x5, 0xe2, &(0x7f00000002c0)=""/226, 0x0, 0x0, '\x00', 0x0, 0x25, r1, 0x8, 0x0, 0x0, 0x10, &(0x7f00000004c0), 0x10}, 0x94) r2 = open(&(0x7f0000000580)='./file1\x00', 0x80242, 0x1df2a23c5997fa5f) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000180)={0xa0, 0x0, 0x0, {{0x6, 0x1, 0x8000000004007, 0xac, 0x1, 0x4, {0x0, 0x4, 0x20fe, 0x40000000005, 0x85, 0xd614, 0x9, 0x7fffffff, 0xfffffffa, 0xc000, 0x0, 0xee00, 0x0, 0x3ff, 0x401}}, {0x0, 0x11}}}, 0xa0) sendfile(r2, r2, &(0x7f0000000080), 0x7f03) 9m52.242253446s ago: executing program 0 (id=321): socket$inet6_udp(0xa, 0x2, 0x0) syz_mount_image$ext4(&(0x7f0000000440)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x800002, &(0x7f0000000000)={[{@noblock_validity}, {@dioread_nolock}, {@errors_remount}, {@minixdf}, {@jqfmt_vfsv0}, {@usrjquota, 0x2e}], [], 0x22}, 0x84, 0x464, &(0x7f0000000ac0)="$eJzs3EtvG0UcAPD/bpq+S0Ipjz6AQEFEPJImLdADFxBIvSAhwaEcQ5pWpWmDmiDRKqIpQuWI+gmAIxKfgBNcEHACcYU7QqpQLgQOaNHau6lx7GAncZ3g30/aeGZ31jt/7449O2MngJ41lP9JIvZGxM8RMRARffUFhqoPS4vzk38uzk8mkWWv/57ku8Ufi/OTZdGkeNxTZIbTiPTDJA43OO7slasXJqanpy4X+dG5i++Mzl65+sz5ixPnps5NXRo/efLE8bHnnxt/dkPi3JfX9dD7M0cOnnrz5quTp2++9d0XeX33Fttr46gaXPcxh2Jo+TWp9/i6n31z2VeTTrZ1sSK0JW/r+enqr7T/geiL2ydvIF75oKuVAzoqy7Jsx4q1yz2AhQz4H0ui2zUAuqP8oM/vf8vlDnY/uu7Wi9UboDzupWKpbtkWaVGmv+7+diMNRcTphb8+yZdoOA4BALCxvsr7P0836v+lcV9NubuKuaHBiLg7IvZHxD0RcSAi7o2olL0/Ih5o8/hDdfmV/Z8fd60psBbl/b8Xirmtf/f/yt5fDPYVuX2V+PuTs+enp44Vr8lw9O/I82OrHOPrl3/6uNm22v5fviz1x2TZFyzq8du2ugG6MxNzE+uJudat65UxwGsr40+WZwKSiDgYEYfW8Pw7I+L8k58fabZ9RfyL83Xxr2ID5pmyzyKeqJ7/haiLv5SsPj85ujOmp46NllfFSt//cOO1ZsdfV/wbID//uxte/8vxDya187Wz7R/jxi8fNb2n+e/4G1//25M3Kuntxbr3JubmLo9FbE8WVq4fv71vmS/L5/EPH23c/vdH/P1psd/hiMgv4gcj4qGIeLio+yMR8WhEHF0l/m9feuzttcffWXn8Z9o6/+0n+i5882Wz47d2/k9UUsPFmlbe/1qt4HpeOwAAANgq0sp34JN0ZDmdpiMj1e/wH4jd6fTM7NxTZ2fevXSm+l35wehPy5GugZrx0LFibLjMj9flj1fGjbMsy3ZV8iOTM9OdmlMHWrOnSfvP/drX7doBHdfWPFqzX7QBW5Lfa0Lv0v6hd2n/0Lu0f+hdjdr/tYilVXe63rHqAHeQz3/oXdo/9C7tH3qX9g89aT2/618tsf9Ua4XLf0DYoWpsgUTf5qhG24lIN0U11pZIN0c1qokdEdFq4Wt3rKV0+Y0JAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgg/wTAAD//7YA6Ok=") syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000680)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x804071, 0x0, 0x0, 0x0, &(0x7f0000000140)) 9m51.020740572s ago: executing program 0 (id=328): bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB], 0x48) ioctl$SNAPSHOT_SET_SWAP_AREA(0xffffffffffffffff, 0x400c330d, 0x0) bind$packet(0xffffffffffffffff, &(0x7f0000000800)={0x11, 0x1, 0x0, 0x1, 0x5, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1c}}, 0x14) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmsg$nl_xfrm(r0, 0x0, 0x4004) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x95255000) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x15) remap_file_pages(&(0x7f000051c000/0x400000)=nil, 0x400d00, 0x0, 0x0, 0x0) socket$inet(0xa, 0x1, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) set_mempolicy(0x4005, 0x0, 0x9) r1 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDFONTOP_SET(r1, 0x4b72, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x200, 0x0}) syz_mount_image$ext4(&(0x7f0000000040)='ext2\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f00000007c0)={[{@bsdgroups}]}, 0xfc, 0x574, &(0x7f0000001980)="$eJzs3c9rHFUcAPDvbJI2/aFJoRT1IIEerNRumsQfFTzUk4gWC3qvS7INJZtuyW5KEwu2B3vxIkUQsSB69+6x+A/4VxS0UKQEPXiJzGY2XZPZNNlumm3384Fp35uZzZvvvvm+fbOzywbQt8bSfwoRL0fEN0nESMu2wcg2jq3tt/Lw+nS6JLG6+ulfSSTZuub+Sfb/oazyUkT89lXEycLmdmtLy3OlSqW8kNXH6/NXxmtLy6cuzZdmy7Ply5NTU2fempp89523uxbr6+f/+f6Tux+e+fr4yne/3D9yO4mzcTjb1hrHE7jRWhmLsew5GYqzG3ac6EJjvSTZ6wOgIwNZng9FOgaMxECW9blWR57moQG77Ms0rYE+lch/6FPNeUDz2r5L18HPjAfvr10AbY5/cO29kRhuXBsdXEn+d2WUXu+OdqH9tI1f/7xzO12i3fsQ+7vQEMAGN25GxOnBwc3jX5KNf507vY19NrbRb68/sJfupvOfN/LmP4X1+U/kzH8O5eRuJx6f/4X7XWimrXT+917u/Hf9ptXoQFZ7oTHnG0ouXqqU07HtxYg4EUP70/pERHyQfxPk88LKvdV27bfO/9Ilbb85F8yO4/7ghvnfTKleevLI1zy4GfFK7vw3We//JKf/0+fj/DbbOFa+82q7bY+Pf3et/hTxWm7/P+rMZOv7k+ON82G8eVZs9vetY7+3a3+v40/7/+DW8Y8mrfdraztv48fhf8vttnV6/u9LPmuU92XrrpXq9YWJiH3Jx5vXTz56bLPe3D+N/8Txrce/vPP/QJrY24z/1tFbrbsO7yz+3ZXGP7Oj/t954d5HX/zQrv3t9f+bjdKJbM12xr/tHuCTPHcAAAAAAADQawoRcTiSQnG9XCgUi2uf7zgaBwuVaq1+8mJ18fJMNL4rOxpDhead7pGWz0NMZJ+HbdYnN9SnIuJIRHw7cKBRL05XKzN7HTwAAAAAAAAAAAAAAAAAAAD0iEMRw3nf/0/9MZD/mDargWfRFj/5DTzn2ud/tqUbv/QE9CSv/9C/5D/0L/kP/Uv+Q/+S/9C/5D/0L/kP/Wsn+f/zuV08EAAAAAAAAAAAAAAAAAAAAAAAAAAAAHg+nD93Ll1WVx5en07rM1eXFueqV0/NlGtzxfnF6eJ0deFKcbZana2Ui9PV+cf9vUq1emViMhavjdfLtfp4bWn5wnx18XL9wqX50mz5QnnoqUQFAAAAAAAAAAAAAAAAAAAAz5ba0vJcqVIpLygodFQY7I3D6MFCoTcOo8PCXo9MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDIfwEAAP//wGE62g==") openat(0xffffffffffffff9c, 0x0, 0x143042, 0x0) mkdir(&(0x7f0000000580)='./file0\x00', 0x92) 9m47.446915039s ago: executing program 0 (id=344): mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x4020072, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x4000, 0x3, &(0x7f0000004000/0x4000)=nil) mremap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x4000, 0x0, &(0x7f0000001000/0x4000)=nil) 9m47.149113587s ago: executing program 0 (id=348): r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f0000000480), 0x400034f, 0x2, 0x0) fcntl$setownex(r1, 0xf, &(0x7f0000000000)={0x2, r0}) 9m36.326699548s ago: executing program 32 (id=326): bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc018937e, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x244}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7020000140000e5b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10) syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x8000, &(0x7f0000000080)=ANY=[@ANYBLOB="666c7573682c757466383d312c6e6f6e756d7461696c3d302c726f6469722c757466383d312c6e6f6e756d7461696c3d302c756e695f786c6174653d312c6e6f6e756d7461696c3d302c756e695f786c6174653d302c757466383d312c756e695f786c6174653d302c757466383d312c756e695f786c6174653d312c6e6f6e756d7461696c3d302c646f733178666c6f7070792c726f6469722c73686f72746e616d653d77696e6e742c71756965742c0094f8a04f0973c43c7bcea227ba87b349831c01bc3220ec43c16881ca5a7eb4c441b475069a19ed5992542160cfb3116e6b98cb32f0c11a1425599a6e9e6112e8ccec10c22c03ee6158bae8a13f6c3b4c6a28b970ccddefe85485144c95ae43328f492ad74f0d68df2d1fb7eed626acbfd66c627c439a6358168da3754739b94ec5550af56d20754c3be005251ae53ba42f"], 0x0, 0x305, &(0x7f0000000200)="$eJzs3U1rE1sYwPFn8tIk7e1tF5fL5aJwqCCKdGgD7lxYpAUxoLSNYAVhaqcaMk1KJhRSxHYhuHXtoguXIojgzo2I2278BGrdddOdXQRHJjOT5mWMCZK+6P+3aM7MeZ45p3NOWnqamdm99GQlv5wUEU0C7taoRCTqb2/K+fdbn07PvfvL21ZqZmp+Mq1URERuP3gx9rY8dPP1328Ssj16Z3cv/WX71LzIt/n7ElE5WxUcRxlqsVgsu02opZyd15W6YZmGbapcwTZLZb/eWLRMtWwVV1cryigsDQ+ulkzbVkahovJmRZWLqlyqKOOekSsoXdfV8KCgNliBSFud1ikx+3zfcWTPcRwnsSmO44REbwaFuP+a+LXO4jhpGf+OsW2TI9rPnuEw7Duxrscfvx/v/f/5aXfj72wcUrdwSOZuLVybymSmZ5VKiqw8XsuuZb1Xr/7jkOTEElO2Zi8sVMWdIz7R3K8zVzPTE6pmVM6ubPj5G2tZ75fD1HItfydIasiXIH/Sy1fN+XEZPMg3JS0j8o+E5qeDfIk05A/IuTMN+bqMyIe7UhRLltyZ3JD/cFKpK9czLe2nanEAAAAAAAAAAJxEuqo7WL/X6v/qTel6ovaJj3p9yt3txnkB9fX1CRmRavj6/ETo+n5M/o8d4TcOAAAAAMAfxK6s5w3LMkv9KUSfpTo0ERcRtyDyaMztTMcD/uv3uLvWB0SkvSrauYmmQuqi197LWb9j0s8TFRSSPfQwpBBcrJE3qq+CqpSEBUd6mgDjA6FnPlnSpK/zp6kg3QTXrl7qbWJrMbuynuh6arWlV4M9/4XGONrPj+MYVtzbI/UR7Jx1uae3ww8LydYTNb7jHdfq8EPja32JDwAAAMAJ0vCHEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOCL16/81/0n/3dw8LLhvf3OV+I+Ib78lW+tz4rnvPwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBj6HsAAAD///cNs1U=") getsockopt$IPT_SO_GET_INFO(0xffffffffffffffff, 0x0, 0x40, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) 9m31.805516862s ago: executing program 33 (id=348): r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f0000000480), 0x400034f, 0x2, 0x0) fcntl$setownex(r1, 0xf, &(0x7f0000000000)={0x2, r0}) 9m15.919707744s ago: executing program 2 (id=463): pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r3, 0x29, 0x3, 0x0, 0x0) bind$inet6(r3, &(0x7f0000000280)={0xa, 0x4e22, 0x9, @loopback, 0x6}, 0x1c) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000080)=0x40, 0x4) connect$inet6(r3, &(0x7f0000000140)={0xa, 0x4e22, 0x23, @loopback, 0x23}, 0x1c) r4 = dup(r3) read$FUSE(r4, 0x0, 0x0) write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc) splice(r0, 0x0, r2, 0x0, 0x4ffe6, 0x0) 9m13.179695274s ago: executing program 2 (id=474): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="01000000000000001c0012000c000100626f6e64"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000740)=ANY=[@ANYBLOB="580000001000030400000000000000", @ANYRES32=0x0, @ANYBLOB="46060900000000002800128009000100766c616e00000000180002800c0002001f0000001f000000060001000100000008000500", @ANYRES32=r4, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r4], 0x58}, 0x1, 0x0, 0x0, 0x600}, 0x0) 9m11.891903871s ago: executing program 2 (id=478): socket(0x2, 0xa, 0x300) r0 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$sock_linger(r0, 0x1, 0x3c, &(0x7f0000000180)={0x200000000000001}, 0x8) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x4f25, 0x1, @mcast2, 0x7}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000003cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4001c00) 9m11.426852221s ago: executing program 2 (id=480): syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000000100), 0x2, 0x500, &(0x7f0000000500)="$eJzs3U9sI1cZAPBvJn/sTdMmhR4AFbqUwoJWayfeNqp6oZwqhCoheuSwDYkTRbHjKHZKE/aQPXJHohInOHHmgMQBqSfuSBzgxqUckAqsQA0SByOP7V3njzfWbmzvxr+fNJo38+L53tvRvGd91s4LYGJdj4ijiJiNiPcjYqFzPuls8XZ7a/3dZ/fvrh3fv7uWRLP53j+TrL51Lno+0/Jc55r5iPjBOxE/Sk4F/VNE/eBwe7VSKe91ThUb1d1i/eDw1lZ1dbO8Wd4plVaWV5bevP1G6dL6+kr1N59ei4jf/+7Ln/zx6Fs/aTVrvlPX24/L1O76zIM4LdMR8b1hBBuDqU5/Zh/nw4/1IS5TGhGfi4hXs+d/Iaayu3nSydv07RG2DgAYhmZzIZoLvccAwFWXZjmwJC10cgHzkaaFQjuH91LMpZVavXFzo7a/s97OlS3GTLqxVSkvdXKFizGTbGxNl5ezcve4Ui6dOr4dES9GxM9y17Ljwlqtsj7OLz4AMMGeOzX//yfXnv8BgCsu/7CYG2c7AIDRyY+7AQDAyJn/AWDymP8BYPKY/wFg8pj/AWDymP8BYKJ8/913W1vzuPP+6/UPDva3ax/cWi/XtwvV/bXCWm1vt7BZq21m7+ypXnS9Sq22u/x67H9YbJTrjWL94PBOtba/07iTvdf7TnlmJL0CAB7lxVc+/ksSEUdvXcu26Hnf/4Vz9cvDbh0wTOm4GwCMzdS4GwCMzdnVvoBJIR8P9CzRe6/ndP5M4bSPBrp8at1QePrc+OIT5P+BZ5r8P0yux8v/+y4PV4H8P0yuZjOx5j8ATBg5fiC5oL739/+lZs/BYL//AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJU0n21JWuisBT4faVooRDwfEYsxk2xsVcpLEfFCRPw5N5NrHS9HhHWDAOBZlv496az/dWPhtfnTtbO5/+ayfUT8+Bfv/fzD1UZjbzliNvnXg/ONjzrnS+NoPwBwke483Z3Huz67f3etu42yPZ9+p724aCvucWdr10zHdLbPZ7mGuX8nneO21veVqUuIf3QvIr5wXv+TLDey2Fn59HT8VuznRxo/PRE/zera+9a/xecvoS0waT5ujT9vn/f8pXE925///OezEerJdce/4zPjX/pg/JvqM/5dHzTG63/47pmTzYV23b2IL01HHHcv3jP+dOMnfeK/NmD8v778lVf71TV/GXEjzut/ciJWsVHdLdYPDm9tVVc3y5vlnVJpZXll6c3bb5SKWY662M1Un/WPt26+0C9+q/9zfeLnL+j/1wfs/6/+9/4Pv/qI+N/82vn3/6VHxG/Nid8YMP7q3G/z/epa8df79P+i+39zwPif/O1wfcA/BQBGoH5wuL1aqZT3hl1Ihx8iKyQRRyPoTruQ+/VP3xlVrCEW4ulohsLTVBj3yAQM28OHftwtAQAAAAAAAAAAAAAA+hnFfycadx8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4uv4fAAD//5iA1Hs=") open(&(0x7f0000000180)='./bus\x00', 0x14937e, 0x111) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x141a42, 0x1c2) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.usage_percpu\x00', 0x275a, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000200), 0xfea7) copy_file_range(r1, 0x0, r0, 0x0, 0xffffffffa003e45c, 0x700000000000000) mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) ioctl$LOOP_SET_STATUS64(r3, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x1, 0x8005, 0x0, 0x0, 0x19, 0x0, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "f283e6d60200000000000000000000000100", [0x208]}) r4 = open(&(0x7f0000000180)='./file1\x00', 0xe0142, 0x102) pwritev2(r4, &(0x7f0000001100)=[{&(0x7f0000001080)='\b', 0x1}], 0x1, 0x7000, 0x0, 0x3) 9m9.398949524s ago: executing program 2 (id=486): syz_usb_connect$uac1(0x2, 0xb2, &(0x7f0000000a00)=ANY=[@ANYBLOB="12010003000000106b1d01014000010203010902a000030156c0020904000000010100100a24010101bb02010211240601040507000a00080003000200050524050e0f0f2406020504020002000a000900040a24040204e59fce791209240605020105fd000924030303010005"], &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0}) 9m2.136218366s ago: executing program 2 (id=520): prlimit64(0x0, 0xe, &(0x7f00000004c0)={0x7, 0x800000000000008a}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(0x0, 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) setsockopt$inet6_IPV6_RTHDR(0xffffffffffffffff, 0x29, 0x1e, 0x0, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3fffff) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) dup(r1) close(0xffffffffffffffff) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000140)=ANY=[@ANYBLOB="1c000000120021030000000000bc61682a00968008001d001d"], 0x1c}], 0x1}, 0x0) recvmmsg(r2, &(0x7f00000077c0)=[{{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000002040)=""/4096, 0x1000}], 0x0, 0x0, 0xfffffe2a}}, {{0x0, 0x0, 0x0}}], 0x400000000000059, 0x2040, 0x0) 9m1.437085562s ago: executing program 34 (id=520): prlimit64(0x0, 0xe, &(0x7f00000004c0)={0x7, 0x800000000000008a}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(0x0, 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) setsockopt$inet6_IPV6_RTHDR(0xffffffffffffffff, 0x29, 0x1e, 0x0, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3fffff) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) dup(r1) close(0xffffffffffffffff) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000140)=ANY=[@ANYBLOB="1c000000120021030000000000bc61682a00968008001d001d"], 0x1c}], 0x1}, 0x0) recvmmsg(r2, &(0x7f00000077c0)=[{{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000002040)=""/4096, 0x1000}], 0x0, 0x0, 0xfffffe2a}}, {{0x0, 0x0, 0x0}}], 0x400000000000059, 0x2040, 0x0) 5m13.657439687s ago: executing program 1 (id=1091): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x1038, 0x1410, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000080)={0x24, 0x0, 0x0, &(0x7f00000000c0)={0x0, 0x22, 0x5, {[@local=@item_4={0x3, 0x2, 0x3, "5e5d0219"}]}}, 0x0}, 0x0) 5m10.656790935s ago: executing program 1 (id=1102): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0x3c, 0x0, 0x0) syz_open_dev$video(0x0, 0x8, 0x0) syz_io_uring_setup(0x49a, &(0x7f0000000400)={0x0, 0x79af, 0x3180, 0x8000, 0x400246}, 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000000)={0x10, 0x0, &(0x7f0000000140)=[@request_death={0x400c630e, 0x1}], 0x0, 0x0, 0x0}) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000000300)=""/102392, 0x18ff8) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000100)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(0xffffffffffffffff, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x0, {{@in, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x7, 0x0, 0x0, 0x0, 0x2}, {}, 0x0, 0x0, 0x1}, [@tmpl={0x44, 0x5, [{{@in6=@rand_addr=' \x01\x00', 0x2, 0x32}, 0xa, @in6=@private1, 0x0, 0x4}]}]}, 0xfc}}, 0x0) connect$inet(r2, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10) sendmmsg$inet(r2, &(0x7f0000004d00)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30000}}], 0x300, 0xf1c) write$binfmt_misc(r0, &(0x7f0000000000), 0x6) syz_io_uring_submit(0x0, 0x0, 0x0) 5m6.038083165s ago: executing program 1 (id=1112): openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) write$sndseq(0xffffffffffffffff, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8) r1 = socket$netlink(0x10, 0x3, 0x15) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1f, 0x0, 0x0, 0x1000, 0x0, 0x1}, 0x48) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x28011, r2, 0x0) 5m5.202830157s ago: executing program 1 (id=1116): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="4400000010000304000000000000000000000400", @ANYRES32=0x0, @ANYBLOB="60bc010004a701002400128009000100626f6e64000000001400028008000700020000000800030008"], 0x44}, 0x1, 0x0, 0x0, 0x11}, 0x4040044) syz_open_dev$dri(&(0x7f0000000100), 0x0, 0x0) memfd_create(&(0x7f0000000380)='+\x8b\x8a\x16\x11O\xdd\xdfk(F\x99\xdf\x92\xd5>oJ\x02u\x9b\xafa\xc8}\xac\x06\x9c&\xf5\xe3j\xda*4\x9a1\xa0o\xa0G\xa5\xb8\xf4\x8dy\xfa\tcqM\xb8R\x86\xd9\xd2.\x9f\x12\xed\x10\f\xbd\x1a|\x8a\xbb\xda\xcfY\x983U@\xf2M\x0eT\x80\x8c\xfd\xd7\xb0\x94\x82t\x96\rKx\xc5\x9b\x8c\x87\x96\x8bc\xbc\xee\xcc\x9f\xe3F\x99V4\x8e;M\xa9\x823\xe3\xb3mG\x8f\xdb\xed\x1b\x05\xec\xfc\xd1\xb5\xfd\xec@\xdeU\xdd\xa4\xc1\xe4L)\x8e\xe5\x91\x8e\xd4\x89\xd1\x95T\x05G\xac\xb8\xc1: )mh\xc7\xf1?\xbb\x13;\xad\x95\xd70\xb6\x0e\x7f\x84r\x0e\xbf\xc5\xf6\xd4\xdd\t\x14\x18\xf7\xefi\x93\x03\xd2\xf2\bK\"\x9c\xa1&&\xc8\xe0\xac\x99\xe8su\xcd\xc3E\x12\xd7\xdd\x96!\x16Tu\xe3\xf0\x84@\xeag\x94\x84\xd9\x1b\xc3OeK\x9daW\xf4\x87@\x9c\xf3\xf1K\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x91f\xdb\xc2\xa5h\'\xdfIn\x97\x0263~\xeb\xbe(i\n\xc2k4\x7f\x12\xa9e`SOs\x8c\xb4\xe7FeU\xc6$\x92j_U\xfa\b\xea\xb0bYkW\xc0\x05\aC{\xcc\x03T\x17\xa5Sk\x87P\xc2\x03D\xb2\xfa\x1b\x9fe\xf4\x10\x1a\xad\x92\xce\x88\x1b\xbc\xe14\x19\xaa\xd3\r\xf4\x15\xaa\x920\xdcrI\xd8\b\xfb\xc7\xe7xX\x00>d\xbb\xa71\xad\x9a\xfb\xe6\x13\x87\x93\\\xe5W-\xfc\xfd\xb8O\xb9j\xb8\xf2\x9dx\xb2\x86\xad\x92\x00'/397, 0x3) socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) r2 = syz_open_dev$dri(&(0x7f00000008c0), 0x1, 0x400) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f0000000d40)={0x0, 0x0, r3}) close(0x3) bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0a00000008000000e27f000001"], 0x48) bpf$PROG_LOAD(0x2, &(0x7f0000000680)={0x3, 0x3, &(0x7f0000000040)=ANY=[@ANYRESDEC], &(0x7f0000000780)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 5m3.419797583s ago: executing program 1 (id=1122): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f00000004c0)=ANY=[@ANYBLOB="180000000000000000000000000000008500000023000000850000005000000095"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r0}, 0x10) add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe) 5m1.935434458s ago: executing program 1 (id=1125): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x44, 0x86}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x1000000000000002) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f0000000480), 0x400034f, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10) syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x1000410, &(0x7f0000000100)={[{@grpid}, {@grpquota}]}, 0x4, 0x4eb, &(0x7f0000000540)="$eJzs3c9vVFsdAPDvnXZoKQMFZaFGBRFFQ5j+ABqCC2GjMYTESFy5gNoOTdMZpum0SCuLsnRvIokr/RPcuTBh5cKdO925wYUJKnkv9CVvMS/3zqUd2g7te7Qd6Hw+ye2955xhvufMcM6Ze2B6AuhZZyNiNSKORMS9iBjO85P8iButI33cq5ePp9ZePp5Kotm8878kK0/zou3PpI7lzzkYET/7ccQvk61xG8src5PVamUhT48s1uZHGssrl2YLec74xNjE6LXLV8f3rK1nan968aPZWz//y5+/8fzvq9//dVqt0m+OZ2Xt7dhLraYXo9SW1x8Rt/YjWJf0539/+PCkve1LEXEu6//D0Ze9mwDAYdZsDkdzuD0NABx26f1/KZJCOV8LKEWhUC631vBOx1ChWm8sXhyuLz2YjmwN62QUC/dnq5XRfK3wZBSTND2WXW+kxzelL0fEqYj47cDRLF2eqlenu/nBBwB62LFN8//HA635HwA45Aa7XQEA4MCZ/wGg95j/AaD3fI7537cDAeCQcP8PAL3H/A8AvWfH+f/JwdQDADgQP719Oz2aa/nvv55+uLz0g9LDS9OVxly5tjRVnqovzJdn6vWZaqU81Wzu9HzVen1+7Mp6srG8crdWX3qweHe2NjlTuVsp7nN7AICdnTrz7J9JRKxeP5od0baXg7kaDrdCtysAdE1ftysAdI3v80Dv2sU9vmUAOOS22aL3DR3/i9BTm7/Ch+rCV63/Q6+y/g+964ut//9wz+sBHDzr/9C7ms3Env8A0GOs8QPv9O//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0KNK2ZEUytle4Kvpz0K5HHE8Ik5GMbk/W62MRsSJiPjHQHEgTY91u9IAwDsq/CfJ9/+6MHy+tLn0SPLJQHaOiF/9/s7vHk0uLi6Mpfn/X89ffJrnjx/pRgMAgHY3tma15un83HYj/+rl46nXx0FW8cXN1uaiady1/GiV9Ed/dh6MYkQMfZTk6Zb080rfHsRffRIRX9lo/6O2CKVsDaS18+nm+Gns4/sQf+P13xy/8Eb8QlaWnovZa/HlPagL9JpnN1vjZN730i6W979CnM3O2/f/wWyEenevx7+1LeNfYX3869sSP8n6/Nn19Ntr8uLKX3+yJbM53Cp7EvG1/u3iJ+vxkw7j7/ldtvFfX//muU5lzT9EXIjt47fUsmF2ZLE2P9JYXrk0W5ucqcxUHoyPT4xNjF67fHV8JFujbv3823Yx/nv94olO8dP2D3WIP7hD+7+zy/b/8dN7v/jWW+J/79vbv/+n3xI/nRO/u8v4k0M3Om7fncaf7tD+nd7/i7uM//zfK9O7fCgAcAAayytzk9VqZWGHi/Sz5k6PcfFhXsRqxHtQDRfv1UW3RyZgv210+m7XBAAAAAAAAAAAAAAA6KSxvDI3EPv7daJutxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDD67MAAAD//w/PzvM=") 4m46.185681926s ago: executing program 35 (id=1125): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x44, 0x86}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x1000000000000002) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f0000000480), 0x400034f, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10) syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x1000410, &(0x7f0000000100)={[{@grpid}, {@grpquota}]}, 0x4, 0x4eb, &(0x7f0000000540)="$eJzs3c9vVFsdAPDvnXZoKQMFZaFGBRFFQ5j+ABqCC2GjMYTESFy5gNoOTdMZpum0SCuLsnRvIokr/RPcuTBh5cKdO925wYUJKnkv9CVvMS/3zqUd2g7te7Qd6Hw+ye2955xhvufMcM6Ze2B6AuhZZyNiNSKORMS9iBjO85P8iButI33cq5ePp9ZePp5Kotm8878kK0/zou3PpI7lzzkYET/7ccQvk61xG8src5PVamUhT48s1uZHGssrl2YLec74xNjE6LXLV8f3rK1nan968aPZWz//y5+/8fzvq9//dVqt0m+OZ2Xt7dhLraYXo9SW1x8Rt/YjWJf0539/+PCkve1LEXEu6//D0Ze9mwDAYdZsDkdzuD0NABx26f1/KZJCOV8LKEWhUC631vBOx1ChWm8sXhyuLz2YjmwN62QUC/dnq5XRfK3wZBSTND2WXW+kxzelL0fEqYj47cDRLF2eqlenu/nBBwB62LFN8//HA635HwA45Aa7XQEA4MCZ/wGg95j/AaD3fI7537cDAeCQcP8PAL3H/A8AvWfH+f/JwdQDADgQP719Oz2aa/nvv55+uLz0g9LDS9OVxly5tjRVnqovzJdn6vWZaqU81Wzu9HzVen1+7Mp6srG8crdWX3qweHe2NjlTuVsp7nN7AICdnTrz7J9JRKxeP5od0baXg7kaDrdCtysAdE1ftysAdI3v80Dv2sU9vmUAOOS22aL3DR3/i9BTm7/Ch+rCV63/Q6+y/g+964ut//9wz+sBHDzr/9C7ms3Env8A0GOs8QPv9O//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0KNK2ZEUytle4Kvpz0K5HHE8Ik5GMbk/W62MRsSJiPjHQHEgTY91u9IAwDsq/CfJ9/+6MHy+tLn0SPLJQHaOiF/9/s7vHk0uLi6Mpfn/X89ffJrnjx/pRgMAgHY3tma15un83HYj/+rl46nXx0FW8cXN1uaiady1/GiV9Ed/dh6MYkQMfZTk6Zb080rfHsRffRIRX9lo/6O2CKVsDaS18+nm+Gns4/sQf+P13xy/8Eb8QlaWnovZa/HlPagL9JpnN1vjZN730i6W979CnM3O2/f/wWyEenevx7+1LeNfYX3869sSP8n6/Nn19Ntr8uLKX3+yJbM53Cp7EvG1/u3iJ+vxkw7j7/ldtvFfX//muU5lzT9EXIjt47fUsmF2ZLE2P9JYXrk0W5ucqcxUHoyPT4xNjF67fHV8JFujbv3823Yx/nv94olO8dP2D3WIP7hD+7+zy/b/8dN7v/jWW+J/79vbv/+n3xI/nRO/u8v4k0M3Om7fncaf7tD+nd7/i7uM//zfK9O7fCgAcAAayytzk9VqZWGHi/Sz5k6PcfFhXsRqxHtQDRfv1UW3RyZgv210+m7XBAAAAAAAAAAAAAAA6KSxvDI3EPv7daJutxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDD67MAAAD//w/PzvM=") 4m11.002982849s ago: executing program 6 (id=1254): socket$nl_route(0x10, 0x3, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x14, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7d}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, r0}, 0x18) r1 = openat$sysfs(0xffffff9c, &(0x7f0000000000)='/sys/kernel/notes', 0x0, 0x10) socket$nl_generic(0x10, 0x3, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x5) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f000001b700)=""/102392, 0x18ff8) fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) read$char_usb(r1, &(0x7f00000002c0)=""/176, 0xb0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/partitions\x00', 0x0, 0x0) r4 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/compact_memory\x00', 0x1, 0x0) sendfile(r4, r3, 0x0, 0x8) 4m10.204061531s ago: executing program 6 (id=1256): r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000006a80), 0x1, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000002bc0)={0x0, 0x0, &(0x7f0000002b80)={&(0x7f0000002980)=@dellink={0x34, 0x11, 0x1, 0x70bd27, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0xc0, 0x1400}, [@IFLA_ALT_IFNAME={0x14, 0x35, 'wg2\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0x40000100}, 0x40004) setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f00000009c0)=@raw={'raw\x00', 0x8, 0x3, 0x13a8, 0x11e0, 0x43, 0xa0, 0x11e0, 0x98, 0x1310, 0x178, 0x178, 0x1310, 0x178, 0x49, 0x0, {[{{@ip={@loopback, @local, 0x0, 0x0, 'veth0_to_bond\x00', 'ip6erspan0\x00'}, 0x12a, 0x1198, 0x11e0, 0x0, {0x0, 0x7a010000}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x0, 0x8, 0x0, 'syz0\x00'}}, @common=@unspec=@cgroup1={{0x1030}, {0x0, 0x0, 0x0, 0x1, './cgroup.cpu/syz1\x00', 0x7f, {0x7f}}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x1, 0x4, 0x0, 0x8005, 'syz1\x00', {0x8000}}}}, {{@uncond, 0x0, 0xe8, 0x130, 0x0, {}, [@common=@unspec=@connbytes={{0x38}, {[{0xb}]}}, @common=@set={{0x40}, {{0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x300]}}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@loopback, 'ip6_vti0\x00', {0xff}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x1408) write$vga_arbiter(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB='target '], 0x15) r4 = socket$inet6(0xa, 0x2, 0x0) r5 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) futex(&(0x7f00000001c0), 0xb, 0x0, &(0x7f0000000200), &(0x7f0000000240), 0x1) ioctl$SNDCTL_DSP_GETOPTR(r5, 0x800c5012, &(0x7f0000000200)) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r4, 0x89f0, &(0x7f0000000180)={'ip6_vti0\x00', &(0x7f0000000100)={'syztnl2\x00', 0x0, 0x4, 0x5, 0x91, 0x5, 0x0, @mcast1, @private2, 0x0, 0x8, 0x80000001, 0x1}}) setsockopt$inet6_mreq(r4, 0x29, 0x1b, &(0x7f0000000000)={@ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, r6}, 0x14) setsockopt$inet6_mreq(r4, 0x29, 0x1c, &(0x7f0000000040)={@remote}, 0x14) 4m7.690208744s ago: executing program 6 (id=1265): socket(0x10, 0x3, 0x0) syz_usb_connect(0x5, 0x34, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x9b, 0xbd, 0x8b, 0x8, 0x4e8, 0xff30, 0xa6d1, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x22, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x29, 0xfd, 0xdd, 0x0, [], [{{0x9, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [@generic={0x7, 0x5, "94ef6333ef"}]}}]}}]}}]}}, 0x0) 4m4.402892166s ago: executing program 6 (id=1267): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000001c0)={0x73622a85, 0x10b, 0x8000000000002}) r1 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x32, 0x0, &(0x7f0000000400)=[@increfs], 0xfffffcb0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x10000000000) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x2d, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000240)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x38, &(0x7f0000000540)={@fd={0x66642a85, 0x0, r2}, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x1, 0x29}, @fda={0x66646185, 0x4000000000000000, 0x1, 0x26}}, &(0x7f0000000600)={0x0, 0x18, 0x40}}, 0x1000}], 0x0, 0x0, 0x0}) 4m3.813957827s ago: executing program 6 (id=1270): socket(0x11, 0x800000003, 0x0) keyctl$dh_compute(0x10, 0x0, 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000) r1 = syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x0, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000032680)=""/102400, 0x19000) symlink(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='./file0\x00') r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000000250001"], 0x14}, 0x1, 0x0, 0x0, 0x400c000}, 0x4008040) 4m0.592457166s ago: executing program 6 (id=1277): r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r0, 0xc0506617, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x1c0) socket$kcm(0x29, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000001a40)=""/102392, 0x18ff8) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) setsockopt$sock_int(r2, 0x1, 0x9, &(0x7f0000000100)=0xfffffffc, 0x56) 3m44.867988917s ago: executing program 36 (id=1277): r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r0, 0xc0506617, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x1c0) socket$kcm(0x29, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000001a40)=""/102392, 0x18ff8) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) setsockopt$sock_int(r2, 0x1, 0x9, &(0x7f0000000100)=0xfffffffc, 0x56) 19.211715052s ago: executing program 7 (id=1838): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0xffff, 0x2}, 0x6) write$binfmt_misc(r0, &(0x7f0000000000), 0xd) prlimit64(0x0, 0xe, &(0x7f0000001380)={0x4, 0x8}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) syz_pidfd_open(0x0, 0x0) read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000) shmctl$IPC_SET(0x0, 0x1, 0x0) shmat(0x0, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffcfff) r2 = socket$packet(0x11, 0x2, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000180)={'batadv_slave_0\x00', 0x0}) setsockopt$packet_add_memb(r2, 0x107, 0x1, &(0x7f0000000000)={r3, 0x1, 0x6}, 0x10) setsockopt$packet_add_memb(r2, 0x107, 0x1, &(0x7f0000000040)={r3, 0x1, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xd}}, 0x10) 18.448084495s ago: executing program 3 (id=1840): prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) getrlimit(0x1, &(0x7f00000003c0)) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = syz_open_dev$I2C(&(0x7f0000000040), 0x0, 0x200c0) ioctl$I2C_PEC(r1, 0x708, 0x2) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000000)=@newtaction={0x70, 0x30, 0xb, 0x0, 0x0, {}, [{0x5c, 0x1, [@m_skbedit={0x58, 0x1, 0x0, 0x0, {{0xc}, {0x48, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_MARK={0x8, 0x3}, @TCA_SKBEDIT_PTYPE={0x6, 0x4}, @TCA_SKBEDIT_PARMS={0x18}]}, {0x10}, {0xc, 0xa}, {0xc, 0x9, {0xf5}}}}]}]}, 0x70}}, 0x0) r4 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_CHANNEL(r2, &(0x7f0000000380)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01002bbd7000fbdbdf2509000000050007000f00000005000800100000000c00060000000000000000000c00060001000000010000000800010002000000"], 0x44}, 0x1, 0x0, 0x0, 0x48000}, 0x4048000) ioctl$I2C_SMBUS(r1, 0x720, &(0x7f0000000100)={0x0, 0x4, 0x5, &(0x7f0000000080)={0x1f, "14a6c63d876ff44271f19ca6e4482707dab7299602aed83463604d70b41d4008e3"}}) bpf$BPF_GET_PROG_INFO(0xa, 0x0, 0x0) setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, 0x0, 0x22) socket$kcm(0xa, 0x2, 0x0) r5 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$IP_VS_SO_SET_ADDDEST(r5, 0x0, 0x487, 0x0, 0x0) migrate_pages(0x0, 0x2, &(0x7f0000000080)=0x7, &(0x7f00000000c0)=0x3ff) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_LBT_MODE(r7, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20008010}, 0x4044045) sendmsg$NFC_CMD_DEACTIVATE_TARGET(r2, 0x0, 0x20010890) sendmsg$NLBL_MGMT_C_ADD(r6, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000580)=ANY=[@ANYRES8=r1, @ANYRES16, @ANYBLOB], 0x14}, 0x1, 0x0, 0x0, 0x4000881}, 0x0) sendmsg$NLBL_MGMT_C_PROTOCOLS(r2, &(0x7f0000000500)={&(0x7f0000000400), 0xc, &(0x7f00000004c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="3252009c", @ANYRES16, @ANYRES16=r0], 0x50}, 0x1, 0x0, 0x0, 0x4800}, 0x4000) 17.253638988s ago: executing program 4 (id=1842): bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff}, 0x50) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 17.146981501s ago: executing program 7 (id=1843): r0 = socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000380)=0x2) bpf$PROG_LOAD(0x5, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = socket(0x28, 0x5, 0x0) bind$vsock_stream(r2, 0x0, 0x0) connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000080), 0x10) r3 = syz_io_uring_setup(0x49a, &(0x7f0000000400)={0x0, 0x79af, 0x3180, 0x8000, 0x400246}, &(0x7f0000000340)=0x0, &(0x7f00000006c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_MSG_RING={0x28, 0x0, 0x0, r3, 0x1, 0x0, 0x0, 0x2}) io_uring_enter(r3, 0x4c6e, 0xc67a, 0xc, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x0, 0x0}) mkdirat(0xffffffffffffff9c, 0x0, 0x0) ustat(0xfffffffeffffffff, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e20, @multicast2}, 0x10) setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, 0x0, 0x0) 17.08828136s ago: executing program 8 (id=1844): io_setup(0x9, &(0x7f00000000c0)) r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/uevent_helper', 0x28201, 0x152) r1 = eventfd(0x410b) io_submit(0x0, 0x2, &(0x7f0000000040)=[&(0x7f0000001500)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f0000000440)="a2b1540ff0cb38859216b8405b8a3be835adaad81fab7b5dc44702208a63080600f626562bd503b87436725caf442b3f97f314d25a54d12f8146b8e3f2b2e55d4b984ed49041cf3a08f89f7e00509a4858445f310d56a6660a8b4112bc2937e5cbfd6a6c17e91a18612eab19d1d63ee1b0832feb5cfbff82597054b1323a5a27200f534b3d3f10facd235c37ef0318320a484c70175be910d1c9c1242bf1384469d1e528ee0a308b9cb801c4a79a67ff08b65c3a4c356582cf0f67797006332218061f423085d549728fa45384e9e4d0e2ba41749975e5cbd36ccc0b4630a23c2811c4f91f26781ee30cd5b3f4dbe7e961019a2e04470b72e6baa475e287ede40332d666cb95fa0bb764d4601df81ba971f6e09a5b00124ec67777fffba5e0113c1bb659376632c8166bf334fcf2ff548b0c197e89143b3bbb4d2cec1c931e8ebbe4f8e9016bd48f972c1368f53c802f1bd825979084f5d31d4616ba0eccee57764e659089fbebd5a7c8f4bac5ee46d375c3771dd69d", 0x176, 0x0, 0x0, 0x6, r1}, &(0x7f0000000000)={0x0, 0x0, 0x0, 0xf, 0xb, r0, &(0x7f0000000340)="ce8ff6e9b158993691eb1c49418121cbe330c138c8525a036563035c01f4201be0b05d08a3967bb1181f49148ff2bb110d228f0774456d651ae9d2f8c3e694db18436924756e1825098413682211691d0edc8a1988d2e2457404f1fa3c5166eba40f06cba35affe90d7fee9dc11bb631285943fbe8bb80a5f90112f3b6a8e37223076141695562051461d56efb96861becc4136f336763fb0bddd9a2eabdf5e08f2b0262082e35e0447ad0a004c85f9ee8c0dc7b74e06926db49a8a351d7a0032038e8ca22c0f75d15a6135c98eaf3432e180b", 0xd3, 0x6, 0x0, 0x1, r1}]) syz_emit_ethernet(0x52, &(0x7f0000000640)=ANY=[@ANYBLOB="567f8c12428f090e9d95007065f8c44637c9ae569c85955474a98cc2cecffa219b5539515e06512ac8a06ab403236983b2a7a12da350ddd4988ba6a28c1420fb144794fe9469de568a569802814aafbdf7021d80094aacea28f453feed04ce2ab22ad623facdf8d58c1141b3f60a49bc6c692f5da3019088ce872686400cb19589", @ANYRESHEX, @ANYBLOB], 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) sendmsg$key(0xffffffffffffffff, &(0x7f0000001a40)={0x0, 0x0, &(0x7f0000001a00)={0x0, 0xe0}}, 0x44040800) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x80a02, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_open_dev$tty1(0xc, 0x4, 0x2) r3 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f00000001c0), 0xffffffffffffffff) syz_open_dev$dri(0x0, 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_CURSOR(r3, 0xc01c64a3, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=@base={0x12, 0x4, 0x8, 0xb}, 0x48) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)) r4 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000001640)=@mangle={'mangle\x00', 0x44, 0x6, 0x508, 0x98, 0x208, 0x208, 0x3a0, 0x208, 0x470, 0x470, 0x470, 0x470, 0x470, 0x6, 0x0, {[{{@ip={@broadcast, @multicast1=0xe0007600, 0x11000000, 0x0, 'geneve1\x00', 'ip6gre0\x00'}, 0x0, 0x70, 0x98}, @inet=@DSCP={0x28}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @local, 0x0, 0x0, 'batadv_slave_1\x00', 'veth1_virt_wifi\x00', {}, {}, 0x11}, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}, {{@ip={@broadcast, @multicast2, 0x0, 0x0, 'vlan1\x00', 'nr0\x00'}, 0x0, 0xb0, 0xd8, 0x0, {}, [@common=@unspec=@connlimit={{0x40}}]}, @unspec=@CHECKSUM={0x28}}, {{@ip={@loopback, @empty, 0x0, 0x0, 'syzkaller0\x00', 'veth1_to_team\x00', {}, {}, 0x6}, 0x0, 0x70, 0x198}, @common=@unspec=@SECMARK={0x128, 'SECMARK\x00', 0x0, {0x1, 0x0, 'system_u:object_r:dbusd_etc_t:s0\x00'}}}, {{@ip={@broadcast, @multicast2, 0x0, 0x0, 'lo\x00', 'batadv_slave_1\x00'}, 0x0, 0xa0, 0xd0, 0x0, {}, [@common=@unspec=@mac={{0x30}, {@multicast}}]}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @loopback}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x568) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0xf, 0x4, 0x4, 0x7}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000001100)={r5, &(0x7f0000000100), &(0x7f0000000000)=""/95, 0x2}, 0x20) 16.427404763s ago: executing program 4 (id=1845): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r1 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000040)={0x3, 0x6576, 0xd, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r1, 0xc00464b4, &(0x7f0000000080)={r2}) 16.41433956s ago: executing program 3 (id=1846): prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) ptrace(0x10, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r0 = syz_open_dev$sndpcmc(&(0x7f0000000480), 0x1, 0x0) socket$inet(0xa, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r1 = syz_open_dev$MSR(0x0, 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, 0x0, 0x7, &(0x7f0000000180)=""/57) ioctl$F2FS_IOC_MOVE_RANGE(r1, 0xc020f509, &(0x7f0000000100)={r1, 0x0, 0xfa, 0x9}) ioctl$SNDRV_PCM_IOCTL_HW_REFINE_OLD(r0, 0xc1004110, &(0x7f0000000000)={0x0, [0x6, 0xffff133a, 0x3], [{0x0, 0x3ff, 0x0, 0x1}, {0x35, 0x35}, {0x0, 0x7}, {0xffffffff}, {0xfffffffc}, {}, {}, {0xffffffff}, {}, {}, {}, {0x100}], 0x2}) 15.808360768s ago: executing program 4 (id=1848): socket$unix(0x1, 0x2, 0x0) socket$inet_mptcp(0x2, 0x1, 0x106) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) socket(0x400000000010, 0x3, 0x0) socket$unix(0x1, 0x1, 0x0) socket$kcm(0x11, 0x3, 0x0) socket(0x40000000015, 0x5, 0x0) socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) socket$netlink(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) socket(0x10, 0x803, 0x2) socket$inet6(0xa, 0x3, 0x3c) socket$inet_udplite(0x2, 0x2, 0x88) r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000080)={r0, 0x0, 0x3}) writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000080), 0xfffffebe}], 0x1) 15.633888815s ago: executing program 4 (id=1849): sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x8002000) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="1201fb0019030320d812010079de01ec020109021b0001000003000904000001785ecc00090585020004"], 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$OSF_MSG_ADD(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)={0x268, 0x0, 0x5, 0x401, 0x0, 0x0, {0xa, 0x0, 0x9}, [{{0x254, 0x1, {{0x0, 0x7}, 0x7, 0x1, 0x4, 0x0, 0x1c, 'syz0\x00', "523ca936f8f61abb3d7b1d6e25ad96acfe31ce82f2f500eb00d82e396194db04", "0b6bf1b1639cd090c61155070ae569ac4a65ef2100", [{0x8, 0x9, {0x1, 0x100010}}, {0x800, 0x7, {0x2, 0xa}}, {0x9, 0x18, {0x3, 0x56c}}, {0x8, 0x1, {0x0, 0x2e}}, {0x0, 0x42, {0x0, 0x401}}, {0xffa8, 0x1, {0x3}}, {0x3, 0x5, {0x1, 0x2}}, {0x4, 0x1}, {0x0, 0xfff7, {0x1, 0xa}}, {0xc, 0x791, {0x1, 0x7}}, {0x1000, 0x9, {0x1, 0xd3d}}, {0x16, 0xff, {0x0, 0x99}}, {0xc45a, 0x4fd, {0x2, 0xe3c7305}}, {0x6, 0x8, {0x1, 0x4}}, {0x2, 0xc, {0x1, 0x9}}, {0x7, 0xfffe, {0x2, 0x7f}}, {0x1, 0x1000, {0x2, 0x3}}, {0x0, 0xfff, {0x1, 0x2}}, {0x9, 0x7, {0x3, 0x3ff}}, {0x1, 0x10, {0x0, 0x7fff}}, {0x200e, 0x9, {0x3, 0xfffffffc}}, {0x9, 0x2, {0x2, 0x3}}, {0x9, 0x6, {0x2, 0x6}}, {0xefe7, 0x6, {0x1, 0x5}}, {0x9, 0x6, {0x3, 0x2}}, {0x40, 0x6ba5, {0x2, 0x8}}, {0x40dc, 0xcf83, {0x1, 0xc}}, {0x2, 0xff7b, {0x1, 0x9953}}, {0x8000, 0xc, {0x1, 0xfd}}, {0xc, 0x2, {0x2, 0x7}}, {0x8000, 0x5, {0x1, 0x7}}, {0x1, 0x4, {0x2, 0x6}}, {0x1000, 0x40, {0x0, 0x5}}, {0x2, 0x5, {0x2, 0x6}}, {0xb, 0x1, {0x3, 0x4}}, {0x4, 0x58, {0x3, 0x7}}, {0x6, 0xe, {0x3, 0x10001}}, {0x8, 0x70, {0x2, 0x7fffffff}}, {0x3, 0xff, {0x2, 0x7}}, {0x400, 0x8, {0x1, 0x8}}]}}}]}, 0x268}, 0x1, 0x0, 0x0, 0x854}, 0x4000) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f00000001c0)={0x1, &(0x7f00000000c0)=[{0x6, 0x1, 0x9, 0x1}]}, 0x10) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000180)={0x2, &(0x7f00000001c0)=[{0x28, 0xff, 0x55, 0xfffff004}, {0x6, 0xc, 0x8, 0x1bfd154f}]}, 0x10) syz_open_dev$char_usb(0xc, 0xb4, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfff}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) io_setup(0x2, &(0x7f0000000040)=0x0) r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) io_submit(r5, 0x1, &(0x7f0000000640)=[&(0x7f0000000580)={0x0, 0x0, 0x0, 0x5, 0x0, r6, 0x0}]) r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000180)={0x1, &(0x7f0000000000)=[{0x6, 0x7, 0x0, 0x7fff8000}]}) close_range(r7, 0xffffffffffffffff, 0x0) 15.578312533s ago: executing program 8 (id=1850): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8000010}, 0x48000) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x1, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x5}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_serviced\x00', 0x26e1, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r1, &(0x7f0000032680)=""/102392, 0x18ff8) r2 = timerfd_create(0x7, 0x0) timerfd_settime(r2, 0x0, &(0x7f0000007000)={{0x0, 0x4}, {0x0, 0x989680}}, 0x0) close(r0) socket(0x400000000010, 0x3, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$SW_SYNC_IOC_INC(r3, 0x40045701, &(0x7f0000000240)=0x8) r4 = socket(0x11, 0x3, 0x0) setsockopt$SO_TIMESTAMPING(r4, 0x1, 0x41, &(0x7f00000000c0)=0x565, 0x4) r5 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r5, &(0x7f00000002c0), 0x40000000000009f, 0x0) 13.965839405s ago: executing program 3 (id=1854): prlimit64(0x0, 0xe, &(0x7f0000000000)={0x2, 0x7}, 0x0) sched_setscheduler(0x0, 0x0, &(0x7f0000000640)=0x206) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) getsockopt$bt_hci(r0, 0x0, 0x1, &(0x7f00000000c0)=""/151, &(0x7f0000000180)=0x97) r1 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_STAT_GET(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={0x0}, 0x1, 0x0, 0x0, 0xc3a902ffb870e8b4}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000005580)=""/102392, 0x18ff8) bind$unix(0xffffffffffffffff, &(0x7f0000000400)=@abs={0x1, 0x0, 0x4e23}, 0x6e) mknod$loop(&(0x7f0000000200)='./file0\x00', 0x2480, 0x1) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) getsockopt$inet6_tcp_int(r3, 0x6, 0x2, 0xfffffffffffffffd, 0x0) write(0xffffffffffffffff, 0x0, 0x0) r4 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r4, 0x0, 0x0) mount(&(0x7f00000000c0)=@sr0, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000140)='gfs2\x00', 0x208000, 0x0) r5 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) bind$802154_dgram(r5, &(0x7f0000000080)={0x2, @short={0x2, 0xffff}}, 0x66) sendmsg$NL80211_CMD_SET_WIPHY_NETNS(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000480)=ANY=[@ANYBLOB='(\x00', @ANYRES16=0x0, @ANYBLOB, @ANYRES32=0x0, @ANYBLOB="a025d2ba89aea1b6976bc7631c623ce6c9621252768921685049d69b372e4cc52594f63e9f7f07973300339e9951136b487ef2c82c69823ab6eb7174c9bc40b50310b12f0b8f687a6a3320e12db7ef23a18e538e78c47d0bf0b5742af47a9515696e0aa6c3ad039e0a9f2eac0cd0a0de9bbeacd70d862f0a803c57727eedb601f8c0ce96023b63f1f352ab6b9c4f0c150e0f14245096bb14188d32ee40b2f0317001cab105cca96e7877f5ab2876e4e7b38b6f68a9677f5ed95811d23b4a29993dc6df369bcfad63f9b1cec37ce034fdf173a0b7f841cc8cb9ab581f05dfdcdc61a6bde38a87cd5d6aa440bb9a8d0f9ab3ace9f92e552284d73fe4c1f4849a2a5a7d9c1746b667e2ea99f4c698a4cae300000000000000"], 0x28}, 0x1, 0x0, 0x0, 0x48000}, 0x8482) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r6, 0x8933, &(0x7f0000000140)={'batadv0\x00', 0x0}) r8 = syz_genetlink_get_family_id$batadv(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000440)={0x24, r8, 0x1, 0x0, 0x0, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r7}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0xff}]}, 0x24}, 0x1, 0x0, 0x0, 0xc4}, 0x0) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000380)={&(0x7f0000000300)={0x14, r8, 0x400, 0x70bd2c, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x20004004}, 0x40044040) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f0000b4bffc)=0x5, 0x4) io_uring_register$IORING_REGISTER_NAPI(0xffffffffffffffff, 0x1b, 0x0, 0x1) r9 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETRULE(r9, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c000000190a010100bb0000"], 0x2c}}, 0x8004) 13.774565964s ago: executing program 8 (id=1856): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeee, 0x8031, 0xffffffffffffffff, 0x2000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setownex(r1, 0xf, &(0x7f0000000240)={0x1, r0}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYRES8=r0], 0x50) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b703000000040000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x18) r5 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r5, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x43}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r5, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x4, 0x3, 0x3}, 0x10) r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) r7 = mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r6, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r6, 0x4018620d, 0x0) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_debug_messages', 0x42, 0x104) r8 = syz_open_dev$cec(&(0x7f00000003c0), 0x0, 0x0) ioctl$CEC_ADAP_S_LOG_ADDRS(r8, 0xc05c6104, &(0x7f0000004180)={"2370491d", 0x0, 0x5, 0x2, 0x8, 0x5, "000064640000001503fe00", '\x00', "0f00", "64bdac32", ["e86621d9cc668c391f77c506", "3549ffffffffffffff010800", "2fc7977386afe0374831c1f9", "cf6cce2296b3f853e224c4e0"]}) ioctl$CEC_TRANSMIT(r8, 0xc0386105, &(0x7f0000000480)={0x5, 0x6, 0x1, 0x9, 0x3, 0x200, "0f6d00", 0x2, 0x2, 0x1, 0x6, 0x5, 0x84, 0xff}) io_setup(0x20, &(0x7f0000001140)) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000140)={0xc, 0x0, &(0x7f0000000100)=[@free_buffer={0x40086303, r7}], 0x0, 0x0, 0x0}) 11.71215839s ago: executing program 8 (id=1858): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) open(0x0, 0x0, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x1, 0x0, 0x0, &(0x7f0000000040)='GPL\x00', 0x1}, 0x94) socket$packet(0x11, 0x3, 0x300) r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r2, 0x3ba0, &(0x7f0000000100)={0x48}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x40000}, 0x94) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) openat(0xffffffffffffff9c, &(0x7f00000013c0)='./file0/file0\x00', 0x42, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file0\x00', 0x0) mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000080)='./file1/file0\x00', 0x0, 0x1085408, 0x0) r3 = inotify_init1(0x0) inotify_add_watch(r3, &(0x7f0000000700)='./file1\x00', 0x2000775) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f00000003c0), 0x0, &(0x7f00000004c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1/file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f00000001c0)='./bus\x00') unlinkat(0xffffffffffffff9c, &(0x7f0000000180)='./file0/file0\x00', 0x0) 11.711832426s ago: executing program 4 (id=1859): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r1 = socket$kcm(0x2, 0xa, 0x2) getpgid(0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) r2 = getpid() sched_setaffinity(0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x4000000002) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000840), 0x2, 0x0) ioctl$UI_DEV_SETUP(r5, 0x405c5503, &(0x7f0000000280)={{0x5}, 'syz1\x00', 0x10}) r6 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c00000010001fff00"/20, @ANYRES32=0x0, @ANYBLOB="00f7ffffff1e00ff130012800b00010062617461647600000400028008000a00", @ANYRES32], 0x3c}}, 0x0) r7 = syz_open_dev$evdev(&(0x7f0000000000), 0x1, 0x2002) ioctl$EVIOCGRAB(r7, 0x40044590, &(0x7f0000000400)=0xe) socket$nl_generic(0x10, 0x3, 0x10) r8 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r8, 0x8933, &(0x7f0000000000)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x1c, 0x0, 0x48212b8952c3aff5, 0x70bd24, 0x0, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r9}]}, 0x1c}, 0x1, 0x0, 0x0, 0x200000d0}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}) 11.545496454s ago: executing program 5 (id=1860): prlimit64(0x0, 0xe, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) getrlimit(0x2, &(0x7f00000000c0)) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x30) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) io_uring_setup(0x71c7, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sched_getscheduler(r0) sendmsg$IPSET_CMD_CREATE(r3, 0x0, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x1, 0x0) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) r5 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0) write$UHID_CREATE2(r5, &(0x7f00000007c0)=ANY=[@ANYBLOB="0b00000073797a31000000dfff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a30000037b35f0a000089b4c45a10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0x119) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r6 = syz_open_dev$hidraw(&(0x7f0000000000), 0x0, 0x81) ioctl$HIDIOCSFEATURE(r6, 0xc0404806, 0x0) r7 = timerfd_create(0x9, 0x800) timerfd_settime(r7, 0x3, &(0x7f0000000100)={{0x77359400}, {0x0, 0x3938700}}, 0x0) close_range(r4, 0xffffffffffffffff, 0x0) 11.423049576s ago: executing program 9 (id=1861): socketpair$unix(0x1, 0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000280)=0x1, 0x4) connect$inet6(0xffffffffffffffff, 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x12, &(0x7f0000000340)=0x20000000, 0x4) socket$tipc(0x1e, 0x5, 0x0) close(0xffffffffffffffff) ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, 0x0) openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x8041, 0x0) syz_open_dev$hiddev(&(0x7f0000000100), 0x8000000000000001, 0x40) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r2 = fsmount(0xffffffffffffffff, 0x0, 0x0) r3 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000180), 0x20801, 0x0) write$rfkill(r3, &(0x7f0000000100)={0x0, 0x2, 0x3, 0x1}, 0x8) openat$snapshot(0xffffffffffffff9c, &(0x7f00000002c0), 0x40040, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) read$char_usb(0xffffffffffffffff, 0x0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r4, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) fchdir(0xffffffffffffffff) syz_clone3(&(0x7f00000005c0)={0x80000000, 0x0, &(0x7f0000000380), &(0x7f00000003c0), {0x40}, 0x0, 0x0, 0x0, &(0x7f0000000580)=[0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0], 0x5, {r2}}, 0x58) mount_setattr(r1, 0x0, 0x8000, &(0x7f0000001dc0)={0xb, 0x0, 0x80000}, 0x20) 9.011715455s ago: executing program 9 (id=1862): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$inet_udp_encap(r0, 0x11, 0x64, &(0x7f0000000180)=0x3, 0x4) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x4e24, @empty}, 0x10) syz_emit_ethernet(0xbe, &(0x7f0000000300)={@local, @broadcast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x68, 0x0, 0x0, 0x88, 0x0, @remote, @local}, {0xfffe, 0x4e24, 0x4d, 0x0, @wg=@initiation={0x1, 0x4, "497a1d08fd3d0ee007022798bb6374ed840b4f36f41fc4d035e9ebe414aa958d", "4bbef5e4007898221aa606d083cd59745493938f1e2de8fdadd3823fedd2c01b2aff03050a4ca5d10fd1b6b06f47ea42", "ef7c9d47c0e5eef34204f04b000096440000000000000000008000", {"a851525b16af17fe87acbae2ab0b233d", "01422d01cd53c3abe94331d0b7918724"}}}}}}}, 0x0) 8.772838393s ago: executing program 5 (id=1863): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0x3c, 0x0, 0x0) syz_open_dev$video(0x0, 0x8, 0x0) syz_io_uring_setup(0x49a, &(0x7f0000000400)={0x0, 0x79af, 0x3180, 0x8000, 0x400246}, 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000000)={0x10, 0x0, &(0x7f0000000140)=[@request_death={0x400c630e, 0x1}], 0x0, 0x0, 0x0}) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000000300)=""/102392, 0x18ff8) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000100)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r3, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x4) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x0, {{@in, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x7, 0x0, 0x0, 0x0, 0x2}, {}, 0x0, 0x0, 0x1}, [@tmpl={0x44, 0x5, [{{@in6=@rand_addr=' \x01\x00', 0x2, 0x32}, 0xa, @in6=@private1, 0x0, 0x4}]}]}, 0xfc}}, 0x0) connect$inet(r2, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10) sendmmsg$inet(r2, &(0x7f0000004d00)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30000}}], 0x300, 0xf1c) write$binfmt_misc(r0, &(0x7f0000000000), 0x6) syz_io_uring_submit(0x0, 0x0, 0x0) 8.578470698s ago: executing program 7 (id=1864): io_setup(0x9, &(0x7f00000000c0)) r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/uevent_helper', 0x28201, 0x152) r1 = eventfd(0x410b) io_submit(0x0, 0x2, &(0x7f0000000040)=[&(0x7f0000001500)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f0000000440)="a2b1540ff0cb38859216b8405b8a3be835adaad81fab7b5dc44702208a63080600f626562bd503b87436725caf442b3f97f314d25a54d12f8146b8e3f2b2e55d4b984ed49041cf3a08f89f7e00509a4858445f310d56a6660a8b4112bc2937e5cbfd6a6c17e91a18612eab19d1d63ee1b0832feb5cfbff82597054b1323a5a27200f534b3d3f10facd235c37ef0318320a484c70175be910d1c9c1242bf1384469d1e528ee0a308b9cb801c4a79a67ff08b65c3a4c356582cf0f67797006332218061f423085d549728fa45384e9e4d0e2ba41749975e5cbd36ccc0b4630a23c2811c4f91f26781ee30cd5b3f4dbe7e961019a2e04470b72e6baa475e287ede40332d666cb95fa0bb764d4601df81ba971f6e09a5b00124ec67777fffba5e0113c1bb659376632c8166bf334fcf2ff548b0c197e89143b3bbb4d2cec1c931e8ebbe4f8e9016bd48f972c1368f53c802f1bd825979084f5d31d4616ba0eccee57764e659089fbebd5a7c8f4bac5ee46d375c3771dd69d", 0x176, 0x0, 0x0, 0x6, r1}, &(0x7f0000000000)={0x0, 0x0, 0x0, 0xf, 0xb, r0, &(0x7f0000000340)="ce8ff6e9b158993691eb1c49418121cbe330c138c8525a036563035c01f4201be0b05d08a3967bb1181f49148ff2bb110d228f0774456d651ae9d2f8c3e694db18436924756e1825098413682211691d0edc8a1988d2e2457404f1fa3c5166eba40f06cba35affe90d7fee9dc11bb631285943fbe8bb80a5f90112f3b6a8e37223076141695562051461d56efb96861becc4136f336763fb0bddd9a2eabdf5e08f2b0262082e35e0447ad0a004c85f9ee8c0dc7b74e06926db49a8a351d7a0032038e8ca22c0f75d15a6135c98eaf3432e180b", 0xd3, 0x6, 0x0, 0x1, r1}]) syz_emit_ethernet(0x52, &(0x7f0000000640)=ANY=[@ANYBLOB="567f8c12428f090e9d95007065f8c44637c9ae569c85955474a98cc2cecffa219b5539515e06512ac8a06ab403236983b2a7a12da350ddd4988ba6a28c1420fb144794fe9469de568a569802814aafbdf7021d80094aacea28f453feed04ce2ab22ad623facdf8d58c1141b3f60a49bc6c692f5da3019088ce872686400cb19589", @ANYRESHEX, @ANYBLOB], 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) sendmsg$key(0xffffffffffffffff, &(0x7f0000001a40)={0x0, 0x0, &(0x7f0000001a00)={0x0, 0xe0}}, 0x44040800) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x80a02, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_open_dev$tty1(0xc, 0x4, 0x2) r3 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f00000001c0), 0xffffffffffffffff) syz_open_dev$dri(0x0, 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_CURSOR(r3, 0xc01c64a3, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=@base={0x12, 0x4, 0x8, 0xb}, 0x48) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)) r4 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000001640)=@mangle={'mangle\x00', 0x44, 0x6, 0x508, 0x98, 0x208, 0x208, 0x3a0, 0x208, 0x470, 0x470, 0x470, 0x470, 0x470, 0x6, 0x0, {[{{@ip={@broadcast, @multicast1=0xe0007600, 0x11000000, 0x0, 'geneve1\x00', 'ip6gre0\x00'}, 0x0, 0x70, 0x98}, @inet=@DSCP={0x28}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @local, 0x0, 0x0, 'batadv_slave_1\x00', 'veth1_virt_wifi\x00', {}, {}, 0x11}, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}, {{@ip={@broadcast, @multicast2, 0x0, 0x0, 'vlan1\x00', 'nr0\x00'}, 0x0, 0xb0, 0xd8, 0x0, {}, [@common=@unspec=@connlimit={{0x40}}]}, @unspec=@CHECKSUM={0x28}}, {{@ip={@loopback, @empty, 0x0, 0x0, 'syzkaller0\x00', 'veth1_to_team\x00', {}, {}, 0x6}, 0x0, 0x70, 0x198}, @common=@unspec=@SECMARK={0x128, 'SECMARK\x00', 0x0, {0x1, 0x0, 'system_u:object_r:dbusd_etc_t:s0\x00'}}}, {{@ip={@broadcast, @multicast2, 0x0, 0x0, 'lo\x00', 'batadv_slave_1\x00'}, 0x0, 0xa0, 0xd0, 0x0, {}, [@common=@unspec=@mac={{0x30}, {@multicast}}]}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @loopback}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x568) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0xf, 0x4, 0x4, 0x7}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000001100)={r5, &(0x7f0000000100), &(0x7f0000000000)=""/95, 0x2}, 0x20) 7.757121135s ago: executing program 9 (id=1865): setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0, r0}, 0x18) bpf$MAP_CREATE(0x0, 0x0, 0x50) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00'}, 0x10) mount$9p_fd(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX]) bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmsg$RDMA_NLDEV_CMD_NEWLINK(0xffffffffffffffff, &(0x7f0000000780)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000700)={&(0x7f0000000680)={0x60, 0x1403, 0x802, 0x70bd2c, 0x25dfdbfb, "", [{{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'veth1_vlan\x00'}}, {{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'macvlan1\x00'}}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000a000}, 0x40008c0) openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) 6.491522494s ago: executing program 7 (id=1866): prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) ptrace(0x10, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r0 = syz_open_dev$sndpcmc(&(0x7f0000000480), 0x1, 0x0) socket$inet(0xa, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f0000000000), 0x0, 0x0) read$msr(r1, 0x0, 0x0) ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, 0x0, 0x7, &(0x7f0000000180)=""/57) ioctl$F2FS_IOC_MOVE_RANGE(r1, 0xc020f509, &(0x7f0000000100)={r1, 0x0, 0xfa, 0x9}) ioctl$SNDRV_PCM_IOCTL_HW_REFINE_OLD(r0, 0xc1004110, &(0x7f0000000000)={0x0, [0x6, 0xffff133a, 0x3], [{0x0, 0x3ff, 0x0, 0x1}, {0x35, 0x35}, {0x0, 0x7}, {0xffffffff}, {0xfffffffc}, {}, {}, {0xffffffff}, {}, {}, {}, {0x100}], 0x2}) 6.12682768s ago: executing program 3 (id=1867): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f000001b700)=""/102392, 0x18ff8) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f0000000200)={0x15, 0x0, 0x0}) ioctl$IOMMU_VFIO_IOAS$SET(r1, 0x3b88, &(0x7f00000002c0)={0xc, r2}) mbind(&(0x7f0000ff6000/0xa000)=nil, 0xa000, 0x4002, 0x0, 0x3, 0x0) 6.100548269s ago: executing program 5 (id=1868): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8000010}, 0x48000) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x1, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x5}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r0, &(0x7f0000032680)=""/102392, 0x18ff8) r1 = timerfd_create(0x7, 0x0) timerfd_settime(r1, 0x0, &(0x7f0000007000)={{0x0, 0x4}, {0x0, 0x989680}}, 0x0) close(0xffffffffffffffff) socket(0x400000000010, 0x3, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$SW_SYNC_IOC_INC(r2, 0x40045701, &(0x7f0000000240)=0x8) r3 = socket(0x11, 0x3, 0x0) setsockopt$SO_TIMESTAMPING(r3, 0x1, 0x41, &(0x7f00000000c0)=0x565, 0x4) r4 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r4, &(0x7f00000002c0), 0x40000000000009f, 0x0) 5.492589602s ago: executing program 7 (id=1869): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff7000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r2 = io_uring_setup(0x830, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0xc1}) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x16, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="b40000000000800061114c00000000008510"], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector}, 0x94) io_uring_enter(r2, 0x2219, 0x7721, 0x16, 0x0, 0x0) 4.965853441s ago: executing program 3 (id=1870): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/consoles\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x20000023896) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r5 = syz_io_uring_setup(0xa3, &(0x7f0000000640)={0x0, 0xe8cf, 0x0, 0x20, 0x40000333}, &(0x7f00000006c0)=0x0, &(0x7f00000020c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r6, r7, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x6007, @fd_index=0x4, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001800)=""/211, 0xd3}], 0x1}) setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0) io_uring_enter(r5, 0x47ba, 0x0, 0x0, 0x0, 0x0) 4.927030642s ago: executing program 9 (id=1871): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeee, 0x8031, 0xffffffffffffffff, 0x2000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setownex(r1, 0xf, &(0x7f0000000240)={0x1, r0}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYRES8=r0], 0x50) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b703000000040000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x18) r5 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r5, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x43}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r5, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x4, 0x3, 0x3}, 0x10) r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) r7 = mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r6, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r6, 0x4018620d, 0x0) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_debug_messages', 0x42, 0x104) r8 = syz_open_dev$cec(&(0x7f00000003c0), 0x0, 0x0) ioctl$CEC_ADAP_S_LOG_ADDRS(r8, 0xc05c6104, &(0x7f0000004180)={"2370491d", 0x0, 0x5, 0x2, 0x8, 0x5, "000064640000001503fe00", '\x00', "0f00", "64bdac32", ["e86621d9cc668c391f77c506", "3549ffffffffffffff010800", "2fc7977386afe0374831c1f9", "cf6cce2296b3f853e224c4e0"]}) ioctl$CEC_TRANSMIT(r8, 0xc0386105, &(0x7f0000000480)={0x5, 0x6, 0x1, 0x9, 0x3, 0x200, "0f6d00", 0x2, 0x2, 0x1, 0x6, 0x5, 0x84, 0xff}) io_setup(0x20, &(0x7f0000001140)) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000140)={0xc, 0x0, &(0x7f0000000100)=[@free_buffer={0x40086303, r7}], 0x0, 0x0, 0x0}) 4.821641531s ago: executing program 5 (id=1872): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0xffff, 0x2}, 0x6) write$binfmt_misc(r0, &(0x7f0000000000), 0xd) prlimit64(0x0, 0xe, &(0x7f0000001380)={0x4, 0x8}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) syz_pidfd_open(0x0, 0x0) getresuid(&(0x7f00000012c0), 0x0, 0x0) shmctl$IPC_SET(0x0, 0x1, 0x0) shmget$private(0x0, 0x4000, 0x1000, &(0x7f0000000000/0x4000)=nil) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000180)={'batadv_slave_0\x00', 0x0}) setsockopt$packet_add_memb(r1, 0x107, 0x1, &(0x7f0000000000)={r2, 0x1, 0x6}, 0x10) setsockopt$packet_add_memb(r1, 0x107, 0x1, &(0x7f00000001c0)={r2, 0x1, 0x6, @random="f85c3132d479"}, 0x10) setsockopt$packet_add_memb(r1, 0x107, 0x1, &(0x7f0000000040)={r2, 0x1, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xd}}, 0x10) 3.355662657s ago: executing program 9 (id=1873): r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) epoll_create1(0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) getsockopt$IP_VS_SO_GET_SERVICE(0xffffffffffffffff, 0x0, 0x483, &(0x7f0000000000), &(0x7f0000000180)=0x68) ioctl$VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f0000000080)={0xf0f041}) 3.268109334s ago: executing program 5 (id=1874): socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(0xffffffffffffffff, 0xc06864a1, &(0x7f0000000d40)={0x0, 0x0, r1}) close(0x3) bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0a00000008000000e27f000001"], 0x48) bpf$PROG_LOAD(0x2, &(0x7f0000000680)={0x3, 0x3, &(0x7f0000000040)=ANY=[@ANYRESDEC], &(0x7f0000000780)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 3.221718566s ago: executing program 8 (id=1875): sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, 0x0) r0 = getpid() prlimit64(r0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) socket$inet(0x2, 0x1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = eventfd(0x80000b) syz_open_dev$video(&(0x7f0000000000), 0x8, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r4 = socket(0x400000000010, 0x3, 0x0) r5 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000004c0)=@newtfilter={0x38, 0x2c, 0xd27, 0x70bd29, 0x8000, {0x0, 0x0, 0x0, r6, {0x0, 0xfff2}, {}, {0xa, 0x6}}, [@filter_kind_options=@f_flower={{0xb}, {0x8, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS={0x4}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x22044028}, 0x0) ioctl$VHOST_SET_LOG_FD(0xffffffffffffffff, 0x4004af07, &(0x7f0000000240)=r2) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x4008af20, 0x0) mknod$loop(&(0x7f0000000000)='./file0\x00', 0x1000, 0x1) ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, 0x0) unshare(0x64000600) 2.827273019s ago: executing program 9 (id=1876): r0 = socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000380)=0x2) bpf$PROG_LOAD(0x5, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = socket(0x28, 0x5, 0x0) bind$vsock_stream(r2, 0x0, 0x0) connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000080), 0x10) r3 = syz_io_uring_setup(0x49a, &(0x7f0000000400)={0x0, 0x79af, 0x3180, 0x8000, 0x400246}, &(0x7f0000000340)=0x0, &(0x7f00000006c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_MSG_RING={0x28, 0x0, 0x0, r3, 0x1, 0x0, 0x0, 0x2}) io_uring_enter(r3, 0x4c6e, 0xc67a, 0xc, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x0, 0x0}) mkdirat(0xffffffffffffff9c, 0x0, 0x0) ustat(0xfffffffeffffffff, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e20, @multicast2}, 0x10) setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, 0x0, 0x0) 2.130089584s ago: executing program 5 (id=1877): bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f00000000c0)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_ep_write(r0, 0x81, 0x1, &(0x7f00000001c0)='P') 576.468448ms ago: executing program 4 (id=1878): lsm_list_modules(0x0, 0xffffffffffffffff, 0x0) syz_usb_connect$uac1(0x1, 0x8d, &(0x7f00000004c0)=ANY=[@ANYBLOB="12015002000000086b1d010140000102030109027b00030109c0060904000000010100000a2401f2930902010208240501109e062a0c240206fd030468ffff6e0808240401ea115cc00904010000010200000904010101010202000905010920000904f907250183010d00090402000009"], &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]}) 263.674381ms ago: executing program 8 (id=1879): r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000000)={'syzkaller0\x00', @broadcast}) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x4d, 0xfffffffb, 0x7fffffff}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040084) sendmsg$nl_route_sched(r2, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000001f80)=@newqdisc={0x45c, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r4, {0x10}, {}, {0xa, 0x3}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x430, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x1, 0x1, 0x9, 0x8000, 0x3, 0x5, 0x5, 0xb762, 0x6, 0x7, 0x8, 0xf, 0x2, 0x80000001, 0x400, 0x7fc, 0xffff8000, 0x6, 0x401, 0x9, 0xb89, 0xffffe4f5, 0xd6, 0x4, 0xffff, 0x7, 0x0, 0x2, 0x101, 0x1, 0xfffffffc, 0x4, 0x1, 0x1, 0x9, 0xc, 0x20001000, 0x4, 0x2, 0x7, 0x4, 0x99, 0x9, 0x5, 0x6, 0x7, 0xfffffff7, 0x1, 0x2, 0x9, 0x9, 0x44, 0x8, 0x8, 0x1, 0x4, 0x7ff, 0x8, 0x7, 0x80000001, 0x400, 0x8, 0xfffffa72, 0xcd, 0xffffff80, 0x80000000, 0xc, 0x4, 0x65, 0x91, 0x659, 0x9, 0xf, 0x7, 0xc28, 0x9, 0x7, 0x3, 0x401, 0x3, 0x2, 0xfffffffa, 0x1, 0x10001, 0x3, 0x1, 0x4, 0x8, 0x8, 0x7, 0x1, 0x1, 0x1, 0x7, 0x40, 0x7, 0xe, 0x8000, 0x1, 0x4dc, 0x80, 0x3, 0x7fffffff, 0xfd, 0x9, 0xa7, 0xf, 0x2, 0x0, 0x3, 0x1000, 0x4, 0x401, 0x7, 0x80000000, 0xffff, 0x6, 0x5, 0x4, 0xffffffff, 0x80000000, 0x1966f9ab, 0x5, 0x20200, 0xed5, 0xfffffc00, 0x6, 0x4, 0x8, 0x485e, 0xa85, 0x40, 0x2, 0x7, 0x7, 0x102, 0x2d5421e8, 0x7, 0x10000, 0xffffffff, 0x6, 0x3ff, 0xf04, 0x0, 0x2, 0x5, 0xfffffc00, 0x5, 0x8d, 0x4, 0x401, 0x44, 0x9, 0x3, 0xfffffffb, 0x1, 0x0, 0x0, 0x2, 0x5, 0x8, 0x3, 0x0, 0x800, 0x2, 0x8, 0x7ff, 0x1, 0x9, 0x6, 0x5, 0x5, 0x4d15, 0x1ff, 0xfffff060, 0x3, 0x469, 0x3, 0x0, 0x200, 0x10000005, 0x7, 0x1, 0x8, 0x42ba, 0x4, 0x9, 0x3, 0x8, 0x8, 0x53, 0x6, 0x4, 0x400, 0x8000, 0x0, 0x2c310b18, 0xfff, 0x0, 0x3, 0xcd34, 0x9, 0x81, 0xdf3, 0x2, 0x7, 0x8, 0xfff, 0x1ff, 0x8000, 0x3, 0x8, 0x3, 0x9, 0x9a6, 0xe4cb, 0x402, 0x1, 0x1ff, 0x3e, 0x9b4, 0x1, 0x8, 0x0, 0x8, 0x0, 0x9, 0x0, 0x4, 0x10, 0x901, 0x5, 0x2, 0x7b, 0xfffffeff, 0x6, 0x6, 0xc, 0x1000, 0x9, 0x9, 0xe6, 0xab, 0x400, 0x7fffffff, 0xed, 0x7ff, 0xd83, 0x68, 0x80000001, 0x4, 0x1, 0x6, 0x200, 0x2]}, @TCA_TBF_PARMS={0x28, 0x1, {{0x5, 0x3, 0x2, 0x2, 0x0, 0x81}, {0xf, 0x1, 0xa7a8, 0x9, 0xa, 0x5}, 0xfffffffd, 0x10000, 0x21f0}}]}}]}, 0x45c}, 0x1, 0x0, 0x0, 0x40098}, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r5) sendmsg$TIPC_CMD_ENABLE_BEARER(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) 62.555796ms ago: executing program 7 (id=1880): fsopen(&(0x7f0000000140)='9p\x00', 0x0) 0s ago: executing program 3 (id=1881): openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) write$sndseq(0xffffffffffffffff, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8) r1 = socket$netlink(0x10, 0x3, 0x15) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1f, 0x0, 0x0, 0x1000, 0x0, 0x1}, 0x48) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x28011, r2, 0x0) kernel console output (not intermixed with test programs): 367.151529][ T8578] usb 8-1: USB disconnect, device number 8 [ 367.817693][ T8578] dvb-usb: Pinnacle PCTV Hybrid Stick Solo successfully deinitialized and disconnected. [ 368.550512][ T1219] hid-generic FFFF:0008:0003.000C: item fetching failed at offset 0/2 [ 368.833228][ T1219] hid-generic FFFF:0008:0003.000C: probe with driver hid-generic failed with error -22 [ 369.386788][ T9027] netlink: 20 bytes leftover after parsing attributes in process `syz.7.943'. [ 369.401435][ T9027] netlink: 8 bytes leftover after parsing attributes in process `syz.7.943'. [ 371.621532][ T1219] usb 9-1: new high-speed USB device number 4 using dummy_hcd [ 372.725380][ T1219] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 372.755772][ T1219] usb 9-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 372.776330][ T9060] tipc: Enabling of bearer rejected, failed to enable media [ 372.791606][ T1219] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 372.818575][ T1219] usb 9-1: config 0 descriptor?? [ 372.839989][ T1219] pwc: Askey VC010 type 2 USB webcam detected. [ 373.347192][ T1219] pwc: recv_control_msg error -32 req 02 val 2b00 [ 373.600528][ T1219] pwc: recv_control_msg error -32 req 02 val 2700 [ 373.633786][ T1219] pwc: recv_control_msg error -32 req 02 val 2c00 [ 373.710343][ T1219] pwc: recv_control_msg error -32 req 04 val 1000 [ 373.751856][ T1219] pwc: recv_control_msg error -32 req 04 val 1300 [ 373.796114][ T1219] pwc: recv_control_msg error -32 req 04 val 1400 [ 373.855657][ T1219] pwc: recv_control_msg error -32 req 02 val 2000 [ 373.920999][ T1219] pwc: recv_control_msg error -32 req 02 val 2100 [ 373.942814][ T1219] pwc: recv_control_msg error -32 req 04 val 1500 [ 374.094529][ T114] hid-generic FFFF:0008:0003.000D: item fetching failed at offset 0/2 [ 374.127467][ T114] hid-generic FFFF:0008:0003.000D: probe with driver hid-generic failed with error -22 [ 374.164650][ T1219] pwc: recv_control_msg error -71 req 02 val 2400 [ 374.184513][ T1219] pwc: recv_control_msg error -71 req 02 val 2600 [ 374.205679][ T1219] pwc: recv_control_msg error -71 req 02 val 2900 [ 374.220039][ T1219] pwc: recv_control_msg error -71 req 02 val 2800 [ 374.240510][ T1219] pwc: recv_control_msg error -71 req 04 val 1100 [ 374.264696][ T1219] pwc: recv_control_msg error -71 req 04 val 1200 [ 374.289453][ T1219] pwc: Registered as video103. [ 374.320042][ T1219] input: PWC snapshot button as /devices/platform/dummy_hcd.8/usb9/9-1/input/input9 [ 374.413543][ T1219] usb 9-1: USB disconnect, device number 4 [ 376.917047][ T9102] loop8: detected capacity change from 0 to 512 [ 377.229643][ T9102] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 377.242952][ T9102] ext4 filesystem being mounted at /51/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 377.418587][ T7513] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 377.888330][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 377.907245][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 377.991710][ T1219] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 378.624666][ T9113] bond1 (unregistering): Released all slaves [ 378.765252][ T1219] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 378.805825][ T1219] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 379.006412][ T1219] usb 7-1: New USB device found, idVendor=1038, idProduct=1410, bcdDevice= 0.00 [ 379.016764][ T1219] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 379.047827][ T1219] usb 7-1: config 0 descriptor?? [ 380.239038][ T1219] usbhid 7-1:0.0: can't add hid device: -71 [ 380.393382][ T9129] bridge0: port 3(gretap0) entered disabled state [ 380.400167][ T9129] bridge0: port 2(bridge_slave_1) entered disabled state [ 380.407586][ T9129] bridge0: port 1(bridge_slave_0) entered disabled state [ 380.487538][ T1219] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 380.522793][ T1219] usb 7-1: USB disconnect, device number 2 [ 380.951761][ T9129] bridge0: entered allmulticast mode [ 380.979971][ T5965] hid-generic FFFF:0008:0003.000E: item fetching failed at offset 0/2 [ 381.032088][ T5965] hid-generic FFFF:0008:0003.000E: probe with driver hid-generic failed with error -22 [ 382.611893][ T9150] loop8: detected capacity change from 0 to 512 [ 383.134635][ T9150] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 383.149232][ T9150] ext4 filesystem being mounted at /55/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 383.633922][ T7513] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 386.151480][ T9180] Invalid ELF header type: 25773 != 1 [ 386.230642][ T9180] loop1: detected capacity change from 0 to 1024 [ 391.153918][ T9216] comedi comedi0: dt2815: I/O port conflict (0x8002f,2) [ 392.242722][ T9230] Invalid ELF header type: 25773 != 1 [ 392.319139][ T9230] loop6: detected capacity change from 0 to 1024 [ 392.921277][ T9] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 393.121302][ T9] usb 6-1: Using ep0 maxpacket: 8 [ 393.126057][ T5965] hid-generic FFFF:0008:0003.000F: item fetching failed at offset 0/2 [ 393.146816][ T9] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 13 [ 393.169177][ T5965] hid-generic FFFF:0008:0003.000F: probe with driver hid-generic failed with error -22 [ 393.194856][ T9] usb 6-1: New USB device found, idVendor=046d, idProduct=08ae, bcdDevice=11.58 [ 393.245503][ T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 393.584848][ T9] usb 6-1: Product: syz [ 393.796477][ T9] usb 6-1: Manufacturer: syz [ 393.801098][ T9] usb 6-1: SerialNumber: syz [ 393.861864][ T9] usb 6-1: config 0 descriptor?? [ 393.895638][ T9] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08ae [ 394.581428][ T5965] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 395.701427][ T5965] usb 2-1: Using ep0 maxpacket: 32 [ 395.828167][ T5965] usb 2-1: config 0 has an invalid interface number: 51 but max is 0 [ 395.923687][ T5965] usb 2-1: config 0 has no interface number 0 [ 395.951416][ T9] gspca_zc3xx: reg_w_i err -71 [ 396.174616][ T5965] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 396.261053][ T5965] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 396.278559][ T5965] usb 2-1: Product: syz [ 396.282926][ T5965] usb 2-1: Manufacturer: syz [ 396.287519][ T5965] usb 2-1: SerialNumber: syz [ 396.310466][ T5965] usb 2-1: config 0 descriptor?? [ 396.347872][ T5965] quatech2 2-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 396.614006][ T9] gspca_zc3xx: Unknown sensor - set to TAS5130C [ 396.745317][ T9] gspca_zc3xx 6-1:0.0: probe with driver gspca_zc3xx failed with error -71 [ 396.890234][ T5965] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 397.119337][ T5965] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 397.132735][ C1] usb 2-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 397.151475][ T9] usb 6-1: USB disconnect, device number 4 [ 397.206334][ T5965] usb 2-1: USB disconnect, device number 6 [ 397.298762][ T5965] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 397.394993][ T5965] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 397.469560][ T5965] quatech2 2-1:0.51: device disconnected [ 397.991586][ T9281] Invalid ELF header type: 25773 != 1 [ 398.067453][ T9281] loop5: detected capacity change from 0 to 1024 [ 399.102076][ T5965] hid-generic FFFF:0008:0003.0010: item fetching failed at offset 0/2 [ 399.128379][ T5965] hid-generic FFFF:0008:0003.0010: probe with driver hid-generic failed with error -22 [ 400.744633][ T9300] loop1: detected capacity change from 0 to 1024 [ 402.020508][ T9306] bridge0: port 2(bridge_slave_1) entered disabled state [ 402.028074][ T9306] bridge0: port 1(bridge_slave_0) entered disabled state [ 402.214740][ T9306] bridge0: entered allmulticast mode [ 404.105663][ T9316] bond1 (unregistering): Released all slaves [ 404.209750][ T9329] loop7: detected capacity change from 0 to 512 [ 405.126627][ T9329] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 405.139479][ T9329] ext4 filesystem being mounted at /78/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 405.759047][ T7035] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 407.690718][ T24] IPVS: starting estimator thread 0... [ 407.999226][ T9348] IPVS: using max 27 ests per chain, 64800 per kthread [ 408.301274][ T9350] loop6: detected capacity change from 0 to 1024 [ 408.389890][ T9350] EXT4-fs: Ignoring removed bh option [ 408.451330][ T24] usb 8-1: new high-speed USB device number 9 using dummy_hcd [ 408.485507][ T9350] EXT4-fs: Ignoring removed nobh option [ 408.539834][ T9350] EXT4-fs: Ignoring removed bh option [ 408.683238][ T9350] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 408.691819][ T24] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 408.742597][ T24] usb 8-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 408.784715][ T24] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 408.844899][ T9366] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1047'. [ 409.711648][ T30] kauditd_printk_skb: 58 callbacks suppressed [ 409.711672][ T30] audit: type=1326 audit(1764001093.027:1072): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9363 comm="syz.5.1047" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f093938f749 code=0x7ffc0000 [ 409.712235][ T24] usb 8-1: config 0 descriptor?? [ 409.717903][ T30] audit: type=1326 audit(1764001093.047:1073): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9363 comm="syz.5.1047" exe="/root/syz-executor" sig=0 arch=c000003e syscall=84 compat=0 ip=0x7f093938f749 code=0x7ffc0000 [ 410.948311][ T30] audit: type=1326 audit(1764001093.047:1074): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9363 comm="syz.5.1047" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f093938f749 code=0x7ffc0000 [ 410.983521][ T30] audit: type=1326 audit(1764001093.047:1075): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9363 comm="syz.5.1047" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f093938f749 code=0x7ffc0000 [ 410.983823][ T24] usb 8-1: can't set config #0, error -71 [ 411.018528][ T7774] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 411.043068][ T30] audit: type=1326 audit(1764001093.047:1076): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9363 comm="syz.5.1047" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f093938f749 code=0x7ffc0000 [ 411.094888][ T24] usb 8-1: USB disconnect, device number 9 [ 411.102669][ T30] audit: type=1326 audit(1764001093.047:1077): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9363 comm="syz.5.1047" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f093938f749 code=0x7ffc0000 [ 411.125017][ C1] vkms_vblank_simulate: vblank timer overrun [ 411.189924][ T9374] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1049'. [ 411.216909][ T30] audit: type=1326 audit(1764001093.047:1078): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9363 comm="syz.5.1047" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f093938f749 code=0x7ffc0000 [ 411.245150][ T30] audit: type=1326 audit(1764001093.057:1079): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9363 comm="syz.5.1047" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f093938f749 code=0x7ffc0000 [ 411.276041][ T30] audit: type=1326 audit(1764001093.057:1080): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9363 comm="syz.5.1047" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f093938f749 code=0x7ffc0000 [ 411.299674][ T30] audit: type=1326 audit(1764001093.057:1081): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9363 comm="syz.5.1047" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f093938f749 code=0x7ffc0000 [ 411.328933][ T9376] bond1 (unregistering): Released all slaves [ 412.881165][ T9389] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1050'. [ 413.202002][ T9399] loop7: detected capacity change from 0 to 512 [ 414.942852][ T9399] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 414.956601][ T9399] ext4 filesystem being mounted at /82/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 415.529426][ T7035] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 416.321079][ T9415] syzkaller0: entered promiscuous mode [ 416.359939][ T9415] syzkaller0: entered allmulticast mode [ 416.406420][ T9417] loop5: detected capacity change from 0 to 1024 [ 416.422293][ T9417] EXT4-fs: Ignoring removed bh option [ 416.463785][ T9417] EXT4-fs: Ignoring removed nobh option [ 416.469365][ T9417] EXT4-fs: Ignoring removed bh option [ 416.572187][ T9417] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 416.596873][ T9423] loop6: detected capacity change from 0 to 1024 [ 417.763574][ T9439] FAT-fs (nbd3): unable to read boot sector [ 418.203876][ T9442] netlink: 12 bytes leftover after parsing attributes in process `syz.8.1068'. [ 418.561448][ T9] usb 8-1: new high-speed USB device number 10 using dummy_hcd [ 418.571499][ T5826] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 419.083094][ T9447] bond1 (unregistering): Released all slaves [ 419.105717][ T9] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 419.128288][ T9] usb 8-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 419.376659][ T9] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 419.503131][ T9] usb 8-1: config 0 descriptor?? [ 419.517416][ T9] pwc: Askey VC010 type 2 USB webcam detected. [ 420.130698][ T9] pwc: recv_control_msg error -32 req 02 val 2b00 [ 420.138216][ T9] pwc: recv_control_msg error -32 req 02 val 2700 [ 420.145504][ T9] pwc: recv_control_msg error -32 req 02 val 2c00 [ 420.152818][ T9] pwc: recv_control_msg error -32 req 04 val 1000 [ 420.171389][ T9] pwc: recv_control_msg error -32 req 04 val 1300 [ 420.309085][ T9] pwc: recv_control_msg error -32 req 04 val 1400 [ 420.512095][ T9] pwc: recv_control_msg error -32 req 02 val 2000 [ 420.801597][ T9] pwc: recv_control_msg error -32 req 02 val 2100 [ 421.052997][ T9] pwc: recv_control_msg error -71 req 02 val 2500 [ 421.740916][ T9] pwc: recv_control_msg error -71 req 02 val 2400 [ 421.757167][ T9] pwc: recv_control_msg error -71 req 02 val 2600 [ 421.771881][ T9] pwc: recv_control_msg error -71 req 02 val 2900 [ 421.781516][ T9] pwc: recv_control_msg error -71 req 02 val 2800 [ 421.799556][ T9] pwc: recv_control_msg error -71 req 04 val 1100 [ 421.810013][ T9] pwc: recv_control_msg error -71 req 04 val 1200 [ 421.818812][ T9] pwc: Registered as video103. [ 421.825573][ T9] input: PWC snapshot button as /devices/platform/dummy_hcd.7/usb8/8-1/input/input10 [ 421.839798][ T9] usb 8-1: USB disconnect, device number 10 [ 425.523910][ T9488] random: crng reseeded on system resumption [ 425.538561][ T9488] Restarting kernel threads ... [ 425.543986][ T9488] Done restarting kernel threads. [ 425.554186][ T9488] netlink: 'syz.8.1080': attribute type 10 has an invalid length. [ 425.569136][ T9488] 8021q: adding VLAN 0 to HW filter on device bond0 [ 425.577328][ T9488] team0: Port device bond0 added [ 425.835704][ T9495] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 426.129752][ T9498] bond1 (unregistering): Released all slaves [ 428.301240][ T114] IPVS: starting estimator thread 0... [ 428.643720][ T9518] IPVS: using max 26 ests per chain, 62400 per kthread [ 429.121260][ T1219] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 429.131999][ T114] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 429.375760][ T1219] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 429.698013][ T1219] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 429.744957][ T114] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 429.783670][ T1219] usb 2-1: New USB device found, idVendor=1038, idProduct=1410, bcdDevice= 0.00 [ 429.817270][ T114] usb 7-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 429.841328][ T1219] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 429.851630][ T114] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 429.852266][ T9534] bridge0: port 2(bridge_slave_1) entered disabled state [ 429.867296][ T9534] bridge0: port 1(bridge_slave_0) entered disabled state [ 429.908698][ T1219] usb 2-1: config 0 descriptor?? [ 429.919878][ T114] usb 7-1: config 0 descriptor?? [ 429.975147][ T114] pwc: Askey VC010 type 2 USB webcam detected. [ 430.015240][ T9534] bridge0: entered allmulticast mode [ 430.369512][ T9539] random: crng reseeded on system resumption [ 430.385711][ T114] pwc: recv_control_msg error -32 req 02 val 2b00 [ 430.407152][ T114] pwc: recv_control_msg error -32 req 02 val 2700 [ 430.428044][ T114] pwc: recv_control_msg error -32 req 02 val 2c00 [ 430.438327][ T114] pwc: recv_control_msg error -32 req 04 val 1000 [ 430.445557][ T9540] netlink: 'syz.5.1096': attribute type 10 has an invalid length. [ 430.459746][ T114] pwc: recv_control_msg error -32 req 04 val 1300 [ 430.468897][ T114] pwc: recv_control_msg error -32 req 04 val 1400 [ 430.489748][ T114] pwc: recv_control_msg error -32 req 02 val 2000 [ 430.515926][ T114] pwc: recv_control_msg error -32 req 02 val 2100 [ 430.668828][ T1219] usbhid 2-1:0.0: can't add hid device: -71 [ 430.685170][ T1219] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 430.709982][ T1219] usb 2-1: USB disconnect, device number 7 [ 430.730084][ T114] pwc: recv_control_msg error -71 req 02 val 2500 [ 430.746443][ T114] pwc: recv_control_msg error -71 req 02 val 2400 [ 430.776032][ T114] pwc: recv_control_msg error -71 req 02 val 2600 [ 430.799846][ T114] pwc: recv_control_msg error -71 req 02 val 2900 [ 430.813100][ T114] pwc: recv_control_msg error -71 req 02 val 2800 [ 430.823380][ T114] pwc: recv_control_msg error -71 req 04 val 1100 [ 430.861523][ T114] pwc: recv_control_msg error -71 req 04 val 1200 [ 430.900541][ T114] pwc: Registered as video103. [ 430.930744][ T114] input: PWC snapshot button as /devices/platform/dummy_hcd.6/usb7/7-1/input/input11 [ 431.001096][ T9539] Restarting kernel threads ... [ 431.006630][ T9539] Done restarting kernel threads. [ 431.023648][ T114] usb 7-1: USB disconnect, device number 3 [ 433.699596][ T9573] Invalid ELF header type: 25773 != 1 [ 433.800893][ T9573] loop7: detected capacity change from 0 to 1024 [ 435.293629][ T9582] loop5: detected capacity change from 0 to 128 [ 436.147314][ T9582] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 436.235782][ T9582] ext4 filesystem being mounted at /226/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 436.279446][ T9594] random: crng reseeded on system resumption [ 436.295705][ T9594] Restarting kernel threads ... [ 436.301016][ T9594] Done restarting kernel threads. [ 436.309245][ T9594] netlink: 'syz.8.1113': attribute type 10 has an invalid length. [ 437.330782][ T5826] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 439.332314][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 439.361899][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.381681][ T5913] IPVS: starting estimator thread 0... [ 440.617447][ T9641] loop7: detected capacity change from 0 to 128 [ 441.241793][ T9635] IPVS: using max 23 ests per chain, 55200 per kthread [ 441.307358][ T9645] loop1: detected capacity change from 0 to 512 [ 441.722183][ T9641] EXT4-fs (loop7): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 441.750618][ T9653] random: crng reseeded on system resumption [ 441.762550][ T9653] Restarting kernel threads ... [ 441.767768][ T9653] Done restarting kernel threads. [ 441.773796][ T9653] netlink: 'syz.3.1132': attribute type 10 has an invalid length. [ 441.847822][ T9641] ext4 filesystem being mounted at /95/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 443.182524][ T7035] EXT4-fs (loop7): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 443.305007][ T9645] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 443.453793][ T9645] ext4 filesystem being mounted at /223/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 444.237052][ T9669] bond1 (unregistering): Released all slaves [ 448.769769][ T9713] loop8: detected capacity change from 0 to 1024 [ 455.215082][ T9767] netlink: 12 bytes leftover after parsing attributes in process `syz.8.1164'. [ 455.943427][ T9769] loop7: detected capacity change from 0 to 1024 [ 456.747193][ T9779] loop5: detected capacity change from 0 to 1024 [ 456.766118][ T9779] EXT4-fs: Ignoring removed bh option [ 457.026103][ T9779] EXT4-fs: Ignoring removed nobh option [ 457.273011][ T9779] EXT4-fs: Ignoring removed bh option [ 457.337479][ T9779] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 458.733744][ T9788] EXT4-fs error (device loop5): ext4_mb_mark_diskspace_used:4193: comm syz.5.1170: Allocating blocks 497-513 which overlap fs metadata [ 458.937495][ T9788] EXT4-fs (loop5): pa ffff88802fdf0ae0: logic 256, phys. 385, len 8 [ 458.945880][ T9788] EXT4-fs error (device loop5): ext4_mb_release_inode_pa:5444: group 0, free 0, pa_free 1 [ 459.820354][ T5826] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 461.040911][ T9804] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 461.050351][ T5838] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 461.059118][ T5838] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 461.067963][ T5838] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 461.078076][ T5838] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 462.317144][ T9819] netlink: 12 bytes leftover after parsing attributes in process `syz.8.1179'. [ 463.171363][ T5838] Bluetooth: hci6: command tx timeout [ 463.403374][ T9822] netlink: 24 bytes leftover after parsing attributes in process `syz.8.1181'. [ 463.479174][ T30] kauditd_printk_skb: 49 callbacks suppressed [ 463.479191][ T30] audit: type=1326 audit(1764001146.857:1131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9821 comm="syz.8.1181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe24698f749 code=0x7ffc0000 [ 464.135121][ T30] audit: type=1326 audit(1764001146.867:1132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9821 comm="syz.8.1181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=84 compat=0 ip=0x7fe24698f749 code=0x7ffc0000 [ 464.304697][ T9827] ALSA: mixer_oss: invalid OSS volume '' [ 464.323288][ T30] audit: type=1326 audit(1764001146.867:1133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9821 comm="syz.8.1181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe24698f749 code=0x7ffc0000 [ 464.387516][ T30] audit: type=1326 audit(1764001146.907:1134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9821 comm="syz.8.1181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe24698f749 code=0x7ffc0000 [ 464.424599][ T9803] chnl_net:caif_netlink_parms(): no params data found [ 464.451494][ T30] audit: type=1326 audit(1764001146.907:1135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9821 comm="syz.8.1181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe24698f749 code=0x7ffc0000 [ 464.516497][ T9839] loop3: detected capacity change from 0 to 1024 [ 464.571817][ T30] audit: type=1326 audit(1764001146.907:1136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9821 comm="syz.8.1181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7fe24698f749 code=0x7ffc0000 [ 464.631207][ T30] audit: type=1326 audit(1764001146.907:1137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9821 comm="syz.8.1181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe24698f749 code=0x7ffc0000 [ 464.692494][ T30] audit: type=1326 audit(1764001146.917:1138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9821 comm="syz.8.1181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7fe24698f749 code=0x7ffc0000 [ 465.051422][ T30] audit: type=1326 audit(1764001146.917:1139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9821 comm="syz.8.1181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe24698f749 code=0x7ffc0000 [ 465.475228][ T30] audit: type=1326 audit(1764001146.967:1140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9821 comm="syz.8.1181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fe24698f749 code=0x7ffc0000 [ 465.497556][ C1] vkms_vblank_simulate: vblank timer overrun [ 465.583622][ T5838] Bluetooth: hci6: command tx timeout [ 465.960347][ T5938] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 466.161206][ T5938] usb 6-1: Using ep0 maxpacket: 32 [ 466.189442][ T5938] usb 6-1: config 0 interface 0 altsetting 3 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 466.271554][ T5938] usb 6-1: config 0 interface 0 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 466.302356][ T5938] usb 6-1: config 0 interface 0 has no altsetting 0 [ 466.366043][ T5938] usb 6-1: New USB device found, idVendor=0c70, idProduct=f003, bcdDevice= 0.00 [ 466.552883][ T5938] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 466.603370][ T9865] netlink: 12 bytes leftover after parsing attributes in process `syz.8.1193'. [ 466.901898][ T5938] usb 6-1: config 0 descriptor?? [ 466.986786][ T9803] bridge0: port 1(bridge_slave_0) entered blocking state [ 467.006893][ T9643] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 467.050911][ T9803] bridge0: port 1(bridge_slave_0) entered disabled state [ 467.109230][ T9803] bridge_slave_0: entered allmulticast mode [ 467.596681][ T9803] bridge_slave_0: entered promiscuous mode [ 467.648364][ T5838] Bluetooth: hci6: command tx timeout [ 467.672317][ T9803] bridge0: port 2(bridge_slave_1) entered blocking state [ 467.740574][ T9803] bridge0: port 2(bridge_slave_1) entered disabled state [ 467.749443][ T9803] bridge_slave_1: entered allmulticast mode [ 467.781352][ T5938] usbhid 6-1:0.0: can't add hid device: -71 [ 467.788632][ T5938] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 467.798868][ T9803] bridge_slave_1: entered promiscuous mode [ 467.811050][ T5938] usb 6-1: USB disconnect, device number 5 [ 468.397217][ T9803] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 468.436981][ T9803] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 468.617147][ T9884] netlink: 24 bytes leftover after parsing attributes in process `syz.6.1199'. [ 468.648234][ T30] kauditd_printk_skb: 25 callbacks suppressed [ 468.648253][ T30] audit: type=1326 audit(1764001152.017:1166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9881 comm="syz.6.1199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c83d8f749 code=0x7ffc0000 [ 468.749399][ T30] audit: type=1326 audit(1764001152.017:1167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9881 comm="syz.6.1199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=84 compat=0 ip=0x7f7c83d8f749 code=0x7ffc0000 [ 468.804145][ T9803] team0: Port device team_slave_0 added [ 469.075745][ T9888] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1200'. [ 469.280702][ T30] audit: type=1326 audit(1764001152.017:1168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9881 comm="syz.6.1199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c83d8f749 code=0x7ffc0000 [ 469.292966][ T9803] team0: Port device team_slave_1 added [ 469.408135][ T30] audit: type=1326 audit(1764001152.017:1169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9881 comm="syz.6.1199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7c83d8f749 code=0x7ffc0000 [ 469.577638][ T30] audit: type=1326 audit(1764001152.017:1170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9881 comm="syz.6.1199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c83d8f749 code=0x7ffc0000 [ 469.624856][ T9886] could not allocate digest TFM handle crct10dif-arm64-ce [ 469.682487][ T9803] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 469.698750][ T9803] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 469.719991][ T30] audit: type=1326 audit(1764001152.017:1171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9881 comm="syz.6.1199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f7c83d8f749 code=0x7ffc0000 [ 469.731625][ T5838] Bluetooth: hci6: command tx timeout [ 469.781849][ T9803] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 470.326819][ T30] audit: type=1326 audit(1764001152.017:1172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9881 comm="syz.6.1199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c83d8f749 code=0x7ffc0000 [ 470.548208][ T30] audit: type=1326 audit(1764001152.017:1173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9881 comm="syz.6.1199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f7c83d8f749 code=0x7ffc0000 [ 470.582246][ T30] audit: type=1326 audit(1764001152.017:1174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9881 comm="syz.6.1199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c83d8f749 code=0x7ffc0000 [ 470.608321][ T30] audit: type=1326 audit(1764001152.017:1175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9881 comm="syz.6.1199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f7c83d8f749 code=0x7ffc0000 [ 470.646613][ T9906] loop5: detected capacity change from 0 to 1024 [ 470.725654][ T9803] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 470.754720][ T9803] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 470.910409][ T9803] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 472.188386][ T13] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 473.405101][ T13] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 473.427694][ T9928] loop8: detected capacity change from 0 to 1024 [ 474.345384][ T9934] random: crng reseeded on system resumption [ 474.356972][ T9934] Restarting kernel threads ... [ 474.362279][ T9934] Done restarting kernel threads. [ 474.370054][ T9934] netlink: 'syz.6.1213': attribute type 10 has an invalid length. [ 474.755970][ T13] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 474.987318][ T9934] 8021q: adding VLAN 0 to HW filter on device bond0 [ 474.995283][ T9934] team0: Port device bond0 added [ 475.226839][ T13] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 475.350894][ T9803] hsr_slave_0: entered promiscuous mode [ 475.388231][ T9803] hsr_slave_1: entered promiscuous mode [ 475.410931][ T9803] debugfs: 'hsr0' already exists in 'hsr' [ 475.451533][ T9803] Cannot create hsr debugfs directory [ 478.221739][ T9970] loop8: detected capacity change from 0 to 1024 [ 479.493453][ T30] kauditd_printk_skb: 59 callbacks suppressed [ 479.493469][ T30] audit: type=1326 audit(1764001162.887:1235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9985 comm="syz.6.1226" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7c83d8f749 code=0x0 [ 480.055249][ T13] gretap0: left allmulticast mode [ 480.081594][ T13] gretap0: left promiscuous mode [ 480.100790][ T13] bridge0: port 3(gretap0) entered disabled state [ 480.137680][ T13] bridge_slave_1: left allmulticast mode [ 480.166145][ T13] bridge_slave_1: left promiscuous mode [ 480.202281][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 480.247274][ T13] bridge_slave_0: left allmulticast mode [ 480.278271][ T13] bridge_slave_0: left promiscuous mode [ 480.325390][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 480.677433][ T9999] loop6: detected capacity change from 0 to 1024 [ 481.305392][T10010] loop7: detected capacity change from 0 to 7 [ 481.339978][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 481.349245][ C0] buffer_io_error: 39 callbacks suppressed [ 481.349278][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 481.364039][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 481.373280][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 481.556971][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 481.566189][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 481.729128][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 481.738342][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 481.771793][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 481.780950][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 481.795234][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 481.804434][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 481.819194][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 481.828360][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 481.838461][T10010] ldm_validate_partition_table(): Disk read failed. [ 481.844839][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 481.868956][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 481.878152][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 481.888281][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 481.889125][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 481.897492][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 481.914550][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 481.923733][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 481.932365][ T13] bond0 (unregistering): (slave wlan1): Releasing backup interface [ 481.932568][T10010] Dev loop7: unable to read RDB block 0 [ 481.957332][T10010] loop7: unable to read partition table [ 481.963488][T10010] loop7: partition table beyond EOD, truncated [ 481.965820][ T13] bond0 (unregistering): Released all slaves [ 481.969689][T10010] loop_reread_partitions: partition scan of loop7 (Cj̖P=ý?}X %`ր{֐ȵ4FLQk݊) failed (rc=-5) [ 482.481971][ T13] tipc: Left network mode [ 483.018714][ T9803] netdevsim netdevsim9 netdevsim0: renamed from eth0 [ 484.146640][ T9803] netdevsim netdevsim9 netdevsim1: renamed from eth1 [ 484.301899][ T9803] netdevsim netdevsim9 netdevsim2: renamed from eth2 [ 485.251994][ T5938] usb 8-1: new high-speed USB device number 11 using dummy_hcd [ 485.712762][ T5938] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 485.730536][ T5938] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 485.743208][ T5938] usb 8-1: New USB device found, idVendor=1038, idProduct=1410, bcdDevice= 0.00 [ 485.743664][ T9803] netdevsim netdevsim9 netdevsim3: renamed from eth3 [ 485.777541][ T5938] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 485.793668][T10037] team0: entered allmulticast mode [ 485.798812][T10037] team_slave_0: entered allmulticast mode [ 485.804646][T10037] team_slave_1: entered allmulticast mode [ 485.810486][T10037] bond0: entered allmulticast mode [ 485.815708][T10037] bond_slave_0: entered allmulticast mode [ 485.821500][T10037] bond_slave_1: entered allmulticast mode [ 485.969310][ T5938] usb 8-1: config 0 descriptor?? [ 486.148039][T10042] bond1 (unregistering): Released all slaves [ 487.510760][ T5938] usbhid 8-1:0.0: can't add hid device: -71 [ 487.517690][ T5938] usbhid 8-1:0.0: probe with driver usbhid failed with error -71 [ 487.528864][ T5938] usb 8-1: USB disconnect, device number 11 [ 487.710838][ T13] hsr_slave_0: left promiscuous mode [ 487.756306][ T13] hsr_slave_1: left promiscuous mode [ 487.766457][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 487.775089][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 488.284078][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 488.321732][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 488.403594][ T13] veth1_macvtap: left promiscuous mode [ 488.430117][ T13] veth0_macvtap: left promiscuous mode [ 488.465007][ T13] veth1_vlan: left promiscuous mode [ 488.502368][ T13] veth0_vlan: left promiscuous mode [ 489.421685][T10064] could not allocate digest TFM handle crct10dif-arm64-ce [ 490.147825][T10085] comedi comedi0: pcl711: I/O port conflict (0x6,16) [ 491.904298][T10099] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1257'. [ 491.928543][ T30] audit: type=1326 audit(1764001175.317:1236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10098 comm="syz.3.1257" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec98f8f749 code=0x7ffc0000 [ 491.954545][ T30] audit: type=1326 audit(1764001175.347:1237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10098 comm="syz.3.1257" exe="/root/syz-executor" sig=0 arch=c000003e syscall=84 compat=0 ip=0x7fec98f8f749 code=0x7ffc0000 [ 491.979030][T10100] xt_cgroup: xt_cgroup: no path or classid specified [ 492.019063][ T30] audit: type=1326 audit(1764001175.347:1238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10098 comm="syz.3.1257" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec98f8f749 code=0x7ffc0000 [ 492.047585][ T30] audit: type=1326 audit(1764001175.347:1239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10098 comm="syz.3.1257" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec98f8f749 code=0x7ffc0000 [ 492.073843][ T30] audit: type=1326 audit(1764001175.387:1240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10098 comm="syz.3.1257" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fec98f8f749 code=0x7ffc0000 [ 492.098622][ T30] audit: type=1326 audit(1764001175.387:1241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10098 comm="syz.3.1257" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec98f8f749 code=0x7ffc0000 [ 492.122162][ T30] audit: type=1326 audit(1764001175.387:1242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10098 comm="syz.3.1257" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec98f8f749 code=0x7ffc0000 [ 492.144920][ T30] audit: type=1326 audit(1764001175.387:1243): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10098 comm="syz.3.1257" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7fec98f8f749 code=0x7ffc0000 [ 492.179085][ T30] audit: type=1326 audit(1764001175.387:1244): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10098 comm="syz.3.1257" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec98f8f749 code=0x7ffc0000 [ 492.204403][ T30] audit: type=1326 audit(1764001175.387:1245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10098 comm="syz.3.1257" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec98f8f749 code=0x7ffc0000 [ 492.454256][ T13] team0 (unregistering): Port device team_slave_1 removed [ 492.539437][ T13] team0 (unregistering): Port device team_slave_0 removed [ 493.524913][T10114] tmpfs: Cannot enable quota on remount [ 494.035406][ T9803] 8021q: adding VLAN 0 to HW filter on device bond0 [ 494.106980][ T9803] 8021q: adding VLAN 0 to HW filter on device team0 [ 494.187276][ T50] bridge0: port 1(bridge_slave_0) entered blocking state [ 494.194451][ T50] bridge0: port 1(bridge_slave_0) entered forwarding state [ 494.394704][ T50] bridge0: port 2(bridge_slave_1) entered blocking state [ 494.401896][ T50] bridge0: port 2(bridge_slave_1) entered forwarding state [ 497.471871][ T6002] IPVS: starting estimator thread 0... [ 497.591491][T10131] IPVS: using max 32 ests per chain, 76800 per kthread [ 497.903544][T10134] binder: BINDER_SET_CONTEXT_MGR already set [ 498.044052][T10134] binder: 10133:10134 ioctl 4018620d 200000000040 returned -16 [ 498.146775][T10140] loop7: detected capacity change from 0 to 7 [ 498.185706][ C0] blk_print_req_error: 10 callbacks suppressed [ 498.185724][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 498.201063][ C0] buffer_io_error: 10 callbacks suppressed [ 498.201075][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 498.225467][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 498.234652][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 498.245752][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 498.254901][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 498.271469][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 498.280597][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 498.293102][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 498.302296][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 498.321203][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 498.330350][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 498.339188][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 498.348402][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 498.356290][T10140] ldm_validate_partition_table(): Disk read failed. [ 498.405532][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 498.414756][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 498.424174][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 498.433356][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 498.451487][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 498.460638][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 498.472780][T10140] Dev loop7: unable to read RDB block 0 [ 498.508746][T10140] loop7: unable to read partition table [ 499.739626][T10140] loop7: partition table beyond EOD, truncated [ 499.842001][T10140] loop_reread_partitions: partition scan of loop7 (Cj̖P=ý?}X %`ր{֐ȵ4FLQk݊) failed (rc=-5) [ 499.990328][ T5196] ldm_validate_partition_table(): Disk read failed. [ 500.020574][ T5196] Dev loop7: unable to read RDB block 0 [ 500.055750][ T5196] loop7: unable to read partition table [ 500.087880][ T5196] loop7: partition table beyond EOD, truncated [ 500.157995][T10152] random: crng reseeded on system resumption [ 500.238520][T10153] netlink: 'syz.7.1272': attribute type 10 has an invalid length. [ 500.287150][ T9803] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 500.874878][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 500.887228][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 501.151492][T10167] loop5: detected capacity change from 0 to 1024 [ 501.200650][T10167] EXT4-fs: Ignoring removed bh option [ 501.248535][T10167] EXT4-fs: Ignoring removed nobh option [ 501.274964][T10167] EXT4-fs: Ignoring removed bh option [ 501.360690][T10167] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 503.960220][ T9803] veth0_vlan: entered promiscuous mode [ 504.040584][ T9803] veth1_vlan: entered promiscuous mode [ 504.367432][ T9803] veth0_macvtap: entered promiscuous mode [ 504.413390][ T9803] veth1_macvtap: entered promiscuous mode [ 505.494767][ T9803] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 505.566782][T10188] EXT4-fs error (device loop5): ext4_mb_mark_diskspace_used:4193: comm syz.5.1275: Allocating blocks 497-513 which overlap fs metadata [ 505.626027][ T9803] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 505.718757][ T36] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 505.772025][ T36] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 505.782919][T10188] EXT4-fs (loop5): pa ffff88802fdf0570: logic 256, phys. 385, len 8 [ 505.790941][T10188] EXT4-fs error (device loop5): ext4_mb_release_inode_pa:5444: group 0, free 0, pa_free 1 [ 505.863190][ T36] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 505.888302][T10194] binder: 10193:10194 ioctl c0306201 0 returned -14 [ 505.902087][ T36] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 505.936750][T10194] binder: 10193:10194 ioctl c0306201 2000000003c0 returned -14 [ 507.995572][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 508.154920][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 508.384831][ T73] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 508.395527][ T73] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 510.639259][ T5826] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 516.441631][T10266] loop8: detected capacity change from 0 to 1024 [ 518.001214][ T24] usb 8-1: new high-speed USB device number 12 using dummy_hcd [ 518.152942][ T24] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 518.201926][ T24] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 518.371587][ T24] usb 8-1: New USB device found, idVendor=1038, idProduct=1410, bcdDevice= 0.00 [ 518.421771][T10278] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 518.434960][ T24] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 518.449898][ T24] usb 8-1: config 0 descriptor?? [ 518.522125][T10278] netlink: 4 bytes leftover after parsing attributes in process `syz.9.1307'. [ 518.812336][ T5850] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 518.839027][ T5850] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 518.907278][ T5850] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 519.220444][ T5850] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 519.228527][ T5850] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 519.270546][ T24] usbhid 8-1:0.0: can't add hid device: -71 [ 519.278374][ T24] usbhid 8-1:0.0: probe with driver usbhid failed with error -71 [ 519.847825][ T24] usb 8-1: USB disconnect, device number 12 [ 520.358856][T10297] binder: 10296:10297 ioctl c0306201 2000000003c0 returned -14 [ 521.046295][ T30] kauditd_printk_skb: 206 callbacks suppressed [ 521.046367][ T30] audit: type=1800 audit(1764001204.417:1452): pid=10306 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1314" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0 [ 521.322563][ T5850] Bluetooth: hci3: command tx timeout [ 521.803913][T10302] batadv_slave_0: entered promiscuous mode [ 521.811814][T10301] batadv_slave_0: left promiscuous mode [ 521.928935][T10286] chnl_net:caif_netlink_parms(): no params data found [ 522.846335][ T193] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 523.411233][ T5850] Bluetooth: hci3: command tx timeout [ 524.190716][ T193] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 525.255540][ T193] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 525.494807][ T5850] Bluetooth: hci3: command tx timeout [ 525.808376][T10286] bridge0: port 1(bridge_slave_0) entered blocking state [ 525.848498][T10286] bridge0: port 1(bridge_slave_0) entered disabled state [ 525.876305][T10286] bridge_slave_0: entered allmulticast mode [ 525.910875][T10286] bridge_slave_0: entered promiscuous mode [ 526.053090][ T193] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 526.191407][T10286] bridge0: port 2(bridge_slave_1) entered blocking state [ 526.238118][T10286] bridge0: port 2(bridge_slave_1) entered disabled state [ 526.271588][T10286] bridge_slave_1: entered allmulticast mode [ 526.547716][T10286] bridge_slave_1: entered promiscuous mode [ 526.812111][T10286] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 526.946334][T10286] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 527.335117][T10286] team0: Port device team_slave_0 added [ 527.611812][ T5850] Bluetooth: hci3: command tx timeout [ 527.928370][T10286] team0: Port device team_slave_1 added [ 528.742286][ T30] audit: type=1800 audit(1764001212.127:1453): pid=10370 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.1332" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0 [ 529.231937][T10286] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 529.238981][T10286] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 529.334516][T10286] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 529.345795][T10370] batadv_slave_0: entered promiscuous mode [ 529.385132][T10367] batadv_slave_0: left promiscuous mode [ 529.469242][T10286] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 529.525265][T10286] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 529.635235][T10286] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 530.273066][ T193] bridge_slave_1: left allmulticast mode [ 530.349315][ T193] bridge_slave_1: left promiscuous mode [ 530.451032][ T193] bridge0: port 2(bridge_slave_1) entered disabled state [ 530.560202][ T193] bridge_slave_0: left allmulticast mode [ 530.602045][ T193] bridge_slave_0: left promiscuous mode [ 530.608132][ T193] bridge0: port 1(bridge_slave_0) entered disabled state [ 533.083381][T10413] loop8: detected capacity change from 0 to 128 [ 533.146851][T10413] EXT4-fs (loop8): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 533.208175][T10413] ext4 filesystem being mounted at /128/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 535.287450][T10422] FAT-fs (nbd9): unable to read boot sector [ 535.435591][ T7513] EXT4-fs (loop8): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 537.766792][T10448] loop9: detected capacity change from 0 to 16 [ 538.046685][T10448] erofs (device loop9): mounted with root inode @ nid 36. [ 538.058586][T10447] erofs (device loop9): bogus lookback distance 1388 @ lcn 42 of nid 36 [ 538.071298][T10447] erofs (device loop9): read error -117 @ 43 of nid 36 [ 540.052139][ T193] team0: Port device bond0 removed [ 540.084763][ T193] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 540.173634][ T193] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 540.387638][ T193] bond0 (unregistering): Released all slaves [ 540.601045][T10286] hsr_slave_0: entered promiscuous mode [ 540.671372][T10286] hsr_slave_1: entered promiscuous mode [ 540.704029][T10286] debugfs: 'hsr0' already exists in 'hsr' [ 540.714239][T10286] Cannot create hsr debugfs directory [ 542.421267][ T43] usb 10-1: new high-speed USB device number 2 using dummy_hcd [ 542.582660][ T43] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 542.620964][ T43] usb 10-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 542.638367][ T43] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 542.679512][ T43] usb 10-1: config 0 descriptor?? [ 542.719310][ T43] pwc: Askey VC010 type 2 USB webcam detected. [ 542.771518][ T193] hsr_slave_0: left promiscuous mode [ 542.796769][ T193] hsr_slave_1: left promiscuous mode [ 542.816799][ T193] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 542.825992][ T193] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 542.859243][ T193] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 542.871684][ T193] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 542.930993][ T193] veth1_macvtap: left promiscuous mode [ 542.940156][ T193] veth0_macvtap: left promiscuous mode [ 542.975847][ T193] veth1_vlan: left promiscuous mode [ 543.013262][ T193] veth0_vlan: left promiscuous mode [ 543.114541][ T43] pwc: recv_control_msg error -32 req 02 val 2b00 [ 543.172402][ T43] pwc: recv_control_msg error -32 req 02 val 2700 [ 543.222195][ T43] pwc: recv_control_msg error -32 req 02 val 2c00 [ 543.229623][ T43] pwc: recv_control_msg error -32 req 04 val 1000 [ 543.288840][ T43] pwc: recv_control_msg error -32 req 04 val 1300 [ 543.305681][ T43] pwc: recv_control_msg error -32 req 04 val 1400 [ 543.325512][ T43] pwc: recv_control_msg error -32 req 02 val 2000 [ 543.366268][ T43] pwc: recv_control_msg error -32 req 02 val 2100 [ 543.836169][ T43] pwc: recv_control_msg error -71 req 02 val 2500 [ 543.862546][ T43] pwc: recv_control_msg error -71 req 02 val 2400 [ 543.872721][ T43] pwc: recv_control_msg error -71 req 02 val 2600 [ 543.898890][ T43] pwc: recv_control_msg error -71 req 02 val 2900 [ 543.910172][ T43] pwc: recv_control_msg error -71 req 02 val 2800 [ 543.920534][ T43] pwc: recv_control_msg error -71 req 04 val 1100 [ 544.038812][ T43] pwc: recv_control_msg error -71 req 04 val 1200 [ 544.072577][ T43] pwc: Registered as video103. [ 544.238924][ T43] input: PWC snapshot button as /devices/platform/dummy_hcd.9/usb10/10-1/input/input12 [ 544.327670][ T43] usb 10-1: USB disconnect, device number 2 [ 545.532454][T10518] Invalid ELF header type: 25773 != 1 [ 545.576316][T10518] loop5: detected capacity change from 0 to 1024 [ 547.224297][ T193] team0 (unregistering): Port device team_slave_1 removed [ 547.271416][ T8578] hid-generic FFFF:0008:0003.0011: item fetching failed at offset 0/2 [ 547.291283][T10532] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 547.307084][ T8578] hid-generic FFFF:0008:0003.0011: probe with driver hid-generic failed with error -22 [ 547.430089][ T193] team0 (unregistering): Port device team_slave_0 removed [ 549.277409][T10505] tipc: Enabling of bearer rejected, failed to enable media [ 549.293769][T10542] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 550.266695][T10560] loop5: detected capacity change from 0 to 1024 [ 550.322547][T10560] EXT4-fs: Ignoring removed bh option [ 550.350416][T10560] EXT4-fs: Ignoring removed nobh option [ 550.381341][T10560] EXT4-fs: Ignoring removed bh option [ 550.427369][T10560] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 550.972233][ T193] IPVS: stop unused estimator thread 0... [ 552.615660][ T30] audit: type=1326 audit(1764001235.957:1454): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10577 comm="syz.9.1391" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf1338f749 code=0x7ffc0000 [ 552.958960][ T30] audit: type=1326 audit(1764001235.957:1455): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10577 comm="syz.9.1391" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7fbf1338f749 code=0x7ffc0000 [ 553.176522][T10587] EXT4-fs error (device loop5): ext4_mb_mark_diskspace_used:4193: comm syz.5.1386: Allocating blocks 497-513 which overlap fs metadata [ 553.350715][T10587] EXT4-fs (loop5): pa ffff8880506aa000: logic 256, phys. 385, len 8 [ 553.358833][T10587] EXT4-fs error (device loop5): ext4_mb_release_inode_pa:5444: group 0, free 0, pa_free 1 [ 553.373266][T10589] vivid-007: disconnect [ 553.878124][T10584] vivid-007: reconnect [ 554.033656][ T30] audit: type=1326 audit(1764001235.957:1456): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10577 comm="syz.9.1391" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf1338f749 code=0x7ffc0000 [ 554.056812][ T30] audit: type=1326 audit(1764001235.957:1457): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10577 comm="syz.9.1391" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7fbf1338f749 code=0x7ffc0000 [ 554.079783][ T30] audit: type=1326 audit(1764001235.957:1458): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10577 comm="syz.9.1391" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf1338f749 code=0x7ffc0000 [ 554.169316][T10286] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 554.225678][ T5826] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 554.244299][ T30] audit: type=1326 audit(1764001235.957:1459): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10577 comm="syz.9.1391" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7fbf1338f749 code=0x7ffc0000 [ 554.308634][T10286] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 554.401629][ T30] audit: type=1326 audit(1764001235.957:1460): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10577 comm="syz.9.1391" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fbf133865e7 code=0x7ffc0000 [ 554.474940][ T30] audit: type=1326 audit(1764001235.957:1461): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10577 comm="syz.9.1391" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fbf1332b829 code=0x7ffc0000 [ 554.501387][ T30] audit: type=1326 audit(1764001235.957:1462): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10577 comm="syz.9.1391" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf1338f749 code=0x7ffc0000 [ 554.534107][ T30] audit: type=1326 audit(1764001235.957:1463): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10577 comm="syz.9.1391" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fbf1338f749 code=0x7ffc0000 [ 554.702856][T10593] bond1 (unregistering): Released all slaves [ 554.760837][T10591] vlan2: entered promiscuous mode [ 554.766315][T10591] vlan2: entered allmulticast mode [ 554.771621][T10591] hsr_slave_1: entered allmulticast mode [ 554.795908][T10286] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 554.858979][T10286] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 555.024227][T10599] FAT-fs (nbd5): unable to read boot sector [ 556.015564][T10286] 8021q: adding VLAN 0 to HW filter on device bond0 [ 556.154106][T10286] 8021q: adding VLAN 0 to HW filter on device team0 [ 556.293655][ T193] bridge0: port 1(bridge_slave_0) entered blocking state [ 556.300770][ T193] bridge0: port 1(bridge_slave_0) entered forwarding state [ 556.312829][T10616] binder: BINDER_SET_CONTEXT_MGR already set [ 556.318792][T10616] binder: 10615:10616 ioctl 4018620d 200000000040 returned -16 [ 556.331876][T10616] binder: 10615:10616 ioctl c0306201 2000000003c0 returned -14 [ 556.413670][ T3521] bridge0: port 2(bridge_slave_1) entered blocking state [ 556.420815][ T3521] bridge0: port 2(bridge_slave_1) entered forwarding state [ 556.578438][T10286] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 556.618607][T10286] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 556.933946][ T1219] usb 8-1: new high-speed USB device number 13 using dummy_hcd [ 557.428374][ T1219] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 557.460687][ T1219] usb 8-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 557.489292][ T1219] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 557.545367][ T1219] usb 8-1: config 0 descriptor?? [ 557.574836][ T1219] pwc: Askey VC010 type 2 USB webcam detected. [ 557.635376][T10286] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 557.728083][T10634] bond1 (unregistering): Released all slaves [ 557.993548][ T6043] hid-generic FFFF:0008:0003.0012: item fetching failed at offset 0/2 [ 558.010933][ T6043] hid-generic FFFF:0008:0003.0012: probe with driver hid-generic failed with error -22 [ 558.025073][ T1219] pwc: recv_control_msg error -32 req 02 val 2b00 [ 558.042902][ T1219] pwc: recv_control_msg error -32 req 02 val 2700 [ 558.072191][ T1219] pwc: recv_control_msg error -32 req 02 val 2c00 [ 558.112033][ T1219] pwc: recv_control_msg error -32 req 04 val 1000 [ 558.139659][ T1219] pwc: recv_control_msg error -32 req 04 val 1300 [ 558.156940][ T1219] pwc: recv_control_msg error -32 req 04 val 1400 [ 558.191205][ T1219] pwc: recv_control_msg error -32 req 02 val 2000 [ 558.203584][ T30] kauditd_printk_skb: 10 callbacks suppressed [ 558.203602][ T30] audit: type=1800 audit(1764001241.587:1474): pid=10643 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.8.1407" name="SYSV00000000" dev="tmpfs" ino=1 res=0 errno=0 [ 558.230358][ T1219] pwc: recv_control_msg error -32 req 02 val 2100 [ 558.258644][ T1219] pwc: recv_control_msg error -32 req 04 val 1500 [ 558.273489][T10641] loop3: detected capacity change from 0 to 1024 [ 558.290552][ T1219] pwc: recv_control_msg error -32 req 02 val 2500 [ 558.322275][T10641] EXT4-fs: Ignoring removed bh option [ 558.327893][T10641] EXT4-fs: Ignoring removed nobh option [ 558.368921][T10641] EXT4-fs: Ignoring removed bh option [ 558.496995][T10641] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 558.513393][ T1219] pwc: recv_control_msg error -71 req 02 val 2600 [ 558.549234][ T1219] pwc: recv_control_msg error -71 req 02 val 2900 [ 558.577061][ T1219] pwc: recv_control_msg error -71 req 02 val 2800 [ 558.586824][ T1219] pwc: recv_control_msg error -71 req 04 val 1100 [ 558.604213][ T1219] pwc: recv_control_msg error -71 req 04 val 1200 [ 559.040602][ T1219] pwc: Registered as video103. [ 559.051727][ T1219] input: PWC snapshot button as /devices/platform/dummy_hcd.7/usb8/8-1/input/input13 [ 560.964206][ T1219] usb 8-1: USB disconnect, device number 13 [ 561.714051][ T5829] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 561.752417][T10286] veth0_vlan: entered promiscuous mode [ 561.885919][T10666] input: syz1 as /devices/virtual/input/input14 [ 562.232143][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 562.238524][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 562.373800][T10286] veth1_vlan: entered promiscuous mode [ 563.005898][T10286] veth0_macvtap: entered promiscuous mode [ 563.137029][T10286] veth1_macvtap: entered promiscuous mode [ 563.239685][T10286] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 563.356726][T10286] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 563.415708][ T36] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 563.495426][ T36] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 563.524565][ T36] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 563.948157][ T36] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 564.575717][T10687] bond1 (unregistering): Released all slaves [ 564.954228][ T2135] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 564.981298][ T2135] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 565.381239][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 565.389339][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 565.540202][T10702] Invalid ELF header type: 25773 != 1 [ 565.557015][T10702] loop7: detected capacity change from 0 to 1024 [ 566.119429][T10707] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 566.127543][T10707] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 1th superblock [ 566.138486][T10707] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 566.146570][T10707] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 2th superblock [ 566.794391][T10712] FAT-fs (nbd4): unable to read boot sector [ 566.803126][ T6043] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 567.101456][ T6043] usb 6-1: Using ep0 maxpacket: 32 [ 567.146463][ T6043] usb 6-1: config 0 has an invalid interface number: 51 but max is 0 [ 567.155243][ T6043] usb 6-1: config 0 has no interface number 0 [ 567.189765][ T6043] usb 6-1: config 0 interface 51 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 567.462856][ T6043] usb 6-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 567.473520][ T6043] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 567.686581][ T6043] usb 6-1: Product: syz [ 567.711455][ T6043] usb 6-1: Manufacturer: syz [ 567.716060][ T6043] usb 6-1: SerialNumber: syz [ 567.761962][ T6043] usb 6-1: config 0 descriptor?? [ 567.821898][ T6043] quatech2 6-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 567.910241][T10719] bond1 (unregistering): Released all slaves [ 568.025897][ T6043] usb 6-1: qt2_setup_urbs - submit read urb failed -8 [ 568.041446][ T6043] quatech2 6-1:0.51: probe with driver quatech2 failed with error -8 [ 568.953363][ T6043] usb 6-1: USB disconnect, device number 6 [ 569.691608][T10736] bond1 (unregistering): Released all slaves [ 572.403607][T10755] could not allocate digest TFM handle crct10dif-arm64-ce [ 572.529608][T10764] FAT-fs (nbd3): unable to read boot sector [ 574.831553][T10782] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 1280 [ 576.554195][T10797] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1450'. [ 576.608836][ T30] audit: type=1326 audit(1764001259.997:1475): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10795 comm="syz.4.1450" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92c558f749 code=0x7ffc0000 [ 576.688317][ T30] audit: type=1326 audit(1764001259.997:1476): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10795 comm="syz.4.1450" exe="/root/syz-executor" sig=0 arch=c000003e syscall=84 compat=0 ip=0x7f92c558f749 code=0x7ffc0000 [ 576.771403][ T30] audit: type=1326 audit(1764001259.997:1477): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10795 comm="syz.4.1450" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92c558f749 code=0x7ffc0000 [ 576.801635][ T30] audit: type=1326 audit(1764001259.997:1478): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10795 comm="syz.4.1450" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f92c558f749 code=0x7ffc0000 [ 576.896907][ T30] audit: type=1326 audit(1764001259.997:1479): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10795 comm="syz.4.1450" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92c558f749 code=0x7ffc0000 [ 577.021205][ T30] audit: type=1326 audit(1764001259.997:1480): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10795 comm="syz.4.1450" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f92c558f749 code=0x7ffc0000 [ 577.143360][ T30] audit: type=1326 audit(1764001259.997:1481): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10795 comm="syz.4.1450" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92c558f749 code=0x7ffc0000 [ 577.432552][ T30] audit: type=1326 audit(1764001259.997:1482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10795 comm="syz.4.1450" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f92c558f749 code=0x7ffc0000 [ 577.539066][ T30] audit: type=1326 audit(1764001259.997:1483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10795 comm="syz.4.1450" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92c558f749 code=0x7ffc0000 [ 577.605998][ T30] audit: type=1326 audit(1764001259.997:1484): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10795 comm="syz.4.1450" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f92c558f749 code=0x7ffc0000 [ 579.211384][T10836] Invalid ELF header type: 25773 != 1 [ 579.299725][T10836] loop3: detected capacity change from 0 to 1024 [ 579.684407][T10830] batadv_slave_0: entered promiscuous mode [ 580.032484][T10828] batadv_slave_0: left promiscuous mode [ 580.148493][T10831] batadv_slave_0: entered promiscuous mode [ 580.423282][T10826] batadv_slave_0: left promiscuous mode [ 582.693736][T10866] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1469'. [ 583.413444][T10869] bond1 (unregistering): Released all slaves [ 584.296331][ T30] kauditd_printk_skb: 60 callbacks suppressed [ 584.296353][ T30] audit: type=1326 audit(1764001267.687:1545): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10876 comm="syz.4.1471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92c558f749 code=0x7ffc0000 [ 584.369087][ T30] audit: type=1326 audit(1764001267.687:1546): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10876 comm="syz.4.1471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f92c558f749 code=0x7ffc0000 [ 584.392088][ T30] audit: type=1326 audit(1764001267.687:1547): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10876 comm="syz.4.1471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92c558f749 code=0x7ffc0000 [ 584.414501][ C1] vkms_vblank_simulate: vblank timer overrun [ 584.487452][ T30] audit: type=1326 audit(1764001267.687:1548): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10876 comm="syz.4.1471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92c558f749 code=0x7ffc0000 [ 584.526423][ T30] audit: type=1326 audit(1764001267.747:1549): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10876 comm="syz.4.1471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f92c558f749 code=0x7ffc0000 [ 584.549053][ C1] vkms_vblank_simulate: vblank timer overrun [ 584.761612][T10884] loop7: detected capacity change from 0 to 7 [ 584.823784][ C0] blk_print_req_error: 25 callbacks suppressed [ 584.823825][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 584.839288][ C0] buffer_io_error: 25 callbacks suppressed [ 584.839326][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 585.074196][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 585.083421][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 585.143900][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 585.153114][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 585.168942][ T5838] Bluetooth: hci6: command 0x0406 tx timeout [ 585.181323][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 585.190504][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 585.198812][ T30] audit: type=1326 audit(1764001267.757:1550): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10876 comm="syz.4.1471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92c558f749 code=0x7ffc0000 [ 585.236342][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 585.245512][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 585.318654][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 585.327838][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 585.336910][T10884] ldm_validate_partition_table(): Disk read failed. [ 585.355070][ T30] audit: type=1326 audit(1764001267.757:1551): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10876 comm="syz.4.1471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7f92c558f749 code=0x7ffc0000 [ 585.361159][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 585.386693][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 585.817680][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 585.826969][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 585.837916][ T30] audit: type=1326 audit(1764001267.757:1552): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10876 comm="syz.4.1471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f92c55865e7 code=0x7ffc0000 [ 585.843059][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 585.869485][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 585.881516][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 585.890663][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 585.898826][T10884] Dev loop7: unable to read RDB block 0 [ 585.931259][ T30] audit: type=1326 audit(1764001267.757:1553): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10876 comm="syz.4.1471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f92c552b829 code=0x7ffc0000 [ 585.956395][ T30] audit: type=1326 audit(1764001267.757:1554): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10876 comm="syz.4.1471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f92c55865e7 code=0x7ffc0000 [ 585.989549][T10884] loop7: unable to read partition table [ 586.128392][T10884] loop7: partition table beyond EOD, truncated [ 586.161158][T10884] loop_reread_partitions: partition scan of loop7 (Cj̖P=ý?}X %`ր{֐ȵ4FLQk݊) failed (rc=-5) [ 586.242191][T10892] batadv_slave_0: entered promiscuous mode [ 586.485276][T10890] batadv_slave_0: left promiscuous mode [ 588.202990][ T1219] usb 9-1: new high-speed USB device number 5 using dummy_hcd [ 588.722011][ T1219] usb 9-1: Using ep0 maxpacket: 32 [ 588.746125][ T1219] usb 9-1: unable to get BOS descriptor or descriptor too short [ 588.890756][ T1219] usb 9-1: config 56 has an invalid interface number: 222 but max is 0 [ 589.016715][T10914] netlink: 12 bytes leftover after parsing attributes in process `syz.9.1485'. [ 589.247596][ T1219] usb 9-1: config 56 has no interface number 0 [ 589.429720][ T1219] usb 9-1: config 56 interface 222 has no altsetting 0 [ 589.745520][ T1219] usb 9-1: New USB device found, idVendor=2020, idProduct=2031, bcdDevice=3b.23 [ 589.776482][ T1219] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 589.838963][ T1219] usb 9-1: Product: syz [ 589.941962][ T1219] usb 9-1: Manufacturer: syz [ 589.976174][ T1219] usb 9-1: SerialNumber: syz [ 590.491312][ T1219] usb 9-1: can't set config #56, error -71 [ 590.535251][ T1219] usb 9-1: USB disconnect, device number 5 [ 591.525478][ T30] kauditd_printk_skb: 21 callbacks suppressed [ 591.525499][ T30] audit: type=1326 audit(1764001274.917:1576): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10924 comm="syz.8.1490" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe24698f749 code=0x7ffc0000 [ 591.536795][T10928] batadv_slave_0: entered promiscuous mode [ 591.555841][ T30] audit: type=1326 audit(1764001274.947:1577): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10924 comm="syz.8.1490" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe24698f749 code=0x7ffc0000 [ 591.627660][T10927] batadv_slave_0: left promiscuous mode [ 592.425361][T10944] loop7: detected capacity change from 0 to 7 [ 592.467270][ C1] blk_print_req_error: 10 callbacks suppressed [ 592.467293][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 592.482718][ C1] buffer_io_error: 10 callbacks suppressed [ 592.482736][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 592.515726][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 592.524891][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 592.975000][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 592.984214][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 593.025326][ T30] audit: type=1800 audit(1764001276.327:1578): pid=10946 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.7.1494" name="SYSV00000000" dev="tmpfs" ino=2 res=0 errno=0 [ 593.342544][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 593.351764][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 593.373349][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 593.382540][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 593.390876][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 593.400074][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 593.408790][T10944] ldm_validate_partition_table(): Disk read failed. [ 593.412069][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 593.424560][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 593.436777][ T30] audit: type=1326 audit(1764001276.827:1579): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10949 comm="syz.9.1496" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fbf1338f749 code=0x0 [ 593.464751][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 593.473909][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 593.483227][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 593.492449][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 593.500806][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 593.509965][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 593.653693][T10944] Dev loop7: unable to read RDB block 0 [ 593.692388][T10944] loop7: unable to read partition table [ 593.698200][T10944] loop7: partition table beyond EOD, truncated [ 593.781283][T10944] loop_reread_partitions: partition scan of loop7 (Cj̖P=ý?}X %`ր{֐ȵ4FLQk݊) failed (rc=-5) [ 595.086387][T10974] binder: 10971:10974 ioctl 4018620d 0 returned -22 [ 595.165007][T10974] binder: 10971:10974 ioctl c0306201 0 returned -14 [ 595.711113][T10975] netlink: 12 bytes leftover after parsing attributes in process `syz.9.1502'. [ 598.442266][ T30] audit: type=1326 audit(1764001281.827:1580): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10989 comm="syz.9.1508" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf1338f749 code=0x7ffc0000 [ 598.552657][ T30] audit: type=1326 audit(1764001281.827:1581): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10989 comm="syz.9.1508" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7fbf1338f749 code=0x7ffc0000 [ 598.681637][ T30] audit: type=1326 audit(1764001281.827:1582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10989 comm="syz.9.1508" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf1338f749 code=0x7ffc0000 [ 598.801351][ T30] audit: type=1326 audit(1764001281.827:1583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10989 comm="syz.9.1508" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7fbf1338f749 code=0x7ffc0000 [ 598.948235][ T30] audit: type=1326 audit(1764001281.827:1584): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10989 comm="syz.9.1508" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf1338f749 code=0x7ffc0000 [ 599.666891][ T30] audit: type=1326 audit(1764001281.827:1585): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10989 comm="syz.9.1508" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7fbf1338f749 code=0x7ffc0000 [ 599.690994][ T30] audit: type=1326 audit(1764001281.827:1586): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10989 comm="syz.9.1508" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fbf133865e7 code=0x7ffc0000 [ 599.721984][ T30] audit: type=1326 audit(1764001281.827:1587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10989 comm="syz.9.1508" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fbf1332b829 code=0x7ffc0000 [ 599.745651][ T30] audit: type=1326 audit(1764001281.827:1588): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10989 comm="syz.9.1508" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf1338f749 code=0x7ffc0000 [ 599.771691][ T30] audit: type=1326 audit(1764001281.827:1589): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10989 comm="syz.9.1508" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fbf1338f749 code=0x7ffc0000 [ 600.147223][T11010] loop7: detected capacity change from 0 to 7 [ 600.485822][ C1] blk_print_req_error: 10 callbacks suppressed [ 600.485846][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 600.501256][ C1] buffer_io_error: 10 callbacks suppressed [ 600.501275][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 600.524468][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 600.533680][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 600.560511][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 600.569775][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 600.584385][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 600.593668][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 600.605639][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 600.614808][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 600.631186][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 600.640415][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 600.648934][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 600.658120][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 600.666221][T11010] ldm_validate_partition_table(): Disk read failed. [ 600.787454][T11013] random: crng reseeded on system resumption [ 601.165537][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 601.174722][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 601.239532][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 601.248755][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 601.286128][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 601.295300][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 601.326651][T11010] Dev loop7: unable to read RDB block 0 [ 601.386342][T11010] loop7: unable to read partition table [ 601.411825][T11010] loop7: partition table beyond EOD, truncated [ 601.445713][T11010] loop_reread_partitions: partition scan of loop7 (Cj̖P=ý?}X %`ր{֐ȵ4FLQk݊) failed (rc=-5) [ 602.191798][ T6002] usb 6-1: new full-speed USB device number 7 using dummy_hcd [ 602.599213][ T6002] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 602.655605][ T6002] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 602.817338][ T6002] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.00 [ 602.831346][ T6002] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 602.839612][ T6002] usb 6-1: SerialNumber: syz [ 603.691521][ T6002] usb 6-1: 0:2 : does not exist [ 604.093336][ T30] kauditd_printk_skb: 8 callbacks suppressed [ 604.093405][ T30] audit: type=1800 audit(1764001287.457:1598): pid=11036 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1523" name="SYSV00000000" dev="tmpfs" ino=1 res=0 errno=0 [ 604.104827][T11036] batadv_slave_0: entered promiscuous mode [ 604.457593][T11034] batadv_slave_0: left promiscuous mode [ 604.527366][ T5938] usb 6-1: USB disconnect, device number 7 [ 607.392741][T11058] loop7: detected capacity change from 0 to 7 [ 607.399628][ C0] blk_print_req_error: 10 callbacks suppressed [ 607.399646][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 607.414929][ C0] buffer_io_error: 10 callbacks suppressed [ 607.414941][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 607.431275][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 607.440433][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 607.449379][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 607.458535][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 607.468292][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 607.477436][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 607.485530][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 607.494732][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 607.503181][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 607.512340][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 607.521122][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 607.530280][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 607.538166][T11058] ldm_validate_partition_table(): Disk read failed. [ 607.546120][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 607.555257][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 607.564118][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 607.573276][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 607.581494][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 607.590682][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 607.599490][T11058] Dev loop7: unable to read RDB block 0 [ 607.611182][T11058] loop7: unable to read partition table [ 607.617021][T11058] loop7: partition table beyond EOD, truncated [ 607.623301][T11058] loop_reread_partitions: partition scan of loop7 (Cj̖P=ý?}X %`ր{֐ȵ4FLQk݊) failed (rc=-5) [ 607.948397][T11066] loop9: detected capacity change from 0 to 1024 [ 607.968172][T11066] EXT4-fs: Ignoring removed bh option [ 608.020103][T11066] EXT4-fs: Ignoring removed nobh option [ 608.049036][T11066] EXT4-fs: Ignoring removed bh option [ 608.214338][T11066] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 608.760096][T11076] EXT4-fs error (device loop9): ext4_mb_mark_diskspace_used:4193: comm syz.9.1533: Allocating blocks 497-513 which overlap fs metadata [ 608.803567][T11076] EXT4-fs (loop9): pa ffff88802fdf0d98: logic 256, phys. 385, len 8 [ 608.811636][T11076] EXT4-fs error (device loop9): ext4_mb_release_inode_pa:5444: group 0, free 0, pa_free 1 [ 610.384908][ T9803] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 610.710861][T11084] netlink: 12 bytes leftover after parsing attributes in process `syz.7.1538'. [ 612.382161][T11104] overlayfs: missing 'lowerdir' [ 612.483220][T11105] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 612.680457][T11105] overlayfs: failed lookup in lower (/, name='tracing', err=-66): unsupported object type [ 612.701920][T11105] overlayfs: failed to look up (tracing) for ino (-66) [ 615.551730][T11116] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 617.430328][ T6043] hid-generic FFFF:0008:0003.0013: item fetching failed at offset 0/2 [ 617.483058][ T6043] hid-generic FFFF:0008:0003.0013: probe with driver hid-generic failed with error -22 [ 618.332275][T11142] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1553'. [ 618.848379][T11144] netlink: 28 bytes leftover after parsing attributes in process `syz.9.1554'. [ 619.475713][T11152] tipc: Started in network mode [ 619.480611][T11152] tipc: Node identity ca92b348d56b, cluster identity 4711 [ 619.723931][T11152] tipc: Enabled bearer , priority 0 [ 621.250419][T11151] tipc: Disabling bearer [ 621.634395][ T6043] tipc: Node number set to 536458056 [ 622.841907][T11175] could not allocate digest TFM handle crct10dif-arm64-ce [ 623.089307][T11191] loop5: detected capacity change from 0 to 1024 [ 623.544656][T11200] netlink: 12 bytes leftover after parsing attributes in process `syz.9.1570'. [ 623.660213][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 623.666711][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 624.008109][T11209] loop9: detected capacity change from 0 to 16 [ 624.080560][T11209] erofs (device loop9): mounted with root inode @ nid 36. [ 624.089657][T11209] erofs (device loop9): bogus lookback distance 1388 @ lcn 42 of nid 36 [ 624.105731][T11209] erofs (device loop9): read error -117 @ 43 of nid 36 [ 630.592517][T11252] bond1 (unregistering): Released all slaves [ 631.601213][ T5938] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 632.164296][ T5938] usb 4-1: Using ep0 maxpacket: 32 [ 632.218438][ T5938] usb 4-1: config 0 has an invalid interface number: 51 but max is 0 [ 632.268674][ T5938] usb 4-1: config 0 has no interface number 0 [ 632.441632][ T5938] usb 4-1: config 0 interface 51 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 632.485707][ T5938] usb 4-1: config 0 interface 51 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 632.520637][ T5938] usb 4-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 632.552963][ T5938] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 632.602750][ T5938] usb 4-1: Product: syz [ 632.606956][ T5938] usb 4-1: Manufacturer: syz [ 632.980010][ T5938] usb 4-1: SerialNumber: syz [ 632.990866][ T5938] usb 4-1: config 0 descriptor?? [ 632.998552][ T5938] quatech2 4-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 633.753109][ T5938] usb 4-1: qt2_setup_urbs - submit read urb failed -90 [ 633.832696][ T5938] quatech2 4-1:0.51: probe with driver quatech2 failed with error -90 [ 633.948443][ T5938] usb 4-1: USB disconnect, device number 13 [ 635.775920][T11312] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 636.982037][T11321] vivid-007: disconnect [ 637.502683][T11316] vivid-007: reconnect [ 638.686244][ T8578] usb 9-1: new high-speed USB device number 6 using dummy_hcd [ 638.870051][ T8578] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 638.905353][ T8578] usb 9-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 638.925525][ T8578] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 638.982579][ T8578] usb 9-1: config 0 descriptor?? [ 639.020135][ T8578] pwc: Askey VC010 type 2 USB webcam detected. [ 639.149378][T11335] loop9: detected capacity change from 0 to 1024 [ 639.631220][ T8578] pwc: recv_control_msg error -32 req 02 val 2b00 [ 639.676977][ T8578] pwc: recv_control_msg error -32 req 02 val 2700 [ 639.713937][ T8578] pwc: recv_control_msg error -32 req 02 val 2c00 [ 639.779533][ T8578] pwc: recv_control_msg error -32 req 04 val 1000 [ 639.811719][ T8578] pwc: recv_control_msg error -32 req 04 val 1300 [ 639.883806][ T8578] pwc: recv_control_msg error -32 req 04 val 1400 [ 639.935055][ T8578] pwc: recv_control_msg error -32 req 02 val 2000 [ 640.168804][ T8578] pwc: recv_control_msg error -71 req 04 val 1500 [ 640.367132][ T8578] pwc: recv_control_msg error -71 req 02 val 2500 [ 640.385990][ T8578] pwc: recv_control_msg error -71 req 02 val 2400 [ 640.548126][ T8578] pwc: recv_control_msg error -71 req 02 val 2600 [ 640.565280][ T8578] pwc: recv_control_msg error -71 req 02 val 2900 [ 640.580454][T11345] input: syz1 as /devices/virtual/input/input17 [ 640.598071][ T8578] pwc: recv_control_msg error -71 req 02 val 2800 [ 640.833148][ T8578] pwc: recv_control_msg error -71 req 04 val 1100 [ 640.850448][ T8578] pwc: recv_control_msg error -71 req 04 val 1200 [ 641.262455][ T8578] pwc: Registered as video103. [ 641.299092][ T8578] input: PWC snapshot button as /devices/platform/dummy_hcd.8/usb9/9-1/input/input18 [ 642.182350][ T8578] usb 9-1: USB disconnect, device number 6 [ 644.220956][T11389] fuse: Bad value for 'group_id' [ 644.236659][T11389] fuse: Bad value for 'group_id' [ 644.538581][T11394] binder: 11393:11394 unknown command 0 [ 644.593286][T11394] binder: 11393:11394 ioctl c0306201 200000000080 returned -22 [ 644.802988][T11394] binder: 11393:11394 ioctl c0306201 2000000003c0 returned -14 [ 644.841498][T11394] binder: 11393:11394 ioctl c0306201 0 returned -14 [ 646.275241][ T5850] Bluetooth: hci3: command 0x0406 tx timeout [ 646.793333][T11412] loop7: detected capacity change from 0 to 7 [ 647.041532][ C0] blk_print_req_error: 10 callbacks suppressed [ 647.041557][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 647.056887][ C0] buffer_io_error: 10 callbacks suppressed [ 647.056902][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 647.071152][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 647.080286][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 647.096944][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 647.106180][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 647.114762][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 647.123916][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 647.138379][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 647.147625][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 647.160031][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 647.169220][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 647.177609][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 647.186769][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 647.196465][ T5839] ldm_validate_partition_table(): Disk read failed. [ 647.204048][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 647.213244][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 647.221560][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 647.230872][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 647.239077][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 647.248362][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 647.256767][ T5839] Dev loop7: unable to read RDB block 0 [ 647.287203][ T5839] loop7: unable to read partition table [ 647.299327][ T5839] loop7: partition table beyond EOD, truncated [ 647.358240][T11412] ldm_validate_partition_table(): Disk read failed. [ 647.380035][T11412] Dev loop7: unable to read RDB block 0 [ 647.429048][T11412] loop7: unable to read partition table [ 647.459676][T11412] loop7: partition table beyond EOD, truncated [ 647.479814][T11412] loop_reread_partitions: partition scan of loop7 (Cj̖P=ý?}X %`ր{֐ȵ4FLQk݊) failed (rc=-5) [ 647.974386][T11418] vivid-007: disconnect [ 648.488933][T11414] vivid-007: reconnect [ 649.606521][T11439] binder: 11438:11439 unknown command 0 [ 649.652055][T11439] binder: 11438:11439 ioctl c0306201 200000000080 returned -22 [ 649.733234][T11443] binder: 11438:11443 ioctl c0306201 2000000003c0 returned -14 [ 649.762706][T11443] binder: 11438:11443 ioctl c0306201 0 returned -14 [ 651.262895][T11463] loop7: detected capacity change from 0 to 7 [ 651.779992][ T5839] ldm_validate_partition_table(): Disk read failed. [ 651.886321][ T5839] Dev loop7: unable to read RDB block 0 [ 651.895913][ T5839] loop7: unable to read partition table [ 651.910311][ T5839] loop7: partition table beyond EOD, truncated [ 652.118411][ C1] blk_print_req_error: 40 callbacks suppressed [ 652.118437][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 652.140198][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 652.149650][ C0] buffer_io_error: 40 callbacks suppressed [ 652.149699][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 652.371384][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 652.380606][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 652.412280][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 652.421488][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 652.450381][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 652.459608][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 652.471639][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 652.480813][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 653.611515][T11478] binder_alloc: 11476: binder_alloc_buf, no vma [ 654.176032][T11496] binder: 11494:11496 unknown command 0 [ 654.229153][T11498] binder: BINDER_SET_CONTEXT_MGR already set [ 654.235482][T11498] binder: 11494:11498 ioctl 4018620d 200000000040 returned -16 [ 654.241185][T11496] binder: 11494:11496 ioctl c0306201 200000000080 returned -22 [ 654.244924][T11498] binder: 11494:11498 ioctl c0306201 2000000003c0 returned -14 [ 654.298603][T11496] binder: 11494:11496 ioctl c0306201 0 returned -14 [ 655.823172][T11512] could not allocate digest TFM handle crct10dif-arm64-ce [ 656.131848][T11521] netlink: 96 bytes leftover after parsing attributes in process `syz.3.1669'. [ 657.484084][ T6043] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 657.691233][ T6043] usb 6-1: Using ep0 maxpacket: 8 [ 657.723352][ T6043] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 657.749556][ T6043] usb 6-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 657.764927][ T6043] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 657.779432][ T6043] usb 6-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 657.793865][ T6043] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 657.808500][ T6043] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 657.834142][ T6043] usb 6-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 658.380050][ T6043] usb 6-1: config 168 interface 0 has no altsetting 0 [ 658.541862][ T6043] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 658.549290][ T6043] usb 6-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 658.663853][ T6043] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 658.741153][ T6043] usb 6-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 658.817398][ T6043] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 658.869074][ T6043] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 658.890800][ T6043] usb 6-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 658.905500][ T6043] usb 6-1: config 168 interface 0 has no altsetting 0 [ 658.914347][ T6043] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 658.927836][ T6043] usb 6-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 658.961007][ T6043] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 659.185296][ T6043] usb 6-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 659.216724][ T6043] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 659.236720][ T6043] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 659.255112][ T6043] usb 6-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 659.615531][ T6043] usb 6-1: config 168 interface 0 has no altsetting 0 [ 659.645709][ T6043] usb 6-1: string descriptor 0 read error: -22 [ 659.665033][ T6043] usb 6-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 660.129735][ T6043] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 660.293176][ T6043] usb 6-1: can't set config #168, error -71 [ 660.402427][ T6043] usb 6-1: USB disconnect, device number 8 [ 664.051217][ T5938] usb 10-1: new high-speed USB device number 3 using dummy_hcd [ 664.312517][ T5938] usb 10-1: Using ep0 maxpacket: 32 [ 664.342065][ T5938] usb 10-1: unable to get BOS descriptor or descriptor too short [ 664.414990][ T5938] usb 10-1: config 56 has an invalid interface number: 222 but max is 0 [ 664.460691][ T5938] usb 10-1: config 56 has no interface number 0 [ 664.544886][ T5938] usb 10-1: config 56 interface 222 has no altsetting 0 [ 664.569058][ T5938] usb 10-1: New USB device found, idVendor=2020, idProduct=2031, bcdDevice=3b.23 [ 664.594168][ T5938] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 664.781254][ T5938] usb 10-1: Product: syz [ 664.791318][ T5938] usb 10-1: Manufacturer: syz [ 664.806220][ T5938] usb 10-1: SerialNumber: syz [ 666.112924][ T5938] option 10-1:56.222: GSM modem (1-port) converter detected [ 666.298526][ T5938] usb 10-1: USB disconnect, device number 3 [ 666.332464][ T5938] option 10-1:56.222: device disconnected [ 666.359564][T11613] bond1 (unregistering): Released all slaves [ 666.691388][ T6002] usb 9-1: new high-speed USB device number 7 using dummy_hcd [ 666.871411][ T6002] usb 9-1: device descriptor read/64, error -71 [ 667.121155][ T6002] usb 9-1: new high-speed USB device number 8 using dummy_hcd [ 667.291163][ T6002] usb 9-1: device descriptor read/64, error -71 [ 667.493408][ T6002] usb usb9-port1: attempt power cycle [ 668.231411][ T6002] usb 9-1: new high-speed USB device number 9 using dummy_hcd [ 668.297464][ T6002] usb 9-1: device descriptor read/8, error -71 [ 669.052296][ T6002] usb 9-1: new high-speed USB device number 10 using dummy_hcd [ 669.086857][ T6002] usb 9-1: device descriptor read/8, error -71 [ 669.171945][T11637] workqueue: Failed to create a rescuer kthread for wq "ceph-completion": -EINTR [ 669.631514][T11642] loop5: detected capacity change from 0 to 1024 [ 669.674262][ T6002] usb usb9-port1: unable to enumerate USB device [ 670.415892][T11650] netlink: 12 bytes leftover after parsing attributes in process `syz.7.1708'. [ 670.725716][T11655] vivid-007: disconnect [ 671.251947][T11648] vivid-007: reconnect [ 672.142000][T11673] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1714'. [ 672.214044][ T30] audit: type=1326 audit(1764001355.587:1599): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11669 comm="syz.5.1714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f093938f749 code=0x7ffc0000 [ 672.307415][ T30] audit: type=1326 audit(1764001355.587:1600): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11669 comm="syz.5.1714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f093938f749 code=0x7ffc0000 [ 672.449799][ T30] audit: type=1326 audit(1764001355.597:1601): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11669 comm="syz.5.1714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=84 compat=0 ip=0x7f093938f749 code=0x7ffc0000 [ 672.572664][ T30] audit: type=1326 audit(1764001355.597:1602): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11669 comm="syz.5.1714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f093938f749 code=0x7ffc0000 [ 672.744054][ T30] audit: type=1326 audit(1764001355.657:1603): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11669 comm="syz.5.1714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f093938f749 code=0x7ffc0000 [ 672.871381][ T30] audit: type=1326 audit(1764001355.667:1604): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11669 comm="syz.5.1714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f093938f749 code=0x7ffc0000 [ 673.371222][ T30] audit: type=1326 audit(1764001355.667:1605): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11669 comm="syz.5.1714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f093938f749 code=0x7ffc0000 [ 673.394083][ T30] audit: type=1326 audit(1764001355.667:1606): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11669 comm="syz.5.1714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f093938f749 code=0x7ffc0000 [ 673.520559][ T5938] libceph: connect (1)[c::]:6789 error -101 [ 673.528692][ T5938] libceph: mon0 (1)[c::]:6789 connect error [ 673.544903][ T30] audit: type=1326 audit(1764001355.667:1607): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11669 comm="syz.5.1714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f093938f749 code=0x7ffc0000 [ 673.591873][ T30] audit: type=1326 audit(1764001355.667:1608): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11669 comm="syz.5.1714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f093938f749 code=0x7ffc0000 [ 673.839908][ T5938] libceph: connect (1)[c::]:6789 error -101 [ 673.851596][ T5938] libceph: mon0 (1)[c::]:6789 connect error [ 674.064979][T11684] ceph: No mds server is up or the cluster is laggy [ 674.261116][ T5938] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 674.541327][ T5938] usb 5-1: device descriptor read/64, error -71 [ 675.153939][ T5938] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 675.363682][ T5938] usb 5-1: device descriptor read/64, error -71 [ 675.721343][ T5938] usb usb5-port1: attempt power cycle [ 676.091288][ T5938] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 676.112580][ T5938] usb 5-1: device descriptor read/8, error -71 [ 676.351452][ T5938] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 676.651837][ T5938] usb 5-1: device descriptor read/8, error -71 [ 676.772223][ T5938] usb usb5-port1: unable to enumerate USB device [ 678.060661][T11713] netlink: 12 bytes leftover after parsing attributes in process `syz.9.1725'. [ 678.294687][T11717] vivid-007: disconnect [ 678.758207][T11720] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1728'. [ 678.868633][T11714] vivid-007: reconnect [ 679.393159][T11728] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 679.951156][ T6043] usb 9-1: new high-speed USB device number 11 using dummy_hcd [ 680.020254][T11738] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 680.213580][ T6043] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 680.233821][ T6043] usb 9-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 680.278627][ T6043] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 680.313922][ T6043] usb 9-1: config 0 descriptor?? [ 680.354200][ T6043] pwc: Askey VC010 type 2 USB webcam detected. [ 680.812882][ T6043] pwc: recv_control_msg error -32 req 02 val 2b00 [ 680.831877][ T6043] pwc: recv_control_msg error -32 req 02 val 2700 [ 680.879877][ T6043] pwc: recv_control_msg error -32 req 02 val 2c00 [ 680.922375][ T6043] pwc: recv_control_msg error -32 req 04 val 1000 [ 681.453048][ T6043] pwc: recv_control_msg error -32 req 04 val 1300 [ 681.471475][ T6043] pwc: recv_control_msg error -32 req 04 val 1400 [ 681.481885][ T6043] pwc: recv_control_msg error -32 req 02 val 2000 [ 681.730102][ T6043] pwc: recv_control_msg error -71 req 04 val 1500 [ 681.780596][ T6043] pwc: recv_control_msg error -71 req 02 val 2500 [ 682.265613][ T6043] pwc: recv_control_msg error -71 req 02 val 2400 [ 682.314391][ T6043] pwc: recv_control_msg error -71 req 02 val 2600 [ 682.596424][ T6043] pwc: recv_control_msg error -71 req 02 val 2900 [ 682.639199][ T6043] pwc: recv_control_msg error -71 req 02 val 2800 [ 682.655967][ T6043] pwc: recv_control_msg error -71 req 04 val 1100 [ 682.683706][ T6043] pwc: recv_control_msg error -71 req 04 val 1200 [ 682.732009][ T6043] pwc: Registered as video103. [ 682.837703][ T6043] input: PWC snapshot button as /devices/platform/dummy_hcd.8/usb9/9-1/input/input19 [ 683.394001][ T6043] usb 9-1: USB disconnect, device number 11 [ 683.541586][ T114] usb 10-1: new high-speed USB device number 4 using dummy_hcd [ 683.682304][ T114] usb 10-1: device descriptor read/64, error -71 [ 683.982161][ T114] usb 10-1: new high-speed USB device number 5 using dummy_hcd [ 684.807404][ T114] usb 10-1: device descriptor read/64, error -71 [ 684.962608][ T114] usb usb10-port1: attempt power cycle [ 685.108448][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 685.241324][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 685.538530][ T114] usb 10-1: new high-speed USB device number 6 using dummy_hcd [ 685.625670][ T114] usb 10-1: device descriptor read/8, error -71 [ 685.741399][T11771] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 686.491381][ T114] usb 10-1: new high-speed USB device number 7 using dummy_hcd [ 686.559601][ T114] usb 10-1: Using ep0 maxpacket: 32 [ 686.582747][ T114] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 686.668035][ T114] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 686.722331][ T114] usb 10-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 686.769533][ T114] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 686.932142][ T114] usb 10-1: config 0 descriptor?? [ 687.142613][ T114] hub 10-1:0.0: USB hub found [ 688.124936][ T114] hub 10-1:0.0: 1 port detected [ 688.501120][T11797] batadv_slave_0: entered promiscuous mode [ 689.108517][T11795] batadv_slave_0: left promiscuous mode [ 689.135587][ T114] hub 10-1:0.0: activate --> -90 [ 689.666060][ T114] usb 10-1-port1: config error [ 689.686824][ T1219] usb 10-1: USB disconnect, device number 7 [ 689.692912][ T114] hub 10-1:0.0: hub_ext_port_status failed (err = -71) [ 689.865652][ T114] hub_port_connect: 38 callbacks suppressed [ 689.865677][ T114] usb 10-1-port1: connect-debounce failed [ 690.018244][T11812] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 692.587033][T11827] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 692.611555][T11824] loop4: detected capacity change from 0 to 1024 [ 695.602018][T11847] vimc link validate: Sensor B:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 1:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 698.219071][ T8578] hid-generic FFFF:0008:0003.0014: item fetching failed at offset 0/2 [ 698.249141][ T8578] hid-generic FFFF:0008:0003.0014: probe with driver hid-generic failed with error -22 [ 699.173593][T11875] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 699.321412][ T8578] usb 10-1: new high-speed USB device number 8 using dummy_hcd [ 700.956271][ T8578] usb 10-1: no configurations [ 700.960998][ T8578] usb 10-1: can't read configurations, error -22 [ 701.099133][T11888] loop3: detected capacity change from 0 to 1024 [ 701.155732][ T8578] usb 10-1: new high-speed USB device number 9 using dummy_hcd [ 701.948036][ T8578] usb 10-1: no configurations [ 701.976197][ T8578] usb 10-1: can't read configurations, error -22 [ 702.182845][ T8578] usb usb10-port1: attempt power cycle [ 704.858559][T11928] netlink: 8 bytes leftover after parsing attributes in process `syz.8.1787'. [ 705.415881][T11934] random: crng reseeded on system resumption [ 705.428069][T11934] Restarting kernel threads ... [ 705.433445][T11934] Done restarting kernel threads. [ 708.971563][ T6043] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 709.419469][ T6043] usb 5-1: no configurations [ 709.426365][ T6043] usb 5-1: can't read configurations, error -22 [ 709.721738][ T6043] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 710.071866][ T6043] usb 5-1: no configurations [ 710.081447][ T6043] usb 5-1: can't read configurations, error -22 [ 710.108860][ T6043] usb usb5-port1: attempt power cycle [ 710.214766][T11969] batadv_slave_0: entered promiscuous mode [ 710.532019][ T30] audit: type=1800 audit(1764001393.607:1647): pid=11969 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.9.1800" name="SYSV00000000" dev="tmpfs" ino=2 res=0 errno=0 [ 710.591240][ T6043] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 710.654044][T11967] batadv_slave_0: left promiscuous mode [ 710.661569][ T6043] usb 5-1: no configurations [ 710.680034][ T6043] usb 5-1: can't read configurations, error -22 [ 710.851852][ T6043] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 710.905573][ T6043] usb 5-1: no configurations [ 710.925511][ T6043] usb 5-1: can't read configurations, error -22 [ 711.024628][ T6043] usb usb5-port1: unable to enumerate USB device [ 712.931167][ T5938] usb 10-1: new high-speed USB device number 11 using dummy_hcd [ 713.091616][ T5938] usb 10-1: Using ep0 maxpacket: 16 [ 713.268457][ T5938] usb 10-1: unable to get BOS descriptor or descriptor too short [ 713.278664][ T5938] usb 10-1: config 13 has an invalid interface number: 50 but max is 0 [ 713.298068][ T5938] usb 10-1: config 13 has no interface number 0 [ 713.304725][ T5938] usb 10-1: config 13 interface 50 altsetting 167 bulk endpoint 0x8 has invalid maxpacket 16 [ 713.336232][ T5938] usb 10-1: config 13 interface 50 has no altsetting 0 [ 713.587914][ T5938] usb 10-1: New USB device found, idVendor=1aca, idProduct=b28e, bcdDevice=92.32 [ 713.726000][ T5938] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 713.835001][ T5938] usb 10-1: Product: syz [ 713.877814][ T5938] usb 10-1: Manufacturer: syz [ 714.024309][ T5938] usb 10-1: SerialNumber: syz [ 714.051636][T11994] raw-gadget.0 gadget.9: fail, usb_ep_enable returned -22 [ 714.313338][T11991] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 714.339570][T11991] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 714.471653][ T6043] usb 6-1: new full-speed USB device number 9 using dummy_hcd [ 714.539856][ T5938] usb 10-1: Quirk or no altset; falling back to MIDI 1.0 [ 714.552875][ T30] audit: type=1326 audit(1764001397.947:1648): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12005 comm="syz.8.1812" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fe24698f749 code=0x0 [ 714.558195][ T5938] usb 10-1: MIDIStreaming interface descriptor not found [ 714.677718][ T6043] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 714.694530][ T6043] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 714.720101][ T5938] usb 10-1: USB disconnect, device number 11 [ 714.754666][ T6043] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 714.819089][ T6043] usb 6-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22 [ 714.844109][ T6043] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 1.40 [ 714.866200][ T6043] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 714.885285][ T6043] usb 6-1: SerialNumber: syz [ 714.898547][T12002] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22 [ 714.914309][ T6043] cdc_acm 6-1:1.0: Control and data interfaces are not separated! [ 714.924894][ T6043] cdc_acm 6-1:1.0: probe with driver cdc_acm failed with error -12 [ 714.944675][ T5847] udevd[5847]: error opening ATTR{/sys/devices/platform/dummy_hcd.9/usb10/10-1/10-1:13.50/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 715.116807][ T5938] usb 6-1: USB disconnect, device number 9 [ 716.279393][T12025] FAT-fs (nbd4): unable to read boot sector [ 717.973695][T12034] batadv_slave_0: entered promiscuous mode [ 717.980485][T12033] batadv_slave_0: left promiscuous mode [ 720.361188][ T30] audit: type=1326 audit(1764001403.747:1649): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12056 comm="syz.7.1830" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7efd47d8f749 code=0x0 [ 722.332355][T12073] FAT-fs (nbd7): unable to read boot sector [ 722.863034][ T6002] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 723.691800][ T6002] usb 6-1: Using ep0 maxpacket: 16 [ 723.764259][ T30] audit: type=1800 audit(1764001407.137:1650): pid=12086 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.7.1838" name="SYSV798dd830" dev="tmpfs" ino=0 res=0 errno=0 [ 724.374931][ T6002] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 724.709111][ T6002] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 724.761307][ T6002] usb 6-1: config 0 interface 0 has no altsetting 0 [ 724.778162][ T6002] usb 6-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 724.797740][ T6002] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 724.819639][ T6002] usb 6-1: config 0 descriptor?? [ 725.520510][ T6002] hid (null): unknown global tag 0xd [ 725.544155][ T6002] hid (null): unknown global tag 0xd [ 725.600420][ T6002] hid (null): nested delimiters [ 725.803375][ T30] audit: type=1326 audit(1764001409.187:1651): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12105 comm="syz.3.1846" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fec98f8f749 code=0x0 [ 726.154069][ T6002] usb 6-1: USB disconnect, device number 10 [ 726.260471][T12112] binder_alloc: 12108: binder_alloc_buf, no vma [ 726.836380][ T6002] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 727.742584][ T6002] usb 5-1: Using ep0 maxpacket: 32 [ 727.796847][ T6002] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 728.072081][ T6002] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 728.154594][ T6002] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 728.219756][ T6002] usb 5-1: Product: syz [ 728.228020][ T6002] usb 5-1: Manufacturer: syz [ 728.433362][T12131] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1854'. [ 728.585250][ T6002] usb 5-1: SerialNumber: syz [ 728.629190][ T6002] usb 5-1: config 0 descriptor?? [ 728.972628][T12139] binder: 12135:12139 ioctl 4018620d 0 returned -22 [ 729.645683][T12144] batadv_slave_0: entered promiscuous mode [ 729.780765][T12132] batadv_slave_0: left promiscuous mode [ 729.782636][ T6002] usb 5-1: can't set config #0, error -71 [ 730.331924][ T6002] usb 5-1: USB disconnect, device number 13 [ 731.013879][T12157] random: crng reseeded on system resumption [ 731.938342][ T24] hid-generic 0000:0000:0000.0016: unknown main item tag 0x0 [ 732.045238][T12153] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 732.106273][ T24] hid-generic 0000:0000:0000.0016: hidraw0: HID v0.00 Device [syz1] on syz0 [ 732.185369][T12160] Bluetooth: hci6: Opcode 0x0c1a failed: -4 [ 732.191617][T12160] Bluetooth: hci6: Error when powering off device on rfkill (-4) [ 732.904593][T12160] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 732.910528][T12160] Bluetooth: hci3: Error when powering off device on rfkill (-4) [ 732.994500][T12166] netlink: 3 bytes leftover after parsing attributes in process `syz.4.1859'. [ 733.304024][T12166] batadv1: entered allmulticast mode [ 735.691196][ T30] audit: type=1326 audit(1764001419.067:1652): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12183 comm="syz.7.1866" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7efd47d8f749 code=0x0 [ 737.723530][T12201] binder: 12198:12201 ioctl 4018620d 0 returned -22 [ 738.483455][T12203] batadv_slave_0: entered promiscuous mode [ 738.490835][T12202] batadv_slave_0: left promiscuous mode [ 739.006527][T12205] vivid-007: disconnect [ 739.011515][T12204] vivid-007: reconnect [ 740.591152][ T5938] usb 6-1: new high-speed USB device number 11 using dummy_hcd [ 741.330655][ T5938] usb 6-1: Using ep0 maxpacket: 16 [ 741.434109][ T5938] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 741.581075][ T5938] usb 6-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 741.607791][ T5938] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 741.709024][ T5938] usb 6-1: config 0 descriptor?? [ 741.791506][ T24] usb 5-1: new low-speed USB device number 14 using dummy_hcd [ 742.019498][ T24] usb 5-1: unable to get BOS descriptor or descriptor too short [ 742.056578][T12233] tipc: Enabling of bearer rejected, failed to enable media [ 742.071520][ T24] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 742.096104][ T24] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 742.133884][ T24] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid maxpacket 32, setting to 0 [ 742.145216][ T24] usb 5-1: config 1 interface 1 has no altsetting 0 [ 742.147430][ T5938] mcp2221 0003:04D8:00DD.0017: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.5-1/input0 [ 742.156464][ T24] usb 5-1: string descriptor 0 read error: -22 [ 742.346293][ C0] ================================================================== [ 742.354522][ C0] BUG: KASAN: use-after-free in mcp2221_raw_event+0x106a/0x1240 [ 742.362184][ C0] Read of size 1 at addr ffff88805cda7fff by task syz-executor/7035 [ 742.370184][ C0] [ 742.372530][ C0] CPU: 0 UID: 0 PID: 7035 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) [ 742.372569][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 742.372586][ C0] Call Trace: [ 742.372596][ C0] [ 742.372607][ C0] dump_stack_lvl+0x189/0x250 [ 742.372649][ C0] ? __kasan_check_byte+0x12/0x40 [ 742.372676][ C0] ? __pfx_dump_stack_lvl+0x10/0x10 [ 742.372711][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 742.372743][ C0] ? lock_release+0x4b/0x3e0 [ 742.372773][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 742.372804][ C0] ? __virt_addr_valid+0x4a5/0x5c0 [ 742.372843][ C0] print_report+0xca/0x240 [ 742.372875][ C0] ? mcp2221_raw_event+0x106a/0x1240 [ 742.372900][ C0] kasan_report+0x118/0x150 [ 742.372927][ C0] ? mcp2221_raw_event+0x106a/0x1240 [ 742.372957][ C0] mcp2221_raw_event+0x106a/0x1240 [ 742.372983][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 742.373013][ C0] ? down_trylock+0x50/0xb0 [ 742.373041][ C0] hid_input_report+0x40a/0x520 [ 742.373076][ C0] ? __pfx_mcp2221_raw_event+0x10/0x10 [ 742.373104][ C0] hid_irq_in+0x47e/0x6d0 [ 742.373134][ C0] __usb_hcd_giveback_urb+0x376/0x540 [ 742.373173][ C0] dummy_timer+0x85f/0x44c0 [ 742.373260][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 742.373296][ C0] ? __pfx_dummy_timer+0x10/0x10 [ 742.373328][ C0] ? __pfx_dummy_timer+0x10/0x10 [ 742.373356][ C0] ? __pfx_dummy_timer+0x10/0x10 [ 742.373385][ C0] __hrtimer_run_queues+0x52c/0xc60 [ 742.373414][ C0] ? ktime_get_update_offsets_now+0x67/0x3d0 [ 742.373455][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 742.373497][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 742.373526][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 742.373563][ C0] ? __pfx___local_bh_disable_ip+0x10/0x10 [ 742.373598][ C0] hrtimer_run_softirq+0x187/0x2b0 [ 742.373632][ C0] handle_softirqs+0x286/0x870 [ 742.373663][ C0] ? __irq_exit_rcu+0xca/0x1f0 [ 742.373701][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 742.373732][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 742.373762][ C0] ? irqtime_account_irq+0xb6/0x1c0 [ 742.373802][ C0] __irq_exit_rcu+0xca/0x1f0 [ 742.373831][ C0] ? __pfx___irq_exit_rcu+0x10/0x10 [ 742.373863][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 742.373894][ C0] irq_exit_rcu+0x9/0x30 [ 742.373920][ C0] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 742.373959][ C0] [ 742.373968][ C0] [ 742.373978][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 742.374007][ C0] RIP: 0010:finish_task_switch+0x26b/0x950 [ 742.374050][ C0] Code: 0f 84 3c 01 00 00 48 85 db 0f 85 63 01 00 00 e9 27 05 00 00 4c 8b 75 d0 4c 89 e7 e8 3f 2d b8 09 e8 6a b9 36 00 fb 4c 8b 65 c0 <49> 8d bc 24 58 16 00 00 48 89 f8 48 c1 e8 03 42 0f b6 04 28 84 c0 [ 742.374072][ C0] RSP: 0018:ffffc90003fdf938 EFLAGS: 00000282 [ 742.374098][ C0] RAX: 31fa969b316f8100 RBX: 0000000000000000 RCX: 31fa969b316f8100 [ 742.374117][ C0] RDX: 0000000000000000 RSI: ffffffff8d70e87c RDI: ffffffff8bbf08e0 [ 742.374136][ C0] RBP: ffffc90003fdf990 R08: ffffffff8f7cf077 R09: 1ffffffff1ef9e0e [ 742.374157][ C0] R10: dffffc0000000000 R11: fffffbfff1ef9e0f R12: ffff8880258e5ac0 [ 742.374178][ C0] R13: dffffc0000000000 R14: ffff88801c6b8000 R15: ffff8880b883abd8 [ 742.374211][ C0] ? finish_task_switch+0x266/0x950 [ 742.374254][ C0] __schedule+0x17a0/0x4cc0 [ 742.374304][ C0] ? __lock_acquire+0xab9/0xd20 [ 742.374330][ C0] ? __pfx___schedule+0x10/0x10 [ 742.374374][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 742.374407][ C0] ? schedule+0x91/0x360 [ 742.374444][ C0] schedule+0x165/0x360 [ 742.374480][ C0] do_nanosleep+0x1c5/0x610 [ 742.374516][ C0] ? do_nanosleep+0x7f/0x610 [ 742.374554][ C0] ? __pfx_do_nanosleep+0x10/0x10 [ 742.374585][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 742.374617][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 742.374647][ C0] ? __hrtimer_setup+0x187/0x210 [ 742.374674][ C0] ? __pfx_hrtimer_wakeup+0x10/0x10 [ 742.374708][ C0] hrtimer_nanosleep+0x169/0x360 [ 742.374741][ C0] ? __pfx_hrtimer_nanosleep+0x10/0x10 [ 742.374772][ C0] ? __pfx_hrtimer_wakeup+0x10/0x10 [ 742.374805][ C0] ? __pfx_get_timespec64+0x10/0x10 [ 742.374833][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 742.374866][ C0] __se_sys_clock_nanosleep+0x339/0x390 [ 742.374897][ C0] ? __pfx___se_sys_clock_nanosleep+0x10/0x10 [ 742.374927][ C0] ? do_syscall_64+0xbe/0xfa0 [ 742.374965][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 742.374999][ C0] do_syscall_64+0xfa/0xfa0 [ 742.375038][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 742.375064][ C0] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 742.375095][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 742.375120][ C0] RIP: 0033:0x7efd47dc2005 [ 742.375142][ C0] Code: 24 0c 89 3c 24 48 89 4c 24 18 e8 f6 54 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 8b 74 24 0c 8b 3c 24 b8 e6 00 00 00 0f 05 <44> 89 c7 48 89 04 24 e8 4f 55 ff ff 48 8b 04 24 48 83 c4 28 f7 d8 [ 742.375165][ C0] RSP: 002b:00007fff9c39c510 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6 [ 742.375191][ C0] RAX: ffffffffffffffda RBX: 00000000000002c3 RCX: 00007efd47dc2005 [ 742.375209][ C0] RDX: 00007fff9c39c550 RSI: 0000000000000000 RDI: 0000000000000000 [ 742.375227][ C0] RBP: 00007fff9c39c5bc R08: 0000000000000000 R09: 0000000000000000 [ 742.375244][ C0] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000001388 [ 742.375261][ C0] R13: 00000000000927c0 R14: 00000000000b536f R15: 00007fff9c39c610 [ 742.375292][ C0] [ 742.375300][ C0] [ 742.904337][ C0] The buggy address belongs to the physical page: [ 742.910725][ C0] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88805cda7000 pfn:0x5cda7 [ 742.920775][ C0] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 742.927886][ C0] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000 [ 742.936464][ C0] raw: ffff88805cda7000 0000000000000000 00000000ffffffff 0000000000000000 [ 742.945031][ C0] page dumped because: kasan: bad access detected [ 742.951423][ C0] page_owner tracks the page as freed [ 742.956765][ C0] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 10813, tgid 10807 (syz.9.1455), ts 577494764234, free_ts 596259165078 [ 742.978308][ C0] post_alloc_hook+0x234/0x290 [ 742.983082][ C0] get_page_from_freelist+0x2365/0x2440 [ 742.988613][ C0] __alloc_frozen_pages_noprof+0x181/0x370 [ 742.994430][ C0] alloc_pages_mpol+0x232/0x4a0 [ 742.999266][ C0] allocate_slab+0x96/0x350 [ 743.003761][ C0] ___slab_alloc+0xf56/0x1990 [ 743.008427][ C0] __slab_alloc+0x65/0x100 [ 743.012853][ C0] kmem_cache_alloc_node_noprof+0x4c5/0x710 [ 743.018754][ C0] kmalloc_reserve+0xbd/0x290 [ 743.023415][ C0] __alloc_skb+0x142/0x2d0 [ 743.027811][ C0] alloc_skb_with_frags+0xca/0x890 [ 743.032903][ C0] sock_alloc_send_pskb+0x84d/0x980 [ 743.038087][ C0] llc_ui_sendmsg+0x477/0xdd0 [ 743.042747][ C0] __sock_sendmsg+0x21c/0x270 [ 743.047414][ C0] ____sys_sendmsg+0x52d/0x830 [ 743.052157][ C0] ___sys_sendmsg+0x21f/0x2a0 [ 743.056832][ C0] page last free pid 10978 tgid 10976 stack trace: [ 743.063327][ C0] __free_frozen_pages+0xbc4/0xd30 [ 743.068431][ C0] __put_partials+0x146/0x170 [ 743.073088][ C0] put_cpu_partial+0x1f2/0x2e0 [ 743.077878][ C0] __slab_free+0x2b9/0x390 [ 743.082279][ C0] qlist_free_all+0x97/0x140 [ 743.086950][ C0] kasan_quarantine_reduce+0x148/0x160 [ 743.092397][ C0] __kasan_slab_alloc+0x22/0x80 [ 743.097238][ C0] kmem_cache_alloc_noprof+0x367/0x6e0 [ 743.102682][ C0] __kernfs_new_node+0xd7/0x7e0 [ 743.107519][ C0] kernfs_new_node+0x102/0x210 [ 743.112269][ C0] __kernfs_create_file+0x4b/0x2e0 [ 743.117360][ C0] sysfs_add_file_mode_ns+0x238/0x300 [ 743.122711][ C0] sysfs_merge_group+0x177/0x310 [ 743.127631][ C0] dpm_sysfs_add+0xd2/0x270 [ 743.132120][ C0] device_add+0x4d8/0xb50 [ 743.136517][ C0] __add_disk+0x4be/0xd50 [ 743.140828][ C0] [ 743.143151][ C0] Memory state around the buggy address: [ 743.148758][ C0] ffff88805cda7e80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 743.156797][ C0] ffff88805cda7f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 743.164835][ C0] >ffff88805cda7f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 743.172870][ C0] ^ [ 743.180821][ C0] ffff88805cda8000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 743.188859][ C0] ffff88805cda8080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 743.196897][ C0] ================================================================== [ 743.204932][ C0] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 743.212107][ C0] CPU: 0 UID: 0 PID: 7035 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) [ 743.221547][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 743.231597][ C0] Call Trace: [ 743.234859][ C0] [ 743.237684][ C0] dump_stack_lvl+0x99/0x250 [ 743.242302][ C0] ? __asan_memcpy+0x40/0x70 [ 743.246884][ C0] ? __pfx_dump_stack_lvl+0x10/0x10 [ 743.252069][ C0] ? __pfx__printk+0x10/0x10 [ 743.256644][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 743.262263][ C0] vpanic+0x237/0x6d0 [ 743.266240][ C0] ? __pfx_vpanic+0x10/0x10 [ 743.270826][ C0] panic+0xb9/0xc0 [ 743.274536][ C0] ? __pfx_panic+0x10/0x10 [ 743.278944][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 743.284562][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 743.290177][ C0] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 743.296075][ C0] ? mcp2221_raw_event+0x106a/0x1240 [ 743.301343][ C0] check_panic_on_warn+0x89/0xb0 [ 743.306280][ C0] ? mcp2221_raw_event+0x106a/0x1240 [ 743.311552][ C0] end_report+0x78/0x160 [ 743.315777][ C0] kasan_report+0x129/0x150 [ 743.320296][ C0] ? mcp2221_raw_event+0x106a/0x1240 [ 743.325570][ C0] mcp2221_raw_event+0x106a/0x1240 [ 743.330665][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 743.336288][ C0] ? down_trylock+0x50/0xb0 [ 743.340778][ C0] hid_input_report+0x40a/0x520 [ 743.345637][ C0] ? __pfx_mcp2221_raw_event+0x10/0x10 [ 743.351081][ C0] hid_irq_in+0x47e/0x6d0 [ 743.355409][ C0] __usb_hcd_giveback_urb+0x376/0x540 [ 743.360790][ C0] dummy_timer+0x85f/0x44c0 [ 743.365306][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 743.370930][ C0] ? __pfx_dummy_timer+0x10/0x10 [ 743.375858][ C0] ? __pfx_dummy_timer+0x10/0x10 [ 743.380785][ C0] ? __pfx_dummy_timer+0x10/0x10 [ 743.385713][ C0] __hrtimer_run_queues+0x52c/0xc60 [ 743.390903][ C0] ? ktime_get_update_offsets_now+0x67/0x3d0 [ 743.397055][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 743.402687][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 743.408410][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 743.414048][ C0] ? __pfx___local_bh_disable_ip+0x10/0x10 [ 743.419930][ C0] hrtimer_run_softirq+0x187/0x2b0 [ 743.425032][ C0] handle_softirqs+0x286/0x870 [ 743.429804][ C0] ? __irq_exit_rcu+0xca/0x1f0 [ 743.434607][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 743.439878][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 743.445495][ C0] ? irqtime_account_irq+0xb6/0x1c0 [ 743.450687][ C0] __irq_exit_rcu+0xca/0x1f0 [ 743.455260][ C0] ? __pfx___irq_exit_rcu+0x10/0x10 [ 743.460455][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 743.466083][ C0] irq_exit_rcu+0x9/0x30 [ 743.470312][ C0] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 743.475937][ C0] [ 743.478847][ C0] [ 743.481762][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 743.487728][ C0] RIP: 0010:finish_task_switch+0x26b/0x950 [ 743.493525][ C0] Code: 0f 84 3c 01 00 00 48 85 db 0f 85 63 01 00 00 e9 27 05 00 00 4c 8b 75 d0 4c 89 e7 e8 3f 2d b8 09 e8 6a b9 36 00 fb 4c 8b 65 c0 <49> 8d bc 24 58 16 00 00 48 89 f8 48 c1 e8 03 42 0f b6 04 28 84 c0 [ 743.513126][ C0] RSP: 0018:ffffc90003fdf938 EFLAGS: 00000282 [ 743.519203][ C0] RAX: 31fa969b316f8100 RBX: 0000000000000000 RCX: 31fa969b316f8100 [ 743.527172][ C0] RDX: 0000000000000000 RSI: ffffffff8d70e87c RDI: ffffffff8bbf08e0 [ 743.535133][ C0] RBP: ffffc90003fdf990 R08: ffffffff8f7cf077 R09: 1ffffffff1ef9e0e [ 743.543094][ C0] R10: dffffc0000000000 R11: fffffbfff1ef9e0f R12: ffff8880258e5ac0 [ 743.551060][ C0] R13: dffffc0000000000 R14: ffff88801c6b8000 R15: ffff8880b883abd8 [ 743.559042][ C0] ? finish_task_switch+0x266/0x950 [ 743.564256][ C0] __schedule+0x17a0/0x4cc0 [ 743.568782][ C0] ? __lock_acquire+0xab9/0xd20 [ 743.573623][ C0] ? __pfx___schedule+0x10/0x10 [ 743.578482][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 743.584114][ C0] ? schedule+0x91/0x360 [ 743.588370][ C0] schedule+0x165/0x360 [ 743.592529][ C0] do_nanosleep+0x1c5/0x610 [ 743.597033][ C0] ? do_nanosleep+0x7f/0x610 [ 743.601620][ C0] ? __pfx_do_nanosleep+0x10/0x10 [ 743.606638][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 743.612271][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 743.617900][ C0] ? __hrtimer_setup+0x187/0x210 [ 743.622833][ C0] ? __pfx_hrtimer_wakeup+0x10/0x10 [ 743.628032][ C0] hrtimer_nanosleep+0x169/0x360 [ 743.632970][ C0] ? __pfx_hrtimer_nanosleep+0x10/0x10 [ 743.638427][ C0] ? __pfx_hrtimer_wakeup+0x10/0x10 [ 743.643624][ C0] ? __pfx_get_timespec64+0x10/0x10 [ 743.648821][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 743.654453][ C0] __se_sys_clock_nanosleep+0x339/0x390 [ 743.660021][ C0] ? __pfx___se_sys_clock_nanosleep+0x10/0x10 [ 743.666085][ C0] ? do_syscall_64+0xbe/0xfa0 [ 743.670768][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 743.676397][ C0] do_syscall_64+0xfa/0xfa0 [ 743.680907][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 743.686963][ C0] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 743.693113][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 743.698996][ C0] RIP: 0033:0x7efd47dc2005 [ 743.703404][ C0] Code: 24 0c 89 3c 24 48 89 4c 24 18 e8 f6 54 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 8b 74 24 0c 8b 3c 24 b8 e6 00 00 00 0f 05 <44> 89 c7 48 89 04 24 e8 4f 55 ff ff 48 8b 04 24 48 83 c4 28 f7 d8 [ 743.723001][ C0] RSP: 002b:00007fff9c39c510 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6 [ 743.731413][ C0] RAX: ffffffffffffffda RBX: 00000000000002c3 RCX: 00007efd47dc2005 [ 743.739372][ C0] RDX: 00007fff9c39c550 RSI: 0000000000000000 RDI: 0000000000000000 [ 743.747329][ C0] RBP: 00007fff9c39c5bc R08: 0000000000000000 R09: 0000000000000000 [ 743.755295][ C0] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000001388 [ 743.763255][ C0] R13: 00000000000927c0 R14: 00000000000b536f R15: 00007fff9c39c610 [ 743.771230][ C0] [ 743.774518][ C0] Kernel Offset: disabled [ 743.778829][ C0] Rebooting in 86400 seconds..