last executing test programs: 26.939861394s ago: executing program 2 (id=3): prlimit64(0x0, 0xe, &(0x7f0000000040)={0xa, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x42, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3, 0x0, 0x1}, 0x18) r4 = socket$inet6(0xa, 0x80002, 0x0) connect$inet6(r4, &(0x7f0000000000)={0xa, 0x4e27, 0xffffffff, @mcast2, 0x7}, 0x1c) futex(&(0x7f0000000dc0)=0x2, 0xc, 0x1, 0x0, &(0x7f0000000e40)=0x2, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, 0x0, 0x0) write$FUSE_NOTIFY_RETRIEVE(0xffffffffffffffff, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0) creat(0x0, 0x0) 26.686626954s ago: executing program 4 (id=5): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x218, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={0x0}, 0x1, 0xd}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/freeze_filesystems', 0x20202, 0xa4) fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f00000001c0)='1', &(0x7f0000000200)='PCI:', 0x0) syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f"], 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240), 0xc2882, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, 0x0, 0x0) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000002c0)=ANY=[@ANYBLOB="159c4ca6d5f2db29c58d190c7d"], 0x2) r3 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x1c0002, 0x0) write$vga_arbiter(r3, &(0x7f0000000240)=@target={'target ', {'PCI:', '0', ':', '8', ':', '1f', '.', '1'}}, 0x14) r4 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f00020000000905050200de"], 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0xffffffffffffffff) syz_usb_disconnect(r4) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000029c0)={0x20, 0x3e, 0x107, 0x0, 0x0, {0x4, 0x7c}, [@nested={0xc, 0x11a, 0x0, 0x1, [@nested={0x8, 0xa, 0x0, 0x1, [@generic="ef0771c3"]}]}]}, 0x20}}, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x21, 0x92, 0xea, 0x8, 0x545, 0x800c, 0x30a, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x79, 0xe6, 0x1}}]}}]}}, 0x0) r5 = signalfd4(0xffffffffffffffff, &(0x7f00000000c0)={[0x1]}, 0x8, 0x0) faccessat2(r5, &(0x7f0000001400)='\x00', 0x0, 0x1100) r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]}) close_range(r6, 0xffffffffffffffff, 0x0) 25.84494845s ago: executing program 2 (id=8): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x4, 0x4, &(0x7f0000000000)=@framed={{0xffffffb4, 0x8, 0x0, 0x0, 0x0, 0x73, 0x11, 0x39}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}], {0x95, 0x0, 0x1200}}, 0x0, 0x4, 0xc3, &(0x7f000000cf3d)=""/195}, 0x94) unshare(0x2c020400) r3 = msgget$private(0x0, 0x0) msgsnd(r3, &(0x7f0000000340)=ANY=[@ANYRES16], 0x2000, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) msgrcv(r3, 0x0, 0x0, 0x2, 0x3000) 23.460435848s ago: executing program 2 (id=10): syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f0000000340)=ANY=[@ANYBLOB="f0000000100013070000000000000000fc020000000000000000000000000000fe8000000000000000000000000000100004000000000000000000202c000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe"], 0xf0}, 0x1, 0xe}, 0x10) getsockopt(0xffffffffffffffff, 0x200000000114, 0x5, 0x0, &(0x7f0000000000)) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @void}, 0x10) r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r2, 0xaf01, 0x0) r3 = eventfd(0xffffffff) ioctl$VHOST_SET_LOG_FD(r2, 0x4004af07, &(0x7f0000000240)=r3) ioctl$VHOST_SET_VRING_KICK(r2, 0x4008af20, &(0x7f0000000040)={0x1, r3}) ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/65, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, 0x0}) ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0xfffffeac, &(0x7f00000001c0)=""/115}]}) ioctl$VHOST_VSOCK_SET_RUNNING(r2, 0x4004af61, &(0x7f0000000580)=0x1) 22.244512452s ago: executing program 3 (id=11): openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) socket(0xa, 0x3, 0x3a) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) ioctl$VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0) r2 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r3, 0x3ba0, &(0x7f0000000200)={0x48}) r4 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x22902, 0x0) ioctl$FBIOBLANK(r4, 0x4611, 0x3) ioctl$FBIO_WAITFORVSYNC(r4, 0x40044620, 0x0) ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f0000000140)={0xc}) ioctl$IOMMU_HWPT_SET_DIRTY_TRACKING(r3, 0x3b8b, &(0x7f0000000040)={0x10, 0x1}) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x10b8}, 0xff00) r5 = socket$kcm(0xa, 0x5, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="1e00000000000000070040002800000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="040000000000000000000000fdff"], 0x50) ioctl$sock_kcm_SIOCKCMCLONE(r5, 0x890b, &(0x7f0000000000)) r6 = socket$kcm(0xa, 0x2, 0x0) sendmsg$inet(r6, &(0x7f0000000380)={&(0x7f0000000040)={0xa, 0xa, @local}, 0x1b, &(0x7f0000000180)=[{&(0x7f0000000080)="a2", 0xff0e}], 0x4, 0x0, 0x0, 0xa6820000}, 0x0) ioctl$IOMMU_DESTROY$hwpt(0xffffffffffffffff, 0x3b80, &(0x7f00000001c0)={0x8}) ioctl$VIDIOC_CREATE_BUFS(r2, 0xc100565c, &(0x7f0000000040)={0x0, 0xfff, 0x4, {0x9, @win={{0x3ac, 0x5, 0x2bc, 0x6d}, 0x5, 0xd, &(0x7f0000000300)={{0x5, 0x5cc, 0xfffffff7, 0x1}}, 0x452, &(0x7f0000000340)="9c", 0x22}}, 0xfffffffd}) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0) r7 = io_uring_setup(0x549c, &(0x7f0000000000)={0x0, 0x70e6, 0x2, 0x2, 0xf0}) io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(r7, 0x13, &(0x7f0000000400)=[0xe758, 0x8], 0x2) ioctl$TUNGETFEATURES(0xffffffffffffffff, 0x800454cf, &(0x7f00000000c0)) 21.40974305s ago: executing program 1 (id=12): r0 = socket(0x40000000015, 0x5, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x218, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newlink={0x44, 0x10, 0x401, 0x70bd29, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @ipip={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x8, 0x3, @empty}, @IFLA_IPTUN_TTL={0x5}]}}}]}, 0x44}, 0x1, 0xd}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0) r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/freeze_filesystems', 0x20202, 0xa4) sendfile(r3, r3, 0x0, 0x68) fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f00000001c0)='1', &(0x7f0000000200)='PCI:', 0x0) syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f000010"], 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240), 0xc2882, 0x0) setsockopt$SO_RDS_TRANSPORT(r0, 0x114, 0x8, 0x0, 0x0) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000002c0)=ANY=[@ANYBLOB="159c4ca6d5f2db29c58d190c7d"], 0x2) r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x1c0002, 0x0) write$vga_arbiter(r4, &(0x7f0000000240)=@target={'target ', {'PCI:', '0', ':', '8', ':', '1f', '.', '1'}}, 0x14) r5 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f00020000000905050200de"], 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0xffffffffffffffff) syz_usb_disconnect(r5) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000029c0)={0x20, 0x3e, 0x107, 0x0, 0x0, {0x4, 0x7c}, [@nested={0xc, 0x11a, 0x0, 0x1, [@nested={0x8, 0xa, 0x0, 0x1, [@generic="ef0771c3"]}]}]}, 0x20}}, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x21, 0x92, 0xea, 0x8, 0x545, 0x800c, 0x30a, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x79, 0xe6, 0x1}}]}}]}}, 0x0) r6 = signalfd4(0xffffffffffffffff, &(0x7f00000000c0)={[0x1]}, 0x8, 0x0) faccessat2(r6, &(0x7f0000001400)='\x00', 0x0, 0x1100) clock_gettime(0x0, &(0x7f0000000300)) r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]}) close_range(r7, 0xffffffffffffffff, 0x0) 17.912894861s ago: executing program 2 (id=14): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000300)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket$tipc(0x1e, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x50) write$evdev(0xffffffffffffffff, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x14, 0x0, 0x0) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r3, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) ioctl$SIOCX25SFACILITIES(0xffffffffffffffff, 0x89e3, &(0x7f0000000080)={0x15, 0x0, 0x7, 0xb, 0xffdffffe}) write$bt_hci(r3, &(0x7f0000000080)=ANY=[], 0x6) keyctl$instantiate(0xc, 0x0, 0x0, 0x2a, 0x0) add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0x5ba8, 0xfffffffffffffffd) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000020c0)={&(0x7f0000002080)='rseq_ip_fixup\x00', 0xffffffffffffffff, 0x0, 0x5}, 0x18) 16.329016888s ago: executing program 1 (id=15): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$fou(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$FOU_CMD_ADD(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, r4, 0x1, 0x0, 0x0, {}, [@FOU_ATTR_TYPE={0x5, 0x4, 0x1}]}, 0x1c}}, 0x0) 16.302484919s ago: executing program 0 (id=16): ioctl$IOCTL_VMCI_VERSION2(0xffffffffffffffff, 0x7a7, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000300)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140), 0x18557f, 0x0) socket$inet(0x2, 0x2, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) r2 = syz_open_dev$usbfs(0x0, 0x75, 0x0) ioctl$USBDEVFS_CLAIM_PORT(r2, 0x80045518, &(0x7f0000000000)=0x1) openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000500)) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={0x0}}, 0x48004) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_freezer_state(r4, &(0x7f0000000140), 0x2, 0x0) socket$packet(0x11, 0x2, 0x300) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="30000000100001000000ce6bb9092919507f3400", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0) 15.079085301s ago: executing program 1 (id=17): r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) sendmmsg$sock(r0, &(0x7f0000000cc0)=[{{&(0x7f0000000100)=@l2tp={0x2, 0x0, @multicast1}, 0x80, 0x0}}, {{&(0x7f0000000700)=@hci={0x1f, 0xffffffffffffffff, 0x3}, 0x80, 0x0}}], 0x400000000000297, 0x48094) socket$inet6_sctp(0xa, 0x5, 0x84) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f0000000300)={0x0, 0x0, 0x0, &(0x7f00000002c0)=[0x0, 0x0, 0x0], 0x0, 0x0, 0x0, 0x3}) getsockopt$inet6_mptcp_buf(0xffffffffffffffff, 0x11c, 0x4, &(0x7f00000011c0)=""/4096, &(0x7f0000000000)=0x1000) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) syz_open_procfs(0x0, 0x0) io_uring_register$IORING_REGISTER_FILES_UPDATE2(0xffffffffffffffff, 0xe, &(0x7f0000001180)={0x0, 0x0, 0x0, 0x0}, 0x20) 15.023647926s ago: executing program 4 (id=18): socket$inet6_udp(0xa, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4048000}, 0x44450) sendmsg$NFT_BATCH(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a80000000060a0b0400000000000000000200000054000480500001800a0001006d6174636800000040000280080002400000000124000300d67a8527f76ec1d39e537c4c3060c6a405106c72848aa8bcb429b3a20d5324520e000100636f6e6e6c696d69740000000900010073797a30000000000900020073797a32"], 0xa8}}, 0x4048010) r3 = socket(0x10, 0x2, 0x0) write(r3, &(0x7f0000000040), 0x0) recvmmsg(r3, &(0x7f0000002ec0), 0x400000000000ec0, 0x2, &(0x7f00000001c0)={0x77359400}) socket(0x2, 0x80805, 0x0) syz_usb_connect(0x0, 0x5f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000b1f203401e0903003bd7010203010902"], 0x0) preadv2(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}], 0x1, 0x0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$inet(0xa, 0x801, 0x84) r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000040), 0x2, 0x6}}, 0x20) r5 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r5, 0x2285, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x6, 0x7f, @buffer={0x2, 0x58, &(0x7f0000000240)=""/88}, &(0x7f0000000380)="e31ffffff200", 0x0, 0x0, 0x0, 0x1, 0x0}) 15.022669033s ago: executing program 2 (id=19): socket$xdp(0x2c, 0x3, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) socket$inet(0xa, 0x801, 0x84) socket$inet(0xa, 0x801, 0x84) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[], 0x48) syz_mount_image$erofs(&(0x7f0000000180), &(0x7f00000000c0)='./file1\x00', 0x1000803, &(0x7f0000000080)=ANY=[], 0x0, 0x1fb, &(0x7f0000000b00)="$eJzsmb+L1EAUx78z+bHnIQc2FjYWHniil02yKtdccYKlIJyilsGLx2nuVvYi3B0ILjY22lkItjaWFhZWFv4FtlqoIFq4pZ0wMpNJMsTskl1Xm30f2NnvTN6+mffYfIsEBEHMLF8+//z0+MLKlTMADmMRLb3+3SpjuBH/8dm9009XLz5/9eHFu52F+2+q+RgAIZrv7wJ4u2YhBbOzFSGwUF5fLLKWXAXHKa2vgcHL5C+hyCYxGG7omNuG7h7SIom9m91k49ZWEvtyCOQQyqFj7iUPNegzbACYU6cTwjzN7v7BnShJ4l5VOCLf549L4wo+on/qfGscq8i7J4SMv/7oYV/OdW/gg+teAgE4Aq07YFjXegUteJ5XtsSo/5hd5rea1P9PxJOmwS+VOLLcLLOji5n8YPk98l+7MXvCmUoeVl2RN3SxcnSQe6AZ83XsvdxJT/jNnXLrlHEBiJzKP/z9fJJc+ovMbk2jClH6k3T2k4Y/2bAL/2in23fbu/sHy1vb0Wa8Ge+EYee8f9b3z4VtZUTZOML/5pQ/zRv5nSGxLnOxF6VpL9gD0l5QzMNsLAvA+uvuD/UbrvzPxtIJNVWeqspu1e/B9Ierb6mWrPrIB0NrIgiCIAiCIAiCIAiCIAiCqOc4GLI3YYLpB6J1hJfVE8rfAQAA//9DhGHK") syz_mount_image$ext4(&(0x7f0000000040)='ext3\x00', &(0x7f0000000000)='./bus\x00', 0x0, &(0x7f0000000300)={[{@oldalloc}, {@nombcache}, {@journal_ioprio={'journal_ioprio', 0x3d, 0x3}}, {@errors_remount}, {@bsdgroups}, {@minixdf}, {@journal_path={'journal_path', 0x3d, './file1'}}, {@usrjquota}]}, 0x1, 0x451, &(0x7f0000000680)="$eJzs28tvG8UfAPDvbh6/X1/EVOXRBzRQEBWPpElL6YELCCQOICHBoRxD4lahboOaINGqgoJQOaJK3BFHpP4FnOCCgBOCK3BGlSrUSwsno7V3G8e1XcdK6jT+fKRtZ3bHmfl6duzZHW8AA2s8+yeJ2B4Rv0fEWD27ssB4/b+b1y/M/nP9wmwS1epbfye1cjeuX5gtihav21ZkhiPSz5LY26LexXPnT81UKuWzeX5y6fT7k4vnzj83f3rmZPlk+cz0sWNHDk+9cHT6+TWJM4vrxp6PFvbtfu2dy2/MHr/87k9XkiL+pji6MXTnIuOdDj5Zra6mug1vR0M6Ge5jQ1iVofowjZHa+B+LoVjuvLF49dO+Ng5YV9Vqtfpg+8NXagWATSoxxGFAFV/02fVvsd2lqceGcO2l+gVQFvfNfKsfGY40LzPSdH27lsYj4vjFf7/Ktmi+D7FlnSoFAAbad9n859lW8780Gu8L3ZevoZQi4v6I2BkRRyNiV0Q8EFEr+1BEPLzK+psXSW6ff6ZXewqsS9n878V8bWvl/K+Y/UVpKM/tqMU/kpyYr5QPZe/Jr/vrJeYr5akOdXz/ym9ftDvWOP/Ltqz+Yi6Yt+Pq8P9WvmZuZmmm54CbXPskYs9wq/iTWysBSUTsjog9PdYx//Q3+9odaxP/aFd/eA3WmapfRzxV7/+L0RR/Iem8Pjn5/6iUD00WZ8Xtfv7l0pvt6r9z/6+vrP+3tjz/i/j/LCWN67WLq6/j0h+ft72m7PX8H03eXrHvw5mlpbNTEaPJ67V8qXH/dFO56eXyWfwHD7Qe/ztj+Z3YGxHZSfxIRDwaEfvztj8WEY9HxIEO8f/48hPv9R7/+srin+vY/9HU/8uJ0Wje0zoxdOqHb1dUWlpN/Fn/H6mlDuZ7uvn866ZdvZ3NAAAAcO9JI2J7JOnErXSaTkzUf8O/K7amlYXFpWdOLHxwZq7+jEApRtLiTtdYw/3QqfyyvshP578tLvKH8/vGXw5tqeUnZhcqc/0OHgbctjbjP/NXFw+5APe45nW0rX1qB3D3eV4TBpfxD4PL+IfB1WL8e/QMBkSr7/+P+9AO4O5rGv8dl/1MDGBzcf0Pg8v4h8Fl/MNAWtwSd35IfnMk0ojYAM3YLIlIN0QzJNYp0e9PJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgLXxXwAAAP//JI/k8w==") bind$inet6(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x40) r2 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x0, 0x0) fadvise64(r2, 0x3, 0xff39, 0x3) socket$unix(0x1, 0x2, 0x0) unshare(0x22020600) 14.869008735s ago: executing program 3 (id=20): r0 = syz_io_uring_setup(0x497, &(0x7f0000000180)={0x0, 0x4885, 0x100, 0x0, 0x1d}, 0x0, 0x0) io_uring_register$IORING_REGISTER_PBUF_RING(r0, 0x16, 0x0, 0x1) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4) sched_setaffinity(0x0, 0xfffffffffffffdb0, &(0x7f0000000200)=0x400000bce) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000002000)=""/102400, 0x19000) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f0000000340)=ANY=[@ANYBLOB="f0000000100013070000000000000000fc020000000000000000000000000000fe8000000000000000000000000000100004000000000000000000202c000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe"], 0xf0}, 0x1, 0xe}, 0x10) getsockopt(0xffffffffffffffff, 0x200000000114, 0x5, &(0x7f0000019b00)=""/102385, &(0x7f0000000000)=0x18ff1) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @void}, 0x10) r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r3, 0xaf01, 0x0) r4 = eventfd(0xffffffff) ioctl$VHOST_SET_LOG_FD(r3, 0x4004af07, &(0x7f0000000240)=r4) ioctl$VHOST_SET_VRING_KICK(r3, 0x4008af20, &(0x7f0000000040)={0x1, r4}) ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/65, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74}) ioctl$VHOST_SET_MEM_TABLE(r3, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0xfffffeac, &(0x7f00000001c0)=""/115}]}) ioctl$VHOST_VSOCK_SET_RUNNING(r3, 0x4004af61, &(0x7f0000000580)=0x1) syz_usbip_server_init(0x2) io_uring_enter(r0, 0x3516, 0x0, 0x0, 0x0, 0x0) 13.415189414s ago: executing program 1 (id=21): socket$xdp(0x2c, 0x3, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) socket(0x10, 0x3, 0x0) socket$inet(0xa, 0x801, 0x84) socket$inet(0xa, 0x801, 0x84) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) syz_mount_image$erofs(&(0x7f0000000180), &(0x7f00000000c0)='./file1\x00', 0x1000803, &(0x7f0000000080)=ANY=[], 0x0, 0x1fb, &(0x7f0000000b00)="$eJzsmb+L1EAUx78z+bHnIQc2FjYWHniil02yKtdccYKlIJyilsGLx2nuVvYi3B0ILjY22lkItjaWFhZWFv4FtlqoIFq4pZ0wMpNJMsTskl1Xm30f2NnvTN6+mffYfIsEBEHMLF8+//z0+MLKlTMADmMRLb3+3SpjuBH/8dm9009XLz5/9eHFu52F+2+q+RgAIZrv7wJ4u2YhBbOzFSGwUF5fLLKWXAXHKa2vgcHL5C+hyCYxGG7omNuG7h7SIom9m91k49ZWEvtyCOQQyqFj7iUPNegzbACYU6cTwjzN7v7BnShJ4l5VOCLf549L4wo+on/qfGscq8i7J4SMv/7oYV/OdW/gg+teAgE4Aq07YFjXegUteJ5XtsSo/5hd5rea1P9PxJOmwS+VOLLcLLOji5n8YPk98l+7MXvCmUoeVl2RN3SxcnSQe6AZ83XsvdxJT/jNnXLrlHEBiJzKP/z9fJJc+ovMbk2jClH6k3T2k4Y/2bAL/2in23fbu/sHy1vb0Wa8Ge+EYee8f9b3z4VtZUTZOML/5pQ/zRv5nSGxLnOxF6VpL9gD0l5QzMNsLAvA+uvuD/UbrvzPxtIJNVWeqspu1e/B9Ierb6mWrPrIB0NrIgiCIAiCIAiCIAiCIAiCqOc4GLI3YYLpB6J1hJfVE8rfAQAA//9DhGHK") syz_mount_image$ext4(&(0x7f0000000040)='ext3\x00', &(0x7f0000000000)='./bus\x00', 0x0, &(0x7f0000000300)={[{@oldalloc}, {@nombcache}, {@journal_ioprio={'journal_ioprio', 0x3d, 0x3}}, {@errors_remount}, {@bsdgroups}, {@minixdf}, {@journal_path={'journal_path', 0x3d, './file1'}}, {@usrjquota}]}, 0x1, 0x451, &(0x7f0000000680)="$eJzs28tvG8UfAPDvbh6/X1/EVOXRBzRQEBWPpElL6YELCCQOICHBoRxD4lahboOaINGqgoJQOaJK3BFHpP4FnOCCgBOCK3BGlSrUSwsno7V3G8e1XcdK6jT+fKRtZ3bHmfl6duzZHW8AA2s8+yeJ2B4Rv0fEWD27ssB4/b+b1y/M/nP9wmwS1epbfye1cjeuX5gtihav21ZkhiPSz5LY26LexXPnT81UKuWzeX5y6fT7k4vnzj83f3rmZPlk+cz0sWNHDk+9cHT6+TWJM4vrxp6PFvbtfu2dy2/MHr/87k9XkiL+pji6MXTnIuOdDj5Zra6mug1vR0M6Ge5jQ1iVofowjZHa+B+LoVjuvLF49dO+Ng5YV9Vqtfpg+8NXagWATSoxxGFAFV/02fVvsd2lqceGcO2l+gVQFvfNfKsfGY40LzPSdH27lsYj4vjFf7/Ktmi+D7FlnSoFAAbad9n859lW8780Gu8L3ZevoZQi4v6I2BkRRyNiV0Q8EFEr+1BEPLzK+psXSW6ff6ZXewqsS9n878V8bWvl/K+Y/UVpKM/tqMU/kpyYr5QPZe/Jr/vrJeYr5akOdXz/ym9ftDvWOP/Ltqz+Yi6Yt+Pq8P9WvmZuZmmm54CbXPskYs9wq/iTWysBSUTsjog9PdYx//Q3+9odaxP/aFd/eA3WmapfRzxV7/+L0RR/Iem8Pjn5/6iUD00WZ8Xtfv7l0pvt6r9z/6+vrP+3tjz/i/j/LCWN67WLq6/j0h+ft72m7PX8H03eXrHvw5mlpbNTEaPJ67V8qXH/dFO56eXyWfwHD7Qe/ztj+Z3YGxHZSfxIRDwaEfvztj8WEY9HxIEO8f/48hPv9R7/+srin+vY/9HU/8uJ0Wje0zoxdOqHb1dUWlpN/Fn/H6mlDuZ7uvn866ZdvZ3NAAAAcO9JI2J7JOnErXSaTkzUf8O/K7amlYXFpWdOLHxwZq7+jEApRtLiTtdYw/3QqfyyvshP578tLvKH8/vGXw5tqeUnZhcqc/0OHgbctjbjP/NXFw+5APe45nW0rX1qB3D3eV4TBpfxD4PL+IfB1WL8e/QMBkSr7/+P+9AO4O5rGv8dl/1MDGBzcf0Pg8v4h8Fl/MNAWtwSd35IfnMk0ojYAM3YLIlIN0QzJNYp0e9PJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgLXxXwAAAP//JI/k8w==") bind$inet6(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$CEC_S_MODE(0xffffffffffffffff, 0x40046109, &(0x7f00000002c0)=0x1) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, 0x0, 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, 0x0) ioctl$TCSETSW2(r2, 0x5408, &(0x7f0000000040)={0x300, 0x0, 0x0, 0xfffffffe, 0x0, "2cf155f1d8b4d0441f0246e09537aa82dc1ecf", 0x2}) socket$nl_generic(0x10, 0x3, 0x10) r3 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x0, 0x0) fadvise64(r3, 0x3, 0xff39, 0x3) openat$cgroup_ro(r3, &(0x7f0000000480)='cpuset.memory_pressure_enabled\x00', 0x0, 0x0) unshare(0x22020600) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x2, 0x3, 0xfffffffffffffffd, 0x0, 0x400000000000}, 0x0, &(0x7f0000000080)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) 12.930616866s ago: executing program 2 (id=22): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r2, 0x0, 0x0}, 0x20) r3 = syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00') r4 = openat$binfmt(0xffffffffffffff9c, r3, 0x42, 0x1ff) close(r4) execveat$binfmt(0xffffffffffffff9c, r3, 0x0, 0x0, 0x0) execveat$binfmt(0xffffffffffffff9c, r3, 0x0, 0x0, 0x0) execveat$binfmt(0xffffffffffffff9c, r3, &(0x7f00000004c0)={[0x0, &(0x7f00000003c0)=')!}\x00']}, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xc) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', 0x0}) r7 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0xffa1, &(0x7f0000000380)={&(0x7f0000000140)=ANY=[@ANYBLOB="440000001300a7cc4a372eaf541d002007000000", @ANYRES32=r6, @ANYBLOB="00000000100000001c001a80080002802d00ff0008000200", @ANYBLOB="35874207"], 0x44}, 0x1, 0x0, 0x0, 0x50}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x8004) r8 = socket$netlink(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f00000003c0)={'dummy0\x00', 0x0}) sendmsg$nl_route_sched(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=@newqdisc={0x24, 0x24, 0xd0f, 0x70bd2d, 0x2000, {0x60, 0x0, 0x0, r10, {0x0, 0x3}, {0xffff, 0xffff}, {0x0, 0x4}}}, 0x24}, 0x1, 0x0, 0x0, 0x80d1}, 0x30008000) sendmmsg(r8, &(0x7f00000002c0), 0x40000000000009f, 0x0) 11.220287031s ago: executing program 1 (id=23): lsetxattr$security_capability(0x0, 0x0, &(0x7f00000002c0)=@v3={0x3000000, [{0x80032a5, 0x81}, {0x1, 0x3}]}, 0x18, 0x1) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) bpf$PROG_LOAD(0x5, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x210000000013, 0x0, 0x0) socket$netlink(0x10, 0x3, 0x5) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x408e, &(0x7f00000000c0)={[{@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x30}}, {@min_batch_time={'min_batch_time', 0x3d, 0xfff}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x2}}, {@nobh}, {@errors_remount}, {@i_version}]}, 0x3, 0x43a, &(0x7f0000000340)="$eJzs28tvG0UYAPBv13FKXySU8ugDCBRExCNp0gI9cAGBxAEkJDiUY0jSqtRtUBMkWlUQECpHVIk74ojEX8AJLgg4IXGFO6pUoVxaOBmtvZs4jp0mwY5L/ftJm8zsjjPzeXbs2Z1sAH1rJPuRROyJiN8jYqieXV1gpP7r5tLl6b+XLk8nUa2+9VdSK3dj6fJ0UbR43e48M5pGpJ8lcahFvfMXL52dqlRmL+T58YVz74/PX7z07JlzU6dnT8+enzxx4vixiReen3yuI3Fmbbpx8KO5wwdee+fqG9Mnr77787dJEX9THB0yst7BJ6rVDlfXW3sb0slADxvCppQiIuuucm38D0UpVjpvKF79tKeNA7qqWq1Wd7c/vFgF7mBJbLTk2fzzArgzFF/02fVvsW3T1OO2cP2l+gVQFvfNfKsfGYg0L1Nuur7tpJGIOLn4z1fZFt25DwEAsMr32fznmVbzvzTubyh3d742NBwR90TEvoi4NyL2R8R9EbWyD0TEg5usv3mRZO38J722pcA2KJv/vZivba2e/xWzvxgu5bm9tfjLyakzldmj+XsyGuUdWX5inTp+eOW3L9oda5z/ZVtWfzEXzNtxbWDH6tfMTC1M/ZeYG13/JOLgQKv4k+WVgCQiDkTEwS3Wceapbw63O9Yu/vJG/nAH1pmqX0c8We//xWiKv5Csvz45fldUZo+OF2fFWr/8euXNdvXfuv+7K+v/XS3P/+X4h5PG9dr5zddx5Y/P217TbPX8H0zerqUH830fTi0sXJiIGExerze6cf/kymuLfFE+i3/0SOvxvy9W3olDEZGdxA9FxMMR8Uje9kcj4rGIOLJO/D+9/Ph7W4+/u7L4ZzbV/yuJwWje0zpROvvjd6sqHd5M/Fn/H6+lRvM9G/n820i7tnY2AwAAwP9PGhF7IknHltNpOjZW/3/5/bErrczNLzx9au6D8zP1ZwSGo5wWd7qGGu6HTuSX9UV+sil/LL9v/GVpZy0/Nj1Xmel18NDndrcZ/5k/S71uHdB1nteC/mX8Q/8y/qF/Gf/Qv1qM/529aAew/Vp9/3/cg3YA269p/Fv2gz7i+h/6l/EP/cv4h740vzNu/ZC8hMSaRKS3RTMkupTo9ScTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAZ/wbAAD//9E940M=") mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x109041, 0x0) mount$bind(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x81105a, 0x0) mount$bind(&(0x7f0000000880)='./file0/../file0\x00', &(0x7f0000000440)='./file0/file0\x00', 0x0, 0x1adc11, 0x0) mount$bind(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1887008, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') read$FUSE(r0, &(0x7f0000006b40)={0x2020}, 0x206e) 10.459296753s ago: executing program 4 (id=24): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x404, &(0x7f0000000200)={[{@init_itable_val={'init_itable', 0x3d, 0x7ff}}, {@jqfmt_vfsold}, {@journal_path={'journal_path', 0x3d, './file0'}}, {@user_xattr}, {@nolazytime}, {@quota}]}, 0x3, 0x43d, &(0x7f0000002200)="$eJzs28tvG0UYAPBv7aRt+iChKo+mBQIFEfFImrSUHriAQOIAEhIcyjHkUYW6DWqCRKsIAkLliCpxRxyR+As4wQUBJySucEeVKpRLCyejtXcT27HzqlOH+veTtp3ZHWvm8+5nz+7EAXStofSfJOJgRPwREf3Van2Doep/t5cXJ/9ZXpxMolx++++k0u7W8uJk3jR/3YG80hNR+DyJY036nb9y9cJEqTR9OauPLlz8YHT+ytXnZy9OnJ8+P31p/OzZ06fGXjwz/sKm4ujZ4Hga163Bj+eOH3393etvTp67/t4v3yV5/A1xtMnQegefKpcrb1LS5k475VBNOdnoZLBrFLPc6a3kf38UazKpP177rKODA3ZUuVwuP9j68FIZuIcl0ekRAJ2Rf9Gn97/51nI2sK/t04+Ou/ly9QYojft2tlWP9EQha9PbcH/bTkMRcW7p36/TLXbmOQQAQJ0f0vnPc83mf4WofS50X7aGMhAR90fE4Yg4ExFHIuKBiErbhyLi4S3237hIsnb+U7ixrcA2KZ3/vZStbdXP//LZXwwUs9qhSvy9ycxsafpk9p4MR+/etD62Th8/vvr7l62O1c7/0i3tP58LZuO40bO3/jVTEwsTdxJzrZufRgz2NIs/WVkJSCLiaEQMbrOP2We+Pd7q2Mbxr6MN60zlbyKerp7/pWiIP5esvz45ui9K0ydH86tirV9/u/ZWq/7vKP42SM///qbX/0r8A0nteu381vu49ucXLe9ptnv970neqdv30cTCwuWxiD3JG9VB1+4fb2g3vto+jX/4RPP8Pxyr78SxiEgv4kci4tGIeCwb++MR8UREnFgn/p9fefL97ce/s9L4p7Z0/lcLe6JxT/NC8cJP39d1OrCV+NPzf7pSGs72bObzbzPj2t7VDAAAAP8/hYg4GElhZKVcKIyMVP+G/0jsL5Tm5heenZn78NJU9TcCA9FbyJ909dc8Dx3Lbuvz+nhD/VT23PirYl+lPjI5V5rqdPDQ5Q60yP/UX8VOjw7YcX6vBd1L/kP3kv/QveQ/dK8m+d/XiXEAd1+z7/9POjAO4O5ryH/LftBF3P9D95L/0L3kP3Sl+b7Y+EfyCgprClHYFcPICzO7Yxj3TqHTn0wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADt8V8AAAD//5dn5s8=") listen(0xffffffffffffffff, 0x3) socket$nl_audit(0x10, 0x3, 0x9) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008a}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3) syz_clone(0x288200, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = socket$inet6(0xa, 0x3, 0x8) setsockopt$inet6_int(r2, 0x29, 0x42, 0x0, 0x0) ioctl$SIOCGSTAMP(r2, 0x8906, 0x0) recvmmsg(r2, &(0x7f00000045c0)=[{{0x0, 0x0, 0x0}, 0x7}], 0x1, 0x100, 0x0) fsmount(0xffffffffffffffff, 0x0, 0x0) timer_create(0x3, 0x0, 0x0) r3 = openat$vcsu(0xffffff9c, &(0x7f0000000080), 0x88080, 0x0) ppoll(&(0x7f0000000040)=[{r3, 0x40}], 0x1, 0x0, 0x0, 0x0) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) r5 = dup(r4) write$UHID_INPUT(r5, 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$inet_udp_int(0xffffffffffffffff, 0x11, 0xa, 0x0, &(0x7f0000001b00)) 10.361153289s ago: executing program 0 (id=25): prlimit64(0x0, 0xe, &(0x7f00000003c0)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x1, &(0x7f0000000280)) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) getsockopt$inet6_tcp_int(r4, 0x6, 0x1e, 0x0, &(0x7f0000000180)) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00'}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000300)={r3, 0xffffffffffffffc9, &(0x7f00000024c0)}, 0x10) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) r5 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000003480)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) read$FUSE(r5, &(0x7f0000000480)={0x2020}, 0x2020) 10.243323748s ago: executing program 3 (id=26): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$VIDIOC_SUBDEV_S_FMT(0xffffffffffffffff, 0xc0585605, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r2 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x80, 0x2, 0x8b6}, &(0x7f0000000000)=0x0, &(0x7f0000000300)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) read$FUSE(0xffffffffffffffff, &(0x7f0000002140)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000004200)={0x50, 0x0, r5, {0x7, 0x1f, 0x0, 0x20140318, 0x627f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}}, 0x50) r6 = openat$autofs(0xffffffffffffff9c, &(0x7f00000000c0), 0x6480, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r6, 0xc0189373, &(0x7f0000000100)={{0x1, 0x1, 0x18, r0, {0x8}}, './file0\x00'}) syz_io_uring_submit(r3, r4, &(0x7f0000000480)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, r2, 0x0, 0x0, 0x64, 0x183000, 0x23456}) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x42002) io_uring_enter(r2, 0x47f6, 0x0, 0x0, 0x0, 0x0) syz_open_dev$evdev(&(0x7f0000000440), 0x9, 0x800400) r7 = socket$alg(0x26, 0x5, 0x0) r8 = openat$binfmt_register(0xffffff9c, &(0x7f0000000040), 0x1, 0x0) write$binfmt_register(r8, &(0x7f00000000c0)={0x3a, 'syz1', 0x3a, 'M', 0x3a, 0x1000, 0x3a, '/\\xv/bus/usb/00#/00#\x00', 0x3a, '/dev/bus/usb/00#/00#\x00', 0x3a, './file0'}, 0x51) bind$alg(r7, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'cbcmac(des3_ede-generic)\x00'}, 0x58) r9 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000007c0)='/sys/power/disk', 0x4b4a00, 0x80) mq_timedreceive(r9, &(0x7f0000000000)=""/122, 0x7a, 0xfffffffffffffff8, &(0x7f0000000080)={0x77359400}) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x300000d, 0x6031, 0xffffffffffffffff, 0x0) setsockopt$ALG_SET_KEY(r7, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) 8.776879415s ago: executing program 4 (id=27): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="9f01000083667d1040206402d14e0102030109021b000100000000090400000190f19c000905f3ed"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000600)={0x84, &(0x7f0000000340)=ANY=[@ANYBLOB="540304"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000440)={0x44, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000580)={0x2c, &(0x7f00000000c0)=ANY=[], 0x0, 0x0, 0x0, 0x0}) 7.902044306s ago: executing program 0 (id=28): prlimit64(0x0, 0xe, &(0x7f0000000040)={0x7fff, 0x20000000019}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r0 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, 0x0) r2 = fsopen(&(0x7f0000000080)='configfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0) r3 = fsmount(r2, 0x0, 0x0) fchdir(r3) r4 = openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0) getdents64(r4, &(0x7f00000004c0)=""/77, 0x18) getdents64(r4, 0xfffffffffffffffe, 0x29) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r5 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2) ioctl$KVM_SET_CPUID2(r5, 0x4008ae90, &(0x7f00000001c0)=ANY=[@ANYBLOB]) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) 6.739081162s ago: executing program 1 (id=29): r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000007c0)=ANY=[@ANYBLOB="12010000ed3ec908cd0cb300ea2d010203010902120001000000000904"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000004c0)={0x1c, &(0x7f0000000540)=ANY=[], 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000240)={0x1c, &(0x7f0000000100)={0x40, 0xf}, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000340)={0x34, &(0x7f00000001c0)={0x0, 0xf}, 0x0, 0x0, 0x0, 0x0, 0x0}) 6.445118959s ago: executing program 0 (id=30): socket$xdp(0x2c, 0x3, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) socket(0x10, 0x3, 0x0) socket$inet(0xa, 0x801, 0x84) socket$inet(0xa, 0x801, 0x84) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) syz_mount_image$erofs(&(0x7f0000000180), &(0x7f00000000c0)='./file1\x00', 0x1000803, &(0x7f0000000080)=ANY=[], 0x0, 0x1fb, &(0x7f0000000b00)="$eJzsmb+L1EAUx78z+bHnIQc2FjYWHniil02yKtdccYKlIJyilsGLx2nuVvYi3B0ILjY22lkItjaWFhZWFv4FtlqoIFq4pZ0wMpNJMsTskl1Xm30f2NnvTN6+mffYfIsEBEHMLF8+//z0+MLKlTMADmMRLb3+3SpjuBH/8dm9009XLz5/9eHFu52F+2+q+RgAIZrv7wJ4u2YhBbOzFSGwUF5fLLKWXAXHKa2vgcHL5C+hyCYxGG7omNuG7h7SIom9m91k49ZWEvtyCOQQyqFj7iUPNegzbACYU6cTwjzN7v7BnShJ4l5VOCLf549L4wo+on/qfGscq8i7J4SMv/7oYV/OdW/gg+teAgE4Aq07YFjXegUteJ5XtsSo/5hd5rea1P9PxJOmwS+VOLLcLLOji5n8YPk98l+7MXvCmUoeVl2RN3SxcnSQe6AZ83XsvdxJT/jNnXLrlHEBiJzKP/z9fJJc+ovMbk2jClH6k3T2k4Y/2bAL/2in23fbu/sHy1vb0Wa8Ge+EYee8f9b3z4VtZUTZOML/5pQ/zRv5nSGxLnOxF6VpL9gD0l5QzMNsLAvA+uvuD/UbrvzPxtIJNVWeqspu1e/B9Ierb6mWrPrIB0NrIgiCIAiCIAiCIAiCIAiCqOc4GLI3YYLpB6J1hJfVE8rfAQAA//9DhGHK") syz_mount_image$ext4(&(0x7f0000000040)='ext3\x00', &(0x7f0000000000)='./bus\x00', 0x0, &(0x7f0000000300)={[{@oldalloc}, {@nombcache}, {@journal_ioprio={'journal_ioprio', 0x3d, 0x3}}, {@errors_remount}, {@bsdgroups}, {@minixdf}, {@journal_path={'journal_path', 0x3d, './file1'}}, {@usrjquota}]}, 0x1, 0x451, &(0x7f0000000680)="$eJzs28tvG8UfAPDvbh6/X1/EVOXRBzRQEBWPpElL6YELCCQOICHBoRxD4lahboOaINGqgoJQOaJK3BFHpP4FnOCCgBOCK3BGlSrUSwsno7V3G8e1XcdK6jT+fKRtZ3bHmfl6duzZHW8AA2s8+yeJ2B4Rv0fEWD27ssB4/b+b1y/M/nP9wmwS1epbfye1cjeuX5gtihav21ZkhiPSz5LY26LexXPnT81UKuWzeX5y6fT7k4vnzj83f3rmZPlk+cz0sWNHDk+9cHT6+TWJM4vrxp6PFvbtfu2dy2/MHr/87k9XkiL+pji6MXTnIuOdDj5Zra6mug1vR0M6Ge5jQ1iVofowjZHa+B+LoVjuvLF49dO+Ng5YV9Vqtfpg+8NXagWATSoxxGFAFV/02fVvsd2lqceGcO2l+gVQFvfNfKsfGY40LzPSdH27lsYj4vjFf7/Ktmi+D7FlnSoFAAbad9n859lW8780Gu8L3ZevoZQi4v6I2BkRRyNiV0Q8EFEr+1BEPLzK+psXSW6ff6ZXewqsS9n878V8bWvl/K+Y/UVpKM/tqMU/kpyYr5QPZe/Jr/vrJeYr5akOdXz/ym9ftDvWOP/Ltqz+Yi6Yt+Pq8P9WvmZuZmmm54CbXPskYs9wq/iTWysBSUTsjog9PdYx//Q3+9odaxP/aFd/eA3WmapfRzxV7/+L0RR/Iem8Pjn5/6iUD00WZ8Xtfv7l0pvt6r9z/6+vrP+3tjz/i/j/LCWN67WLq6/j0h+ft72m7PX8H03eXrHvw5mlpbNTEaPJ67V8qXH/dFO56eXyWfwHD7Qe/ztj+Z3YGxHZSfxIRDwaEfvztj8WEY9HxIEO8f/48hPv9R7/+srin+vY/9HU/8uJ0Wje0zoxdOqHb1dUWlpN/Fn/H6mlDuZ7uvn866ZdvZ3NAAAAcO9JI2J7JOnErXSaTkzUf8O/K7amlYXFpWdOLHxwZq7+jEApRtLiTtdYw/3QqfyyvshP578tLvKH8/vGXw5tqeUnZhcqc/0OHgbctjbjP/NXFw+5APe45nW0rX1qB3D3eV4TBpfxD4PL+IfB1WL8e/QMBkSr7/+P+9AO4O5rGv8dl/1MDGBzcf0Pg8v4h8Fl/MNAWtwSd35IfnMk0ojYAM3YLIlIN0QzJNYp0e9PJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgLXxXwAAAP//JI/k8w==") bind$inet6(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) ioctl$CEC_S_MODE(0xffffffffffffffff, 0x40046109, &(0x7f00000002c0)=0x1) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$TCSETSW2(r0, 0x5408, &(0x7f0000000040)={0x300, 0x0, 0x0, 0xfffffffe, 0x0, "2cf155f1d8b4d0441f0246e09537aa82dc1ecf", 0x2}) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x40) r1 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x0, 0x0) fadvise64(r1, 0x3, 0xff39, 0x3) 5.995951077s ago: executing program 3 (id=31): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x218, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={0x0}, 0x1, 0xd}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/freeze_filesystems', 0x20202, 0xa4) fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f00000001c0)='1', &(0x7f0000000200)='PCI:', 0x0) syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f"], 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240), 0xc2882, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, 0x0, 0x0) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f00000002c0)=ANY=[@ANYBLOB="159c4ca6d5f2db29c58d190c7d"], 0x2) r3 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x1c0002, 0x0) write$vga_arbiter(r3, &(0x7f0000000240)=@target={'target ', {'PCI:', '0', ':', '8', ':', '1f', '.', '1'}}, 0x14) r4 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f00020000000905050200de"], 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0xffffffffffffffff) syz_usb_disconnect(r4) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000029c0)={0x20, 0x3e, 0x107, 0x0, 0x0, {0x4, 0x7c}, [@nested={0xc, 0x11a, 0x0, 0x1, [@nested={0x8, 0xa, 0x0, 0x1, [@generic="ef0771c3"]}]}]}, 0x20}}, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x21, 0x92, 0xea, 0x8, 0x545, 0x800c, 0x30a, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x79, 0xe6, 0x1}}]}}]}}, 0x0) r5 = signalfd4(0xffffffffffffffff, &(0x7f00000000c0)={[0x1]}, 0x8, 0x0) faccessat2(r5, &(0x7f0000001400)='\x00', 0x0, 0x1100) r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]}) close_range(r6, 0xffffffffffffffff, 0x0) 5.361502843s ago: executing program 0 (id=32): socket$xdp(0x2c, 0x3, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) socket$inet(0xa, 0x801, 0x84) socket$inet(0xa, 0x801, 0x84) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[], 0x48) syz_mount_image$erofs(&(0x7f0000000180), &(0x7f00000000c0)='./file1\x00', 0x1000803, &(0x7f0000000080)=ANY=[], 0x0, 0x1fb, &(0x7f0000000b00)="$eJzsmb+L1EAUx78z+bHnIQc2FjYWHniil02yKtdccYKlIJyilsGLx2nuVvYi3B0ILjY22lkItjaWFhZWFv4FtlqoIFq4pZ0wMpNJMsTskl1Xm30f2NnvTN6+mffYfIsEBEHMLF8+//z0+MLKlTMADmMRLb3+3SpjuBH/8dm9009XLz5/9eHFu52F+2+q+RgAIZrv7wJ4u2YhBbOzFSGwUF5fLLKWXAXHKa2vgcHL5C+hyCYxGG7omNuG7h7SIom9m91k49ZWEvtyCOQQyqFj7iUPNegzbACYU6cTwjzN7v7BnShJ4l5VOCLf549L4wo+on/qfGscq8i7J4SMv/7oYV/OdW/gg+teAgE4Aq07YFjXegUteJ5XtsSo/5hd5rea1P9PxJOmwS+VOLLcLLOji5n8YPk98l+7MXvCmUoeVl2RN3SxcnSQe6AZ83XsvdxJT/jNnXLrlHEBiJzKP/z9fJJc+ovMbk2jClH6k3T2k4Y/2bAL/2in23fbu/sHy1vb0Wa8Ge+EYee8f9b3z4VtZUTZOML/5pQ/zRv5nSGxLnOxF6VpL9gD0l5QzMNsLAvA+uvuD/UbrvzPxtIJNVWeqspu1e/B9Ierb6mWrPrIB0NrIgiCIAiCIAiCIAiCIAiCqOc4GLI3YYLpB6J1hJfVE8rfAQAA//9DhGHK") syz_mount_image$ext4(&(0x7f0000000040)='ext3\x00', &(0x7f0000000000)='./bus\x00', 0x0, &(0x7f0000000300)={[{@oldalloc}, {@nombcache}, {@journal_ioprio={'journal_ioprio', 0x3d, 0x3}}, {@errors_remount}, {@bsdgroups}, {@minixdf}, {@journal_path={'journal_path', 0x3d, './file1'}}, {@usrjquota}]}, 0x1, 0x451, &(0x7f0000000680)="$eJzs28tvG8UfAPDvbh6/X1/EVOXRBzRQEBWPpElL6YELCCQOICHBoRxD4lahboOaINGqgoJQOaJK3BFHpP4FnOCCgBOCK3BGlSrUSwsno7V3G8e1XcdK6jT+fKRtZ3bHmfl6duzZHW8AA2s8+yeJ2B4Rv0fEWD27ssB4/b+b1y/M/nP9wmwS1epbfye1cjeuX5gtihav21ZkhiPSz5LY26LexXPnT81UKuWzeX5y6fT7k4vnzj83f3rmZPlk+cz0sWNHDk+9cHT6+TWJM4vrxp6PFvbtfu2dy2/MHr/87k9XkiL+pji6MXTnIuOdDj5Zra6mug1vR0M6Ge5jQ1iVofowjZHa+B+LoVjuvLF49dO+Ng5YV9Vqtfpg+8NXagWATSoxxGFAFV/02fVvsd2lqceGcO2l+gVQFvfNfKsfGY40LzPSdH27lsYj4vjFf7/Ktmi+D7FlnSoFAAbad9n859lW8780Gu8L3ZevoZQi4v6I2BkRRyNiV0Q8EFEr+1BEPLzK+psXSW6ff6ZXewqsS9n878V8bWvl/K+Y/UVpKM/tqMU/kpyYr5QPZe/Jr/vrJeYr5akOdXz/ym9ftDvWOP/Ltqz+Yi6Yt+Pq8P9WvmZuZmmm54CbXPskYs9wq/iTWysBSUTsjog9PdYx//Q3+9odaxP/aFd/eA3WmapfRzxV7/+L0RR/Iem8Pjn5/6iUD00WZ8Xtfv7l0pvt6r9z/6+vrP+3tjz/i/j/LCWN67WLq6/j0h+ft72m7PX8H03eXrHvw5mlpbNTEaPJ67V8qXH/dFO56eXyWfwHD7Qe/ztj+Z3YGxHZSfxIRDwaEfvztj8WEY9HxIEO8f/48hPv9R7/+srin+vY/9HU/8uJ0Wje0zoxdOqHb1dUWlpN/Fn/H6mlDuZ7uvn866ZdvZ3NAAAAcO9JI2J7JOnErXSaTkzUf8O/K7amlYXFpWdOLHxwZq7+jEApRtLiTtdYw/3QqfyyvshP578tLvKH8/vGXw5tqeUnZhcqc/0OHgbctjbjP/NXFw+5APe45nW0rX1qB3D3eV4TBpfxD4PL+IfB1WL8e/QMBkSr7/+P+9AO4O5rGv8dl/1MDGBzcf0Pg8v4h8Fl/MNAWtwSd35IfnMk0ojYAM3YLIlIN0QzJNYp0e9PJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgLXxXwAAAP//JI/k8w==") bind$inet6(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x40) r2 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x0, 0x0) fadvise64(r2, 0x3, 0xff39, 0x3) socket$unix(0x1, 0x2, 0x0) unshare(0x22020600) 3.127599624s ago: executing program 0 (id=33): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x1c5ed000) r2 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x2) r3 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_subtree(r3, &(0x7f0000000740), 0x2, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000000002, 0x0) io_setup(0x5, &(0x7f0000000140)) rmdir(&(0x7f0000000140)='./cgroup/../file0\x00') ppoll(&(0x7f0000000040)=[{r4, 0x830}], 0x1, 0x0, 0x0, 0x0) r5 = userfaultfd(0x1) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x15) ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f00000000c0)) 1.058802149s ago: executing program 3 (id=34): socket$xdp(0x2c, 0x3, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) socket$inet(0xa, 0x801, 0x84) socket$inet(0xa, 0x801, 0x84) syz_mount_image$erofs(&(0x7f0000000180), &(0x7f00000000c0)='./file1\x00', 0x1000803, &(0x7f0000000080)=ANY=[], 0x0, 0x1fb, &(0x7f0000000b00)="$eJzsmb+L1EAUx78z+bHnIQc2FjYWHniil02yKtdccYKlIJyilsGLx2nuVvYi3B0ILjY22lkItjaWFhZWFv4FtlqoIFq4pZ0wMpNJMsTskl1Xm30f2NnvTN6+mffYfIsEBEHMLF8+//z0+MLKlTMADmMRLb3+3SpjuBH/8dm9009XLz5/9eHFu52F+2+q+RgAIZrv7wJ4u2YhBbOzFSGwUF5fLLKWXAXHKa2vgcHL5C+hyCYxGG7omNuG7h7SIom9m91k49ZWEvtyCOQQyqFj7iUPNegzbACYU6cTwjzN7v7BnShJ4l5VOCLf549L4wo+on/qfGscq8i7J4SMv/7oYV/OdW/gg+teAgE4Aq07YFjXegUteJ5XtsSo/5hd5rea1P9PxJOmwS+VOLLcLLOji5n8YPk98l+7MXvCmUoeVl2RN3SxcnSQe6AZ83XsvdxJT/jNnXLrlHEBiJzKP/z9fJJc+ovMbk2jClH6k3T2k4Y/2bAL/2in23fbu/sHy1vb0Wa8Ge+EYee8f9b3z4VtZUTZOML/5pQ/zRv5nSGxLnOxF6VpL9gD0l5QzMNsLAvA+uvuD/UbrvzPxtIJNVWeqspu1e/B9Ierb6mWrPrIB0NrIgiCIAiCIAiCIAiCIAiCqOc4GLI3YYLpB6J1hJfVE8rfAQAA//9DhGHK") syz_mount_image$ext4(&(0x7f0000000040)='ext3\x00', &(0x7f0000000000)='./bus\x00', 0x0, &(0x7f0000000300)={[{@oldalloc}, {@nombcache}, {@journal_ioprio={'journal_ioprio', 0x3d, 0x3}}, {@errors_remount}, {@bsdgroups}, {@minixdf}, {@journal_path={'journal_path', 0x3d, './file1'}}, {@usrjquota}]}, 0x1, 0x451, &(0x7f0000000680)="$eJzs28tvG8UfAPDvbh6/X1/EVOXRBzRQEBWPpElL6YELCCQOICHBoRxD4lahboOaINGqgoJQOaJK3BFHpP4FnOCCgBOCK3BGlSrUSwsno7V3G8e1XcdK6jT+fKRtZ3bHmfl6duzZHW8AA2s8+yeJ2B4Rv0fEWD27ssB4/b+b1y/M/nP9wmwS1epbfye1cjeuX5gtihav21ZkhiPSz5LY26LexXPnT81UKuWzeX5y6fT7k4vnzj83f3rmZPlk+cz0sWNHDk+9cHT6+TWJM4vrxp6PFvbtfu2dy2/MHr/87k9XkiL+pji6MXTnIuOdDj5Zra6mug1vR0M6Ge5jQ1iVofowjZHa+B+LoVjuvLF49dO+Ng5YV9Vqtfpg+8NXagWATSoxxGFAFV/02fVvsd2lqceGcO2l+gVQFvfNfKsfGY40LzPSdH27lsYj4vjFf7/Ktmi+D7FlnSoFAAbad9n859lW8780Gu8L3ZevoZQi4v6I2BkRRyNiV0Q8EFEr+1BEPLzK+psXSW6ff6ZXewqsS9n878V8bWvl/K+Y/UVpKM/tqMU/kpyYr5QPZe/Jr/vrJeYr5akOdXz/ym9ftDvWOP/Ltqz+Yi6Yt+Pq8P9WvmZuZmmm54CbXPskYs9wq/iTWysBSUTsjog9PdYx//Q3+9odaxP/aFd/eA3WmapfRzxV7/+L0RR/Iem8Pjn5/6iUD00WZ8Xtfv7l0pvt6r9z/6+vrP+3tjz/i/j/LCWN67WLq6/j0h+ft72m7PX8H03eXrHvw5mlpbNTEaPJ67V8qXH/dFO56eXyWfwHD7Qe/ztj+Z3YGxHZSfxIRDwaEfvztj8WEY9HxIEO8f/48hPv9R7/+srin+vY/9HU/8uJ0Wje0zoxdOqHb1dUWlpN/Fn/H6mlDuZ7uvn866ZdvZ3NAAAAcO9JI2J7JOnErXSaTkzUf8O/K7amlYXFpWdOLHxwZq7+jEApRtLiTtdYw/3QqfyyvshP578tLvKH8/vGXw5tqeUnZhcqc/0OHgbctjbjP/NXFw+5APe45nW0rX1qB3D3eV4TBpfxD4PL+IfB1WL8e/QMBkSr7/+P+9AO4O5rGv8dl/1MDGBzcf0Pg8v4h8Fl/MNAWtwSd35IfnMk0ojYAM3YLIlIN0QzJNYp0e9PJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgLXxXwAAAP//JI/k8w==") bind$inet6(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$CEC_S_MODE(0xffffffffffffffff, 0x40046109, &(0x7f00000002c0)=0x1) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, 0x0, 0x0) r2 = openat$ttyS3(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, 0x0) ioctl$TCSETSW2(r2, 0x5408, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x40) r3 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x0, 0x0) fadvise64(r3, 0x3, 0xff39, 0x3) 48.914686ms ago: executing program 4 (id=35): sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000002100)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10) syz_usb_connect(0x0, 0x24, &(0x7f0000002c80)={{0x12, 0x1, 0x0, 0x41, 0x7, 0xf5, 0x40, 0xcf3, 0x9375, 0x1a9e, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xbe, 0xe4, 0xf9}}]}}]}}, 0x0) 0s ago: executing program 3 (id=36): openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) socket(0xa, 0x3, 0x3a) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) ioctl$VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0) r2 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r3, 0x3ba0, &(0x7f0000000200)={0x48}) r4 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x22902, 0x0) ioctl$FBIOBLANK(r4, 0x4611, 0x3) ioctl$FBIO_WAITFORVSYNC(r4, 0x40044620, 0x0) ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f0000000140)={0xc}) ioctl$IOMMU_HWPT_SET_DIRTY_TRACKING(r3, 0x3b8b, &(0x7f0000000040)={0x10, 0x1}) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x10b8}, 0xff00) r5 = socket$kcm(0xa, 0x5, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="1e00000000000000070040002800000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="040000000000000000000000fdff"], 0x50) ioctl$sock_kcm_SIOCKCMCLONE(r5, 0x890b, &(0x7f0000000000)) r6 = socket$kcm(0xa, 0x2, 0x0) sendmsg$inet(r6, &(0x7f0000000380)={&(0x7f0000000040)={0xa, 0xa, @local}, 0x1b, &(0x7f0000000180)=[{&(0x7f0000000080)="a2", 0xff0e}], 0x4, 0x0, 0x0, 0xa6820000}, 0x0) ioctl$IOMMU_DESTROY$hwpt(0xffffffffffffffff, 0x3b80, &(0x7f00000001c0)={0x8}) ioctl$VIDIOC_CREATE_BUFS(r2, 0xc100565c, &(0x7f0000000040)={0x0, 0xfff, 0x4, {0x9, @win={{0x3ac, 0x5, 0x2bc, 0x6d}, 0x5, 0xd, &(0x7f0000000300)={{0x5, 0x5cc, 0xfffffff7, 0x1}}, 0x452, &(0x7f0000000340)="9c", 0x22}}, 0xfffffffd}) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0) r7 = io_uring_setup(0x549c, &(0x7f0000000000)={0x0, 0x70e6, 0x2, 0x2, 0xf0}) io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(r7, 0x13, &(0x7f0000000400)=[0xe758, 0x8], 0x2) ioctl$TUNGETFEATURES(0xffffffffffffffff, 0x800454cf, &(0x7f00000000c0)) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.230' (ED25519) to the list of known hosts. [ 87.660874][ T5850] cgroup: Unknown subsys name 'net' [ 87.817733][ T5850] cgroup: Unknown subsys name 'cpuset' [ 87.828696][ T5850] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 89.615906][ T5850] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 92.565980][ T5865] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 92.575808][ T5867] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 92.587330][ T5871] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 92.596014][ T5871] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 92.606798][ T5873] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 92.615408][ T5873] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 92.623012][ T5873] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 92.631737][ T5873] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 92.640283][ T5873] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 92.648249][ T5873] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 92.655997][ T5873] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 92.664914][ T5873] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 92.672709][ T5873] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 92.681597][ T5873] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 92.694318][ T5878] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 92.722649][ T5875] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 92.738864][ T5879] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 92.749704][ T5875] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 92.759635][ T5876] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 92.767587][ T5875] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 92.781501][ T5875] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 92.791152][ T5879] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 92.795249][ T5875] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 92.811755][ T5879] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 92.820572][ T5879] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 93.499563][ T5872] chnl_net:caif_netlink_parms(): no params data found [ 93.704303][ T5861] chnl_net:caif_netlink_parms(): no params data found [ 93.725304][ T5869] chnl_net:caif_netlink_parms(): no params data found [ 93.910037][ T5872] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.917404][ T5872] bridge0: port 1(bridge_slave_0) entered disabled state [ 93.926102][ T5872] bridge_slave_0: entered allmulticast mode [ 93.934106][ T5872] bridge_slave_0: entered promiscuous mode [ 93.954832][ T5860] chnl_net:caif_netlink_parms(): no params data found [ 93.974099][ T5868] chnl_net:caif_netlink_parms(): no params data found [ 93.991213][ T5872] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.000082][ T5872] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.008119][ T5872] bridge_slave_1: entered allmulticast mode [ 94.015887][ T5872] bridge_slave_1: entered promiscuous mode [ 94.136576][ T5872] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 94.149495][ T5872] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 94.227506][ T5861] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.234837][ T5861] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.242221][ T5861] bridge_slave_0: entered allmulticast mode [ 94.249939][ T5861] bridge_slave_0: entered promiscuous mode [ 94.265550][ T5869] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.272725][ T5869] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.280281][ T5869] bridge_slave_0: entered allmulticast mode [ 94.289161][ T5869] bridge_slave_0: entered promiscuous mode [ 94.326843][ T5861] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.334430][ T5861] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.341765][ T5861] bridge_slave_1: entered allmulticast mode [ 94.349744][ T5861] bridge_slave_1: entered promiscuous mode [ 94.379280][ T5869] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.386597][ T5869] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.394036][ T5869] bridge_slave_1: entered allmulticast mode [ 94.401491][ T5869] bridge_slave_1: entered promiscuous mode [ 94.417170][ T5872] team0: Port device team_slave_0 added [ 94.501921][ T5872] team0: Port device team_slave_1 added [ 94.544068][ T5861] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 94.581596][ T5869] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 94.606501][ T5868] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.613896][ T5868] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.621260][ T5868] bridge_slave_0: entered allmulticast mode [ 94.629052][ T5868] bridge_slave_0: entered promiscuous mode [ 94.638918][ T5861] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 94.651504][ T5860] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.659115][ T5860] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.667459][ T5860] bridge_slave_0: entered allmulticast mode [ 94.674968][ T5860] bridge_slave_0: entered promiscuous mode [ 94.685009][ T5869] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 94.695275][ T5872] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 94.702275][ T5872] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 94.728909][ T5872] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 94.746902][ T5868] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.754276][ T5868] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.761565][ T5868] bridge_slave_1: entered allmulticast mode [ 94.769179][ T5868] bridge_slave_1: entered promiscuous mode [ 94.789562][ T5860] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.797012][ T5860] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.805439][ T5860] bridge_slave_1: entered allmulticast mode [ 94.812831][ T5860] bridge_slave_1: entered promiscuous mode [ 94.814934][ T5867] Bluetooth: hci1: command tx timeout [ 94.825206][ T5879] Bluetooth: hci4: command tx timeout [ 94.825215][ T52] Bluetooth: hci2: command tx timeout [ 94.841278][ T5872] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 94.848442][ T5872] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 94.875301][ T5872] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 94.894008][ T5879] Bluetooth: hci3: command tx timeout [ 94.899662][ T5879] Bluetooth: hci0: command tx timeout [ 94.998482][ T5868] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 95.010879][ T5861] team0: Port device team_slave_0 added [ 95.020338][ T5861] team0: Port device team_slave_1 added [ 95.029541][ T5860] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 95.041444][ T5869] team0: Port device team_slave_0 added [ 95.049970][ T5869] team0: Port device team_slave_1 added [ 95.059052][ T5868] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 95.084010][ T5860] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 95.225160][ T5868] team0: Port device team_slave_0 added [ 95.231643][ T5861] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 95.239228][ T5861] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 95.266642][ T5861] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 95.280611][ T5860] team0: Port device team_slave_0 added [ 95.288110][ T5869] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 95.295270][ T5869] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 95.321519][ T5869] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 95.339166][ T5872] hsr_slave_0: entered promiscuous mode [ 95.346382][ T5872] hsr_slave_1: entered promiscuous mode [ 95.355373][ T5868] team0: Port device team_slave_1 added [ 95.362273][ T5861] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 95.369582][ T5861] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 95.395971][ T5861] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 95.415320][ T5860] team0: Port device team_slave_1 added [ 95.422019][ T5869] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 95.429393][ T5869] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 95.456017][ T5869] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 95.509095][ T5868] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 95.516475][ T5868] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 95.544124][ T5868] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 95.642155][ T5868] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 95.649419][ T5868] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 95.675642][ T5868] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 95.715226][ T5860] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 95.722219][ T5860] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 95.748422][ T5860] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 95.778133][ T5869] hsr_slave_0: entered promiscuous mode [ 95.785875][ T5869] hsr_slave_1: entered promiscuous mode [ 95.792134][ T5869] debugfs: 'hsr0' already exists in 'hsr' [ 95.798263][ T5869] Cannot create hsr debugfs directory [ 95.811794][ T5861] hsr_slave_0: entered promiscuous mode [ 95.818469][ T5861] hsr_slave_1: entered promiscuous mode [ 95.825394][ T5861] debugfs: 'hsr0' already exists in 'hsr' [ 95.831170][ T5861] Cannot create hsr debugfs directory [ 95.854840][ T5860] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 95.861866][ T5860] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 95.887987][ T5860] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 96.100294][ T5868] hsr_slave_0: entered promiscuous mode [ 96.107507][ T5868] hsr_slave_1: entered promiscuous mode [ 96.114314][ T5868] debugfs: 'hsr0' already exists in 'hsr' [ 96.120152][ T5868] Cannot create hsr debugfs directory [ 96.137981][ T5860] hsr_slave_0: entered promiscuous mode [ 96.144587][ T5860] hsr_slave_1: entered promiscuous mode [ 96.150794][ T5860] debugfs: 'hsr0' already exists in 'hsr' [ 96.156725][ T5860] Cannot create hsr debugfs directory [ 96.661478][ T5872] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 96.679872][ T5872] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 96.691185][ T5872] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 96.715435][ T5872] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 96.794122][ T5869] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 96.808363][ T5869] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 96.839057][ T5869] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 96.850956][ T5869] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 96.894204][ T5867] Bluetooth: hci4: command tx timeout [ 96.899680][ T5867] Bluetooth: hci1: command tx timeout [ 96.905906][ T5879] Bluetooth: hci2: command tx timeout [ 96.907570][ T5861] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 96.936417][ T5861] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 96.949095][ T5861] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 96.959996][ T5861] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 96.974184][ T5867] Bluetooth: hci0: command tx timeout [ 96.980174][ T5867] Bluetooth: hci3: command tx timeout [ 97.106904][ T5868] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 97.123289][ T5868] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 97.143129][ T5868] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 97.157669][ T5868] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 97.304726][ T5860] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 97.318821][ T5860] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 97.331025][ T5860] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 97.342700][ T5860] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 97.386846][ T867] cfg80211: failed to load regulatory.db [ 97.400890][ T5861] 8021q: adding VLAN 0 to HW filter on device bond0 [ 97.422144][ T5872] 8021q: adding VLAN 0 to HW filter on device bond0 [ 97.488688][ T5861] 8021q: adding VLAN 0 to HW filter on device team0 [ 97.506496][ T5872] 8021q: adding VLAN 0 to HW filter on device team0 [ 97.530344][ T5869] 8021q: adding VLAN 0 to HW filter on device bond0 [ 97.548248][ T1140] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.555751][ T1140] bridge0: port 1(bridge_slave_0) entered forwarding state [ 97.598964][ T1140] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.606199][ T1140] bridge0: port 1(bridge_slave_0) entered forwarding state [ 97.629481][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.636795][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 97.660117][ T5869] 8021q: adding VLAN 0 to HW filter on device team0 [ 97.681031][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.688881][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 97.716046][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.723756][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 97.762769][ T1140] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.770136][ T1140] bridge0: port 2(bridge_slave_1) entered forwarding state [ 97.797366][ T5868] 8021q: adding VLAN 0 to HW filter on device bond0 [ 97.929419][ T5868] 8021q: adding VLAN 0 to HW filter on device team0 [ 97.952660][ T5861] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 98.025396][ T5860] 8021q: adding VLAN 0 to HW filter on device bond0 [ 98.037363][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.045190][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 98.117825][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.125480][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 98.171485][ T5860] 8021q: adding VLAN 0 to HW filter on device team0 [ 98.285122][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.292351][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 98.327238][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.334608][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 98.557106][ T5869] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 98.668698][ T5872] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 98.700769][ T5861] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 98.916455][ T5872] veth0_vlan: entered promiscuous mode [ 98.959809][ T5872] veth1_vlan: entered promiscuous mode [ 98.982179][ T5867] Bluetooth: hci1: command tx timeout [ 98.982203][ T5879] Bluetooth: hci2: command tx timeout [ 98.990956][ T52] Bluetooth: hci4: command tx timeout [ 99.010563][ T5861] veth0_vlan: entered promiscuous mode [ 99.054269][ T52] Bluetooth: hci3: command tx timeout [ 99.059879][ T5867] Bluetooth: hci0: command tx timeout [ 99.119064][ T5868] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 99.178490][ T5872] veth0_macvtap: entered promiscuous mode [ 99.195652][ T5861] veth1_vlan: entered promiscuous mode [ 99.222217][ T5872] veth1_macvtap: entered promiscuous mode [ 99.297378][ T5860] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 99.331295][ T5872] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 99.350595][ T5868] veth0_vlan: entered promiscuous mode [ 99.379669][ T5872] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 99.397824][ T5861] veth0_macvtap: entered promiscuous mode [ 99.410410][ T5861] veth1_macvtap: entered promiscuous mode [ 99.418938][ T5868] veth1_vlan: entered promiscuous mode [ 99.444188][ T65] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.466442][ T65] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.500010][ T5869] veth0_vlan: entered promiscuous mode [ 99.506286][ T65] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.516774][ T65] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.568952][ T5861] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 99.581713][ T5861] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 99.591745][ T5868] veth0_macvtap: entered promiscuous mode [ 99.622518][ T3566] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.636928][ T5868] veth1_macvtap: entered promiscuous mode [ 99.647240][ T5869] veth1_vlan: entered promiscuous mode [ 99.665830][ T3566] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.676482][ T3566] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.711017][ T3566] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.799794][ T5860] veth0_vlan: entered promiscuous mode [ 99.827688][ T5868] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 99.841092][ T5868] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 99.889285][ T65] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.902232][ T65] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.920066][ T5869] veth0_macvtap: entered promiscuous mode [ 99.940103][ T5860] veth1_vlan: entered promiscuous mode [ 99.960327][ T3543] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.969480][ T3543] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.982607][ T5869] veth1_macvtap: entered promiscuous mode [ 100.007872][ T3543] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.018576][ T3543] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.043840][ T65] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.053283][ T65] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.059212][ T5869] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 100.079259][ T5869] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 100.126852][ T65] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.160134][ T65] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.169503][ T65] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.179833][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.188795][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.213259][ T65] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.278736][ T5860] veth0_macvtap: entered promiscuous mode [ 100.301557][ T5860] veth1_macvtap: entered promiscuous mode [ 100.302991][ T5872] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 100.314498][ T65] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.343628][ T65] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.431420][ T3511] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.464900][ T3511] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.480973][ T5860] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 100.539329][ T5860] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 100.550191][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.561227][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.590048][ T65] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.624723][ T3566] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.650576][ T5988] process 'syz.3.4' launched './file1' with NULL argv: empty string added [ 100.833207][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 100.868530][ T3566] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.902423][ T5991] Zero length message leads to an empty skb [ 100.908957][ T3566] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.037920][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 101.079034][ T5867] Bluetooth: hci1: command tx timeout [ 101.081725][ T52] Bluetooth: hci4: command tx timeout [ 101.084649][ T5867] Bluetooth: hci2: command tx timeout [ 101.132770][ T5990] bridge_slave_1: left allmulticast mode [ 101.140973][ T5867] Bluetooth: hci0: command tx timeout [ 101.143541][ T52] Bluetooth: hci3: command tx timeout [ 101.152573][ T5990] bridge_slave_1: left promiscuous mode [ 101.167932][ T5990] bridge0: port 2(bridge_slave_1) entered disabled state [ 101.194504][ T5988] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 101.239741][ T5990] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check. [ 101.242864][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 101.272787][ T65] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.323104][ T65] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.447306][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 102.260218][ T65] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.269737][ T65] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.549852][ T65] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.586937][ T65] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.232045][ T65] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.271929][ T65] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.290963][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 103.693839][ T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!! [ 103.774141][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 103.782650][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 103.905652][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 103.915862][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 105.616223][ T6005] syz.1.6 uses obsolete (PF_INET,SOCK_PACKET) [ 107.742035][ T5983] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 109.250344][ T6039] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 109.372191][ T6041] capability: warning: `syz.0.13' uses deprecated v2 capabilities in a way that may be insecure [ 109.754145][ T10] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 110.111251][ T10] usb 2-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 110.138014][ T10] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 110.150122][ T10] usb 2-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 110.170532][ T10] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 110.189449][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 110.488561][ T10] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 110.613975][ T10] usb 2-1: invalid MIDI out EP 0 [ 110.833193][ T6043] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 110.844747][ T6043] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 111.409027][ T6050] udevd[6050]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 111.462157][ T6043] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 111.471804][ T30] audit: type=1326 audit(1757651309.726:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6037 comm="syz.1.12" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdd6198eba9 code=0x7ffc0000 [ 111.514394][ T10] snd-usb-audio 2-1:27.0: probe with driver snd-usb-audio failed with error -22 [ 111.535771][ T6043] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 111.663712][ T10] usb 2-1: USB disconnect, device number 2 [ 111.690537][ T30] audit: type=1326 audit(1757651309.736:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6037 comm="syz.1.12" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdd6198eba9 code=0x7ffc0000 [ 111.814329][ T30] audit: type=1326 audit(1757651309.736:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6037 comm="syz.1.12" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fdd6198d510 code=0x7ffc0000 [ 112.074720][ T30] audit: type=1326 audit(1757651309.736:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6037 comm="syz.1.12" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fdd6198e7ab code=0x7ffc0000 [ 112.100635][ T30] audit: type=1326 audit(1757651309.736:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6037 comm="syz.1.12" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fdd6198e7ab code=0x7ffc0000 [ 112.205442][ T30] audit: type=1326 audit(1757651309.826:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6037 comm="syz.1.12" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdd6198eba9 code=0x7ffc0000 [ 112.230573][ T30] audit: type=1326 audit(1757651309.826:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6037 comm="syz.1.12" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdd6198eba9 code=0x7ffc0000 [ 112.282370][ T30] audit: type=1326 audit(1757651309.826:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6037 comm="syz.1.12" exe="/root/syz-executor" sig=0 arch=c000003e syscall=289 compat=0 ip=0x7fdd6198eba9 code=0x7ffc0000 [ 112.363268][ T30] audit: type=1326 audit(1757651309.826:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6037 comm="syz.1.12" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdd6198eba9 code=0x7ffc0000 [ 112.518329][ T30] audit: type=1326 audit(1757651309.826:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6037 comm="syz.1.12" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdd6198eba9 code=0x7ffc0000 [ 112.546529][ T6055] Bluetooth: MGMT ver 1.23 [ 112.953640][ T5983] usb 5-1: device descriptor read/64, error -110 [ 113.383627][ T5983] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 114.265317][ T5983] usb 5-1: device descriptor read/64, error -32 [ 114.380409][ T5983] usb usb5-port1: attempt power cycle [ 114.447909][ T6069] loop2: detected capacity change from 0 to 16 [ 114.491277][ T6063] bridge_slave_0: left allmulticast mode [ 114.497201][ T6063] bridge_slave_0: left promiscuous mode [ 114.503764][ T6063] bridge0: port 1(bridge_slave_0) entered disabled state [ 115.035017][ T6069] erofs (device loop2): mounted with root inode @ nid 36. [ 115.418056][ T6078] erofs (device loop2): readahead error at folio 12 @ nid 36 [ 115.428874][ T6078] erofs (device loop2): readahead error at folio 9 @ nid 36 [ 115.443677][ T6078] erofs (device loop2): readahead error at folio 6 @ nid 36 [ 115.453521][ T6078] erofs (device loop2): readahead error at folio 4 @ nid 36 [ 115.596957][ T6078] syz.2.19: attempt to access beyond end of device [ 115.596957][ T6078] loop2: rw=524288, sector=1049264, nr_sectors = 16 limit=16 [ 115.640405][ T6078] syz.2.19: attempt to access beyond end of device [ 115.640405][ T6078] loop2: rw=524288, sector=376, nr_sectors = 16 limit=16 [ 115.654402][ T6078] syz.2.19: attempt to access beyond end of device [ 115.654402][ T6078] loop2: rw=524288, sector=0, nr_sectors = 24 limit=16 [ 115.668208][ T6078] syz.2.19: attempt to access beyond end of device [ 115.668208][ T6078] loop2: rw=524288, sector=720, nr_sectors = 16 limit=16 [ 115.683329][ T6078] syz.2.19: attempt to access beyond end of device [ 115.683329][ T6078] loop2: rw=524288, sector=525144, nr_sectors = 16 limit=16 [ 115.909540][ T6063] bridge_slave_1: left allmulticast mode [ 115.917402][ T6063] bridge_slave_1: left promiscuous mode [ 115.923390][ T6063] bridge0: port 2(bridge_slave_1) entered disabled state [ 116.103647][ T5983] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 116.183761][ T6080] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(8) [ 116.190524][ T6080] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 116.205437][ T6080] vhci_hcd vhci_hcd.0: Device attached [ 116.218621][ T6082] vhci_hcd: connection closed [ 116.221705][ T13] vhci_hcd: stop threads [ 116.269916][ T13] vhci_hcd: release socket [ 116.300041][ T13] vhci_hcd: disconnect device [ 116.345328][ T6088] loop1: detected capacity change from 0 to 16 [ 116.356598][ T6063] bond0: (slave bond_slave_0): Releasing backup interface [ 116.384196][ T5983] usb 5-1: config 0 has no interfaces? [ 116.401084][ T5983] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 116.445271][ T5983] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 116.514815][ T5983] usb 5-1: Product: syz [ 116.544225][ T6088] erofs (device loop1): mounted with root inode @ nid 36. [ 116.560595][ T5983] usb 5-1: Manufacturer: syz [ 116.584416][ T6063] bond0: (slave bond_slave_1): Releasing backup interface [ 116.606796][ T5983] usb 5-1: SerialNumber: syz [ 116.878492][ T6089] erofs (device loop1): readahead error at folio 12 @ nid 36 [ 116.889179][ T6089] erofs (device loop1): readahead error at folio 9 @ nid 36 [ 116.899624][ T6089] erofs (device loop1): readahead error at folio 6 @ nid 36 [ 116.907683][ T6089] erofs (device loop1): readahead error at folio 4 @ nid 36 [ 116.920811][ T6089] syz.1.21: attempt to access beyond end of device [ 116.920811][ T6089] loop1: rw=524288, sector=1049264, nr_sectors = 16 limit=16 [ 116.936924][ T6089] syz.1.21: attempt to access beyond end of device [ 116.936924][ T6089] loop1: rw=524288, sector=376, nr_sectors = 16 limit=16 [ 116.952505][ T6089] syz.1.21: attempt to access beyond end of device [ 116.952505][ T6089] loop1: rw=524288, sector=0, nr_sectors = 24 limit=16 [ 116.967173][ T6089] syz.1.21: attempt to access beyond end of device [ 116.967173][ T6089] loop1: rw=524288, sector=720, nr_sectors = 16 limit=16 [ 116.983180][ T6089] syz.1.21: attempt to access beyond end of device [ 116.983180][ T6089] loop1: rw=524288, sector=525144, nr_sectors = 16 limit=16 [ 117.357894][ T5983] usb 5-1: config 0 descriptor?? [ 117.386995][ T6063] team0: Port device team_slave_0 removed [ 117.407528][ T6063] team0: Port device team_slave_1 removed [ 117.414951][ T6063] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 117.444955][ T6092] erofs (device loop1): failed to decompress -32 in[46, 4050] out[4096] [ 117.486510][ T6063] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 117.517738][ T6092] erofs (device loop1): read error -117 @ 8200 of nid 36 [ 117.532126][ T6063] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 117.540473][ T6063] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 117.553023][ T6063] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 118.727664][ T5983] usb 5-1: can't set config #0, error -71 [ 118.782501][ T6100] loop1: detected capacity change from 0 to 512 [ 118.794582][ T5983] usb 5-1: USB disconnect, device number 5 [ 118.904954][ T6100] EXT4-fs: Ignoring removed nobh option [ 118.910623][ T6100] EXT4-fs: Ignoring removed i_version option [ 118.977816][ T6100] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 119.032031][ T6102] loop4: detected capacity change from 0 to 512 [ 119.089537][ T6102] journal_path: Lookup failure for './file0' [ 119.120616][ T6102] EXT4-fs: error: could not find journal device path [ 119.145524][ T6100] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 120.515114][ T6100] EXT4-fs (loop1): 1 truncate cleaned up [ 121.396936][ T6100] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 121.471488][ T6097] ======================================================= [ 121.471488][ T6097] WARNING: The mand mount option has been deprecated and [ 121.471488][ T6097] and is ignored by this kernel. Remove the mand [ 121.471488][ T6097] option from the mount to silence this warning. [ 121.471488][ T6097] ======================================================= [ 122.738847][ T5861] EXT4-fs error (device loop1): ext4_lookup:1787: inode #14: comm syz-executor: invalid fast symlink length 39 [ 122.805237][ T5861] EXT4-fs (loop1): Remounting filesystem read-only [ 123.395963][ T6127] loop0: detected capacity change from 0 to 16 [ 123.435123][ T6127] erofs (device loop0): mounted with root inode @ nid 36. [ 123.673371][ T6127] erofs (device loop0): readahead error at folio 12 @ nid 36 [ 123.681250][ T6127] erofs (device loop0): readahead error at folio 9 @ nid 36 [ 123.689275][ T6127] erofs (device loop0): readahead error at folio 6 @ nid 36 [ 123.696799][ T6127] erofs (device loop0): readahead error at folio 4 @ nid 36 [ 123.705031][ T6127] syz.0.30: attempt to access beyond end of device [ 123.705031][ T6127] loop0: rw=524288, sector=1049264, nr_sectors = 16 limit=16 [ 123.719147][ T6127] syz.0.30: attempt to access beyond end of device [ 123.719147][ T6127] loop0: rw=524288, sector=376, nr_sectors = 16 limit=16 [ 123.732886][ T6127] syz.0.30: attempt to access beyond end of device [ 123.732886][ T6127] loop0: rw=524288, sector=0, nr_sectors = 24 limit=16 [ 123.746447][ T6127] syz.0.30: attempt to access beyond end of device [ 123.746447][ T6127] loop0: rw=524288, sector=720, nr_sectors = 16 limit=16 [ 123.760116][ T6127] syz.0.30: attempt to access beyond end of device [ 123.760116][ T6127] loop0: rw=524288, sector=525144, nr_sectors = 16 limit=16 [ 124.033707][ T2152] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 124.183650][ T9] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 124.239587][ T2152] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 124.344815][ T2152] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 124.348765][ T6135] loop0: detected capacity change from 0 to 16 [ 124.363658][ T9] usb 5-1: Using ep0 maxpacket: 16 [ 124.388879][ T9] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 124.390539][ T2152] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 124.445570][ T6135] erofs (device loop0): mounted with root inode @ nid 36. [ 124.468020][ T2152] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 124.521493][ T6131] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 124.550367][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 124.579119][ T2152] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 124.641335][ T9] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 124.692895][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 124.832937][ T6136] erofs (device loop0): readahead error at folio 12 @ nid 36 [ 124.847326][ T6136] erofs (device loop0): readahead error at folio 9 @ nid 36 [ 124.856491][ T6136] erofs (device loop0): readahead error at folio 6 @ nid 36 [ 124.864462][ T6136] erofs (device loop0): readahead error at folio 4 @ nid 36 [ 124.875036][ T6136] syz.0.32: attempt to access beyond end of device [ 124.875036][ T6136] loop0: rw=524288, sector=1049264, nr_sectors = 16 limit=16 [ 124.890025][ T6136] syz.0.32: attempt to access beyond end of device [ 124.890025][ T6136] loop0: rw=524288, sector=376, nr_sectors = 16 limit=16 [ 124.912343][ T6136] syz.0.32: attempt to access beyond end of device [ 124.912343][ T6136] loop0: rw=524288, sector=0, nr_sectors = 24 limit=16 [ 124.926840][ T6136] syz.0.32: attempt to access beyond end of device [ 124.926840][ T6136] loop0: rw=524288, sector=720, nr_sectors = 16 limit=16 [ 124.941371][ T6136] syz.0.32: attempt to access beyond end of device [ 124.941371][ T6136] loop0: rw=524288, sector=525144, nr_sectors = 16 limit=16 [ 125.420772][ T9] usb 5-1: Product: syz [ 125.454112][ T6131] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 125.464050][ T6131] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 125.472906][ T9] usb 5-1: Manufacturer: syz [ 125.612594][ T9] usb 5-1: SerialNumber: syz [ 125.837764][ T6131] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 125.848533][ T30] kauditd_printk_skb: 12 callbacks suppressed [ 125.848582][ T30] audit: type=1326 audit(1757651324.086:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6128 comm="syz.3.31" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c9998eba9 code=0x7ffc0000 [ 125.924173][ T30] audit: type=1326 audit(1757651324.096:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6128 comm="syz.3.31" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f8c9998d510 code=0x7ffc0000 [ 125.924261][ T9] usb 5-1: config 0 descriptor?? [ 125.974578][ T6131] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 126.128614][ T5983] usb 4-1: USB disconnect, device number 2 [ 126.168695][ T30] audit: type=1326 audit(1757651324.096:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6128 comm="syz.3.31" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f8c9998e7ab code=0x7ffc0000 [ 126.299137][ T30] audit: type=1326 audit(1757651324.106:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6128 comm="syz.3.31" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f8c9998e7ab code=0x7ffc0000 [ 126.364011][ T9] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 126.379758][ T30] audit: type=1326 audit(1757651324.256:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6128 comm="syz.3.31" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c9998eba9 code=0x7ffc0000 [ 126.448636][ T30] audit: type=1326 audit(1757651324.266:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6128 comm="syz.3.31" exe="/root/syz-executor" sig=0 arch=c000003e syscall=289 compat=0 ip=0x7f8c9998eba9 code=0x7ffc0000 [ 126.492845][ T30] audit: type=1326 audit(1757651324.276:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6128 comm="syz.3.31" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c9998eba9 code=0x7ffc0000 [ 126.516170][ T9] em28xx 5-1:0.0: Audio interface 0 found (Vendor Class) [ 126.587342][ T30] audit: type=1326 audit(1757651324.276:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6128 comm="syz.3.31" exe="/root/syz-executor" sig=0 arch=c000003e syscall=439 compat=0 ip=0x7f8c9998eba9 code=0x7ffc0000 [ 126.978856][ T9] em28xx 5-1:0.0: unknown em28xx chip ID (0) [ 127.008690][ T9] em28xx 5-1:0.0: Config register raw data: 0xfffffffb [ 127.102997][ T30] audit: type=1326 audit(1757651324.276:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6128 comm="syz.3.31" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c9998eba9 code=0x7ffc0000 [ 127.794514][ T9] em28xx 5-1:0.0: AC97 chip type couldn't be determined [ 127.904170][ T30] audit: type=1326 audit(1757651324.286:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6128 comm="syz.3.31" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c9998eba9 code=0x7ffc0000 [ 127.947611][ T9] em28xx 5-1:0.0: No AC97 audio processor [ 128.356956][ T6150] loop3: detected capacity change from 0 to 16 [ 128.464401][ T6150] erofs (device loop3): mounted with root inode @ nid 36. [ 128.691485][ T6152] erofs (device loop3): readahead error at folio 12 @ nid 36 [ 128.701699][ T6152] erofs (device loop3): readahead error at folio 9 @ nid 36 [ 128.711598][ T6152] erofs (device loop3): readahead error at folio 6 @ nid 36 [ 128.720342][ T6152] erofs (device loop3): readahead error at folio 4 @ nid 36 [ 128.730905][ T6152] syz.3.34: attempt to access beyond end of device [ 128.730905][ T6152] loop3: rw=524288, sector=1049264, nr_sectors = 16 limit=16 [ 128.751672][ T6152] syz.3.34: attempt to access beyond end of device [ 128.751672][ T6152] loop3: rw=524288, sector=376, nr_sectors = 16 limit=16 [ 128.767783][ T6152] syz.3.34: attempt to access beyond end of device [ 128.767783][ T6152] loop3: rw=524288, sector=0, nr_sectors = 24 limit=16 [ 128.786303][ T6152] syz.3.34: attempt to access beyond end of device [ 128.786303][ T6152] loop3: rw=524288, sector=720, nr_sectors = 16 limit=16 [ 128.806176][ T6152] syz.3.34: attempt to access beyond end of device [ 128.806176][ T6152] loop3: rw=524288, sector=525144, nr_sectors = 16 limit=16 [ 129.218122][ T5928] usb 5-1: USB disconnect, device number 6 [ 129.225541][ T5928] em28xx 5-1:0.0: Disconnecting em28xx [ 129.332759][ T5928] ================================================================== [ 129.340906][ T5928] BUG: KASAN: slab-use-after-free in media_devnode_unregister+0xe2/0xf0 [ 129.349458][ T5928] Read of size 4 at addr ffff88807bd424f0 by task kworker/0:5/5928 [ 129.357377][ T5928] [ 129.359737][ T5928] CPU: 0 UID: 0 PID: 5928 Comm: kworker/0:5 Not tainted syzkaller #0 PREEMPT(full) [ 129.359757][ T5928] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 129.359770][ T5928] Workqueue: usb_hub_wq hub_event [ 129.359802][ T5928] Call Trace: [ 129.359811][ T5928] [ 129.359819][ T5928] dump_stack_lvl+0x189/0x250 [ 129.359840][ T5928] ? rcu_is_watching+0x15/0xb0 [ 129.359864][ T5928] ? __kasan_check_byte+0x12/0x40 [ 129.359887][ T5928] ? __pfx_dump_stack_lvl+0x10/0x10 [ 129.359905][ T5928] ? rcu_is_watching+0x15/0xb0 [ 129.359928][ T5928] ? lock_release+0x4b/0x3e0 [ 129.359951][ T5928] ? __virt_addr_valid+0x1c8/0x5c0 [ 129.359968][ T5928] ? __virt_addr_valid+0x4a5/0x5c0 [ 129.359986][ T5928] print_report+0xca/0x240 [ 129.360001][ T5928] ? media_devnode_unregister+0xe2/0xf0 [ 129.360022][ T5928] kasan_report+0x118/0x150 [ 129.360045][ T5928] ? media_devnode_unregister+0xe2/0xf0 [ 129.360070][ T5928] media_devnode_unregister+0xe2/0xf0 [ 129.360092][ T5928] media_device_unregister+0x37c/0x400 [ 129.360114][ T5928] ? em28xx_audio_fini+0x59/0x1b0 [ 129.360135][ T5928] em28xx_release_resources+0xac/0x240 [ 129.360169][ T5928] em28xx_usb_disconnect+0x19f/0x2f0 [ 129.360199][ T5928] usb_unbind_interface+0x26e/0x910 [ 129.360222][ T5928] ? __pfx_usb_unbind_interface+0x10/0x10 [ 129.360241][ T5928] device_release_driver_internal+0x4d9/0x800 [ 129.360270][ T5928] bus_remove_device+0x34d/0x410 [ 129.360292][ T5928] device_del+0x511/0x8e0 [ 129.360318][ T5928] ? __pfx_device_del+0x10/0x10 [ 129.360340][ T5928] ? kobject_put+0x446/0x480 [ 129.360359][ T5928] usb_disable_device+0x3e9/0x8a0 [ 129.360380][ T5928] usb_disconnect+0x330/0x950 [ 129.360397][ T5928] hub_event+0x1cf5/0x4a20 [ 129.360414][ T5928] ? __pfx___resched_curr+0x10/0x10 [ 129.360446][ T5928] ? do_raw_spin_lock+0x121/0x290 [ 129.360464][ T5928] ? register_lock_class+0x51/0x320 [ 129.360491][ T5928] ? __pfx_hub_event+0x10/0x10 [ 129.360508][ T5928] ? process_scheduled_works+0x9ef/0x17b0 [ 129.360533][ T5928] ? _raw_spin_unlock_irq+0x23/0x50 [ 129.360555][ T5928] ? process_scheduled_works+0x9ef/0x17b0 [ 129.360578][ T5928] ? process_scheduled_works+0x9ef/0x17b0 [ 129.360610][ T5928] process_scheduled_works+0xae1/0x17b0 [ 129.360644][ T5928] ? __pfx_process_scheduled_works+0x10/0x10 [ 129.360673][ T5928] worker_thread+0x8a0/0xda0 [ 129.360698][ T5928] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 129.360724][ T5928] ? __kthread_parkme+0x7b/0x200 [ 129.360742][ T5928] kthread+0x711/0x8a0 [ 129.360760][ T5928] ? __pfx_worker_thread+0x10/0x10 [ 129.360783][ T5928] ? __pfx_kthread+0x10/0x10 [ 129.360800][ T5928] ? _raw_spin_unlock_irq+0x23/0x50 [ 129.360822][ T5928] ? lockdep_hardirqs_on+0x9c/0x150 [ 129.360845][ T5928] ? __pfx_kthread+0x10/0x10 [ 129.360862][ T5928] ret_from_fork+0x47c/0x820 [ 129.360885][ T5928] ? __pfx_ret_from_fork+0x10/0x10 [ 129.360910][ T5928] ? __switch_to_asm+0x39/0x70 [ 129.360930][ T5928] ? __switch_to_asm+0x33/0x70 [ 129.360950][ T5928] ? __pfx_kthread+0x10/0x10 [ 129.360966][ T5928] ret_from_fork_asm+0x1a/0x30 [ 129.360994][ T5928] [ 129.361000][ T5928] [ 129.664217][ T5928] Allocated by task 9: [ 129.668396][ T5928] kasan_save_track+0x3e/0x80 [ 129.673080][ T5928] __kasan_kmalloc+0x93/0xb0 [ 129.677793][ T5928] __kmalloc_cache_noprof+0x3d5/0x6f0 [ 129.683182][ T5928] __media_device_register+0x58/0x280 [ 129.688572][ T5928] em28xx_usb_probe+0x1764/0x2a20 [ 129.693967][ T5928] usb_probe_interface+0x665/0xc30 [ 129.699100][ T5928] really_probe+0x26d/0x9e0 [ 129.703699][ T5928] __driver_probe_device+0x18c/0x2f0 [ 129.709041][ T5928] driver_probe_device+0x4f/0x430 [ 129.714080][ T5928] __device_attach_driver+0x2ce/0x530 [ 129.719477][ T5928] bus_for_each_drv+0x24e/0x2e0 [ 129.724349][ T5928] __device_attach+0x2b8/0x400 [ 129.729150][ T5928] bus_probe_device+0x185/0x260 [ 129.734024][ T5928] device_add+0x7b6/0xb50 [ 129.738365][ T5928] usb_set_configuration+0x1a87/0x20e0 [ 129.743922][ T5928] usb_generic_driver_probe+0x8d/0x150 [ 129.749411][ T5928] usb_probe_device+0x1c1/0x390 [ 129.754268][ T5928] really_probe+0x26d/0x9e0 [ 129.758769][ T5928] __driver_probe_device+0x18c/0x2f0 [ 129.764061][ T5928] driver_probe_device+0x4f/0x430 [ 129.769095][ T5928] __device_attach_driver+0x2ce/0x530 [ 129.774479][ T5928] bus_for_each_drv+0x24e/0x2e0 [ 129.779341][ T5928] __device_attach+0x2b8/0x400 [ 129.784158][ T5928] bus_probe_device+0x185/0x260 [ 129.789020][ T5928] device_add+0x7b6/0xb50 [ 129.793359][ T5928] usb_new_device+0xa39/0x16f0 [ 129.798142][ T5928] hub_event+0x2958/0x4a20 [ 129.802763][ T5928] process_scheduled_works+0xae1/0x17b0 [ 129.808327][ T5928] worker_thread+0x8a0/0xda0 [ 129.812982][ T5928] kthread+0x711/0x8a0 [ 129.817186][ T5928] ret_from_fork+0x47c/0x820 [ 129.821798][ T5928] ret_from_fork_asm+0x1a/0x30 [ 129.826598][ T5928] [ 129.829051][ T5928] Freed by task 5928: [ 129.833155][ T5928] kasan_save_track+0x3e/0x80 [ 129.838132][ T5928] __kasan_save_free_info+0x46/0x50 [ 129.843650][ T5928] __kasan_slab_free+0x5b/0x80 [ 129.848754][ T5928] kfree+0x199/0x6d0 [ 129.852771][ T5928] media_devnode_release+0x61/0xa0 [ 129.857993][ T5928] device_release+0x99/0x1c0 [ 129.862606][ T5928] kobject_put+0x228/0x480 [ 129.867047][ T5928] media_devnode_unregister+0x6d/0xf0 [ 129.872444][ T5928] media_device_unregister+0x37c/0x400 [ 129.878959][ T5928] em28xx_release_resources+0xac/0x240 [ 129.884442][ T5928] em28xx_usb_disconnect+0x19f/0x2f0 [ 129.889814][ T5928] usb_unbind_interface+0x26e/0x910 [ 129.895217][ T5928] device_release_driver_internal+0x4d9/0x800 [ 129.901591][ T5928] bus_remove_device+0x34d/0x410 [ 129.906605][ T5928] device_del+0x511/0x8e0 [ 129.910967][ T5928] usb_disable_device+0x3e9/0x8a0 [ 129.916131][ T5928] usb_disconnect+0x330/0x950 [ 129.920840][ T5928] hub_event+0x1cf5/0x4a20 [ 129.925292][ T5928] process_scheduled_works+0xae1/0x17b0 [ 129.930952][ T5928] worker_thread+0x8a0/0xda0 [ 129.935754][ T5928] kthread+0x711/0x8a0 [ 129.940103][ T5928] ret_from_fork+0x47c/0x820 [ 129.944714][ T5928] ret_from_fork_asm+0x1a/0x30 [ 129.949785][ T5928] [ 129.952113][ T5928] The buggy address belongs to the object at ffff88807bd42000 [ 129.952113][ T5928] which belongs to the cache kmalloc-2k of size 2048 [ 129.966208][ T5928] The buggy address is located 1264 bytes inside of [ 129.966208][ T5928] freed 2048-byte region [ffff88807bd42000, ffff88807bd42800) [ 129.980280][ T5928] [ 129.982610][ T5928] The buggy address belongs to the physical page: [ 129.989042][ T5928] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7bd40 [ 129.997822][ T5928] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 130.006333][ T5928] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 130.014337][ T5928] page_type: f5(slab) [ 130.018352][ T5928] raw: 00fff00000000040 ffff88801a842000 0000000000000000 dead000000000001 [ 130.026963][ T5928] raw: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000 [ 130.035565][ T5928] head: 00fff00000000040 ffff88801a842000 0000000000000000 dead000000000001 [ 130.044251][ T5928] head: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000 [ 130.052940][ T5928] head: 00fff00000000003 ffffea0001ef5001 00000000ffffffff 00000000ffffffff [ 130.061623][ T5928] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 130.070312][ T5928] page dumped because: kasan: bad access detected [ 130.076972][ T5928] page_owner tracks the page as allocated [ 130.082698][ T5928] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 2152, tgid 2152 (kworker/1:2), ts 104574623973, free_ts 104540190899 [ 130.104573][ T5928] post_alloc_hook+0x240/0x2a0 [ 130.110615][ T5928] get_page_from_freelist+0x21e4/0x22c0 [ 130.116188][ T5928] __alloc_frozen_pages_noprof+0x181/0x370 [ 130.122022][ T5928] alloc_pages_mpol+0x232/0x4a0 [ 130.126914][ T5928] allocate_slab+0x8a/0x330 [ 130.131570][ T5928] ___slab_alloc+0xbd1/0x13f0 [ 130.136447][ T5928] __slab_alloc+0x55/0xa0 [ 130.140899][ T5928] __kmalloc_node_track_caller_noprof+0x5c7/0x800 [ 130.147786][ T5928] kmalloc_reserve+0x136/0x290 [ 130.152665][ T5928] __alloc_skb+0x142/0x2d0 [ 130.157108][ T5928] mld_newpack+0x13c/0xc40 [ 130.161540][ T5928] add_grhead+0x5a/0x2a0 [ 130.165794][ T5928] add_grec+0x1452/0x1740 [ 130.170238][ T5928] mld_ifc_work+0x6ed/0xd60 [ 130.175273][ T5928] process_scheduled_works+0xae1/0x17b0 [ 130.180833][ T5928] worker_thread+0x8a0/0xda0 [ 130.185651][ T5928] page last free pid 65 tgid 65 stack trace: [ 130.191734][ T5928] __free_frozen_pages+0xbc4/0xd30 [ 130.196870][ T5928] __put_partials+0x146/0x170 [ 130.201593][ T5928] put_cpu_partial+0x17c/0x250 [ 130.206368][ T5928] __slab_free+0x2b9/0x390 [ 130.210831][ T5928] qlist_free_all+0x97/0x140 [ 130.215480][ T5928] kasan_quarantine_reduce+0x148/0x160 [ 130.220961][ T5928] __kasan_slab_alloc+0x22/0x80 [ 130.225829][ T5928] kmem_cache_alloc_node_noprof+0x433/0x710 [ 130.231740][ T5928] __alloc_skb+0x112/0x2d0 [ 130.236160][ T5928] mld_newpack+0x13c/0xc40 [ 130.240671][ T5928] add_grhead+0x5a/0x2a0 [ 130.244929][ T5928] add_grec+0x1452/0x1740 [ 130.249279][ T5928] mld_send_initial_cr+0x288/0x550 [ 130.254517][ T5928] ipv6_mc_dad_complete+0x88/0x410 [ 130.259699][ T5928] addrconf_dad_completed+0x6d5/0xd60 [ 130.265076][ T5928] addrconf_dad_work+0xc36/0x14b0 [ 130.270140][ T5928] [ 130.272471][ T5928] Memory state around the buggy address: [ 130.278112][ T5928] ffff88807bd42380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 130.286283][ T5928] ffff88807bd42400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 130.294465][ T5928] >ffff88807bd42480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 130.302546][ T5928] ^ [ 130.310299][ T5928] ffff88807bd42500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 130.318382][ T5928] ffff88807bd42580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 130.326459][ T5928] ================================================================== [ 130.676632][ T5928] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 130.683911][ T5928] CPU: 0 UID: 0 PID: 5928 Comm: kworker/0:5 Not tainted syzkaller #0 PREEMPT(full) [ 130.693409][ T5928] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 130.703631][ T5928] Workqueue: usb_hub_wq hub_event [ 130.708724][ T5928] Call Trace: [ 130.712083][ T5928] [ 130.715055][ T5928] dump_stack_lvl+0x99/0x250 [ 130.719723][ T5928] ? __asan_memcpy+0x40/0x70 [ 130.724795][ T5928] ? __pfx_dump_stack_lvl+0x10/0x10 [ 130.730043][ T5928] ? __pfx__printk+0x10/0x10 [ 130.734705][ T5928] vpanic+0x237/0x6d0 [ 130.738735][ T5928] ? __pfx_vpanic+0x10/0x10 [ 130.743369][ T5928] ? preempt_schedule+0xae/0xc0 [ 130.748368][ T5928] ? __pfx_preempt_schedule+0x10/0x10 [ 130.753792][ T5928] panic+0xb9/0xc0 [ 130.757541][ T5928] ? __pfx_panic+0x10/0x10 [ 130.761978][ T5928] ? _raw_spin_unlock_irqrestore+0xfd/0x110 [ 130.768004][ T5928] ? media_devnode_unregister+0xe2/0xf0 [ 130.773583][ T5928] check_panic_on_warn+0x89/0xb0 [ 130.778564][ T5928] ? media_devnode_unregister+0xe2/0xf0 [ 130.784229][ T5928] end_report+0x78/0x160 [ 130.788512][ T5928] kasan_report+0x129/0x150 [ 130.793045][ T5928] ? media_devnode_unregister+0xe2/0xf0 [ 130.798934][ T5928] media_devnode_unregister+0xe2/0xf0 [ 130.804456][ T5928] media_device_unregister+0x37c/0x400 [ 130.810410][ T5928] ? em28xx_audio_fini+0x59/0x1b0 [ 130.815686][ T5928] em28xx_release_resources+0xac/0x240 [ 130.821418][ T5928] em28xx_usb_disconnect+0x19f/0x2f0 [ 130.826834][ T5928] usb_unbind_interface+0x26e/0x910 [ 130.832068][ T5928] ? __pfx_usb_unbind_interface+0x10/0x10 [ 130.837841][ T5928] device_release_driver_internal+0x4d9/0x800 [ 130.844046][ T5928] bus_remove_device+0x34d/0x410 [ 130.849212][ T5928] device_del+0x511/0x8e0 [ 130.853586][ T5928] ? __pfx_device_del+0x10/0x10 [ 130.858561][ T5928] ? kobject_put+0x446/0x480 [ 130.863168][ T5928] usb_disable_device+0x3e9/0x8a0 [ 130.868212][ T5928] usb_disconnect+0x330/0x950 [ 130.872914][ T5928] hub_event+0x1cf5/0x4a20 [ 130.877358][ T5928] ? __pfx___resched_curr+0x10/0x10 [ 130.882613][ T5928] ? do_raw_spin_lock+0x121/0x290 [ 130.887660][ T5928] ? register_lock_class+0x51/0x320 [ 130.892892][ T5928] ? __pfx_hub_event+0x10/0x10 [ 130.897763][ T5928] ? process_scheduled_works+0x9ef/0x17b0 [ 130.904027][ T5928] ? _raw_spin_unlock_irq+0x23/0x50 [ 130.909246][ T5928] ? process_scheduled_works+0x9ef/0x17b0 [ 130.914992][ T5928] ? process_scheduled_works+0x9ef/0x17b0 [ 130.920734][ T5928] process_scheduled_works+0xae1/0x17b0 [ 130.926415][ T5928] ? __pfx_process_scheduled_works+0x10/0x10 [ 130.932512][ T5928] worker_thread+0x8a0/0xda0 [ 130.937212][ T5928] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 130.943576][ T5928] ? __kthread_parkme+0x7b/0x200 [ 130.948546][ T5928] kthread+0x711/0x8a0 [ 130.952640][ T5928] ? __pfx_worker_thread+0x10/0x10 [ 130.958039][ T5928] ? __pfx_kthread+0x10/0x10 [ 130.962644][ T5928] ? _raw_spin_unlock_irq+0x23/0x50 [ 130.967862][ T5928] ? lockdep_hardirqs_on+0x9c/0x150 [ 130.973084][ T5928] ? __pfx_kthread+0x10/0x10 [ 130.977692][ T5928] ret_from_fork+0x47c/0x820 [ 130.982316][ T5928] ? __pfx_ret_from_fork+0x10/0x10 [ 130.987450][ T5928] ? __switch_to_asm+0x39/0x70 [ 130.992237][ T5928] ? __switch_to_asm+0x33/0x70 [ 130.997020][ T5928] ? __pfx_kthread+0x10/0x10 [ 131.001677][ T5928] ret_from_fork_asm+0x1a/0x30 [ 131.006927][ T5928] [ 131.010239][ T5928] Kernel Offset: disabled [ 131.014578][ T5928] Rebooting in 86400 seconds..