last executing test programs: 3m47.53994328s ago: executing program 32 (id=30): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0x2e, &(0x7f0000000100)=0x6, 0x4) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ff8000/0x1000)=nil, &(0x7f0000ff8000/0x3000)=nil, 0x0}, 0x64) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0xc89d, 0xc000, 0xa, 0x20002f7}) r1 = syz_io_uring_setup(0x1593, &(0x7f0000000100)={0x0, 0xe5dc, 0x800, 0x1, 0x2f0}, &(0x7f0000001980), &(0x7f0000002c00)) io_uring_register$IORING_UNREGISTER_RING_FDS(r1, 0x15, &(0x7f00000001c0)=[{0x0, 0x0, 0x0, 0x0, 0x0}], 0x1) recvfrom(r0, 0x0, 0x0, 0x32, 0x0, 0x0) 2m37.789037292s ago: executing program 33 (id=444): mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000003, 0x4031, 0xffffffffffffffff, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r0 = syz_usb_connect$uac1(0x0, 0x96, &(0x7f0000000740)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x84, 0x3, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{}, [@selector_unit={0x7, 0x24, 0x5, 0x0, 0x0, '\x00\x00'}, @input_terminal={0xc, 0x24, 0x2, 0x1, 0x206, 0x6, 0x4, 0xe80, 0x5, 0x9}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x8, 0x0, 0x0, 0x0, {0x7, 0x25, 0x1, 0x1}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_continuous={0xb, 0x24, 0x2, 0x1, 0x6f, 0x2, 0x0, 0x1, "8b7e", "8e"}, @as_header={0x7}]}, {{0x9, 0x5, 0x82, 0x9, 0x10, 0x0, 0x0, 0x0, {0x7, 0x25, 0x1, 0x81}}}}}}}]}}, 0x0) syz_usb_control_io$uac1(r0, &(0x7f0000001100)={0x14, 0x0, &(0x7f0000001040)={0x0, 0x3, 0x2, @string={0x2}}}, 0x0) syz_usb_control_io(r0, &(0x7f00000021c0)={0x2c, 0x0, &(0x7f00000002c0)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x44c}}, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000980)={0x84, &(0x7f0000000400)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 2m26.571673271s ago: executing program 34 (id=505): timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f0000000040)={0x0, 0x0, 0xfd8b, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000e, 0x20c44fb6edc09a38, 0xffffffffffffffff, 0x0) r1 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) fcntl$lock(r1, 0x410, &(0x7f00000000c0)={0x1, 0x1, 0x1, 0xfffe}) fchmod(r1, 0x50) 2m21.969610239s ago: executing program 35 (id=452): socket(0xa, 0x3, 0x3a) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004041) r0 = io_uring_setup(0x1978, &(0x7f0000000040)={0x0, 0xca72, 0x1cc90, 0x0, 0x20002fb}) r1 = socket$inet(0x2, 0x80001, 0x84) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x130, 0x0, 0x5, {0x1, 0x0, 0x0, '\x00', {0x9ca7a16b958dcf33, 0xf602, 0x3, 0x0, 0x0, 0x0, 0x2000, '\x00', 0xfffffffffffffffe, 0x0, 0x1ff, 0x0, {}, {0x5, 0x2}, {0xfffffffffffffffb, 0x4}, {0x6c0}, 0x60, 0x0, 0x8006}}}}) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000300)=0x8) fchmodat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0xfffffffb) io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0) 2m5.756504997s ago: executing program 36 (id=591): unshare(0x8000400) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff7000/0x4000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0, 0xfffffffffffffee6}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24040045) r0 = io_uring_setup(0x1195, &(0x7f0000000040)={0x0, 0x2150, 0xc000, 0x3, 0xc4}) writev(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000001480)}, {&(0x7f0000000100)}], 0x2) io_uring_enter(r0, 0x2219, 0xcf74, 0x16, 0x0, 0x0) bind$can_raw(0xffffffffffffffff, &(0x7f0000000000), 0x10) r1 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8) 2m3.19294593s ago: executing program 37 (id=537): r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) setns(r1, 0x24020000) mount_setattr(0xffffffffffffff9c, &(0x7f0000000180)='.\x00', 0x8000, &(0x7f0000001dc0)={0x200008, 0x0, 0x100000}, 0x20) r2 = syz_clone(0xb21e0000, 0x0, 0x0, 0x0, 0x0, 0x0) pipe2(0x0, 0x480) r3 = syz_pidfd_open(r2, 0x0) setns(r3, 0x24020000) mount(0x0, &(0x7f0000000000)='.\x00', 0x0, 0x1854474, 0x0) 1m53.469996138s ago: executing program 9 (id=661): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfa, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3) sendmmsg$inet(r0, &(0x7f0000001740)=[{{0x0, 0x0, &(0x7f0000001dc0)=[{&(0x7f00000000c0)="91b8a91fd3108691bbc4173c3d6f357d027273117b3d0f171ba4ac4703cad036e68907e50e9997cd9c07bd75e6ff", 0x2e}, {&(0x7f0000001c00)="4490137c227c56ee66c372f3105eb186dd8062fad2d5b5bfb0ba068e74a8d026bd209da8ffa6a26e3b3f8075704a9d0ef9afda48e71255a747b6d03097385fb05cf8db24609f02d34e76992c9df9fe6888c6c9a4825c6223be6ac54536025af1dea54e527c68b0", 0x67}, {&(0x7f00000003c0)="641a6a2b863c0dd898013a3f97a834ebb75a925ab48c844221841a232932fc2e37e327de21450df098c113e179a0d340", 0x30}], 0x3}}, {{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f00000021c0)="d317b0ddf805c029d66c50f61f6e1b90bd02c1c2e324ab02219e3cef175c99254ff1c10c27155c41bd5cee7a3663ed4a127c6c18ebb7a51008a0053ac96edeb5843d7b59b6c02532b26ca1c490d9b8113cbdbe99a123e3d5335c531c1c50b15be67220f38338a1e7c494acc2da3b410cf4cf7129cbb5faa24dd84e800249b234bdb2e91f3af98057ad0674eff7875169861ce6274b379522d411d3766aa7de767671efa60a1fb949feae7ec37efdfbcf1afd4d5cf86a0f9ae55644480d6a5e735b84303583d6c2534badb3981b5448037697faa59cc666dd9ac5c7d019b47f102d78fcc0f1b609fdc51fd8d0ff81d918cbd51e9215d34ed61bd9b1bdc7afd86dc924080a278f4a7c1031bd8c64d14781e109678224f0af3631ca72a0f9c1da8d03e2f9fda9368b50f087578e25371749e0ba68e30e020b44de5ce89e0ee0bc6f843647bed3295d40858bc264defce7e12a15aea29c34861634a2c6768676349fdb9496607461a6d87cf9ae33a1bb2227a97c80a0442a79f5e268a06751322cb161d0d952368dd4c7eae22466981250b4a6de41b00e121a01b26b23bb1804c7f2d92834965cd55f0cb95d60be7dec94b05ccd6ca29191bbd26ac4241fedbd649806a3a904381bbf5e13a25cc40161c73daa80a01d682cc0ed95e15d2ad32d87b4eb88d8240dcd2e6e935d35f7229b3fa299c036276924cf034f4187516b4246a6591ff2f9a32a7ea652741703b3a4aa4de4977d61078ea09962ce6435b65ff94de3eb1248c8e80b9d146e6c09e5d1e639285b9b162c6cf08ec8e86cd865522f5af1a76b8a1cd8672d5367c90310016f806b42512891c2c11110b44abf6dba45bbf8daf3a6a85c5d5d838499e5e5a207f2a29d577a841f64c876b8e9c58f3be172196b89a7b5a16b3751d1e2d7ca3e7c3e2dcde8c50adb9edd67ef1deed476c8d5f22137f8713344cc6e532fb495d11504b097c1d6ba40aa93680d7a7d0f2e477a237cc1efdb32797f661686ff5b2ec9586777cc74b932be0d3761235f0db39685f0949fdb16e9846df40ad054b224960ed0d2af235ba3f0037f66d39f9e0012b51388674147236ecdb1cd04064e661160a4a67bea64b2c564fd96bd246e121806d114cd0038cae1eb4715667f89ff626fe5dd91ae0f2ec6a563db3f86be65e213b1241c8ccd356ab6ada1b96b593f6bfb2f103a805d6bae8306042591b2e96f39a4734c78b7db3fd142cd41af90b53c26c4605d189757938e27f52493a7bf2f0ad49b9a00b0106f554fcd470efca784c12c824f97aac1e54a943a6ff0b787ae0075748cbcee681b23682954fbebbb58f3eaa0c3d32cf749796f34cab62bca70f19846f736376118278d16411b383255f0f6a31c061a55285ce7077ed83187df2a2941c902028ef9a8f05cc8bb725e673c633145aeee31ea37d917c6e9597a17703705690cf9bbafaa60df25518b32b16e82802bf8d203f5d891d6edf2c3b3fe17034dabb3062311d8075a5bbe86364f", 0x42f}], 0x1}}], 0x2, 0x2090) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4) sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0) 1m53.096429209s ago: executing program 9 (id=663): socket$alg(0x26, 0x5, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x3, &(0x7f0000000040)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r0 = syz_io_uring_setup(0x44cd, &(0x7f00000004c0)={0x0, 0x5331, 0x10100, 0x1000006, 0xfffefffe}, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='8'], 0x38}}, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_queued\x00', 0x275a, 0x0) write$UHID_CREATE2(r3, &(0x7f0000000180)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}) io_uring_enter(r0, 0x2d3e, 0xec84, 0x0, 0x0, 0x0) 1m52.584416119s ago: executing program 9 (id=669): setxattr$security_capability(0x0, 0x0, 0x0, 0x0, 0x1) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = syz_io_uring_setup(0x239, &(0x7f00000004c0)={0x0, 0x142b, 0x10100, 0x0, 0x0, 0x0, r1}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r0, 0x0, 0x0, 0x0, {0x3010}, 0x1}) io_uring_enter(r2, 0x2ded, 0x4000, 0x4, 0x0, 0x0) r5 = syz_open_dev$admmidi(&(0x7f0000000140), 0x20, 0x0) readv(r5, &(0x7f0000000400)=[{&(0x7f0000000380)=""/128, 0x80}], 0x1) 1m51.549107504s ago: executing program 9 (id=675): syz_mount_image$ext4(&(0x7f0000000b80)='ext4\x00', &(0x7f0000000bc0)='./file0\x00', 0x204001, &(0x7f0000000240), 0x1, 0xb9f, &(0x7f0000000c00)="$eJzs3E9vVFUbAPDn3k5LS/vS8ubNqxATmxjUaBwKJZiwAtdGTXThktpOSdPhj21NbMOi4F5dGOOCxPARTNzLxpWJC1wofgJiJIboBliMufOnjEyn1DLtgfL7JWfuOXNm7vM8c2HuucncBvDUGi8e8ogDEXE6ixhtPp9HxEC9Nxix2njd3dsXp4uWRa327h9ZZBFx5/bF6da+suZ2uDkYjIjrb2Tx30864y4ur8xPVauVheb48NLZC4cXl1demzs7daZypnLu2OTrxyaPT072sNabFz746rmf3nrx8tVPJ97+ct8PWZyMkeZcex29Mh7ja59Ju1JETPU6WCJ9zXra68xKCRMCAGBDedsa7v8xGn1xf/E2Gt//nDQ5AAAAoCdqfRE1AAAAYJfLXP8DAADALtf6HcCd2xenWy3tLxJ21q1TETHWqL91f3NjphSr9e1g9EfE3j+zaL+tNWu87ZGNF5G+/bFStNim+5A3snopIp5d7/hn9frH6ndxd9afR8RED+KPPzB+kuo/2YP4qesH4Ol07VTjRNZ5/svX1j+xzvmvtM65aytSn/9a67+7Heu/+/X3dVn/vbPJGAfvvXK921z7+u/9z36dKeIX20cq6l+4dSniYGm9+rO1+rMu9Z/eZIzh6ZtXus0V9Rf1ttpO11+7GnGovprrrL8l2+jvEx2enatWJhqP6+x/+fjG8duPf9GK+K1rgZ1QHP+9sbXjf2GTMcae+f1At7mH15//NpC9V+8NNJ/5eGppaeFIxED2ZufzRzfOpfWa1j6K+l9+YeP//+vVX3wnrDY/h+Jfz6XmthhffiDm8KGj32y9/u1V1D+zxeP/+SZjfP3dlQ+7zaWuHwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAnQx4RI5Hl5bV+npfLEcMR8b/Ym1fPLy69Onv+o3MzxVzEWPTns3PVykREjDbGWTE+Uu/fHx99YDwZEfsj4ovRofq4PH2+OpO6eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANYMR8RIZHk5IvKI+Gs0z8vl1FkBAAAAPTeWOgEAAABg27n+BwAAgN2v4/q/9I/R4E7mAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwK60//lrN7KIWD0xVG+FgeZcf9LMgO2Wp04ASKYvdQJAMqW2fq1WqyVMBdhhrvGB7CHzg11n9vQ8FwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeXy8duHYji4jVE0P1VhhozvUnzQzYbnnqBIBk+jaazHYuD2DnlVInACTjGh9oLPXv1Ro65we7vnPPdqYFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwGNmpN6yvBwReb2f5+VyxH8iYiz6s9m5amUiIvZFxC+j/XuK8ZHUSQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANBzi8sr81PVamVBR0enh52heCzS2HIn9TcTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAApLC6vzE9Vq5WFxdSZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKktLq/MT1WrlYVt7KSuEQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAdP4OAAD//1rfDrQ=") r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340), 0x401, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) write$cgroup_devices(r0, 0x0, 0xffdd) r1 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) write$binfmt_register(r1, &(0x7f00000001c0)={0x3a, 'syz3', 0x3a, 'M', 0x3a, 0x1, 0x3a, 'usrjquota=', 0x3a, '\x00\x03!\f\xee\x998r~\b\x13\x89\xae\xf1\x06hz\xcc\xd6\xbb\xb8\x19\x90\x9e\xdb\xa2F\xfa_F(\x05\b\x13\x82\x12\xad\x0f^\xdc\xf2\xb5', 0x3a, './file2', 0x3a, [0x46]}, 0x5c) r2 = fspick(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r2, 0x7, 0x0, 0x0, 0x0) 1m51.001326358s ago: executing program 9 (id=680): r0 = socket(0x28, 0x5, 0x0) bind$vsock_stream(r0, &(0x7f0000000040), 0x10) listen(r0, 0x0) r1 = socket(0x28, 0x5, 0x0) connect$vsock_stream(r1, &(0x7f0000000080)={0x28, 0x0, 0x0, @local}, 0x10) write$binfmt_elf64(r1, &(0x7f0000000240)=ANY=[], 0x40000) r2 = accept4$unix(r0, 0x0, 0x0, 0x0) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) recvfrom$unix(r2, &(0x7f00000007c0)=""/247, 0x3, 0xc2, 0x0, 0x0) 1m50.241892182s ago: executing program 9 (id=685): r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f00000083c0)={{0x0, 0x2, 0x80000001, 0x0, 0xfffefffc}}) r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000380), 0x101040) ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f0000000300)={{0x0, 0x2}}) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000600), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f00000003c0)={0x9c9, 0x0, 0x0, 'queue1\x00', 0x200000}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r2, 0x40605346, &(0x7f0000000280)={0x0, 0x0, {0x3, 0x3}}) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x2, 0x7fff7ffc}]}) close_range(r3, 0xffffffffffffffff, 0x200000000000000) 1m49.782866735s ago: executing program 38 (id=685): r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f00000083c0)={{0x0, 0x2, 0x80000001, 0x0, 0xfffefffc}}) r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000380), 0x101040) ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f0000000300)={{0x0, 0x2}}) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000600), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f00000003c0)={0x9c9, 0x0, 0x0, 'queue1\x00', 0x200000}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r2, 0x40605346, &(0x7f0000000280)={0x0, 0x0, {0x3, 0x3}}) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x2, 0x7fff7ffc}]}) close_range(r3, 0xffffffffffffffff, 0x200000000000000) 1m47.422716737s ago: executing program 6 (id=699): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) listen(r0, 0x2) r1 = syz_io_uring_setup(0x6440, &(0x7f0000000080)={0x0, 0x0, 0x10100, 0xfffffffe}, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, 0x0, &(0x7f00000001c0)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x40, 0x0, 0x3, 0x1, 0x0, 0xce}) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r4, &(0x7f00000001c0)=ANY=[@ANYBLOB='.'], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x11, r4, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x55, 0x2000, @fd_index=0xd, 0x7, 0x0, 0x0, 0x0, 0x1}) io_uring_enter(r1, 0x2d3e, 0x0, 0x0, 0x0, 0x0) 1m47.22419761s ago: executing program 6 (id=702): r0 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x28, 0x3, 0x6, 0x5, 0x0, 0x0, {0x5, 0x0, 0x1}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x28}, 0x1, 0x0, 0x0, 0x4000}, 0x20044000) sendmsg$NL80211_CMD_SET_MAC_ACL(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000380)={0x28, 0x0, 0x100, 0x70bd2b, 0x25dfdbfd, {{}, {@val={0x8}, @val={0xc, 0x99, {0x1, 0x24}}}}}, 0x28}, 0x1, 0x0, 0x0, 0x4040845}, 0x1) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r1) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, 0x0) futex(&(0x7f000000cffc)=0x4, 0x80000000000b, 0x4, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f0000000000)=0x1, 0xd, 0x0, 0x0, 0x0, 0x0) futex(&(0x7f000000cffc), 0xc, 0x1, 0x0, &(0x7f0000048000)=0x1, 0x0) 1m46.222030034s ago: executing program 6 (id=705): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000005c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x44, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x10}]}, @NFT_MSG_NEWSETELEM={0x40, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, "d103"}]}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xac}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETSETELEM(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)={0x2c, 0xd, 0xa, 0x301, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}]}, 0x2c}, 0x1, 0x0, 0x0, 0x24000801}, 0x8000) r2 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec25, 0x400, 0x3, 0x190}, &(0x7f00000006c0)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000600)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1}) io_uring_enter(r2, 0x847ba, 0x0, 0xe, 0x0, 0x0) 1m45.546155631s ago: executing program 6 (id=712): syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x3000044, &(0x7f0000000100)={[{@sb={'sb', 0x3d, 0x1}}]}, 0x4, 0x55e, &(0x7f0000001bc0)="$eJzs3d9rW+UbAPDnpM1+f7/rYAwVkcIunMyla+uPCV7MS9HhQO9naM/KaLqMJh1rHbhduBtvZAgiDsR7vfdKhv+Af8VAB0NG0QtvKic9abs1adIuWzrz+cDZ3jfnJO95cs7z9n1zTkgAA2s0+6cQ8WJEfJVEHI6IJF83HPnK0dXtlh9en8qWJFZWPv4zaWyX1Zuv1XzewbzyQkT8+kXEycLmdmuLS7PlSiWdz+tj9bkrY7XFpVOX5soz6Ux6eWJy8sybkxPvvP1Wz2J97fzf33509/0zXx5f/uan+0duJ3E2DuXrNsbxBG5srIzGaP6eFOPsYxuOr/7XizZ3haTfO8CODOV5XoysDzgcQ3nWA/99n0fECjCgEvkPA6o5DmjO7Xs0D35uPHhvdQK0Of7h1c9GYl9jbnRgOXlkZpTNd0d60H7Wxs9/3LmdLdG7zyEAOrpxMyJODw9v7v+SvP/budNdbPN4G/o/eHbuZuOf11uNfwpr459oMf452CJ3d6Jz/hfu96CZtrLx37stx79rF61GhvLa/xpjvmJy8VIlzfq2/0fEiSjuzerjW7RxZvneSrt1G8d/2ZK13xwL5vtxf3jvo8+ZLtfLTxLzRg9uRrzUcvybrB3/pMXxz96P8122cSy980q7dZ3jf7pWfoh4teXxX7+ilWx9fXKscT6MNc+Kzf66dey3du33O/7s+B/YOv6RZOP12tr22/h+3z9pu3WPxB/dn/97kk8a5T35Y9fK9fr8eMSe5MPNj0+sP7dZb26fxX/i+Nb93/r5/8va6+yPiE+7jP/W0R9f3tdN/H06/tPbOv7bL9z74LPv2rXfXf/3RqN0In+km/6vw34VY8dnMwAAAAAAAOxehYg4FEmhtFYuFEql1fs7jsaBQqVaq5+8WF24PB2N78qORLHQvNJ9eMP9EOP5/bDN+sRj9cmIOBIRXw/tb9RLU9XKdL+DBwAAAAAAAAAAAAAAAAAAgF3iYJvv/2d+H+r33gFPnZ/8hsHVMf978UtPwK7k7z8MLvkPg0v+w+CS/zC45D8MLvkPg0v+w+CS/wAAAAAAAAAAAAAAAAAAAAAAAAAAANBT58+dy5aV5YfXp7L69NXFhdnq1VPTaW22NLcwVZqqzl8pzVSrM5W0NFWd6/R6lWr1yvhELFwbq6e1+lhtcenCXHXhcv3CpbnyTHohLT6TqAAAAAAAAAAAAAAAAAAAAOD5Ultcmi1XKum8gsKOCsO7YzcUelzod88EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOv+DQAA//8Kozfs") open(&(0x7f0000000200)='./bus\x00', 0x14507e, 0x1) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1c10, 0x0) r0 = open(&(0x7f0000000400)='./bus\x00', 0xc40, 0x0) ioctl$BLKROSET(r0, 0x125d, &(0x7f0000000080)=0x3f) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) fallocate(r1, 0x0, 0x0, 0x8000c62) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143041, 0x0) pwritev2(r2, &(0x7f00000001c0)=[{&(0x7f0000000080)="ff", 0xfdef}], 0x1, 0xe7b, 0x0, 0x0) 1m45.007577688s ago: executing program 6 (id=717): timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x7, &(0x7f0000000040)={0x0, 0x0, 0x8000, 0x3ff}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{0x77359400}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) timerfd_gettime(0xffffffffffffffff, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, 0x0) futex(&(0x7f000000cffc), 0xc, 0x1, 0x0, &(0x7f0000048000), 0x0) 1m41.799103927s ago: executing program 6 (id=724): r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x6) fchdir(r1) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x89901) move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) unlinkat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x200) 1m41.199860859s ago: executing program 39 (id=724): r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x6) fchdir(r1) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x89901) move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) unlinkat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x200) 1m30.813984641s ago: executing program 7 (id=767): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000200)=0x474c, 0x4) bind$inet(r0, &(0x7f0000000240)={0x2, 0x0, @local}, 0x6f) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x300) setsockopt$inet_int(r0, 0x0, 0x12, &(0x7f0000000000)=0x40, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f00000018c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001900)=@bridge_delneigh={0x1c, 0x1e, 0x1, 0x0, 0x0, {0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4f8681ad252a8e23}}, 0x1c}}, 0x0) recvmmsg(r0, &(0x7f0000000040), 0x291962b, 0x45833af92e4b39ff, 0x0) 1m30.105933393s ago: executing program 7 (id=770): mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x1) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) chdir(&(0x7f00000003c0)='./bus\x00') r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='smaps\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1, 0x10012, r1, 0x0) read$FUSE(r0, &(0x7f00000005c0)={0x2020}, 0x2020) 1m29.728359688s ago: executing program 5 (id=758): prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, 0x0) chdir(0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0) r1 = creat(&(0x7f00000003c0)='./file0\x00', 0x2) r2 = fanotify_init(0xf00, 0x1) fanotify_mark(r2, 0x105, 0x40009975, r1, 0x0) fallocate(r0, 0x0, 0x1000000, 0x3) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r0, 0x0) 1m29.728145937s ago: executing program 7 (id=759): sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4040000) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = socket$inet6(0xa, 0x80003, 0x6) connect$inet6(r2, &(0x7f00000000c0)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) sendmmsg(r2, &(0x7f0000000480), 0x2e9, 0x1f4) 1m27.651581625s ago: executing program 5 (id=764): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000240)=0x2, 0x4) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c) r1 = socket(0x11, 0x3, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000005c0)={'gre0\x00', 0x0}) bind$packet(r1, &(0x7f0000000180)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000240)=0xe9, 0x4) sendmsg$netlink(r1, &(0x7f0000002ac0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000280)=ANY=[@ANYBLOB="02017c008cdc18000e3580009f000114600000060600ac141414e0000003808a8972bd0b72e41082b1a3d2061fd7fdfe4b88942a31f48597e36e039b1c599db6e466749c2d4c8303a0f7fbda34fb8825f80200e3c0ab42e32a097dbd4be5ffca88faca"], 0xdd12}, {&(0x7f0000000000)={0x10, 0x29, 0x300, 0x70bd28, 0x25dfdbff}, 0x10}], 0x2}, 0x20040011) 1m27.24986572s ago: executing program 5 (id=771): mkdir(&(0x7f0000000300)='./file0\x00', 0xfffffffffffffffe) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f0000006180)={0x2020, 0x0, 0x0, 0x0}, 0x2020) syz_fuse_handle_req(r0, &(0x7f00000081c0)="92756f43b31ffe542788ef586b7c5a344424e3acac2590be6bbe37adface4a8f2e534ffe76a83a93f0b3680a72fddfde83f96d01982384e8d689219cb9669b14dbaa1b799f82ea1fc926126a4163618e16d4f94143a4e0f27c44fcef3920a0b3805ed4e78098d8689cc7791bd86648070718d238664332948d87866c8d2590fc0f017f9853abd9ed60b99f1aa6ae2dbd24ab6dbcebdb055246815ace147cc50fa3b2861148fcda374d5b203e51d72c45e4dde3e9ee9a47ffe458baf7bb49035135a8194aa1f0a83fa2abed56398f90daff679634619453f533f22583a6e0a4dc09e9de46684d5e0136e229510f3702cf3a4cd0065d3e5d3c419e38a80b070ca55010e082a9c510fd18cc0b26bb5e8e459e747befbc5c6b60ace80bf41417b7b78cf57e5b3984f0cdddc615c5e0000454d3f4a196fb6d18aa629cf0b0245f95ba958d86dc175616f8cd3ac473057dc3a5ff7107973326350107f4468e7ecd48d689b82c12d22ae5f1858302a1b4cfde8fd347a99ddcde40d1c49d9b5099fbccf09e782212be4b2ce36a2bc3c9ee794abffe72a5501e6c4f3f7f68b74761ffd6620609224a3bf11f655dadb5c8a5813b02fb46830e9ac6825f5d0e89910352eb3a58c0dd82d094f94dd2c85666f684a8f437bbd0e66b9f4d366117b67a054d212c4fbc287848cb0578391335d5d616b14d99a2e3df8e8a152d5de99bcefcaab5bb5cc71f3ddd66b379c104648e190e0b28a180d3aecc5423575d4ba7dbf31215c717da7b87dd454b6efcd36c91aaa631127f5bd88723d221752f102bc0c7ac6c5c7a1ad6747af40d01b6d39eab7b0e1292b44683c586386ad00acf60fb8f9bac551a6eb5bab7317b5d89f64db10bd9018dfa6d65d93862e851afbc30fd70fe5f0de322462045177231852ca80e4e78da4fea0c79ba354333026c8bc77d308a8d256a19ec45d2088c196691d3f9aac28ded36004a65ee1ce49ba9599ceee84534bb61d02d04a6732f1e27d72962f74b59f3522bf844c5022986d55934e48b8681b7f5b7532391448caeef00315d28320a46d8bd7813544e1e4bf994e14a519c2654ff20b42bdb69c262897e28eca528f0999840b00ed8256597d27cfc20d71d5f40d0bbca759f7594c6034aa1e16a84ed152fad0fdc1c303a7f61225712714f823afc5ea241d482d3585759623af8c97ca6a84a2033b3d7314ea0ef7ba9b288b362a294c92c8b9736829c16f61c5a1ee04aca965d71162292274595ea62c9c2918e8279c99f5d2830c617c58211fd7452330184b9428d5ec1d5cd75ddcc6de3326fdc70e891104b3b013c30ffccfaf3308d9671b01f6b080a930dac2052c6f39817a662121d90d40d6a1facfb50bec7d408030b6d0ae3e744f3bcc327c35dc43cf86b743db78ff2e593b19923235ed6467f299b08718fe1840c16a748935dff941150fb08b30573b37bf9af5c86cc8d9e229a832e4ef25ec91f71120f2b3e9062485976c280a2d172386029e2f2a4801197fca0a13514edacf5ddbac5a62e8bb13dd1572657a821a8739297f72e29239d1cdddf3e30cbe9af3141f2275ee4ae85d86ec888fe9a6751f252057e95b8beb055e276439581afee93cd44f1e92f70e5f725451d3ab662918ffbb1269509fbd511e95a00ec717f9d60d643864abd6ad1cc4dd7f933379a6078a86c2158db8076e7b660366fca7b1c46d09d2c8e67a6494bfb4c2c6750e76593895b5e2b2bc78093840c3c4a807826bc2750a96b4e1dd5b82b492bb2215518c92064d1763c37132604e52e73fac3f4511f791753aeecfbb19816e0da7a1bfbea9eeaa0f256eaedcb119a61f7d0ea0f5cd4969d45cb014800f2c888d5c2217cf0f69a7507779883b57352bb8883cc584891950d6e792537074f4fc4337aa19b9bf60e18edd939d289fb4a6b7aa6c66da20774e249ca4f779d3c910b1a9a8e4c38af6adecc87d5481d181fd66023ffff246f4e2556b218fe8110acebe20b1675f1de6f265b6d1d8514a53522396bf0e2f2b153c498e48b36d16f8b9bd56f45d7f5b9397d7f1339117a176d0bad0b68e800682416d3e18fe2197c7f8dc20600feb95cc6ba86ad47f113e159bd4389e30eab2874bd27eebc56020c4dab9973b13f3e82aa62a7e0a151d73de48cb811e32be63ffd303f5a6ea6f097ed763fbf36c430821e451146de79922348354ce285af0997bf3c66e6ef02942e24b8f1ccdd542f09cfe65c0da0094c0b5fd26bbc061538b41e5ed2cbb390ee29b10a4b7a696009e1b5b86c44c0a561a257c15415feaeb1433ea275ed6e4b228503fe71ee5942665164faaed6697112206be0fe7863aebd4bbe951d5dea1da294dba0793196385f4d5141c9d6c4b0fa22b2e200cfb70b52aca31655e71e5a576ccb8ccb5b1364748aa981edbb81a813b1aebc67be1f7619e7e197622d981280429f6ca5145c5b3b05e6bace9191e5c58fbf140f71f594cbfd4db0e9f6923f1758ff9464a61a720a5d4f09c622c3ce3f5d0d3a1d191111168108f41f12b16e9eaf3617c353715cd35260560cbfd0555d51ce5c40bbdb7c95ceaeadadb8902974de50b0863348183864f5ea682e678286a06a6f396af29a7c7fb33a3579e25835963612f3c0d4cf369d85959a0adeda94d35824050e6fba7f83f90867583f713d7783323c7010e94c9be331f860db395dbde6face5bfdb616fcefa9c6b01f6963daa840a31ff554a458c0c50cb5e09f91f54f63234589decaf45bbfbaef0dcbff4ae6e65ca26a530261c491ef8eb9a855a1d7463391c9b66be96cf24c3c321ee5a5bdc857f60b582683c6ae1e3775b62a9f19ff8fa51380ca8a2a3c6de79012f5727ba12025e7e6723a23a81e067ca6e54c7b38ff64880d235d21e7ee5258953dcbf9e2a962f006ca4ffe870859242c850cbae4222b3b72c4f86934379ba2ead1dcde906241b994d95c88355af5a9a30ace9c933a6942f341ad221dd825846a8fd44c03e2eaa9311c26e15a1bd7cbba961a22ef23d7ebba0e34cec5ef09b1ce72814a97e33bd29f3d9ec80a4f45d1d29486accf15c11f1a800bd84918e7626f678275d7c7acb02cc0e6e34bb766ba6b75c3ad14fca9352e09c3b69390c045cfc842ff9ade8ca693c07fadc7047a946e6e570c3afc5b501c964103397f5ddadc2d59a048348dd42f07cfe31bc9b5ae453f5086bb41bba4c8a3e518e30b0855184b053f923025dd72ce1bcbf41231978b34a8547c71d7313992165078903c61d312b0d9469413c9fd97ccdf0ea270fb6c47ec8861a1c8d909eeace761b5a06ba46e25785ff87f867777abb237c6c980687991f1ed0157d58492260c712cec34c1fc0962103955db4d5090b6e8409cf3c3c79d0e691cf4fbc0b2251a016dcd456969cd32e5429533bf0d6f8bda84c05f0e2040de8b53bfb8676eec4b76c3df6f46b1e43732035dda577e75f640777f6ae90fd2f1af42ba462dac732019c599bfef01acd6a0d4d1796bcb8f58519d6f9ad9a3206704a94d472516b988141f44ecd2e6f28a49aa0c449db87972fc995a97379914546ea43143ea2cf779a9cbe81f111fe89129db3610492164ab2598eca7e60d9a6963d8ba03a86729db86e420fd96d61b8fb11edc2b339b57a740074ae5b775eaf60cd85dc934e604bf2b4bd58ee01205b4df57ac20ff8db45a05982b579643882407050c005102a2e71f1e56dc76dbf5331112e83e48bfb5cf2a78a893190d78426175c162ffaa7278a43b9932318fc17fb8cb0dfac610b1ad235b91f9cb7623b155117e07f7b876a3c37627aa31eafed141cc0c5491c4f621a66b6d837a144d78719c46511c04a093cf65fce9fabe5bd6d499eceb63538ece3cf19053550a239bf978c08c879f9954485a4e3e0d5bedb84b407ced85c4dfc4d75af116815992c29f0bc927c4a990c38ae4fcc9feb90fec1b1b555e04d010423010855394d5ccfc8ed21164190cd8f83be5debb70290c3547f07e4dc42814f1e001798e6ceee2558b0c6ff8c1759f90269ee226131116332b99ac8dd104c92088e1f91ace3198c0f59bfb75c4e4a697660eed43a29c831a552de37fce6dce96fa51b6e2111f3071a4e94422d15e102e5f67da7ca6cae6bed7743ebffacb8a811a143605791d17232181a517e872f71262c3c73668f0ef83aad498f67fa26bae698cf78f24c2dbecd399a190e6b8d0684e929f2e8083765eb2c67793a1adbb89d36b58bfb197cdc5f3c894ac9d886e8f3b0936fabd233c09de8fab8099f72a74d908ba5c5e4d39790b0bf9e45b710f5587b7c937c76690c5c5fce621a53a9fd03b0a4ee6d8d1abbe2ed561820a77f12a08cad0755540ab6dd1604b7c30a8652995ab80b85e919011de9438a4637eb0291124ed4b745e782cff98510cb03be79c2a81351abf276584d75cdd96b9c97e73eb71000b3ab7c3c19c2cab4497298fcb3052b5d4503d05e7f310318be6f848547b1a4f4db82caee190801478be28065036aa4d91f290c1f396343e73a5fe8bb5ccf0a317177ed1f77acda1a4a49dccfcab8d1b5d79f015f788b6d5e9f8228a8bcdc0696e6b19f5edffbcd7e9509c87fbe1f726b93bf8c6d8d37428763e142560c46c9e894f7317859000c25abc4f3691ebcd020171e0d4911b5d97a238109aedeb00b2eb475c1e7b45175f8aa85193b5c0f43b434c15de01610c4d022646cd6e3637f349a434a77f571ac1c5d698452d1b991e267f78dca5e592ecd31ccafcad84e4e98d134b4adc525b81bd6843428883023a6ea407201738c8bf16b541ff7280274a34d4cf14819f2dbae167ca0cae8471c495e006b45194ad91c4516f21cbb10e0d26fd5d734cd7725df5b3fbe92955f4a9bb3b9b813aeeff79d6ed5db92def19d060a208c3ec8c42c110786f1e1496c50a7249b03fc792764366894a35320b99d0bef9fd0b6a246c36a357c6b985dc83a37a8d9b8b9ad643dea94860cbe763bb73cc8422b69d4d12332242c8954075fb7117a6679638073617abcdb4619855b2036af160647f66b3531645a3bf047ae290d6ae2249f114e7a8464278bae1486022bcc7c37390c8d9a0efb0e1cfa0da8ef7a5e072f99a47ecc75e4e442880375193db49bb82ba34901286ca473ed5b63e4048db4dc455e74b3fdd2e7898ca3f4c3a02d435cde6141eea645055123a7dcf0d22057f8d425701afc55859f5147954e719d58c7486b1e02ac16cb799b77632c66bb78e6e52e11017c1736424fa4d433f1e19b4c881d23f0b2a12d5fae3ae24339088088d9b496ad97bd9f6e20a8597d1452a0c72dcf43dbbda8f18166585c06d21fbffe5fe7b55f71c9b9f1b34a02bd05ca63c7c1b1bebbb9dd24fb10291b04c665d45154dd28b85d821ce7e613119128996785e1006a8dabc4899b10d2671107d5a0658ed363b9d4b39d02f8cc5e350fbf0a31048adecd1f9e2ca749bd86f195eb48e9b4605f050de03d642940d79184618f7f88a9a0a4683ad84d6134e395305bc1d4d9d17cc334b97653529d6682a87a5fac80a6d46d6e72fc22e58be7b8f8617b3372ef2622110ab1ec448717118b257acffe55d18c7855e9e8710ad977a6792b2315a189eb4468c68641e9b60c0dab7016ac1ad63cd8004b6eca8fc88b1e4263acc00499255c16b11487a0af858075f9c892dc8044c4146e5a5677c4a2cb24bde5e078985020d4ab1e4c87492e76b7e6f4bbd71d84bab1885c9702849e70cf728776b1a94c2a8fb8c7ca01b6111ef6f2032a290949bfe473fe215273b8b5b3ad540f187490f63077dccbca6f62f0a7a66717c596cdef412f2560b10685ede967b3ee68b8c951959aeb1d7564c3b9d806b2ce858381393a79916b78f7e90beadae30ffc0b2b614380f1c2cc551a44565209db3516be379ef566ab00c673fd8aaeeecdcf1168c1960e9a477b9e13757498a44ff089351d1f27abf9fd76816f924504647d1247715ca861ebe624172c322146d66eb2b247f8ecb3e1b5ddca89b287c57510cec40fcf89d802cf4368a861af320e01e34f7a6177d4bc549181b5e87ecdfe02f78c9a59a3bf91ebb6364023ec06410e7b4476ec4e3685bfa3bfe9ef9ecc12dcd899abe0f3c7f16b4686801c0c0a949aa26bed57df56f2bc54ef19af7fcbc7b0d691075f42a4a67acf980b568acb2342f42249f7c1ee3527c13182b096064ecd250887a942d26f637e1c4041b139659d2462a68680bb04387a3b399e396b9fe74de10356125fa47d0a20827370cbf36a79b6fffade91c439dd6cfff4bbe0dd3efefb61c491ee32f935d62307cba369ac8c20f6fe3d4857ce6d240ece5e4d149f0587155a8350fcc18efae2ff11cdbe15218a82499a1996df8b5462ee170b284321e76bbe5c3f4158387644d95f087c598e3d46fbe27f63fa784bda239512113424045a2c5dbc6bc3662ca730a86d13cf8f6fe2743224ca7b535caf6b4701a7dae9cfad3d7290104bbba15b6a064ae6e909a099f75fbe47c9e654d8e3b8dc0f3dbffe829e6c56f7a241e565136812a857f59ab565a9991c6b1d8abcc94c6b33bba314f6e5060e657e4647f969a551dd6c51dfca0ff5d9e4f401fedbc2c927eb1ed95ef25f4e5accba4999322ba1539499310dd5875433a22835cfd42fd77fd4680b7fe767d7aa5c33acde04a65bd3a663fcde4c80e9f2af498f13bf9abbaa1c1265edc691e94abdcc92270c05811cd2a8104eb18efbfec9e4ba9ae5cde211b9b93082ce034b6cd5fbe9cfbac4f7e2404ef159766124f73017cc3600f3c81cd78db25fc3459629eaf20dfdb062c7e502aa69412381d847a9d254d5befc451cda3606f0bc8ae62e0aee928f9ed0b21d705a8d31b899e16445ee064563d32f7b6bb5ad197023cf528d9b329ec67815c6ddf27d2a6ffa7328bb993407cde3d166159fd49fe469254b84c2916daea8df9d69bef019f1351b9bce193e30278835b82ea5f60dc0bdd7f7452b7a820ae7cd6dc29d7ac6a6c1b6411711a96338b1e769146b2a385d282bfaae61b041166efafab2d89a4567b9460cc22d752f8e9aacaaa0db7c84879f5359662d55df6570d4214740851c74574ced733807cbb54571110410892394c3dea07bd4154d0e5689d57c3360207dac951f96a358e9c466a5c5113f3a632e184f57f075edef4dcc9721b963beb95df09dedf848260cbc1ebfdc7408218eaba6d2c51928cd37c4c0c9f321fbb0994a56947cfd9643056db5dbea60a241f8f004c932bc8e645b2ec2eb9bc4e9e2f4156293234d05e70cb26b8a370b0206c756bda6defc11c5eb386640f535a4ffb714168defc6d82f40d8f5ba8768537ead5773c53bd779ca899a2dd31c9138569ff5107c2fb12b804375c3b3dc9b828bfd550328adf358f71e86a0c49fb119f5ef9e06c13855cbfc7d1a62ca2ea655ed912a6dc7bb8b18656e8923fc7a1702ab36947d79384d681c31923e98cf40209f776bc2b219a7ccd139e756a905aa351e6eaae90770c8a193f96cd5c66e4d77a357985556e14333716d80204a5c390e0d76f4081afe917f99ad8a0976b3342f51854b374b4baa9a7f22124d2b82749446e30d9795acb9c3c3a305a6d273ac528e8e9c95c37a78e765fdda55982c2961fbc85a14fc095a78b4654ee6dfc3298749a639ab9c8e155af3a77f8a409ce174532a492ef550a140f774d77d732b3b4ca5bc41fa4488ce5957ce219b032ae1f585273748d81b19edcf3e6cb9a93ec24e41c6b3c472f9baf3ca46cb8b9a91df18acebe7d83bd4473750c4f26806da2f95b9ea48b342460af729ab15e9f033eda67feec645f985d4b9489cf6ceec1b100d007bf46c74be53c7ea17296f9c5b5cbae736491213c93b513009ebdecfcd60d46d7b86c6e3b5e288f2ba5867c07936e7bd1b00de52191eb8630ff82ccafb27a59295164751811bf74eff1e5e2abdf3c93bc5dc9814be83b2562477935e2fa30db7ebb6ec380170cf10c1f98f8c5eb71c730c2b31b55a1dd1c12a64802ab95b63c529e0a96cec8f38680221d6089926d8309796c79994d63b67bfb62f66b4a502f30ed12be41e896e88bc45a160a526fbd5f002e677322f116ec5740d7563cd23ee853c008b84998e38fdf158556e28a532573956e7c00f91f08ca245c295a3d5e003a99ea727f61d12893b435d4c8f2f5cce00c6a3091e2a47f290c07168975c53d7529b71d10faf42d2bac9db8d53669cf59c709c25e9e40b5feaed4c37dde8b84c4961c00712326fb6aaa06e80d766b40b72480f3971def61d1d129676df2478e778d899ed317426ec33e496d1fdd2ec27128f8faee92828e13da72d6aee8330a7988ea1cc8b64ec4d8b20990864c16c52c4be6d00b304b87d97bffdd9c66a740b517223089d9f3f414abedc53c768dab9220b980e6c18d5f20ba8994cc8886d7bdee213442f456d79fce1b1eb48fbf600a666c8ade24d118e6328251cf7b57a6285c650e019850f392b1c29aec5c8fc489a3819d60d5de377d4c11b8ee5625b7c02c5d50d2af3397006f2e2a41a06f039229eef5878ed91f9f6be7e988924dbaeb8455f616275e8698d93fb536e2c839b203aa69bceceddbf9c53f8addba53d50ca0f7a4729a42ac6eb757f1b408ad4a0147546173e62f7621eb18a9e1681510cceb48e0a30ab7a1bf71d56742d5f034f2d725e7ea68a011dbb100fa6eefe4ee093873de366d34f4240ca027a25c5b979c9ac47dd1dcb6ed82c4aee09dcc23cf329a8644f89b5cf00e5683934b1837574e9b39b31b1009f276e15aa040959fdf100838ca3f5ab17e45036668d06044e3a13f3a0a6f68579e50d5b0164f900d7bcfcde78396cf30f0b1dff76dc397ab1a5a44b207eb1eaaf73b945c575029ae2dce20724991e6550155ded6a42672609f2439c5aab4882b2ffaf7da787b71d05d15516bd68c6f1a9d79b675395845f24ee853f877e72c14b6c6702f7b8775ca1bfabbbcf4019f7bccf07f1c211531dfc66a7a1df79e92a20dd1cbe1b22e1209e7e3ecb9d3c2450fc22a57bfe09bd735f61c361cdac2488ae0adc7885edc0712655daaf535e1de96ccbe7869d531d8bf3db512fbd17c772332a3f8cf1e052ee0202eb99a36a0f8d7219888acbb57090cdaf3b28e1e62e8fc2ec237bdf18592a7afe4d8390dcb5e7fcc31bf4f797e6f5710070902265cc2e8c459b7da1451046abd6c8c5b02c0be2d2f505a65376266563ac7b59ef3b4e2570a6cb0bd94d46ad861317c743ce1de12bfa2295a98cdded4414d87a1580b1e4675bbdf73a22cac4a1d8d456d089e0b60cbfd16158f073bd1dac481db49fa5d8801d0fb0844b4afec1bab4e61fa0f381fa667880a1cd8163953be7b591cc9dfd7f91902370b783ae8a0f3c7cbefa7d229a37c00f523529e159b11d2e240629b64af2d11404773e991207a722c320221ce23baed7cbe40a440c5680814b122cfba9092fe03478f85adcbdeacb76d6cbf2491eafae98327b278e267821a0e1cd06ef90cb0328e246c19d8c63b9332291a89bc9f989effc675c79a870ac024756c6f5a7e32babd69625d61487ae7399490b70dd0fade7d70ad9b0757300a2dde77abaff4f63a0303853589d44efa968e10d36561f04408ad0cc227fc6b2f904cead189a0fcca9b2e6cbde5498652e0b3bc9d8b7921474403718feb5cc750dc70f5a9b1a0ae2c642015b6a1a8ab0572182b4e39e0c869cbdc60c9465f5d564d18ba2f5b3bc3e05a458744077430c5ea031ee02dd8f0a65d7dd8d90dd9b8717f77d202239a5778719423fb2aec7ca86eb07c39de65a34b988d65377a7473e9145f16d79593e96903330bbf3a8024fc15519d9baa0fae2018786f4b1846fca355ff0fccf65cccad1896309a5ccf2056dd542c929850cc91cd655962360fe316557ab3fb378328f77a07d9da24447d3fa2020b382ed2e808ec9529a01273434c64b0b7c35a06a019e4ab51cdc9c0f266ab25b6984338a0ba910d1060283b636c5d7e8a3f969c1ee1c99b54bba7ff3679fbeecbb70349f076480a867cc4ee4cacaea39c80f642533599486d2ffb77b8c9109a9d25fa0b06e58eca764f7d56469eb9547036bbea9d5c3d35b4c1fbc3d39a372c2b7ad184965cad3819c8928f1588d00949949c0c4c93d30ac7f6665247c0108bd89dff3aafe780ac66febfacc8c6a3cc387d09da6de700487a80e2c8d56df94d7ebd3e1d9e06411a6c5f7eb6da41c6f52997b5ad47ba985261103fdf12eb4a2828b248f652ef00b6abccab2eb161b878b9dbc0aa911405b6f67adda83c16187748d7b524ffe6381f489f432d592e6171bd9ccb2cd52f977143f57fbf2ab0b823d449ae55f02440972334344cda01837b93afa4f46a2fdefe27e92764cf9596780846de2e3b1ea83e62ee43b1c05aee675e25363504addfaa68e7c53ed685413f5ba951f120d0a646e474872c81e5a887464c19f8460ae814ffff24cb51dd2dca28d597ab2ea60949f8dbbe67f263e722fdb51bce4e328a19f5ff1218e1f63b8da6d40dbd5490964499b2522ea323310634893ead661407966207a66ab13adfcf1a725ed14339c46011c0e0401f2386b47cd9f902fdf84bc85e74d3ae7cc544e4d65670a554a537712c6ee9f75191631d2a4c4da06fc38423b1d5b828d7201235b2974164f52aa16bee70ee509250752f4fdd6b9f8d021943df8320682a6f80ff0d67ab7a4ceea807bd5b3b7b6380b0c7f0caa67b0208ba71317f0355a3b755af0e2c007186389438615df80b7b25104a733fc90625b62682198733c0f1625dfaa08cf81e3df043094b7b5a098b3b36f803b5b0f10a057bf814ae3579932c0a5f208985bab3d817f975283b8838ae5cb709be72b58df7425e059fdbf4e0ee51b3da01fe0b44963c1196baee5ec5909ad80d9d1660f3edd90374952a0bf8b3bece2c2f944593f4de7de5e05ded096b8f4f05d65dfc2e806f78220d84b3db564fb12f4e5e8f5eab316591f004e9374cce8e787263bc3827affe6793c130b8621d3bbb2a86fd87f070ea21718281ee7aec4bb3bb71af4bf5721cecd139c4be8c9df4ec8dfb09a5cf1d86a25d39faa9f064a997c214f334e4410917fc3b4d67ada8d87a38c0f86b02bf653dddaeb5b75b300f8bcfd792858bef8ab23e063421939c59212964c9ed5dd56e215db58cef53d31a966bb8ce4ed56287fecb3a85ba435e0b41b20ba1164b9c9f2c49fa0f7b17a89e0ec47eefe992d63ee29c8c0a1ece2664fee8edadd43636a54c48519b4fcf55b0d9103602b92441a5f85cf8c5e406d0f5815f8f37309934bd78fbc2acf0a03b051b4528db4f7c09de7d0aabafca3736b8259c818ca338ca6754e0747717c2794d664a1cacc1e9c52764a308e6df73d975638630b74cce6c49b1bac16454e96852c4f9d8ed118e86d2f1c8dc33bccd4a07be128db5e80f5684ddcc1158e744411acde590f902f0987cfb750bb5bfeed53bff076868986b566d7701f48ddfcacbd325c8d930bcef26713bf60585d5c991e2a6cc33ccbc27f7ddfba18f998497c2eb378cc8f2cc07a1b4f141c5e0fb6f52e18242e505bcf6dd20e33a469d056a0b4fd5e72d0da9d0bcce1e2f9e9dc7d1c7b6cb0f3604287eca", 0x2000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x90, 0x0, 0x1, {0x6, 0x2, 0x1, 0xfffffffffffffffd, 0x0, 0x0, {0x40, 0x8, 0xb, 0xffff, 0xfffffffffffffffd, 0x1, 0x0, 0x5dc, 0x120, 0x2000, 0x0, r2, 0x0, 0x501, 0x81}}}, 0x0, 0x0, 0x0, 0x0, 0x0}) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0d000003005a"], 0x50) write$FUSE_INIT(r0, &(0x7f0000000440)={0x50, 0x0, r1, {0x7, 0x29, 0x0, 0x1004cc80, 0x40, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff}}, 0x50) r3 = openat(0xffffffffffffff9c, &(0x7f0000000a80)='./file0/file0\x00', 0x300000d, 0x1) ioctl$BLKPG(r3, 0x1269, &(0x7f00000002c0)={0x1, 0x0, 0x98, &(0x7f0000000580)={0xfffffffffffffffd, 0x0, 0x4}}) 1m26.375111435s ago: executing program 7 (id=777): syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f0000000040)='./bus\x00', 0x1208002, &(0x7f0000000100)={[{@grpquota}, {@delalloc}, {@resuid}, {@debug}, {@dioread_nolock}, {}, {@nomblk_io_submit}, {@noauto_da_alloc}]}, 0x1, 0x5d8, &(0x7f00000005c0)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=") syz_mount_image$fuse(0x0, &(0x7f0000000080)='./bus\x00', 0x10040d0, 0x0, 0x0, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000), 0x10000, &(0x7f00000002c0)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './bus'}}], [], 0x2c}) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) timer_create(0x2, 0x0, 0x0) unshare(0x64000600) fdatasync(r0) 1m26.344896985s ago: executing program 5 (id=779): syz_mount_image$vfat(&(0x7f0000000140), &(0x7f00000001c0)='./file0\x00', 0x2048c5, &(0x7f0000000040)={[{@fat=@nfs_stale_rw}, {@fat=@showexec}, {@utf8}, {@shortname_mixed}, {@uni_xlate}, {@shortname_winnt}, {@shortname_lower}, {@fat=@fmask={'fmask', 0x3d, 0xa3}}, {@fat=@flush}, {@uni_xlate}, {@utf8no}, {}, {@rodir}]}, 0x0, 0x2a1, &(0x7f0000000840)="$eJzs3UFrE1sYxvGnSdukKW2yKBfuhYsvutHN0MZPEKQFMaDURtSFMLUTDRmTkomRiNju3Po5iktXCuoX6Made3FTBMFNF2KkScamNWBaW6ea/w/CnJxz3pkzOTPhnYFMtq4/vVcuBk7RrSuWNMWkdW1LmZ1S10h3GWuXx9VrXecmP7/7/+qNm5dy+fz8otlCbul81symT7168OjZ6Tf1yWvPp18mtJm5tfUp+37zn81/t74uhWuvSq4tV6t1d9n3bKUUlB2zK77nBp6VKoFXq1tPe9Gvrq42za2sTKVWa14QmFtpWtlrWr1q9VrT3DtuqWKO49hUSsMmfuCIwsbiops7lsEgChP9Kmu1nJvo21jY+B2DAgAAJ0tU+f/dUmClwCrVPfl9mP9LYf4f0wHyf2mo8/+DI/8fBjv5f6p7/u5F/g8AAAAAAAAAAAAAAAAAAAAAwJ9gu9VKt1qtdLgMXwlJSUnh+6jHiePB/A+3nh/uJSX/SaPQKHSWnfZcUSX58jQ7Jn1pHw9dnfLCxfz8rLVl9Npf68avNQpxJcL4UKZ//Fwn3nrj1zSmVO/2s0prpn98tk98ozCus2daie6WPTlK6+1tVeVrpX1c78Y/njO7cDm/L36i3Q8AAAAAgL+BY9/9cP3ebncsfGzIvvZO5e79AaV/cn9g3/X1qP4bjW6/AQAAAAAYJkHzYdn1fa82BIXw/w+OZIXRf3TJQTuPSurWvDgpczFIISbpsOHxX5vlj5L21MxEPt1HUfhwv3MGDNI5ym8lAAAAAMchTPpHoh4IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABDbNCHh4X9D/PssZ7NxaPZSwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBk+BYAAP//lOkWvQ==") ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000540)='mounts\x00') mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000200)='./file0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x1333c06, 0x0) mount$bind(&(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x11080, 0x0) mount$bind(&(0x7f0000000240)='.\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x1005848, 0x0) read$FUSE(r0, &(0x7f0000000b00)={0x2020}, 0x2020) 1m25.778055708s ago: executing program 5 (id=783): r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$sock_int(r0, 0x1, 0x4000000000000002, &(0x7f0000fee000)=0x3fa, 0x4) bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c) r1 = socket$inet6(0xa, 0x5, 0x0) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) setsockopt$sock_int(r1, 0x1, 0x4000000000000002, &(0x7f0000fee000)=0x3fa, 0x4) bind$inet6(r1, &(0x7f0000000140)={0xa, 0x4e20, 0xd1, @mcast2}, 0x1c) listen(r0, 0x8000) listen(r1, 0xfffeffff) 1m25.306286376s ago: executing program 5 (id=788): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x5, 0x2, 0x4}, 0x48) close(0x3) bpf$MAP_CREATE(0x0, &(0x7f0000000bc0)=@base={0x6, 0x4, 0x4, 0x12}, 0x50) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000dc0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000001c40)={0x14, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000001000000850000008600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000180)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000000c0)=r4, 0x4) sendmsg$unix(r3, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0) 1m23.904189651s ago: executing program 40 (id=788): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x5, 0x2, 0x4}, 0x48) close(0x3) bpf$MAP_CREATE(0x0, &(0x7f0000000bc0)=@base={0x6, 0x4, 0x4, 0x12}, 0x50) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000dc0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000001c40)={0x14, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000001000000850000008600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000180)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000000c0)=r4, 0x4) sendmsg$unix(r3, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0) 1m22.387920125s ago: executing program 7 (id=799): r0 = socket(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(r2, 0x89f0, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000008c0)={'bridge_slave_1\x00', 0x0}) bind$rds(0xffffffffffffffff, 0x0, 0x0) tkill(0x0, 0x7) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000004c0)=@bridge_newneigh={0x28, 0x1c, 0x1, 0x70bd29, 0x25dfdbfe, {0x7, 0x0, 0x0, r3, 0x80, 0x7e, 0xa}, [@NDA_LLADDR={0xa, 0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xc}}]}, 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x4040000) sendmmsg(r0, &(0x7f0000000000), 0x4000000000001f2, 0x0) 1m19.458317082s ago: executing program 7 (id=822): r0 = inotify_init() inotify_add_watch(r0, &(0x7f0000000000)='.\x00', 0x400017e) mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0) r1 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) r2 = open$dir(&(0x7f0000000140)='./file0\x00', 0x1, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) ftruncate(r3, 0x2000009) sendfile(r2, r3, 0x0, 0x20000000000006) unshare(0xe000480) vmsplice(r1, &(0x7f0000000200)=[{&(0x7f00000002c0)='u', 0x1}], 0x1, 0x0) 1m18.558709829s ago: executing program 41 (id=822): r0 = inotify_init() inotify_add_watch(r0, &(0x7f0000000000)='.\x00', 0x400017e) mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0) r1 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) r2 = open$dir(&(0x7f0000000140)='./file0\x00', 0x1, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) ftruncate(r3, 0x2000009) sendfile(r2, r3, 0x0, 0x20000000000006) unshare(0xe000480) vmsplice(r1, &(0x7f0000000200)=[{&(0x7f00000002c0)='u', 0x1}], 0x1, 0x0) 36.417664529s ago: executing program 0 (id=958): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0) getsockname$packet(r3, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x7) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000086d7c0d6c878f064eb", @ANYRES32=r4, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0x8}, {0xfff1, 0xffff}, {0x6}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}, 0x1, 0x0, 0x0, 0x4000004}, 0x4000800) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000940)=@delchain={0x24, 0x64, 0xf31, 0x70bd2f, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0x9}, {0xfff3, 0xffff}, {0x0, 0x1b}}}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@delchain={0x24, 0x11, 0x1, 0x1f, 0x0, {0x0, 0x0, 0x0, r4}}, 0x24}, 0x1, 0x0, 0x0, 0x4008000}, 0x0) 35.428964492s ago: executing program 0 (id=962): r0 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r0, &(0x7f0000000080)=@name={0x1e, 0x2, 0x0, {{0x42}}}, 0x10) r1 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r1, &(0x7f00000001c0)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0xfffffffd}}, 0x10) r2 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r2, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x3, 0x4}}, 0x10) bind$tipc(r2, &(0x7f0000000140)=@name={0x1e, 0x2, 0x0, {{0x42, 0x2}}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000040)={0x42, 0x1}, 0x10) r3 = socket$tipc(0x1e, 0x5, 0x0) sendmsg$tipc(r3, &(0x7f0000000380)={&(0x7f0000000140)=@nameseq={0x1e, 0x1, 0x2, {0x42, 0x3, 0x4}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4000884}, 0x4) 34.163578249s ago: executing program 0 (id=964): r0 = syz_usb_connect(0x3, 0x24, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000180)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x45, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_CREATE(0x0, 0x0, 0x50) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="4c000000020603000000000000000000000000001400078008001240000000000500150002000000050001000600000005000500020000000500040000000000090002"], 0x4c}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000050000080900010073797a30000000005c000000030a03000000000000000000050000000900010073797a30000000000900030073797a300000000008000a40000000032800048008000240000000120800014000000000140004"], 0xa4}}, 0x0) syz_usb_control_io$sierra_net(r0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xf, 0x0, &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) openat2(0xffffffffffffffff, &(0x7f0000000000)='.\x00', &(0x7f0000000200)={0x40000, 0x1}, 0x18) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) 33.284566208s ago: executing program 0 (id=968): accept4$unix(0xffffffffffffffff, 0x0, 0x0, 0x80800) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0x0, 0xbfdfffbc}, &(0x7f00000000c0)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x85c3}}) io_uring_enter(r2, 0x32d7, 0x0, 0x46, 0x0, 0x0) 29.815907029s ago: executing program 0 (id=981): socket$kcm(0x10, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) syz_clone3(&(0x7f0000000400)={0x100000080, 0x0, 0x0, 0x0, {0xb}, &(0x7f0000000100)=""/15, 0xf, 0x0, 0x0}, 0x58) setpriority(0x2, 0x0, 0x6) 28.211571271s ago: executing program 0 (id=987): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = socket$can_bcm(0x1d, 0x2, 0x2) r3 = syz_io_uring_setup(0x83a, &(0x7f00000000c0)={0x0, 0x3d06, 0x400, 0x2, 0x3d0}, &(0x7f0000000140)=0x0, &(0x7f0000000200)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r2, 0x80, &(0x7f00000002c0)=@l2tp={0x2, 0x0, @remote, 0x3}}) io_uring_enter(r3, 0x3516, 0x0, 0x0, 0x0, 0x0) 16.618306059s ago: executing program 2 (id=1019): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000300)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_io_uring_setup(0x497, &(0x7f00000000c0)={0x0, 0x7079, 0x400, 0x1, 0x288}, &(0x7f0000000140)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) r5 = socket(0x200000000000011, 0x2, 0x1) syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r5, 0x0, 0x0}) io_uring_enter(r2, 0x3516, 0x0, 0x0, 0x0, 0x0) 13.57455292s ago: executing program 4 (id=1024): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_io_uring_setup(0x136f, &(0x7f00000001c0)={0x0, 0x49fa, 0x10, 0x0, 0x4e}, &(0x7f0000000180)=0x0, &(0x7f0000000280)=0x0) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224"], 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_FILES_UPDATE={0x14, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=[0xffffffffffffffff], 0x1}) io_uring_enter(r2, 0x47f6, 0x0, 0x0, 0x0, 0x0) 13.391067875s ago: executing program 2 (id=1025): openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) r0 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r0, 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000100)={'team0\x00', 0x0}) r3 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r3, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x4) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r3, 0x10e, 0x4, &(0x7f0000000640)=0x1800, 0x4) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="200000001100010100"/20, @ANYRES32=r2], 0x20}, 0x1, 0x0, 0x0, 0x80d5}, 0x0) 12.622895395s ago: executing program 42 (id=987): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = socket$can_bcm(0x1d, 0x2, 0x2) r3 = syz_io_uring_setup(0x83a, &(0x7f00000000c0)={0x0, 0x3d06, 0x400, 0x2, 0x3d0}, &(0x7f0000000140)=0x0, &(0x7f0000000200)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r2, 0x80, &(0x7f00000002c0)=@l2tp={0x2, 0x0, @remote, 0x3}}) io_uring_enter(r3, 0x3516, 0x0, 0x0, 0x0, 0x0) 12.503617852s ago: executing program 1 (id=1027): setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_io_uring_setup(0xbd9, &(0x7f0000000640)={0x0, 0xe826, 0x800, 0x1, 0x3c3}, &(0x7f0000000dc0)=0x0, &(0x7f0000000000)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0xfffffffffffffffe, 0x0}) io_uring_enter(r2, 0x847ba, 0x0, 0xe, 0x0, 0x0) 11.269891857s ago: executing program 3 (id=1031): socketpair$unix(0x1, 0x2, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$sock_int(r2, 0x1, 0x2e, &(0x7f0000000180)=0x7b, 0x4) shutdown(r2, 0x0) recvmmsg(r2, &(0x7f00000066c0), 0xa0d, 0x0, 0x0) 11.102205747s ago: executing program 2 (id=1032): userfaultfd(0x80801) r0 = syz_io_uring_setup(0x10d, &(0x7f0000000380)={0x0, 0x0, 0x80, 0x0, 0x4000}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000440)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_SHUTDOWN={0x22, 0x9}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x800, 0xffffffff, 0xbfe00000}, &(0x7f0000000000)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r3, 0x47f6, 0x0, 0x2, 0x0, 0x300) io_uring_enter(r0, 0x3516, 0x0, 0x0, 0x0, 0x0) 8.951725281s ago: executing program 2 (id=1044): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) r1 = creat(&(0x7f00000002c0)='./file0\x00', 0x0) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) syz_clone(0x0, 0x0, 0xfffffe11, 0x0, 0x0, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) write$qrtrtun(r1, &(0x7f0000000300)="ca0e808bb35bdabb", 0x8) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r3, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000004c0)=[0x7], &(0x7f0000000500)=[0x2], 0x0, 0x1}}, 0x3c) close_range(r0, 0xffffffffffffffff, 0x0) 8.855090623s ago: executing program 4 (id=1034): socket$alg(0x26, 0x5, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$packet(0x11, 0x3, 0x300) r2 = socket(0x1e, 0x4, 0x0) connect$tipc(r2, &(0x7f0000000040)=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x10) sendmmsg$unix(r2, &(0x7f0000004400), 0x400000000000203, 0x0) 7.571456669s ago: executing program 1 (id=1035): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_io_uring_setup(0x4f6, &(0x7f0000000380)={0x0, 0xc81d, 0x10, 0x4, 0x2cf}, &(0x7f0000000300)=0x0, &(0x7f00000002c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) r5 = socket$can_j1939(0x1d, 0x2, 0x7) syz_io_uring_submit(r3, r4, &(0x7f0000000140)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000001c0)=@vsock={0x28, 0x0, 0x0, @host}, 0x0, 0x0, 0x1}) io_uring_enter(r2, 0x47b0, 0x7bb6, 0x82, 0x0, 0x0) 6.904153784s ago: executing program 2 (id=1036): openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_BINDTODEVICE_wg(r2, 0x1, 0x19, &(0x7f0000000140)='wg0\x00', 0x4) connect$inet(r2, &(0x7f00000001c0)={0x2, 0x2, @multicast1}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x800001d, 0x191c) 6.309607599s ago: executing program 3 (id=1037): syz_mount_image$squashfs(&(0x7f0000000100), &(0x7f0000000000)='./file1\x00', 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="00815fcb6c17c68f239cbc53c40972fb43da14f217bd93e6ebfde5585f63f1c1d8473fe39327852107a2489fc75846dd58657945c3ce4bed7d1452c74577e678a02e6b62c48846f9fea8ff6fd7f9a819961a1a6e18917f75cf633eaefe0f029d5d4b697ca0de784bd4fd4ee47740fafc2d46c7aa1279d7172ac4ec4b9cbe890200000075117934859797825acb3e8e4a67ae59d5e366af500cea3eee7b6bf3bfe9c4ae7b0f7fb33d5f1f72070000000e72da1075d5b83f93f03711b9e9ae0621abdf15468f20abaff300006ddaa87651396da731adf6214f92888f896d3f3d60f5fb009d365da32dd89b8589c3a08956a8ff185ef14e956b950f801b511c6d876127757678102f7b8851a569c0f6bc340fe0dbc1b5b828d9401d0ea1e86a43ececf69580430a29ade4f88535749e90b4d3391e03934cad898a63dad6cacaf559a55ab4b7810337d89efda43d160065705aec490f6ba91096230e5d45f2e74ed77d83f616047a6c6bfad569119396123ec0b842342c7494412ed535df4dcb2d18873b2df25b5fe02a5b29da44b90b2d52726e6886ac84ed4d6d164fd23d9525b8898ad3031c496ccb69d0f06bc00c5b3f19269c81f34c480b5cedce8125337c5aa57ae15d525b9dcc4edce1327f2d3d3eda95cbcf1bd1b362b7b6de289c8380a70035aac04f2641fd37e02c0bde93087f0c42d287d33387b200f3976a9fba9dddeba00ba4b561b767cfc5c9bb1b1572055f052e2f7694e39e1fca3719374528800ea8efb80fa4bb55c68e18b206e84dbfd6241dc879e44125ef713323b8126608b8244a91f900a023ab268b064b6cf0dd1952926dae2f87a37c4927711844eb9507774262a817c99a6d4fc73302b5738833d8eaf67480561ae291394c97d950b4811a326f4c6fb97f27076cb0ad757fc8"], 0x1, 0x1a4, &(0x7f0000000540)="$eJzsVb1OG0EQ/vZufWeniFJHkVLESuwi9vmcROmSCvkBqBGWfRiLMz8+S2DLhan8HjR+Ed6BAkRjCoREYWrQod2dO9YdSIdk0H7S+vtmZmf/rJvZjg4iF8DDYtzCf0jY+IhzxsABfGXKt+YqvnEUV8i+5orL5D8hviCOhqOdZhgGfSHyIJF6MhHZr7iSYuPFWQXgdV6cREH9x1iN98lc8EzWsVflOu9E3McKz5n8ZP47tnAra9nZYtwSYhOAWEf42mowfY4N4FSb85nLwWzE6RxR/ITxA0B10NuvRsPRz26v2Qk6wa7v1/94vzzvt1/d6oaBp36ZtoVF34/gMgBRUwtaPAfgkgrsByyDaUejONNzHa04l74t51qMp7kJ5ykmcqm2W+IJ1vFdxg4n1AkgvEU6tbxSAww2uDRqXDsfEMNCXgYqrb2wPQWD6CuxC3gzcFhJ2hy5xBCpqRHU/06SY0+Ji8QN4hnxnDjpWUkv4nKFK7JKE8DBUXMw6NeES6nU56c+/1O6s0W73jn65YAvLgwMDAwMDAwM3hgeAwAA//9bsl4t") r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r1, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0xb}, 0xe) sendmmsg$sock(r1, &(0x7f0000004100)=[{{0x0, 0x0, 0x0}}], 0xffffff80, 0x0) shutdown(r1, 0x1) r2 = socket$inet_sctp(0x2, 0x1, 0x84) close_range(r2, 0xffffffffffffffff, 0x0) 5.78492824s ago: executing program 3 (id=1038): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) close(0x3) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) close(r0) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r2, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8) setsockopt(r1, 0x84, 0x80, &(0x7f0000000000)="1400000009000000", 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @ipv4={'\x00', '\xff\xff', @empty}}], 0x1c) sendto$inet6(r2, &(0x7f00000004c0)="b0", 0x1, 0x0, &(0x7f0000000240)={0xa, 0x4e23, 0x7, @ipv4={'\x00', '\xff\xff', @loopback}, 0x4}, 0x1c) setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(r2, 0x84, 0x5, &(0x7f0000000500)={0x0, @in={{0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x38}}}}, 0x84) 5.325036061s ago: executing program 4 (id=1040): socket$nl_route(0x10, 0x3, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$binfmt_aout(0xffffffffffffffff, 0x0, 0xff2e) bpf$PROG_LOAD(0x5, 0x0, 0x0) write$UHID_CREATE2(r0, &(0x7f0000000340)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r0, 0x0) unshare(0x6020400) r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000540)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000000004"], 0x0, 0x26}, 0x28) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x3, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000000000000000000000000000950000000000000009000000dfa2bff372df8cdbeb318ab2bec8fc36903c0ec359caa1af3c914019395cc154010c693709800000000000000016a85adef34bf78c76e6222337923e1bea6ef682cc4375f594425d408ccc58187feb0e3d43347f989007a7c63f6dae2acb4af936461f34a8a32a50bbbb69ec85168947b86df9f2609bf93f7a1be259621818c3c75da31290bce645451b851111dd98ac4d8da9317c2c082020e0b2d634086785f3fe41a3053645cc413790faf7e229c782845b5bb774f7f154263178151ea93ff2cac4b181332c9c9a1c7d85616c8100000000000000d8300d19d585000000fc005774b56a7142047326f940e95b8489e1c5650f5c61299a295f39c88456391cffdef93e29f10f4a11f0cfbfc0ff976b20fef6033495b9b94777db9bb9b678ffc1130000009faa798226a080c01e47151268a02dc1a557cfdcf76305fbf6643df66b1b4d2d5e7bf698fc5a18d984ecb91e6683a5f522d536e2f3c43b89823659d1945258fc668950e5aacfffffffffffffff7f7a266c90e64efc8d8f730867202a9ee94e6a00"], &(0x7f0000000080)='GPL\x00', 0x5, 0x1f6, &(0x7f00000002c0)=""/168, 0x0, 0x0, '\x00', 0x0, @sock_ops, r1, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000200), 0x1, 0x0, 0xffffffffffffffff, 0xf5010000}, 0x6d) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000007c0)={r2, 0xe0, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, &(0x7f0000001a00), 0x0, 0xfeffffff, 0x10, 0x8, 0x0, 0x0}}, 0x10) 4.88038183s ago: executing program 8 (id=1042): syz_open_procfs(0xffffffffffffffff, 0x0) r0 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000440)=@raw={'raw\x00', 0x8, 0x3, 0x4c8, 0x170, 0xffffffff, 0xffffffff, 0x170, 0xffffffff, 0x3f8, 0xffffffff, 0xffffffff, 0x3f8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0x148, 0x170, 0x0, {}, [@common=@unspec=@helper={{0x48}}, @common=@inet=@hashlimit1={{0x58}, {'bond_slave_1\x00', {0x41, 0x1ff, 0x6, 0xb0e2, 0x10001, 0x84e, 0xfffffffb, 0x18, 0x8}, {0x1}}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'erspan0\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'vcan0\x00', {0x3, 0x0, 0x41, 0x0, 0x2, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x528) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x58) shutdown(r1, 0x1) listen(r1, 0x5) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x24040014, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @empty, 0x3}, 0x1c) close_range(r1, 0xffffffffffffffff, 0x0) 4.746091152s ago: executing program 4 (id=1043): r0 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r0, &(0x7f0000000040)={0x28, 0x0, 0x2710, @local}, 0x10) listen(r0, 0x0) r1 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r1, &(0x7f0000000640)={0x28, 0x0, 0x2710}, 0x10) r2 = accept(r0, 0x0, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="120000000400000004000000a4"], 0x48) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000080)={r3, &(0x7f0000000300), &(0x7f00000002c0)=@tcp6=r2}, 0x20) shutdown(r2, 0x0) recvfrom$rose(r2, 0x0, 0x0, 0x10141, 0x0, 0x0) 4.628232586s ago: executing program 3 (id=1045): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) close(0x3) r1 = socket(0x2, 0x80805, 0x0) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r2, 0x0) close(0x3) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r2, 0x84, 0x7a, &(0x7f0000000340)={r3, @in6={{0xa, 0x3, 0x4, @rand_addr=' \x01\x00'}}}, &(0x7f0000000040)=0x84) sendmmsg$inet_sctp(r1, &(0x7f00000032c0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="30000000000000008400000001000000000000017c"], 0x30}], 0x1, 0x0) setsockopt(r0, 0x84, 0x7f, &(0x7f0000000140)="010000000980ffff", 0x8) 4.392984505s ago: executing program 4 (id=1046): r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) close(0x3) bind$alg(r1, &(0x7f0000000540)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-serpent-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, 0x0, 0x0) accept4(r1, 0x0, 0x0, 0x0) sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) recvfrom$inet(r0, &(0x7f0000000000)=""/8, 0xfffffffffffffd0b, 0x400123eb, 0x0, 0x1154103478d401ea) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB="04010000100001002bbd7000f4dbdf2500000000", @ANYRES32=0x0, @ANYBLOB="0000000008000200140003006e657464657673696d300000000000000a000100aaaaaaaaaaaa0000c4001680c00001801000060007"], 0x104}, 0x1, 0x0, 0x0, 0x4044810}, 0x0) 4.311173348s ago: executing program 3 (id=1047): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_io_uring_setup(0x837, 0x0, &(0x7f0000000040), &(0x7f0000000140)) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180200000000000000000000000002001801000020646c4300000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006000000850000000700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x3a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = gettid() process_vm_writev(r2, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0) 4.285858795s ago: executing program 1 (id=1048): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x5, 0x9, 0x6, 0x0, 0xb49, 0x9, 0x8, 0x2, 0x3}, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x12, 0x4, 0x4, 0x12}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000005c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x8, '\x00', 0x0, @flow_dissector=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r3, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 4.253016429s ago: executing program 8 (id=1049): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000340)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) sendto$inet6(r0, &(0x7f0000000300)="8b", 0x34000, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @private1}, 0x1c) shutdown(r0, 0x1) 3.117985697s ago: executing program 8 (id=1050): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x2, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000140)=@gcm_128={{0x303}, "87ee8ac6c46dad33", "2607080d7f4fcf00fd4ef2dece6c7c58", '\x00', '#\x00\x00@\x00'}, 0x28) writev(r0, &(0x7f0000000740)=[{&(0x7f00000008c0)="581a17919cc7749e9438c65fb69e487bd1c16731510e7fc4ed9fb860505f1495ff92f16a38f8a13d58751d926def1f80b315bdc726cdd8b5d1a91f485854af8fc854b0da7a02522fe7b2c21db7a46c48473099d4a4654cfd97a67c9e79afc0d444e6c78b0216d2201b128df9d4ed5b4dbe676fe56a6354f819d997a6acb8595633cff6e07473b2b3abcc65b51cb3d3a30bf9b0b2ce59d568d3a89b49331904da2a37c89ea236f5d5640c32c3ac74e4bd25a62c560cb63836556c63de0200000000", 0xc1}], 0x1) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000680)=@gcm_128={{0x303}, "000037d7009400", "c0b6c5b29ca2b838d41ac2fc7ddf972d", "e9be1eae", "bb10000000000001"}, 0x28) readv(r0, &(0x7f0000000e40)=[{&(0x7f0000000f40)=""/250, 0xff1}], 0x1) 2.761584711s ago: executing program 8 (id=1051): socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={0x30, r1, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x1c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @local}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x6}]}]}, 0x30}, 0x1, 0x0, 0x0, 0xaa34a4cfdf933201}, 0x10) r2 = socket$inet6_mptcp(0xa, 0x1, 0x106) connect$inet6(r2, &(0x7f0000000180)={0xa, 0x4001, 0x1, @dev={0xfe, 0x80, '\x00', 0x1c}, 0x3f}, 0x1c) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)={0x28, r4, 0x1, 0x0, 0x0, {0x7}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x1}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1a}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x8) 2.627086119s ago: executing program 3 (id=1052): socket$alg(0x26, 0x5, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$packet(0x11, 0x3, 0x300) r2 = socket(0x1e, 0x4, 0x0) connect$tipc(r2, &(0x7f0000000040)=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x10) sendmmsg$unix(r2, &(0x7f0000004400), 0x400000000000203, 0x0) 1.66551825s ago: executing program 8 (id=1053): prlimit64(0x0, 0xe, &(0x7f0000000000)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) setrlimit(0xe, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, 0x0, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='numa_maps\x00') lseek(r1, 0x1000000, 0x0) 1.459241392s ago: executing program 1 (id=1054): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x2a, 0xa9}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mkdirat(0xffffffffffffff9c, &(0x7f0000000600)='./file0\x00', 0x19) syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x21041, 0x0, 0x1, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x2) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0/file1\x00', 0x2000, 0x105) fcntl$setstatus(r1, 0x4, 0x2400) sendfile(r0, r1, 0x0, 0xffffffff004) 829.91979ms ago: executing program 1 (id=1055): syz_mount_image$udf(&(0x7f0000000c40), &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="6e6f6164696e6963622c6e6f7374726963742c6d6f64653d30303030303030303030303030303030303030303030342c7569643d666f726765742c6a6f6164696e6963622c756d61736b3d30303030303030303030303030303034303030323030302c6c617374626c6f636b3d30303030303030303007003030303030303031332c75303713ccdb13243b70617274d0d45eb14f6974696f6e3d30303030303030303030303030303030303030352c00"], 0x43, 0xc29, &(0x7f0000000dc0)="$eJzs3V1oZOd5B/DnnSNZIzlN5DhZJ22cDqQki9Jd9iu7CluCNlbUBjbrEK1CfRWNPnYzWDtaJG2zTtugNKSF3oT6pvSmiKamhVz0qu5llcaFhFIoIRfpRUHQxPiiF6IECi2Oypl5Rxrtaldj74ck+/cz8v/MmeeM3o/RmSPYVycAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIjPfu7SqdPpoFsBADxOVya/dOqsz38AeFe56vd/AAAAAAAAAAAAAAA47FIUcSxSDL26maZbj9uqlxvNW7enxif2PmwwRYpKFK368qt6+szZc586f2G0k/c//mH7cDw/efVS7bnFGzeX5peX5+dqU83G7OLcfM+v8KDH32mkNQC1Gy/emrt2bbl25uTZXU/fHn594MljwxcvnDg/2qmdGp+YmOyq6et/29/9Lvda4fFEFFGPFG8Ov5HqEVGJBx+Lfd47j9pgqxMjrU5MjU+0OrLQqDdXyidTJVdVImpdB411xugxzMUDGYtYLZtfNnik7N7kzfpSfWZhvvbF+tJKY6Wx2EyVdmvL/tSiEqMpYi0iNgbufrn+KOKjkeLlU5tpJiKKzjh8srUweP/2VB5BH3tQtrPWH7FWOQJzdogNRBFXIsUvXjses+WY5a/4eMQXynw14pUyPxORyjfGuYif7/E+4mjqiyL+NVIsps001zofdM4rl79c+3zz2mJXbee8cuQ/Hx6nQ35uqkYRM60z/mZ6+xc7AAAAAAAAAAAAAAAAADxsg1HEdyPFt579vda64mitS3/fxdH3vPDb3WvGn9nndcrakxGxWultTW5/XjqcKuV/j6Bj9KQaRXwjr//75kE3BgAAAAAAAAAAAAAAAAAA4F2tiBcixVdOHE9r0X1P8Ubzeu1qfWahfVfYzr1/O/dM39ra2qqldo7lnM65mnMt53rOjZxRycfnHMs5nXM151rO9ZwbOaPIx+ccyzmdczXnWs71nBs5oy8fn3Ms53TO1ZxrOddzbuSMQ3LvXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAd5JKFPHLSPGdr22mSBExFjEd7VwfOOjWAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAClairiZKRYf6HaerxWibgaEb/c2trqfEXEZpk9+lb674k9nzjovgIAAAAAAAAAAAAAAAAAAMChlYr4WKR4+n83Uy0ibg+/PvDkseGLF06cHy2iiFSWdNc/P3n1Uu25xRs3l+aXl+fnalPNxuzi3Hyv3656udG8dXtqfOKRdGZfg4+4/YPV5xZvvrTUuP7VlT2fH6pemlleWarP7v10DEYlYrp7z0irwVPjE61GLzTqzdahqXKPBlYixnrtDAAAAAAAAAAAAAAAAAAAAIfGUCric5HiZ/9xLnXWjfe11/z/SvtRsV37yh/s/C2AhTuyo/vvB/SynXpt6Ehr4X1tanxiYrJrd1//3aVlm1Iq4plI8YmXP9RaD59iaM+18WXde8u6G+dy3fCvlXWru6qqI1PjE7Uri80TlxYWFmfrK/WZhfna5M36bM9/OAAAAAAAAAAAAAAAAAAAAADuYygV8ZNI8V9/+2+pc9/5vP6/r/2oa/3/b7WW0LdU0+7c1lrb/97W2v729vsujg599Nl77X8U6//LNqVUxLcjxdmffKh1P/3O+v/pO2rLuj+JFG88+5FcV3mirKt3utN+xWuNhflTZe1fRopff7NTG63a67n26Z3a02XtYKT4883dtV/NtR/YqT1T1h6PFD/4z71rP7hTe7as/Vmk+Ie/qXVqh8ra38+1x3ZqT84uLsztN6zl/H8vUvz1ld9JnT7fc/67/v7D6h257a45v//2w5r/4a59q3le/zjPf32f+T8fKb5X/Uiua4/9TH7+qdb/d+b/E5Hi3/9ld+21XPv+ndrTvXbroJXz/91I8f2/+Ol2n/P855HdmaHu+f/Vvt25/S45oPl/qmvfcG7X7Fsci3ej5Ze+/mJ9YWF+yYYNG29x45v5p+iwtOdhbhzwiYnHovz8/9NI8X/HitS5jsmf/+9pP9q5/vufb+x8/l+8I7cd0Of/+7v2XcxXLf19EdWVGzf7n4moLr/09RONG/Xr89fnm2dOn/r0p8+fPnX6fP8TnYu7na2ex+6doJz/H0WKH//dj7d/j9l9/bf39f/QHbntgOb/6e4+7bqu6Xko3pXK+f+rSPHUZ3+6/fvm/a7/O7//H//Y7tz++Tug+f9A177h3K7GWxwLAAAAAAAAAACAo2QoFfFnkeJ3/+g3U2cNUS///m/ujtx2QP/+61jXvrnHtK6h50EGADhEyuu/D0aKf9z64fZa7t3Xf/Ebndru6797edv3/y/2eeG3sP4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACOuhRF/GGkGHp1M60PlI/bqpcbzVu3p8Yn9j5sMEWKShSt+vKrevrM2XOfOn9htJP3P/5h+3A8P3n1Uu25xRs3l+aXl+fnalPNxuzi3HzPr/Cgx99ppDUAtRsv3pq7dm25dubk2V1P3x5+feDJY8MXL5w4P9qpnRqfmJjsqunrf9vf/S7pHvufiCJ+GCneHH4jfX8gohIPPhb7vHcetcFWJ0ZanZgan2h1ZKFRb66UT6ZKrqpE1LoOGuuM0WOYiwcyFrFaNr9s8EjZvcmb9aX6zMJ87Yv1pZXGSmOxmSrt1pb9qUUlRlPEWkRsDNz9cv1RxLcjxcunNtM/DUQUnXH45JXJL506u397Ko+gjz0o21nrj1irHIE5O8QGooi/jxS/eO14/GAgoi/aX/HxiC+U+WrEK2V+JiKVb4xzET/f433E0dQXRZyLFItpM702UJ4POueVy1+ufb55bbGrtnNeOfKfD4/TIT83VaOIH7XO+Jvpn/1cAwAAAAAAAAAAAAAAABwiRaxFiq+cOJ5a64O31xQ3mtdrV+szC+1lfZ21f50101tbW1u11M6xnNM5V3Ou5VzPuZEzKvn4nGM5p3Ou5lzLuZ5zI2cUOVfz8fnxdM7VnGs513NudI7ry98/51jO6ZyrOddyrufcyBmHZO0eAAAAAAAAAAAAAAAAAADwzlKJonUX9+98bTNtDbTvLz0d7Vx3P9B3vP8PAAD//4dycDA=") pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) r2 = openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0) read$FUSE(r2, 0x0, 0x0) syz_fuse_handle_req(r2, 0x0, 0x0, 0x0) write$P9_RVERSION(r1, 0x0, 0x15) r3 = dup(r1) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x80, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r3, @ANYBLOB=',privport,access=', @ANYRESDEC]) 819.488603ms ago: executing program 8 (id=1056): r0 = socket$inet_udp(0x2, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) connect$inet(r0, &(0x7f0000000480)={0x2, 0x4e23, @multicast2}, 0x10) setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f00000002c0)={{{@in=@multicast2, @in6=@empty, 0x4e24, 0x4, 0x0, 0x0, 0x2, 0x0, 0x20, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x3, 0xfffffffffffffffe}, {0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3}, {{@in6=@mcast2, 0x0, 0x32}, 0x0, @in=@private=0xa010100, 0x0, 0x2, 0x0, 0xb7, 0xfffffffe, 0xffffff7e}}, 0xe4) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x1c) 652.024833ms ago: executing program 2 (id=1057): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x4, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0xffffffdd, 0xa}, [@ldst={0x3, 0x0, 0x3, 0x1c10a1, 0x0, 0x48}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x19, &(0x7f0000000000)={0xffffffff}, 0xf1, 0x10, &(0x7f0000000000)={0x0, 0x7}, 0x7}, 0x48) 114.386872ms ago: executing program 4 (id=1058): r0 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r0, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10) r1 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r1, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0xfffffffd}}, 0x10) bind$tipc(r1, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0x2}}, 0x10) r2 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r2, &(0x7f00000000c0)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000040)={0x43, 0x1, 0x3}, 0x10) bind$tipc(r0, 0x0, 0x0) close(r0) 0s ago: executing program 1 (id=1059): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = syz_io_uring_setup(0x117, &(0x7f0000000400)={0x0, 0x0, 0x10, 0x0, 0x3a2}, &(0x7f00000001c0)=0x0, &(0x7f0000000000)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffc00, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f00000000c0)=@IORING_OP_SENDMSG={0x9, 0x40, 0x0, r1, 0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="1800"], 0x18}, 0x0, 0x40000, 0x1}) io_uring_enter(r2, 0x47f6, 0x80ffff, 0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) kernel console output (not intermixed with test programs): BTRFS info (device loop0): using crc32c (crc32c-lib) checksum algorithm [ 153.150467][ T5951] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 153.189697][ T7116] overlayfs: statfs failed on './file0' [ 153.243541][ T7129] netlink: 28 bytes leftover after parsing attributes in process `syz.1.335'. [ 153.304346][ T7129] netlink: 'syz.1.335': attribute type 7 has an invalid length. [ 153.353068][ T7129] netlink: 'syz.1.335': attribute type 8 has an invalid length. [ 153.360573][ T5951] usb 4-1: Using ep0 maxpacket: 8 [ 153.392346][ T5951] usb 4-1: config 0 has an invalid interface number: 55 but max is 0 [ 153.403796][ T7073] BTRFS info (device loop0): rebuilding free space tree [ 153.423184][ T5951] usb 4-1: config 0 has no interface number 0 [ 153.429372][ T5951] usb 4-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 153.432815][ T7129] netlink: 4 bytes leftover after parsing attributes in process `syz.1.335'. [ 153.474629][ T7133] netlink: 'syz.5.334': attribute type 7 has an invalid length. [ 153.509351][ T7133] netlink: 32 bytes leftover after parsing attributes in process `syz.5.334'. [ 153.511050][ T5951] usb 4-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 153.556357][ T7073] BTRFS info (device loop0): allowing degraded mounts [ 153.573744][ T5951] usb 4-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 153.602045][ T7073] BTRFS info (device loop0): enabling ssd optimizations [ 153.631871][ T5951] usb 4-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 153.649143][ T7073] BTRFS info (device loop0): enabling free space tree [ 153.669063][ T7073] BTRFS info (device loop0): force clearing of disk cache [ 153.677274][ T5951] usb 4-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 153.699426][ T7073] BTRFS info (device loop0): use zstd compression, level 3 [ 153.718665][ T5951] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 153.740471][ T7073] BTRFS info (device loop0): max_inline set to 0 [ 153.759552][ T5951] usb 4-1: config 0 descriptor?? [ 153.791598][ T5951] ldusb 4-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 153.881502][ T7148] loop1: detected capacity change from 0 to 256 [ 153.896688][ T31] audit: type=1800 audit(1769651472.894:8): pid=7073 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.318" name="file1" dev="loop0" ino=260 res=0 errno=0 [ 153.993875][ T31] audit: type=1800 audit(1769651472.984:9): pid=7073 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.318" name="file1" dev="loop0" ino=260 res=0 errno=0 [ 154.031658][ T10] usb 4-1: USB disconnect, device number 7 [ 154.077825][ T10] ldusb 4-1:0.55: LD USB Device #0 now disconnected [ 154.225125][ T5825] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 154.250735][ T5951] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 154.447471][ T5951] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 154.469527][ T5951] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 154.490033][ T5951] usb 2-1: New USB device found, idVendor=0458, idProduct=0153, bcdDevice= 0.00 [ 154.522072][ T5951] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 154.561031][ T5951] usb 2-1: config 0 descriptor?? [ 154.576508][ T7144] loop4: detected capacity change from 0 to 32768 [ 154.944785][ C1] vxcan0: j1939_tp_rxtimer: 0xffff888020f08400: rx timeout, send abort [ 154.955698][ C1] vxcan0: j1939_xtp_rx_abort_one: 0xffff888020f08400: 0x0f000: (3) A timeout occurred and this is the connection abort to close the session. [ 155.020566][ T5951] usbhid 2-1:0.0: can't add hid device: -71 [ 155.026620][ T5951] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 155.124863][ T5951] usb 2-1: USB disconnect, device number 4 [ 155.250528][ T5838] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 155.525037][ T5838] usb 6-1: Using ep0 maxpacket: 16 [ 155.564715][ T5838] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 155.627579][ T5838] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 155.728325][ T5838] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 155.793787][ T5838] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 155.857464][ T5838] usb 6-1: Product: syz [ 155.915727][ T5838] usb 6-1: Manufacturer: syz [ 155.939516][ T5838] usb 6-1: SerialNumber: syz [ 156.027687][ T7169] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512 [ 156.105038][ T7169] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512 [ 156.140450][ T7162] loop3: detected capacity change from 0 to 131072 [ 156.165020][ T7169] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512 [ 156.208031][ T7162] F2FS-fs (loop3): Wrong CP boundary, start(512) end(1536) blocks(0) [ 156.216186][ T7162] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 156.225536][ T7162] F2FS-fs (loop3): invalid crc value [ 156.248127][ T7169] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512 [ 156.316335][ T7162] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 156.347775][ T7162] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 156.355683][ T7162] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4 [ 156.372323][ T7169] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512 [ 156.403373][ T5838] usb 6-1: 0:2 : does not exist [ 156.428066][ T5838] usb 6-1: 5:0: failed to get current value for ch 0 (-22) [ 156.443905][ T7169] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512 [ 156.484920][ T31] audit: type=1800 audit(1769651475.474:10): pid=7162 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.345" name="file1" dev="loop3" ino=5 res=0 errno=0 [ 156.534269][ T7169] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512 [ 156.591083][ T7169] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512 [ 156.646552][ T7169] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512 [ 156.657754][ T5838] usb 6-1: USB disconnect, device number 2 [ 156.700068][ T7169] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512 [ 156.838935][ T5834] udevd[5834]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 157.595299][ T7206] netlink: 8 bytes leftover after parsing attributes in process `syz.0.360'. [ 157.634096][ T7199] loop4: detected capacity change from 0 to 40427 [ 157.643459][ T7199] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 157.651234][ T7199] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 157.662014][ T7199] F2FS-fs (loop4): invalid crc value [ 157.787171][ T7199] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 157.808227][ T7199] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 157.816035][ T7199] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 157.938509][ T7199] bio_check_eod: 97 callbacks suppressed [ 157.938530][ T7199] syz.4.358: attempt to access beyond end of device [ 157.938530][ T7199] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 158.017387][ T7199] syz.4.358: attempt to access beyond end of device [ 158.017387][ T7199] loop4: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 158.033381][ T7199] CPU: 0 UID: 0 PID: 7199 Comm: syz.4.358 Tainted: G L syzkaller #0 PREEMPT(full) [ 158.033416][ T7199] Tainted: [L]=SOFTLOCKUP [ 158.033425][ T7199] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 158.033439][ T7199] Call Trace: [ 158.033448][ T7199] [ 158.033457][ T7199] dump_stack_lvl+0xe8/0x150 [ 158.033493][ T7199] f2fs_handle_critical_error+0x37c/0x540 [ 158.033531][ T7199] f2fs_write_end_io+0xc1d/0xfd0 [ 158.033582][ T7199] __submit_merged_bio+0x256/0x650 [ 158.033618][ T7199] __submit_merged_write_cond+0x471/0x530 [ 158.033653][ T7199] f2fs_sync_node_pages+0x14bf/0x1680 [ 158.033702][ T7199] ? __pfx_f2fs_sync_node_pages+0x10/0x10 [ 158.033768][ T7199] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.033808][ T7199] f2fs_write_checkpoint+0xe9d/0x2490 [ 158.033879][ T7199] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 158.033958][ T7199] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.033985][ T7199] ? down_write+0x16d/0x200 [ 158.034016][ T7199] ? __pfx_down_write+0x10/0x10 [ 158.034052][ T7199] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.034091][ T7199] f2fs_issue_checkpoint+0x40c/0x690 [ 158.034124][ T7199] ? kasan_save_track+0x3e/0x80 [ 158.034145][ T7199] ? kasan_save_free_info+0x46/0x50 [ 158.034177][ T7199] ? __kasan_slab_free+0x5c/0x80 [ 158.034201][ T7199] ? path_openat+0x18dd/0x3e20 [ 158.034234][ T7199] ? do_filp_open+0x22d/0x490 [ 158.034267][ T7199] ? do_sys_openat2+0x12f/0x220 [ 158.034296][ T7199] ? __pfx_f2fs_issue_checkpoint+0x10/0x10 [ 158.034335][ T7199] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.034363][ T7199] ? __lock_acquire+0x6b5/0x2cf0 [ 158.034443][ T7199] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.034479][ T7199] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.034506][ T7199] ? f2fs_sync_fs+0x1f0/0x3b0 [ 158.034536][ T7199] f2fs_create+0x44b/0x5c0 [ 158.034570][ T7199] ? __pfx_f2fs_create+0x10/0x10 [ 158.034601][ T7199] path_openat+0x18dd/0x3e20 [ 158.034680][ T7199] ? __pfx_path_openat+0x10/0x10 [ 158.034740][ T7199] do_filp_open+0x22d/0x490 [ 158.034780][ T7199] ? __pfx_do_filp_open+0x10/0x10 [ 158.034843][ T7199] ? _raw_spin_unlock+0x28/0x50 [ 158.034879][ T7199] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.034906][ T7199] ? alloc_fd+0x64b/0x6c0 [ 158.034946][ T7199] do_sys_openat2+0x12f/0x220 [ 158.034975][ T7199] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.035002][ T7199] ? __se_sys_futex+0x3a8/0x450 [ 158.035044][ T7199] ? __pfx_do_sys_openat2+0x10/0x10 [ 158.035078][ T7199] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.035108][ T7199] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.035136][ T7199] ? rcu_is_watching+0x15/0xb0 [ 158.035166][ T7199] __x64_sys_openat+0x138/0x170 [ 158.035203][ T7199] do_syscall_64+0xe2/0xf80 [ 158.035229][ T7199] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 158.035252][ T7199] ? trace_irq_disable+0x37/0x100 [ 158.035283][ T7199] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 158.035307][ T7199] RIP: 0033:0x7fc3fcb9aeb9 [ 158.035328][ T7199] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 158.035348][ T7199] RSP: 002b:00007fc3fdaca028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 158.035373][ T7199] RAX: ffffffffffffffda RBX: 00007fc3fce15fa0 RCX: 00007fc3fcb9aeb9 [ 158.035390][ T7199] RDX: 000000000000275a RSI: 00002000000001c0 RDI: ffffffffffffff9c [ 158.035407][ T7199] RBP: 00007fc3fcc08c1f R08: 0000000000000000 R09: 0000000000000000 [ 158.035423][ T7199] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 158.035437][ T7199] R13: 00007fc3fce16038 R14: 00007fc3fce15fa0 R15: 00007ffebae8a868 [ 158.035477][ T7199] [ 158.035486][ T7199] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 158.407719][ T7199] CPU: 0 UID: 0 PID: 7199 Comm: syz.4.358 Tainted: G L syzkaller #0 PREEMPT(full) [ 158.407754][ T7199] Tainted: [L]=SOFTLOCKUP [ 158.407763][ T7199] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 158.407778][ T7199] Call Trace: [ 158.407787][ T7199] [ 158.407797][ T7199] dump_stack_lvl+0xe8/0x150 [ 158.407833][ T7199] f2fs_handle_critical_error+0x37c/0x540 [ 158.407872][ T7199] f2fs_write_end_io+0xc1d/0xfd0 [ 158.407924][ T7199] __submit_merged_bio+0x256/0x650 [ 158.407960][ T7199] __submit_merged_write_cond+0x471/0x530 [ 158.407996][ T7199] f2fs_sync_node_pages+0x14bf/0x1680 [ 158.408046][ T7199] ? __pfx_f2fs_sync_node_pages+0x10/0x10 [ 158.408113][ T7199] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.408153][ T7199] f2fs_write_checkpoint+0xe9d/0x2490 [ 158.408225][ T7199] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 158.408310][ T7199] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.408338][ T7199] ? down_write+0x16d/0x200 [ 158.408369][ T7199] ? __pfx_down_write+0x10/0x10 [ 158.408401][ T7199] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.408440][ T7199] f2fs_issue_checkpoint+0x40c/0x690 [ 158.408473][ T7199] ? kasan_save_track+0x3e/0x80 [ 158.408496][ T7199] ? kasan_save_free_info+0x46/0x50 [ 158.408528][ T7199] ? __kasan_slab_free+0x5c/0x80 [ 158.408553][ T7199] ? path_openat+0x18dd/0x3e20 [ 158.408586][ T7199] ? do_filp_open+0x22d/0x490 [ 158.408619][ T7199] ? do_sys_openat2+0x12f/0x220 [ 158.408649][ T7199] ? __pfx_f2fs_issue_checkpoint+0x10/0x10 [ 158.408689][ T7199] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.408717][ T7199] ? __lock_acquire+0x6b5/0x2cf0 [ 158.408798][ T7199] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.408835][ T7199] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.408864][ T7199] ? f2fs_sync_fs+0x1f0/0x3b0 [ 158.408894][ T7199] f2fs_create+0x44b/0x5c0 [ 158.408929][ T7199] ? __pfx_f2fs_create+0x10/0x10 [ 158.408961][ T7199] path_openat+0x18dd/0x3e20 [ 158.409040][ T7199] ? __pfx_path_openat+0x10/0x10 [ 158.409101][ T7199] do_filp_open+0x22d/0x490 [ 158.409141][ T7199] ? __pfx_do_filp_open+0x10/0x10 [ 158.409204][ T7199] ? _raw_spin_unlock+0x28/0x50 [ 158.409241][ T7199] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.409269][ T7199] ? alloc_fd+0x64b/0x6c0 [ 158.409315][ T7199] do_sys_openat2+0x12f/0x220 [ 158.409344][ T7199] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.409372][ T7199] ? __se_sys_futex+0x3a8/0x450 [ 158.409410][ T7199] ? __pfx_do_sys_openat2+0x10/0x10 [ 158.409443][ T7199] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.409474][ T7199] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.409502][ T7199] ? rcu_is_watching+0x15/0xb0 [ 158.409532][ T7199] __x64_sys_openat+0x138/0x170 [ 158.409570][ T7199] do_syscall_64+0xe2/0xf80 [ 158.409596][ T7199] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 158.409619][ T7199] ? trace_irq_disable+0x37/0x100 [ 158.409650][ T7199] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 158.409675][ T7199] RIP: 0033:0x7fc3fcb9aeb9 [ 158.409697][ T7199] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 158.409716][ T7199] RSP: 002b:00007fc3fdaca028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 158.409742][ T7199] RAX: ffffffffffffffda RBX: 00007fc3fce15fa0 RCX: 00007fc3fcb9aeb9 [ 158.409760][ T7199] RDX: 000000000000275a RSI: 00002000000001c0 RDI: ffffffffffffff9c [ 158.409777][ T7199] RBP: 00007fc3fcc08c1f R08: 0000000000000000 R09: 0000000000000000 [ 158.409793][ T7199] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 158.409807][ T7199] R13: 00007fc3fce16038 R14: 00007fc3fce15fa0 R15: 00007ffebae8a868 [ 158.409848][ T7199] [ 158.409858][ T7199] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 159.395994][ T7236] loop4: detected capacity change from 0 to 512 [ 160.317555][ T7236] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 160.369454][ T7236] ext4 filesystem being mounted at /57/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 160.498490][ T7236] EXT4-fs error (device loop4): ext4_do_update_inode:5617: inode #2: comm syz.4.367: corrupted inode contents [ 160.554382][ T7236] EXT4-fs error (device loop4): ext4_dirty_inode:6502: inode #2: comm syz.4.367: mark_inode_dirty error [ 160.606699][ T7236] EXT4-fs error (device loop4): ext4_do_update_inode:5617: inode #2: comm syz.4.367: corrupted inode contents [ 160.706210][ T7236] EXT4-fs error (device loop4): __ext4_ext_dirty:206: inode #2: comm syz.4.367: mark_inode_dirty error [ 160.918743][ T5831] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 161.158059][ T7263] netlink: 8 bytes leftover after parsing attributes in process `syz.6.377'. [ 161.186242][ T7263] netlink: 8 bytes leftover after parsing attributes in process `syz.6.377'. [ 161.370421][ T30] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 161.431567][ T7248] loop3: detected capacity change from 0 to 32768 [ 161.828947][ T7248] XFS (loop3): Mounting V5 Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 161.874053][ T30] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 161.890780][ T30] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 161.903082][ T30] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 161.913499][ T30] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 161.921587][ T30] usb 5-1: SerialNumber: syz [ 162.007383][ T7248] XFS (loop3): Ending clean mount [ 162.077791][ T31] audit: type=1800 audit(1769651481.074:11): pid=7248 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.353" name="file1" dev="loop3" ino=4422 res=0 errno=0 [ 162.157059][ T30] usb 5-1: 0:2 : does not exist [ 162.230071][ T30] usb 5-1: USB disconnect, device number 3 [ 162.392736][ T5853] udevd[5853]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 162.443468][ T7293] netlink: 8 bytes leftover after parsing attributes in process `syz.0.385'. [ 162.458109][ T5833] XFS (loop3): Unmounting Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 162.486131][ T7293] netlink: 8 bytes leftover after parsing attributes in process `syz.0.385'. [ 162.644989][ T7296] netlink: 12 bytes leftover after parsing attributes in process `syz.5.386'. [ 162.654213][ T7296] netlink: 60 bytes leftover after parsing attributes in process `syz.5.386'. [ 162.663462][ T7296] netlink: 12 bytes leftover after parsing attributes in process `syz.5.386'. [ 162.687345][ T7296] netlink: 60 bytes leftover after parsing attributes in process `syz.5.386'. [ 162.697144][ T7296] netlink: 104 bytes leftover after parsing attributes in process `syz.5.386'. [ 163.981491][ T7320] unsupported nlmsg_type 40 [ 164.345173][ T7333] loop0: detected capacity change from 0 to 2048 [ 164.367918][ T7333] UDF-fs: warning (device loop0): udf_load_vrs: No anchor found [ 164.376471][ T7333] UDF-fs: Scanning with blocksize 512 failed [ 164.393851][ T7333] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 164.435721][ T7333] overlayfs: upper fs needs to support d_type. [ 164.447002][ T7333] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 164.454056][ T7333] overlayfs: failed to set xattr on upper [ 164.459763][ T7333] overlayfs: ...falling back to redirect_dir=nofollow. [ 164.466664][ T7333] overlayfs: ...falling back to index=off. [ 164.472515][ T7333] overlayfs: ...falling back to uuid=null. [ 164.511507][ T7305] loop5: detected capacity change from 0 to 32768 [ 164.614998][ T7305] JBD2: Ignoring recovery information on journal [ 164.894902][ T7305] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode. [ 165.133069][ T7305] syz.5.391 (7305) used greatest stack depth: 17088 bytes left [ 165.324276][ T5827] ocfs2: Unmounting device (7,5) on (node local) [ 166.249541][ T7389] loop3: detected capacity change from 0 to 128 [ 166.343643][ T7389] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 166.376712][ T7389] ext4 filesystem being mounted at /72/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 166.430514][ T5951] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 166.585413][ T7389] EXT4-fs error (device loop3): dx_make_map:1296: inode #2: block 20: comm syz.3.420: bad entry in directory: inode out of bounds - offset=988, inode=128, rec_len=36, size=1024 fake=1 [ 166.629224][ T7389] EXT4-fs (loop3): Remounting filesystem read-only [ 166.647497][ T5951] usb 5-1: Using ep0 maxpacket: 8 [ 166.668209][ T5951] usb 5-1: unable to get BOS descriptor or descriptor too short [ 166.697912][ T5951] usb 5-1: config 4 has an invalid interface number: 30 but max is 0 [ 166.707509][ T5951] usb 5-1: config 4 has no interface number 0 [ 166.744334][ T5951] usb 5-1: config 4 interface 30 has no altsetting 0 [ 166.763426][ T5951] usb 5-1: string descriptor 0 read error: -22 [ 166.769846][ T5951] usb 5-1: New USB device found, idVendor=9022, idProduct=d484, bcdDevice=ff.88 [ 166.784650][ T5951] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 166.825518][ T5833] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 166.843144][ T5951] dvb-usb: found a 'TeVii S482 (tuner 2)' in warm state. [ 166.885587][ T5951] dw2102: su3000_power_ctrl: 1, initialized 0 [ 166.908548][ T5951] dvb-usb: bulk message failed: -22 (2/0) [ 166.949876][ T5951] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 166.978286][ T5951] dvbdev: DVB: registering new adapter (TeVii S482 (tuner 2)) [ 167.009081][ T5951] usb 5-1: media controller created [ 167.019935][ T5951] dvb-usb: bulk message failed: -22 (6/0) [ 167.034966][ T5951] dw2102: i2c transfer failed. [ 167.047127][ T7387] comedi comedi3: 8255: I/O port conflict (0x5,4) [ 167.063112][ T5951] dvb-usb: bulk message failed: -22 (6/0) [ 167.085033][ T7387] loop4: detected capacity change from 0 to 256 [ 167.091524][ T5951] dw2102: i2c transfer failed. [ 167.108329][ T5951] dvb-usb: bulk message failed: -22 (6/0) [ 167.125945][ T5951] dw2102: i2c transfer failed. [ 167.158954][ T7387] FAT-fs (loop4): Directory bread(block 64) failed [ 167.167055][ T5951] dvb-usb: bulk message failed: -22 (6/0) [ 167.187296][ T7387] FAT-fs (loop4): Directory bread(block 65) failed [ 167.197291][ T5951] dw2102: i2c transfer failed. [ 167.918645][ T7387] FAT-fs (loop4): Directory bread(block 66) failed [ 167.939057][ T5951] dvb-usb: bulk message failed: -22 (6/0) [ 167.971564][ T7387] FAT-fs (loop4): Directory bread(block 67) failed [ 167.978423][ T5951] dw2102: i2c transfer failed. [ 167.998638][ T5951] dvb-usb: bulk message failed: -22 (6/0) [ 168.018632][ T5951] dw2102: i2c transfer failed. [ 168.028854][ T7387] FAT-fs (loop4): Directory bread(block 68) failed [ 168.066330][ T7387] FAT-fs (loop4): Directory bread(block 69) failed [ 168.075527][ T5951] dvb-usb: MAC address: 02:02:02:02:02:02 [ 168.128668][ T7387] FAT-fs (loop4): Directory bread(block 70) failed [ 168.148125][ T7387] FAT-fs (loop4): Directory bread(block 71) failed [ 168.191192][ T7387] FAT-fs (loop4): Directory bread(block 72) failed [ 168.200731][ T7387] FAT-fs (loop4): Directory bread(block 73) failed [ 168.231629][ T5951] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 168.336253][ T5951] dvb-usb: bulk message failed: -22 (3/0) [ 168.360693][ T5951] dw2102: command 0x0e transfer failed. [ 168.377790][ T5951] dvb-usb: bulk message failed: -22 (3/0) [ 168.422065][ T5951] dw2102: command 0x0e transfer failed. [ 168.492065][ T7409] loop1: detected capacity change from 0 to 128 [ 168.525726][ T7409] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 168.588823][ T7409] ext4 filesystem being mounted at /75/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 168.760438][ T5951] dvb-usb: bulk message failed: -22 (3/0) [ 168.772077][ T5951] dw2102: command 0x0e transfer failed. [ 168.777762][ T5951] dvb-usb: bulk message failed: -22 (3/0) [ 168.791250][ T5951] dw2102: command 0x0e transfer failed. [ 168.797400][ T5951] dvb-usb: bulk message failed: -22 (1/0) [ 168.806214][ T5951] dw2102: command 0x51 transfer failed. [ 168.811065][ T5826] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 168.811852][ T5951] dvb-usb: bulk message failed: -22 (5/0) [ 168.826697][ T5951] dw2102: i2c probe for address 0x68 failed. [ 168.833468][ T5951] dvb-usb: bulk message failed: -22 (5/0) [ 168.841229][ T5951] dw2102: i2c probe for address 0x69 failed. [ 168.847211][ T5951] dvb-usb: bulk message failed: -22 (5/0) [ 168.863129][ T5951] dw2102: i2c probe for address 0x6a failed. [ 168.874757][ T5951] dw2102: probing for demodulator failed. Is the external power switched on? [ 168.874786][ T7387] dvb-usb: bulk message failed: -22 (4/0) [ 168.900531][ T7387] dw2102: i2c transfer failed. [ 168.915894][ T7387] dvb-usb: bulk message failed: -22 (3/0) [ 168.923921][ T5951] dvb-usb: no frontend was attached by 'TeVii S482 (tuner 2)' [ 168.960560][ T7387] dw2102: i2c transfer failed. [ 168.973436][ T7387] dvb-usb: bulk message failed: -22 (4/0) [ 168.997610][ T7387] dw2102: i2c transfer failed. [ 169.120920][ T5951] rc_core: IR keymap rc-tt-1500 not found [ 169.133141][ T5951] Registered IR keymap rc-empty [ 169.194223][ T5951] rc rc0: TeVii S482 (tuner 2) as /devices/platform/dummy_hcd.4/usb5/5-1/rc/rc0 [ 169.242496][ T5951] input: TeVii S482 (tuner 2) as /devices/platform/dummy_hcd.4/usb5/5-1/rc/rc0/input6 [ 169.286918][ T5951] dvb-usb: schedule remote query interval to 250 msecs. [ 169.330455][ T5951] dw2102: su3000_power_ctrl: 0, initialized 1 [ 169.360694][ T5951] dvb-usb: TeVii S482 (tuner 2) successfully initialized and connected. [ 169.406490][ T7418] loop5: detected capacity change from 0 to 2048 [ 169.407143][ T5951] usb 5-1: USB disconnect, device number 4 [ 169.615493][ T7428] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 169.666926][ T5951] dvb-usb: TeVii S482 (tuner 2) successfully deinitialized and disconnected. [ 170.324565][ T7449] netlink: 28 bytes leftover after parsing attributes in process `syz.0.441'. [ 170.574136][ T7460] loop0: detected capacity change from 0 to 8 [ 171.607072][ T5141] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 171.616256][ T5141] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 171.626177][ T5141] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 171.650584][ T5141] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 171.658627][ T5141] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 171.854047][ T7476] bridge0: port 1(bridge_slave_0) entered disabled state [ 171.956682][ T7476] bridge0: port 2(bridge_slave_1) entered disabled state [ 172.278889][ T3529] bridge_slave_1: left allmulticast mode [ 172.313703][ T3529] bridge_slave_1: left promiscuous mode [ 172.350006][ T3529] bridge0: port 2(bridge_slave_1) entered disabled state [ 172.396019][ T3529] bridge_slave_0: left allmulticast mode [ 172.619929][ T3529] bridge_slave_0: left promiscuous mode [ 172.633814][ T3529] bridge0: port 1(bridge_slave_0) entered disabled state [ 173.713698][ T5850] Bluetooth: hci2: command tx timeout [ 174.083155][ T5951] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 174.136109][ T3529] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 174.162102][ T3529] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 174.195551][ T3529] bond0 (unregistering): Released all slaves [ 174.257139][ T7524] cgroup: fork rejected by pids controller in /syz4 [ 174.274634][ T5951] usb 4-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc [ 174.307417][ T5951] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 174.341794][ T5951] usb 4-1: Product: syz [ 174.345986][ T5951] usb 4-1: Manufacturer: syz [ 174.366366][ T3529] tipc: Left network mode [ 174.371479][ T5951] usb 4-1: SerialNumber: syz [ 174.381875][ T5951] usb 4-1: config 0 descriptor?? [ 174.422787][ T5951] i2c-tiny-usb 4-1:0.0: version 6d.cc found at bus 004 address 008 [ 174.807045][ T5951] (null): failure reading functionality [ 174.815971][ T5951] i2c i2c-1: failure reading functionality [ 174.833251][ T5951] i2c i2c-1: connected i2c-tiny-usb device [ 175.094939][ T3529] hsr_slave_0: left promiscuous mode [ 175.104368][ T3529] hsr_slave_1: left promiscuous mode [ 175.112723][ T3529] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 175.143754][ T3529] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 175.199998][ T7588] i2c i2c-1: failure reading functionality [ 175.790700][ T5850] Bluetooth: hci2: command tx timeout [ 175.899421][ T5951] usb 4-1: USB disconnect, device number 8 [ 177.063514][ T3529] team0 (unregistering): Port device team_slave_1 removed [ 177.150768][ T3529] team0 (unregistering): Port device team_slave_0 removed [ 177.668477][ T7616] netlink: 12 bytes leftover after parsing attributes in process `syz.6.479'. [ 177.680476][ T7616] netlink: 60 bytes leftover after parsing attributes in process `syz.6.479'. [ 177.700131][ T7616] netlink: 12 bytes leftover after parsing attributes in process `syz.6.479'. [ 177.725411][ T7616] netlink: 60 bytes leftover after parsing attributes in process `syz.6.479'. [ 177.750421][ T5909] usb 2-1: new full-speed USB device number 5 using dummy_hcd [ 177.761615][ T7616] netlink: 104 bytes leftover after parsing attributes in process `syz.6.479'. [ 177.860518][ T5850] Bluetooth: hci2: command tx timeout [ 177.925526][ T5909] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 177.933060][ T7473] chnl_net:caif_netlink_parms(): no params data found [ 177.956684][ T5909] usb 2-1: New USB device found, idVendor=056a, idProduct=00d7, bcdDevice= 0.00 [ 177.998225][ T5909] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 178.024228][ T5909] usb 2-1: config 0 descriptor?? [ 178.348942][ T7651] tipc: Failed to remove unknown binding: 66,1,1/0:506652956/506652958 [ 178.379381][ T7651] tipc: Failed to remove unknown binding: 66,1,1/0:506652956/506652958 [ 178.390602][ T5909] usbhid 2-1:0.0: can't add hid device: -71 [ 178.398275][ T5909] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 178.414294][ T7473] bridge0: port 1(bridge_slave_0) entered blocking state [ 178.422766][ T7473] bridge0: port 1(bridge_slave_0) entered disabled state [ 178.430116][ T7473] bridge_slave_0: entered allmulticast mode [ 178.441454][ T5909] usb 2-1: USB disconnect, device number 5 [ 178.445753][ T7473] bridge_slave_0: entered promiscuous mode [ 178.447617][ T7651] tipc: Failed to remove unknown binding: 66,1,1/0:506652956/506652958 [ 178.469932][ T7473] bridge0: port 2(bridge_slave_1) entered blocking state [ 178.478447][ T7473] bridge0: port 2(bridge_slave_1) entered disabled state [ 178.493758][ T7473] bridge_slave_1: entered allmulticast mode [ 178.516582][ T7473] bridge_slave_1: entered promiscuous mode [ 178.612135][ T7473] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 178.626472][ T7473] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 178.677951][ T7473] team0: Port device team_slave_0 added [ 178.689437][ T7473] team0: Port device team_slave_1 added [ 178.753811][ T7473] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 178.768386][ T7473] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 178.804045][ T7473] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 178.817515][ T7473] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 178.824788][ T7473] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 178.863674][ T7473] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 179.031833][ T31] audit: type=1800 audit(1769651498.024:12): pid=7648 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.488" name="/" dev="fuse" ino=9 res=0 errno=0 [ 179.123848][ T7473] hsr_slave_0: entered promiscuous mode [ 179.130807][ T7473] hsr_slave_1: entered promiscuous mode [ 179.580980][ T5917] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 179.925177][ T5917] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 179.987030][ T5850] Bluetooth: hci2: command tx timeout [ 180.063195][ T5917] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 180.120625][ T5917] usb 7-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 180.150438][ T6032] IPVS: starting estimator thread 0... [ 180.160545][ T5917] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 180.218375][ T5917] usb 7-1: config 0 descriptor?? [ 180.240733][ T7680] IPVS: using max 31 ests per chain, 74400 per kthread [ 180.388140][ T7473] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 180.444859][ T7473] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 180.484128][ T7473] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 180.523989][ T7473] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 180.678331][ T7691] loop1: detected capacity change from 0 to 4096 [ 180.688632][ T5917] cm6533_jd 0003:0D8C:0022.0002: unknown main item tag 0x0 [ 180.731772][ T5917] cm6533_jd 0003:0D8C:0022.0002: unknown main item tag 0x0 [ 180.752464][ T7691] EXT4-fs (loop1): Test dummy encryption mode enabled [ 180.758600][ T5917] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/0003:0D8C:0022.0002/input/input7 [ 180.837462][ T7691] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 180.887511][ T7671] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 180.901833][ T7671] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 180.976750][ T5917] cm6533_jd 0003:0D8C:0022.0002: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.6-1/input0 [ 180.977290][ T7673] loop3: detected capacity change from 0 to 32768 [ 181.063520][ T7473] 8021q: adding VLAN 0 to HW filter on device bond0 [ 181.100457][ T5917] usb 7-1: USB disconnect, device number 2 [ 181.168344][ T7473] 8021q: adding VLAN 0 to HW filter on device team0 [ 181.190638][ T7673] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 181.209940][ T6116] bridge0: port 1(bridge_slave_0) entered blocking state [ 181.217171][ T6116] bridge0: port 1(bridge_slave_0) entered forwarding state [ 181.324388][ T7707] fido_id[7707]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.6/usb7/7-1/report_descriptor': No such file or directory [ 181.389277][ T60] bridge0: port 2(bridge_slave_1) entered blocking state [ 181.396458][ T60] bridge0: port 2(bridge_slave_1) entered forwarding state [ 181.540895][ T7673] XFS (loop3): Ending clean mount [ 181.564313][ T7673] XFS (loop3): Quotacheck needed: Please wait. [ 181.616793][ T7673] XFS (loop3): Quotacheck: Done. [ 181.699181][ T5826] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 181.896920][ T6123] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 182.047394][ T5833] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 182.074859][ T7473] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 182.295338][ T6123] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 182.599475][ T6123] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 182.821645][ T5141] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 182.830011][ T5141] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 182.842376][ T5141] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 182.860842][ T5141] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 182.882672][ T5141] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 182.942404][ T6123] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 183.038565][ T7750] loop6: detected capacity change from 0 to 64 [ 183.684724][ T7753] loop4: detected capacity change from 0 to 1024 [ 183.794718][ T7473] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 184.142681][ T6123] bridge_slave_1: left allmulticast mode [ 184.148369][ T6123] bridge_slave_1: left promiscuous mode [ 184.154892][ T6123] bridge0: port 2(bridge_slave_1) entered disabled state [ 184.171949][ T5838] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 184.180948][ T6123] bridge_slave_0: left allmulticast mode [ 184.186739][ T6123] bridge_slave_0: left promiscuous mode [ 184.192626][ T6123] bridge0: port 1(bridge_slave_0) entered disabled state [ 184.346368][ T5838] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 184.355948][ T5838] usb 5-1: config 1 has no interface number 0 [ 184.362527][ T5838] usb 5-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 184.373807][ T5838] usb 5-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping [ 184.384185][ T5838] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x3 has an invalid bInterval 236, changing to 11 [ 184.407323][ T5838] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 184.416898][ T5838] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 184.428034][ T5838] usb 5-1: Product: syz [ 184.432528][ T5838] usb 5-1: Manufacturer: syz [ 184.437194][ T5838] usb 5-1: SerialNumber: syz [ 184.646121][ T6123] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 184.682383][ T6123] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 184.695103][ T6123] bond0 (unregistering): Released all slaves [ 184.990537][ T5850] Bluetooth: hci1: command tx timeout [ 185.268747][ T5838] cdc_ncm 5-1:1.1: bind() failure [ 185.333255][ T7743] chnl_net:caif_netlink_parms(): no params data found [ 185.406960][ T7473] veth0_vlan: entered promiscuous mode [ 185.454992][ T6123] hsr_slave_0: left promiscuous mode [ 185.461780][ T6123] hsr_slave_1: left promiscuous mode [ 185.467940][ T6123] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 185.483192][ T6123] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 185.491833][ T6123] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 185.493172][ T5838] usb 5-1: USB disconnect, device number 5 [ 185.510049][ T6123] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 185.554497][ T6123] veth1_macvtap: left promiscuous mode [ 185.564404][ T6123] veth0_macvtap: left promiscuous mode [ 185.570143][ T6123] veth1_vlan: left promiscuous mode [ 185.575772][ T6123] veth0_vlan: left promiscuous mode [ 186.686924][ T7806] loop6: detected capacity change from 0 to 32768 [ 186.771561][ T7806] OCFS2: ERROR (device loop6): int ocfs2_validate_inode_block(struct super_block *, struct buffer_head *): Invalid dinode 73: bits per cluster 32 [ 186.952367][ T7806] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted. [ 186.985409][ T7806] OCFS2: Returning error to the calling process. [ 186.992803][ T7806] (syz.6.521,7806,1):ocfs2_read_locked_inode:599 ERROR: status = -5 [ 187.014649][ T7806] (syz.6.521,7806,1):_ocfs2_get_system_file_inode:144 ERROR: status = -5 [ 187.027944][ T7806] (syz.6.521,7806,1):ocfs2_init_local_system_inodes:496 ERROR: status=-22, sysfile=8, slot=0 [ 187.038563][ T7806] (syz.6.521,7806,1):ocfs2_init_local_system_inodes:505 ERROR: status = -22 [ 187.053315][ T6123] team0 (unregistering): Port device team_slave_1 removed [ 187.067325][ T7806] (syz.6.521,7806,1):ocfs2_mount_volume:1758 ERROR: status = -22 [ 187.072103][ T5850] Bluetooth: hci1: command tx timeout [ 187.095866][ T7806] (syz.6.521,7806,1):ocfs2_fill_super:1177 ERROR: status = -22 [ 187.157596][ T6123] team0 (unregistering): Port device team_slave_0 removed [ 187.199584][ T5141] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 187.209341][ T5141] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 187.225567][ T5141] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 187.240143][ T5141] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 187.254546][ T5141] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 188.111675][ T7473] veth1_vlan: entered promiscuous mode [ 188.133200][ T5917] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 188.302344][ T5917] usb 5-1: Using ep0 maxpacket: 8 [ 188.309803][ T5917] usb 5-1: config 0 has an invalid interface number: 55 but max is 0 [ 188.320708][ T5917] usb 5-1: config 0 has no interface number 0 [ 188.326817][ T5917] usb 5-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 188.388325][ T5917] usb 5-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 188.427828][ T5917] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 188.445656][ T7743] bridge0: port 1(bridge_slave_0) entered blocking state [ 188.469128][ T7743] bridge0: port 1(bridge_slave_0) entered disabled state [ 188.477403][ T5917] usb 5-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 188.497634][ T7743] bridge_slave_0: entered allmulticast mode [ 188.507632][ T5917] usb 5-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 188.519522][ T7743] bridge_slave_0: entered promiscuous mode [ 188.535175][ T7743] bridge0: port 2(bridge_slave_1) entered blocking state [ 188.542636][ T5917] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 188.551107][ T7743] bridge0: port 2(bridge_slave_1) entered disabled state [ 188.562051][ T5917] usb 5-1: config 0 descriptor?? [ 188.570682][ T7743] bridge_slave_1: entered allmulticast mode [ 188.586802][ T7743] bridge_slave_1: entered promiscuous mode [ 188.595521][ T5917] ldusb 5-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 188.698957][ T7743] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 188.713358][ T7743] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 188.829056][ T7743] team0: Port device team_slave_0 added [ 188.865439][ T5951] usb 5-1: USB disconnect, device number 6 [ 188.865444][ C1] ldusb 5-1:0.55: usb_submit_urb failed (-19) [ 188.899083][ T5951] ldusb 5-1:0.55: LD USB Device #0 now disconnected [ 188.902606][ T7743] team0: Port device team_slave_1 added [ 188.917181][ T6123] IPVS: stop unused estimator thread 0... [ 188.924190][ T7824] ldusb: No device or device unplugged -19 [ 188.963182][ T7473] veth0_macvtap: entered promiscuous mode [ 189.141256][ T5850] Bluetooth: hci1: command tx timeout [ 189.219888][ T7743] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 189.229262][ T7743] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 189.256262][ T7743] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 189.300680][ T5850] Bluetooth: hci6: command tx timeout [ 189.332437][ T7743] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 189.350575][ T7743] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 189.376953][ T7743] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 189.424964][ T7473] veth1_macvtap: entered promiscuous mode [ 189.532418][ T7743] hsr_slave_0: entered promiscuous mode [ 189.539137][ T7743] hsr_slave_1: entered promiscuous mode [ 189.602445][ T7743] debugfs: 'hsr0' already exists in 'hsr' [ 189.640417][ T7743] Cannot create hsr debugfs directory [ 189.653818][ T7473] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 189.685906][ T7473] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 189.836931][ T3529] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 189.955797][ T3529] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 189.974828][ T3529] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 190.132657][ T3529] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 190.513988][ T7814] chnl_net:caif_netlink_parms(): no params data found [ 190.635881][ T3529] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 190.658170][ T3529] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 190.943047][ T6123] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 190.970545][ T6123] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 191.017187][ T7814] bridge0: port 1(bridge_slave_0) entered blocking state [ 191.035264][ T7814] bridge0: port 1(bridge_slave_0) entered disabled state [ 191.049257][ T7814] bridge_slave_0: entered allmulticast mode [ 191.057678][ T7814] bridge_slave_0: entered promiscuous mode [ 191.070837][ T7814] bridge0: port 2(bridge_slave_1) entered blocking state [ 191.100735][ T7814] bridge0: port 2(bridge_slave_1) entered disabled state [ 191.112854][ T7814] bridge_slave_1: entered allmulticast mode [ 191.121547][ T7814] bridge_slave_1: entered promiscuous mode [ 191.203940][ T7814] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 191.221036][ T5850] Bluetooth: hci1: command tx timeout [ 191.354764][ T7814] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 191.380487][ T5850] Bluetooth: hci6: command tx timeout [ 191.390034][ T7743] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 191.516373][ T7890] 9pnet: p9_errstr2errno: server reported unknown error 000000000 [ 191.557755][ T7814] team0: Port device team_slave_0 added [ 191.575529][ T7743] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 191.617491][ T7814] team0: Port device team_slave_1 added [ 191.649612][ T7743] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 191.672780][ T7743] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 191.771677][ T7814] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 191.780648][ T7814] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 191.806884][ T7814] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 191.838327][ T7814] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 191.845405][ T7814] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 191.877656][ T7814] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 192.063982][ T7910] loop6: detected capacity change from 0 to 128 [ 192.157364][ T7814] hsr_slave_0: entered promiscuous mode [ 192.203019][ T7814] hsr_slave_1: entered promiscuous mode [ 192.220871][ T7814] debugfs: 'hsr0' already exists in 'hsr' [ 192.228947][ T7814] Cannot create hsr debugfs directory [ 192.571327][ T7927] Failed to enqueue queue_pair DETACH event datagram for context (ID=0x0) [ 193.459491][ T7743] 8021q: adding VLAN 0 to HW filter on device bond0 [ 193.460460][ T5850] Bluetooth: hci6: command tx timeout [ 193.497341][ T7941] loop6: detected capacity change from 0 to 2048 [ 193.545612][ T1294] ieee802154 phy0 wpan0: encryption failed: -22 [ 193.554119][ T1294] ieee802154 phy1 wpan1: encryption failed: -22 [ 193.595523][ T7941] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 193.646811][ T7743] 8021q: adding VLAN 0 to HW filter on device team0 [ 193.719246][ T60] bridge0: port 1(bridge_slave_0) entered blocking state [ 193.726426][ T60] bridge0: port 1(bridge_slave_0) entered forwarding state [ 193.816178][ T6123] bridge0: port 2(bridge_slave_1) entered blocking state [ 193.823385][ T6123] bridge0: port 2(bridge_slave_1) entered forwarding state [ 193.867596][ T7814] netdevsim netdevsim9 netdevsim0: renamed from eth0 [ 193.898216][ T7814] netdevsim netdevsim9 netdevsim1: renamed from eth1 [ 193.923925][ T7814] netdevsim netdevsim9 netdevsim2: renamed from eth2 [ 193.968793][ T7814] netdevsim netdevsim9 netdevsim3: renamed from eth3 [ 194.184785][ T7955] netlink: 52 bytes leftover after parsing attributes in process `syz.7.552'. [ 194.497524][ T7814] 8021q: adding VLAN 0 to HW filter on device bond0 [ 194.643183][ T7814] 8021q: adding VLAN 0 to HW filter on device team0 [ 194.702569][ T3471] bridge0: port 1(bridge_slave_0) entered blocking state [ 194.709729][ T3471] bridge0: port 1(bridge_slave_0) entered forwarding state [ 194.929306][ T3471] bridge0: port 2(bridge_slave_1) entered blocking state [ 194.936492][ T3471] bridge0: port 2(bridge_slave_1) entered forwarding state [ 195.078170][ T6116] Bluetooth: hci7: Frame reassembly failed (-84) [ 195.106896][ T7743] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 195.233958][ T7814] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 195.547564][ T5141] Bluetooth: hci6: command tx timeout [ 196.035933][ T7743] veth0_vlan: entered promiscuous mode [ 196.153519][ T7814] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 196.190546][ T7743] veth1_vlan: entered promiscuous mode [ 196.394980][ T7743] veth0_macvtap: entered promiscuous mode [ 196.439349][ T7743] veth1_macvtap: entered promiscuous mode [ 196.514904][ T7743] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 196.536400][ T7743] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 196.679708][ T6116] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 196.733411][ T6116] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 196.761610][ T6116] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 196.798133][ T6116] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 197.150725][ T5850] Bluetooth: hci7: Opcode 0x1003 failed: -110 [ 197.151932][ T5141] Bluetooth: hci7: command 0x1003 tx timeout [ 197.343137][ T3459] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 197.357072][ T3459] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 197.545171][ T3453] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 197.591587][ T3453] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 197.752003][ T7814] veth0_vlan: entered promiscuous mode [ 197.793021][ T7814] veth1_vlan: entered promiscuous mode [ 197.967351][ T7814] veth0_macvtap: entered promiscuous mode [ 197.981905][ T7814] veth1_macvtap: entered promiscuous mode [ 198.064055][ T7814] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 198.107262][ T7814] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 198.208051][ T6105] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 198.296609][ T6105] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 198.379184][ T6105] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 198.413752][ T6105] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 198.715278][ T3453] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 198.745446][ T8055] netlink: 12 bytes leftover after parsing attributes in process `syz.7.571'. [ 198.750455][ T3453] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 198.866804][ T8055] netlink: 12 bytes leftover after parsing attributes in process `syz.7.571'. [ 198.973981][ T6105] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 199.005497][ T6105] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 199.826166][ T8083] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 199.833640][ T8083] IPv6: NLM_F_CREATE should be set when creating new route [ 199.908923][ T8085] loop8: detected capacity change from 0 to 16 [ 199.939461][ T8085] erofs (device loop8): mounted with root inode @ nid 36. [ 200.139632][ T8083] bridge0: port 2(bridge_slave_1) entered disabled state [ 200.147359][ T8083] bridge0: port 1(bridge_slave_0) entered disabled state [ 200.728924][ T8083] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 200.770473][ T8083] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 201.109397][ T60] netdevsim netdevsim7 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 201.128286][ T60] netdevsim netdevsim7 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 201.160536][ T60] netdevsim netdevsim7 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 201.188732][ T60] netdevsim netdevsim7 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 202.396325][ T60] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 202.500395][ T31] audit: type=1800 audit(1769651521.414:13): pid=8121 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.9.585" name="blkio.bfq.io_service_bytes_recursive" dev="fuse" ino=5 res=0 errno=0 [ 203.045853][ T60] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 203.382824][ T8145] loop6: detected capacity change from 0 to 2048 [ 203.462355][ T8145] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 203.469468][ T8143] loop9: detected capacity change from 0 to 4096 [ 203.571085][ T8143] EXT4-fs (loop9): Test dummy encryption mode enabled [ 203.634831][ T8143] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003] [ 203.653015][ T8143] System zones: 0-5 [ 203.675764][ T3453] EXT4-fs error (device loop6): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4128793 free clusters [ 203.725713][ T8143] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 203.741134][ T5141] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 203.769264][ T5141] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 203.769373][ T3453] EXT4-fs (loop6): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 3 with error 28 [ 203.793848][ T5141] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 203.831025][ T5141] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 203.848818][ T3453] EXT4-fs (loop6): This should not happen!! Data will be lost [ 203.848818][ T3453] [ 203.849160][ T5141] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 203.876755][ T31] audit: type=1800 audit(1769651522.874:14): pid=8143 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.9.594" name="file0" dev="loop9" ino=13 res=0 errno=0 [ 203.906739][ T3453] EXT4-fs (loop6): Total free blocks count 0 [ 203.930985][ T3453] EXT4-fs (loop6): Free/Dirty block details [ 203.936948][ T3453] EXT4-fs (loop6): free_blocks=66060288 [ 203.960792][ T3453] EXT4-fs (loop6): dirty_blocks=16 [ 203.993079][ T7814] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 204.002179][ T3453] EXT4-fs (loop6): Block reservation details [ 204.008159][ T3453] EXT4-fs (loop6): i_reserved_data_blocks=1 [ 204.029854][ T6059] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 204.176467][ T8153] loop3: detected capacity change from 0 to 4096 [ 204.264885][ T8157] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 204.653663][ T8162] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 205.940434][ T5141] Bluetooth: hci1: command tx timeout [ 206.201564][ T5850] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 206.222578][ T5850] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 206.235208][ T5850] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 206.253036][ T5850] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 206.269071][ T5850] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 206.442998][ T8186] loop9: detected capacity change from 0 to 32768 [ 206.511407][ T8186] XFS (loop9): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 206.779657][ T8186] XFS (loop9): Ending clean mount [ 206.880851][ T8186] XFS (loop9): Quotacheck needed: Please wait. [ 206.944488][ T8186] XFS (loop9): Quotacheck: Done. [ 207.096534][ T7814] XFS (loop9): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 207.185561][ T8216] loop3: detected capacity change from 0 to 128 [ 207.252067][ T8214] loop6: detected capacity change from 0 to 32768 [ 207.293526][ T31] audit: type=1800 audit(1769651526.274:15): pid=8214 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.619" name="file1" dev="loop6" ino=7 res=0 errno=0 [ 207.350008][ T8216] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 207.450893][ T8216] hpfs: filesystem error: improperly stopped [ 207.456931][ T8216] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 207.544343][ T8216] hpfs: You really don't want any checks? You are crazy... [ 207.594701][ T8216] hpfs: hpfs_map_sector(): read error [ 207.600116][ T8216] hpfs: code page support is disabled [ 207.672513][ T8216] hpfs: hpfs_map_4sectors(): unaligned read [ 207.693036][ T8214] ERROR: (device loop6): dbAdjCtl: the maximum free buddy is not the old root [ 207.693036][ T8214] [ 207.709755][ T8214] ERROR: (device loop6): remounting filesystem as read-only [ 207.730933][ T8216] hpfs: hpfs_map_4sectors(): unaligned read [ 207.739788][ T8216] hpfs: filesystem error: unable to find root dir [ 207.788839][ T8216] hpfs: hpfs_map_4sectors(): unaligned read [ 207.796586][ T8216] hpfs: hpfs_map_sector(): read error [ 207.803405][ T8216] hpfs: hpfs_map_4sectors(): unaligned read [ 207.809489][ T8216] hpfs: hpfs_map_sector(): read error [ 207.816816][ T8216] hpfs: hpfs_map_4sectors(): unaligned read [ 207.823146][ T8216] hpfs: hpfs_map_sector(): read error [ 207.829962][ T8216] hpfs: hpfs_map_4sectors(): unaligned read [ 207.836527][ T8216] hpfs: hpfs_map_sector(): read error [ 208.020484][ T5141] Bluetooth: hci1: command tx timeout [ 208.342270][ T5141] Bluetooth: hci7: command tx timeout [ 208.537472][ T8234] netlink: 'syz.6.627': attribute type 1 has an invalid length. [ 208.753275][ T60] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 208.964521][ T8234] 8021q: adding VLAN 0 to HW filter on device bond1 [ 209.114812][ T8235] bond1: (slave veth3): Enslaving as an active interface with a down link [ 209.312049][ T60] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 209.402344][ T8244] syz_tun: entered allmulticast mode [ 210.109992][ T5829] Bluetooth: hci1: command tx timeout [ 210.430451][ T5829] Bluetooth: hci7: command tx timeout [ 210.504726][ T60] bridge_slave_1: left allmulticast mode [ 210.528032][ T60] bridge_slave_1: left promiscuous mode [ 210.553018][ T60] bridge0: port 2(bridge_slave_1) entered disabled state [ 210.617682][ T60] bridge_slave_0: left allmulticast mode [ 210.631815][ T60] bridge_slave_0: left promiscuous mode [ 210.637662][ T60] bridge0: port 1(bridge_slave_0) entered disabled state [ 211.014055][ T5829] Bluetooth: hci0: command 0x0406 tx timeout [ 211.018029][ T52] Bluetooth: hci5: command 0x0406 tx timeout [ 212.190660][ T5141] Bluetooth: hci1: command tx timeout [ 212.504420][ T5141] Bluetooth: hci7: command tx timeout [ 212.560185][ T8301] overlayfs: failed to clone upperpath [ 212.807631][ T8311] fuse: Bad value for 'fd' [ 212.857563][ T8311] xt_hashlimit: max too large, truncated to 1048576 [ 213.020293][ T60] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 213.072598][ T60] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 213.112113][ T60] bond0 (unregistering): Released all slaves [ 213.243380][ T8316] loop6: detected capacity change from 0 to 64 [ 213.327498][ T8316] hfs: unable to locate alternate MDB [ 213.351939][ T8316] hfs: continuing without an alternate MDB [ 213.416771][ T8316] hfs: get root inode failed [ 214.395033][ T8198] chnl_net:caif_netlink_parms(): no params data found [ 214.580468][ T5141] Bluetooth: hci7: command tx timeout [ 214.626693][ T60] hsr_slave_0: left promiscuous mode [ 214.664801][ T60] hsr_slave_1: left promiscuous mode [ 214.690145][ T60] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 214.738426][ T60] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 214.801261][ T60] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 214.808681][ T60] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 214.983693][ T60] veth1_macvtap: left promiscuous mode [ 215.004024][ T60] veth0_macvtap: left promiscuous mode [ 215.030646][ T60] veth1_vlan: left promiscuous mode [ 215.095725][ T60] veth0_vlan: left promiscuous mode [ 216.965735][ T60] team0 (unregistering): Port device team_slave_1 removed [ 217.007458][ T60] team0 (unregistering): Port device team_slave_0 removed [ 217.518918][ T8415] fuse: Bad value for 'fd' [ 217.573329][ T8413] loop9: detected capacity change from 0 to 4096 [ 217.612337][ T8413] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 217.701329][ T8413] Quota error (device loop9): find_block_dqentry: Quota for id 0 referenced but not present [ 217.715616][ T8413] Quota error (device loop9): qtree_read_dquot: Can't read quota structure for id 0 [ 217.727385][ T8413] EXT4-fs error (device loop9): ext4_acquire_dquot:6986: comm syz.9.675: Failed to acquire dquot type 1 [ 217.748948][ T8413] EXT4-fs warning (device loop9): ext4_enable_quotas:7221: Failed to enable quota tracking (type=1, err=-5, ino=4). Please run e2fsck to fix. [ 217.975007][ T7814] EXT4-fs error (device loop9): ext4_lookup:1785: inode #14: comm syz-executor: invalid fast symlink length 131109 [ 218.002393][ T8150] chnl_net:caif_netlink_parms(): no params data found [ 218.041500][ T7814] EXT4-fs error (device loop9): ext4_lookup:1785: inode #14: comm syz-executor: invalid fast symlink length 131109 [ 218.575904][ T7814] syz_tun (unregistering): left allmulticast mode [ 218.727178][ T8198] bridge0: port 1(bridge_slave_0) entered blocking state [ 218.747489][ T8198] bridge0: port 1(bridge_slave_0) entered disabled state [ 218.772681][ T8198] bridge_slave_0: entered allmulticast mode [ 218.800461][ T8198] bridge_slave_0: entered promiscuous mode [ 218.892378][ T8198] bridge0: port 2(bridge_slave_1) entered blocking state [ 218.927129][ T8198] bridge0: port 2(bridge_slave_1) entered disabled state [ 218.946139][ T8198] bridge_slave_1: entered allmulticast mode [ 218.963442][ T8198] bridge_slave_1: entered promiscuous mode [ 219.010431][ T8150] bridge0: port 1(bridge_slave_0) entered blocking state [ 219.028045][ T8150] bridge0: port 1(bridge_slave_0) entered disabled state [ 219.035890][ T8150] bridge_slave_0: entered allmulticast mode [ 219.045072][ T8150] bridge_slave_0: entered promiscuous mode [ 219.088403][ T8150] bridge0: port 2(bridge_slave_1) entered blocking state [ 219.112145][ T8150] bridge0: port 2(bridge_slave_1) entered disabled state [ 219.135416][ T8150] bridge_slave_1: entered allmulticast mode [ 219.174232][ T8150] bridge_slave_1: entered promiscuous mode [ 219.189368][ T8198] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 219.406911][ T8198] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 219.524947][ T5850] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 219.536907][ T5850] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 219.545438][ T5850] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 219.553502][ T5850] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 219.561759][ T5850] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 219.660284][ T60] netdevsim netdevsim9 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 220.049270][ T8150] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 220.177029][ T8474] netlink: 8 bytes leftover after parsing attributes in process `syz.3.691'. [ 220.199613][ T8474] netlink: 8 bytes leftover after parsing attributes in process `syz.3.691'. [ 220.214275][ T8150] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 220.392259][ T60] netdevsim netdevsim9 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 220.475318][ T8198] team0: Port device team_slave_0 added [ 220.526125][ T8198] team0: Port device team_slave_1 added [ 220.632542][ T8150] team0: Port device team_slave_0 added [ 220.658129][ T8150] team0: Port device team_slave_1 added [ 220.777676][ T60] netdevsim netdevsim9 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 220.869541][ T8198] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 220.895748][ T8198] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 220.962806][ T8198] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 220.992673][ T8198] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 221.015359][ T8198] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 221.053488][ T8198] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 221.202289][ T60] netdevsim netdevsim9 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 221.284351][ T8150] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 221.305014][ T8150] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 221.351522][ T8150] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 221.476565][ T8150] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 221.486538][ T8150] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 221.536831][ T8150] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 221.621157][ T5850] Bluetooth: hci4: command tx timeout [ 221.656405][ T8198] hsr_slave_0: entered promiscuous mode [ 221.674553][ T8198] hsr_slave_1: entered promiscuous mode [ 221.720135][ T8198] debugfs: 'hsr0' already exists in 'hsr' [ 221.748645][ T8198] Cannot create hsr debugfs directory [ 221.887121][ T31] audit: type=1326 audit(1769651540.884:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8505 comm="syz.3.703" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f451659aeb9 code=0x0 [ 221.988941][ T8150] hsr_slave_0: entered promiscuous mode [ 222.009044][ T8150] hsr_slave_1: entered promiscuous mode [ 222.028921][ T8150] debugfs: 'hsr0' already exists in 'hsr' [ 222.038168][ T8150] Cannot create hsr debugfs directory [ 222.409580][ T60] bridge_slave_1: left allmulticast mode [ 222.429482][ T60] bridge_slave_1: left promiscuous mode [ 222.436194][ T60] bridge0: port 2(bridge_slave_1) entered disabled state [ 222.447587][ T60] bridge_slave_0: left allmulticast mode [ 222.453856][ T60] bridge_slave_0: left promiscuous mode [ 222.459803][ T60] bridge0: port 1(bridge_slave_0) entered disabled state [ 222.785172][ T60] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 222.800248][ T60] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 222.826064][ T60] bond0 (unregistering): Released all slaves [ 223.555083][ T8538] loop6: detected capacity change from 0 to 1024 [ 223.652368][ T8538] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 223.701971][ T5850] Bluetooth: hci4: command tx timeout [ 223.722212][ T31] audit: type=1800 audit(1769651542.724:17): pid=8538 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.712" name="bus" dev="loop6" ino=18 res=0 errno=0 [ 223.742366][ T8538] EXT4-fs error (device loop6): ext4_mb_mark_diskspace_used:4215: comm syz.6.712: Allocating blocks 385-513 which overlap fs metadata [ 223.775873][ T8538] Trying to write to read-only block-device loop6 [ 223.795419][ T8538] EXT4-fs (loop6): pa ffff8880315de000: logic 16, phys. 129, len 24 [ 223.804148][ T8538] EXT4-fs error (device loop6): ext4_mb_release_inode_pa:5466: group 0, free 0, pa_free 8 [ 223.833006][ T8538] EXT4-fs (loop6): Delayed block allocation failed for inode 15 at logical offset 16 with max blocks 52 with error 1 [ 223.855031][ T8538] EXT4-fs (loop6): This should not happen!! Data will be lost [ 223.855031][ T8538] [ 223.979952][ T6059] EXT4-fs error (device loop6): ext4_lookup:1785: inode #16: comm syz-executor: iget: bad extended attribute block 8 [ 224.003759][ T6059] EXT4-fs error (device loop6): ext4_lookup:1785: inode #16: comm syz-executor: iget: bad extended attribute block 8 [ 224.273781][ T8466] chnl_net:caif_netlink_parms(): no params data found [ 224.444426][ T60] hsr_slave_0: left promiscuous mode [ 224.458389][ T60] hsr_slave_1: left promiscuous mode [ 224.468095][ T60] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 224.485070][ T60] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 224.503226][ T60] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 224.510840][ T60] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 224.578291][ T60] veth1_macvtap: left promiscuous mode [ 224.592197][ T60] veth0_macvtap: left promiscuous mode [ 224.606497][ T60] veth1_vlan: left promiscuous mode [ 224.615687][ T60] veth0_vlan: left promiscuous mode [ 225.666506][ T8576] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 225.689012][ T8576] overlayfs: failed to set xattr on upper [ 225.694953][ T8576] overlayfs: ...falling back to redirect_dir=nofollow. [ 225.704262][ T8576] overlayfs: ...falling back to index=off. [ 225.710215][ T8576] overlayfs: ...falling back to uuid=null. [ 225.780451][ T5850] Bluetooth: hci4: command tx timeout [ 225.912895][ T60] team0 (unregistering): Port device team_slave_1 removed [ 225.960095][ T60] team0 (unregistering): Port device team_slave_0 removed [ 227.088645][ T6059] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 227.880356][ T5850] Bluetooth: hci4: command tx timeout [ 227.976734][ T5141] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 227.985848][ T5141] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 227.993653][ T5141] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 228.001739][ T5141] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 228.009397][ T5141] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 228.031143][ T8466] bridge0: port 1(bridge_slave_0) entered blocking state [ 228.038269][ T8466] bridge0: port 1(bridge_slave_0) entered disabled state [ 228.064229][ T8466] bridge_slave_0: entered allmulticast mode [ 228.078564][ T8466] bridge_slave_0: entered promiscuous mode [ 228.095332][ T8466] bridge0: port 2(bridge_slave_1) entered blocking state [ 228.108415][ T8466] bridge0: port 2(bridge_slave_1) entered disabled state [ 228.115738][ T8466] bridge_slave_1: entered allmulticast mode [ 228.123575][ T8466] bridge_slave_1: entered promiscuous mode [ 228.225688][ T8466] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 228.268507][ T8466] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 228.329559][ T60] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 228.568164][ T60] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 228.627056][ T8466] team0: Port device team_slave_0 added [ 228.788629][ T8466] team0: Port device team_slave_1 added [ 228.899750][ T60] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 229.027457][ T8150] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 229.062520][ T8150] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 229.075714][ T8150] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 229.111706][ T60] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 229.152025][ T8466] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 229.166924][ T8466] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 229.221324][ T8466] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 229.245102][ T8150] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 229.303238][ T8466] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 229.320368][ T8466] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 229.404455][ T8466] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 229.963434][ T8466] hsr_slave_0: entered promiscuous mode [ 229.991506][ T8466] hsr_slave_1: entered promiscuous mode [ 229.997812][ T8466] debugfs: 'hsr0' already exists in 'hsr' [ 230.043517][ T8466] Cannot create hsr debugfs directory [ 230.110429][ T5141] Bluetooth: hci3: command tx timeout [ 230.303834][ T8198] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 230.449038][ T8198] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 230.547816][ T8198] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 230.609376][ T8198] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 230.725702][ T60] bridge_slave_1: left allmulticast mode [ 230.740343][ T60] bridge_slave_1: left promiscuous mode [ 230.763237][ T60] bridge0: port 2(bridge_slave_1) entered disabled state [ 230.822889][ T60] bridge_slave_0: left allmulticast mode [ 230.828568][ T60] bridge_slave_0: left promiscuous mode [ 230.850701][ T60] bridge0: port 1(bridge_slave_0) entered disabled state [ 231.075442][ T5942] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 231.240764][ T5942] usb 8-1: Using ep0 maxpacket: 16 [ 231.254729][ T5942] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 231.286198][ T5942] usb 8-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 231.295866][ T5942] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 231.305896][ T5942] usb 8-1: Product: syz [ 231.310063][ T5942] usb 8-1: Manufacturer: syz [ 231.315767][ T5942] usb 8-1: SerialNumber: syz [ 231.331223][ T5942] usb 8-1: config 0 descriptor?? [ 231.347532][ T5942] em28xx 8-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 231.359779][ T5942] em28xx 8-1:0.0: DVB interface 0 found: bulk [ 231.366511][ T60] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 231.381968][ T60] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 231.395857][ T60] bond0 (unregistering): Released all slaves [ 231.487835][ T60] bond1 (unregistering): (slave veth3): Releasing active interface [ 231.498531][ T60] bond1 (unregistering): Released all slaves [ 231.650666][ T8603] chnl_net:caif_netlink_parms(): no params data found [ 231.814251][ T8699] tipc: Enabling of bearer rejected, failed to enable media [ 231.956026][ T5942] em28xx 8-1:0.0: unknown em28xx chip ID (0) [ 232.051540][ T8704] overlayfs: failed to clone upperpath [ 232.180840][ T5141] Bluetooth: hci3: command tx timeout [ 232.207244][ T60] hsr_slave_0: left promiscuous mode [ 232.217421][ T60] hsr_slave_1: left promiscuous mode [ 232.227476][ T60] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 232.235484][ T60] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 232.272129][ T60] veth1_macvtap: left promiscuous mode [ 232.277686][ T60] veth0_macvtap: left promiscuous mode [ 232.284620][ T60] veth1_vlan: left promiscuous mode [ 232.289957][ T60] veth0_vlan: left promiscuous mode [ 232.818348][ T5942] em28xx 8-1:0.0: writing to i2c device at 0xa0 failed (error=-5) [ 232.836043][ T5942] em28xx 8-1:0.0: failed to read eeprom (err=-5) [ 232.860435][ T5942] em28xx 8-1:0.0: em28xx_i2c_register: em28xx_i2_eeprom failed! retval [-5] [ 232.940399][ T5942] em28xx 8-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 232.966125][ T5942] em28xx 8-1:0.0: dvb set to bulk mode. [ 232.986385][ T5916] em28xx 8-1:0.0: Binding DVB extension [ 233.021271][ T5942] usb 8-1: USB disconnect, device number 2 [ 233.028433][ T5942] em28xx 8-1:0.0: Disconnecting em28xx [ 233.094427][ T5916] em28xx 8-1:0.0: Registering input extension [ 233.103314][ T5942] em28xx 8-1:0.0: Closing input extension [ 233.140972][ T5942] em28xx 8-1:0.0: Freeing device [ 233.271163][ T60] team0 (unregistering): Port device team_slave_1 removed [ 233.305510][ T60] team0 (unregistering): Port device team_slave_0 removed [ 233.668367][ T8728] ALSA: mixer_oss: invalid OSS volume '' [ 234.255279][ T8150] 8021q: adding VLAN 0 to HW filter on device bond0 [ 234.271239][ T5141] Bluetooth: hci3: command tx timeout [ 234.302960][ T8603] bridge0: port 1(bridge_slave_0) entered blocking state [ 234.317282][ T8603] bridge0: port 1(bridge_slave_0) entered disabled state [ 234.332402][ T8603] bridge_slave_0: entered allmulticast mode [ 234.353425][ T8603] bridge_slave_0: entered promiscuous mode [ 234.445807][ T8603] bridge0: port 2(bridge_slave_1) entered blocking state [ 234.458694][ T8603] bridge0: port 2(bridge_slave_1) entered disabled state [ 234.474439][ T8603] bridge_slave_1: entered allmulticast mode [ 234.507244][ T8603] bridge_slave_1: entered promiscuous mode [ 234.627686][ T8603] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 234.676114][ T8603] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 234.768823][ T8603] team0: Port device team_slave_0 added [ 234.777169][ T8150] 8021q: adding VLAN 0 to HW filter on device team0 [ 234.837438][ T8735] bond1: entered promiscuous mode [ 234.880770][ T8603] team0: Port device team_slave_1 added [ 234.911307][ T6123] bridge0: port 1(bridge_slave_0) entered blocking state [ 234.918457][ T6123] bridge0: port 1(bridge_slave_0) entered forwarding state [ 234.941595][ T8737] macvlan2: entered promiscuous mode [ 234.947558][ T8737] macvlan2: entered allmulticast mode [ 234.958695][ T8737] bond1: (slave macvlan2): Opening slave failed [ 235.017128][ T6123] bridge0: port 2(bridge_slave_1) entered blocking state [ 235.024327][ T6123] bridge0: port 2(bridge_slave_1) entered forwarding state [ 235.162914][ T8198] 8021q: adding VLAN 0 to HW filter on device bond0 [ 235.178403][ T8603] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 235.192326][ T8603] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 235.220021][ T8603] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 235.232848][ T8603] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 235.239791][ T8603] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 235.266047][ T8603] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 235.356309][ T8198] 8021q: adding VLAN 0 to HW filter on device team0 [ 235.406604][ T8466] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 235.425149][ T8466] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 235.444360][ T6123] bridge0: port 1(bridge_slave_0) entered blocking state [ 235.451535][ T6123] bridge0: port 1(bridge_slave_0) entered forwarding state [ 235.482295][ T8466] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 235.497743][ T8466] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 235.513632][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 235.520792][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 235.548667][ T8603] hsr_slave_0: entered promiscuous mode [ 235.556330][ T8603] hsr_slave_1: entered promiscuous mode [ 235.563179][ T8603] debugfs: 'hsr0' already exists in 'hsr' [ 235.568980][ T8603] Cannot create hsr debugfs directory [ 236.217911][ T8603] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 236.295396][ T8466] 8021q: adding VLAN 0 to HW filter on device bond0 [ 236.342612][ T5141] Bluetooth: hci3: command tx timeout [ 236.357655][ T31] audit: type=1326 audit(1769651555.354:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8762 comm="syz.7.753" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f872db9aeb9 code=0x0 [ 236.394003][ T8603] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 236.494822][ T8150] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 236.528701][ T8603] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 236.575250][ T8466] 8021q: adding VLAN 0 to HW filter on device team0 [ 236.662613][ T8603] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 236.689710][ T8198] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 236.744294][ T60] bridge0: port 1(bridge_slave_0) entered blocking state [ 236.751538][ T60] bridge0: port 1(bridge_slave_0) entered forwarding state [ 236.806758][ T60] bridge0: port 2(bridge_slave_1) entered blocking state [ 236.813958][ T60] bridge0: port 2(bridge_slave_1) entered forwarding state [ 236.912611][ T8150] veth0_vlan: entered promiscuous mode [ 236.972789][ T8150] veth1_vlan: entered promiscuous mode [ 237.127718][ T8150] veth0_macvtap: entered promiscuous mode [ 237.207250][ T8150] veth1_macvtap: entered promiscuous mode [ 237.234751][ T8603] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 237.298743][ T8603] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 237.369746][ T8603] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 237.423729][ T8603] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 237.465948][ T8150] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 237.564316][ T8150] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 237.675745][ T6123] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 237.686300][ T6123] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 237.714705][ T6123] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 237.725786][ T6123] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 237.773319][ T8198] veth0_vlan: entered promiscuous mode [ 237.802905][ T8466] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 237.829541][ T8198] veth1_vlan: entered promiscuous mode [ 237.905532][ T6123] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 237.931607][ T6123] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 237.977911][ T8198] veth0_macvtap: entered promiscuous mode [ 238.003488][ T8603] 8021q: adding VLAN 0 to HW filter on device bond0 [ 238.011609][ T3453] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 238.019509][ T3453] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 238.029694][ T8603] 8021q: adding VLAN 0 to HW filter on device team0 [ 238.044951][ T8198] veth1_macvtap: entered promiscuous mode [ 238.063166][ T8466] veth0_vlan: entered promiscuous mode [ 238.084599][ T3453] bridge0: port 1(bridge_slave_0) entered blocking state [ 238.091735][ T3453] bridge0: port 1(bridge_slave_0) entered forwarding state [ 238.116214][ T8198] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 238.131675][ T3453] bridge0: port 2(bridge_slave_1) entered blocking state [ 238.138775][ T3453] bridge0: port 2(bridge_slave_1) entered forwarding state [ 238.217542][ T8198] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 238.232187][ T8466] veth1_vlan: entered promiscuous mode [ 238.291347][ T3459] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 238.318853][ T3459] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 238.360888][ T3459] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 238.410414][ T975] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 238.440562][ T8466] veth0_macvtap: entered promiscuous mode [ 238.450149][ T3459] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 238.489840][ T8466] veth1_macvtap: entered promiscuous mode [ 238.568398][ T60] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 238.592078][ T975] usb 3-1: Using ep0 maxpacket: 32 [ 238.597401][ T60] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 238.603402][ T975] usb 3-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb [ 238.618031][ T8466] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 238.630459][ T975] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 238.638444][ T975] usb 3-1: Product: syz [ 238.653899][ T975] usb 3-1: Manufacturer: syz [ 238.658499][ T975] usb 3-1: SerialNumber: syz [ 238.664818][ T8466] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 238.683742][ T975] usb 3-1: config 0 descriptor?? [ 238.708888][ T6105] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 238.709392][ T3459] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 238.717128][ T6105] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 238.730988][ T3459] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 238.735444][ T975] gspca_main: ov534_9-2.14.0 probing 05a9:1550 [ 238.804899][ T3459] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 238.850226][ T3459] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 239.046604][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 239.062621][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 239.164690][ T3459] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 239.174638][ T3459] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 239.201643][ T8603] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 239.375421][ T8603] veth0_vlan: entered promiscuous mode [ 239.438052][ T8603] veth1_vlan: entered promiscuous mode [ 239.558132][ T8603] veth0_macvtap: entered promiscuous mode [ 239.571434][ T8603] veth1_macvtap: entered promiscuous mode [ 239.699692][ T8603] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 239.886868][ T8603] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 239.976512][ T3459] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 240.000053][ T3459] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 240.045730][ T3459] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 240.066227][ T3459] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 240.653770][ T975] gspca_ov534_9: reg_w failed -71 [ 240.902443][ T975] gspca_ov534_9: Unknown sensor 0000 [ 240.902537][ T975] ov534_9 3-1:0.0: probe with driver ov534_9 failed with error -22 [ 240.934865][ T6107] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 240.947446][ T975] usb 3-1: USB disconnect, device number 2 [ 241.020476][ T6107] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 241.231731][ T3529] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 241.267859][ T3529] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 241.691998][ T8824] syz.1.761 (8824): drop_caches: 2 [ 242.066724][ T8850] 0xfffffffffffffffd-0x000000020000 : "" [ 242.110112][ T8850] mtd: partition "" is out of reach -- disabled [ 242.216165][ T8850] ftl_cs: FTL header not found. [ 242.807421][ T8875] loop5: detected capacity change from 0 to 128 [ 242.816993][ T8874] loop7: detected capacity change from 0 to 1024 [ 242.845792][ T8874] EXT4-fs: Ignoring removed nomblk_io_submit option [ 242.991265][ T8874] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003] [ 243.004869][ T8874] System zones: 0-1, 3-36 [ 243.049049][ T8874] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 243.111266][ T8884] cgroup: Unexpected value for 'nofavordynmods' [ 243.154526][ T8884] 9p: Bad value for 'rfdno' [ 245.020883][ T3529] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 245.609356][ T5850] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 245.617660][ T5850] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 245.634329][ T5850] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 245.649407][ T5850] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 245.661403][ T5850] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 245.752934][ T3529] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 245.974396][ T3529] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 246.200264][ T3529] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 246.763958][ T7473] EXT4-fs error (device loop7): ext4_iget_extra_inode:5073: inode #15: comm syz-executor: corrupted in-inode xattr: ea_inode specified without ea_inode feature enabled [ 246.872258][ T7473] EXT4-fs error (device loop7): ext4_iget_extra_inode:5073: inode #15: comm syz-executor: corrupted in-inode xattr: ea_inode specified without ea_inode feature enabled [ 247.067494][ T8956] overlayfs: failed to clone upperpath [ 247.145642][ T3529] bridge_slave_1: left allmulticast mode [ 247.180575][ T3529] bridge_slave_1: left promiscuous mode [ 247.196024][ T3529] bridge0: port 2(bridge_slave_1) entered disabled state [ 247.288488][ T3529] bridge_slave_0: left allmulticast mode [ 247.315106][ T3529] bridge_slave_0: left promiscuous mode [ 247.335432][ T3529] bridge0: port 1(bridge_slave_0) entered disabled state [ 247.550216][ T8970] loop2: detected capacity change from 0 to 1024 [ 247.593175][ T8970] EXT4-fs: Ignoring removed bh option [ 247.700842][ T5141] Bluetooth: hci6: command tx timeout [ 247.763441][ T8970] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 248.644761][ T8150] EXT4-fs error (device loop2): ext4_read_inline_dir:1486: inode #12: block 7: comm syz-executor: path /10/file1/file0: bad entry in directory: rec_len is too small for name_len - offset=40, inode=14, rec_len=40, size=80 fake=0 [ 248.695429][ T8150] EXT4-fs (loop2): Remounting filesystem read-only [ 248.844248][ T8150] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 248.935640][ T3529] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 249.052257][ T3529] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 249.116545][ T3529] bond0 (unregistering): Released all slaves [ 249.359181][ T8927] chnl_net:caif_netlink_parms(): no params data found [ 249.392672][ T7473] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 249.814121][ T5141] Bluetooth: hci6: command tx timeout [ 250.558111][ T3529] hsr_slave_0: left promiscuous mode [ 250.621173][ T3529] hsr_slave_1: left promiscuous mode [ 250.636231][ T3529] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 250.655956][ T3529] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 250.711289][ T3529] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 250.772198][ T3529] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 250.956839][ T3529] veth1_macvtap: left promiscuous mode [ 250.988110][ T5850] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 250.999033][ T5850] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 251.007747][ T5850] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 251.015640][ T5850] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 251.023209][ T5850] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 251.059989][ T3529] veth0_macvtap: left promiscuous mode [ 251.114434][ T3529] veth1_vlan: left promiscuous mode [ 251.160769][ T3529] veth0_vlan: left promiscuous mode [ 251.890390][ T5850] Bluetooth: hci6: command tx timeout [ 253.066271][ T5850] Bluetooth: hci2: command tx timeout [ 253.946001][ T5850] Bluetooth: hci6: command tx timeout [ 254.403627][ T3529] team0 (unregistering): Port device team_slave_1 removed [ 254.707689][ T3529] team0 (unregistering): Port device team_slave_0 removed [ 254.997518][ T1294] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.003930][ T1294] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.147763][ T5850] Bluetooth: hci2: command tx timeout [ 256.423217][ T8927] bridge0: port 1(bridge_slave_0) entered blocking state [ 256.720418][ T8927] bridge0: port 1(bridge_slave_0) entered disabled state [ 256.738173][ T8927] bridge_slave_0: entered allmulticast mode [ 256.867912][ T8927] bridge_slave_0: entered promiscuous mode [ 256.979862][ T8927] bridge0: port 2(bridge_slave_1) entered blocking state [ 257.007412][ T8927] bridge0: port 2(bridge_slave_1) entered disabled state [ 257.030016][ T8927] bridge_slave_1: entered allmulticast mode [ 257.079259][ T8927] bridge_slave_1: entered promiscuous mode [ 257.232631][ T5850] Bluetooth: hci2: command tx timeout [ 257.349435][ T8927] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 257.474063][ T31] audit: type=1800 audit(1769651576.464:19): pid=9124 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.842" name="bus" dev="overlay" ino=98 res=0 errno=0 [ 257.580220][ T8927] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 257.954114][ T8927] team0: Port device team_slave_0 added [ 257.984942][ T8927] team0: Port device team_slave_1 added [ 258.162109][ T8927] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 258.171238][ T8927] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 258.210434][ T8927] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 258.302250][ T8927] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 258.325651][ T8927] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 258.447767][ T8927] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 259.057397][ T8927] hsr_slave_0: entered promiscuous mode [ 259.060654][ T5916] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 259.094374][ T8927] hsr_slave_1: entered promiscuous mode [ 259.124352][ T8927] debugfs: 'hsr0' already exists in 'hsr' [ 259.130114][ T8927] Cannot create hsr debugfs directory [ 259.267688][ T5916] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 259.300595][ T5850] Bluetooth: hci2: command tx timeout [ 259.332002][ T5916] usb 1-1: config 0 has no interfaces? [ 259.337529][ T5916] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 259.705153][ T5916] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 259.939821][ T5916] usb 1-1: config 0 descriptor?? [ 260.005866][ T3529] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 261.095183][ T3529] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 261.391513][ T9058] chnl_net:caif_netlink_parms(): no params data found [ 261.484117][ T3529] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 261.770605][ T3529] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 262.643810][ T9058] bridge0: port 1(bridge_slave_0) entered blocking state [ 262.720900][ T9058] bridge0: port 1(bridge_slave_0) entered disabled state [ 262.758638][ T9058] bridge_slave_0: entered allmulticast mode [ 262.789125][ T9058] bridge_slave_0: entered promiscuous mode [ 262.966183][ T9058] bridge0: port 2(bridge_slave_1) entered blocking state [ 262.999046][ T5838] usb 1-1: USB disconnect, device number 4 [ 263.009845][ T9058] bridge0: port 2(bridge_slave_1) entered disabled state [ 263.066562][ T9058] bridge_slave_1: entered allmulticast mode [ 263.111006][ T9058] bridge_slave_1: entered promiscuous mode [ 265.479670][ T9058] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 265.791961][ T9260] bond1: left allmulticast mode [ 265.816840][ T9260] ip6gretap1: left allmulticast mode [ 265.872168][ T9058] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 266.210536][ T975] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 266.230014][ T31] audit: type=1800 audit(1769651585.224:20): pid=9282 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.866" name="bus" dev="tmpfs" ino=1141 res=0 errno=0 [ 266.433175][ T975] usb 2-1: config 0 has no interfaces? [ 266.438692][ T975] usb 2-1: New USB device found, idVendor=056a, idProduct=0063, bcdDevice= 0.00 [ 266.484920][ T975] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 266.504838][ T9058] team0: Port device team_slave_0 added [ 266.528359][ T9058] team0: Port device team_slave_1 added [ 266.544440][ T975] usb 2-1: config 0 descriptor?? [ 267.237619][ T9058] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 267.266256][ T9058] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 267.302628][ T5951] usb 2-1: USB disconnect, device number 6 [ 267.382615][ T9058] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 267.423406][ T9058] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 267.430913][ T9058] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 267.459228][ T9058] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 267.735762][ T9058] hsr_slave_0: entered promiscuous mode [ 267.756692][ T9058] hsr_slave_1: entered promiscuous mode [ 267.774777][ T9058] debugfs: 'hsr0' already exists in 'hsr' [ 267.806070][ T9058] Cannot create hsr debugfs directory [ 268.062496][ T9307] loop2: detected capacity change from 0 to 8192 [ 268.176641][ T9307] loop2: p2 < > p3 p4 < > [ 268.201195][ T9307] loop2: partition table partially beyond EOD, truncated [ 268.231393][ T9307] loop2: p2 start 328960 is beyond EOD, truncated [ 268.278316][ T9307] loop2: p3 start 33572980 is beyond EOD, truncated [ 268.603743][ T3529] bridge_slave_1: left allmulticast mode [ 268.609419][ T3529] bridge_slave_1: left promiscuous mode [ 268.650585][ T3529] bridge0: port 2(bridge_slave_1) entered disabled state [ 269.427371][ T5834] udevd[5834]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory [ 269.445385][ T3529] bridge_slave_0: left allmulticast mode [ 269.460412][ T3529] bridge_slave_0: left promiscuous mode [ 269.475997][ T3529] bridge0: port 1(bridge_slave_0) entered disabled state [ 269.839052][ T3529] bridge_slave_1: left allmulticast mode [ 269.890538][ T3529] bridge_slave_1: left promiscuous mode [ 269.896314][ T3529] bridge0: port 2(bridge_slave_1) entered disabled state [ 270.019487][ T9345] netlink: 71 bytes leftover after parsing attributes in process `syz.3.882'. [ 270.026344][ T3529] bridge_slave_0: left allmulticast mode [ 270.043734][ T3529] bridge_slave_0: left promiscuous mode [ 270.068420][ T3529] bridge0: port 1(bridge_slave_0) entered disabled state [ 272.067532][ T3529] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 272.102185][ T5850] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 272.111383][ T5850] Bluetooth: hci1: Injecting HCI hardware error event [ 272.119686][ T5850] Bluetooth: hci1: hardware error 0x00 [ 272.200863][ T3529] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 272.269941][ T3529] bond0 (unregistering): Released all slaves [ 273.225604][ T3529] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 273.258740][ T3529] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 273.303607][ T3529] bond0 (unregistering): Released all slaves [ 273.324302][ T9391] vivid-003: disconnect [ 273.343147][ T3529] bond1 (unregistering): Released all slaves [ 273.479047][ T8927] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 273.608430][ T9389] vivid-003: reconnect [ 273.613538][ T8927] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 273.979401][ T9401] loop1: detected capacity change from 0 to 512 [ 273.987495][ T8927] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 274.080559][ T9401] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 274.118300][ T9401] ext4 filesystem being mounted at /31/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 274.236374][ T31] audit: type=1800 audit(1769651593.234:21): pid=9401 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.893" name="bus" dev="loop1" ino=18 res=0 errno=0 [ 274.260986][ T5850] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 274.355534][ T31] audit: type=1800 audit(1769651593.304:22): pid=9401 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.893" name="bus" dev="loop1" ino=18 res=0 errno=0 [ 274.429890][ T8466] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 274.477575][ T8927] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 274.584736][ T9408] netlink: 76 bytes leftover after parsing attributes in process `syz.3.894'. [ 276.627977][ T3529] hsr_slave_0: left promiscuous mode [ 276.707810][ T3529] hsr_slave_1: left promiscuous mode [ 276.770701][ T3529] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 277.225303][ T31] audit: type=1804 audit(1769651596.214:23): pid=9470 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.907" name="/newroot/33/file0" dev="tmpfs" ino=192 res=1 errno=0 [ 277.284562][ T3529] hsr_slave_0: left promiscuous mode [ 277.361321][ T3529] hsr_slave_1: left promiscuous mode [ 277.367645][ T3529] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 277.603186][ T3529] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 277.868319][ T3529] veth1_macvtap: left promiscuous mode [ 277.897250][ T3529] veth0_macvtap: left promiscuous mode [ 277.954015][ T3529] veth1_vlan: left promiscuous mode [ 277.966839][ T3529] veth0_vlan: left promiscuous mode [ 278.784537][ T9500] overlayfs: failed to clone upperpath [ 280.487763][ T9532] netlink: 12 bytes leftover after parsing attributes in process `syz.3.922'. [ 281.737813][ T9543] overlayfs: failed to clone upperpath [ 282.783233][ T3529] team0 (unregistering): Port device team_slave_1 removed [ 283.083405][ T3529] team0 (unregistering): Port device team_slave_0 removed [ 284.503706][ T9574] loop2: detected capacity change from 0 to 40427 [ 284.514639][ T9574] F2FS-fs (loop2): build fault injection rate: 174 [ 284.572289][ T9574] F2FS-fs (loop2): build fault injection type: 0x3bfe8c [ 284.627630][ T9574] F2FS-fs (loop2): invalid crc value [ 284.812819][ T9574] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 284.861324][ T9574] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 284.985685][ T9574] F2FS-fs (loop2): inject no more block in inc_valid_block_count of f2fs_reserve_new_blocks+0x11a/0xa90 [ 285.071614][ T8150] syz-executor: attempt to access beyond end of device [ 285.071614][ T8150] loop2: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 285.141646][ T8150] CPU: 0 UID: 0 PID: 8150 Comm: syz-executor Tainted: G L syzkaller #0 PREEMPT(full) [ 285.141687][ T8150] Tainted: [L]=SOFTLOCKUP [ 285.141697][ T8150] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 285.141711][ T8150] Call Trace: [ 285.141722][ T8150] [ 285.141732][ T8150] dump_stack_lvl+0xe8/0x150 [ 285.141769][ T8150] f2fs_handle_critical_error+0x37c/0x540 [ 285.141808][ T8150] f2fs_write_end_io+0xc1d/0xfd0 [ 285.141861][ T8150] __submit_merged_bio+0x256/0x650 [ 285.141897][ T8150] __submit_merged_write_cond+0x269/0x530 [ 285.141934][ T8150] f2fs_write_data_pages+0x2806/0x3360 [ 285.142027][ T8150] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 285.142122][ T8150] ? srso_alias_return_thunk+0x5/0xfbef5 [ 285.142152][ T8150] ? __lock_acquire+0x6b5/0x2cf0 [ 285.142206][ T8150] ? srso_alias_return_thunk+0x5/0xfbef5 [ 285.142234][ T8150] ? __lock_acquire+0x6b5/0x2cf0 [ 285.142280][ T8150] ? srso_alias_return_thunk+0x5/0xfbef5 [ 285.142309][ T8150] ? do_raw_spin_lock+0x12b/0x2f0 [ 285.142345][ T8150] ? srso_alias_return_thunk+0x5/0xfbef5 [ 285.142378][ T8150] ? srso_alias_return_thunk+0x5/0xfbef5 [ 285.142407][ T8150] ? do_raw_spin_unlock+0xf5/0x210 [ 285.142437][ T8150] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 285.142471][ T8150] do_writepages+0x32e/0x550 [ 285.142509][ T8150] ? srso_alias_return_thunk+0x5/0xfbef5 [ 285.142541][ T8150] ? srso_alias_return_thunk+0x5/0xfbef5 [ 285.142574][ T8150] ? srso_alias_return_thunk+0x5/0xfbef5 [ 285.142603][ T8150] ? do_raw_spin_unlock+0xf5/0x210 [ 285.142639][ T8150] filemap_fdatawrite+0x1e9/0x2f0 [ 285.142680][ T8150] ? __pfx_filemap_fdatawrite+0x10/0x10 [ 285.142759][ T8150] ? srso_alias_return_thunk+0x5/0xfbef5 [ 285.142791][ T8150] ? srso_alias_return_thunk+0x5/0xfbef5 [ 285.142825][ T8150] ? do_raw_spin_unlock+0xf5/0x210 [ 285.142859][ T8150] f2fs_sync_dirty_inodes+0x30e/0x810 [ 285.142913][ T8150] f2fs_write_checkpoint+0x9c6/0x2490 [ 285.142983][ T8150] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 285.143016][ T8150] ? srso_alias_return_thunk+0x5/0xfbef5 [ 285.143114][ T8150] kill_f2fs_super+0x308/0x710 [ 285.143157][ T8150] ? __pfx_kill_f2fs_super+0x10/0x10 [ 285.143218][ T8150] deactivate_locked_super+0xbc/0x130 [ 285.143256][ T8150] cleanup_mnt+0x437/0x4d0 [ 285.143289][ T8150] ? _raw_spin_unlock_irq+0x23/0x50 [ 285.143334][ T8150] task_work_run+0x1d9/0x270 [ 285.143370][ T8150] ? __pfx_task_work_run+0x10/0x10 [ 285.143403][ T8150] ? srso_alias_return_thunk+0x5/0xfbef5 [ 285.143443][ T8150] exit_to_user_mode_loop+0xed/0x480 [ 285.143478][ T8150] ? srso_alias_return_thunk+0x5/0xfbef5 [ 285.143507][ T8150] ? rcu_is_watching+0x15/0xb0 [ 285.143536][ T8150] do_syscall_64+0x2b7/0xf80 [ 285.143564][ T8150] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 285.143587][ T8150] ? trace_irq_disable+0x37/0x100 [ 285.143620][ T8150] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 285.143645][ T8150] RIP: 0033:0x7f908859c117 [ 285.143667][ T8150] Code: a2 c7 05 7c 94 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 [ 285.143689][ T8150] RSP: 002b:00007fffb09f34b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 285.143714][ T8150] RAX: 0000000000000000 RBX: 00007f908860471f RCX: 00007f908859c117 [ 285.143732][ T8150] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fffb09f3570 [ 285.143748][ T8150] RBP: 00007fffb09f3570 R08: 00007fffb09f4570 R09: 00000000ffffffff [ 285.143766][ T8150] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fffb09f4600 [ 285.143782][ T8150] R13: 00007f908860471f R14: 000000000004593a R15: 00007fffb09f4640 [ 285.143822][ T8150] [ 285.143832][ T8150] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 285.514986][ T8150] CPU: 0 UID: 0 PID: 8150 Comm: syz-executor Tainted: G L syzkaller #0 PREEMPT(full) [ 285.515024][ T8150] Tainted: [L]=SOFTLOCKUP [ 285.515033][ T8150] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 285.515048][ T8150] Call Trace: [ 285.515058][ T8150] [ 285.515069][ T8150] dump_stack_lvl+0xe8/0x150 [ 285.515113][ T8150] f2fs_handle_critical_error+0x37c/0x540 [ 285.515154][ T8150] f2fs_write_end_io+0xc1d/0xfd0 [ 285.515211][ T8150] __submit_merged_bio+0x256/0x650 [ 285.515250][ T8150] __submit_merged_write_cond+0x269/0x530 [ 285.515289][ T8150] f2fs_write_data_pages+0x2806/0x3360 [ 285.515368][ T8150] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 285.515470][ T8150] ? srso_alias_return_thunk+0x5/0xfbef5 [ 285.515499][ T8150] ? __lock_acquire+0x6b5/0x2cf0 [ 285.515555][ T8150] ? srso_alias_return_thunk+0x5/0xfbef5 [ 285.515583][ T8150] ? __lock_acquire+0x6b5/0x2cf0 [ 285.515631][ T8150] ? srso_alias_return_thunk+0x5/0xfbef5 [ 285.515660][ T8150] ? do_raw_spin_lock+0x12b/0x2f0 [ 285.515697][ T8150] ? srso_alias_return_thunk+0x5/0xfbef5 [ 285.515731][ T8150] ? srso_alias_return_thunk+0x5/0xfbef5 [ 285.515759][ T8150] ? do_raw_spin_unlock+0xf5/0x210 [ 285.515789][ T8150] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 285.515824][ T8150] do_writepages+0x32e/0x550 [ 285.515862][ T8150] ? srso_alias_return_thunk+0x5/0xfbef5 [ 285.515893][ T8150] ? srso_alias_return_thunk+0x5/0xfbef5 [ 285.515927][ T8150] ? srso_alias_return_thunk+0x5/0xfbef5 [ 285.515955][ T8150] ? do_raw_spin_unlock+0xf5/0x210 [ 285.515991][ T8150] filemap_fdatawrite+0x1e9/0x2f0 [ 285.516033][ T8150] ? __pfx_filemap_fdatawrite+0x10/0x10 [ 285.516128][ T8150] ? srso_alias_return_thunk+0x5/0xfbef5 [ 285.516162][ T8150] ? srso_alias_return_thunk+0x5/0xfbef5 [ 285.516197][ T8150] ? do_raw_spin_unlock+0xf5/0x210 [ 285.516233][ T8150] f2fs_sync_dirty_inodes+0x30e/0x810 [ 285.516289][ T8150] f2fs_write_checkpoint+0x9c6/0x2490 [ 285.516365][ T8150] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 285.516398][ T8150] ? srso_alias_return_thunk+0x5/0xfbef5 [ 285.516503][ T8150] kill_f2fs_super+0x308/0x710 [ 285.516547][ T8150] ? __pfx_kill_f2fs_super+0x10/0x10 [ 285.516614][ T8150] deactivate_locked_super+0xbc/0x130 [ 285.516651][ T8150] cleanup_mnt+0x437/0x4d0 [ 285.516684][ T8150] ? _raw_spin_unlock_irq+0x23/0x50 [ 285.516730][ T8150] task_work_run+0x1d9/0x270 [ 285.516766][ T8150] ? __pfx_task_work_run+0x10/0x10 [ 285.516798][ T8150] ? srso_alias_return_thunk+0x5/0xfbef5 [ 285.516840][ T8150] exit_to_user_mode_loop+0xed/0x480 [ 285.516875][ T8150] ? srso_alias_return_thunk+0x5/0xfbef5 [ 285.516903][ T8150] ? rcu_is_watching+0x15/0xb0 [ 285.516933][ T8150] do_syscall_64+0x2b7/0xf80 [ 285.516959][ T8150] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 285.516983][ T8150] ? trace_irq_disable+0x37/0x100 [ 285.517015][ T8150] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 285.517039][ T8150] RIP: 0033:0x7f908859c117 [ 285.517062][ T8150] Code: a2 c7 05 7c 94 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 [ 285.517087][ T8150] RSP: 002b:00007fffb09f34b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 285.517113][ T8150] RAX: 0000000000000000 RBX: 00007f908860471f RCX: 00007f908859c117 [ 285.517130][ T8150] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fffb09f3570 [ 285.517146][ T8150] RBP: 00007fffb09f3570 R08: 00007fffb09f4570 R09: 00000000ffffffff [ 285.517163][ T8150] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fffb09f4600 [ 285.517179][ T8150] R13: 00007f908860471f R14: 000000000004593a R15: 00007fffb09f4640 [ 285.517224][ T8150] [ 285.517234][ T8150] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 285.900942][ T3529] team0 (unregistering): Port device team_slave_1 removed [ 286.089060][ T3529] team0 (unregistering): Port device team_slave_0 removed [ 287.092376][ T8927] 8021q: adding VLAN 0 to HW filter on device bond0 [ 287.179788][ T8927] 8021q: adding VLAN 0 to HW filter on device team0 [ 287.216932][ T6123] bridge0: port 1(bridge_slave_0) entered blocking state [ 287.224131][ T6123] bridge0: port 1(bridge_slave_0) entered forwarding state [ 287.264768][ T6123] bridge0: port 2(bridge_slave_1) entered blocking state [ 287.271985][ T6123] bridge0: port 2(bridge_slave_1) entered forwarding state [ 287.991359][ T9058] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 288.119580][ T9058] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 288.218529][ T9058] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 288.306287][ T9058] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 288.915569][ T9058] 8021q: adding VLAN 0 to HW filter on device bond0 [ 289.014705][ T9058] 8021q: adding VLAN 0 to HW filter on device team0 [ 289.043371][ T3459] bridge0: port 1(bridge_slave_0) entered blocking state [ 289.050527][ T3459] bridge0: port 1(bridge_slave_0) entered forwarding state [ 289.117662][ T3459] bridge0: port 2(bridge_slave_1) entered blocking state [ 289.124896][ T3459] bridge0: port 2(bridge_slave_1) entered forwarding state [ 289.518260][ T8927] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 290.156738][ T9058] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 290.801174][ T8927] veth0_vlan: entered promiscuous mode [ 290.885462][ T8927] veth1_vlan: entered promiscuous mode [ 291.030763][ T9685] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 291.280589][ T9678] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 291.311107][ T8927] veth0_macvtap: entered promiscuous mode [ 291.349794][ T8927] veth1_macvtap: entered promiscuous mode [ 291.510697][ T9682] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 291.569259][ T8927] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 291.630240][ T8927] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 291.712210][ T3495] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 291.851799][ T9256] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 292.000371][ T9256] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 292.356488][ T9256] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 292.774424][ T9737] netlink: 24 bytes leftover after parsing attributes in process `syz.0.958'. [ 292.792024][ T9058] veth0_vlan: entered promiscuous mode [ 293.150877][ T9748] netlink: 4 bytes leftover after parsing attributes in process `syz.0.958'. [ 293.235644][ T9256] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 293.272839][ T9256] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 293.416466][ T9058] veth1_vlan: entered promiscuous mode [ 293.580675][ T9256] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 293.588903][ T9256] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 293.651610][ T9058] veth0_macvtap: entered promiscuous mode [ 293.689436][ T9058] veth1_macvtap: entered promiscuous mode [ 294.777324][ T9058] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 294.837440][ T9058] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 294.910159][ T3471] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 294.946111][ T9763] input: syz0 as /devices/virtual/input/input9 [ 294.966981][ T3471] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 295.059663][ T3471] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 295.090854][ T3471] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 295.451137][ T3453] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 295.472240][ T3453] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 295.609013][ T37] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 295.650579][ T37] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 298.971152][ T5838] usb 9-1: new high-speed USB device number 2 using dummy_hcd [ 299.202046][ T5838] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 299.279321][ T5838] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 299.342592][ T5838] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 299.426241][ T5838] usb 9-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 299.442986][ T9830] netlink: 'syz.2.980': attribute type 1 has an invalid length. [ 299.586964][ T5838] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 299.646049][ T5838] usb 9-1: config 0 descriptor?? [ 299.648352][ T9830] 8021q: adding VLAN 0 to HW filter on device bond1 [ 299.700231][ T9837] gretap1: entered promiscuous mode [ 300.238600][ T9837] bond1: (slave gretap1): making interface the new active one [ 300.282283][ T9837] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 300.399519][ T5838] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.8-1/input0 [ 300.436896][ T9850] overlayfs: failed to clone upperpath [ 301.974363][ T9865] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 302.192205][ T9889] netlink: 12 bytes leftover after parsing attributes in process `syz.4.992'. [ 302.241172][ T9889] netlink: 12 bytes leftover after parsing attributes in process `syz.4.992'. [ 302.310889][ T9865] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 302.876153][ T791] usb 9-1: USB disconnect, device number 2 [ 304.092767][ T9905] sctp: [Deprecated]: syz.4.995 (pid 9905) Use of struct sctp_assoc_value in delayed_ack socket option. [ 304.092767][ T9905] Use struct sctp_sack_info instead [ 304.677795][ T9915] uprobe: syz.4.997:9915 failed to unregister, leaking uprobe [ 304.690915][ T9915] uprobe: syz.4.997:9915 failed to unregister, leaking uprobe [ 304.875905][ T37] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 304.896227][ T37] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 305.020340][ T37] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 305.053801][ T37] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 307.355715][ T9962] binder: 9961:9962 unknown command 0 [ 307.378141][ T9962] binder: 9961:9962 ioctl c0306201 200000000080 returned -22 [ 312.213561][T10001] random: crng reseeded on system resumption [ 316.434610][ T1294] ieee802154 phy0 wpan0: encryption failed: -22 [ 316.441160][ T1294] ieee802154 phy1 wpan1: encryption failed: -22 [ 316.560539][ T5949] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 316.880000][ T5949] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 316.990046][ T5949] usb 5-1: config 0 has no interfaces? [ 317.015993][ T5949] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 317.093282][ T5949] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 317.243432][T10044] team0 (unregistering): Port device team_slave_0 removed [ 317.256188][ T5949] usb 5-1: config 0 descriptor?? [ 317.393956][T10044] team0 (unregistering): Port device team_slave_1 removed [ 317.405289][ T5141] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 317.427590][ T5141] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 317.436694][ T5141] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 317.507504][ T5141] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 317.515122][ T5141] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 319.621701][ T5850] Bluetooth: hci7: command tx timeout [ 319.695628][T10058] chnl_net:caif_netlink_parms(): no params data found [ 319.928028][ T5896] usb 5-1: USB disconnect, device number 7 [ 319.992503][ T3471] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 321.216900][ T3471] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 321.700404][ T5850] Bluetooth: hci7: command tx timeout [ 321.883243][T10058] bridge0: port 1(bridge_slave_0) entered blocking state [ 321.970527][T10058] bridge0: port 1(bridge_slave_0) entered disabled state [ 321.978122][T10058] bridge_slave_0: entered allmulticast mode [ 322.191887][T10058] bridge_slave_0: entered promiscuous mode [ 322.709073][ T3471] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 322.917499][T10058] bridge0: port 2(bridge_slave_1) entered blocking state [ 322.935017][T10058] bridge0: port 2(bridge_slave_1) entered disabled state [ 323.120542][T10058] bridge_slave_1: entered allmulticast mode [ 323.160566][T10058] bridge_slave_1: entered promiscuous mode [ 323.472555][ T3471] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 323.559213][T10058] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 323.661111][T10058] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 323.783857][ T5850] Bluetooth: hci7: command tx timeout [ 323.886492][T10058] team0: Port device team_slave_0 added [ 323.962880][T10058] team0: Port device team_slave_1 added [ 324.035925][T10058] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 324.050427][T10058] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 324.096962][T10058] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 324.334275][T10058] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 324.378254][T10058] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 324.457403][T10058] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 324.885420][ T3471] bridge_slave_1: left allmulticast mode [ 324.900898][ T3471] bridge_slave_1: left promiscuous mode [ 324.906678][ T3471] bridge0: port 2(bridge_slave_1) entered disabled state [ 325.334388][ T3471] bridge_slave_0: left allmulticast mode [ 325.358623][ T3471] bridge_slave_0: left promiscuous mode [ 325.371858][ T3471] bridge0: port 1(bridge_slave_0) entered disabled state [ 325.890415][ T5850] Bluetooth: hci7: command tx timeout [ 328.138531][ T3471] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 328.257597][ T3471] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 328.308316][ T3471] bond0 (unregistering): Released all slaves [ 328.577775][T10183] loop1: detected capacity change from 0 to 2048 [ 328.587919][T10150] netlink: 172 bytes leftover after parsing attributes in process `syz.4.1046'. [ 328.597248][T10150] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 328.660753][T10183] udf: Unknown parameter 'joadinicb' [ 328.668123][T10058] hsr_slave_0: entered promiscuous mode [ 328.707708][T10058] hsr_slave_1: entered promiscuous mode [ 328.755879][T10183] 9p: Unknown access argument 18446744073709551615: -34 [ 329.918695][ T32] INFO: task syz-executor:5825 blocked for more than 143 seconds. [ 329.926619][ T32] Tainted: G L syzkaller #0 [ 329.940326][ T32] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 329.948994][ T32] task:syz-executor state:D stack:20808 pid:5825 tgid:5825 ppid:1 task_flags:0x400140 flags:0x00080002 [ 329.975460][ T32] Call Trace: [ 329.979525][ T32] [ 329.982907][ T32] __schedule+0x14ea/0x5050 [ 329.987431][ T32] ? srso_alias_return_thunk+0x5/0xfbef5 [ 329.993466][ T32] ? __lock_acquire+0x146e/0x2cf0 [ 329.998534][ T32] ? __pfx___schedule+0x10/0x10 [ 330.003784][ T32] ? schedule+0x90/0x360 [ 330.008039][ T32] schedule+0x164/0x360 [ 330.015968][ T32] io_schedule+0x7f/0xd0 [ 330.025609][ T32] folio_wait_bit_common+0x6d8/0xbc0 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 330.103069][T10189] tipc: Failed to remove unknown binding: 66,0,0/0:3340563762/3340563763 [ 330.134798][T10189] tipc: Failed to remove unknown binding: 66,0,0/0:3340563762/3340563763 [ 330.165791][ T32] ? __pfx_folio_wait_bit_common+0x10/0x10 [ 330.201304][ T32] ? __pfx_wake_page_function+0x10/0x10 [ 330.246767][ T32] ? srso_alias_return_thunk+0x5/0xfbef5 [ 330.298063][ T32] ? __filemap_get_folio_mpol+0x81/0xb00 [ 330.346149][ T32] __filemap_get_folio_mpol+0x13e/0xb00 [ 330.383141][ T32] truncate_inode_pages_range+0x48b/0xe30 [ 330.388899][ T32] ? srso_alias_return_thunk+0x5/0xfbef5 [ 330.530490][ T32] ? srso_alias_return_thunk+0x5/0xfbef5 [ 330.536175][ T32] ? stack_depot_save_flags+0x33/0x810 [ 330.570352][ T32] ? srso_alias_return_thunk+0x5/0xfbef5 [ 330.576021][ T32] ? __pfx_truncate_inode_pages_range+0x10/0x10 [ 330.623430][ T32] ? srso_alias_return_thunk+0x5/0xfbef5 [ 330.629091][ T32] ? srso_alias_return_thunk+0x5/0xfbef5 [ 330.650483][ T32] ? srso_alias_return_thunk+0x5/0xfbef5 [ 330.656144][ T32] ? lockdep_hardirqs_on+0x7a/0x110 [ 330.710401][ T32] evict+0x631/0xb10 [ 330.714382][ T32] ? __pfx_evict+0x10/0x10 [ 330.718814][ T32] ? srso_alias_return_thunk+0x5/0xfbef5 [ 330.860328][ T32] ? srso_alias_return_thunk+0x5/0xfbef5 [ 330.866003][ T32] evict_inodes+0x75a/0x7f0 [ 330.881147][ T32] ? __pfx_evict_inodes+0x10/0x10 [ 330.886217][ T32] generic_shutdown_super+0x9a/0x2c0 [ 330.930442][ T32] kill_block_super+0x44/0x90 [ 330.935186][ T32] deactivate_locked_super+0xbc/0x130 [ 330.943991][ T32] cleanup_mnt+0x437/0x4d0 [ 330.948441][ T32] ? _raw_spin_unlock_irq+0x23/0x50 [ 331.000676][ T32] task_work_run+0x1d9/0x270 [ 331.005331][ T32] ? __pfx_task_work_run+0x10/0x10 [ 331.050382][ T32] ? srso_alias_return_thunk+0x5/0xfbef5 [ 331.056073][ T32] exit_to_user_mode_loop+0xed/0x480 [ 331.080598][ T32] ? srso_alias_return_thunk+0x5/0xfbef5 [ 331.086265][ T32] ? rcu_is_watching+0x15/0xb0 [ 331.100314][ T32] do_syscall_64+0x2b7/0xf80 [ 331.120476][ T32] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 331.126566][ T32] ? trace_irq_disable+0x37/0x100 [ 331.160316][ T32] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 331.166234][ T32] RIP: 0033:0x7fbbd7b9c117 [ 331.200303][ T32] RSP: 002b:00007ffc638a9be8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 331.208751][ T32] RAX: 0000000000000000 RBX: 00007fbbd7c0471f RCX: 00007fbbd7b9c117 [ 331.240389][ T32] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc638a9ca0 [ 331.260395][ T32] RBP: 00007ffc638a9ca0 R08: 00007ffc638aaca0 R09: 00000000ffffffff [ 331.268395][ T32] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc638aad30 [ 331.330315][ T32] R13: 00007fbbd7c0471f R14: 0000000000029d74 R15: 00007ffc638aad70 [ 331.338379][ T32] [ 331.370497][ T32] [ 331.370497][ T32] Showing all locks held in the system: [ 331.378261][ T32] 1 lock held by khungtaskd/32: [ 331.397540][ T32] #0: ffffffff8e55a360 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 331.430321][ T32] 3 locks held by kworker/u8:4/60: [ 331.435473][ T32] #0: ffff8881436fb148 ((wq_completion)cfg80211){+.+.}-{0:0}, at: process_scheduled_works+0x9d4/0x17a0 [ 331.490319][ T32] #1: ffffc9000211fbc0 ((work_completion)(&(&rdev->dfs_update_channels_wk)->work)){+.+.}-{0:0}, at: process_scheduled_works+0xa0f/0x17a0 [ 331.510620][ T32] #2: ffffffff8f9ac088 (rtnl_mutex){+.+.}-{4:4}, at: cfg80211_dfs_channels_update_work+0xd6/0x660 [ 331.540399][ T32] 5 locks held by kworker/u8:7/3471: [ 331.550490][ T32] #0: ffff88801b2df148 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x9d4/0x17a0 [ 331.590304][ T32] #1: ffffc9000c417bc0 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0xa0f/0x17a0 [ 331.610364][ T32] #2: ffffffff8f99d790 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xfe/0x7b0 [ 331.619697][ T32] #3: ffffffff8f9ac088 (rtnl_mutex){+.+.}-{4:4}, at: ieee80211_unregister_hw+0x55/0x2c0 [ 331.670309][ T32] #4: ffff8880679a0788 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0x132/0x6d0 [ 331.690078][ T32] 1 lock held by dhcpcd/5485: [ 331.700319][ T32] #0: ffffffff8f9ac088 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_delroute+0x130/0x330 [ 331.709772][ T32] 2 locks held by getty/5580: [ 331.714577][ T32] #0: ffff88803074a0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 331.724385][ T32] #1: ffffc900036bb2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x45c/0x13c0 [ 331.734597][ T32] 1 lock held by syz-executor/5825: [ 331.739786][ T32] #0: ffff88807d8620e0 (&type->s_umount_key#90){+.+.}-{4:4}, at: deactivate_super+0xa9/0xe0 [ 331.750050][ T32] 3 locks held by kworker/u8:23/9256: [ 331.755443][ T32] #0: ffff88813fe69948 ((wq_completion)events_unbound#2){+.+.}-{0:0}, at: process_scheduled_works+0x9d4/0x17a0 [ 331.769085][ T32] #1: ffffc9000451fbc0 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0xa0f/0x17a0 [ 331.780203][ T32] #2: ffffffff8f9ac088 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60 [ 331.809305][ T32] 3 locks held by kworker/1:9/9891: [ 331.815538][ T32] 2 locks held by syz-executor/10058: [ 331.821274][ T32] #0: ffffffff8f1ea9a8 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x23/0x250 [ 331.831049][ T32] #1: ffffffff8f9ac088 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8a1/0x1be0 [ 331.840145][ T32] 1 lock held by syz.8.1056/10184: [ 331.845610][ T32] #0: ffffffff8e560c78 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x38d/0x770 [ 331.856746][ T32] 2 locks held by syz.2.1060/10194: [ 331.864016][ T32] #0: ffff8880557f8d88 (&sb->s_type->i_mutex_key#13){+.+.}-{4:4}, at: sock_close+0x9b/0x240 [ 331.875209][ T32] #1: ffffffff8e560c78 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x38d/0x770 [ 331.886605][ T32] [ 331.961994][ T32] ============================================= [ 331.961994][ T32] [ 332.058136][ T32] NMI backtrace for cpu 1 [ 332.058161][ T32] CPU: 1 UID: 0 PID: 32 Comm: khungtaskd Tainted: G L syzkaller #0 PREEMPT(full) [ 332.058193][ T32] Tainted: [L]=SOFTLOCKUP [ 332.058202][ T32] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 332.058216][ T32] Call Trace: [ 332.058225][ T32] [ 332.058236][ T32] dump_stack_lvl+0xe8/0x150 [ 332.058272][ T32] nmi_cpu_backtrace+0x274/0x2d0 [ 332.058306][ T32] ? srso_alias_return_thunk+0x5/0xfbef5 [ 332.058336][ T32] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 332.058383][ T32] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 332.058421][ T32] sys_info+0x135/0x170 [ 332.058450][ T32] watchdog+0xf90/0xfe0 [ 332.058481][ T32] ? watchdog+0x209/0xfe0 [ 332.058515][ T32] kthread+0x726/0x8b0 [ 332.058547][ T32] ? __pfx_watchdog+0x10/0x10 [ 332.058572][ T32] ? __pfx_kthread+0x10/0x10 [ 332.058597][ T32] ? srso_alias_return_thunk+0x5/0xfbef5 [ 332.058630][ T32] ? _raw_spin_unlock_irq+0x23/0x50 [ 332.058668][ T32] ? __pfx_kthread+0x10/0x10 [ 332.058696][ T32] ret_from_fork+0x51b/0xa40 [ 332.058739][ T32] ? __pfx_ret_from_fork+0x10/0x10 [ 332.058774][ T32] ? srso_alias_return_thunk+0x5/0xfbef5 [ 332.058803][ T32] ? __switch_to+0xc82/0x1410 [ 332.058842][ T32] ? __pfx_kthread+0x10/0x10 [ 332.058871][ T32] ret_from_fork_asm+0x1a/0x30 [ 332.058924][ T32] [ 332.058933][ T32] Sending NMI from CPU 1 to CPUs 0: [ 332.204607][ C0] NMI backtrace for cpu 0 [ 332.204629][ C0] CPU: 0 UID: 0 PID: 10058 Comm: syz-executor Tainted: G L syzkaller #0 PREEMPT(full) [ 332.204658][ C0] Tainted: [L]=SOFTLOCKUP [ 332.204666][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 332.204679][ C0] RIP: 0010:check_preemption_disabled+0x2a/0xe0 [ 332.204712][ C0] Code: 55 41 57 41 56 53 65 8b 05 c7 96 5b 07 65 8b 0d bc 96 5b 07 f7 c1 ff ff ff 7f 74 0c 5b 41 5e 41 5f 5d e9 84 27 79 f5 cc 9c 59 c1 00 02 00 00 74 ea 65 4c 8b 3d 6e 96 5b 07 41 f6 47 2f 04 74 [ 332.204731][ C0] RSP: 0018:ffffc9000ee37240 EFLAGS: 00000046 [ 332.204750][ C0] RAX: 0000000000000000 RBX: 0000000000000202 RCX: 0000000000000046 [ 332.204764][ C0] RDX: 0000000000000000 RSI: ffffffff8dce2755 RDI: ffffffff8c073980 [ 332.204779][ C0] RBP: ffff88801e1896a4 R08: ffff88801e189667 R09: 1ffff11003c312cc [ 332.204796][ C0] R10: dffffc0000000000 R11: ffffed1003c312cd R12: 0000000000074eaf [ 332.204811][ C0] R13: ffffffff8236ea6e R14: ffffffff8e55a360 R15: ffff88805cd28000 [ 332.204831][ C0] FS: 0000000000000000(0000) GS:ffff8881256f5000(0000) knlGS:0000000000000000 [ 332.204849][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 332.204864][ C0] CR2: 00007f3d27a515b8 CR3: 000000000e346000 CR4: 0000000000350ef0 [ 332.204881][ C0] Call Trace: [ 332.204889][ C0] [ 332.204899][ C0] lock_release+0xa1/0x3a0 [ 332.204937][ C0] ? __update_page_owner_free_handle+0x2e/0x470 [ 332.204974][ C0] __update_page_owner_free_handle+0x451/0x470 [ 332.205009][ C0] ? __update_page_owner_free_handle+0x2e/0x470 [ 332.205049][ C0] __reset_page_owner+0x85/0x1f0 [ 332.205084][ C0] free_unref_folios+0xdce/0x1510 [ 332.205115][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 332.205145][ C0] folios_put_refs+0x789/0x8d0 [ 332.205172][ C0] ? finish_task_switch+0x23c/0x920 [ 332.205210][ C0] ? __pfx_folios_put_refs+0x10/0x10 [ 332.205241][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 332.205266][ C0] ? free_swap_cache+0x9b/0x300 [ 332.205299][ C0] free_pages_and_swap_cache+0x537/0x5b0 [ 332.205335][ C0] ? __pfx_free_pages_and_swap_cache+0x10/0x10 [ 332.205391][ C0] ? __virt_addr_valid+0x1c8/0x5b0 [ 332.205420][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 332.205461][ C0] tlb_flush_mmu+0x6d3/0xa30 [ 332.205485][ C0] ? __pfx_down_write+0x10/0x10 [ 332.205515][ C0] tlb_finish_mmu+0xf9/0x230 [ 332.205542][ C0] exit_mmap+0x451/0xb30 [ 332.205574][ C0] ? uprobe_clear_state+0x20f/0x290 [ 332.205602][ C0] ? __pfx_exit_mmap+0x10/0x10 [ 332.205633][ C0] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 332.205667][ C0] ? __pfx_exit_aio+0x10/0x10 [ 332.205701][ C0] ? uprobe_clear_state+0x27c/0x290 [ 332.205725][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 332.205755][ C0] __mmput+0x118/0x430 [ 332.205790][ C0] exit_mm+0x168/0x220 [ 332.205820][ C0] do_exit+0x62e/0x2310 [ 332.205852][ C0] ? __pfx_do_exit+0x10/0x10 [ 332.205882][ C0] ? do_raw_spin_lock+0x12b/0x2f0 [ 332.205910][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 332.205940][ C0] do_group_exit+0x21b/0x2d0 [ 332.205967][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 332.206004][ C0] get_signal+0x1284/0x1330 [ 332.206052][ C0] arch_do_signal_or_restart+0xbc/0x830 [ 332.206088][ C0] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 332.206134][ C0] exit_to_user_mode_loop+0x86/0x480 [ 332.206165][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 332.206190][ C0] ? rcu_is_watching+0x15/0xb0 [ 332.206214][ C0] do_syscall_64+0x2b7/0xf80 [ 332.206237][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 332.206259][ C0] ? trace_irq_disable+0x37/0x100 [ 332.206285][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 332.206307][ C0] RIP: 0033:0x7f81c055b78e [ 332.206324][ C0] Code: Unable to access opcode bytes at 0x7f81c055b764. [ 332.206335][ C0] RSP: 002b:00007fff749b7de8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 332.206362][ C0] RAX: 000000000000005c RBX: 000055558152e500 RCX: 00007f81c055b78e [ 332.206377][ C0] RDX: 000000000000005c RSI: 00007f81c1344670 RDI: 0000000000000003 [ 332.206391][ C0] RBP: 0000000000000001 R08: 00007fff749b7e64 R09: 000000000000000c [ 332.206405][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 332.206418][ C0] R13: 0000000000000000 R14: 00007f81c1344670 R15: 0000000000000000 [ 332.206444][ C0] [ 333.030588][ T32] Kernel panic - not syncing: hung_task: blocked tasks [ 333.037474][ T32] CPU: 1 UID: 0 PID: 32 Comm: khungtaskd Tainted: G L syzkaller #0 PREEMPT(full) [ 333.048154][ T32] Tainted: [L]=SOFTLOCKUP [ 333.052463][ T32] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 333.062507][ T32] Call Trace: [ 333.065776][ T32] [ 333.068685][ T32] vpanic+0x1e0/0x670 [ 333.072660][ T32] panic+0xc5/0xd0 [ 333.076375][ T32] ? __pfx_panic+0x10/0x10 [ 333.080778][ T32] ? srso_alias_return_thunk+0x5/0xfbef5 [ 333.086400][ T32] ? srso_alias_return_thunk+0x5/0xfbef5 [ 333.092018][ T32] ? preempt_schedule_thunk+0x16/0x30 [ 333.097388][ T32] ? srso_alias_return_thunk+0x5/0xfbef5 [ 333.103005][ T32] ? nmi_trigger_cpumask_backtrace+0x2bb/0x300 [ 333.109154][ T32] watchdog+0xfda/0xfe0 [ 333.113297][ T32] ? watchdog+0x209/0xfe0 [ 333.117615][ T32] kthread+0x726/0x8b0 [ 333.121668][ T32] ? __pfx_watchdog+0x10/0x10 [ 333.126327][ T32] ? __pfx_kthread+0x10/0x10 [ 333.130898][ T32] ? srso_alias_return_thunk+0x5/0xfbef5 [ 333.136518][ T32] ? _raw_spin_unlock_irq+0x23/0x50 [ 333.141709][ T32] ? __pfx_kthread+0x10/0x10 [ 333.146288][ T32] ret_from_fork+0x51b/0xa40 [ 333.150873][ T32] ? __pfx_ret_from_fork+0x10/0x10 [ 333.155974][ T32] ? srso_alias_return_thunk+0x5/0xfbef5 [ 333.161587][ T32] ? __switch_to+0xc82/0x1410 [ 333.166256][ T32] ? __pfx_kthread+0x10/0x10 [ 333.170831][ T32] ret_from_fork_asm+0x1a/0x30 [ 333.175614][ T32] [ 333.178917][ T32] Kernel Offset: disabled [ 333.183232][ T32] Rebooting in 86400 seconds..