last executing test programs: 19.711177231s ago: executing program 4: socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCBRDELBR(0xffffffffffffffff, 0x89a2, 0x0) syz_emit_ethernet(0xfc0, &(0x7f0000000000)=ANY=[], 0x0) 19.669425788s ago: executing program 4: setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f00000000c0)={0x0, 0x128000}, 0x20) r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$SG_IO(r1, 0x2285, &(0x7f0000000040)={0x53, 0x0, 0x6, 0x0, @buffer={0x17, 0x45c00, &(0x7f00000000c0)=""/81}, &(0x7f0000000380)="259374c96ee3", 0x0, 0x0, 0x0, 0x0, 0x0}) 19.636707773s ago: executing program 0: openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000003c0)={'syz0\x00', {0x0, 0x0, 0x0, 0x400}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1]}, 0x45c) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000400)=ANY=[], 0x8) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000240)='bridge0\x00', 0x10) write(r0, &(0x7f00000000c0)="8f2a0a65bd8c002b0304000e0580a7b6070d63e286a5cefe", 0x5ac) 19.58904267s ago: executing program 4: syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000380)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x2008002, &(0x7f0000000440), 0x1, 0x547, &(0x7f0000001940)="$eJzs3c+PG1cdAPDvzP5smnYT6AEqIAEKAUWxs04bVb2kuYBQVQlRcUAc0mXXWS2x4xB7S3eJxPZvAAkkTnDgD+CAxAGpJw7cOCJxQEjlgBRgBcoigWQ049mNu+tt3NhrN/bnI01m3ryZ+b4XZ/yen515AUyt8xGxExHzEfFmRCwV+5NiiVc7S3bcg917q3u791aTaLff+EeS52f7ouuczNPFNRcj4htfjfhOcjRuc2v71kqtVr1bpMut+p1yc2v70kZ9Zb26Xr1dqVxdvnr55SsvVT6g9Nc+VF3P1X91/ysbr33zt7/59Ht/2PnyD7JinS7yuusxTJ2qzx3EycxGxGsnEWwMZor1/JjLweNJI+JjEfG5/P5fipn8XycAMMna7aVoL3WnAYBJl+ZjYElaiog0LToBpc4Y3nNxKq01mq2LNxubt9c6Y2VnYi69uVGrXj678Kfv5QfPJVl6Oc/L8/N05VD6SkScjYgfLzyVp0urjdraeLo8ADD1nu5u/yPi3wtpWir1dWqPb/UAgCfG4rgLAACMnPYfAKaP9h8Apk8f7X/xZf/OiZcFABgNn/8BYPpo/wFg+mj/AWCqfP3117OlvVc8/3rtra3NW423Lq1Vm7dK9c3V0mrj7p3SeqOxnj+zp/6o69UajTvLL8bm2+VWtdkqN7e2b9Qbm7dbN/Lnet+ozo2kVgDABzl77t0/JhGx88pT+RJdczloq2GypeMuADA2M4OcrIMATzSzfcH06qsJzzsJv99Pee4vTJieN/Viz833++mHCOJ3RvCRcuGT/Y//m+MZJovxf5hejzf+f23o5QBGz/g/TK92Ozk85//8QRYAMJEG+Alf+4fD6oQAY/WoH/UM5ft/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmDCnI+K7kaSlfC7wNPszLZUinomIMzGX3NyoVS9HxLNxLiLmFrL08rgLDQAMKP1bUsz/dWHphdOHc+eT/yzk64j4/s/e+MnbK63W3eVs/z8P9i/sTx9WeXjeAPMKAgBDlrfflWLd9UH+we691f1llOW5fz3+V0xFvLq3ey9fOjmzke2MWMz7Eqf+lcRscc5iRDwfETNDiL/zTkR8olf9k3xs5Ewx82l3/ChiPzPS+On74qd5Xmeddb4+PoSywLR593pEvNrr/kvjfL7uff8v5u9Qg7t/vXOx/fe+va74s0WkmR7xs3v+fL8xXvzd147sbC918t6JeH62V/zkIH5yTPwX+oz/50995kfXjslr/zziQvSO3x2r3KrfKTe3ti9t1FfWq+vV25XK1eWrl1++8lKlnI9Rl/dHqo/6+ysXnz2ubFn9Tx0Tf7Fn/ecPzv1Cn/X/xX/f/PZnHyYXDsf/0ud7v/7P9YzfkbWJX+wz/sqpXx87fXcWf+2Y+j/q9b/YZ/z3/rq91uehAMAINLe2b63UatW7A21kn0KHcZ0jG1kR+zt4v7s4WNC/xEnU4jE35k7qb/XEN2YP+orDvfK3siuOuDrp0Gsx0MaD7j2/PMFY43tPAkbj4U0/7pIAAAAAAAAAAAAAAADHGcV/XRp3HQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJhc/w8AAP//iNzNbQ==") syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x802053, 0x0, 0xfc, 0x0, &(0x7f00000000c0)) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000240)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000200)='./bus\x00', 0x100000, &(0x7f0000000200)=ANY=[], 0x1, 0x0, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) 19.539292198s ago: executing program 0: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x0, 0xfff, 0x7}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TCSETS(r4, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, "ff00f7000000000000000000af88008300"}) r5 = syz_open_pts(r4, 0x141601) write(r5, &(0x7f0000000000)="d5", 0xfffffedf) ioctl$TCSETSF(r5, 0x5404, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, "78a4a500040000000000020800"}) close_range(r4, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x1000007, 0x10, 0xffffffffffffffff, 0x0) 18.344523892s ago: executing program 0: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x3, &(0x7f0000000200)=@framed, &(0x7f0000000100)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000440)) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r3 = dup3(r2, r1, 0x0) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r4, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000040)) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000740)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffd3d, 0x18, &(0x7f0000000340)={@flat=@handle, @flat=@weak_binder, @ptr={0x70742a85, 0x0, &(0x7f00000004c0)=""/161, 0xa1}}, &(0x7f0000000200)={0x0, 0x18, 0x30}}, 0x400}], 0x0, 0x0, 0x0}) 18.16540579s ago: executing program 0: bpf$PROG_LOAD_XDP(0x5, &(0x7f0000001600)={0x6, 0x5, &(0x7f0000000280)=@framed={{}, [@initr0={0x25, 0x0, 0x0, 0x0, 0x0, 0x3d, 0x0, 0x0, 0x7f}]}, &(0x7f0000000000)='syzkaller\x00', 0x5, 0x100c, &(0x7f0000000580)=""/4108, 0x0, 0x8}, 0x90) 18.081816702s ago: executing program 0: syz_mount_image$hfsplus(&(0x7f0000000600), &(0x7f0000000180)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2010410, &(0x7f0000000040)=ANY=[], 0x3, 0x657, &(0x7f0000000ac0)="$eJzs3c1vHGcdB/DvrB3HG0LqpkkbUKVajQQIi8SO5YK5EBAgHypUlQNnK3EaK5u02C5yK0TN+7WH/gHl4BsnJO6RyoUL3Hr1sRISl14wp0UzO+vXtWPnxbsun080+zyzzzPP/J7fzOzsrhVtgP9bcxMZfpgicxOvr5brG+vTrY316fvdepKzSdaS4SSNJMV/2u32J8nNpNgapthT7vPR4uybn36+8Vlnbbheqv6Nw7Y7mrV6yXiSobp8WuPdeuLxiq0Z3kxytS6h784kae/y87+f77SM7OrY7LX16MkECTxTRee+uc9Ycq6+0Mv3AZ27Yueefaqt9TsAAAAAOAHPbWYzq8WFfscBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp8Xa9u//F/XS6NbHU3R//3+kfi51fbC8crzuD59VHAAAAAAAAABwgl7ZzGZWc6G73i6qv/m/Wq1cqh6/lHeznIUs5VpWM5+VrGQpU0nGdgw0sjq/srI0dYQtb/Tc8sYjAj1bl82nM28AAAAAAAAA+IL5Tea2//4PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACDoEiGOkW1XOrWx9IYTjKaZKTst5b8s1s/zR72OwAAAAB4cs1HdXhuM5tZzYXueruoPvO/WH3uH827eZCVLGYlrSzkdvVdQOdTf2Njfbq1sT59v1z2j/v9fx8rzmrEdL576L3nK1WPZu5ksXrmWm7l7bRyO41qy9KVOp7uqHvi+nUZU/G92hEju12X5cw/rMt9PjjWZA9yzC9TxqqMnNnKyGQdW5mN57tHpvcROubR2bunqTS2gr20Z097JvFYOT9Xl+V8/nBQzvtiVyZGU611z74XD8958vW//vlnd1sP7t29szwxOFM6mqG6bFePzf3nxPSOTLz0Rc7EPpNVJi5vrc/lx/lpJjKeN7KUxfwi81nJQsbzw6o2X5/PxY5L/oBM3dy19sajIhmpz9DOwTpeTK9W217IYn6St3M7C3mt+ncjU/l2ZjKT2R1H+PLhR7i66hsHXPXtL/cM/uo36kp5z/rjUe5dJ6bM6/PdvBbZ9Zo7VrXtfGY7SxePkKVjvjYOf7W+Bst9/LYuB8PeTEztyMQLh2fiT9WUllsP7i3dnX/naLu7+GFdKa+j3w/UXaI8Xy6WB6ta2312lG0v9GybqtoubbU19rVd3mrrXKlrB16pI/V7uP0j3ajaXurZNl21XdnR1uv9FgAD79w3z400/9X8R/Pj5u+ad5uvj/7g7HfOvjySM387893hyaGvNV4u/pKP86vtz/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDjW37v/XvzrdbC0q7KWqvdbn/Qs+l0V7o/Z3aCO/3K+eSRnc8PSH6OWSmKo3b+b7vdrp8pBiT4Qyrt2qDE049Kn1+YgGfu+sr9d64vv/f+txbvz7+18NbCg9mZmdnJ2ZnXpq/fWWwtTHYe92412p9ggadq+6bf70gAAAAAAAAAAACAozqJ/07Q7zkCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp9vcRIYfpsjU5LXJcn1jfbpVLt36ds/hJI0kxS+T4pPkZjpLxnYMVxy0n48WZ9/89PONz7bHGu72b/TY7kfHm8VavWQ8yVBdPoFd493qBvvYiq0Zlgm72k0c9Nv/AgAA//+08g5/") r0 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000200)=0x10) r1 = open(&(0x7f0000000100)='.\x00', 0x0, 0x0) fstat(r1, &(0x7f0000000040)) 17.898780931s ago: executing program 0: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) 17.806222475s ago: executing program 4: r0 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r0, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x41}}, 0x10) listen(r0, 0x0) r1 = socket$tipc(0x1e, 0x5, 0x0) recvmmsg(r0, &(0x7f0000008a00)=[{{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000280)=""/4096, 0x1000}], 0x1}}], 0x1, 0x0, 0x0) sendmsg$tipc(r1, &(0x7f0000000240)={&(0x7f0000000080)=@name={0x1e, 0x2, 0x0, {{0x41}}}, 0x10, &(0x7f00000001c0)=[{&(0x7f0000000040)="e0", 0x1}], 0x1}, 0x0) 13.180908808s ago: executing program 3: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0) r1 = openat$cgroup_devices(r0, &(0x7f0000000000)='devices.deny\x00', 0x2, 0x0) write$cgroup_devices(r1, &(0x7f0000000240)=ANY=[@ANYBLOB='b *:* wmb'], 0x9) 13.001160936s ago: executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0}, 0x0, &(0x7f00000002c0)}, 0x20) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f00000001c0)='ext4_da_reserve_space\x00', r1}, 0x10) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r2, &(0x7f0000000180), 0x1b02) 12.84118976s ago: executing program 3: shmget$private(0x0, 0x4000, 0x0, &(0x7f0000000000/0x4000)=nil) shmat(0x0, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffcfff) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='numa_maps\x00') lseek(r0, 0x1000000, 0x0) 12.694415943s ago: executing program 3: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000059c0)=ANY=[@ANYBLOB="140000001000010000000000000000008000000a20000000000a05000000000000000000010000000900010073797a30000000002c000000030a01020000000000000000010000000900030073797a32000000000900010073797a300000000054000000060a010400000080000000000100000008000b40000000000900010073797a30000000002c0004802800018008000100666962001c00028008000140000000000800038fdb000000080002"], 0x568c}}, 0x0) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = syz_open_dev$video(&(0x7f00000000c0), 0x4, 0x0) ioctl$VIDIOC_G_INPUT(r2, 0x80045626, &(0x7f0000000000)) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0x2) writev(r1, &(0x7f0000000340)=[{&(0x7f0000000280)="4337962ca41d185298df9bcf61db4e1082fe0e0e7d8df2323ffeba50790330adeddff79ed6214c004e5f8328fa7e7c862b95b773de4eb6cd5573ceedb2477e83b14b21465086e50218f7aae1a17afa580d9f59940ca964986dd3ce6f09823ff8d37eaa94120f48ebae052dd1d947e4d8429d43c989df2daee6efee49129462b77c528e7ac5a4e109117f9ddbd9c925e922f0b9a90b9321da9d892dbcd0fe19e7742c754f7f61a50b7ac7d1e704078d91ddd227c778f9", 0xb6}], 0x1) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0xfffffffe) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDFONTOP_GET(r3, 0x4b6a, &(0x7f0000000000)={0x1, 0x0, 0x0, 0xfeff200d, 0x0, 0x0}) 12.481092096s ago: executing program 3: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a00009040000010301010009210008000122010009058103"], 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000240)={0x24, &(0x7f00000002c0)=ANY=[@ANYBLOB="00000c000000070001"], 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000180)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB=' '], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000001200)={0x84, 0x0, 0x0, 0x0, &(0x7f0000000040)={0x20, 0x0, 0x4, {0x1}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, &(0x7f0000002a00)={0x84, 0x0, 0x0, 0x0, &(0x7f0000002700)={0x20, 0x0, 0x4, {0x3}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f00000012c0)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000f40)=ANY=[@ANYBLOB="2000040000006fa5"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0}) syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) 9.155715558s ago: executing program 3: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x2000002, &(0x7f0000000080), 0x1, 0x53c, &(0x7f00000025c0)="$eJzs3c9vI1cdAPDvTH52mzZb6AEqYBcoLGi19sbbrqpe2r2AUFUJUXFAHLYh8UZh7XWIndKESKR/A0ggcYI/gQMSB6SeOHDjyA0hlQPSAhFog0SF0YwnqZvYjWkcm8afjzQ7P178vu/FO/Oe38TzAphYVyNiLyJmI+L1iFgsjifFEi93luznHu3vrhzs767Ef9rt1/6W5OnZseh6TebxIs/5iPjGVyO+k5yM29zeub9cq1U3i/1yq75Rbm7v3FivL69V16oPKpXbS7dvvnDr+crQ6nql/suHX1l/5Zu/+fWn3/n93pd/kBVroUjrrscwdao+cxQnMx0Rr5xHsDGYKtazYy4HH04aER+LiM/l5/9iTOX/OwGAi6zdXoz2Yvc+AHDRpfkYWJKWirGAhUjTUqkzhvd0XEprjWbr+r3G1oPVzljZ5ZhJ54q+wvfyf2eSe+u16lKelqfn+5Vj+7ci4qmI+PHcY/l+aaVRWx1PlwcAJt7jx9r/f8512v8B9LirBwB8ZMyPuwAAwMhp/wFg8mj/AWDyDND+Fzf79869LADAaPj8DwCTR/sPAJNH+w8AE+Xrr76aLe2D4vnXq29sb91vvHFjtdq8X6pvrZRWGpsbpbVGYy1/Zk/9tPxqjcbG0nOx9Wa5VW22ys3tnbv1xtaD1t38ud53qzMjqRUA8EGeuvL2H5KI2HvxsXwJcznAxEjHXQBgbKbGXQBgbMz2BZNr8PH4351rOYDx6fkw7/mem+/30/8hiL8zgv8r1z7Zf/z/eN/AfQG4WIz/w+T6cOP/Lw29HMDo9Rr/18+HydBuJ8fn/J89SgIALqQzfB+v/cNhdUKAsTptMu+h3P8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAC2YhIr4bSVoq5gJfiDQtlSKeiIjLMZPcW69Vb0bEk3ElImbmsv2lcRcaADij9C9JMf/XtcVnF46nzib/motiTvDv/+y1n7y53GptLmXH/350fO5w+rDKe687w7yCAMCQ5e13pVh3fZB/tL+7criMsjwP78S7xVTEKwf7u/nSSZmO6Xw9n/clLv0jKfY7c5E+ExFTQ4i/91ZEfOKo/sm77XYRP8nHRi4XM592x48i9hPDj9/1+z8eP31f/DRP66yzztfHj+WbDqFscNG9fSciXu51/qVxNV/3Pv/n8yvU2T2808ns8Np30BX/8Po31SN+ds5fHTTGc7/92omD7cVO2lsRz0z3ip8cxU/6xH92wPh//NRnfvRSn7T2zyOuRe/43bHKrfpGubm9c2O9vrxWXas+qFRuL92++cKt5yvlfIy6fDhSfdJfX7z+ZL+yZfW/1Cf+fM/6zx699gsD1v8X/37925/9gPhf+nzv9//pnvE7sjbxiwPGX770q77Td2fxV/vU/7T3//qA8d/5887qgD8KAIxAc3vn/nKtVt0800b2aXMY+ZzYyIo41AxP2fhTjC7WqRsz5/VbPfeN6aO+4nBz/laW44irkw69FmfaeDSqWOO9LgHn772TftwlAQAAAAAAAAAAAAAA+hnFV5fGXUcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAurv8GAAD//5S5ywU=") mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) 6.455344535s ago: executing program 4: r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000240)={0x0, 0x0, 0x2}, 0x8) 6.152810431s ago: executing program 4: syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f00000001c0)='./bus\x00', 0x40, &(0x7f00000000c0)={[{@bsdgroups}, {@nodiscard}, {@noblock_validity}, {@grpjquota}, {@grpjquota}, {@nojournal_checksum}, {@abort}, {@noload}, {@noload}]}, 0x64, 0x50a, &(0x7f0000000200)="$eJzs3VFrHFsdAPD/bHZr06Y3ueqDXvB6tZW0aHeTxrbBh1pB9Kmg1vcak00I2WRDdtM2oWiKH0AQUcEnffFF8AMIUvDFRxEK+qyoKKKtPvigncvuTtI03U227TabZn8/mMw5Z2b2f86GmZ0zc5gJYGC9FxHXI+JJmqYXImI0K89lU2y1psZ6jx/dm21MSaTpzX8mkWRl25+VZPPT2WYnI+JrX474ZvJ83NrG5tJMpVJey/Kl+vJqqbaxeXFxeWahvFBemZqavDJ9dfry9ERP2nkmIq598a8/+O7PvnTtV5+586dbfz//rUa1RrLlu9vxgvL7LWw1vdD8LnZvsPaSwY6ifLOFmeF2aww9V3L/NdcJAID2Guf4H4yIT0bEhRiNof1PZwEAAIA3UPr5kfhfEpG2d6JDOQAAAPAGyTXHwCa5YjYWYCRyuWKxNYb3w3EqV6nW6p+er66vzLXGyo5FITe/WClPZGOFx6KQNPKTzfTT/KU9+amIeDsivj863MwXZ6uVuX5f/AAAAIABcXpP//8/o63+PwAAAHDMjPW7AgAAAMBrp/8PAAAAx5/+PwAAABxrX7lxozGl2++/nru9sb5UvX1xrlxbKi6vzxZnq2urxYVqdaH5zL7lgz6vUq2ufjZW1u+W6uVavVTb2Ly1XF1fqd9afOYV2AAAAMAhevvjD/6QRMTW54abU8OJ7jbtcjXgqMrvpJJs3ma3/uNbrflfDqlSwKEY6ncFgL7J97sCQN8U+l0BoO+SA5Z3HLzz22z+id7WBwAA6L3xj3a+/5/bd8ut/RcDR56dGAaX+/8wuJr3/7sdyetkAY6VgjMAGHivfP//QGn6QhUCAAB6bqQ5JblidnlvJHK5YjHiTPO1AIVkfrFSnoiItyLi96OFDzTyk80tkwP7DAAAAAAAAAAAAAAAAAAAAAAAAABAS5omkQIAAADHWkTub8mvW8/yHx89N7L3+sCJ5L+jkb0i9M6Pb/7w7ky9vjbZKP/XTnn9R1n5pX5cwQAAAICB8EIv8N/up2/34wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACglx4/uje7PR1m3H98ISLG2sXPx8nm/GQUIuLUv5PI79ouiYihHsQfbvz5SLv4SaNaOyHbxR/uQfyt+/vGj7HsW2gX/3QP4sMge9A4/lxvt//l4r3mvP3+l494Jv+yOh//Yuf4N9Rh/z/TZYx3Hv6i1DH+/Yh38u2PP9vxkw7xz3YZ/xtf39zstCz9ScR429+f5JlYpfryaqm2sXlxcXlmobxQXpmamrwyfXX68vREaX6xUs7+to3xvY/98sl+7T/VIf7YAe0/12X7///w7qMPtZKFdvHPn20T/zc/zdZ4Pn4u++37VJZuLB/fTm+10ru9+/Pfvbtf++c6tP+g///5Ltt/4avf+XOXqwIAh6C2sbk0U6mU145totFLPwLVkDiCiW/39APTNE0b+9QrfE4SR+FraSb6fWQCAAB67elJf79rAgAAAAAAAAAAAAAAAAAAAIPrMB4ntjfm1k4q6cUjtAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeuL9AAAA//+GAdlV") unlink(&(0x7f0000000000)='./file1\x00') 2.728210819s ago: executing program 2: mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x10, 0xffffffffffffffff, 0x0) sched_setscheduler(0x0, 0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(0xffffffffffffffff, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc) r0 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@mcast1, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@private, 0x0, 0x33}, 0x0, @in=@dev, 0x0, 0x0, 0x0, 0x7}}, 0xe8) sendmmsg(r0, &(0x7f0000000480), 0x2e9, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, 0x0, 0x0) 2.258106682s ago: executing program 2: capset(&(0x7f0000000200)={0x19980330}, &(0x7f0000000040)) r0 = syz_open_dev$sg(&(0x7f0000000200), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000000080)=ANY=[@ANYBLOB="cc000000000000001a"]) 2.088688778s ago: executing program 2: ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x2e, 0x4, 0x0, 0x0, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast, @remote, {[@timestamp={0x44, 0x1c, 0x7e, 0x0, 0x9, [0x401, 0x1000, 0x5, 0x0, 0x0, 0x8]}, @timestamp_prespec={0x44, 0x3c, 0xc0, 0x3, 0x0, [{@private=0xa010100}, {@multicast1}, {@remote, 0x8}, {@dev, 0x659}, {@broadcast, 0x8000}, {@empty}, {@private=0xa010100}]}, @timestamp_prespec={0x44, 0x3c, 0x2c, 0x3, 0x0, [{@dev}, {@remote, 0x3}, {@multicast2}, {@private=0xa010101}, {@rand_addr, 0x800}, {@broadcast, 0x52b4}, {@multicast2}]}, @noop, @noop, @noop, @lsrr={0x83, 0xb, 0x0, [@private, @rand_addr]}]}}}}}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000240), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r2, 0x0) r3 = dup(r1) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000}) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_RUN(r4, 0xae80, 0x0) 1.389233966s ago: executing program 2: openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x1}]}}]}, 0x40}}, 0x0) 1.120197097s ago: executing program 2: r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000980)=@pppol2tpin6={0x18, 0x1, {0x0, r1, 0x1, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x32) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000000), 0xfea7) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0) ioctl$PPPIOCGL2TPSTATS(r0, 0x80487436, &(0x7f0000001500)) 1.097497581s ago: executing program 1: r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000a00), 0x0, 0x0) ppoll(&(0x7f0000000b00)=[{r0}], 0x1, &(0x7f0000000b40), 0x0, 0x0) 953.684123ms ago: executing program 1: syz_mount_image$hfs(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x802, &(0x7f0000000180)=ANY=[@ANYBLOB='codepage=maccroatian,iocharset=iso8859-6,umask=00000000000000000000005,file_umask=00000000000000000000006,gid=', @ANYRESHEX=0x0, @ANYBLOB="2c0025612e3c8234b62ec0d4d05bbadf9221312aac609d9960aecfc250977534112c1b89711f73ae6135d44a7bf8d9d7cbe29d53e1d0f625ce0693d8d6f33c69aca945eed077aa7320baa79a4bc23adbeb233bcf55d62fe05eb1fc66c5ed2a409a5273ab9616279fd02235a828432a1b44fc687f66c6534076cdf87ae1a67a79150a6e38766634aa4ad7cbda6688a73c6654a30d736b673084"], 0x7, 0x2db, &(0x7f0000000800)="$eJzs3c9u00oUx/HfOEmb/lGvb9urK7EBFSrBpqLAArEJQtmyZ4WAJpUqoiLaIgGbFsQS8QDseQUegg2IF4AVKx6gO6MZT1w7dZwWNXHTfj9SImc84znW2Jk5ltoIwLl1r/nj081f9mWkiiqS7kiBpLpUlfSf/q+/2NzZ2Om0W0UHqrgW9mUUtzSH6qxttvOa2nauhRfaT1XNpsswHFEU3f1ZdhAonbv7cwTSpL8P3f76iOMalj3pYtkxjFp6gM2+9vVScyWGAwA4Bfz8H/hpYtYVGQWBtOyn/TM1/++XHcDJutU5VBQVNkjN/251Fxk7vv+4XQf5nkvh7P6gmyUeJZhaz+cJxVdWZoFpBmWVLpZgan2jqpW1N2oFequGl6q26N5b8aXbNSDapZzctED/o9V0fzo+G7ei7OVD2l3f6LQn7VZO/AuFPU4eJ86jMV/MN/PQhPqoVrL+q0bGDpMbqbBnpIKajf96/yPOuFa2lnza32g0gkyVf10nF3wP3oBRqudnJOljdh8Q7CURFMXp+p5X9rFCfHarA1ot5LUKk099Wi1mWtmzsX2trD3rFD5KGY7uKZoP5oFZ0m99VjO1/g9sfMtK3ZlFX/XG1fRXRnw+E/k1q65meGjmOLhdLiUReEO46M+D4z0te68nuq257Vevn1Y6nfaW3Xic2TCyG89nt4wvqb2TeuqMaqOigjraOyiJrN0oOuqRo2EGf+1ED2i/P5ISe/vkVbZ3WVISjHqYzstG86uKLsjx2Ygiqc+uoX1P4RTZNnasU1PHVJnRoAR23WXi/M+t5P2qzqVI9i0sWKcXJ5nKHHE1yeCyS8F59z59rAxupn8Gl+rxRp+c0eVcl69KV1KFRoU9hj7OM8I09V2PeP4PAAAAAAAAAAAAAAAAAAAwbkbxlwZlnyMAAAAAAAAAAAAAAAAAAAAAAOPur37/N+9/xLvf/w35/V9gjPwJAAD//2tCdrA=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xc1, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000640)='.\x00', 0x0, 0x0) fcntl$setlease(r0, 0x400, 0x0) renameat2(r1, &(0x7f00000001c0)='./file0\x00', r1, &(0x7f0000000200)='./bus\x00', 0x0) unlinkat(r1, &(0x7f0000000180)='./bus\x00', 0x0) 912.658129ms ago: executing program 2: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a00009040000010301010009210008000122010009058103"], 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000240)={0x24, &(0x7f00000002c0)=ANY=[@ANYBLOB="00000c000000070001"], 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000180)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB=' '], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000001200)={0x84, 0x0, 0x0, 0x0, &(0x7f0000000040)={0x20, 0x0, 0x4, {0x1}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, &(0x7f0000002a00)={0x84, 0x0, 0x0, 0x0, &(0x7f0000002700)={0x20, 0x0, 0x4, {0x3}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f00000012c0)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000f40)=ANY=[@ANYBLOB="2000040000006fa5"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0}) syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) 736.677796ms ago: executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) r0 = openat2$dir(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000080), 0x18) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r0, 0x800c6613, &(0x7f0000000000)=@v1={0x0, @adiantum, 0x0, @desc1}) add_key$fscrypt_v1(&(0x7f0000000180), &(0x7f0000000400)={'fscrypt:', @desc1}, &(0x7f0000000480)={0x0, "28d7b07d54731881fe02c1203fe49696b9f26f2da4149683f065714f8a61d1f32c99064bbd27b2aa77459cff33a3a98350f1af9d51ed5bef3d63520d260804d0"}, 0x96, 0xfffffffffffffffd) pivot_root(&(0x7f0000000280)='./file0/file0\x00', 0x0) 481.341636ms ago: executing program 1: bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000380)=ANY=[@ANYBLOB="180000000000000000000000000000001805000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000b90600008500000004000000850000002300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000040)='block_plug\x00', r0}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000380)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000085000000d0"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000040)='block_plug\x00', r1}, 0x10) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700) write$cgroup_int(r2, &(0x7f0000000200), 0x43400) 268.256778ms ago: executing program 1: syz_mount_image$exfat(&(0x7f0000001500), &(0x7f0000001540)='./file0\x00', 0x20010080, &(0x7f0000000480)=ANY=[], 0x1, 0x14d7, &(0x7f0000001580)="$eJzs3Hl0lUW2KPDaVfVBiBGPERkCtWt/cMQARUREZBARGUREREREZBIBESMiIgIiBGQSMSAiIGNEZAgIiAwRIoR5nufBSCMiIiKTTAL1Fnbfy+227+K+1/0uf2T/1qqV2vnO3qcqOyvfsFbOz12G1mxcq1pDIhL/EvjrlxQhRIwQYqAQ4jYhRCCEKBdfLv7a8TwKUv61N2H/Xs+k3+wVsJuJ+5+zcf9zNu5/zsb9z9m4/zkb9z9n4/7nbNx/xnKyLdML3c4j5w5+/p+T8fk/Z+P+52zc/5yN+5+zcf9zNu5/zsb9z9m4/zkb95+xnOxmP3/mcXPHzf79Y4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDGWM1zw12khxH/Mb/a6GGOMMcYYY4wx9u/jc9/sFTDGGGOMMcYYY+z/PxBSKKFFIHKJ3CJG5BGx4hYRJ24VecVtIiJuF/HiDpFP3CnyiwKioCgkEkRhUUQYgcIKEqEoKoqJqLhLFBd3i0RRQpQUpYQTpUWSuEeUEfeKsuI+UU7cL8qLB0QFUVFUEpXFg6KKeEhUFQ+LauIRUV3UEDVFLfGoqC0eE3XE46KueELUE0+K+uIp0UA8LRqKZ0Qj8axoLJ4TTcTzoqloJpqLFqLl/1P+26KHeEf0FL1Eiugt+oh3RV/RT/QXA8RA8Z4YJN4Xg8UHIlUMEUPFh2KY+EgMFx+LEWKkGCU+EaPFGDFWjBPjxQSRJj4VE8VnYpL4XEwWU8RUMU2ki+lihvhCzBSzxGzxpZgjvhJzxTwxXywQGeJrsVAsEpniG7FYLBFZYqlYJpaLFWKlWCVWizVirVgn1osNYqPYJDaLLWKr2Ca2ix1ip9gldos9Yq/YJ/aLA+JbkS2++7/MP/8P+V1BgAAJEjRoyAW5IAZiIBZiIQ7iIC/khQhEIB7iIR/kg/yQHwpCQUiABCgCRQABgYCgKBSFKEShOBSHREiEklASHDhIgiQoA/dCWSgL5aAclIfyUAEqQkWoDJWhClSBqlAVqkE1qA7VoSbUhEfhUXgM6kAdqAt1oR7Ug/pQHxpAA2gIDaERNILG0BiaQBNoCk2hOTSHltASWkEraA2toS20hXbQDtpDe0iGZOgAHaAjdIRO0Ak6Q2foAl2gK3SDbvA2vA3vwDvQC6rL3tAH+kBf6Av9YQAMgPdgELwP78MHkApDYCh8CB/CRzAczsEIGAmjYBRUkWNgLIwDkhMgDdJgIkyESTAJJsMUmALTIB2mwwyYATNhFsyCL2EOfAVfwTyYBwsgAzJgISyCTMiExXAesmApLIPlsAJWwgpYDWtgNayD9bAONsJG2AybYStshe2wHXbCTtgNu2Ev7IX9sB9SIRuy4SAchENwCA7DYTgCR+AoHIVjcAyOw3E4ASfgJJyC03AKzsJZOAfn4QJcgEtwCS7Dmwk/NtpdYm2qkNdoqWUumUvGyBgZK2NlnIyTeWVeGZERGS/jZT6ZT+aX+WVBWVAmyARZRBaRKFGSDGVRWVRGZVQWl8VlokyUJWVJ6aSTSTJJlpFlZFlZVpaT98vy8gFZQVaUbVxlWVlWkW1dVfmwrCaryeqyhqwpa8lasrasLevIOrKurCvryXqyvnxKNpC9oT88I691prEcAk3kUGgqm8nmsoX8CF6QreRwaC3byLbyJTkSRkB72coly1dlBzkWOsrX5Th4Q3aWE6CLfEt2ld1kd/m27CFbu56yl5wMvWUfOQ36yn6yvxwgZ0INea1jNeUHMlUOkUPlh3IBfCSHy4/lCDlSjpKfyNFyjBwrx8nxcoJMk5/KifIzOUl+LifLKXKqnCbT5XQ5Q34hZ8pZcrb8Us6RX8m5cp6cLxfIDPm1XCgXyUz5jVwsl8gsuVQuk8vlCrlSrpKr5Rq5Vq6T6+UGuVFukpvlFrlVbpPb5Q65U+6Su+UeuVfuk/vlAfmtzJbfyYPyL/KQ/F4elj/II/JHeVT+JI/Jn+Vx+Ys8IX+VJ+UpeVqekWflb/KcPC8vyIvykvxdXpZX5FXppVCgpFJKq0DlUrlVjMqjYtUtKk7dqvKq21RE3a7i1R0qn7pT5VcFVEFVSCWowqqIMgqVVaRCVVQVU1F1lyqu7laJqoQqqUopp0qrJHWPKqPuVWXVfaqcul+VVw+oCqqiqqQqqwdVFfWQqqoeVtXUI6q6qqFqqlrqUVVbPabqqMdVXfWEqqeeVPXVU6qBelo1VM+oRupZ1Vg9p5qo51VT1Uw1Vy1US/WCaqVeVK1VG9VWvaTaqZdVe/WKSlavqg7qNdVRva46qTdUZ/Wm6qLeUl1VN9VdXVFXlVc9VS+VonqrPupd1Vf1U/3VADVQvacGqffVYPWBSlVD1FD1oRqmPlLD1cdqhBqpRqlP1Gg1Ro1V49R4NUGlqU/VRPWZmqQ+V5PVFDVVTVPparrq/7dKs/8H+Z/9k/zBf7z7ZrVFbVXb1Ha1Q+1Uu9RutUftUfvUPnVAHVDZKlsdVAfVIXVIHVaH1RF1RB1VR9UxdUwdV8fVCXVCnVSn1EV1Rp1Vv6lz6rw6ry6qS+qSuvy3n4HQoKVWWutA59K5dYzOo2P1LTpO36rz6tt0RN+u4/UdOp++U+fXBXRBXUgn6MK6iDYatdWkQ11UF9NRfZcuru/WibqELqlLaadL6yR9z7+cf6P1tdQtdSvdSrfWrXVb3Va30+10e91eJ+tk3UF30B11R91Jd9KddWfdRXfRXXVX3V131z10D91T99QpOkX30e/qvrqf7q8H6IH6PT1ID9KD9WCdqlP1UD1UD9PD9HA9XI/QI/QoPUqP1qP1WD1Wj9fjdZpO0xP1RD1JT9KT9WQ9VU/V6Tpdz9Az9Ew9U8/Ws/UcPUfP1XP1fD1fZ+gMvVAv1Jk6Uy/Wi3WWXqqX6uV6uV6pV+rVerVeq9fq9Xq93qg36iy9RW/R2/Q2vUPv0Lv0Lr1H79H79D59QB/Q2TpbH9QH9SF9SB/Wh/URfUQf1Uf1MX1MH9fH9Ql9Qp/UJ/VpfVqf1Wf1OX1OX9AX9CV9SV/Wl/VVffXaZV8gAxnoQAe5glxBTBATxAaxQVwQF+QN8gaRIBLEB/FBvuDOIH9QICgYFAoSgsJBkcAEGNiAgjAoGhQLosFdQfHg7iAxKBGUDEoFLigdJAX3BGWCe4OywX1BueD+oHzwQFAhqBhUCioHDwZVgoeCqsHDQbXgkaB6UCOoGdQKHg1qB48FdYLHg7rBE0G94MmgfvBU0CB4OmgYPBM0Cp4NGgfPBU2C54OmQbOgedAiaPlvre/9uQIvup6ml0kxvU0f867pa/qZ/maAGWjeM4PM+2aw+cCkmiFmqPnQDDMfmeHmYzPCjDSjzCdmtBljxppxZryZYNLMp2ai+cxMMp+byWaKmWqmmXQz3cwwX5iZZpaZbb40c8xXZq6ZZ+abBSbDfG0WmkUm03xjFpslJsssNcvMcrPCrDSrzGqzxqw168x6s8FsNJvMZrPFbDXbzHazw+w0u8xus8fsNfvMfnPAfGuyzXfmoPmLOWS+N4fND+aI+dEcNT+ZY+Znc9z8Yk6YX81Jc8qcNmfMWfObOWfOmwvmorlkfjeXzRVz1fhrF/fXTu+oUWMuzIUxGIOxGItxGId5MS9GMILxGI/5MB/mx/xYEAtiAiZgESyC1xASFsWiGMUoFsfimIiJWBJLokOHSZiEZbAMlsWyWA7LYXksjxWwAlbCSvggPogP4UP4MD6Mj+AjWANrYC2shbWxNtbBOlgX62I9rIf1sT42wAbYEBtiI2yEjbExNsEm2BSbYnNsji2xJbbCVtgaW2NbbIvtsB22x/aYjMnYATtgR+yInbATdsbO2AW7YFfsit2xO/bAHtgTe2IKpmAf7IN9sS/2x/44EAfiIByEg3EwpmIqDsWhOAyH4XAcjiNwJI7CT3A0jsGxOA7H4wRMwzSciBNxEk7CyTgZp+JUTMd0nIEzcCbOxNk4G+fgHJyLc3E+zscMzMCFuBAzMRMX42LMwixchstwBa7AVbgK1+AaXIfrcANuwE24CbfgFtyG23AH7sBduAv34B7ch/vwAB7AbMzGg3gQD+EhPIyH8QgewaN4FI/hMTyOx/EEnsCTeBJP42k8i2fxHJ7DC3gBL+HveBmv4FX0GGPz2Fh7i42zt9q89jb7j3FBW8gm2MK2iDU2vy3wdzFaaxNtCVvSlrLOlrZJ9p4/xRVsRVvJVrYP2ir2IVv1T3Ft+5itYx+3de0TtpZ99O/ievZJW98+ZxvY521D28w2si1sY/ucbWKft01tM9vctrDt7Mu2vX3FJttXbQf72p/ihXaRXWPX2nV2vd1n99sL9qI9Zn+2l+zvtqftZQfa9+wg+74dbD+wqXbIn+JR9hM72o6xY+04O95O+FM81U6z6Xa6nWG/sDPtrD/FGfZrO8dm2rl2np1vF/wRX1tTpv3GLrZLbJZdapfZ5XaFXWlX2dX/udbldqPdZDfbPXav3Wa32x12p91ld/8RX9vHAfutzbbf2aP2J3vIfm8P2+P2iP3xj/ja/o7bX+wJ+6s9aU/Z0/aMPWt/s+fs+T/2f23vZ+wVe9V6KwhIkiJNAeWi3BRDeSiWbqE4upXy0m0Uodspnu6gfHQn5acCVJAKUQIVpiJkCMkSUUhFqRhF6S4qTndTIpWgklSKHJWmJLqHytC9VJbuo3J0P5WnB6gCVaRKVJkepCr0EFWlh6kaPULVqQbVpFr0KNWmx6gOPU516QmqR09SfXqKGtDT1JCeoUb0LDWm56gJPU9NqRk1pxbUkl6gVvQitaY21JZeonb0MrWnVyiZXqUO9Bp1pNepE71BnelN6kJvUVfqRt3pbepB71BP6kUp1Jv60LvUl/pRfxpAA+k9GkTv02D6gFJpCA2lD2kYfUTD6WMaQSNpFH1Co2kMjaVxNJ4mUBp9ShPpM5pEn9NkmkJTaRql03SaQV/QTJpFs+lLmkNf0VyaR/NpAWXQ17SQFlEmfUOLaQll0VJaRstpBa2kVbSa1tBaWkfraQNtpE20mbbQVtpG22kH7aRdtJv20F7aR/vpAH1L2fQdHaS/0CH6ng7TD3SEfqSj9BMdo5/pOP1CJ+hXOkmn6DSdobP0G52j83SBLtIl+p0u0xW6Sp5ECKEMVajDIMwV5g5jwjxhbHhLGBfeGuYNbwsj4e1hfHhHmC+8M8wfFggLhoXChLBwWCQ0IYY2pDAMi4bFwmh4V1g8vDtMDEuEJcNSoQtLh0nhPWGZ8N6wbHhfWC68PywfPhBWCCuGzz1ROXwwrBI+FFYNHw6rhY+E1cMaYc2wVvhoWDt8LKwTPh7WDZ8Iy4ZPhvXDp8IG4dNhw/CZsFH4bNg4fC5sEj4fNg2bhc3DFmHL8IWwVfhi2DpsE7YNXwrbhS+H7cNXwuTw1bBD+NoNj6eEvcM+4bvhu6H3j6v50QXRjOjX0YXRRdHM6DfRxdEl0azo0uiy6PLoiujK6Kro6uia6Nrouuj66Iboxuim6Oao97VyCwdOOuW0C1wul9vFuDwu1t3i4tytLq+7zUXc7S7e3eHyuTtdflfAFXSFXIIr7Io449BZRy50RV0xF3V3ueLubpfoSriSrpRzrrRLci1cS9fStXIvutaujWvrXnIvuZfdy+4V94p71XVwr7mO7nXXyb3hOrs33ZvuLdfVdXPd3duuh3vH9XS9XIpLcX1cH9fX9XX9XX830A10g9wgN9gNdqku1Q11Q90wN8wNd8PdCDfCjXKj3Gg32o11Y914N96luTQ30U10k9wkN9lNdlPdVJfu0t0MN8PNdDPdbDfbzUmc4+a6uW6+m+8yXIZb6Ba6TJfpFrvFLstluWVumVvhVrhVbpVb49a4dW6d2+A2uE1uk9vitrhtbpvb4Xa4XW6X2+P2uH1unzvgDrhsl+0OuoPukDvkDrsf3BH3ozvqfnLH3M/uuPvFnXC/upPulDvtzriz7jd3zp13F9xFd8n97i67K+6q8y4t8mlkYuSzyKTI55HJkSmRqZFpkfTI9MiMyBeRmZFZkdmRLyNzIl9F5kbmReZHFkQyIl9HFkYWRTIj30QWR5ZEsiJLI8siyyMrIisj3hfeFvqivpiP+rt8cX+3T/QlfElfyjtf2if5e3wZf68v6+/z5fz9vrx/wFfwFX0l/7xv6pv55r6Fb+lf8K38i761b+Pb+pd8O/+yb+9f8cn+Vd/Bv+Y7+td9J/+G7+zf9F38W76r7+a7+7d9D/+O7+l7+RTf2/fx7/q+vp/v7wf4gf49P8i/7wf7D3yqH+KH+g/9MP+RH+4/9iP8SD/Kf+JH+zF+rB/nx/sJPs1/6if6z/wk/7mf7Kf4qX6aT/fT/Qz/hZ/pZ/nZ/ks/x3/l5/p5fr5f4DP8136hX+Qz/Td+sV/is/xSv8wv9yv8Sr/Kr/Zr/Fq/zq/3G/xGv8lv9lv8Vr/Nb/c7/E6/y+/2e/xev8/v9wf8tz7bf+cP+r/4Q/57f9j/4I/4H/1R/5M/5n/2x/0v/oT/1Z/0p/xpf8af9b/5c/68v+Av+kv+d3/ZX/FX+X/WGGOMMcb+R9QNjvf+J9+TfxvX9BFC3Lq90JF/rLkh/1/n/WRCu4gQ4tVeXZ75j1G9ekpKyt9em6VEUGyeECJyPT+XuB4vFW3FyyJZtBFl/un6+slul+gG9aP3CxH7X3JixPX4ev17/5v6Y+bcsP48IRKLXc/JI67H1+uX/W/qF2h1g/p5vk8TovV/yYkT1+Pr9ZPEi+I1kfx3r2SMMcYYY4wxxv6qn6zU6Ub3t9fuzxP09Zzc4np8o/tzxhhjjDHGGGOM3XxvdOv+ygvJyW068YQnPOHJf05u9l8mxhhjjDHG2L/b9Yv+m70SxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGMs5/rf+Dixm71HxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhj7Gb7PwEAAP//Z8824A==") r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000100)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000140), 0x4) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='cgroup.events\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f00000006c0)={'#! ', './file1'}, 0xb) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x800001, 0x10012, r1, 0x0) getsockopt$bt_hci(r0, 0x11a, 0x3, 0x0, &(0x7f00000004c0)=0x4) 0s ago: executing program 1: ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x2e, 0x4, 0x0, 0x0, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast, @remote, {[@timestamp={0x44, 0x1c, 0x7e, 0x0, 0x9, [0x401, 0x1000, 0x5, 0x0, 0x0, 0x8]}, @timestamp_prespec={0x44, 0x3c, 0xc0, 0x3, 0x0, [{@private=0xa010100}, {@multicast1}, {@remote, 0x8}, {@dev, 0x659}, {@broadcast, 0x8000}, {@empty}, {@private=0xa010100}]}, @timestamp_prespec={0x44, 0x3c, 0x2c, 0x3, 0x0, [{@dev}, {@remote, 0x3}, {@multicast2}, {@private=0xa010101}, {@rand_addr, 0x800}, {@broadcast, 0x52b4}, {@multicast2}]}, @noop, @noop, @noop, @lsrr={0x83, 0xb, 0x0, [@private, @rand_addr]}]}}}}}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000240), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r2, 0x0) r3 = dup(r1) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000}) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_RUN(r4, 0xae80, 0x0) kernel console output (not intermixed with test programs): link becomes ready [ 201.089594][ T5874] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 201.113327][ T5874] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 201.129638][ T5874] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 201.152741][ T5874] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 201.170472][ T5874] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 201.181731][ T5874] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 201.191713][ T5874] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 201.202261][ T5874] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 201.212967][ T5874] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 201.236337][ T5874] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 201.270233][ T5874] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 201.287683][ T4184] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 201.303585][ T4184] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 201.326093][ T5874] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 201.349272][ T5874] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 201.365101][ T5874] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 201.384241][ T5874] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 201.533496][ T6098] loop2: detected capacity change from 0 to 16 [ 201.548125][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 201.570995][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 201.597386][ T6098] erofs: (device loop2): mounted with root inode @ nid 36. [ 201.612890][ T4200] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 201.630073][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 201.634883][ T6082] loop1: detected capacity change from 0 to 32768 [ 201.647127][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 201.656549][ T4202] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 201.682363][ T4200] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 201.684521][ T6082] ERROR: (device loop1): xtTruncate_pmap: XT_GETPAGE: xtree page corrupt [ 201.684521][ T6082] [ 201.736263][ T6082] ERROR: (device loop1): remounting filesystem as read-only [ 201.757387][ T6082] ERROR: (device loop1): jfs_unlink: [ 201.757387][ T6082] [ 201.837570][ T3570] ERROR: (device loop1): xtTruncate: XT_GETPAGE: xtree page corrupt [ 201.837570][ T3570] [ 201.863078][ T3570] ERROR: (device loop1): remounting filesystem as read-only [ 201.924120][ T4202] usb 4-1: Using ep0 maxpacket: 8 [ 202.043241][ T4202] usb 4-1: config 0 has no interfaces? [ 202.136336][ T4202] usb 4-1: New USB device found, idVendor=05ac, idProduct=8501, bcdDevice=20.9d [ 202.156371][ T4202] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=105 [ 202.181807][ T4202] usb 4-1: SerialNumber: syz [ 202.695097][ T6119] loop1: detected capacity change from 0 to 4096 [ 202.739560][ T6119] __ntfs_error: 24 callbacks suppressed [ 202.739603][ T6119] ntfs: (device loop1): check_mft_mirror(): $MFT and $MFTMirr (record 0) do not match. Run ntfsfix or chkdsk. [ 202.757220][ T6119] ntfs: (device loop1): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 202.913702][ T6119] ntfs: volume version 3.1. [ 202.921879][ T6119] ntfs: (device loop1): ntfs_read_locked_attr_inode(): Failed with error code -2 while reading attribute inode (mft_no 0x1a, type 0x80, name_len 4). Marking corrupt inode and base inode 0x1a as bad. Run chkdsk. [ 202.942702][ T6119] ntfs: (device loop1): load_and_init_usnjrnl(): Failed to load $UsnJrnl/$DATA/$Max attribute. [ 202.953065][ T6119] ntfs: (device loop1): load_system_files(): Failed to load $UsnJrnl. Will not be able to remount read-write. Run chkdsk. [ 202.993870][ T4202] usb 4-1: config 0 descriptor?? [ 203.163389][ T27] audit: type=1800 audit(1718032068.982:253): pid=6121 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=1966 res=0 errno=0 [ 203.185724][ T3621] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 203.259505][ T4203] usb 4-1: USB disconnect, device number 10 [ 204.439039][ T3621] usb 3-1: New USB device found, idVendor=249c, idProduct=9002, bcdDevice=de.ad [ 204.465941][ T3621] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 204.503955][ T3621] usb 3-1: config 0 descriptor?? [ 204.547523][ T3621] usb 3-1: can't set config #0, error -71 [ 204.555342][ T3621] usb 3-1: USB disconnect, device number 5 [ 204.699824][ T6145] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 204.734339][ T6147] loop4: detected capacity change from 0 to 256 [ 204.741304][ T6145] netlink: 'syz-executor.2': attribute type 1 has an invalid length. [ 204.758551][ T6145] netlink: 'syz-executor.2': attribute type 2 has an invalid length. [ 204.770006][ T6145] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.2'. [ 204.786116][ T6149] loop1: detected capacity change from 0 to 2048 [ 204.815893][ T6147] 9pnet_virtio: no channels available for device @ [ 204.844407][ T6149] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 204.915742][ T27] audit: type=1326 audit(1718032070.752:254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6148 comm="syz-executor.1" exe="/root/syz-executor.1" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2baba7cf69 code=0x0 [ 204.952671][ T4398] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 205.109357][ T4203] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 205.202911][ T4398] usb 4-1: Using ep0 maxpacket: 16 [ 205.327102][ T4398] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 205.347405][ T4398] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 205.358155][ T4398] usb 4-1: New USB device found, idVendor=17ef, idProduct=6009, bcdDevice= 0.00 [ 205.362665][ T4203] usb 3-1: Using ep0 maxpacket: 8 [ 205.367461][ T4398] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 205.393259][ T4398] usb 4-1: config 0 descriptor?? [ 205.493343][ T4203] usb 3-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 205.508288][ T4203] usb 3-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 205.537375][ T4203] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 205.637828][ T6143] loop3: detected capacity change from 0 to 64 [ 205.655115][ T3769] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 205.697101][ T6143] hfs: request for non-existent node 16777216 in B*Tree [ 205.706268][ T6143] hfs: request for non-existent node 16777216 in B*Tree [ 205.721179][ T3769] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 205.723627][ T4203] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 205.753001][ T6166] loop4: detected capacity change from 0 to 32768 [ 205.768343][ T6166] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop4 scanned by syz-executor.4 (6166) [ 205.770618][ T3769] EXT4-fs (loop1): This should not happen!! Data will be lost [ 205.770618][ T3769] [ 205.791253][ T3769] EXT4-fs (loop1): Total free blocks count 0 [ 205.797670][ T3769] EXT4-fs (loop1): Free/Dirty block details [ 205.798598][ T4203] usbtmc 3-1:16.0: bulk endpoints not found [ 205.804028][ T3769] EXT4-fs (loop1): free_blocks=2415919104 [ 205.815904][ T6166] BTRFS info (device loop4): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 205.821602][ T3769] EXT4-fs (loop1): dirty_blocks=16 [ 205.835927][ T3769] EXT4-fs (loop1): Block reservation details [ 206.465462][ T3620] usb 3-1: USB disconnect, device number 6 [ 206.476685][ T6166] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [ 206.694033][ T6166] BTRFS info (device loop4): disabling tree log [ 206.703747][ T3769] EXT4-fs (loop1): i_reserved_data_blocks=1 [ 206.713465][ T6166] BTRFS info (device loop4): metadata ratio 65537 [ 206.719977][ T6166] BTRFS info (device loop4): metadata ratio 64 [ 206.727281][ T46] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 15 with max blocks 1 with error 28 [ 206.727910][ T4398] lenovo 0003:17EF:6009.0005: hidraw0: USB HID vff.fe Device [HID 17ef:6009] on usb-dummy_hcd.3-1/input0 [ 206.749272][ T6166] BTRFS info (device loop4): using free space tree [ 206.935283][ T4202] usb 4-1: USB disconnect, device number 11 [ 206.987240][ T6166] BTRFS info (device loop4): enabling ssd optimizations [ 207.259482][ T5841] BTRFS info (device loop4): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 208.474664][ T6222] loop3: detected capacity change from 0 to 4096 [ 208.552954][ T6222] ntfs: (device loop3): check_mft_mirror(): $MFT and $MFTMirr (record 1) do not match. Run ntfsfix or chkdsk. [ 208.589162][ T6222] ntfs: (device loop3): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 208.604050][ T6222] ntfs: (device loop3): ntfs_read_locked_inode(): First extent of $DATA attribute has non zero lowest_vcn. [ 208.624768][ T6222] ntfs: (device loop3): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xa as bad. Run chkdsk. [ 208.647115][ T6222] ntfs: (device loop3): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 208.660978][ T6222] ntfs: volume version 3.1. [ 208.675484][ T6222] ntfs: (device loop3): ntfs_check_logfile(): Did not find any restart pages in $LogFile and it was not empty. [ 208.694459][ T6222] ntfs: (device loop3): load_system_files(): Failed to load $LogFile. Will not be able to remount read-write. Mount in Windows. [ 208.719844][ T6222] ntfs: (device loop3): ntfs_lookup_inode_by_name(): Index entry out of bounds in directory inode 0x5. [ 208.734829][ T6230] loop4: detected capacity change from 0 to 256 [ 208.740876][ T6222] ntfs: (device loop3): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys. [ 208.762411][ T6222] ntfs: (device loop3): load_system_files(): Failed to determine if Windows is hibernated. Will not be able to remount read-write. Run chkdsk. [ 210.130968][ T6258] loop2: detected capacity change from 0 to 1024 [ 210.469777][ T6259] loop4: detected capacity change from 0 to 256 [ 211.160040][ T6266] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 211.464527][ T6258] EXT4-fs: Ignoring removed orlov option [ 211.485752][ T6258] EXT4-fs (loop2): Test dummy encryption mode enabled [ 211.525054][ T6258] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 211.864360][ T6256] fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-aesni" [ 211.865357][ T6279] loop1: detected capacity change from 0 to 4096 [ 211.956021][ T6279] ntfs: volume version 3.1. [ 212.187061][ T6297] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 212.203655][ T3582] EXT4-fs (loop2): unmounting filesystem. [ 212.379769][ T6302] loop1: detected capacity change from 0 to 1024 [ 212.468557][ T6302] EXT4-fs error (device loop1): ext4_orphan_get:1422: comm syz-executor.1: bad orphan inode 2097152 [ 212.708531][ T6302] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 213.233878][ T6300] EXT4-fs error (device loop1): __ext4_new_inode:1071: comm syz-executor.1: reserved inode found cleared - inode=18 [ 213.412083][ T3570] EXT4-fs (loop1): unmounting filesystem. [ 213.626931][ T6322] loop2: detected capacity change from 0 to 4096 [ 213.679877][ T6322] __ntfs_error: 22 callbacks suppressed [ 213.679897][ T6322] ntfs: (device loop2): check_mft_mirror(): $MFT and $MFTMirr (record 1) do not match. Run ntfsfix or chkdsk. [ 213.725837][ T6322] ntfs: (device loop2): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 213.766264][ T6322] ntfs: (device loop2): ntfs_read_locked_inode(): First extent of $DATA attribute has non zero lowest_vcn. [ 213.819358][ T6322] ntfs: (device loop2): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xa as bad. Run chkdsk. [ 213.903042][ T6322] ntfs: (device loop2): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 213.934781][ T6322] ntfs: volume version 3.1. [ 213.981931][ T6322] ntfs: (device loop2): ntfs_check_logfile(): Did not find any restart pages in $LogFile and it was not empty. [ 214.042896][ T6322] ntfs: (device loop2): load_system_files(): Failed to load $LogFile. Will not be able to remount read-write. Mount in Windows. [ 217.697027][ T6322] ntfs: (device loop2): ntfs_lookup_inode_by_name(): Failed to map directory index page, error 4. [ 217.752008][ T6322] ntfs: (device loop2): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys. [ 217.794023][ T6322] ntfs: (device loop2): load_system_files(): Failed to determine if Windows is hibernated. Will not be able to remount read-write. Run chkdsk. [ 218.519676][ T6364] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 218.540763][ T6364] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 218.658447][ T6368] netlink: 'syz-executor.2': attribute type 11 has an invalid length. [ 219.001742][ T6376] loop3: detected capacity change from 0 to 164 [ 219.034587][ T6376] rock: corrupted directory entry. extent=41, offset=65536, size=8 [ 219.063323][ T6376] rock: corrupted directory entry. extent=41, offset=65536, size=8 [ 219.315862][ T6378] loop1: detected capacity change from 0 to 16 [ 219.399646][ T6378] erofs: (device loop1): mounted with root inode @ nid 36. [ 219.578574][ T6352] loop4: detected capacity change from 0 to 32768 [ 219.618225][ T6352] BTRFS: device fsid 34a2da50-e117-4d40-8878-8e0fb0127b5f devid 1 transid 8 /dev/loop4 scanned by syz-executor.4 (6352) [ 219.659931][ T6352] BTRFS info (device loop4): first mount of filesystem 34a2da50-e117-4d40-8878-8e0fb0127b5f [ 219.678958][ T6352] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm [ 219.689743][ T6352] BTRFS info (device loop4): using free space tree [ 219.899647][ T6399] loop3: detected capacity change from 0 to 512 [ 219.917556][ T3616] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 220.025701][ T6399] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: comm syz-executor.3: inode #1: comm syz-executor.3: iget: illegal inode # [ 220.045746][ T6399] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz-executor.3: error while reading EA inode 1 err=-117 [ 220.060828][ T6399] EXT4-fs warning (device loop3): ext4_expand_extra_isize_ea:2810: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 220.076662][ T6399] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: comm syz-executor.3: inode #1: comm syz-executor.3: iget: illegal inode # [ 220.101861][ T6399] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz-executor.3: error while reading EA inode 1 err=-117 [ 220.117496][ T6399] EXT4-fs (loop3): 1 orphan inode deleted [ 220.123421][ T6399] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 220.453558][ T3616] usb 2-1: New USB device found, idVendor=249c, idProduct=9002, bcdDevice=de.ad [ 220.542402][ T3616] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 220.724690][ T6352] BTRFS info (device loop4): enabling ssd optimizations [ 220.754242][ T3616] usb 2-1: config 0 descriptor?? [ 220.771497][ T27] kauditd_printk_skb: 5 callbacks suppressed [ 220.771511][ T27] audit: type=1800 audit(1718032086.602:256): pid=6352 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="file1" dev="loop4" ino=260 res=0 errno=0 [ 220.830536][ T27] audit: type=1804 audit(1718032086.632:257): pid=6352 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir4148853244/syzkaller.Go5U7E/26/file0/file1" dev="loop4" ino=260 res=1 errno=0 [ 220.840539][ T6417] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.2'. [ 220.902246][ T27] audit: type=1804 audit(1718032086.732:258): pid=6418 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.4" name="/root/syzkaller-testdir4148853244/syzkaller.Go5U7E/26/file0/file1" dev="loop4" ino=260 res=1 errno=0 [ 220.915747][ T3573] EXT4-fs (loop3): unmounting filesystem. [ 221.024051][ T3616] snd-usb-hiface: probe of 2-1:0.0 failed with error -22 [ 221.031571][ T27] audit: type=1804 audit(1718032086.772:259): pid=6418 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.4" name="/root/syzkaller-testdir4148853244/syzkaller.Go5U7E/26/file0/file1" dev="loop4" ino=260 res=1 errno=0 [ 221.092194][ T11] BTRFS info (device loop4): qgroup scan completed (inconsistency flag cleared) [ 221.111370][ T6420] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.3'. [ 221.252489][ T3616] usb 2-1: USB disconnect, device number 8 [ 221.337192][ T5841] BTRFS info (device loop4): last unmount of filesystem 34a2da50-e117-4d40-8878-8e0fb0127b5f [ 223.077127][ T6437] loop1: detected capacity change from 0 to 2048 [ 223.271520][ T6437] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 223.320794][ T27] audit: type=1326 audit(1718032089.152:260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6436 comm="syz-executor.1" exe="/root/syz-executor.1" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2baba7cf69 code=0x0 [ 223.428867][ T6426] loop3: detected capacity change from 0 to 32768 [ 223.556596][ T6426] ERROR: (device loop3): xtTruncate_pmap: XT_GETPAGE: xtree page corrupt [ 223.556596][ T6426] [ 223.595310][ T6426] ERROR: (device loop3): remounting filesystem as read-only [ 223.607691][ T6426] ERROR: (device loop3): jfs_unlink: [ 223.607691][ T6426] [ 223.616493][ T6426] ERROR: (device loop3): remounting filesystem as read-only [ 223.663145][ T3573] ERROR: (device loop3): xtTruncate: XT_GETPAGE: xtree page corrupt [ 223.663145][ T3573] [ 223.923231][ T3770] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 223.963612][ T3770] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 224.002940][ T3770] EXT4-fs (loop1): This should not happen!! Data will be lost [ 224.002940][ T3770] [ 224.018873][ T3770] EXT4-fs (loop1): Total free blocks count 0 [ 224.042603][ T3770] EXT4-fs (loop1): Free/Dirty block details [ 224.048577][ T3770] EXT4-fs (loop1): free_blocks=2415919104 [ 224.078401][ T3770] EXT4-fs (loop1): dirty_blocks=16 [ 224.092706][ T3770] EXT4-fs (loop1): Block reservation details [ 224.098754][ T3770] EXT4-fs (loop1): i_reserved_data_blocks=1 [ 224.123782][ T3770] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 15 with max blocks 1 with error 28 [ 224.228404][ T6454] loop2: detected capacity change from 0 to 32768 [ 224.246785][ T6454] BTRFS: device fsid 34a2da50-e117-4d40-8878-8e0fb0127b5f devid 1 transid 8 /dev/loop2 scanned by syz-executor.2 (6454) [ 224.281623][ T6454] BTRFS info (device loop2): first mount of filesystem 34a2da50-e117-4d40-8878-8e0fb0127b5f [ 225.186997][ T6454] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 225.197983][ T6454] BTRFS info (device loop2): using free space tree [ 225.224677][ T6467] Bluetooth: MGMT ver 1.22 [ 225.261284][ T6457] loop4: detected capacity change from 0 to 32768 [ 225.287274][ T6457] ERROR: (device loop4): jfs_readdir: JFS:Dtree error: ino = 2, bn=0, index = 1 [ 225.287274][ T6457] [ 225.423179][ T6454] BTRFS info (device loop2): enabling ssd optimizations [ 225.480521][ T27] audit: type=1800 audit(1718032091.312:261): pid=6454 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="file1" dev="loop2" ino=260 res=0 errno=0 [ 225.602051][ T27] audit: type=1804 audit(1718032091.362:262): pid=6454 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir288594978/syzkaller.asIzYO/226/file0/file1" dev="loop2" ino=260 res=1 errno=0 [ 225.664201][ T27] audit: type=1804 audit(1718032091.382:263): pid=6454 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir288594978/syzkaller.asIzYO/226/file0/file1" dev="loop2" ino=260 res=1 errno=0 [ 225.719701][ T27] audit: type=1804 audit(1718032091.392:264): pid=6454 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir288594978/syzkaller.asIzYO/226/file0/file1" dev="loop2" ino=260 res=1 errno=0 [ 225.810824][ T3582] BTRFS info (device loop2): last unmount of filesystem 34a2da50-e117-4d40-8878-8e0fb0127b5f [ 225.928638][ T6502] loop4: detected capacity change from 0 to 256 [ 225.978680][ T6504] loop1: detected capacity change from 0 to 64 [ 226.476874][ T6513] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 227.141955][ T6514] loop3: detected capacity change from 0 to 512 [ 227.356150][ T6514] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: comm syz-executor.3: inode #1: comm syz-executor.3: iget: illegal inode # [ 227.371647][ T6514] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz-executor.3: error while reading EA inode 1 err=-117 [ 227.387170][ T6514] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: comm syz-executor.3: inode #1: comm syz-executor.3: iget: illegal inode # [ 227.403644][ T6514] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz-executor.3: error while reading EA inode 1 err=-117 [ 227.420640][ T6514] EXT4-fs (loop3): 1 orphan inode deleted [ 227.426919][ T6514] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 228.035321][ T3573] EXT4-fs (loop3): unmounting filesystem. [ 228.322699][ T3619] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 228.592805][ T3619] usb 2-1: Using ep0 maxpacket: 16 [ 228.712942][ T3619] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 228.712980][ T3619] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 228.713018][ T3619] usb 2-1: New USB device found, idVendor=17ef, idProduct=6009, bcdDevice= 0.00 [ 228.713044][ T3619] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 228.720120][ T3619] usb 2-1: config 0 descriptor?? [ 228.965186][ T6524] loop1: detected capacity change from 0 to 64 [ 228.996189][ T6524] hfs: request for non-existent node 16777216 in B*Tree [ 228.996254][ T6524] hfs: request for non-existent node 16777216 in B*Tree [ 229.039137][ T6563] loop3: detected capacity change from 0 to 256 [ 229.065169][ T6563] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0xff6f124c, utbl_chksum : 0xe619d30d) [ 229.269398][ T3619] lenovo 0003:17EF:6009.0006: hidraw0: USB HID vff.fe Device [HID 17ef:6009] on usb-dummy_hcd.1-1/input0 [ 230.101321][ T3619] usb 2-1: USB disconnect, device number 9 [ 230.381504][ T6581] loop3: detected capacity change from 0 to 4096 [ 230.466044][ T6581] ntfs3: loop3: failed to convert "0080" to cp936 [ 230.488832][ T6581] ntfs3: loop3: failed to convert name for inode 1e. [ 230.666446][ T6593] loop4: detected capacity change from 0 to 2048 [ 230.687364][ T6593] UDF-fs: error (device loop4): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 230.689284][ T6593] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 230.727658][ T6597] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 230.731284][ T27] audit: type=1804 audit(1718032096.562:265): pid=6593 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir4148853244/syzkaller.Go5U7E/42/file0/file1" dev="loop4" ino=1346 res=1 errno=0 [ 230.742248][ T6597] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 230.918162][ T6605] loop1: detected capacity change from 0 to 64 [ 230.949656][ T6605] syz-executor.1: attempt to access beyond end of device [ 230.949656][ T6605] loop1: rw=0, sector=8192, nr_sectors = 2 limit=64 [ 230.972875][ T6605] Buffer I/O error on dev loop1, logical block 4096, async page read [ 230.981160][ T6605] syz-executor.1: attempt to access beyond end of device [ 230.981160][ T6605] loop1: rw=0, sector=8192, nr_sectors = 2 limit=64 [ 231.046893][ T6605] Buffer I/O error on dev loop1, logical block 4096, async page read [ 231.096866][ T27] audit: type=1800 audit(1718032096.932:266): pid=6605 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor.1" name="file1" dev="loop1" ino=5 res=0 errno=0 [ 231.227593][ T6604] Trying to free block not in datazone [ 231.274058][ T6615] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. [ 231.473141][ T6621] loop2: detected capacity change from 0 to 512 [ 231.626076][ T6621] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: comm syz-executor.2: inode #1: comm syz-executor.2: iget: illegal inode # [ 231.641119][ T6621] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz-executor.2: error while reading EA inode 1 err=-117 [ 231.656540][ T6621] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: comm syz-executor.2: inode #1: comm syz-executor.2: iget: illegal inode # [ 231.671445][ T6621] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz-executor.2: error while reading EA inode 1 err=-117 [ 231.686120][ T6621] EXT4-fs (loop2): 1 orphan inode deleted [ 231.691940][ T6621] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 232.442641][ T3582] EXT4-fs (loop2): unmounting filesystem. [ 232.632712][ T4397] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 232.721349][ T3619] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 232.861647][ T6639] loop2: detected capacity change from 0 to 164 [ 232.960094][ T6639] rock: corrupted directory entry. extent=41, offset=65536, size=8 [ 232.989020][ T6639] rock: corrupted directory entry. extent=41, offset=65536, size=8 [ 233.165065][ T3619] usb 2-1: New USB device found, idVendor=0c45, idProduct=614a, bcdDevice=e6.af [ 233.227250][ T3619] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 233.623639][ T3619] usb 2-1: config 0 descriptor?? [ 233.667378][ T3619] gspca_main: sonixj-2.14.0 probing 0c45:614a [ 233.702746][ T4397] usb 5-1: Using ep0 maxpacket: 16 [ 233.833910][ T6647] loop3: detected capacity change from 0 to 64 [ 233.835295][ T4397] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 233.872813][ T3619] gspca_sonixj: reg_w1 err -71 [ 233.878522][ T3619] sonixj: probe of 2-1:0.0 failed with error -71 [ 233.883804][ T4397] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 233.898285][ T3619] usb 2-1: USB disconnect, device number 10 [ 233.904754][ T6647] syz-executor.3: attempt to access beyond end of device [ 233.904754][ T6647] loop3: rw=0, sector=8192, nr_sectors = 2 limit=64 [ 233.918695][ T4397] usb 5-1: New USB device found, idVendor=17ef, idProduct=6009, bcdDevice= 0.00 [ 233.938892][ T6647] Buffer I/O error on dev loop3, logical block 4096, async page read [ 233.952447][ T4397] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 233.968258][ T6647] syz-executor.3: attempt to access beyond end of device [ 233.968258][ T6647] loop3: rw=0, sector=8192, nr_sectors = 2 limit=64 [ 233.995928][ T4397] usb 5-1: config 0 descriptor?? [ 234.005901][ T6647] Buffer I/O error on dev loop3, logical block 4096, async page read [ 234.031126][ T27] audit: type=1800 audit(1718032099.862:267): pid=6647 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor.3" name="file1" dev="loop3" ino=5 res=0 errno=0 [ 234.059175][ T6646] Trying to free block not in datazone [ 234.258135][ T6630] loop4: detected capacity change from 0 to 64 [ 234.310898][ T6630] hfs: request for non-existent node 16777216 in B*Tree [ 234.339163][ T6630] hfs: request for non-existent node 16777216 in B*Tree [ 234.616711][ T4397] lenovo 0003:17EF:6009.0007: hidraw0: USB HID vff.fe Device [HID 17ef:6009] on usb-dummy_hcd.4-1/input0 [ 234.906522][ T4307] usb 5-1: USB disconnect, device number 11 [ 235.065017][ T6655] loop3: detected capacity change from 0 to 32768 [ 235.108530][ T6655] ERROR: (device loop3): jfs_readdir: JFS:Dtree error: ino = 2, bn=0, index = 1 [ 235.108530][ T6655] [ 235.122436][ T6684] program syz-executor.1 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 235.781404][ T6700] binder: 6698:6700 unknown command 16456 [ 235.789393][ T6700] binder: 6698:6700 ioctl c0306201 20000380 returned -22 [ 235.889824][ T6701] loop4: detected capacity change from 0 to 512 [ 236.118385][ T6701] EXT4-fs error (device loop4): ext4_xattr_inode_iget:404: comm syz-executor.4: inode #1: comm syz-executor.4: iget: illegal inode # [ 236.135428][ T6701] EXT4-fs error (device loop4): ext4_xattr_inode_iget:409: comm syz-executor.4: error while reading EA inode 1 err=-117 [ 236.151241][ T6701] EXT4-fs error (device loop4): ext4_xattr_inode_iget:404: comm syz-executor.4: inode #1: comm syz-executor.4: iget: illegal inode # [ 236.168998][ T6701] EXT4-fs error (device loop4): ext4_xattr_inode_iget:409: comm syz-executor.4: error while reading EA inode 1 err=-117 [ 236.184296][ T6701] EXT4-fs (loop4): 1 orphan inode deleted [ 236.190163][ T6701] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 236.752558][ T6708] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 236.824315][ T5841] EXT4-fs (loop4): unmounting filesystem. [ 237.472024][ T6726] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.3'. [ 237.641245][ T3727] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 237.663183][ T3587] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 237.675684][ T3587] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 237.686183][ T3587] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 237.709704][ T3587] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 237.717392][ T3587] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 237.725063][ T3587] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 237.795181][ T6714] loop1: detected capacity change from 0 to 32768 [ 237.826134][ T6714] ERROR: (device loop1): jfs_readdir: JFS:Dtree error: ino = 2, bn=0, index = 1 [ 237.826134][ T6714] [ 237.860599][ T3727] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 237.956650][ T6737] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 237.978116][ T3727] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 238.007250][ T6739] loop3: detected capacity change from 0 to 64 [ 238.039183][ T6739] BFS-fs: bfs_fill_super(): Inode 0x00000002 corrupted on loop3 [ 238.071436][ T3727] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 238.406178][ T6727] chnl_net:caif_netlink_parms(): no params data found [ 238.459081][ T6749] input: syz0 as /devices/virtual/input/input7 [ 238.465859][ T3619] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 238.651057][ T6757] program syz-executor.1 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 238.712770][ T3619] usb 4-1: Using ep0 maxpacket: 32 [ 238.820073][ T6727] bridge0: port 1(bridge_slave_0) entered blocking state [ 238.830020][ T6727] bridge0: port 1(bridge_slave_0) entered disabled state [ 238.837690][ T3619] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 238.858904][ T3619] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 238.878352][ T6727] device bridge_slave_0 entered promiscuous mode [ 238.908129][ T3619] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 238.936512][ T3619] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 238.958354][ T3619] usb 4-1: config 0 descriptor?? [ 238.989241][ T6727] bridge0: port 2(bridge_slave_1) entered blocking state [ 239.003738][ T3619] hub 4-1:0.0: USB hub found [ 239.008630][ T6727] bridge0: port 2(bridge_slave_1) entered disabled state [ 239.036461][ T6727] device bridge_slave_1 entered promiscuous mode [ 239.173173][ T6727] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 239.223088][ T3619] hub 4-1:0.0: 1 port detected [ 239.224142][ T6727] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 239.347569][ T6727] team0: Port device team_slave_0 added [ 239.370668][ T6727] team0: Port device team_slave_1 added [ 239.456906][ T6727] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 239.472998][ T6727] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 239.529777][ T6727] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 239.584529][ T6727] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 239.591526][ T6727] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 239.668697][ T6727] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 239.812968][ T3587] Bluetooth: hci0: command tx timeout [ 239.876208][ T6727] device hsr_slave_0 entered promiscuous mode [ 239.887426][ T6727] device hsr_slave_1 entered promiscuous mode [ 239.909690][ T6727] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 239.921055][ T6727] Cannot create hsr debugfs directory [ 239.932875][ T3619] hub 4-1:0.0: activate --> -90 [ 240.038507][ T3727] device hsr_slave_0 left promiscuous mode [ 240.045803][ T3727] device hsr_slave_1 left promiscuous mode [ 240.066006][ T3727] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 240.085222][ T3727] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 240.104870][ T3727] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 240.132649][ T3727] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 240.152413][ T3727] device bridge_slave_1 left promiscuous mode [ 240.172817][ T3727] bridge0: port 2(bridge_slave_1) entered disabled state [ 240.184407][ T3727] device bridge_slave_0 left promiscuous mode [ 240.200430][ T3727] bridge0: port 1(bridge_slave_0) entered disabled state [ 240.253474][ T3727] device veth1_macvtap left promiscuous mode [ 240.269782][ T3727] device veth0_macvtap left promiscuous mode [ 240.290091][ T3727] device veth1_vlan left promiscuous mode [ 240.298899][ T3727] device veth0_vlan left promiscuous mode [ 240.316188][ T6783] loop1: detected capacity change from 0 to 32768 [ 240.334746][ T6783] BTRFS: device fsid c6b85f58-0c7e-41ca-a553-c8d9f94f6663 devid 1 transid 8 /dev/loop1 scanned by syz-executor.1 (6783) [ 240.389554][ T6783] BTRFS info (device loop1): first mount of filesystem c6b85f58-0c7e-41ca-a553-c8d9f94f6663 [ 240.421141][ T6783] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [ 240.443087][ T6783] BTRFS info (device loop1): using free space tree [ 240.560305][ T6796] input: syz0 as /devices/virtual/input/input8 [ 240.658361][ T6783] BTRFS info (device loop1): enabling ssd optimizations [ 240.712720][ T6805] loop2: detected capacity change from 0 to 64 [ 240.755371][ T6805] syz-executor.2: attempt to access beyond end of device [ 240.755371][ T6805] loop2: rw=0, sector=8192, nr_sectors = 2 limit=64 [ 240.789283][ T6805] Buffer I/O error on dev loop2, logical block 4096, async page read [ 240.809307][ T6805] syz-executor.2: attempt to access beyond end of device [ 240.809307][ T6805] loop2: rw=0, sector=8192, nr_sectors = 2 limit=64 [ 240.833348][ T3727] team0 (unregistering): Port device team_slave_1 removed [ 240.850652][ T3727] team0 (unregistering): Port device team_slave_0 removed [ 240.866742][ T6805] Buffer I/O error on dev loop2, logical block 4096, async page read [ 240.877724][ T3727] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 240.888699][ T27] audit: type=1800 audit(1718032106.722:268): pid=6805 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor.2" name="file1" dev="loop2" ino=5 res=0 errno=0 [ 240.918415][ T3570] BTRFS info (device loop1): last unmount of filesystem c6b85f58-0c7e-41ca-a553-c8d9f94f6663 [ 240.938862][ T3727] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 241.094015][ T6804] Trying to free block not in datazone [ 241.224734][ T3727] bond0 (unregistering): Released all slaves [ 241.286063][ T153] usb 4-1: USB disconnect, device number 12 [ 241.292915][ T3619] usb 4-1-port1: attempt power cycle [ 241.695848][ T6819] binder: 6818:6819 unknown command 16456 [ 241.701628][ T6819] binder: 6818:6819 ioctl c0306201 20000380 returned -22 [ 241.893649][ T3585] Bluetooth: hci0: command tx timeout [ 242.096542][ T6825] 9pnet: Could not find request transport: fdq [ 242.196200][ T6727] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 242.209382][ T6830] loop3: detected capacity change from 0 to 512 [ 242.231434][ T6727] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 242.234759][ T6834] loop1: detected capacity change from 0 to 64 [ 242.254098][ T6727] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 242.275826][ T6830] EXT4-fs (loop3): orphan cleanup on readonly fs [ 242.281228][ T6834] syz-executor.1: attempt to access beyond end of device [ 242.281228][ T6834] loop1: rw=0, sector=8192, nr_sectors = 2 limit=64 [ 242.284537][ T6727] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 242.318566][ T6830] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor.3: bg 0: block 248: padding at end of block bitmap is not set [ 242.324959][ T6834] Buffer I/O error on dev loop1, logical block 4096, async page read [ 242.360933][ T6830] Quota error (device loop3): write_blk: dquota write failed [ 242.381589][ T6830] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 242.432472][ T6830] EXT4-fs error (device loop3): ext4_acquire_dquot:6777: comm syz-executor.3: Failed to acquire dquot type 1 [ 242.448668][ T6834] syz-executor.1: attempt to access beyond end of device [ 242.448668][ T6834] loop1: rw=0, sector=8192, nr_sectors = 2 limit=64 [ 242.491715][ T6830] EXT4-fs (loop3): 1 truncate cleaned up [ 242.515912][ T6834] Buffer I/O error on dev loop1, logical block 4096, async page read [ 242.528808][ T6830] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 242.573892][ T27] audit: type=1800 audit(1718032108.412:269): pid=6834 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor.1" name="file1" dev="loop1" ino=5 res=0 errno=0 [ 242.649465][ T6727] 8021q: adding VLAN 0 to HW filter on device bond0 [ 242.650522][ T6833] Trying to free block not in datazone [ 242.698366][ T4180] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 242.714783][ T4180] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 242.737024][ T6727] 8021q: adding VLAN 0 to HW filter on device team0 [ 242.770345][ T4180] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 242.794578][ T4180] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 242.829897][ T4180] bridge0: port 1(bridge_slave_0) entered blocking state [ 242.837094][ T4180] bridge0: port 1(bridge_slave_0) entered forwarding state [ 242.873920][ T6839] 9pnet_fd: Insufficient options for proto=fd [ 242.878453][ T3619] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 242.901216][ T3619] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 242.935324][ T3619] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 242.967326][ T3619] bridge0: port 2(bridge_slave_1) entered blocking state [ 242.974486][ T3619] bridge0: port 2(bridge_slave_1) entered forwarding state [ 243.011005][ T3619] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 243.040454][ T3619] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 243.100325][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 243.109502][ T3573] EXT4-fs (loop3): unmounting filesystem. [ 243.119948][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 243.153613][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 243.162514][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 243.198664][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 243.217840][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 243.238163][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 243.258558][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 243.281231][ T6727] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 243.321653][ T4180] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 243.635124][ T6857] binder: 6856:6857 unknown command 16456 [ 243.663777][ T6857] binder: 6856:6857 ioctl c0306201 20000380 returned -22 [ 243.803214][ T4180] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 243.810767][ T4180] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 243.831171][ T6727] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 243.974899][ T3585] Bluetooth: hci0: command tx timeout [ 244.102700][ T3617] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 244.342773][ T3617] usb 4-1: Using ep0 maxpacket: 32 [ 244.493004][ T3617] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 244.524387][ T3617] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 244.592668][ T3617] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 244.660559][ T3617] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 244.701330][ T3617] usb 4-1: config 0 descriptor?? [ 244.783656][ T3617] hub 4-1:0.0: USB hub found [ 245.002905][ T3617] hub 4-1:0.0: 1 port detected [ 245.068476][ T6868] loop1: detected capacity change from 0 to 131072 [ 245.126432][ T4307] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 245.139248][ T6866] loop2: detected capacity change from 0 to 32768 [ 245.147137][ T4307] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 245.164269][ T6868] F2FS-fs (loop1): Found nat_bits in checkpoint [ 245.181604][ T6727] device veth0_vlan entered promiscuous mode [ 245.223161][ T6727] device veth1_vlan entered promiscuous mode [ 245.229265][ T6868] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 245.257922][ T4180] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 245.279254][ T4180] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 245.313688][ T4180] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 245.372089][ T6727] device veth0_macvtap entered promiscuous mode [ 245.383187][ T4307] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 245.403314][ T4307] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 245.429475][ T4307] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 245.448312][ T4307] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 245.469277][ T4307] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 245.484200][ T4307] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 245.496563][ T6727] device veth1_macvtap entered promiscuous mode [ 245.508818][ T6866] XFS (loop2): Mounting V5 Filesystem [ 245.544875][ T6727] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 245.586817][ T6727] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 245.650952][ T6866] XFS (loop2): Ending clean mount [ 245.656593][ T4307] hub 4-1:0.0: activate --> -90 [ 245.662701][ T6727] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 245.673447][ T6727] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 245.683698][ T6727] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 245.694326][ T6727] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 245.704324][ T6727] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 245.715066][ T6727] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 245.725030][ T6727] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 245.738281][ T6727] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 245.780462][ T6727] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 245.793195][ T4514] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 245.801819][ T4514] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 245.817591][ T4514] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 245.829449][ T6727] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 245.840824][ T6727] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 245.850771][ T6727] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 245.872774][ T3582] XFS (loop2): Unmounting Filesystem [ 245.894459][ T6727] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 245.928774][ T6727] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 245.960725][ T6727] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 245.978284][ T6727] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 245.992208][ T6727] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 246.008905][ T6727] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 246.019700][ T6727] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 246.059668][ T3585] Bluetooth: hci0: command tx timeout [ 246.062233][ T6727] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 246.097439][ T4398] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 246.113651][ T4398] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 246.147586][ T6727] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 246.172644][ T6727] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 246.181394][ T6727] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 246.212635][ T6727] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 246.493736][ T3727] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 246.502124][ T3727] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 246.530632][ T3619] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 246.587773][ T3767] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 246.649583][ T3727] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 246.661918][ T6889] loop2: detected capacity change from 0 to 512 [ 246.672062][ T3727] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 246.713893][ T6889] EXT4-fs (loop2): orphan cleanup on readonly fs [ 246.731575][ T3767] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 246.752320][ T6889] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor.2: bg 0: block 248: padding at end of block bitmap is not set [ 246.770243][ T3619] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 246.785778][ T6889] Quota error (device loop2): write_blk: dquota write failed [ 246.794430][ T6889] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 246.805336][ T6889] EXT4-fs error (device loop2): ext4_acquire_dquot:6777: comm syz-executor.2: Failed to acquire dquot type 1 [ 246.826212][ T3767] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 246.851828][ T6889] EXT4-fs (loop2): 1 truncate cleaned up [ 246.871880][ T6889] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 246.926533][ T6898] x_tables: unsorted entry at hook 3 [ 246.977673][ T3767] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 246.991256][ T3619] usb 4-1: USB disconnect, device number 17 [ 247.004251][ T4307] usb 4-1-port1: attempt power cycle [ 247.043478][ T3585] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 247.055187][ T3585] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 247.063479][ T3585] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 247.084902][ T3585] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 247.102248][ T3585] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 247.110533][ T3585] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 247.152481][ T3582] EXT4-fs (loop2): unmounting filesystem. [ 247.392258][ T6903] loop1: detected capacity change from 0 to 32768 [ 247.414389][ T6903] BTRFS: device fsid c6b85f58-0c7e-41ca-a553-c8d9f94f6663 devid 1 transid 8 /dev/loop1 scanned by syz-executor.1 (6903) [ 247.431908][ T6903] BTRFS info (device loop1): first mount of filesystem c6b85f58-0c7e-41ca-a553-c8d9f94f6663 [ 247.445911][ T6903] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [ 247.457696][ T6903] BTRFS info (device loop1): using free space tree [ 247.491765][ T6903] BTRFS info (device loop1): enabling ssd optimizations [ 247.619264][ T3570] BTRFS info (device loop1): last unmount of filesystem c6b85f58-0c7e-41ca-a553-c8d9f94f6663 [ 247.626181][ T6900] chnl_net:caif_netlink_parms(): no params data found [ 247.648747][ T6931] netlink: 'syz-executor.3': attribute type 1 has an invalid length. [ 247.666661][ T6931] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 247.729058][ T6934] 9pnet_fd: Insufficient options for proto=fd [ 247.923532][ T6900] bridge0: port 1(bridge_slave_0) entered blocking state [ 247.950903][ T6900] bridge0: port 1(bridge_slave_0) entered disabled state [ 247.973874][ T6900] device bridge_slave_0 entered promiscuous mode [ 247.999122][ T6900] bridge0: port 2(bridge_slave_1) entered blocking state [ 248.022766][ T6900] bridge0: port 2(bridge_slave_1) entered disabled state [ 248.060182][ T6900] device bridge_slave_1 entered promiscuous mode [ 248.173323][ T6900] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 248.199993][ T6900] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 248.229775][ T6953] loop3: detected capacity change from 0 to 2048 [ 248.285162][ T6948] 9pnet: Could not find request transport: fdq [ 248.314491][ T6957] loop4: detected capacity change from 0 to 256 [ 248.351499][ T6900] team0: Port device team_slave_0 added [ 248.414652][ T6900] team0: Port device team_slave_1 added [ 248.490901][ T6957] syz-executor.4: attempt to access beyond end of device [ 248.490901][ T6957] loop4: rw=2049, sector=256, nr_sectors = 12 limit=256 [ 248.600882][ T6962] loop2: detected capacity change from 0 to 512 [ 248.624613][ T6962] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 248.657323][ T6962] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=c802e12c, mo2=0002] [ 248.657749][ T6900] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 248.666869][ T6962] EXT4-fs (loop2): orphan cleanup on readonly fs [ 248.680857][ T6900] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 248.775160][ T6970] loop1: detected capacity change from 0 to 64 [ 249.010115][ T6962] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor.2: bg 0: block 361: padding at end of block bitmap is not set [ 249.116632][ T6962] EXT4-fs (loop2): Remounting filesystem read-only [ 249.126575][ T6900] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 249.175027][ T3585] Bluetooth: hci5: command tx timeout [ 249.195087][ T6962] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6171: Corrupt filesystem [ 249.405050][ T6962] EXT4-fs error (device loop2): ext4_clear_blocks:883: inode #11: comm syz-executor.2: attempt to clear invalid blocks 33619980 len 1 [ 249.443990][ T6900] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 249.451217][ T6900] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 249.479039][ T6962] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz-executor.2: invalid indirect mapped block 1811939328 (level 0) [ 249.497250][ T6962] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz-executor.2: invalid indirect mapped block 2185560079 (level 1) [ 249.512291][ T6900] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 249.523982][ T6962] EXT4-fs (loop2): 1 truncate cleaned up [ 249.529658][ T6962] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 249.536257][ T6979] tipc: Can't bind to reserved service type 0 [ 249.586111][ T6978] tap0: tun_chr_ioctl cmd 1074025680 [ 249.624392][ T6962] netlink: 'syz-executor.2': attribute type 17 has an invalid length. [ 249.650807][ T6962] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 249.762518][ T6900] device hsr_slave_0 entered promiscuous mode [ 249.786979][ T6900] device hsr_slave_1 entered promiscuous mode [ 249.806297][ T6900] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 249.828302][ T3582] EXT4-fs (loop2): unmounting filesystem. [ 249.830423][ T6900] Cannot create hsr debugfs directory [ 249.893477][ T3767] device hsr_slave_0 left promiscuous mode [ 249.918186][ T3767] device hsr_slave_1 left promiscuous mode [ 249.927753][ T3767] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 249.937150][ T3767] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 249.990255][ T3767] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 250.006345][ T3767] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 250.041709][ T3767] device bridge_slave_1 left promiscuous mode [ 250.079342][ T3767] bridge0: port 2(bridge_slave_1) entered disabled state [ 250.110021][ T3767] device bridge_slave_0 left promiscuous mode [ 250.140997][ T3767] bridge0: port 1(bridge_slave_0) entered disabled state [ 250.166332][ T3767] device veth1_macvtap left promiscuous mode [ 250.172414][ T3767] device veth0_macvtap left promiscuous mode [ 250.186699][ T3767] device veth1_vlan left promiscuous mode [ 250.196014][ T3767] device veth0_vlan left promiscuous mode [ 250.205109][ T7003] netlink: 'syz-executor.3': attribute type 1 has an invalid length. [ 250.217143][ T7003] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 251.171696][ T7012] loop2: detected capacity change from 0 to 512 [ 251.183308][ T7012] EXT4-fs (loop2): orphan cleanup on readonly fs [ 251.192778][ T7012] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor.2: bg 0: block 248: padding at end of block bitmap is not set [ 251.208479][ T7012] Quota error (device loop2): write_blk: dquota write failed [ 251.216346][ T7012] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 251.226636][ T7012] EXT4-fs error (device loop2): ext4_acquire_dquot:6777: comm syz-executor.2: Failed to acquire dquot type 1 [ 251.240926][ T7012] EXT4-fs (loop2): 1 truncate cleaned up [ 251.252728][ T3586] Bluetooth: hci5: command tx timeout [ 251.259603][ T7012] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 251.271476][ T3767] team0 (unregistering): Port device team_slave_1 removed [ 251.299360][ T3767] team0 (unregistering): Port device team_slave_0 removed [ 251.322290][ T3767] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 251.339765][ T3767] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 251.372531][ T3582] EXT4-fs (loop2): unmounting filesystem. [ 251.458905][ T3767] bond0 (unregistering): Released all slaves [ 251.956969][ T7026] loop4: detected capacity change from 0 to 1024 [ 252.212204][ T7026] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 252.675847][ T7032] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.3'. [ 252.857719][ T7036] input: syz0 as /devices/virtual/input/input9 [ 252.864274][ T7036] input: failed to attach handler leds to device input9, error: -6 [ 252.937587][ T7042] netlink: 'syz-executor.2': attribute type 11 has an invalid length. [ 252.988943][ T7045] loop4: detected capacity change from 0 to 24 [ 253.044386][ T7045] MTD: Attempt to mount non-MTD device "/dev/loop4" [ 253.059301][ T7045] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 253.190094][ T7024] loop1: detected capacity change from 0 to 32768 [ 253.325831][ T7024] XFS (loop1): Mounting V5 Filesystem [ 253.332772][ T3586] Bluetooth: hci5: command tx timeout [ 253.771201][ T7024] XFS (loop1): Ending clean mount [ 254.300778][ T6900] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 254.336803][ T6900] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 254.372344][ T3570] XFS (loop1): Unmounting Filesystem [ 254.453245][ T6900] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 254.468904][ T6900] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 254.544177][ T7072] loop3: detected capacity change from 0 to 1024 [ 254.585002][ T7072] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 254.729754][ T6900] 8021q: adding VLAN 0 to HW filter on device bond0 [ 254.777808][ T3619] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 254.788841][ T3619] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 254.808535][ T6900] 8021q: adding VLAN 0 to HW filter on device team0 [ 254.818867][ T7080] input: syz0 as /devices/virtual/input/input10 [ 254.840549][ T7080] input: failed to attach handler leds to device input10, error: -6 [ 254.846192][ T3617] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 254.872412][ T3617] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 254.883805][ T3617] bridge0: port 1(bridge_slave_0) entered blocking state [ 254.891101][ T3617] bridge0: port 1(bridge_slave_0) entered forwarding state [ 254.910119][ T4180] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 254.919232][ T4180] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 254.932656][ T4180] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 254.941435][ T4180] bridge0: port 2(bridge_slave_1) entered blocking state [ 254.948603][ T4180] bridge0: port 2(bridge_slave_1) entered forwarding state [ 254.958387][ T4180] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 254.994566][ T3619] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 255.009569][ T3619] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 255.031546][ T3619] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 255.068445][ T3619] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 255.087844][ T3619] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 255.136361][ T4180] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 255.147106][ T4180] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 255.163324][ T4180] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 255.182112][ T4180] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 255.209248][ T4180] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 255.227762][ T6900] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 255.413027][ T3586] Bluetooth: hci5: command tx timeout [ 255.438825][ T7100] loop1: detected capacity change from 0 to 512 [ 255.494567][ T1255] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.500911][ T1255] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.600789][ T7100] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 256.004331][ T7100] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=c802e12c, mo2=0002] [ 256.475883][ T7100] EXT4-fs (loop1): orphan cleanup on readonly fs [ 256.546526][ T7100] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor.1: bg 0: block 361: padding at end of block bitmap is not set [ 256.547582][ T7110] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 256.604194][ T7100] EXT4-fs (loop1): Remounting filesystem read-only [ 256.610785][ T7100] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6171: Corrupt filesystem [ 256.664315][ T3619] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 256.671801][ T7100] EXT4-fs error (device loop1): ext4_clear_blocks:883: inode #11: comm syz-executor.1: attempt to clear invalid blocks 33619980 len 1 [ 256.703383][ T3619] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 256.716471][ T6900] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 256.736896][ T7086] loop3: detected capacity change from 0 to 32768 [ 256.737889][ T7100] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #11: comm syz-executor.1: invalid indirect mapped block 1811939328 (level 0) [ 256.775148][ T7086] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by syz-executor.3 (7086) [ 256.793286][ T7100] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #11: comm syz-executor.1: invalid indirect mapped block 2185560079 (level 1) [ 256.799403][ T3965] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 256.821259][ T7100] EXT4-fs (loop1): 1 truncate cleaned up [ 256.828755][ T3965] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 256.844346][ T7100] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 256.851058][ T7086] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 256.868939][ T3965] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 256.877296][ T7086] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 256.887867][ T3965] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 256.898549][ T6900] device veth0_vlan entered promiscuous mode [ 256.905508][ T7086] BTRFS info (device loop3): turning off barriers [ 256.911998][ T7086] BTRFS info (device loop3): setting nodatasum [ 256.919885][ T3621] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 256.928328][ T3621] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 256.942258][ T6900] device veth1_vlan entered promiscuous mode [ 256.949907][ T7086] BTRFS info (device loop3): setting incompat feature flag for COMPRESS_LZO (0x8) [ 256.969586][ T7097] netlink: 'syz-executor.1': attribute type 17 has an invalid length. [ 256.977902][ T7086] BTRFS info (device loop3): force lzo compression, level 0 [ 257.000364][ T7086] BTRFS info (device loop3): using free space tree [ 257.021125][ T3621] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 257.035051][ T3621] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 257.039421][ T3570] EXT4-fs (loop1): unmounting filesystem. [ 257.044109][ T3621] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 257.057414][ T3621] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 257.069938][ T6900] device veth0_macvtap entered promiscuous mode [ 257.101872][ T6900] device veth1_macvtap entered promiscuous mode [ 257.161388][ T6900] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 257.187173][ T6900] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 257.282120][ T7086] BTRFS info (device loop3): checking UUID tree [ 257.288816][ T6900] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 257.319891][ T6900] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 257.351759][ T6900] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 257.434554][ T6900] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 257.444475][ T6900] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 257.455751][ T6900] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 257.472054][ T6900] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 257.799539][ T6900] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 257.991513][ T6900] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 258.323369][ T6900] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 258.335740][ T7136] loop2: detected capacity change from 0 to 1024 [ 258.348079][ T6900] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 258.358466][ T6900] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 258.369145][ T6900] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 258.370433][ T7136] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 258.381839][ T7138] loop4: detected capacity change from 0 to 1024 [ 258.395163][ T6900] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 258.405826][ T6900] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 258.417856][ T7138] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 258.429067][ T6900] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 258.441938][ T7138] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (59422!=20869) [ 258.443906][ T6900] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 258.461127][ T7138] journal_init_common: Cannot get buffer for journal superblock [ 258.462850][ T6900] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 258.479037][ T7138] EXT4-fs (loop4): Could not load journal inode [ 258.480399][ T6900] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 258.499544][ T3573] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 258.507436][ T6900] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 258.530679][ T3619] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 258.539871][ T3619] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 258.548331][ T3619] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 258.563912][ T3619] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 258.592705][ T3619] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 258.606129][ T3619] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 258.659124][ T6900] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 258.700222][ T6900] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 258.781792][ T6900] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 258.846447][ T6900] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 259.111290][ T3770] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 259.133711][ T3770] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 259.191858][ T3621] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 259.403953][ T100] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 259.412202][ T100] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 259.464238][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 259.520835][ T7163] loop2: detected capacity change from 0 to 64 [ 259.813552][ T7166] x_tables: duplicate underflow at hook 3 [ 260.261093][ T7168] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 262.674471][ T7189] loop2: detected capacity change from 0 to 2048 [ 262.876898][ T7197] x_tables: duplicate underflow at hook 3 [ 262.969404][ T7189] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 263.419291][ T7200] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm ext4lazyinit: bg 0: block 234: padding at end of block bitmap is not set [ 263.797532][ T7200] EXT4-fs (loop2): Remounting filesystem read-only [ 263.914054][ T3582] EXT4-fs (loop2): unmounting filesystem. [ 264.301096][ T7226] loop1: detected capacity change from 0 to 64 [ 265.851152][ T7247] netlink: 'syz-executor.1': attribute type 29 has an invalid length. [ 267.391947][ T7259] loop3: detected capacity change from 0 to 1024 [ 267.424373][ T7259] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 267.445547][ T7259] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (59422!=20869) [ 267.479457][ T7259] journal_init_common: Cannot get buffer for journal superblock [ 267.490445][ T7269] loop2: detected capacity change from 0 to 256 [ 267.496360][ T7259] EXT4-fs (loop3): Could not load journal inode [ 267.532522][ T7269] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 267.546751][ T7273] netlink: 'syz-executor.0': attribute type 11 has an invalid length. [ 267.655005][ T7269] loop2: detected capacity change from 256 to 0 [ 267.734430][ T100] loop: Write error at byte offset 9223372036854775807, length 512. [ 267.769458][ C0] I/O error, dev loop2, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 267.779005][ C0] I/O error, dev loop2, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 267.789178][ C0] Buffer I/O error on dev loop2, logical block 0, lost sync page write [ 267.839904][ T7283] loop1: detected capacity change from 0 to 512 [ 267.921934][ C0] I/O error, dev loop2, sector 128 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 267.931428][ T3582] exFAT-fs (loop2): error, failed to access to FAT (entry 0x00000005, err:-5) [ 267.970543][ T7283] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 268.003301][ T3582] exFAT-fs (loop2): Filesystem has been set read-only [ 268.091884][ C0] I/O error, dev loop2, sector 128 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 268.101810][ T7283] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=c802e12c, mo2=0002] [ 268.117208][ T3582] exFAT-fs (loop2): error, failed to access to FAT (entry 0x00000005, err:-5) [ 268.271481][ T7283] EXT4-fs (loop1): orphan cleanup on readonly fs [ 268.675447][ T7283] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor.1: bg 0: block 361: padding at end of block bitmap is not set [ 268.869107][ T7283] EXT4-fs (loop1): Remounting filesystem read-only [ 269.162667][ T7283] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6171: Corrupt filesystem [ 269.222889][ T7283] EXT4-fs error (device loop1): ext4_clear_blocks:883: inode #11: comm syz-executor.1: attempt to clear invalid blocks 33619980 len 1 [ 269.277873][ T7283] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #11: comm syz-executor.1: invalid indirect mapped block 1811939328 (level 0) [ 269.314953][ T7283] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #11: comm syz-executor.1: invalid indirect mapped block 2185560079 (level 1) [ 269.422138][ T7283] EXT4-fs (loop1): 1 truncate cleaned up [ 269.436076][ T7283] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 269.470180][ T7306] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 269.560960][ T7281] netlink: 'syz-executor.1': attribute type 17 has an invalid length. [ 269.598431][ T7302] loop3: detected capacity change from 0 to 8192 [ 269.981685][ T3570] EXT4-fs (loop1): unmounting filesystem. [ 270.937912][ T7300] loop2: detected capacity change from 0 to 32768 [ 271.015699][ T7320] netlink: 'syz-executor.0': attribute type 29 has an invalid length. [ 271.035695][ T7300] XFS (loop2): Mounting V5 Filesystem [ 271.085366][ T7338] loop1: detected capacity change from 0 to 256 [ 271.144084][ T7338] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 271.185579][ T7300] XFS (loop2): Ending clean mount [ 271.232508][ T7300] XFS (loop2): Quotacheck needed: Please wait. [ 271.302674][ T7338] loop1: detected capacity change from 256 to 0 [ 271.314222][ T4322] loop: Write error at byte offset 9223372036854775807, length 512. [ 271.384774][ C1] I/O error, dev loop1, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 271.389752][ T7300] XFS (loop2): Quotacheck: Done. [ 271.394333][ C1] I/O error, dev loop1, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 271.408759][ C1] Buffer I/O error on dev loop1, logical block 0, lost sync page write [ 271.435306][ T7345] netlink: 'syz-executor.3': attribute type 11 has an invalid length. [ 271.465310][ C0] I/O error, dev loop1, sector 128 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 271.477852][ T3570] exFAT-fs (loop1): error, failed to access to FAT (entry 0x00000005, err:-5) [ 271.504871][ T3582] XFS (loop2): Unmounting Filesystem [ 271.507093][ T3570] exFAT-fs (loop1): Filesystem has been set read-only [ 271.596047][ C1] I/O error, dev loop1, sector 128 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 271.605523][ T3570] exFAT-fs (loop1): error, failed to access to FAT (entry 0x00000005, err:-5) [ 271.637774][ T7347] loop4: detected capacity change from 0 to 1024 [ 271.656650][ T7347] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 271.671702][ T7347] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (59422!=20869) [ 271.732034][ T7347] journal_init_common: Cannot get buffer for journal superblock [ 271.767534][ T7347] EXT4-fs (loop4): Could not load journal inode [ 271.992682][ T3626] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 272.242625][ T3626] usb 1-1: Using ep0 maxpacket: 32 [ 272.377365][ T3626] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 272.415060][ T3626] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 272.449659][ T3626] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 273.334358][ T3626] usb 1-1: New USB device found, idVendor=1b96, idProduct=000a, bcdDevice= 0.00 [ 273.343613][ T3626] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 273.373530][ T3626] usb 1-1: config 0 descriptor?? [ 273.584430][ T7391] loop1: detected capacity change from 0 to 256 [ 273.615293][ T7391] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 273.703358][ T7394] loop3: detected capacity change from 0 to 4096 [ 273.728609][ T7391] loop1: detected capacity change from 256 to 0 [ 273.752250][ T38] loop: Write error at byte offset 9223372036854775807, length 512. [ 273.762305][ C1] I/O error, dev loop1, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 273.771805][ C1] I/O error, dev loop1, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 273.781311][ C1] Buffer I/O error on dev loop1, logical block 0, lost sync page write [ 273.835373][ T7403] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 273.838956][ C1] I/O error, dev loop1, sector 128 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 273.855369][ T3570] exFAT-fs (loop1): error, failed to access to FAT (entry 0x00000005, err:-5) [ 273.864374][ T3626] ntrig 0003:1B96:000A.0008: unknown main item tag 0x0 [ 273.864405][ T3626] ntrig 0003:1B96:000A.0008: unknown main item tag 0x0 [ 273.864429][ T3626] ntrig 0003:1B96:000A.0008: unknown main item tag 0x0 [ 273.864452][ T3626] ntrig 0003:1B96:000A.0008: unknown main item tag 0x0 [ 273.864475][ T3626] ntrig 0003:1B96:000A.0008: unknown main item tag 0x0 [ 273.887406][ T3626] ntrig 0003:1B96:000A.0008: hidraw0: USB HID v0.00 Device [HID 1b96:000a] on usb-dummy_hcd.0-1/input0 [ 273.911862][ T3570] exFAT-fs (loop1): Filesystem has been set read-only [ 273.940358][ C0] I/O error, dev loop1, sector 128 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 273.957756][ T3570] exFAT-fs (loop1): error, failed to access to FAT (entry 0x00000005, err:-5) [ 274.041920][ T7409] loop4: detected capacity change from 0 to 1024 [ 274.074278][ T7409] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 274.100329][ T7409] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (59422!=20869) [ 274.129492][ T7409] journal_init_common: Cannot get buffer for journal superblock [ 274.146634][ T7409] EXT4-fs (loop4): Could not load journal inode [ 274.161585][ T3626] usb 1-1: USB disconnect, device number 8 [ 275.056410][ T7457] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 276.240154][ T7482] loop2: detected capacity change from 0 to 1024 [ 276.291147][ T7482] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 276.322588][ T7482] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (59422!=20869) [ 276.342641][ T7150] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 276.373397][ T7482] journal_init_common: Cannot get buffer for journal superblock [ 276.387986][ T7482] EXT4-fs (loop2): Could not load journal inode [ 276.613332][ T7150] usb 4-1: Using ep0 maxpacket: 32 [ 276.739424][ T7150] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 276.760354][ T7150] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 276.814901][ T7150] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 276.838137][ T7150] usb 4-1: New USB device found, idVendor=1b96, idProduct=000a, bcdDevice= 0.00 [ 276.852710][ T7150] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 276.866175][ T7502] loop2: detected capacity change from 0 to 256 [ 276.877167][ T7499] loop4: detected capacity change from 0 to 4096 [ 276.887527][ T7150] usb 4-1: config 0 descriptor?? [ 276.926554][ T7502] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 276.995691][ T7507] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 277.405099][ T7150] ntrig 0003:1B96:000A.0009: unknown main item tag 0x0 [ 277.412132][ T7150] ntrig 0003:1B96:000A.0009: unknown main item tag 0x0 [ 277.432646][ T7150] ntrig 0003:1B96:000A.0009: unknown main item tag 0x0 [ 277.439562][ T7150] ntrig 0003:1B96:000A.0009: unknown main item tag 0x0 [ 277.464655][ T7150] ntrig 0003:1B96:000A.0009: unknown main item tag 0x0 [ 277.494387][ T7150] ntrig 0003:1B96:000A.0009: hidraw0: USB HID v0.00 Device [HID 1b96:000a] on usb-dummy_hcd.3-1/input0 [ 277.542691][ T4125] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 277.550816][ T7526] loop2: detected capacity change from 0 to 1024 [ 277.567221][ T7526] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 277.586404][ T7526] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (59422!=20869) [ 277.608918][ T7526] journal_init_common: Cannot get buffer for journal superblock [ 277.621736][ T7526] EXT4-fs (loop2): Could not load journal inode [ 277.695099][ T7150] usb 4-1: USB disconnect, device number 22 [ 277.913565][ T4125] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 277.933414][ T4125] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 277.951486][ T4125] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 277.971208][ T4125] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 277.981534][ T4125] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 278.143176][ T4125] usb 5-1: config 0 descriptor?? [ 278.170667][ T7518] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 278.254823][ T7543] netlink: 'syz-executor.0': attribute type 5 has an invalid length. [ 278.728645][ T7518] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 279.039911][ T7518] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 279.084651][ T4125] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0 [ 279.128878][ T4125] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0 [ 279.157328][ T7550] loop1: detected capacity change from 0 to 256 [ 279.165759][ T4125] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0 [ 279.178715][ T7550] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 279.205473][ T4125] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0 [ 279.223619][ T4125] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0 [ 279.240784][ T4125] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0 [ 279.274724][ T4125] plantronics 0003:047F:FFFF.000A: No inputs registered, leaving [ 279.294933][ T7518] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 279.328740][ T4125] plantronics 0003:047F:FFFF.000A: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 279.342992][ T4125] usb 5-1: USB disconnect, device number 12 [ 279.832641][ T3621] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 279.901088][ T7582] netlink: 'syz-executor.1': attribute type 5 has an invalid length. [ 280.833033][ T3621] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 280.931437][ T3621] usb 4-1: New USB device found, idVendor=0421, idProduct=026c, bcdDevice=1f.2f [ 280.996861][ T3621] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 281.078876][ T7598] loop1: detected capacity change from 0 to 4096 [ 281.095502][ T3621] usb 4-1: config 0 descriptor?? [ 281.147365][ T7604] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 281.198323][ T3621] rndis_wlan: probe of 4-1:0.0 failed with error -22 [ 281.231621][ T3621] rndis_host: probe of 4-1:0.0 failed with error -22 [ 281.252354][ T3621] cdc_acm 4-1:0.0: Control and data interfaces are not separated! [ 281.290431][ T7603] loop2: detected capacity change from 0 to 4096 [ 281.291249][ T3621] cdc_acm 4-1:0.0: This needs exactly 3 endpoints [ 281.311838][ T3621] cdc_acm: probe of 4-1:0.0 failed with error -22 [ 281.384115][ T7613] netlink: 'syz-executor.4': attribute type 5 has an invalid length. [ 281.388791][ T3626] usb 4-1: USB disconnect, device number 23 [ 282.855087][ T7641] loop1: detected capacity change from 0 to 16 [ 282.884232][ T7641] erofs: (device loop1): mounted with root inode @ nid 36. [ 282.947252][ T7650] device syzkaller0 entered promiscuous mode [ 282.973629][ T7644] loop2: detected capacity change from 0 to 4096 [ 283.029498][ T3570] erofs: (device loop1): erofs_fill_dentries: bogus dirent @ nid 46 [ 283.053108][ T7653] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 283.069632][ T7646] device syzkaller0 left promiscuous mode [ 283.072832][ T3570] erofs: (device loop1): erofs_readdir: invalid de[0].nameoff 0 @ nid 89 [ 283.094902][ T3570] erofs: (device loop1): erofs_readdir: invalid de[0].nameoff 0 @ nid 89 [ 283.291488][ T7661] loop2: detected capacity change from 0 to 256 [ 283.352456][ T7661] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x1a97a7bd, utbl_chksum : 0xe619d30d) [ 284.681100][ T7682] loop3: detected capacity change from 0 to 256 [ 284.946036][ T3896] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 285.046236][ T7705] loop4: detected capacity change from 0 to 512 [ 285.209393][ T3896] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 285.251182][ T7705] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 285.270957][ T7705] ext4 filesystem being mounted at /root/syzkaller-testdir454317691/syzkaller.g3OmJY/62/wÅü5ÔTÕÔ)­`)YFæ¾nA­½@T<Ÿ3»Ú‚$¢ó×rçcnH³<¿pƒrèñ¹“>ÅwC¾" žð-ùËòöè€Ó8 supports timestamps until 2038 (0x7fffffff) [ 286.211478][ T7705] EXT4-fs error (device loop4): ext4_do_update_inode:5210: inode #2: comm syz-executor.4: corrupted inode contents [ 286.305851][ T7705] EXT4-fs error (device loop4): ext4_dirty_inode:6072: inode #2: comm syz-executor.4: mark_inode_dirty error [ 286.319776][ T3896] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 286.370954][ T7705] EXT4-fs error (device loop4): ext4_do_update_inode:5210: inode #2: comm syz-executor.4: corrupted inode contents [ 286.420835][ T7705] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #2: comm syz-executor.4: mark_inode_dirty error [ 286.441757][ T3896] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 286.692226][ T6727] EXT4-fs error (device loop4): ext4_readdir:260: inode #2: block 3: comm syz-executor.4: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=12, inode=514, rec_len=0, size=2048 fake=0 [ 286.750824][ T6727] EXT4-fs error (device loop4): ext4_readdir:260: inode #2: block 12: comm syz-executor.4: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5066064, rec_len=1, size=2048 fake=0 [ 286.779769][ T6727] EXT4-fs error (device loop4): ext4_readdir:260: inode #2: block 13: comm syz-executor.4: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653246737, rec_len=1, size=2048 fake=0 [ 286.829916][ T6727] EXT4-fs error (device loop4): ext4_readdir:260: inode #2: block 14: comm syz-executor.4: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 286.859186][ T7150] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 286.869539][ T6727] EXT4-fs error (device loop4): ext4_readdir:260: inode #2: block 15: comm syz-executor.4: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0 [ 286.869876][ T3585] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 286.890675][ T6727] EXT4-fs error (device loop4): ext4_readdir:260: inode #2: block 16: comm syz-executor.4: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653245223, rec_len=1, size=2048 fake=0 [ 286.922441][ T3585] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 286.938088][ T3585] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 286.949344][ T3585] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 286.957168][ T3585] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 286.965571][ T3585] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 287.132707][ T7150] usb 2-1: Using ep0 maxpacket: 32 [ 287.272997][ T7150] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 287.297312][ T7150] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 287.313874][ T7150] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 287.327500][ T7150] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 287.344138][ T7150] usb 2-1: config 0 descriptor?? [ 287.413973][ T7150] hub 2-1:0.0: USB hub found [ 287.619455][ T7734] chnl_net:caif_netlink_parms(): no params data found [ 287.626819][ T7150] hub 2-1:0.0: 1 port detected [ 288.013771][ T7734] bridge0: port 1(bridge_slave_0) entered blocking state [ 288.051536][ T7734] bridge0: port 1(bridge_slave_0) entered disabled state [ 288.098428][ T7734] device bridge_slave_0 entered promiscuous mode [ 288.999068][ T3896] device hsr_slave_0 left promiscuous mode [ 289.014417][ T3585] Bluetooth: hci4: command tx timeout [ 289.032962][ T7150] hub 2-1:0.0: activate --> -90 [ 289.053375][ T3896] device hsr_slave_1 left promiscuous mode [ 289.100192][ T3896] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 289.120330][ T3896] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 289.146441][ T3896] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 289.179065][ T3896] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 289.204753][ T3896] device bridge_slave_1 left promiscuous mode [ 289.221257][ T3896] bridge0: port 2(bridge_slave_1) entered disabled state [ 289.233226][ T3896] bridge0: port 1(bridge_slave_0) entered disabled state [ 289.270617][ T3896] device veth1_macvtap left promiscuous mode [ 289.286539][ T3896] device veth0_macvtap left promiscuous mode [ 289.310441][ T3896] device veth1_vlan left promiscuous mode [ 289.331336][ T3896] device veth0_vlan left promiscuous mode [ 289.705273][ T7149] usb 2-1: USB disconnect, device number 11 [ 289.799559][ T7150] usb 2-1.1: new high-speed USB device number 12 using dummy_hcd [ 289.833042][ T7150] usb 2-1-port1: attempt power cycle [ 289.931674][ T3896] team0 (unregistering): Port device team_slave_1 removed [ 289.957931][ T3896] team0 (unregistering): Port device team_slave_0 removed [ 289.979110][ T3896] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 290.017598][ T3896] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 290.169178][ T3896] bond0 (unregistering): Released all slaves [ 290.261991][ T7734] bridge0: port 2(bridge_slave_1) entered blocking state [ 290.287467][ T7734] bridge0: port 2(bridge_slave_1) entered disabled state [ 290.314204][ T7734] device bridge_slave_1 entered promiscuous mode [ 290.474890][ T7777] loop1: detected capacity change from 0 to 1024 [ 290.489427][ T7734] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 290.529861][ T7734] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 290.678249][ T7734] team0: Port device team_slave_0 added [ 290.713948][ T7734] team0: Port device team_slave_1 added [ 290.824010][ T7734] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 290.831783][ T7734] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 290.905618][ T7781] loop1: detected capacity change from 0 to 4096 [ 290.949884][ T7781] ntfs3: loop1: Different NTFS' sector size (2048) and media sector size (512) [ 290.962583][ T7734] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 290.996109][ T7734] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 291.013273][ T7781] ntfs3: loop1: Mark volume as dirty due to NTFS errors [ 291.022577][ T7734] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 291.093399][ T3585] Bluetooth: hci4: command tx timeout [ 291.100483][ T7734] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 291.193868][ T7781] ntfs3: loop1: ino=21, "memory.current" fallocate(0x11) is not supported [ 291.219055][ T7734] device hsr_slave_0 entered promiscuous mode [ 291.263156][ T7734] device hsr_slave_1 entered promiscuous mode [ 291.276315][ T7734] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 291.295951][ T4322] ntfs3: loop1: ntfs3_write_inode r=5 failed, -22. [ 291.312624][ T7734] Cannot create hsr debugfs directory [ 291.345117][ T3570] ntfs3: loop1: ntfs_evict_inode r=5 failed, -22. [ 291.817691][ T27] audit: type=1326 audit(1718032157.652:270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7789 comm="syz-executor.1" exe="/root/syz-executor.1" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2baba7cf69 code=0x0 [ 292.193264][ T7734] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 292.215923][ T7734] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 292.252459][ T7734] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 292.274184][ T7734] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 292.363515][ T7149] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 292.457565][ T7734] 8021q: adding VLAN 0 to HW filter on device bond0 [ 292.504856][ T3965] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 292.523623][ T3965] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 292.547082][ T7734] 8021q: adding VLAN 0 to HW filter on device team0 [ 292.574196][ T3965] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 292.593780][ T3965] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 292.623406][ T3965] bridge0: port 1(bridge_slave_0) entered blocking state [ 292.630662][ T3965] bridge0: port 1(bridge_slave_0) entered forwarding state [ 292.644077][ T7149] usb 4-1: Using ep0 maxpacket: 32 [ 292.684019][ T3621] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 292.701926][ T3621] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 292.730282][ T3621] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 292.764776][ T3621] bridge0: port 2(bridge_slave_1) entered blocking state [ 292.772031][ T3621] bridge0: port 2(bridge_slave_1) entered forwarding state [ 292.792982][ T7149] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 292.807415][ T3621] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 292.822655][ T7149] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 292.850477][ T3621] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 292.852605][ T7149] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 292.912661][ T7149] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 292.932029][ T7734] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 292.944308][ T7149] usb 4-1: config 0 descriptor?? [ 292.972442][ T7734] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 292.993631][ T7149] hub 4-1:0.0: USB hub found [ 293.016812][ T4402] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 293.051760][ T4402] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 293.060696][ T4402] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 293.077741][ T4402] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 293.092457][ T4402] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 293.109026][ T4402] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 293.120327][ T4402] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 293.154474][ T4402] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 293.176201][ T3585] Bluetooth: hci4: command tx timeout [ 293.207901][ T4402] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 293.216479][ T4402] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 293.222781][ T7149] hub 4-1:0.0: 1 port detected [ 293.711312][ T7821] device syzkaller0 entered promiscuous mode [ 293.752914][ T7821] device syzkaller0 left promiscuous mode [ 293.813532][ T3965] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 293.821665][ T3965] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 293.848842][ T7734] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 293.902811][ T7149] hub 4-1:0.0: activate --> -90 [ 293.919499][ T3965] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 293.934181][ T3965] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 294.004028][ T3965] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 294.013614][ T3965] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 294.045612][ T7734] device veth0_vlan entered promiscuous mode [ 294.053021][ T3965] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 294.060905][ T3965] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 294.098570][ T7734] device veth1_vlan entered promiscuous mode [ 294.158792][ T3621] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 294.167740][ T3621] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 294.176942][ T3621] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 294.185784][ T3621] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 294.203740][ T7734] device veth0_macvtap entered promiscuous mode [ 294.232226][ T7734] device veth1_macvtap entered promiscuous mode [ 294.315637][ T7734] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 294.337281][ T7734] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 294.351963][ T7734] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 294.370170][ T7734] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 294.380263][ T7734] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 294.402960][ T7734] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 294.419366][ T7734] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 294.452346][ T7734] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 294.472876][ T7734] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 294.492567][ T7734] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 294.504344][ T7734] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 294.517304][ T4400] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 294.535021][ T4400] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 294.560055][ T4400] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 294.580171][ T4400] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 294.605779][ T7734] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 294.633162][ T7734] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 294.652643][ T7734] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 294.672569][ T7734] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 294.682441][ T7734] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 294.712589][ T7734] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 294.732654][ T7734] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 294.758649][ T4125] usb 4-1: USB disconnect, device number 24 [ 294.762623][ T7734] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 294.782808][ T7734] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 294.802565][ T7734] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 294.824529][ T7734] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 294.838647][ T3621] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 294.853512][ T3621] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 294.858383][ T7149] usb 4-1.1: new high-speed USB device number 25 using dummy_hcd [ 294.867474][ T7734] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 294.891023][ T7149] usb 4-1-port1: attempt power cycle [ 294.902689][ T7734] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 294.911444][ T7734] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 294.942604][ T7734] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 295.078274][ T4322] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 295.098406][ T4322] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 295.100103][ T7827] device batadv_slave_1 entered promiscuous mode [ 295.138821][ T4307] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 295.209007][ T4322] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 295.244467][ T4322] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 295.256860][ T3585] Bluetooth: hci4: command tx timeout [ 295.273374][ T7826] device batadv_slave_1 left promiscuous mode [ 295.283804][ T4307] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 295.454081][ T7831] loop3: detected capacity change from 0 to 512 [ 295.570933][ T7831] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 295.614935][ T7831] ext4 filesystem being mounted at /root/syzkaller-testdir957436706/syzkaller.K24Y0N/306/file0 supports timestamps until 2038 (0x7fffffff) [ 295.742772][ T7831] EXT4-fs error (device loop3): ext4_search_dir:1548: inode #2: block 3: comm syz-executor.3: bad entry in directory: rec_len is smaller than minimal - offset=16444, inode=113, rec_len=0, size=2048 fake=0 [ 295.945829][ T3573] EXT4-fs (loop3): unmounting filesystem. [ 296.561254][ T7859] device batadv_slave_1 entered promiscuous mode [ 296.613158][ T3621] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 296.679226][ T3586] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 296.691697][ T3586] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 296.700716][ T3586] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 296.709191][ T3586] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 296.720731][ T3587] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 296.728724][ T3587] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 296.772441][ T38] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 296.852863][ T3621] usb 2-1: Using ep0 maxpacket: 16 [ 296.877983][ T38] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 296.983014][ T3621] usb 2-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0 [ 296.983339][ T38] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 297.087824][ T3621] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 297.112022][ T3621] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 297.132298][ T38] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 297.132946][ T3621] usb 2-1: SerialNumber: syz [ 297.203761][ T3621] cdc_acm 2-1:1.0: Control and data interfaces are not separated! [ 297.220616][ T3621] cdc_acm 2-1:1.0: This needs exactly 3 endpoints [ 297.262396][ T3621] cdc_acm: probe of 2-1:1.0 failed with error -22 [ 297.390870][ T7858] device batadv_slave_1 left promiscuous mode [ 297.411816][ T7150] usb 2-1: USB disconnect, device number 16 [ 297.445918][ T7860] chnl_net:caif_netlink_parms(): no params data found [ 297.598894][ T7860] bridge0: port 1(bridge_slave_0) entered blocking state [ 297.606326][ T7860] bridge0: port 1(bridge_slave_0) entered disabled state [ 297.614855][ T7860] device bridge_slave_0 entered promiscuous mode [ 297.615562][ T6727] EXT4-fs error: 7 callbacks suppressed [ 297.615577][ T6727] EXT4-fs error (device loop4): ext4_lookup:1852: inode #19: comm syz-executor.4: 'file0' linked to parent dir [ 297.624304][ T7860] bridge0: port 2(bridge_slave_1) entered blocking state [ 297.647279][ T7860] bridge0: port 2(bridge_slave_1) entered disabled state [ 297.656090][ T7860] device bridge_slave_1 entered promiscuous mode [ 297.670469][ T6727] EXT4-fs error (device loop4): ext4_lookup:1852: inode #19: comm syz-executor.4: 'file0' linked to parent dir [ 297.756170][ T7860] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 297.881230][ T7860] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 297.975101][ T7860] team0: Port device team_slave_0 added [ 297.984349][ T6727] EXT4-fs (loop4): unmounting filesystem. [ 298.016703][ T7860] team0: Port device team_slave_1 added [ 298.120246][ T7860] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 298.139670][ T7860] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 298.214173][ T7860] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 298.256654][ T7860] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 298.277141][ T7860] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 298.333123][ T7860] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 298.402495][ T7880] bridge0: port 3(bond0) entered blocking state [ 298.438013][ T7880] bridge0: port 3(bond0) entered disabled state [ 298.464853][ T7880] device bond0 entered promiscuous mode [ 298.470456][ T7880] device bond_slave_0 entered promiscuous mode [ 298.511681][ T7880] device bond_slave_1 entered promiscuous mode [ 298.545755][ T7880] bridge0: port 3(bond0) entered blocking state [ 298.552656][ T7880] bridge0: port 3(bond0) entered forwarding state [ 298.700371][ T7860] device hsr_slave_0 entered promiscuous mode [ 298.735551][ T7860] device hsr_slave_1 entered promiscuous mode [ 298.762014][ T7860] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 298.772751][ T3587] Bluetooth: hci2: command tx timeout [ 298.781093][ T7860] Cannot create hsr debugfs directory [ 298.860584][ T3585] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 298.872866][ T3585] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 298.881640][ T3586] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 298.890828][ T3586] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 298.901058][ T3586] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 298.909820][ T3586] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 299.172204][ T27] audit: type=1804 audit(1718032165.002:271): pid=7898 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir1530467758/syzkaller.PgkJGG/316/control" dev="sda1" ino=1948 res=1 errno=0 [ 299.199769][ T7898] syz-executor.1[7898] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 299.199867][ T7898] syz-executor.1[7898] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 299.276187][ T3621] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 299.308139][ T38] device hsr_slave_0 left promiscuous mode [ 299.320361][ T38] device hsr_slave_1 left promiscuous mode [ 299.345977][ T38] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 299.362748][ T38] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 299.378692][ T38] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 299.388410][ T38] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 299.397639][ T38] device bridge_slave_1 left promiscuous mode [ 299.403943][ T38] bridge0: port 2(bridge_slave_1) entered disabled state [ 299.414297][ T38] device bridge_slave_0 left promiscuous mode [ 299.420551][ T38] bridge0: port 1(bridge_slave_0) entered disabled state [ 299.434937][ T38] device veth1_macvtap left promiscuous mode [ 299.443224][ T38] device veth0_macvtap left promiscuous mode [ 299.449360][ T38] device veth1_vlan left promiscuous mode [ 299.458048][ T38] device veth0_vlan left promiscuous mode [ 299.542999][ T3621] usb 3-1: Using ep0 maxpacket: 8 [ 299.584521][ T27] audit: type=1326 audit(1718032165.422:272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7899 comm="syz-executor.1" exe="/root/syz-executor.1" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2baba7cf69 code=0x0 [ 299.683530][ T3621] usb 3-1: config 179 has an invalid interface number: 65 but max is 0 [ 299.691839][ T3621] usb 3-1: config 179 has no interface number 0 [ 299.699377][ T3621] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 299.711587][ T3621] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 299.727621][ T3621] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 299.754894][ T3621] usb 3-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 299.776905][ T3621] usb 3-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 299.789795][ T3621] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 299.837501][ T38] team0 (unregistering): Port device team_slave_1 removed [ 299.843013][ T7895] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 299.879916][ T38] team0 (unregistering): Port device team_slave_0 removed [ 299.908060][ T38] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 299.938123][ T38] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 300.048195][ T38] bond0 (unregistering): Released all slaves [ 300.111087][ T3621] input: Generic X-Box pad as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:179.65/input/input12 [ 300.286588][ T4402] usb 3-1: USB disconnect, device number 7 [ 300.302621][ C1] xpad 3-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 300.310993][ C1] xpad 3-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 300.367632][ T4402] xpad 3-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 300.531197][ T7912] syz-executor.1 (pid 7912) is setting deprecated v1 encryption policy; recommend upgrading to v2. [ 300.547105][ T7912] fscrypt: key with description 'fscrypt:0000111122223333' has invalid payload [ 300.642824][ T7915] bridge0: port 3(bond0) entered blocking state [ 300.649277][ T7915] bridge0: port 3(bond0) entered disabled state [ 300.671357][ T7915] device bond0 entered promiscuous mode [ 300.682662][ T7915] device bond_slave_0 entered promiscuous mode [ 300.689187][ T7915] device bond_slave_1 entered promiscuous mode [ 300.709950][ T7915] bridge0: port 3(bond0) entered blocking state [ 300.716379][ T7915] bridge0: port 3(bond0) entered forwarding state [ 300.740896][ T7891] chnl_net:caif_netlink_parms(): no params data found [ 300.856605][ T3587] Bluetooth: hci2: command tx timeout [ 300.943172][ T3587] Bluetooth: hci0: command tx timeout [ 301.148237][ T27] audit: type=1804 audit(1718032166.982:273): pid=7926 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir2123738480/syzkaller.4V2CWg/13/control" dev="sda1" ino=1943 res=1 errno=0 [ 301.149902][ T7926] syz-executor.2[7926] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 301.215527][ T7891] bridge0: port 1(bridge_slave_0) entered blocking state [ 301.254512][ T7926] syz-executor.2[7926] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 301.254913][ T7891] bridge0: port 1(bridge_slave_0) entered disabled state [ 301.305528][ T7891] device bridge_slave_0 entered promiscuous mode [ 301.327709][ T7860] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 301.345107][ T7891] bridge0: port 2(bridge_slave_1) entered blocking state [ 301.352309][ T7891] bridge0: port 2(bridge_slave_1) entered disabled state [ 301.372490][ T7891] device bridge_slave_1 entered promiscuous mode [ 301.407236][ T7860] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 301.430403][ T7933] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.2'. [ 301.465916][ T7860] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 301.512520][ T7891] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 301.530929][ T7860] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 301.564802][ T7891] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 301.691226][ T7891] team0: Port device team_slave_0 added [ 301.715735][ T7891] team0: Port device team_slave_1 added [ 301.831076][ T7891] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 301.853190][ T7891] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 301.881046][ T7937] loop1: detected capacity change from 0 to 4096 [ 301.920599][ T7937] ntfs3: loop1: Different NTFS' sector size (2048) and media sector size (512) [ 301.930036][ T7891] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 301.959999][ T7860] 8021q: adding VLAN 0 to HW filter on device bond0 [ 301.983583][ T7937] ntfs3: loop1: Mark volume as dirty due to NTFS errors [ 302.011826][ T7891] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 302.023708][ T7891] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 302.109684][ T7891] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 302.127565][ T7937] ntfs3: loop1: ino=21, "memory.current" fallocate(0x11) is not supported [ 302.187730][ T4307] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 302.213003][ T3767] ntfs3: loop1: ntfs3_write_inode r=5 failed, -22. [ 302.223301][ T3570] ntfs3: loop1: ntfs_evict_inode r=5 failed, -22. [ 302.227962][ T4307] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 302.249627][ T7860] 8021q: adding VLAN 0 to HW filter on device team0 [ 302.313029][ T3619] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 302.321888][ T3619] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 302.323385][ T7944] program syz-executor.2 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 302.343290][ T3619] bridge0: port 1(bridge_slave_0) entered blocking state [ 302.350420][ T3619] bridge0: port 1(bridge_slave_0) entered forwarding state [ 302.392084][ T3619] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 302.431040][ T3619] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 302.453242][ T3619] bridge0: port 2(bridge_slave_1) entered blocking state [ 302.460378][ T3619] bridge0: port 2(bridge_slave_1) entered forwarding state [ 302.503129][ T4307] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 302.512011][ T4307] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 302.543007][ T4307] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 302.553607][ T4307] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 302.585640][ T4307] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 302.609239][ T7953] fscrypt: key with description 'fscrypt:0000111122223333' has invalid payload [ 302.654890][ T7891] device hsr_slave_0 entered promiscuous mode [ 302.683208][ T7891] device hsr_slave_1 entered promiscuous mode [ 302.711372][ T7891] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 302.721731][ T7891] Cannot create hsr debugfs directory [ 302.753989][ T7150] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 302.763761][ T7150] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 302.803511][ T7150] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 302.835218][ T27] audit: type=1804 audit(1718032168.672:274): pid=7958 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir1530467758/syzkaller.PgkJGG/332/control" dev="sda1" ino=1949 res=1 errno=0 [ 302.842358][ T7860] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 302.883928][ T7958] syz-executor.1[7958] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 302.884034][ T7958] syz-executor.1[7958] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 302.884152][ T7860] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 302.942844][ T3587] Bluetooth: hci2: command tx timeout [ 302.963565][ T4125] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 302.973108][ T4125] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 302.981863][ T4125] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 302.990756][ T4125] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 302.999682][ T4125] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 303.012710][ T3587] Bluetooth: hci0: command tx timeout [ 303.263230][ T7891] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 303.319875][ T7966] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT [ 303.402281][ T7891] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 303.586646][ T7891] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 303.621028][ T7974] loop1: detected capacity change from 0 to 64 [ 303.658668][ T4125] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 303.678865][ T4125] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 303.726706][ T7891] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 303.764890][ T7860] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 303.824413][ T4125] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 303.843404][ T4125] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 303.889125][ T7860] device veth0_vlan entered promiscuous mode [ 303.935042][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 303.941732][ T7978] fscrypt: key with description 'fscrypt:0000111122223333' has invalid payload [ 303.945152][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 303.979978][ T7860] device veth1_vlan entered promiscuous mode [ 304.015060][ T3619] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 304.025056][ T3619] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 304.033230][ T3619] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 304.044807][ T4125] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 304.198546][ T7891] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 304.239631][ T7891] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 304.276802][ T7982] loop1: detected capacity change from 0 to 256 [ 304.283469][ T4125] usb 3-1: Using ep0 maxpacket: 32 [ 304.300130][ T7860] device veth0_macvtap entered promiscuous mode [ 304.318490][ T7891] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 304.338637][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 304.353172][ T7982] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x207d53fc, utbl_chksum : 0xe619d30d) [ 304.366307][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 304.383534][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 304.408804][ T7891] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 304.423065][ T4125] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 304.438392][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 304.472776][ T4125] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 304.483532][ T4125] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 304.498931][ T4125] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 304.510634][ T7860] device veth1_macvtap entered promiscuous mode [ 304.515501][ T4125] usb 3-1: config 0 descriptor?? [ 304.563948][ T4125] hub 3-1:0.0: USB hub found [ 304.594708][ T7860] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 304.606240][ T7860] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 304.616901][ T7860] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 304.634773][ T7860] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 304.645655][ T7860] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 304.656850][ T7860] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 304.690152][ T7860] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 304.731708][ T7860] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 304.750630][ T7860] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 304.770398][ T7860] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 304.787470][ T4125] hub 3-1:0.0: 1 port detected [ 304.794957][ T7860] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 304.844732][ T3626] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 304.864778][ T3626] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 304.885391][ T7860] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 304.897394][ T7860] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 304.908163][ T7860] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 304.919062][ T7860] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 304.930394][ T7860] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 304.951399][ T7860] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 304.971669][ T7860] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 304.992497][ T7860] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 305.002462][ T7860] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 305.031895][ T3587] Bluetooth: hci2: command tx timeout [ 305.034171][ T7860] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 305.069887][ T7860] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 305.101917][ T4402] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 305.103780][ T3587] Bluetooth: hci0: command tx timeout [ 305.137861][ T4402] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 305.188560][ T7860] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 305.217909][ T7860] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 305.256211][ T7860] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 305.285301][ T7860] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 305.413280][ T28] INFO: task syz-executor.0:5220 blocked for more than 143 seconds. [ 305.430755][ T28] Not tainted 6.1.92-syzkaller #0 [ 305.446875][ T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 305.455871][ T4125] hub 3-1:0.0: activate --> -90 2024/06/10 15:09:31 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF [ 305.471237][ T28] task:syz-executor.0 state:D stack:21536 pid:5220 ppid:3575 flags:0x00004006 [ 305.562636][ T28] Call Trace: [ 305.565973][ T28] [ 305.568930][ T28] __schedule+0x142d/0x4550 [ 305.599658][ T28] ? __sched_text_start+0x8/0x8 [ 305.604623][ T28] ? print_irqtrace_events+0x210/0x210 [ 305.610117][ T28] ? _raw_spin_lock_irq+0xdb/0x110 [ 305.628975][ T28] ? do_raw_spin_unlock+0x137/0x8a0 [ 305.640643][ T28] schedule+0xbf/0x180 [ 305.647564][ T28] rwsem_down_write_slowpath+0xea1/0x14b0 [ 305.660732][ T28] ? rwsem_down_write_slowpath+0x9e3/0x14b0 [ 305.666790][ T28] ? down_write_killable_nested+0x90/0x90 [ 305.672786][ T28] ? read_lock_is_recursive+0x10/0x10 [ 305.679846][ T28] ? rwsem_write_trylock+0x166/0x210 [ 305.685434][ T28] ? clear_nonspinnable+0x60/0x60 [ 305.690495][ T28] ? btrfs_do_write_iter+0x948/0x12f0 [ 305.698734][ T28] ? do_pwritev+0x216/0x360 [ 305.703339][ T28] btrfs_inode_lock+0x49/0xd0 [ 305.708056][ T28] btrfs_buffered_write+0x229/0x1600 [ 305.713602][ T28] ? mark_lock+0x9a/0x340 [ 305.717995][ T28] ? print_irqtrace_events+0x210/0x210 [ 305.723555][ T28] ? kasan_quarantine_put+0xd4/0x220 [ 305.728884][ T28] ? btrfs_do_write_iter+0x12f0/0x12f0 [ 305.736694][ T28] ? __kmem_cache_free+0x25c/0x3c0 [ 305.741866][ T28] ? iomap_dio_complete+0x69e/0x7d0 [ 305.747575][ T28] ? iomap_dio_complete+0x69e/0x7d0 [ 305.754395][ T28] btrfs_do_write_iter+0xf3d/0x12f0 [ 305.759676][ T28] ? btrfs_check_nocow_unlock+0x40/0x40 [ 305.765317][ T28] ? common_file_perm+0x17d/0x1d0 [ 305.770401][ T28] ? fsnotify_perm+0x67/0x590 [ 305.775331][ T28] do_iter_write+0x6e6/0xc50 [ 305.779969][ T28] ? vfs_iter_write+0xa0/0xa0 [ 305.785088][ T28] ? rcu_read_lock_any_held+0xb3/0x160 [ 305.790616][ T28] do_pwritev+0x216/0x360 [ 305.795104][ T28] ? do_preadv+0x350/0x350 [ 305.799566][ T28] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 305.805828][ T28] ? print_irqtrace_events+0x210/0x210 [ 305.811349][ T28] ? syscall_enter_from_user_mode+0x2e/0x230 [ 305.830645][ T28] ? lockdep_hardirqs_on+0x94/0x130 [ 305.840542][ T28] ? __x64_sys_pwritev2+0xb9/0x100 [ 305.850706][ T28] do_syscall_64+0x3b/0xb0 [ 305.859838][ T28] ? clear_bhb_loop+0x45/0xa0