last executing test programs: 26.033123805s ago: executing program 3 (id=334): bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e0000000400000008"], 0x48) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xd, &(0x7f0000000f80)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000001007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000085000000a000000095"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={0xffffffffffffffff, 0x0, 0x0}, 0x20) 25.652128629s ago: executing program 3 (id=338): mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0) execve(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) r0 = socket$inet6(0xa, 0x3, 0x40) bind(r0, &(0x7f0000000000)=@hci={0xa, 0x0, 0x2}, 0x80) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e22, 0x6}, 0x1c) 25.312034431s ago: executing program 3 (id=341): r0 = add_key$user(&(0x7f0000000040), &(0x7f0000000180)={'syz', 0x0}, &(0x7f0000000480)='4', 0x1, 0xfffffffffffffffb) pipe2$watch_queue(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) ioctl$IOC_WATCH_QUEUE_SET_SIZE(r2, 0x5760, 0x1f) keyctl$KEYCTL_WATCH_KEY(0x20, r0, r2, 0x5b) read$watch_queue(r1, &(0x7f0000000240)=""/16, 0x10) keyctl$revoke(0x3, r0) 25.120068018s ago: executing program 3 (id=345): mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./bus\x00', 0x0) openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x42, 0x0) mount$overlay(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000000)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@metacopy_on}]}) linkat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file1\x00', 0xffffffffffffff9c, &(0x7f00000003c0)='./file0/file2\x00', 0x1000) acct(&(0x7f0000000140)='./file0/file2\x00') 24.816099699s ago: executing program 3 (id=348): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r0, 0x39b3) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="12000000040000000400000012"], 0x48) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000048c0)={r1, &(0x7f00000047c0), &(0x7f0000004880)=@udp=r0}, 0x20) recvmmsg(r0, &(0x7f0000001b40)=[{{0x0, 0x0, 0x0}, 0x6}, {{0x0, 0x0, &(0x7f0000000b00)=[{&(0x7f0000000340)=""/83, 0x53}], 0x1}, 0x81}], 0x2, 0x21, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x19, &(0x7f0000000280)=0x1, 0x4) 24.388455155s ago: executing program 3 (id=353): r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r1, &(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8822d55593a2179}, 0xc) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="3c010000190001000000000000000000e0000001000000000000000000000000fe8000000000000000000000000000aa4e220000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000104000000000000feffffffffffffff030000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000008400050020010000000000000000000000000000000000002b00000000000000000000000000000000000000000500000000000002000700000000000000000000000000e00000020000000000000000000000004000000033"], 0x13c}, 0x1, 0x0, 0x0, 0x20000000}, 0x20040880) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4e21, 0x20000000, @dev={0xfe, 0x80, '\x00', 0x1e}, 0x8}, 0x1c) 23.94325812s ago: executing program 32 (id=353): r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r1, &(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8822d55593a2179}, 0xc) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="3c010000190001000000000000000000e0000001000000000000000000000000fe8000000000000000000000000000aa4e220000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000104000000000000feffffffffffffff030000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000008400050020010000000000000000000000000000000000002b00000000000000000000000000000000000000000500000000000002000700000000000000000000000000e00000020000000000000000000000004000000033"], 0x13c}, 0x1, 0x0, 0x0, 0x20000000}, 0x20040880) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4e21, 0x20000000, @dev={0xfe, 0x80, '\x00', 0x1e}, 0x8}, 0x1c) 4.335788782s ago: executing program 0 (id=483): r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r1) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000d80)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="010426bd7000f8dbdf250200000008000100", @ANYRES32=r3], 0x1c}}, 0x4008054) write$nci(r0, 0x0, 0x0) 2.312404266s ago: executing program 2 (id=492): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000140)={0x1, 0x9005}, 0x4) syz_emit_ethernet(0xbe, &(0x7f0000000000)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x23}, @remote, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698d0a881c51852e4451b57d037ad3c045942824251d7d17b5191584bcd4fbe40a23424d", "bcfd56f1375461caaa2f19935e6996c7096ffeeb0300000000000064", {"9a3bfbc1d19cb307b3472ab9cdb042d2", "643fcbb2c5a57df67d074af6e8dafe09"}}}}}}}, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x2, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2b}, 0x94) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x7}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 2.299495557s ago: executing program 1 (id=493): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000080)=0x1, 0x4) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000000)=0x1, 0x4) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x58}}, 0x10) sendto(r0, &(0x7f0000000140)='A', 0xfffff, 0x40008c1, 0x0, 0x0) recvmmsg(r0, &(0x7f0000000d00)=[{{0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000004140)=""/4096, 0xfffffd76}, {0x0, 0x12}], 0x2}, 0x5}], 0x1, 0x102, 0x0) 2.067957265s ago: executing program 1 (id=495): syz_mount_image$udf(&(0x7f00000004c0), &(0x7f0000000500)='./file0\x00', 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='shortad,partition=00000000000000000005,noadinicb,uid=', @ANYRESDEC=0x0, @ANYBLOB=',gid=', @ANYRESDEC=0x0, @ANYBLOB=',volume=0000000000000006,\x00\x00\x00\x00\x00'], 0x1, 0x489, &(0x7f0000000580)="$eJzs29trHOUfx/HPd7K72Wz7+3XbpmmVgquCSsWaQ4/Gix5iqNCkOTQiRYWYbOLSnMimkhTR4o233ngjIgoKUkULIt54pb3zD1AQBL3wQgT3wgMIgszszM5ks2nS7iHd9v2CdifPfGfmOewzz7M7zwoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEinnjrZ2WVbnQsAANBIg6Mjnd2M/wAA3FXO8/kfAADgbmJy9L1MfSMFG/D+Lkqezc1dWh7r6698WJt5R7Z48e6/ZFd3z6HDR44eC15vfHyt3aNzo+dPZk7Pzy4sZvP57GRmbC43MT+Z3fQZqj2+3AGvAjKzFy9NTk3lM90He1btXk7/0rqtI917tOOEE8SO9fX3j0ZiYvFbvvoa683wE3K0T6bfHvrUBiU5qr4uNnjv1FubV4gDXiHG+vq9gszkxueW3J1DQUU4fll9iaCOGtAWVWmX3HxZojaf2eJydEKmjp8Ldk5SS1APj3pfDK9/YKwml79lbj6fl/SAmqDNbmOtcvSjTLM7khra+mZFg8XkaFmmP3oLNuzdD9z+5N42zz6TeXpuaj4SO2R+j2r28aGRbvN7U1KOBr07fsFGtjozaDh3svSWTHs+ftmbV8ibl+7oPfrEcE90hrF3g/O4sQf9+eNmxuS4HztkQ2ZO7csFAAAAAAAAQGo1R9/JVPgqEyamTU7kkXFSxQdDma3JIoB6MUdvyzQ8UvC+ho+uS2mJrO8pafZnf/XNf1vy9PzCymJu+qWlivtTyZMv5pcWxycq71abe59tiaZstI6lSnFzlJDpuT8/stJ1i/d/fylAmJsPnwzXzCTLr++9b/5fXM8UPEM6fmFvdLtilm/i+ah7TTNHSzKd2rXPX6uS0po6UzHuc5l+f2+/H+ck3MwHp00XzziVm8l2urFfy/T+v0GstyxK2/zY3WFslxtrMr05sDp2ux/bHsZ2u7H9Ml1/oXLsnjC2x419XaaFXzNBbMqNvc+P7QhjD07Mz0xWqkrgZrn9/yeZ3m3PWNA3YsX339r+/0o4FlwpP9E6fb7a/p+OpF3x+/UFt///tc/ry17/dyr3/zdk+uSL/X5cse8l/P07vf/D/v+sTNPfro5N+bG7wtiuTVdsk3Dbf79MZ/ZcK9WN3/5+C4StFm3/e8vfHXVq/52RtLR/3dbaFB2S8iuXL47PzGQX2WCDDTZKG1t9Z0IjuOP/Z+4s6ssfSvMdf/z3P6aEM6u/Xw3H/97yE9Vp/N8VSev1ZyPxmJRcml2I75WS+ZXLj+Vmx6ez09m5Q51HOg8fOt51/Fg8EUzuwq2q6+pO5Lb/NzL9s+1q6fPu6vlf5fl/qvxEdWr/3ZG01Kr5StVFh9/+V2W6//q10vcSN5r/B9//PPJg8bXUP+vU/u2RtLR/3f/VpugAAAAAAAAAAAAAAAAA0NTi5ugDmc48HrPgt2abWf+35gdodVr/1RFJm2zQ7xWqrlQAaAKOHL0j08Mq2GtuwnZpIPqKO9p/AQAA//9HASOO") syz_mount_image$udf(&(0x7f0000000100), &(0x7f0000000f00)='./file0\x00', 0x14444, &(0x7f0000001d80)=ANY=[@ANYBLOB="696f636861727365743d61736369692c6e6f6164696e696362000064696e6963622c6769643d69676e6f72652c7569643d666f726765742c756d61736b3d30303030303030303030303030303030303030303030322c076f6e6761642c6769643d771d0f4d30dc61469a581342d98a7a4c3534a971c3e26de72edc9ec3db403d8b2e970b9dcea448ddbb5a116ce6f67d99a77aa50bce7fc5451bcf5b13e9698d80385c54fff77d38aa9703314cd19a075893a1648dd8ef78a118122ee7a0e400"/203, @ANYRESDEC=0x0, @ANYBLOB=',nostrict,\x00'], 0xfe, 0xc22, &(0x7f00000002c0)="$eJzs3UFsHNd9B+D/Gy1FSm4rJk5Uu43bTVukMmO5sqSYilW4q5pmG0CWiVDMLQBX5EpdmCIJkmpkI22YXnroIUBR9JATgdYokKKB0RRBj2zrAsnFhyKnnogWNoKiB7YIkFPAYGbfikuKsmhTpCj7+2zqNzvz3sx7M+sZWdCbFwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAxO+/fOnMc+lhtwIAOEhXxr985qznPwB8rFz1//8AAAAAAAAAAAAAAHDYpSji8Ugxf2U9TVafOwYut2dv3Z4YGd252rFU1TxSlS9/Bp47e+78F54fvtDN96//oD0Zr45fvVR/ae7m/EJrcbE1XZ+YbU/NTbd2vYe91t9uqDoB9Zuv3Zq+fn2xfvbZc1s23x58r/+xk4MXh58+/VS37MTI6Oh4T5la34c++l3uNcLjaBRxOlI8890fp2ZEFLH3c3Gf785+O1Z1YqjqxMTIaNWRmXZzdqncONY9EUVEvadSo3uODuBa7EkjYrlsftngobJ74/PNhea1mVZ9rLmw1F5qz82OpU5ry/7Uo4gLKWIlItb6795dXxRRixTfPrGerkXEke55+Hw1MPje7Sj2sY+7ULaz3hexUjwC1+wQ648iXokUP3m7iKnynOWf+FzEK2V+P+LNMl+MSOUX43zEuzt8j3g01aKIvyiv/8X1NB0RGyc660frl79S/9Ls9bmest37yiP/fDhIh/zeNBBFNKs7/nr68L/ZAQAAAAAAAAAAAAAAAOBBOxZFPBkpXv6PP67GFUc1Lv3ExeE/GPzF3jHjT9xnP2XZZyNiudjdmNyjeQjxWBpL6SGPJf44G4gi/iSP//vmw24MAAAAAAAAAAAAAAAAAADAx1oRP4oUL7xzKq1E75zi7dkb9avNazOdWWG7c/9250zf2NjYqKdONnJO5lzOuZJzNedazihy/ZyNnJM5l3Ou5FzNuZYzjuT6ORs5J3Mu51zJuZpzLWfUcv2cjZyTOZdzruRczbmWMw7J3L0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB8lRRTxs0jxra+tp0gR0YiYjE6u9nfLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPU38q4nuRov6HjTvrahGRqn87TpW/nI/G0TI/GY3hMl+MxqWczSprjW/e92hpX/rAh9eXivhhpOgfeOvO1cnXv6/zafOavfn1zU+/Uuvkke7Gwff6Hzt54uLw6K89ca/lHa/+0OX27K3b9YmR0dHxntW1fPRP9qwbzMctHkzXiYjF1994rTkz01qw8PFYqHUWanFI2nNQC/l+FYelPdsXGoejGZsLD/nGxIEon//vRorfeec/uw/87vP/Fzqf7jzh46d/uvn8f2H7jvbp+f94z7oX8u9G+moRA0s35/tORgwsvv7G6fbN5o3Wjdbs+TNnvjg8/MVzZ/qORgxcb8+0epb2fKoAAAAAAAAAAAAAAAAADlYq4vciRfOH66keEber8VqDF4efPv3UkThSjbfaMm7r1fGrl+ovzd2cX2gtLram6xOz7am56dZuDzdQDfeaGBndl87c17F9bv+xgZfm5l9faN/4o6Udtx8fuHRtcWmhObXz5jgWRUSjd81Q1eCJkdGq0TPt5mxVdewBvUqhLxXxX5Fi6nw9fTavy+P/to/w3zL+f3n7jvZp/N8netaVx0ypiJ9Git/+yyfis1U7j8dd5yyX+9tIMXThM7lcHC3LddvQea9AZ2RgWfb/IsU//mxr2e54yMc3yz636xP7iCiv/4lI8b0//078Rl639f0PO1//49t3tE/X/1M9645veV/BnrtOvv6nI8WLj78Vv5nXvd/7P4rY2Nj4RsSpXPjO+zn26fp/umfdYHSO+1sPrvsAAAAAAAAAAACPrL5UxN9FiqdGa+n5vG43f/9vevuO9unvf/1yz7rpA5qvaM8nFQAAAAAOib5UxI8ixY2lt+6Mod46/rtn/Ofvbs69PpK2ba3+nO+XqvcGPMg//+s1mI87ufduAwAAAAAAAAAAAAAAAAAAwKGSUhHP5/nUJ+8zn/pqpHj5f57J5dLJslx3HvjB6teBK3Ozpy/NzMxNNZea12Za9fH55lSrrPupSLH+N5/JdYtqfvXufPOdOd4HNrpzsS9EitG/75btzMXenZu8Mx94Zy72suwnIsV//8PWst15rD+9WfZsWfavI8VX/3nnsic3y54ry34nUvzgq/Vu2eNl2e77UTvvJB2oxUzr2am5mbtehQoAAAAAAAAAAAAAAAAAAAAfVF8q4s8ixf/eXInlPOw/z//fnYG/1i375td75vvf5nY1z/9gNf//vZY/zPz/gw+spwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8OhIUcQbkWL+ynpa7S8/dwxcbs/euj0xMrpztWOpqnmkKl/+DDx39tz5Lzw/fKGb71//QXsyXh2/eqn+0tzN+YXW4mJruj4x256am27teg97rb956jqGqhNQv/narenr1xfrZ589t2Xz7cH3+h87OXhx+OnTT3XLToyMjo73lKn1fYCjf6DGbToaRfxVpHjmuz9O/9IfUcTez8V9vjv77VjViaGqExMjo1VHZtrN2aVy41j3RBQR9Z5Kje45OoBrsSeNiOWy+WWDh8rujc83F5rXZlr1sebCUnupPTc7ljqtLftTjyIupIiViFjrv3t3fVHEa5Hi2yfW07/2RxzpnofPXxn/8pmz925HsY993IWynfW+iJXiEbhmh1h/FPFPkeInb5+Kf+uPqEXnJz4X8UqZ3494s8wXI1KK2PhGxLs7fI94NNWiiP8vr//F9fR2f3k/6N5XLn+l/qXZ63M9Zbv3lV09H3793sd86M+Hg3TI700DUcQPqjv+evp3/10DAAAAAAAAAAAAAAAAHCJF/GqkeOGdU6kaH3xnTHF79kb9avPaTGdYX3fsX3fM9MbGxkY9dbKRczLncs6VnKs513JGkevnbOSczLmccyXnas61nHEk18/ZyDmZcznnSs7VnGs5o5br52zknMy5nHMl52rOtZxxSMbuAQAAAAAAAAAAAAAAAAAAHy1F9U+Kb31tPW30d+aXnoxOrpoP9CPv5wEAAP//N4D+uw==") setrlimit(0x1, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x129242, 0x30) rename(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000f40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') pwrite64(r0, &(0x7f0000000180)="f6112b", 0x3, 0x80000000e0) 1.582776292s ago: executing program 1 (id=497): r0 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000180)=0x80000004, 0x4) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x33, &(0x7f0000000000)={0x1, &(0x7f0000000140)=[{0x6, 0x0, 0x1, 0x101}]}, 0x10) bind$inet6(r0, &(0x7f0000000200)={0xa, 0x4e20, 0x1, @empty, 0x8}, 0x1c) bpf$ENABLE_STATS(0x20, 0x0, 0x0) syz_emit_ethernet(0x3e, &(0x7f0000000340)={@broadcast, @multicast, @void, {@ipv6={0x86dd, @udp={0xa, 0x6, '\x00', 0x8, 0x11, 0x0, @dev={0xfe, 0x80, '\x00', 0x29}, @local, {[], {0x4e1f, 0x4e20, 0x8}}}}}}, 0x0) 1.415873329s ago: executing program 4 (id=498): r0 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000300)=0x18000, 0x4) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f00000000c0)=0x1, 0x4) connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x3a}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000100)=0x8, 0x4) 1.276133394s ago: executing program 2 (id=499): r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000100), 0x2) r1 = memfd_create(&(0x7f0000000340)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\xdenJ\xeb\x87\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38\x14\xcb\xfa\xb3j\x92\f\xe0\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf0\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x2) ftruncate(r1, 0xffff) fcntl$addseals(r1, 0x409, 0x7) r2 = ioctl$UDMABUF_CREATE(r0, 0x40187542, &(0x7f0000000080)={r1, 0x0, 0x0, 0x4000}) ioctl$DMA_BUF_IOCTL_SYNC(r2, 0xc0086202, &(0x7f00000002c0)=0x1) 1.248466575s ago: executing program 4 (id=500): syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYBLOB="040e05003e20"], 0x8) socketpair$unix(0x1, 0x2, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$dsp(0xffffff9c, 0x0, 0x8a880, 0x0) socket$packet(0x11, 0xa, 0x300) bpf$MAP_CREATE(0x0, 0x0, 0x50) 1.200058156s ago: executing program 1 (id=501): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500)={r1}, 0xc) 1.10090931s ago: executing program 0 (id=502): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000180)=ANY=[], 0x8) connect$inet6(r0, &(0x7f00000004c0)={0xa, 0x0, 0x0, @mcast2, 0x7}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)='bridge0\x00', 0x10) sendmmsg$inet6(r0, &(0x7f0000000040)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000500)="82", 0x1}, {&(0x7f0000000180)='K', 0x1}], 0x2}}], 0x1, 0x4400c800) sendto$inet6(r0, &(0x7f0000000300), 0x16, 0x3b00, 0x0, 0xfffffffffffffdfd) 1.10058489s ago: executing program 4 (id=503): r0 = socket(0xa, 0x3, 0xff) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x20, 0x3, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x99ee}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000500)={r1, 0x0, 0x2d, 0x0, @val=@netfilter={0xa, 0x4, 0x600, 0x1}}, 0x20) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x2, @loopback, 0x6}, 0x1c) syz_open_procfs(0x0, &(0x7f0000000080)='comm\x00') sendmmsg$inet6(r0, &(0x7f0000000740)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000040)="5e546507da932c3e8c628a600b17cbe584d2f93ce23f60e91af3fbcf0e16db6e759d420151c6c575", 0x77}], 0x1}}], 0x1, 0x4046040) 1.072165101s ago: executing program 2 (id=504): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x1, 0x8000}, 0x4) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'ip6gretap0\x00', 0x0}) sendto$packet(r1, &(0x7f0000000180)="0b032200e0ff25000200475400f6a13bb10000a8880008004803", 0x10000, 0x0, &(0x7f0000000140)={0x11, 0x0, r2}, 0x14) 1.000104054s ago: executing program 1 (id=505): r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) syz_mount_image$ext4(&(0x7f0000000700)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x8052, &(0x7f0000000000)={[{@noauto_da_alloc}, {@init_itable_val={'init_itable', 0x3d, 0x4004}}, {@barrier_val={'barrier', 0x3d, 0x5}}]}, 0x43, 0x4f7, &(0x7f00000000c0)="$eJzs3U9sFNUfAPDvbP/z50d//PihIGoRjY3EFgoKBxOD0cSDJkZM1GPTFoIUatqSCEGzJAaPhsS78ejVg1f1QownE694NDEkxHABTIxrZndmu7vdLXTZdsF+Psl235vZmffevnmzb97bnQawYY2kf5JK+FpEbIuIQuMLRipPt29enLpz8+JUFEul438k5c1upfFMtpvYnEVGCxGFT5OlFTUWzl84PTk7OzOfxccXz3w4vnD+wvOnBrMlR48ePnTwyIsTL6y+UE3SS8t1a/cnc3t2vf7+lTenevPleWq15eiUkRhplpWyZzqdWJdtrQknvV3MCKuSHv9pdfWV2/+26ImVKq+4jjkD1lqpVCoNtF5dLDW6tGwJ8NBKots5ALoj/6BPr3/zR7OOQP/adD+67saxygVQWu7b2SPiyfLCfBykr+H6tpNGIuK94p9fpo9Yo3EIAIBa3x/Le4IN/b/hyszIX+euvpw+/yebQxmOiP9GxPaI+F9E7IiI/0fEzoh4JCIebdh/T0SUVki/cbS5mn51EqpwvUNFbSrt/72UzW0t9f/qMjDck8W2RuQd5pkD2XsyGn0DJ07NzhxcIY0fXv3l81bravt/6SNNP+8LZvm43tswQDc9uTjZdoEb3LgUsbu3sfxJb0RSrZskInZFxO5V7He4Jnzqua/3VCN99a+7e/nLSk3n0Towz1T6KuLZSv0Xo67+l1JM6uYnz0yenDk5c3aiOj85PhizMwfG06PgQNM0fvr58lut0r9r+b/9rXGT1458dzxrWfcvrf9NkRRrj/3N1VKXDScRSXW+dmH1aVz+9bOW1zTtHv/9yTvlcH5d+tHk4uL8wYj+5I3lyyeWts3j6XMUK+Uf3de8/W/PtknficciIj2IH4+IJ6JyhZjmfW9EPBUR+1Yo/4+vPP1B++VfW2n5pxvOf5War6v/ynx9f8zMLx0I9YEkmxusLBmqXdVzeu+1Oy1OHvdW/4fLodFsyfLzX5rDpO4UsTyDlUD+aZcu+bsj7yAAAAA8+AoRsaVmLGlLFApjY5UxoB2xqTA7t7C4/8TcubPT6bqI4egr5CNdlfHgviQf/xyuiU80xA9l48Zf9AyV42NTc7PTXS05sLnc5pPCWMS7PTXtP/V7Z4aYgQeZ32vBxrVS+0878TuvrGNmgHV175//Vz9e04wA666m/bf6hX+xje99AQ8B1//A0tfz736jH+cMePiVtGXY0FbV/ve7CSD8m/TG29Vwoas5Adab/j9sSK1+zt+ZQGmg+arBWP7iGFx5hz3RXjaGmqTVlUDas+pK6kPtbJXfTaHla6Kwuh0ORGfq9MR9vhvF+YWTOzt+8Jey78q3t3m0vGPFN+vSTpsFas8SI63+jQUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAD758AAAD//y283iw=") r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) getdents64(r1, &(0x7f0000000080)=""/109, 0x6d) 872.782558ms ago: executing program 4 (id=506): syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000280)='./bus\x00', 0x4000, &(0x7f0000000300)=ANY=[], 0x3, 0x2cb, &(0x7f0000000ac0)="$eJzs3U9LW1kYx/GfJmNiHE0Ww8AMDHOY2cxsgpN5ATNhUBgmMMUaabsoXOtNG3KbyL3BEik1m9JtX4d02V2h7RtwU7rpvjspFLpxUXqL9yaaaJLGkD9avx+Q8yTPeXKO5ihPLiTuX3t8t1Tw0gWrqum40bRU14GUOowaphrjdBDPqFVdv899ePPT1es3/svmcksrxixnV//MGGMWfn5+7/6TX15W59aeLjyLaS91c/995u3ezN4P+59W7xQ9U/RMuVI1llmvVKrWumObjaJXShtzxbEtzzbFsme7bfmCU9ncrBmrvDGf2HRtzzNWuWZKds1UK6bq1ox12yqWTTqdNvMJXW7RPubkd1dWrGzXtB8Z6o4wcrOd7nTdbL1zMr87hj0BAIBzpnf/H/b63fv/3Fo4nqX///7L/b9E/z8i9bZbXfr/b8e4IYyc62atROP3tx39PwAAAAAAAAAAAAAAAAAAAAAAF8GB7yd9308ejo27gtsxSXFJfiN/VNDP28pxYbQ+/37LV9fnP/TXhLaLIWt5415cch5t5bfy4RjmswUV5cjWopL6GJyHhjBe/je3tGgCKb1wdhr1O1v5iGLN+qZUp/qpqBQ+QHv9N0q0rp9RUt91Xj9jOtXP6LdfW+rTSurVLVXkaCM418f1D/4w5p//cyfqZ4N5AAAAAAB8DdLmyKnX70E+mBDX6XxY33J9wPf9nV7XB068vo7qR64lAgAAAAAwFl5tu2Q5ju0OEMQkDVYuDbxor8D3paE+4EBBRJNcvVvwt6RzsI1xBXE1z5gZpPydznRE/T7mRCVN/MdyhmDSf5kAAAAADJtX2z7+Bz/9ev1wRLsBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBy6vfzwJrzT6WaiZ6f9nckMvZvEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADhHPgcAAP//ps0YVA==") mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1/file3\x00', 0x1c0) chroot(&(0x7f0000000040)='./file0/file3\x00') accept4$alg(0xffffffffffffffff, 0x0, 0x0, 0x800) umount2(&(0x7f0000000180)='.\x00', 0x0) 871.899798ms ago: executing program 0 (id=507): r0 = socket(0x10, 0x803, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000003c0)=@getchain={0x24, 0x66, 0x0, 0x0, 0x2000}, 0x24}, 0x1, 0x0, 0x0, 0x801}, 0x4000) getsockname$packet(r0, &(0x7f0000000740)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000900)=0x14) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=@newlink={0x38, 0x10, 0x401, 0x70bd2c, 0x0, {0x0, 0x0, 0x0, r2, 0x0, 0x1114}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x8, 0x2, 0x0, 0x1, [@IFLA_IPTUN_COLLECT_METADATA={0x4}]}}}]}, 0x38}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x25dfdbfd, {0x0, 0x0, 0x0, r2, 0x100, 0xac}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_ENCAP_TYPE={0x6, 0xf, 0x3}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40001}, 0x20004090) 845.10731ms ago: executing program 2 (id=508): r0 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r0, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r1, @ANYBLOB="01000000000000001c0012000c000100626f6e64"], 0x3c}}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000240)=@newlink={0x48, 0x10, 0xff05, 0x0, 0x0, {0x0, 0x0, 0x4a00}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @batadv={{0xb}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r1}, @IFLA_ADDRESS={0xa}]}, 0x48}}, 0x0) 580.119869ms ago: executing program 0 (id=509): write$FUSE_NOTIFY_RESEND(0xffffffffffffffff, &(0x7f0000000040)={0x14}, 0x14) syz_mount_image$vfat(&(0x7f0000000ec0), &(0x7f0000000180)='./bus\x00', 0x420c, &(0x7f0000003240)=ANY=[], 0x6, 0x36c, &(0x7f00000023c0)="$eJzs3c9rK1UUwPGTNMlL8nhNFqIoSC++jW6GNroWg7wHQsBHXyO2gjBtJxoyJmUmVCNi25Vbce9KcFG6s+CioP0HunGnGxHcdSO4sAt1ZH4lk2SSpjE1vvb7gZKbe++Z3Jt7C2fSTub87c8/aNRsraa3JZlVkhARuRApSlJCieAx6ZUzErUvL939/cfnH69Xs36Felhee7mklFpc+u7DT3JBt5M7clZ89/y30q9nT589e/732vt1W9Vt1Wy1la42Wz+39U3TUNt1u6Ep9cg0dNtQ9aZtWH77N8FxzNbOTkfpze17+R3LsG2lNzuqYXRUu6XaVkfp7+n1ptI0Td3Lyzjpsa23RfVwdVUvTxm8NePB4JpYlqMviEhuqKV6OJcBAQCAuRrM/5NuSj9N/r8hi5XKg1Xldu7l/0cvnLbvvnW8GOT/J5m4/P+Vn/xj9eX/7ulEL/9v+ecHtcvz/y9lovzfN5wR3S5T5//FaxgMprOUGapK9D2zrLKeD35/PQfvHC17BfJ/AAAAAAAAAAAAAAAAAAAAAACeBBeOU3AcpxA+hj+9SwiC57iRsiPW/47b5q6+w/rfZI/XNyTrXbjnrrH52W51t+o/Bh1ORcQU4y9nkLs3wiuPlKso35t7QfzebnXBaynXpO7Gy4oUpOjtp0i84zx8o/JgRfmC+O5lSvlofEkK8lQ0/ltvd7rxpf744PUz8uL9SLwmBflhS1piyrYX2Xv9T1eUev3NykB8zusnIr/854sCAAAAAMCMaaor9vxd00a1+98yUq55HxMZsiwF+TP+/H459vw8VXguNe/ZAwAAAABwO9idjxu6JA3LK5hmXCEnI5viC7mrdE711aRFJLZzZqAmPe7IC5EZTjgMPSP+HUyuNNOYwlfhu3qVqPAfKdyBd5uCO6rIdOMJ5+/VJFLTTsc0E/vibYD9aFNSJghPDQ5+ya1QsZ3vjzzOQTCRbk34sVFmxPssj4aPkxyzE9JDNU5iug3wzBdf//Fv90+v8OpxsAM+urzzgWk4ezLJogwU3JcYbuL2OAAAAMAN1Ev6w5rXos3RG4lEb5bDX+4BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJihmXxR2SWFec8RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+L/4JwAA//94DPMO") r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x442, 0x0) pipe2(&(0x7f0000000000)={0x0, 0x0}, 0x0) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x9) splice(r0, &(0x7f0000000040)=0x10, r1, 0x0, 0x807, 0x0) 579.869119ms ago: executing program 1 (id=510): syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800714, &(0x7f0000000000)={[{@nobarrier}]}, 0xff, 0x4a5, &(0x7f0000000bc0)="$eJzs3E1oHFUcAPD/bJJ+t4m1VltbjVax+JE06Yc9eFBR8KAg6KEeY7KttdtGkgi2BI0i9SgF7+JR8OjJmxdRDyJ4VfAohaJBaOopMl/pNtlNkzTpttnfDzb73szsvvefeW/zdt7OBNC2etM/ScS2iPg9Irrz7I0b9OZPM9OTw9emJ4eTmJ194+8k2+7q9ORwuWn5uq1F5mAlovJpEs8nC8sdP3/hzFCtVh0r8v0TZ9/rHz9/4ZnTZ4dOVU9Vzw0eP37k8MCzxwaPLjumzQ2WpXFd3fvh6L49r7x16bXhE5fe/umbtFq79+fr6+O4qWsNAmqgN91r/8xm5q97fMmF3R2216WTzhZWhGXpiIj0cHVl/b87OuL6weuOlz9paeWANZX+b9rYfPXULLCOJdHqGgCtUf6jT7//lo/bNPS4I1x5IWJDkZ6ZnhyemYu/MyrF8q41LL83Ik5M/fdl+ojlnocAAFiBbGzzdKPxXyV2Z8/5XMeOYg6lJyLuiYidEXFvROyKiPsism3vj4gH8hfPdi+x/N55+YXjn8rlhnVeJen477m6sd9MXfzFU09Hkduexd+VnDxdqx4q9snB6NqY5gcWKeP7l377vNm6+vFf+kjLL8eCRQUud+Yn6MphaowMTQyt1k648nHE3s5G8SdzMwFpC9gTEXuX99Y7ysTpJ7/e12yjm8e/iFWYZ5r9KuKJ/PhPxbz4S0mT+cm0jR8bPNq/KWrVQ/1lq1jo518vvt6s/FuKfxWkx3/Lje1/3hbd/yb5fG1X1GrVsfHll3Hxj8+afqdZRvufk7b/Dcmb2Zz1L+/kyz4YmpgYG4jYkLya5cvOki0fvP7aMl9un8Z/8EDj/r+zeE0a/4MRkTbi/RE7HoqIh4u6PxIRj0bEgUXi//HFx95dJP4kkmjp8R9p+Pk31/57kvr5+hUkOs788F2zGfOlHf8jMZV91uayz7+bWGoFb3H3AQAAwF2hEhHbIqn05enebVGp9PXlv+HfFVsqtdHxiadOjr5/biS/RqAnuirlma7uuvOhA8lU8Y55frA4V1yuP1ycN/6iY3OW7xserY20OHZod1tv7P9R9v/UXx2trh2w5prPoy1yaQCwLszv/5UW1QO4/ZbyOxrfBWB9atD/G91DA1iH3K8F2lej/v/RvPyC8b8RAqwLC/v/nw1uWQesR8b/0L70f2hf+j+0pVu5rn/lifJigZW/z6YlX+HfLonyjhdrWdbmuL4kKi0Pee0TEfHtHVCN6ljaY25voXU3HAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALiL/R8AAP//bDTlOQ==") mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3001009, 0x0, 0x0, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) mount$bind(0x0, &(0x7f0000000100)='.\x00', 0x0, 0x21, 0x0) removexattr(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000240)=@known='system.posix_acl_access\x00') 398.302046ms ago: executing program 0 (id=511): syz_io_uring_setup(0xbd9, &(0x7f0000000640)={0x0, 0xe826, 0x800, 0x1, 0x3c3}, 0x0, 0x0, 0x0) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_LBT_MODE(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000740)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="04"], 0x14}, 0x1, 0x0, 0x0, 0x44}, 0x0) syz_genetlink_get_family_id$nfc(&(0x7f0000000cc0), r0) r1 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f00000012c0), r0) sendmsg$NLBL_MGMT_C_VERSION(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="030f000000000000000008000000150001"], 0x2c}}, 0x0) 386.884306ms ago: executing program 4 (id=512): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0xa, 0x1, 0x8, 0x8, 0x40}, 0x50) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0900000005000000080000000f"], 0x50) close(0x3) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1900000004"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r1}, 0xc) 171.744304ms ago: executing program 0 (id=513): bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="9feb01001800000000000000288100000000000002000000020000000000001103000000ffffffff0000000000000003000000000100000001000000060000000000e1e0d8bd435ec25d15a327621f5753"], 0x0, 0x42}, 0x28) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000cc0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_mount_image$udf(&(0x7f0000000c40), &(0x7f00000000c0)='./file1\x00', 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='noadinicb,nostrict,mode=00000000000000000000004,uid=forget,noadinicb,umask=00000000000000040002000,lastblock=00000000000000000013,undelete,partition=00000000000000000005,\x00', @ANYRES32], 0x47, 0xc15, &(0x7f0000001940)="$eJzs3V1sZOdZB/DnnWPHY6e0TtNuWmjKSEXtymWj/equq0WVt3ENlbabql5X5Koef+x2FO94ZXvppkBlQAWJm4rcIG6QRYlA6gVXhEtcGqRWCAlVvSgXSJZoo1xw4YtKCFBqdM68Y493vVk3G39s8vtFzv/MmeeM34/xmWNpX58AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACI++7nLp8+ko24FAHCYrk5+6fQ5n/8A8K5yze//AAAAAAAAAAAAAABw3KUo4kSkGHplM01XjzvqV1rt23emxif2PmwwRYpaFFV9+VU/c/bc+U9duDjazTc//u324Xhu8trlxrOLN28tzS8vz881ptqt2cW5+X2/wsMef7eRagAaN1+4PXf9+nLj7DPndj19Z/i1gcdPDF+6eOrCaLd2anxiYrKnpq//LX/3e9xvhcdjUUQzUrwx/HpqRkQtHn4sHvDeOWiDVSdGqk5MjU9UHVloNdsr5ZOplqtqEY2eg8a6Y3QIc/FQxiJWy+aXDR4puzd5q7nUnFmYb3yxubTSWmkttlOt09qyP42oxWiKWIuIjYF7X64/ivhopHjp9GaaiYiiOw6frBYGP7g9tQPo4z6U7Wz0R6zVHoE5O8YGooirkeJnr56M2XLM8ld8POILZb4S8XKZn4lI5RvjfMRP93gf8WjqiyL+NVIsps00V50PuueVK19ufL59fbGntnteeeQ/Hw7TMT831aOImeqMv5ne+sUOAAAAAAAAAAAAAAAAAG+3wSji25Hij57+nWpdcVTr0t93afQ9z/9m75rxpx7wOmXtMxGxWtvfmtz+vHQ41cr/DqBj7Es9ivhGXv/3B0fdGAAAAAAAAAAAAAAAAAAAgHe1Ip6PFF85dTKtRe89xVvtG41rzZmFzl1hu/f+7d4zfWtra6uROjmWczrnas61nOs5N3JGLR+fcyzndM7VnGs513Nu5IwiH59zLOd0ztWcaznXc27kjL58fM6xnNM5V3Ou5VzPuZEzjsm9ewEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3klqUcTPI8W3vraZIkXEWMR0dHJ94KhbBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACU6qmIZyLF+vP16vFaLeJaRPx8a2ur+vqfra2tiM1y+2EddV8BAAAAAAAAAAAAAAAAAADg2EpFfCxSPPm/m6kREXeGXxt4/MTwpYunLowWUUQqS3rrn5u8drnx7OLNW0vzy8vzc42pdmt2cW5+v9+ufqXVvn1nanziQDrzQIMH3P7B+rOLt15cat346sqezw/VL88sryw1Z/d+OgajFjHdu2ekavDU+ETV6IVWs10dmmr3aWAtYmy/nQEAAAAAAAAAAAAAAAAAAODYGEpFfC5S/OQ/zqfuuvG+zpr/X+o8KrZrX/69nb8FsHBXdvX+/YD9bKf9NnSkWnjfmBqfmJjs2d3Xf29p2aaUingqUnzipQ9V6+FTDO25Nr6se29Zd/N8rhv+lbJudVdVfWRqfKJxdbF96vLCwuJsc6U5szDfmLzVnN33Hw4AAAAAAAAAAAAAAAAAAACANzGUivhRpPivv/231L3vfF7/39d51LP+/zeqJfSVetqd26q1/e+t1vZ3tt93aXToo0/fb/9BrP8v25RSEd+MFOd+9KHqfvrd9f/Td9WWdX8SKV5/+iO5rvZYWdfsdqfzitdbC/Ony9q/jBS/+ka3NqraG7n2yZ3aM2XtYKT4883dtV/NtR/YqT1b1p6MFN/7z71rP7hTe66s/Umk+Ie/aXRrh8ra3821J3Zqn5ldXJh70LCW8/+dSPHXV38rdft83/nv+fsPq3fltnvm/M233675H+7Zt5rn9Y/z/DcfMP8XIsV36h/JdZ2xn8nPP1H9f2f+PxEp/v1fdtdez7Xv36k9s99uHbVy/r8dKb77Fz/e7nOe/zyyOzPUO/+/3Lc7t98lRzT/T/TsG87tmv0Fx+LdaPnFr7/QXFiYX7Jhw4aN7Y2jPjNxGMrP/z+NFP93okjd65j8+f+ezqOd67///sbO5/+lu3LbEX3+v79n36V81dLfF1FfuXmr/6mI+vKLXz/Vutm8MX9jvn32zOlPf/rCmdNnLvQ/1r2429na99i9E5Tz/4NI8cO/++H27zG7r//2vv4fuiu3HdH8P9nbp13XNfseinelcv7/KlI88dkfb/+++WbX/93f/09+bHdu//wd0fx/oGffcG5X6xccCwAAAAAAAAAAgEfJUCrizyLFb//hr6fuGqL9/Pu/ubty2xH9+68TPfvmDmldw74HGQDgGCmv/z4YKf5x6/vba7l3X//Fr3Vre6//7uc43P8fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAedSmK+P1IMfTKZlofKB931K+02rfvTI1P7H3YYIoUtSiq+vKrfubsufOfunBxtJtXBg6zGx+O5yavXW48u3jz1tL88vL8XGOq3ZpdnJvf9ys87PF3G6kGsHHzhdtz168vN84+c27X03eGXxt4/MTwpYunLox2a6fGJyYme2r6+t/yd79Hus/+x6KI70eKN4ZfT98diKjFw4/FA947B22w6sRI1Ymp8YmqIwutZnulfDLVclUtotFz0Fh3jA5hLh7KWMRq2fyywSNl9yZvNZeaMwvzjS82l1ZaK63Fdqp1Wlv2pxG1GE0RaxGxscePZH8U8c1I8dLpzfRPAxFFdxw+eXXyS6fPPbg9tQPo4z6U7Wz0R6zVHoE5O8YGooi/jxQ/e/VkfG8goi86X/HxiC+U+UrEy2V+JiKVb4zzET891FM7B6kvijgfKRbTZnp1oDwfdM8rV77c+Hz7+mJPbfe88sh/PhymY35uqkcRP6jO+Jvpn/1cAwAAAAAAAAAAAAAAABwjRaxFiq+cOpmq9cHba4pb7RuNa82Zhc6yvu7av+6a6a2tra1G6uRYzumcqznXcq7n3MgZtXx8zrGc0zlXc67lXM+5kTOKfHzOsZzTOVdzruVcz7mRM/ry8TnHck7nXM25lnM950bOOCZr9wAAAAAAAAAAAAAAAAAAgHeWWhTVXdy/9bXNtDXQub/0dHRy3f1A3/H+PwAA//8YNXNU") r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f00000000c0)={0x43, 0x0, [{0xc0000000, 0x8, 0x1, 0x5, 0x9, 0x10001, 0x4}, {0x80000000, 0x1, 0x5, 0x12d6, 0x1ff, 0x9b6, 0xfa}]}) 152.390635ms ago: executing program 2 (id=514): r0 = socket$inet6(0xa, 0x3, 0x7) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000000c0)={@dev, 0x800, 0x0, 0x2000000000903, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x7fff, 0x4) setsockopt$inet6_int(r0, 0x29, 0x24, &(0x7f0000000500)=0x40, 0x4) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x380000, @loopback}, 0x1c) sendmmsg(r0, &(0x7f000000d6c0)=[{{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000340)="26e845c8bd1b81440635d9d750351d50e3e299417a0f59b13b51a29b1c0654dcc47495faabb8608a", 0x28}], 0x1, &(0x7f0000000600)=[{0x10, 0x119, 0x80000c}], 0x10}}], 0x1, 0x8010) 127.085405ms ago: executing program 4 (id=515): bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x13, 0x4, 0x0, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ff1000/0x2000)=nil, &(0x7f0000ff5000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r0 = io_uring_setup(0x524, &(0x7f0000000040)={0x0, 0x3cb1, 0x1c080, 0xa, 0x20002f7}) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c) io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0xf00) 0s ago: executing program 2 (id=516): r0 = openat$mice(0xffffffffffffff9c, &(0x7f0000000100), 0x41) ioctl$int_in(r0, 0x5452, &(0x7f0000000080)=0x8) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x7, 0x4, 0x6, 0xfffa}, 0x3d, [0x6, 0xc95a, 0xfffffff3, 0x8, 0x80, 0x2, 0x1, 0x7f, 0x6, 0x804a, 0xfffffff2, 0x5f, 0xa, 0x0, 0xffff2d37, 0x1dd2, 0x6, 0x7, 0x0, 0x80000001, 0x7, 0x7, 0x3, 0x3c5b, 0x1, 0x24, 0xffffffff, 0xfffffffe, 0x1f461e2c, 0x3, 0xe661, 0x4, 0x1000007, 0x3, 0x8001, 0x4c74, 0x8f00, 0x642, 0x3, 0xa, 0x0, 0x71, 0x7, 0x7, 0x103, 0x0, 0x5, 0x3d, 0x8f, 0x6, 0x1, 0x4, 0x5, 0x4, 0x5, 0x0, 0x80, 0x0, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0x10012, 0x12b, 0x8000, 0x10, 0xfffffff3, 0x129432e6, 0x3, 0xf9, 0xd, 0x2bf, 0x6c9, 0x1ff, 0xfffffffe, 0x3, 0x0, 0x7, 0x10000005, 0x2f, 0xe, 0x313, 0x78, 0xea4, 0xa, 0x4, 0x4, 0x80, 0x5, 0x400, 0x1, 0x6, 0x400001, 0xff, 0x1005, 0x7ff, 0x5f31, 0x4, 0xffffffff, 0x6, 0x1000004, 0x9, 0x4, 0x9, 0x8, 0x9, 0x7, 0x5, 0x0, 0x3, 0x8000, 0xffff, 0x2, 0x7f, 0x9, 0x8, 0x3, 0x4, 0x1, 0x7, 0x106, 0x9, 0x48c93690, 0x2, 0xff], [0x7, 0x1, 0x0, 0x64e, 0xfffffdfe, 0x7fffffff, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x86, 0x3, 0x10000009, 0x3e7, 0xb, 0x5, 0x2, 0x40002, 0xf, 0x8, 0x84, 0x6d01, 0x5, 0x3b, 0x3, 0x200, 0x80, 0x3, 0x4, 0x2, 0x0, 0xa2, 0x7, 0x53cf697b, 0x5, 0x4, 0x54fe12da, 0xbf, 0x5, 0x3, 0x400000, 0xfffffff9, 0x0, 0x1, 0x5, 0x0, 0x6, 0xfffffffb, 0x120000, 0x3, 0x6, 0x9, 0x4, 0x3], [0x9, 0xbb31, 0x3, 0xfffffffc, 0x5, 0x938, 0x6, 0x6, 0x51bf, 0x5, 0xce7, 0x1ff, 0x6, 0x7, 0x5, 0x3, 0x104, 0x80000000, 0x6, 0x7fff, 0x8ffff, 0xa620, 0x2, 0x5, 0x1, 0x2, 0x8000014c, 0x60a7, 0x6, 0x2, 0xffffffff, 0x80000003, 0x5, 0x8, 0xff, 0x3, 0x3, 0xffff, 0x3, 0x8, 0x100, 0x9602, 0xa, 0x2, 0x4, 0x6, 0x1, 0x10000, 0x5, 0x8, 0x2b91, 0xa1f, 0x8, 0x9, 0x1, 0x6c0b, 0x0, 0x2, 0x5, 0xb1c, 0x1, 0x200, 0xfff, 0xfff]}, 0x45c) r1 = syz_open_dev$evdev(&(0x7f0000000000), 0x3, 0x822b01) mount$fuse(0x0, 0x0, 0x0, 0x10001, &(0x7f0000000440)={{}, 0x2c, {'rootmode', 0x3d, 0x8000}}) write$char_usb(r1, &(0x7f0000000040)="e2", 0x918) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.254' (ED25519) to the list of known hosts. [ 62.413382][ T5758] cgroup: Unknown subsys name 'net' [ 62.547663][ T5758] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 63.905743][ T5758] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 65.293832][ T5775] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 65.303610][ T5781] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 65.311512][ T5783] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 65.319810][ T5783] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 65.328286][ T5783] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 65.336787][ T5783] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 65.344810][ T5783] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 65.352212][ T5783] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 65.360358][ T5783] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 65.369866][ T5779] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 65.379660][ T5779] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 65.385541][ T5782] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 65.387861][ T5780] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 65.396014][ T5781] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 65.413330][ T5780] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 65.414638][ T5781] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 65.428072][ T5781] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 65.438470][ T5781] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 65.445745][ T5781] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 65.456290][ T5780] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 65.463654][ T5780] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 65.463800][ T5781] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 65.478906][ T5781] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 65.487083][ T5775] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 65.835718][ T5770] chnl_net:caif_netlink_parms(): no params data found [ 65.894340][ T5773] chnl_net:caif_netlink_parms(): no params data found [ 65.928739][ T5771] chnl_net:caif_netlink_parms(): no params data found [ 66.029042][ T5770] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.036928][ T5770] bridge0: port 1(bridge_slave_0) entered disabled state [ 66.044481][ T5770] bridge_slave_0: entered allmulticast mode [ 66.051251][ T5770] bridge_slave_0: entered promiscuous mode [ 66.067719][ T5772] chnl_net:caif_netlink_parms(): no params data found [ 66.084836][ T5770] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.092631][ T5770] bridge0: port 2(bridge_slave_1) entered disabled state [ 66.099733][ T5770] bridge_slave_1: entered allmulticast mode [ 66.107150][ T5770] bridge_slave_1: entered promiscuous mode [ 66.200073][ T5770] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 66.212667][ T5773] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.219804][ T5773] bridge0: port 1(bridge_slave_0) entered disabled state [ 66.227800][ T5773] bridge_slave_0: entered allmulticast mode [ 66.234677][ T5773] bridge_slave_0: entered promiscuous mode [ 66.247894][ T5771] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.255038][ T5771] bridge0: port 1(bridge_slave_0) entered disabled state [ 66.262495][ T5771] bridge_slave_0: entered allmulticast mode [ 66.269122][ T5771] bridge_slave_0: entered promiscuous mode [ 66.277927][ T5770] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 66.297022][ T5773] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.306226][ T5773] bridge0: port 2(bridge_slave_1) entered disabled state [ 66.313600][ T5773] bridge_slave_1: entered allmulticast mode [ 66.320184][ T5773] bridge_slave_1: entered promiscuous mode [ 66.332845][ T5771] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.339938][ T5771] bridge0: port 2(bridge_slave_1) entered disabled state [ 66.347348][ T5771] bridge_slave_1: entered allmulticast mode [ 66.354013][ T5771] bridge_slave_1: entered promiscuous mode [ 66.415652][ T5770] team0: Port device team_slave_0 added [ 66.426398][ T5773] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 66.448029][ T5771] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 66.458669][ T5770] team0: Port device team_slave_1 added [ 66.467023][ T5773] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 66.483374][ T5772] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.490508][ T5772] bridge0: port 1(bridge_slave_0) entered disabled state [ 66.497795][ T5772] bridge_slave_0: entered allmulticast mode [ 66.504505][ T5772] bridge_slave_0: entered promiscuous mode [ 66.515582][ T5771] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 66.544100][ T5772] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.551206][ T5772] bridge0: port 2(bridge_slave_1) entered disabled state [ 66.558808][ T5772] bridge_slave_1: entered allmulticast mode [ 66.565585][ T5772] bridge_slave_1: entered promiscuous mode [ 66.597513][ T5773] team0: Port device team_slave_0 added [ 66.606613][ T5773] team0: Port device team_slave_1 added [ 66.636905][ T5770] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 66.644239][ T5770] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 66.670449][ T5770] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 66.684400][ T5772] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 66.697063][ T5772] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 66.708654][ T5771] team0: Port device team_slave_0 added [ 66.717405][ T5771] team0: Port device team_slave_1 added [ 66.733985][ T5773] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 66.740936][ T5773] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 66.767061][ T5773] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 66.779017][ T5770] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 66.786014][ T5770] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 66.812267][ T5770] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 66.858232][ T5773] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 66.865242][ T5773] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 66.891295][ T5773] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 66.919137][ T5772] team0: Port device team_slave_0 added [ 66.933060][ T5772] team0: Port device team_slave_1 added [ 66.945822][ T5771] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 66.952859][ T5771] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 66.979106][ T5771] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 66.999665][ T5771] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 67.006681][ T5771] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 67.032764][ T5771] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 67.070495][ T5773] hsr_slave_0: entered promiscuous mode [ 67.076755][ T5773] hsr_slave_1: entered promiscuous mode [ 67.114564][ T5770] hsr_slave_0: entered promiscuous mode [ 67.120822][ T5770] hsr_slave_1: entered promiscuous mode [ 67.127010][ T5770] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 67.134745][ T5770] Cannot create hsr debugfs directory [ 67.150653][ T5772] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 67.157822][ T5772] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 67.183925][ T5772] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 67.196142][ T5772] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 67.203343][ T5772] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 67.229304][ T5772] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 67.330240][ T5771] hsr_slave_0: entered promiscuous mode [ 67.336624][ T5771] hsr_slave_1: entered promiscuous mode [ 67.343426][ T5771] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 67.350982][ T5771] Cannot create hsr debugfs directory [ 67.405360][ T5772] hsr_slave_0: entered promiscuous mode [ 67.411671][ T5772] hsr_slave_1: entered promiscuous mode [ 67.417923][ T5772] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 67.425695][ T5772] Cannot create hsr debugfs directory [ 67.482953][ T51] Bluetooth: hci2: command tx timeout [ 67.488542][ T51] Bluetooth: hci0: command tx timeout [ 67.562161][ T51] Bluetooth: hci3: command tx timeout [ 67.572215][ T51] Bluetooth: hci1: command tx timeout [ 67.731024][ T5773] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 67.748791][ T5773] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 67.758242][ T5773] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 67.780930][ T5773] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 67.824635][ T5770] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 67.841150][ T5770] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 67.851022][ T5770] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 67.861229][ T5770] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 67.948753][ T5771] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 67.981270][ T5771] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 67.991058][ T5771] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 68.010671][ T5771] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 68.066793][ T5772] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 68.091740][ T5772] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 68.111834][ T5772] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 68.122512][ T5772] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 68.157779][ T5773] 8021q: adding VLAN 0 to HW filter on device bond0 [ 68.197382][ T5773] 8021q: adding VLAN 0 to HW filter on device team0 [ 68.227861][ T5770] 8021q: adding VLAN 0 to HW filter on device bond0 [ 68.237785][ T48] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.245024][ T48] bridge0: port 1(bridge_slave_0) entered forwarding state [ 68.271940][ T48] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.279029][ T48] bridge0: port 2(bridge_slave_1) entered forwarding state [ 68.337181][ T5771] 8021q: adding VLAN 0 to HW filter on device bond0 [ 68.355966][ T5770] 8021q: adding VLAN 0 to HW filter on device team0 [ 68.383251][ T1295] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.390318][ T1295] bridge0: port 1(bridge_slave_0) entered forwarding state [ 68.421671][ T5771] 8021q: adding VLAN 0 to HW filter on device team0 [ 68.441463][ T5772] 8021q: adding VLAN 0 to HW filter on device bond0 [ 68.451048][ T3460] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.458190][ T3460] bridge0: port 2(bridge_slave_1) entered forwarding state [ 68.504375][ T3460] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.511480][ T3460] bridge0: port 1(bridge_slave_0) entered forwarding state [ 68.546570][ T5772] 8021q: adding VLAN 0 to HW filter on device team0 [ 68.570303][ T3460] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.577459][ T3460] bridge0: port 1(bridge_slave_0) entered forwarding state [ 68.587861][ T3460] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.594949][ T3460] bridge0: port 2(bridge_slave_1) entered forwarding state [ 68.620914][ T3460] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.628072][ T3460] bridge0: port 2(bridge_slave_1) entered forwarding state [ 68.829161][ T5773] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 68.921310][ T5773] veth0_vlan: entered promiscuous mode [ 68.948539][ T5773] veth1_vlan: entered promiscuous mode [ 69.028776][ T5773] veth0_macvtap: entered promiscuous mode [ 69.062858][ T5772] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 69.075286][ T5773] veth1_macvtap: entered promiscuous mode [ 69.165302][ T5773] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 69.198424][ T5773] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 69.224724][ T5773] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.234075][ T5773] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.244712][ T5773] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.253526][ T5773] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.309234][ T5771] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 69.349212][ T5772] veth0_vlan: entered promiscuous mode [ 69.369486][ T5770] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 69.380328][ T5772] veth1_vlan: entered promiscuous mode [ 69.416513][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 69.438208][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 69.515792][ T5772] veth0_macvtap: entered promiscuous mode [ 69.525999][ T5772] veth1_macvtap: entered promiscuous mode [ 69.535073][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 69.553302][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 69.562356][ T5775] Bluetooth: hci2: command tx timeout [ 69.567796][ T51] Bluetooth: hci0: command tx timeout [ 69.580850][ T5770] veth0_vlan: entered promiscuous mode [ 69.603287][ T5771] veth0_vlan: entered promiscuous mode [ 69.626527][ T5772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 69.640466][ T5772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 69.642663][ T51] Bluetooth: hci1: command tx timeout [ 69.655384][ T5772] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 69.659597][ T5775] Bluetooth: hci3: command tx timeout [ 69.674987][ T5772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 69.685983][ T5772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 69.706357][ T5772] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 69.728463][ T5770] veth1_vlan: entered promiscuous mode [ 69.744045][ T5771] veth1_vlan: entered promiscuous mode [ 69.792973][ T5772] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.801673][ T5772] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.824617][ T5772] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.834644][ T5772] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.867346][ T5770] veth0_macvtap: entered promiscuous mode [ 69.881616][ T5770] veth1_macvtap: entered promiscuous mode [ 69.958753][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 69.978089][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 69.992890][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 70.008478][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 70.019839][ T5770] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 70.041779][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 70.063240][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 70.077290][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 70.087967][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 70.103912][ T5770] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 70.117334][ T5770] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.127908][ T5770] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.137581][ T5770] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.146413][ T5770] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.170444][ T5771] veth0_macvtap: entered promiscuous mode [ 70.187740][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 70.196680][ T5771] veth1_macvtap: entered promiscuous mode [ 70.203266][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 70.256867][ T48] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 70.259847][ T5771] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 70.275734][ T48] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 70.284375][ T5771] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 70.294929][ T5771] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 70.305677][ T5771] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 70.315802][ T5771] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 70.327583][ T5771] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 70.339385][ T5771] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 70.370058][ T5771] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 70.380709][ T5771] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 70.394274][ T5771] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 70.404938][ T5771] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 70.414875][ T5771] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 70.425476][ T5771] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 70.437466][ T5771] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 70.488434][ T5771] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.508902][ T5771] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.518647][ T5771] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.527604][ T5771] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.575030][ T60] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 70.594874][ T60] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 70.632215][ T60] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 70.641290][ T60] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 70.739054][ T79] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 70.775155][ T79] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 70.837858][ T1295] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 70.872523][ T5836] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 70.892238][ T1295] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 71.079256][ T5853] syz.2.3[5853]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 71.096655][ T5853] loop2: detected capacity change from 0 to 256 [ 71.104601][ T5836] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 71.138169][ T5836] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 71.161699][ T5853] FAT-fs (loop2): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 71.177113][ T5836] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 71.189199][ T5853] FAT-fs (loop2): Filesystem has been set read-only [ 71.207427][ T5836] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 71.232307][ T5836] usb 2-1: SerialNumber: syz [ 71.409047][ T1280] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.415857][ T1280] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.438708][ T5859] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 71.489999][ T5836] usb 2-1: 0:2 : does not exist [ 71.547168][ T5836] usb 2-1: USB disconnect, device number 2 [ 71.588935][ T5763] udevd[5763]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 71.642383][ T51] Bluetooth: hci0: command tx timeout [ 71.642394][ T5775] Bluetooth: hci2: command tx timeout [ 71.722868][ T5775] Bluetooth: hci1: command tx timeout [ 71.723107][ T51] Bluetooth: hci3: command tx timeout [ 71.816588][ T5865] syz.0.11[5865] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 71.816786][ T5865] syz.0.11[5865] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 71.828825][ T5812] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 71.980547][ T5869] loop0: detected capacity change from 0 to 512 [ 71.992802][ T5869] EXT4-fs (loop0): invalid journal inode [ 71.998524][ T5869] EXT4-fs (loop0): can't get journal size [ 72.013206][ T5869] EXT4-fs (loop0): 1 truncate cleaned up [ 72.020351][ T5869] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 72.023135][ T5812] usb 3-1: Using ep0 maxpacket: 16 [ 72.086778][ T5812] usb 3-1: config index 0 descriptor too short (expected 37359, got 202) [ 72.128647][ T5812] usb 3-1: config 33 has too many interfaces: 95, using maximum allowed: 32 [ 72.162634][ T5812] usb 3-1: config 33 has an invalid descriptor of length 0, skipping remainder of the config [ 72.214115][ T5812] usb 3-1: config 33 has 1 interface, different from the descriptor's value: 95 [ 72.246261][ T5812] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 72.250003][ T5875] warning: `syz.1.15' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 72.274798][ T5812] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 72.281557][ T5770] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 72.299190][ T5812] usb 3-1: Product: syz [ 72.303761][ T5812] usb 3-1: Manufacturer: syz [ 72.308517][ T5812] usb 3-1: SerialNumber: syz [ 72.451158][ T5880] loop0: detected capacity change from 0 to 128 [ 72.491502][ T5880] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 72.550036][ T5812] usb 3-1: 0:2 : does not exist [ 72.570098][ T5812] usb 3-1: 5:0: failed to get current value for ch 0 (-22) [ 72.653829][ T5812] usb 3-1: USB disconnect, device number 2 [ 72.665374][ T79] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 72.774759][ T5763] udevd[5763]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:33.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 73.450613][ T5893] syz.2.21[5893] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 73.450866][ T5893] syz.2.21[5893] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 73.599255][ T5895] netlink: 12 bytes leftover after parsing attributes in process `syz.3.22'. [ 73.612954][ T5890] loop0: detected capacity change from 0 to 40427 [ 73.651573][ T5890] F2FS-fs (loop0): invalid crc value [ 73.662838][ T5897] Bluetooth: MGMT ver 1.22 [ 73.725229][ T51] Bluetooth: hci0: command tx timeout [ 73.725799][ T5775] Bluetooth: hci2: command tx timeout [ 73.802316][ T5775] Bluetooth: hci1: command tx timeout [ 73.803609][ T51] Bluetooth: hci3: command tx timeout [ 73.838884][ T5890] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 73.976664][ T5903] loop2: detected capacity change from 0 to 512 [ 73.992441][ T5903] EXT4-fs (loop2): invalid journal inode [ 73.998239][ T5903] EXT4-fs (loop2): can't get journal size [ 74.006635][ T27] audit: type=1804 audit(1779893190.103:2): pid=5904 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.20" name="/newroot/7/bus/bus" dev="loop0" ino=10 res=1 errno=0 [ 74.039819][ T5903] EXT4-fs (loop2): 1 truncate cleaned up [ 74.047022][ T5906] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 74.071587][ T5903] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 74.197149][ T5911] loop1: detected capacity change from 0 to 2048 [ 74.248673][ T5911] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 74.261317][ T5771] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 74.431940][ T5810] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 74.475869][ T5770] syz-executor: attempt to access beyond end of device [ 74.475869][ T5770] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 74.504696][ T5770] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 74.590094][ T5916] netlink: 'syz.2.29': attribute type 1 has an invalid length. [ 74.652261][ T5810] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 74.672408][ T5810] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 74.697427][ T5810] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 74.730980][ T5810] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 74.763028][ T5810] usb 4-1: SerialNumber: syz [ 75.016986][ T5810] usb 4-1: 0:2 : does not exist [ 75.052857][ T5810] usb 4-1: USB disconnect, device number 2 [ 75.281970][ T28] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 75.321487][ T27] audit: type=1326 audit(1779893191.433:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5932 comm="syz.1.36" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fea5dd9ce59 code=0x0 [ 75.482681][ T28] usb 1-1: Using ep0 maxpacket: 16 [ 75.489144][ T28] usb 1-1: config index 0 descriptor too short (expected 37359, got 202) [ 75.498091][ T28] usb 1-1: config 33 has too many interfaces: 95, using maximum allowed: 32 [ 75.506827][ T28] usb 1-1: config 33 has an invalid descriptor of length 0, skipping remainder of the config [ 75.517050][ T28] usb 1-1: config 33 has 1 interface, different from the descriptor's value: 95 [ 75.528355][ T28] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 75.537474][ T28] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 75.546018][ T28] usb 1-1: Product: syz [ 75.550182][ T28] usb 1-1: Manufacturer: syz [ 75.554805][ T28] usb 1-1: SerialNumber: syz [ 75.631134][ T5936] loop3: detected capacity change from 0 to 512 [ 75.649933][ T5936] EXT4-fs (loop3): invalid journal inode [ 75.661569][ T5936] EXT4-fs (loop3): can't get journal size [ 75.670448][ T5936] EXT4-fs (loop3): 1 truncate cleaned up [ 75.693064][ T5936] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 75.768518][ T5773] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 75.794009][ T28] usb 1-1: 0:2 : does not exist [ 75.808489][ T28] usb 1-1: 5:0: failed to get current value for ch 0 (-22) [ 75.853723][ T28] usb 1-1: USB disconnect, device number 2 [ 75.901114][ T5763] udevd[5763]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:33.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 76.227856][ T5939] loop3: detected capacity change from 0 to 40427 [ 76.258332][ T5939] F2FS-fs (loop3): invalid crc value [ 76.325797][ T5939] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 76.381089][ T27] audit: type=1804 audit(1779893192.493:4): pid=5939 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.38" name="/newroot/8/bus/bus" dev="loop3" ino=10 res=1 errno=0 [ 76.690982][ T5952] capability: warning: `syz.0.42' uses 32-bit capabilities (legacy support in use) [ 77.067097][ T5773] syz-executor: attempt to access beyond end of device [ 77.067097][ T5773] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 77.093702][ T5773] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 77.417065][ T5978] tls_set_device_offload: netdev not found [ 77.900614][ T5989] loop2: detected capacity change from 0 to 512 [ 77.942841][ T5989] ======================================================= [ 77.942841][ T5989] WARNING: The mand mount option has been deprecated and [ 77.942841][ T5989] and is ignored by this kernel. Remove the mand [ 77.942841][ T5989] option from the mount to silence this warning. [ 77.942841][ T5989] ======================================================= [ 78.080551][ T5989] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 78.100182][ T5989] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 78.144391][ T5989] EXT4-fs (loop2): 1 truncate cleaned up [ 78.151519][ T5989] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 78.195381][ T27] audit: type=1800 audit(1779893194.313:5): pid=5989 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.53" name="file1" dev="loop2" ino=15 res=0 errno=0 [ 78.252062][ T27] audit: type=1800 audit(1779893194.333:6): pid=5989 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.53" name="file1" dev="loop2" ino=15 res=0 errno=0 [ 78.999195][ T5771] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 79.036012][ T5998] loop1: detected capacity change from 0 to 40427 [ 79.056714][ T6020] loop3: detected capacity change from 0 to 512 [ 79.109029][ T5998] F2FS-fs (loop1): invalid crc value [ 79.175888][ T6025] netlink: 36 bytes leftover after parsing attributes in process `syz.2.64'. [ 79.764205][ T5998] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 79.860911][ T27] audit: type=1804 audit(1779893195.973:7): pid=5998 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.57" name="/newroot/14/bus/bus" dev="loop1" ino=10 res=1 errno=0 [ 79.896848][ T8] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 79.912598][ T28] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 79.915501][ T8] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz1] on syz0 [ 80.061950][ T5812] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 80.111997][ T28] usb 1-1: Using ep0 maxpacket: 8 [ 80.123966][ T28] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 80.134457][ T28] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 80.144475][ T28] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 80.155534][ T28] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 80.170178][ T28] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 80.182017][ T5810] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 80.184775][ T28] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 80.219395][ T5772] syz-executor: attempt to access beyond end of device [ 80.219395][ T5772] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 80.234511][ T5772] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 80.252021][ T5812] usb 3-1: Using ep0 maxpacket: 8 [ 80.258970][ T5812] usb 3-1: config index 0 descriptor too short (expected 74, got 45) [ 80.271090][ T5812] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 1536, setting to 1024 [ 80.287989][ T5812] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 80.298932][ T5812] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 30768, setting to 1024 [ 80.315721][ T5812] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 80.327301][ T5812] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 80.340626][ T5812] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 80.349958][ T5812] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 80.376867][ T5810] usb 4-1: config 0 has no interfaces? [ 80.389526][ T5810] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 80.415819][ T5810] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 80.428176][ T28] usb 1-1: GET_CAPABILITIES returned 0 [ 80.431907][ T5810] usb 4-1: SerialNumber: syz [ 80.437668][ T28] usbtmc 1-1:16.0: can't read capabilities [ 80.460732][ T5810] usb 4-1: config 0 descriptor?? [ 80.614416][ T5812] usb 3-1: usb_control_msg returned -32 [ 80.620047][ T5812] usbtmc 3-1:16.0: can't read capabilities [ 80.654732][ C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 80.667994][ T5812] usb 1-1: USB disconnect, device number 3 [ 80.810971][ T27] audit: type=1326 audit(1779893196.923:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6080 comm="syz.1.71" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fea5dd9ce59 code=0x0 [ 81.301598][ T6088] loop0: detected capacity change from 0 to 512 [ 81.315382][ T6088] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 81.343505][ T6088] EXT4-fs (loop0): 1 truncate cleaned up [ 81.350247][ T6088] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 81.383834][ T27] audit: type=1800 audit(1779893197.493:9): pid=6088 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.73" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 81.408098][ T27] audit: type=1800 audit(1779893197.493:10): pid=6088 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.73" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 81.428282][ C1] vkms_vblank_simulate: vblank timer overrun [ 81.679464][ T9] cfg80211: failed to load regulatory.db [ 81.748613][ T5770] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 82.790507][ T9] usb 3-1: USB disconnect, device number 3 [ 82.866646][ T6102] loop0: detected capacity change from 0 to 16 [ 82.899235][ T6102] erofs: (device loop0): mounted with root inode @ nid 36. [ 82.911517][ T5812] usb 4-1: USB disconnect, device number 3 [ 83.192321][ T5830] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 83.411967][ T5830] usb 2-1: Using ep0 maxpacket: 16 [ 83.429093][ T5830] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 108, changing to 10 [ 83.465077][ T5830] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid maxpacket 26229, setting to 1024 [ 83.493823][ T5830] usb 2-1: config 0 interface 0 has no altsetting 0 [ 83.500715][ T5830] usb 2-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 83.510195][ T5830] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 83.518083][ T6106] loop2: detected capacity change from 0 to 40427 [ 83.537641][ T5830] usb 2-1: config 0 descriptor?? [ 83.545486][ T6105] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 83.558515][ T6106] F2FS-fs (loop2): invalid crc value [ 83.761446][ T6105] loop1: detected capacity change from 0 to 256 [ 83.823267][ T6106] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 83.998241][ T27] audit: type=1804 audit(1779893200.113:11): pid=6106 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.77" name="/newroot/18/bus/bus" dev="loop2" ino=10 res=1 errno=0 [ 84.035794][ T5830] hid (null): bogus close delimiter [ 84.071393][ T5830] hid (null): unknown global tag 0xd [ 84.077078][ T5830] hid (null): unknown global tag 0xe [ 84.089305][ T5830] hid (null): invalid report_size -63607042 [ 84.099497][ T5830] hid (null): bogus close delimiter [ 84.262371][ T5812] usb 2-1: USB disconnect, device number 3 [ 84.453051][ T5771] syz-executor: attempt to access beyond end of device [ 84.453051][ T5771] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 84.479277][ T5771] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 85.565507][ T6175] netlink: 'syz.0.107': attribute type 12 has an invalid length. [ 85.591199][ T6175] netlink: 4 bytes leftover after parsing attributes in process `syz.0.107'. [ 85.626348][ T6175] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 85.635542][ T6175] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 85.644574][ T6175] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 85.653340][ T6175] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 85.710987][ T6182] loop2: detected capacity change from 0 to 128 [ 85.712700][ T6175] netlink: 'syz.0.107': attribute type 12 has an invalid length. [ 85.747361][ T6182] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 85.757014][ T6175] netlink: 4 bytes leftover after parsing attributes in process `syz.0.107'. [ 85.766625][ T6182] hpfs: filesystem error: improperly stopped [ 85.778866][ T6182] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 85.787113][ T6175] Zero length message leads to an empty skb [ 85.787321][ T6180] netlink: 16 bytes leftover after parsing attributes in process `syz.3.109'. [ 85.811449][ T6182] hpfs: You really don't want any checks? You are crazy... [ 85.820955][ T6182] hpfs: Code page index out of array [ 85.833741][ T6182] hpfs: code page support is disabled [ 85.857103][ T6166] loop1: detected capacity change from 0 to 32768 [ 85.860258][ T6182] hpfs: hpfs_map_4sectors(): unaligned read [ 85.887498][ T6182] hpfs: hpfs_map_4sectors(): unaligned read [ 85.894953][ T6166] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by syz.1.103 (6166) [ 85.923592][ T6182] hpfs: filesystem error: unable to find root dir [ 85.972617][ T6166] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 86.007517][ T6166] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 86.025374][ T6166] BTRFS info (device loop1): enabling auto defrag [ 86.033734][ T6166] BTRFS info (device loop1): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 86.056848][ T6166] BTRFS info (device loop1): use zstd compression, level 3 [ 86.071433][ T6166] BTRFS info (device loop1): turning on async discard [ 86.078810][ T6166] BTRFS warning (device loop1): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 86.090514][ T6166] BTRFS info (device loop1): trying to use backup root at mount time [ 86.109618][ T6166] BTRFS info (device loop1): force clearing of disk cache [ 86.142598][ T6166] BTRFS info (device loop1): force zlib compression, level 3 [ 86.170335][ T6166] BTRFS info (device loop1): using free space tree [ 86.270447][ T6047] BTRFS warning (device loop1): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0xc926492d level 0 [ 86.319446][ T6166] BTRFS error (device loop1): failed to load root extent [ 86.339954][ T6166] BTRFS warning (device loop1): try to load backup roots slot 1 [ 86.367548][ T6051] BTRFS warning (device loop1): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x80379423 level 0 [ 86.421789][ T6166] BTRFS warning (device loop1): couldn't read tree root [ 86.450370][ T6166] BTRFS warning (device loop1): try to load backup roots slot 2 [ 86.483118][ T6051] BTRFS error (device loop1): level verify failed on logical 5255168 mirror 1 wanted 0 found 1 [ 86.527474][ T6166] BTRFS warning (device loop1): couldn't read tree root [ 86.556961][ T6166] BTRFS warning (device loop1): try to load backup roots slot 3 [ 86.652428][ T6166] BTRFS info (device loop1): enabling ssd optimizations [ 86.685082][ T6166] BTRFS info (device loop1): rebuilding free space tree [ 86.818036][ T6166] BTRFS info (device loop1): checking UUID tree [ 87.159444][ T5772] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 87.230554][ T6242] loop2: detected capacity change from 0 to 2048 [ 87.293050][ T6242] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 87.792763][ T6255] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 88.587557][ T6291] loop1: detected capacity change from 0 to 256 [ 88.679729][ T6291] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xd509bb81, utbl_chksum : 0xe619d30d) [ 88.929775][ T6300] process 'syz.0.153' launched './file0' with NULL argv: empty string added [ 89.265064][ T6294] loop2: detected capacity change from 0 to 32768 [ 89.319035][ T6294] non-latin1 character 0xffff found in JFS file name [ 89.342088][ T6294] mount with iocharset=utf8 to access [ 89.347933][ T6294] jfs_dirty_inode called on read-only volume [ 89.364893][ T6294] Is remount racy? [ 89.538810][ T6315] input: syz1 as /devices/virtual/input/input6 [ 89.558608][ T6313] loop0: detected capacity change from 0 to 1024 [ 89.742825][ T6308] loop1: detected capacity change from 0 to 32768 [ 89.762431][ T6308] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by syz.1.155 (6308) [ 89.828410][ T6308] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 89.866763][ T6308] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 89.890681][ T6308] BTRFS info (device loop1): setting nodatasum [ 89.899095][ T6308] BTRFS info (device loop1): force zlib compression, level 3 [ 89.907060][ T6308] BTRFS info (device loop1): setting incompat feature flag for COMPRESS_LZO (0x8) [ 89.916639][ T6308] BTRFS info (device loop1): use lzo compression, level 0 [ 89.926526][ T6308] BTRFS info (device loop1): turning on flush-on-commit [ 89.941894][ T6308] BTRFS info (device loop1): enabling auto defrag [ 89.958544][ T6308] BTRFS info (device loop1): max_inline at 4096 [ 89.980725][ T6308] BTRFS info (device loop1): using free space tree [ 90.129319][ T6308] BTRFS info (device loop1): enabling ssd optimizations [ 90.228128][ T27] audit: type=1800 audit(1779893206.343:12): pid=6308 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.155" name="file1" dev="loop1" ino=260 res=0 errno=0 [ 90.271670][ T27] audit: type=1800 audit(1779893206.383:13): pid=6308 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.155" name="file1" dev="loop1" ino=260 res=0 errno=0 [ 90.620983][ T5772] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 90.632003][ T6352] input: syz1 as /devices/virtual/input/input7 [ 90.952982][ T6357] bond0: (slave bridge_slave_1): Error: Device is in use and cannot be enslaved [ 91.230597][ T6369] loop2: detected capacity change from 0 to 16 [ 91.236965][ T6275] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 91.246166][ T6371] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 91.256550][ T6371] syz_tun: entered promiscuous mode [ 91.287894][ T6369] erofs: (device loop2): erofs_superblock_csum_verify: invalid checksum 0x3f3bd8e3, 0x7bbbea8c expected [ 91.303584][ T5763] udevd[5763]: incorrect erofs checksum on /dev/loop2 [ 91.337948][ T6371] syz_tun: left promiscuous mode [ 91.608966][ T6380] loop0: detected capacity change from 0 to 1024 [ 91.650162][ T6380] EXT4-fs (loop0): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 91.667058][ T6380] ext4 filesystem being mounted at /58/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 91.713604][ T5770] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 91.732273][ T5812] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 91.939991][ T5812] usb 4-1: config index 0 descriptor too short (expected 45, got 36) [ 91.958971][ T5812] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 91.996254][ T5812] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 92.031989][ T5812] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 92.060920][ T5812] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 92.074024][ T5812] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 92.085080][ T5812] usb 4-1: config 0 descriptor?? [ 92.380251][ T6412] loop0: detected capacity change from 0 to 1024 [ 92.424563][ T6412] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 92.502124][ T5812] plantronics 0003:047F:FFFF.0003: unknown main item tag 0xd [ 92.517103][ T5812] plantronics 0003:047F:FFFF.0003: No inputs registered, leaving [ 92.526775][ T5770] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 92.538297][ T5812] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 92.642087][ T5760] usb 3-1: new full-speed USB device number 4 using dummy_hcd [ 92.716170][ T6376] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 92.730222][ T6376] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 92.804583][ T6426] loop0: detected capacity change from 0 to 128 [ 92.830359][ T6426] syz.0.195 uses obsolete (PF_INET,SOCK_PACKET) [ 92.833702][ T5812] usb 4-1: USB disconnect, device number 4 [ 92.846794][ T5760] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 92.874476][ T5760] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 92.930148][ T5760] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 92.960876][ T5760] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 93.189237][ T5760] usb 3-1: usb_control_msg returned -32 [ 93.195127][ T5760] usbtmc 3-1:16.0: can't read capabilities [ 93.416885][ T9] usb 3-1: USB disconnect, device number 4 [ 93.700625][ T6454] netlink: 8 bytes leftover after parsing attributes in process `syz.0.207'. [ 93.977947][ T6464] 9pnet: p9_errstr2errno: server reported unknown error 00000000000000000005 [ 93.992896][ T9] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 94.098399][ T6468] netlink: 24 bytes leftover after parsing attributes in process `syz.2.213'. [ 94.189449][ T9] usb 4-1: unable to get BOS descriptor or descriptor too short [ 94.211504][ T9] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 64, changing to 7 [ 94.227633][ T9] usb 4-1: New USB device found, idVendor=0582, idProduct=004c, bcdDevice= 0.40 [ 94.237194][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 94.245556][ T9] usb 4-1: Product: syz [ 94.250316][ T9] usb 4-1: Manufacturer: syz [ 94.255239][ T9] usb 4-1: SerialNumber: syz [ 94.299135][ T6472] bond1: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 94.320532][ T6472] bond1: (slave lo): Enslaving as an active interface with an up link [ 94.337049][ T6472] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check. [ 94.430267][ T6475] loop2: detected capacity change from 0 to 64 [ 94.479015][ T9] usb 4-1: 1:1 : UAC_AS_GENERAL descriptor not found [ 94.949335][ T27] audit: type=1326 audit(1779893211.063:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6488 comm="syz.0.222" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f461399ce59 code=0x7ffc0000 [ 94.979900][ T27] audit: type=1326 audit(1779893211.063:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6488 comm="syz.0.222" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f461399ce59 code=0x7ffc0000 [ 95.065458][ T27] audit: type=1326 audit(1779893211.063:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6488 comm="syz.0.222" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f461399ce59 code=0x7ffc0000 [ 95.108199][ T6495] loop0: detected capacity change from 0 to 128 [ 95.129218][ T27] audit: type=1326 audit(1779893211.063:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6488 comm="syz.0.222" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f461399ce59 code=0x7ffc0000 [ 95.154722][ T27] audit: type=1326 audit(1779893211.063:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6488 comm="syz.0.222" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7f461399ce59 code=0x7ffc0000 [ 95.188422][ T27] audit: type=1326 audit(1779893211.063:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6488 comm="syz.0.222" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f461399ce59 code=0x7ffc0000 [ 95.201179][ T6495] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 95.239378][ T27] audit: type=1326 audit(1779893211.063:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6488 comm="syz.0.222" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f461399ce59 code=0x7ffc0000 [ 95.251293][ T6495] hpfs: filesystem error: improperly stopped [ 95.264659][ T27] audit: type=1326 audit(1779893211.063:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6488 comm="syz.0.222" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f461399ce59 code=0x7ffc0000 [ 95.297925][ T9] usb 4-1: failed to enable PITCH for EP 0x82 [ 95.298421][ T27] audit: type=1326 audit(1779893211.063:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6488 comm="syz.0.222" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=293 compat=0 ip=0x7f461399ce59 code=0x7ffc0000 [ 95.305707][ T6495] [ 95.331354][ T6499] i2c i2c-0: Frontend requested software zigzag, but didn't set the frequency step size [ 95.352019][ T27] audit: type=1326 audit(1779893211.063:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6488 comm="syz.0.222" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f461399ce59 code=0x7ffc0000 [ 95.352072][ T9] usb 4-1: uac_clock_source_is_valid(): cannot get clock validity for id 0 [ 95.396938][ T6495] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 95.404932][ T27] audit: type=1326 audit(1779893211.063:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6488 comm="syz.0.222" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f461399ce59 code=0x7ffc0000 [ 95.404973][ T27] audit: type=1326 audit(1779893211.063:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6488 comm="syz.0.222" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f461399ce59 code=0x7ffc0000 [ 95.405009][ T27] audit: type=1326 audit(1779893211.063:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6488 comm="syz.0.222" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=201 compat=0 ip=0x7f461399ce59 code=0x7ffc0000 [ 95.405045][ T27] audit: type=1326 audit(1779893211.063:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6488 comm="syz.0.222" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f461399ce59 code=0x7ffc0000 [ 95.405080][ T27] audit: type=1326 audit(1779893211.063:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6488 comm="syz.0.222" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f461399ce59 code=0x7ffc0000 [ 95.405154][ T27] audit: type=1326 audit(1779893211.063:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6488 comm="syz.0.222" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f461399ce59 code=0x7ffc0000 [ 95.429802][ T9] usb 4-1: clock source 0 is not valid, cannot use [ 95.429970][ T6495] hpfs: You really don't want any checks? You are crazy... [ 95.501358][ C0] vkms_vblank_simulate: vblank timer overrun [ 95.549836][ C0] vkms_vblank_simulate: vblank timer overrun [ 95.576413][ T9] usb 4-1: 2:1: cannot get freq (v2/v3): err -71 [ 95.586587][ T6495] hpfs: Code page index out of array [ 95.592114][ T9] usb 4-1: uac_clock_source_is_valid(): cannot get clock validity for id 0 [ 95.605349][ T6495] hpfs: code page support is disabled [ 95.607926][ T6502] loop1: detected capacity change from 0 to 512 [ 95.615327][ T6495] hpfs: hpfs_map_4sectors(): unaligned read [ 95.641718][ T6495] hpfs: hpfs_map_4sectors(): unaligned read [ 95.656514][ T6495] hpfs: filesystem error: unable to find root dir [ 95.679643][ T9] usb 4-1: USB disconnect, device number 5 [ 95.730196][ T6502] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 95.776098][ T6502] ext4 filesystem being mounted at /42/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 95.841685][ T5764] udevd[5764]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 95.892571][ T5772] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 95.946549][ T6512] loop0: detected capacity change from 0 to 128 [ 96.008560][ T6512] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 96.104277][ T6512] ext4 filesystem being mounted at /77/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 96.368380][ T5770] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 96.427992][ T6528] netlink: 4 bytes leftover after parsing attributes in process `syz.1.236'. [ 96.515372][ T6530] Bluetooth: hci0: invalid len left 7, exp >= 258 [ 97.271943][ T5830] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 97.473878][ T5830] usb 3-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36 [ 97.484682][ T5830] usb 3-1: New USB device strings: Mfr=241, Product=2, SerialNumber=3 [ 97.493458][ T5830] usb 3-1: Product: syz [ 97.497729][ T5830] usb 3-1: Manufacturer: syz [ 97.507161][ T5830] usb 3-1: SerialNumber: syz [ 97.514493][ T5830] usb 3-1: config 0 descriptor?? [ 97.529116][ T5830] ch341 3-1:0.0: ch341-uart converter detected [ 97.906809][ T6557] loop0: detected capacity change from 0 to 512 [ 97.925966][ T6557] EXT4-fs: Ignoring removed orlov option [ 97.965290][ T6557] EXT4-fs: Ignoring removed mblk_io_submit option [ 98.119310][ T6557] EXT4-fs error (device loop0): ext4_iget_extra_inode:4739: inode #15: comm syz.0.248: corrupted in-inode xattr: e_value size too large [ 98.195248][ T6557] EXT4-fs error (device loop0): ext4_orphan_get:1409: comm syz.0.248: couldn't read orphan inode 15 (err -117) [ 98.233533][ T6557] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 98.470505][ T5770] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 98.571856][ C1] sched: RT throttling activated [ 98.601377][ T6555] loop3: detected capacity change from 0 to 131072 [ 98.614918][ T6555] F2FS-fs (loop3): invalid crc value [ 98.631325][ T6555] F2FS-fs (loop3): Found nat_bits in checkpoint [ 98.688899][ T6555] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4 [ 98.725725][ T6555] F2FS-fs (loop3): Stopped filesystem due to reason: 0 [ 98.838844][ T5830] ch341-uart ttyUSB0: break control not supported, using simulated break [ 98.877898][ T5830] usb 3-1: ch341-uart converter now attached to ttyUSB0 [ 98.909795][ T5830] usb 3-1: USB disconnect, device number 5 [ 98.953596][ T5830] ch341-uart ttyUSB0: ch341-uart converter now disconnected from ttyUSB0 [ 98.998800][ T5830] ch341 3-1:0.0: device disconnected [ 99.140480][ T6559] loop1: detected capacity change from 0 to 32768 [ 99.252803][ T6559] XFS (loop1): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 99.397602][ T6559] XFS (loop1): Ending clean mount [ 99.428711][ T5830] XFS (loop1): Metadata CRC error detected at xfs_inobt_read_verify+0x42/0xd0, xfs_finobt block 0x10 [ 99.480216][ T5830] XFS (loop1): Unmount and run xfs_repair [ 99.487578][ T28] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 99.511915][ T5830] XFS (loop1): First 128 bytes of corrupted metadata buffer: [ 99.533974][ T5830] 00000000: 46 49 42 33 00 00 00 01 ff ff ff ff ff ff ff ff FIB3............ [ 99.551947][ T5830] 00000010: 00 00 00 00 00 00 00 10 00 00 00 01 00 00 00 10 ................ [ 99.580958][ T5830] 00000020: d7 dc 42 4e 79 90 42 cb 9f 91 9c b7 20 0a 10 1d ..BNy.B..... ... [ 99.602414][ T5830] 00000030: 00 00 00 00 0f 8d d2 a2 00 00 18 00 00 00 40 37 ..............@7 [ 99.631914][ T5830] 00000040: ff ff ff ff ff ff fe 00 00 00 00 00 00 00 00 00 ................ [ 99.650976][ T5830] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 99.666336][ T5830] 00000060: 00 00 00 00 00 f0 00 00 00 00 00 00 00 00 00 00 ................ [ 99.678433][ T5830] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 99.709060][ T6559] XFS (loop1): metadata I/O error in "xfs_btree_read_buf_block+0x1df/0x2e0" at daddr 0x10 len 4 error 74 [ 99.723156][ T6559] XFS (loop1): Failed to initialize disk quotas. [ 99.733356][ T28] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 99.764536][ T28] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41 [ 99.781963][ T28] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11 [ 99.799191][ T28] usb 1-1: Product: syz [ 99.812817][ T28] usb 1-1: Manufacturer: syz [ 99.824928][ T28] usb 1-1: SerialNumber: syz [ 99.918875][ T6584] loop3: detected capacity change from 0 to 32768 [ 99.985057][ T6584] loop3: p1 p3 < > [ 100.044295][ T5141] loop3: p1 p3 < > [ 100.078605][ T28] usblp 1-1:1.0: usblp0: USB Unidirectional printer dev 4 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 100.141161][ T6559] syz.1.249 (6559) used greatest stack depth: 20648 bytes left [ 100.176607][ T5772] XFS (loop1): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 100.316478][ C1] usblp0: nonzero write bulk status received: -71 [ 100.334221][ T5830] usb 1-1: USB disconnect, device number 4 [ 100.366514][ T6519] udevd[6519]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory [ 100.377463][ T5830] usblp0: removed [ 100.380599][ T5763] udevd[5763]: inotify_add_watch(7, /dev/loop3p1, 10) failed: No such file or directory [ 100.473794][ T6509] udevd[6509]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory [ 100.487629][ T5763] udevd[5763]: inotify_add_watch(7, /dev/loop3p1, 10) failed: No such file or directory [ 101.021999][ T5830] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 101.214162][ T5830] usb 4-1: config 0 has no interfaces? [ 101.225867][ T5830] usb 4-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 101.247000][ T5830] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 101.275440][ T5830] usb 4-1: config 0 descriptor?? [ 102.081668][ T6640] capability: warning: `syz.0.270' uses deprecated v2 capabilities in a way that may be insecure [ 102.186628][ T6646] loop0: detected capacity change from 0 to 512 [ 102.231703][ T6646] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 102.257255][ T6646] ext4 filesystem being mounted at /88/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 102.324379][ T27] kauditd_printk_skb: 13 callbacks suppressed [ 102.324391][ T27] audit: type=1800 audit(1779893218.443:43): pid=6646 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.272" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 102.411997][ T27] audit: type=1800 audit(1779893218.473:44): pid=6651 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.273" name="bus" dev="overlay" ino=418 res=0 errno=0 [ 102.493283][ T5770] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 102.639405][ T6658] loop0: detected capacity change from 0 to 4096 [ 102.674611][ T6658] NILFS (loop0): invalid segment: Checksum error in segment payload [ 102.686137][ T6658] NILFS (loop0): trying rollback from an earlier position [ 102.795919][ T6660] netlink: 36 bytes leftover after parsing attributes in process `syz.2.276'. [ 102.798258][ T6658] NILFS (loop0): recovery complete [ 102.857847][ T6661] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 103.097131][ T6666] loop2: detected capacity change from 0 to 2048 [ 103.156186][ T6666] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 103.200583][ T6666] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters [ 103.223184][ T6666] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 33 with max blocks 33 with error 28 [ 103.236513][ T6666] EXT4-fs (loop2): This should not happen!! Data will be lost [ 103.236513][ T6666] [ 103.246747][ T6666] EXT4-fs (loop2): Total free blocks count 0 [ 103.254088][ T6666] EXT4-fs (loop2): Free/Dirty block details [ 103.260016][ T6666] EXT4-fs (loop2): free_blocks=2415919504 [ 103.265887][ T6666] EXT4-fs (loop2): dirty_blocks=64 [ 103.271020][ T6666] EXT4-fs (loop2): Block reservation details [ 103.277143][ T6666] EXT4-fs (loop2): i_reserved_data_blocks=4 [ 103.328854][ T6057] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 2 with error 28 [ 103.440742][ T6675] loop2: detected capacity change from 0 to 8192 [ 103.690943][ T6679] loop2: detected capacity change from 0 to 8192 [ 103.737860][ T27] audit: type=1326 audit(1779893219.853:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6677 comm="syz.2.282" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3bccd9ce59 code=0x0 [ 103.784378][ T28] usb 4-1: USB disconnect, device number 6 [ 105.167168][ T6690] loop1: detected capacity change from 0 to 131072 [ 105.211259][ T6690] F2FS-fs (loop1): Found nat_bits in checkpoint [ 105.277195][ T6690] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 105.329746][ T6690] F2FS-fs (loop1): Stopped filesystem due to reason: 0 [ 105.341488][ T6690] F2FS-fs (loop1): sanity_check_extent_cache: inode (ino=4) extent info [0, 0, 5178624] is incorrect, run fsck to fix [ 106.350510][ T6731] loop2: detected capacity change from 0 to 512 [ 106.391725][ T6731] EXT4-fs (loop2): 1 truncate cleaned up [ 106.417580][ T6731] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 106.638201][ T5771] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 107.066199][ T6750] loop2: detected capacity change from 0 to 2048 [ 107.113025][ T6752] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 107.134906][ T6750] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 107.233360][ T6750] UDF-fs: warning (device loop2): udf_rmdir: empty directory has nlink != 2 (0) [ 107.272246][ T6750] UDF-fs: warning (device loop2): udf_rmdir: parent dir link count too low (2) [ 107.547011][ T6767] syzkaller1: entered promiscuous mode [ 107.572008][ T6767] syzkaller1: entered allmulticast mode [ 108.068617][ T6789] input: syz1 as /devices/virtual/input/input9 [ 108.381346][ T6796] loop0: detected capacity change from 0 to 256 [ 108.438900][ T6796] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 108.628711][ T6800] loop3: detected capacity change from 0 to 8 [ 108.695081][ T6800] SQUASHFS error: lzo decompression failed, data probably corrupt [ 108.703436][ T6800] SQUASHFS error: Failed to read block 0x0: -5 [ 108.709706][ T6800] SQUASHFS error: Failed to read block 0xff: -5 [ 108.717515][ T6800] SQUASHFS error: lzo decompression failed, data probably corrupt [ 108.725454][ T6800] SQUASHFS error: Failed to read block 0x0: -5 [ 108.731999][ T27] audit: type=1800 audit(1779893224.843:46): pid=6800 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.331" name="file2" dev="loop3" ino=3 res=0 errno=0 [ 108.754215][ T6800] SQUASHFS error: lzo decompression failed, data probably corrupt [ 108.762653][ T6800] SQUASHFS error: Failed to read block 0x0: -5 [ 108.804613][ T6800] SQUASHFS error: Failed to read block 0x6a4: -5 [ 108.811220][ T6800] SQUASHFS error: Unable to read metadata cache entry [6a2] [ 108.818677][ T6800] SQUASHFS error: read_indexes: reading block [6a2:0] [ 108.822092][ T27] audit: type=1800 audit(1779893224.883:47): pid=6800 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.331" name="file2" dev="loop3" ino=3 res=0 errno=0 [ 108.825904][ T6800] SQUASHFS error: Failed to read block 0x0: -5 [ 108.852026][ T6800] SQUASHFS error: Unable to read metadata cache entry [6a2] [ 108.859326][ T6800] SQUASHFS error: read_indexes: reading block [6a2:0] [ 108.866196][ T6800] SQUASHFS error: Failed to read block 0x0: -5 [ 108.873667][ T6800] SQUASHFS error: Unable to read metadata cache entry [6a2] [ 108.881355][ T6800] SQUASHFS error: read_indexes: reading block [6a2:0] [ 108.888815][ T6800] SQUASHFS error: Failed to read block 0x0: -5 [ 108.895125][ T6800] SQUASHFS error: Unable to read metadata cache entry [6a2] [ 108.902494][ T6800] SQUASHFS error: read_indexes: reading block [6a2:0] [ 108.909312][ T6800] SQUASHFS error: Failed to read block 0x0: -5 [ 108.915577][ T6800] SQUASHFS error: Unable to read metadata cache entry [6a2] [ 108.922968][ T6800] SQUASHFS error: read_indexes: reading block [6a2:0] [ 108.929778][ T6800] SQUASHFS error: Failed to read block 0x0: -5 [ 108.936049][ T6800] SQUASHFS error: Unable to read metadata cache entry [6a2] [ 108.944294][ T6800] SQUASHFS error: read_indexes: reading block [6a2:0] [ 108.951106][ T6800] SQUASHFS error: Failed to read block 0x0: -5 [ 108.957397][ T6800] SQUASHFS error: Unable to read metadata cache entry [6a2] [ 108.964762][ T6800] SQUASHFS error: read_indexes: reading block [6a2:0] [ 108.971598][ T6800] SQUASHFS error: Failed to read block 0x0: -5 [ 108.977862][ T6800] SQUASHFS error: Unable to read metadata cache entry [6a2] [ 108.986262][ T6800] SQUASHFS error: read_indexes: reading block [6a2:0] [ 108.993135][ T6800] SQUASHFS error: Failed to read block 0x0: -5 [ 108.999351][ T6800] SQUASHFS error: Unable to read metadata cache entry [6a2] [ 109.007043][ T6800] SQUASHFS error: read_indexes: reading block [6a2:0] [ 109.013884][ T6800] SQUASHFS error: Failed to read block 0x0: -5 [ 109.020388][ T6800] SQUASHFS error: Unable to read metadata cache entry [6a2] [ 109.027766][ T6800] SQUASHFS error: read_indexes: reading block [6a2:0] [ 109.035009][ T6800] SQUASHFS error: Unable to read metadata cache entry [6a2] [ 109.043476][ T6800] SQUASHFS error: read_indexes: reading block [6a2:0] [ 109.407171][ T6818] loop2: detected capacity change from 0 to 1024 [ 109.481657][ T6818] EXT4-fs (loop2): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 109.528986][ T6818] ext4 filesystem being mounted at /96/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 109.651242][ T6818] EXT4-fs error (device loop2): ext4_map_blocks:720: inode #15: block 3: comm syz.2.337: lblock 3 mapped to illegal pblock 3 (length 3) [ 109.715112][ T6818] EXT4-fs (loop2): Remounting filesystem read-only [ 109.808359][ T5771] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 110.025751][ T6843] loop2: detected capacity change from 0 to 512 [ 110.100499][ T6843] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 110.132557][ T6843] ext4 filesystem being mounted at /97/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 110.216548][ T6846] Process accounting resumed [ 110.227102][ T6855] loop0: detected capacity change from 0 to 128 [ 110.351144][ T5771] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 110.369595][ T6855] syz.0.347: attempt to access beyond end of device [ 110.369595][ T6855] loop0: rw=2049, sector=145, nr_sectors = 95 limit=128 [ 110.858816][ T6057] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 111.010146][ T6057] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 111.121341][ T6057] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 111.266486][ T6057] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 112.030410][ T5775] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 112.040553][ T5775] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 112.052080][ T5775] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 112.092812][ T5775] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 112.103384][ T5775] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 112.110847][ T5775] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 112.169921][ T6892] loop2: detected capacity change from 0 to 256 [ 112.636845][ T6892] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000001) [ 112.656608][ T6892] FAT-fs (loop2): Filesystem has been set read-only [ 113.261953][ T5830] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 113.270575][ T6884] chnl_net:caif_netlink_parms(): no params data found [ 113.482409][ T5830] usb 3-1: Using ep0 maxpacket: 8 [ 113.492823][ T5830] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 113.527449][ T5830] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 113.563543][ T5830] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 113.609804][ T5830] usb 3-1: config 0 descriptor?? [ 113.623531][ T6884] bridge0: port 1(bridge_slave_0) entered blocking state [ 113.654433][ T6884] bridge0: port 1(bridge_slave_0) entered disabled state [ 113.664079][ T6884] bridge_slave_0: entered allmulticast mode [ 113.672635][ T6884] bridge_slave_0: entered promiscuous mode [ 113.693585][ T6057] hsr_slave_0: left promiscuous mode [ 113.712257][ T6057] hsr_slave_1: left promiscuous mode [ 113.718487][ T6057] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 113.731442][ T6057] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 113.740599][ T6057] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 113.756163][ T6057] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 113.767208][ T6057] bridge_slave_1: left allmulticast mode [ 113.778467][ T6057] bridge_slave_1: left promiscuous mode [ 113.789225][ T6057] bridge0: port 2(bridge_slave_1) entered disabled state [ 113.809382][ T6057] bridge_slave_0: left allmulticast mode [ 113.827944][ T6057] bridge_slave_0: left promiscuous mode [ 113.837305][ T5830] iowarrior 3-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 113.873645][ T6057] bridge0: port 1(bridge_slave_0) entered disabled state [ 113.923794][ T6057] veth1_macvtap: left promiscuous mode [ 113.929690][ T6057] veth0_macvtap: left promiscuous mode [ 113.944851][ T6057] veth1_vlan: left promiscuous mode [ 113.950433][ T6057] veth0_vlan: left promiscuous mode [ 114.202202][ T5775] Bluetooth: hci3: command tx timeout [ 114.298643][ T5810] usb 3-1: USB disconnect, device number 6 [ 115.005820][ T6057] team0 (unregistering): Port device team_slave_1 removed [ 115.087137][ T6057] team0 (unregistering): Port device team_slave_0 removed [ 115.211215][ T6057] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 115.236104][ T6929] loop8: detected capacity change from 0 to 524287999 [ 115.262407][ C0] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 115.271713][ C0] Buffer I/O error on dev loop8, logical block 0, async page read [ 115.294302][ C0] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 115.303488][ C0] Buffer I/O error on dev loop8, logical block 0, async page read [ 115.313631][ C1] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 115.322862][ C1] Buffer I/O error on dev loop8, logical block 0, async page read [ 115.347121][ C1] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 115.356315][ C1] Buffer I/O error on dev loop8, logical block 0, async page read [ 115.382409][ T6057] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 115.395126][ C0] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 115.404315][ C0] Buffer I/O error on dev loop8, logical block 0, async page read [ 115.412842][ C1] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 115.422017][ C1] Buffer I/O error on dev loop8, logical block 0, async page read [ 115.430539][ C0] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 115.439713][ C0] Buffer I/O error on dev loop8, logical block 0, async page read [ 115.447814][ C1] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 115.457019][ C1] Buffer I/O error on dev loop8, logical block 0, async page read [ 115.464890][ T6929] ldm_validate_partition_table(): Disk read failed. [ 115.471763][ C0] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 115.480919][ C0] Buffer I/O error on dev loop8, logical block 0, async page read [ 115.488934][ C1] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 115.498143][ C1] Buffer I/O error on dev loop8, logical block 0, async page read [ 115.509377][ T6929] Dev loop8: unable to read RDB block 0 [ 115.525180][ T6929] loop8: unable to read partition table [ 115.546384][ T6929] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5) [ 116.282020][ T5775] Bluetooth: hci3: command tx timeout [ 116.566587][ T6057] bond0 (unregistering): Released all slaves [ 116.875379][ T6884] bridge0: port 2(bridge_slave_1) entered blocking state [ 116.877815][ T6946] loop0: detected capacity change from 0 to 131072 [ 116.895666][ T6946] F2FS-fs (loop0): invalid crc value [ 116.901315][ T6884] bridge0: port 2(bridge_slave_1) entered disabled state [ 116.920000][ T6946] F2FS-fs (loop0): Found nat_bits in checkpoint [ 116.926606][ T6884] bridge_slave_1: entered allmulticast mode [ 116.927843][ T6884] bridge_slave_1: entered promiscuous mode [ 116.976444][ T6946] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4 [ 117.088552][ T6884] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 117.140164][ T6884] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 117.329578][ T6884] team0: Port device team_slave_0 added [ 117.367225][ T6884] team0: Port device team_slave_1 added [ 117.472611][ T6964] loop2: detected capacity change from 0 to 128 [ 117.477231][ T6884] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 117.512024][ T6884] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 117.513082][ T6964] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 117.607391][ T6884] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 117.640665][ T6964] hpfs: filesystem error: improperly stopped [ 117.684236][ T6964] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 117.695172][ T6884] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 117.700528][ T6964] hpfs: You really don't want any checks? You are crazy... [ 117.710683][ T6964] hpfs: Code page index out of array [ 117.724799][ T6964] hpfs: code page support is disabled [ 117.731205][ T6964] hpfs: hpfs_map_4sectors(): unaligned read [ 117.731666][ T6884] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 117.737740][ T6964] hpfs: hpfs_map_4sectors(): unaligned read [ 117.825867][ T6964] hpfs: filesystem error: unable to find root dir [ 117.838604][ T6884] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 117.943286][ T6974] netlink: 'syz.0.381': attribute type 2 has an invalid length. [ 118.225186][ T6884] hsr_slave_0: entered promiscuous mode [ 118.293243][ T6884] hsr_slave_1: entered promiscuous mode [ 118.362579][ T5775] Bluetooth: hci3: command tx timeout [ 118.883788][ T5760] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 118.918530][ T6884] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 119.086414][ T5760] usb 3-1: Using ep0 maxpacket: 8 [ 119.137471][ T5760] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 119.148655][ T5760] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 119.157932][ T5760] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 119.170151][ T5760] usb 3-1: config 0 descriptor?? [ 119.412762][ T5760] iowarrior 3-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 119.544214][ T6884] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 119.591430][ T6884] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 119.606972][ T6884] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 119.760732][ T6884] 8021q: adding VLAN 0 to HW filter on device bond0 [ 119.791665][ T6884] 8021q: adding VLAN 0 to HW filter on device team0 [ 119.816547][ T6053] bridge0: port 1(bridge_slave_0) entered blocking state [ 119.824143][ T6053] bridge0: port 1(bridge_slave_0) entered forwarding state [ 119.856482][ T6053] bridge0: port 2(bridge_slave_1) entered blocking state [ 119.863653][ T6053] bridge0: port 2(bridge_slave_1) entered forwarding state [ 119.883145][ T5812] usb 3-1: USB disconnect, device number 7 [ 120.159059][ T6884] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 120.442512][ T5775] Bluetooth: hci3: command tx timeout [ 120.746543][ T6884] veth0_vlan: entered promiscuous mode [ 120.809962][ T6884] veth1_vlan: entered promiscuous mode [ 120.948945][ T6884] veth0_macvtap: entered promiscuous mode [ 120.966299][ T6884] veth1_macvtap: entered promiscuous mode [ 121.027562][ T6884] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 121.060684][ T6884] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 121.090984][ T6884] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 121.112232][ T6884] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 121.141376][ T6884] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 121.171976][ T6884] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 121.203531][ T6884] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 121.220377][ T6884] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 121.233503][ T6884] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 121.270430][ T6884] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 121.292484][ T6884] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 121.322225][ T6884] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 121.349043][ T6884] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 121.399327][ T6884] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 121.509157][ T6884] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 121.529430][ T6884] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 121.539037][ T6884] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 121.566461][ T6884] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 121.793513][ T6047] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.801364][ T6047] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.878119][ T6047] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.907270][ T6047] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 122.352036][ T5812] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 122.489058][ T7120] loop0: detected capacity change from 0 to 512 [ 122.562678][ T5812] usb 2-1: Using ep0 maxpacket: 32 [ 122.571116][ T5812] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 122.590057][ T5812] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 122.603642][ T5812] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 122.613612][ T5812] usb 2-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 122.622047][ T5812] usb 2-1: Product: syz [ 122.626500][ T5812] usb 2-1: Manufacturer: syz [ 122.635919][ T7120] EXT4-fs (loop0): 1 orphan inode deleted [ 122.636278][ T5812] hub 2-1:4.0: USB hub found [ 122.660380][ T6055] Quota error (device loop0): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 122.704532][ T7120] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 122.719169][ T7120] ext4 filesystem being mounted at /134/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 122.723165][ T6055] EXT4-fs error (device loop0): ext4_release_dquot:6989: comm kworker/u4:15: Failed to release dquot type 1 [ 122.844167][ T5812] hub 2-1:4.0: 2 ports detected [ 123.118330][ T4546] Quota error (device loop0): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 123.148975][ T4546] EXT4-fs error (device loop0): ext4_release_dquot:6989: comm kworker/u4:10: Failed to release dquot type 1 [ 123.247428][ T5770] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 123.267727][ T5812] hub 2-1:4.0: set hub depth failed [ 123.299210][ T5812] usb 2-1: USB disconnect, device number 4 [ 123.654362][ T7151] loop0: detected capacity change from 0 to 64 [ 124.490089][ T7186] loop4: detected capacity change from 0 to 512 [ 124.558679][ T7186] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 124.572478][ T7186] ext4 filesystem being mounted at /7/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 124.654936][ T6884] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 125.236945][ T7216] loop4: detected capacity change from 0 to 64 [ 125.273545][ T7221] loop0: detected capacity change from 0 to 1024 [ 125.302321][ T7221] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 125.361021][ T7221] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 125.387082][ T27] audit: type=1326 audit(1779893241.503:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7220 comm="syz.1.437" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fea5dd9ce59 code=0x0 [ 125.458633][ T7222] loop2: detected capacity change from 0 to 4096 [ 125.530981][ T7221] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 25 vs 1305 free clusters [ 125.563934][ T7221] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 125.630157][ T7221] EXT4-fs (loop0): This should not happen!! Data will be lost [ 125.630157][ T7221] [ 125.676087][ T7221] EXT4-fs (loop0): Total free blocks count 0 [ 125.702981][ T7221] EXT4-fs (loop0): Free/Dirty block details [ 125.760224][ T7222] ntfs3: loop2: ino=5, "/" directory corrupted [ 125.782820][ T7221] EXT4-fs (loop0): free_blocks=20480 [ 125.822646][ T7221] EXT4-fs (loop0): dirty_blocks=16 [ 125.827803][ T7221] EXT4-fs (loop0): Block reservation details [ 125.875861][ T7221] EXT4-fs (loop0): i_reserved_data_blocks=1 [ 125.985433][ T5770] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 126.220453][ T7243] gre0: entered allmulticast mode [ 126.239112][ T7242] gre0: left allmulticast mode [ 127.206780][ T7269] loop2: detected capacity change from 0 to 512 [ 127.215700][ T7269] FAT-fs (loop2): Unrecognized mount option "QB%„E®È[¤F£žåŽîeDĪ•<|¤$°ÛŠÄ(-›ešZ¬1R¢é$I §ÚÇÙÿ„Ä‹{Ãâ«Hoçà°7QD*åx†ùC¼Ã‚Ì:3Žsõ" or missing value [ 127.276278][ T7253] loop1: detected capacity change from 0 to 40427 [ 127.315054][ T7253] F2FS-fs (loop1): invalid crc value [ 127.334207][ T7253] F2FS-fs (loop1): Found nat_bits in checkpoint [ 127.359463][ T7248] loop4: detected capacity change from 0 to 40427 [ 127.416596][ T7248] F2FS-fs (loop4): invalid crc value [ 127.464458][ T7248] F2FS-fs (loop4): Found nat_bits in checkpoint [ 127.569026][ T7253] F2FS-fs (loop1): Start checkpoint disabled! [ 127.633243][ T7253] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 127.678999][ T7248] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 127.701155][ T7253] syz.1.447: attempt to access beyond end of device [ 127.701155][ T7253] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 127.783279][ T7284] syz.1.447: attempt to access beyond end of device [ 127.783279][ T7284] loop1: rw=2049, sector=45104, nr_sectors = 16 limit=40427 [ 127.845009][ T6884] syz-executor: attempt to access beyond end of device [ 127.845009][ T6884] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 127.887898][ T6884] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 128.103527][ T3488] kworker/u4:9: attempt to access beyond end of device [ 128.103527][ T3488] loop1: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 128.140190][ T3488] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 128.184053][ T3488] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 128.775020][ T7306] loop2: detected capacity change from 0 to 256 [ 128.843287][ T7306] exfat: Deprecated parameter 'utf8' [ 128.952173][ T7306] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xe3908169, utbl_chksum : 0xe619d30d) [ 129.132864][ T7311] loop0: detected capacity change from 0 to 4096 [ 129.170502][ T7311] EXT4-fs: Ignoring removed orlov option [ 129.214787][ T7311] EXT4-fs (loop0): Test dummy encryption mode enabled [ 129.270141][ T7311] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 129.335640][ T7322] loop1: detected capacity change from 0 to 1024 [ 129.430405][ T7311] fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-aesni" [ 129.476878][ T7322] hfsplus: unknown catalog record type 0 [ 129.495271][ T7322] hfsplus: unknown catalog record type 0 [ 129.556227][ T7322] hfsplus: xattr search failed [ 129.600644][ T5770] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 129.601949][ T9] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 129.639628][ T6057] hfsplus: b-tree write err: -5, ino 3 [ 129.823760][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 129.856444][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 129.866534][ T9] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 129.886310][ T9] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 129.902445][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 129.939128][ T9] usb 3-1: config 0 descriptor?? [ 130.032606][ T5812] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 130.233739][ T5812] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 130.244018][ T5812] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 130.272656][ T5812] usb 2-1: config 0 descriptor?? [ 130.291011][ T5812] cp210x 2-1:0.0: cp210x converter detected [ 130.364217][ T9] plantronics 0003:047F:FFFF.0004: No inputs registered, leaving [ 130.390737][ T9] plantronics 0003:047F:FFFF.0004: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 130.652543][ T7353] loop0: detected capacity change from 0 to 128 [ 130.692481][ T5812] cp210x 2-1:0.0: failed to get vendor val 0x0010 size 3: -32 [ 130.702023][ T9] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 130.718774][ T5812] usb 2-1: cp210x converter now attached to ttyUSB0 [ 130.902068][ T9] usb 5-1: Using ep0 maxpacket: 32 [ 130.906109][ T28] usb 2-1: USB disconnect, device number 5 [ 130.920855][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 130.921020][ T28] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 130.965421][ T28] cp210x 2-1:0.0: device disconnected [ 130.971038][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 131.001647][ T9] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 131.021929][ T9] usb 5-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00 [ 131.045050][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 131.066396][ T9] usb 5-1: config 0 descriptor?? [ 131.547245][ T9] input: HID 0458:5011 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0458:5011.0005/input/input10 [ 131.674424][ T9] input: HID 0458:5011 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0458:5011.0005/input/input11 [ 131.796259][ T9] kye 0003:0458:5011.0005: input,hiddev1,hidraw1: USB HID v0.00 Device [HID 0458:5011] on usb-dummy_hcd.4-1/input0 [ 132.133050][ T9] usb 5-1: USB disconnect, device number 2 [ 132.172777][ T7374] loop1: detected capacity change from 0 to 8192 [ 132.215208][ T7374] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 132.539514][ T5760] usb 3-1: USB disconnect, device number 8 [ 132.857840][ T1280] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.864253][ T1280] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.007053][ T7395] IPv4: Oversized IP packet from 127.202.26.0 [ 133.129057][ T7398] loop1: detected capacity change from 0 to 128 [ 133.163069][ T7398] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 133.226669][ T7398] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 133.843236][ T7357] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 133.972968][ T5775] Bluetooth: hci3: unexpected cc 0x203e length: 2 > 1 [ 134.171107][ T7417] loop1: detected capacity change from 0 to 512 [ 134.203220][ T7417] EXT4-fs error (device loop1): ext4_get_branch:178: inode #11: block 4294967295: comm syz.1.505: invalid block [ 134.225227][ T7417] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #11: comm syz.1.505: invalid indirect mapped block 4294967295 (level 1) [ 134.254362][ T7417] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #11: comm syz.1.505: invalid indirect mapped block 4294967295 (level 1) [ 134.277404][ T7417] EXT4-fs (loop1): 2 truncates cleaned up [ 134.293232][ T7417] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 134.352773][ T7417] EXT4-fs error (device loop1): ext4_inlinedir_to_tree:1430: inode #12: block 7: comm syz.1.505: path /98/file0/file0: bad entry in directory: rec_len % 4 != 0 - offset=259, inode=4278190093, rec_len=255, size=60 fake=0 [ 134.407833][ T7424] netlink: 12 bytes leftover after parsing attributes in process `syz.2.508'. [ 134.407878][ T7426] loop4: detected capacity change from 0 to 128 [ 134.444537][ T7424] 8021q: adding VLAN 0 to HW filter on device bond2 [ 134.459782][ T7426] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 134.521359][ T7429] loop0: detected capacity change from 0 to 128 [ 134.540339][ T7424] bond2: (slave batadv1): Opening slave failed [ 134.549384][ T7429] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x61ff7272 (sector = 1) [ 134.566081][ T5772] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 134.592112][ T3488] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 134.782991][ T7431] loop1: detected capacity change from 0 to 512 [ 134.866720][ T7431] EXT4-fs error (device loop1): ext4_orphan_get:1404: inode #15: comm syz.1.510: inode has both inline data and extents flags [ 134.890178][ T7434] netlink: 'syz.0.511': attribute type 1 has an invalid length. [ 134.926928][ T7431] EXT4-fs error (device loop1): ext4_orphan_get:1409: comm syz.1.510: couldn't read orphan inode 15 (err -117) [ 134.993671][ T7431] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 135.130772][ T7431] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 135.205867][ T7445] [ 135.208228][ T7445] ===================================================== [ 135.214934][ T7439] loop0: detected capacity change from 0 to 2048 [ 135.215141][ T7445] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected [ 135.228924][ T7445] syzkaller #0 Not tainted [ 135.230109][ T7439] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 135.233332][ T7445] ----------------------------------------------------- [ 135.233340][ T7445] syz.2.516/7445 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 135.233359][ T7445] ffff888020fc1018 (&new->fa_lock){...-}-{2:2}, at: kill_fasync+0x192/0x4b0 [ 135.233424][ T7445] [ 135.233424][ T7445] and this task is already holding: [ 135.233430][ T7445] ffff888026f40230 (&dev->event_lock#2){-...}-{2:2}, at: input_inject_event+0xab/0x320 [ 135.282255][ T7445] which would create a new lock dependency: [ 135.288126][ T7445] (&dev->event_lock#2){-...}-{2:2} -> (&new->fa_lock){...-}-{2:2} [ 135.296044][ T7445] [ 135.296044][ T7445] but this new dependency connects a HARDIRQ-irq-safe lock: [ 135.305479][ T7445] (&dev->event_lock#2){-...}-{2:2} [ 135.305506][ T7445] [ 135.305506][ T7445] ... which became HARDIRQ-irq-safe at: [ 135.318368][ T7445] lock_acquire+0x19e/0x420 [ 135.322957][ T7445] _raw_spin_lock_irqsave+0xb4/0x100 [ 135.328324][ T7445] input_event+0x7a/0xc0 [ 135.332644][ T7445] psmouse_report_standard_packet+0x53/0x200 [ 135.338703][ T7445] psmouse_process_byte+0x478/0x670 [ 135.343981][ T7445] psmouse_handle_byte+0x43/0x490 [ 135.349079][ T7445] ps2_interrupt+0x164/0x980 [ 135.353746][ T7445] serio_interrupt+0x8b/0x130 [ 135.358503][ T7445] i8042_interrupt+0x385/0x710 [ 135.363345][ T7445] __handle_irq_event_percpu+0x271/0x940 [ 135.369060][ T7445] handle_irq_event+0x8b/0x1e0 [ 135.373902][ T7445] handle_edge_irq+0x247/0xb30 [ 135.378740][ T7445] __common_interrupt+0x13b/0x230 [ 135.383839][ T7445] common_interrupt+0xb4/0xd0 [ 135.388593][ T7445] asm_common_interrupt+0x26/0x40 [ 135.393697][ T7445] __sanitizer_cov_trace_pc+0x0/0x60 [ 135.399058][ T7445] unwind_next_frame+0x501/0x2970 [ 135.404162][ T7445] arch_stack_walk+0x144/0x190 [ 135.409006][ T7445] stack_trace_save+0xaa/0x100 [ 135.413849][ T7445] kasan_set_track+0x4e/0x70 [ 135.418517][ T7445] __kasan_slab_alloc+0x6c/0x80 [ 135.423442][ T7445] slab_post_alloc_hook+0x6e/0x4b0 [ 135.428637][ T7445] kmem_cache_alloc+0x11a/0x2d0 [ 135.433564][ T7445] dup_fd+0x58/0xa50 [ 135.437538][ T7445] copy_files+0xc3/0x120 [ 135.441855][ T7445] copy_process+0x15ab/0x3dc0 [ 135.446611][ T7445] kernel_clone+0x24b/0x8a0 [ 135.451186][ T7445] user_mode_thread+0x111/0x180 [ 135.456110][ T7445] call_usermodehelper_exec_work+0x5c/0x220 [ 135.462083][ T7445] process_scheduled_works+0xa5d/0x15d0 [ 135.467712][ T7445] worker_thread+0xa55/0xfc0 [ 135.472377][ T7445] kthread+0x2fa/0x390 [ 135.476517][ T7445] ret_from_fork+0x48/0x80 [ 135.481011][ T7445] ret_from_fork_asm+0x11/0x20 [ 135.485852][ T7445] [ 135.485852][ T7445] to a HARDIRQ-irq-unsafe lock: [ 135.492853][ T7445] (tasklist_lock){.+.+}-{2:2} [ 135.492876][ T7445] [ 135.492876][ T7445] ... which became HARDIRQ-irq-unsafe at: [ 135.505481][ T7445] ... [ 135.505488][ T7445] lock_acquire+0x19e/0x420 [ 135.512635][ T7445] _raw_read_lock+0x36/0x50 [ 135.517216][ T7445] do_wait+0x294/0xae0 [ 135.521367][ T7445] kernel_wait+0xd7/0x1c0 [ 135.525774][ T7445] call_usermodehelper_exec_work+0xb9/0x220 [ 135.531740][ T7445] process_scheduled_works+0xa5d/0x15d0 [ 135.537364][ T7445] worker_thread+0xa55/0xfc0 [ 135.542031][ T7445] kthread+0x2fa/0x390 [ 135.546172][ T7445] ret_from_fork+0x48/0x80 [ 135.550661][ T7445] ret_from_fork_asm+0x11/0x20 [ 135.555519][ T7445] [ 135.555519][ T7445] other info that might help us debug this: [ 135.555519][ T7445] [ 135.566440][ T7445] Chain exists of: [ 135.566440][ T7445] &dev->event_lock#2 --> &new->fa_lock --> tasklist_lock [ 135.566440][ T7445] [ 135.579400][ T7445] Possible interrupt unsafe locking scenario: [ 135.579400][ T7445] [ 135.587712][ T7445] CPU0 CPU1 [ 135.593063][ T7445] ---- ---- [ 135.598426][ T7445] lock(tasklist_lock); [ 135.602665][ T7445] local_irq_disable(); [ 135.609404][ T7445] lock(&dev->event_lock#2); [ 135.616595][ T7445] lock(&new->fa_lock); [ 135.623344][ T7445] [ 135.626785][ T7445] lock(&dev->event_lock#2); [ 135.631630][ T7445] [ 135.631630][ T7445] *** DEADLOCK *** [ 135.631630][ T7445] [ 135.639761][ T7445] 6 locks held by syz.2.516/7445: [ 135.644771][ T7445] #0: ffff888027dbc110 (&evdev->mutex){+.+.}-{3:3}, at: evdev_write+0x180/0x490 [ 135.653910][ T7445] #1: ffff888026f40230 (&dev->event_lock#2){-...}-{2:2}, at: input_inject_event+0xab/0x320 [ 135.664010][ T7445] #2: ffffffff8d132120 (rcu_read_lock){....}-{1:2}, at: input_inject_event+0xbc/0x320 [ 135.673683][ T7445] #3: ffffffff8d132120 (rcu_read_lock){....}-{1:2}, at: input_pass_values+0xa3/0x12f0 [ 135.683342][ T7445] #4: ffffffff8d132120 (rcu_read_lock){....}-{1:2}, at: mousedev_notify_readers+0x2c/0xc00 [ 135.693431][ T7445] #5: ffffffff8d132120 (rcu_read_lock){....}-{1:2}, at: kill_fasync+0x53/0x4b0 [ 135.702473][ T7445] [ 135.702473][ T7445] the dependencies between HARDIRQ-irq-safe lock and the holding lock: [ 135.712864][ T7445] -> (&dev->event_lock#2){-...}-{2:2} { [ 135.718418][ T7445] IN-HARDIRQ-W at: [ 135.722387][ T7445] lock_acquire+0x19e/0x420 [ 135.728533][ T7445] _raw_spin_lock_irqsave+0xb4/0x100 [ 135.735460][ T7445] input_event+0x7a/0xc0 [ 135.741343][ T7445] psmouse_report_standard_packet+0x53/0x200 [ 135.748968][ T7445] psmouse_process_byte+0x478/0x670 [ 135.755808][ T7445] psmouse_handle_byte+0x43/0x490 [ 135.762470][ T7445] ps2_interrupt+0x164/0x980 [ 135.768703][ T7445] serio_interrupt+0x8b/0x130 [ 135.775023][ T7445] i8042_interrupt+0x385/0x710 [ 135.781428][ T7445] __handle_irq_event_percpu+0x271/0x940 [ 135.788703][ T7445] handle_irq_event+0x8b/0x1e0 [ 135.795110][ T7445] handle_edge_irq+0x247/0xb30 [ 135.801509][ T7445] __common_interrupt+0x13b/0x230 [ 135.808176][ T7445] common_interrupt+0xb4/0xd0 [ 135.814498][ T7445] asm_common_interrupt+0x26/0x40 [ 135.821167][ T7445] __sanitizer_cov_trace_pc+0x0/0x60 [ 135.828093][ T7445] unwind_next_frame+0x501/0x2970 [ 135.834756][ T7445] arch_stack_walk+0x144/0x190 [ 135.841158][ T7445] stack_trace_save+0xaa/0x100 [ 135.847563][ T7445] kasan_set_track+0x4e/0x70 [ 135.853805][ T7445] __kasan_slab_alloc+0x6c/0x80 [ 135.860305][ T7445] slab_post_alloc_hook+0x6e/0x4b0 [ 135.867065][ T7445] kmem_cache_alloc+0x11a/0x2d0 [ 135.873565][ T7445] dup_fd+0x58/0xa50 [ 135.879110][ T7445] copy_files+0xc3/0x120 [ 135.884994][ T7445] copy_process+0x15ab/0x3dc0 [ 135.891313][ T7445] kernel_clone+0x24b/0x8a0 [ 135.897456][ T7445] user_mode_thread+0x111/0x180 [ 135.903950][ T7445] call_usermodehelper_exec_work+0x5c/0x220 [ 135.911483][ T7445] process_scheduled_works+0xa5d/0x15d0 [ 135.918676][ T7445] worker_thread+0xa55/0xfc0 [ 135.924911][ T7445] kthread+0x2fa/0x390 [ 135.930623][ T7445] ret_from_fork+0x48/0x80 [ 135.936684][ T7445] ret_from_fork_asm+0x11/0x20 [ 135.943093][ T7445] INITIAL USE at: [ 135.946981][ T7445] lock_acquire+0x19e/0x420 [ 135.953051][ T7445] _raw_spin_lock_irqsave+0xb4/0x100 [ 135.959898][ T7445] input_inject_event+0xab/0x320 [ 135.966394][ T7445] led_trigger_event+0x133/0x210 [ 135.972886][ T7445] kbd_led_trigger_activate+0xbd/0x100 [ 135.979897][ T7445] led_trigger_set+0x52c/0x950 [ 135.986217][ T7445] led_trigger_set_default+0x1a0/0x1e0 [ 135.993230][ T7445] led_classdev_register_ext+0x733/0x9b0 [ 136.000416][ T7445] input_leds_connect+0x4eb/0x6b0 [ 136.006995][ T7445] input_register_device+0xcdc/0x1070 [ 136.013923][ T7445] atkbd_connect+0x70a/0x9b0 [ 136.020066][ T7445] serio_driver_probe+0x7a/0xa0 [ 136.026470][ T7445] really_probe+0x25b/0xb20 [ 136.032525][ T7445] __driver_probe_device+0x1ef/0x390 [ 136.039363][ T7445] driver_probe_device+0x4f/0x420 [ 136.045943][ T7445] __driver_attach+0x44e/0x6e0 [ 136.052262][ T7445] bus_for_each_dev+0x235/0x2b0 [ 136.058666][ T7445] serio_handle_event+0x1a2/0x860 [ 136.065252][ T7445] process_scheduled_works+0xa5d/0x15d0 [ 136.072354][ T7445] worker_thread+0xa55/0xfc0 [ 136.078498][ T7445] kthread+0x2fa/0x390 [ 136.084120][ T7445] ret_from_fork+0x48/0x80 [ 136.090092][ T7445] ret_from_fork_asm+0x11/0x20 [ 136.096413][ T7445] } [ 136.098896][ T7445] ... key at: [] input_allocate_device.__key.5+0x0/0x20 [ 136.107926][ T7445] [ 136.107926][ T7445] the dependencies between the lock to be acquired [ 136.107934][ T7445] and HARDIRQ-irq-unsafe lock: [ 136.121424][ T7445] -> (tasklist_lock){.+.+}-{2:2} { [ 136.126717][ T7445] HARDIRQ-ON-R at: [ 136.130858][ T7445] lock_acquire+0x19e/0x420 [ 136.137350][ T7445] _raw_read_lock+0x36/0x50 [ 136.143842][ T7445] do_wait+0x294/0xae0 [ 136.149900][ T7445] kernel_wait+0xd7/0x1c0 [ 136.156219][ T7445] call_usermodehelper_exec_work+0xb9/0x220 [ 136.164098][ T7445] process_scheduled_works+0xa5d/0x15d0 [ 136.171631][ T7445] worker_thread+0xa55/0xfc0 [ 136.178208][ T7445] kthread+0x2fa/0x390 [ 136.184268][ T7445] ret_from_fork+0x48/0x80 [ 136.190672][ T7445] ret_from_fork_asm+0x11/0x20 [ 136.197429][ T7445] SOFTIRQ-ON-R at: [ 136.201569][ T7445] lock_acquire+0x19e/0x420 [ 136.208061][ T7445] _raw_read_lock+0x36/0x50 [ 136.214555][ T7445] do_wait+0x294/0xae0 [ 136.220617][ T7445] kernel_wait+0xd7/0x1c0 [ 136.226935][ T7445] call_usermodehelper_exec_work+0xb9/0x220 [ 136.234811][ T7445] process_scheduled_works+0xa5d/0x15d0 [ 136.242343][ T7445] worker_thread+0xa55/0xfc0 [ 136.248919][ T7445] kthread+0x2fa/0x390 [ 136.254976][ T7445] ret_from_fork+0x48/0x80 [ 136.261381][ T7445] ret_from_fork_asm+0x11/0x20 [ 136.268134][ T7445] INITIAL USE at: [ 136.272187][ T7445] lock_acquire+0x19e/0x420 [ 136.278598][ T7445] _raw_write_lock_irq+0xaf/0xf0 [ 136.285450][ T7445] copy_process+0x22a4/0x3dc0 [ 136.292026][ T7445] kernel_clone+0x24b/0x8a0 [ 136.298427][ T7445] user_mode_thread+0x111/0x180 [ 136.305175][ T7445] rest_init+0x27/0x300 [ 136.311228][ T7445] arch_call_rest_init+0xe/0x10 [ 136.317983][ T7445] start_kernel+0x459/0x4e0 [ 136.324388][ T7445] x86_64_start_reservations+0x2a/0x30 [ 136.331746][ T7445] copy_bootdata+0x0/0xe0 [ 136.337975][ T7445] secondary_startup_64_no_verify+0x179/0x17b [ 136.345944][ T7445] INITIAL READ USE at: [ 136.350432][ T7445] lock_acquire+0x19e/0x420 [ 136.357273][ T7445] _raw_read_lock+0x36/0x50 [ 136.364113][ T7445] do_wait+0x294/0xae0 [ 136.370521][ T7445] kernel_wait+0xd7/0x1c0 [ 136.377191][ T7445] call_usermodehelper_exec_work+0xb9/0x220 [ 136.385421][ T7445] process_scheduled_works+0xa5d/0x15d0 [ 136.393303][ T7445] worker_thread+0xa55/0xfc0 [ 136.400228][ T7445] kthread+0x2fa/0x390 [ 136.406631][ T7445] ret_from_fork+0x48/0x80 [ 136.413387][ T7445] ret_from_fork_asm+0x11/0x20 [ 136.420486][ T7445] } [ 136.423146][ T7445] ... key at: [] tasklist_lock+0x18/0x40 [ 136.431031][ T7445] ... acquired at: [ 136.434994][ T7445] _raw_read_lock+0x36/0x50 [ 136.439669][ T7445] send_sigurg+0xf0/0x3c0 [ 136.444162][ T7445] sk_send_sigurg+0x6f/0xc0 [ 136.448825][ T7445] queue_oob+0x3f1/0x4f0 [ 136.453234][ T7445] unix_stream_sendmsg+0xaf3/0xbf0 [ 136.458507][ T7445] ____sys_sendmsg+0x5ba/0x960 [ 136.463433][ T7445] ___sys_sendmsg+0x2a6/0x360 [ 136.468272][ T7445] __sys_sendmmsg+0x2ca/0x510 [ 136.473110][ T7445] __x64_sys_sendmmsg+0xa0/0xb0 [ 136.478132][ T7445] do_syscall_64+0x55/0xb0 [ 136.482711][ T7445] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 136.488779][ T7445] [ 136.491090][ T7445] -> (&f->f_owner.lock){...-}-{2:2} { [ 136.496556][ T7445] IN-SOFTIRQ-R at: [ 136.500610][ T7445] lock_acquire+0x19e/0x420 [ 136.506929][ T7445] _raw_read_lock_irqsave+0xbc/0x100 [ 136.514033][ T7445] send_sigurg+0x29/0x3c0 [ 136.520177][ T7445] sk_send_sigurg+0x6f/0xc0 [ 136.526495][ T7445] tcp_check_urg+0x200/0x750 [ 136.532904][ T7445] tcp_urg+0x164/0x410 [ 136.538788][ T7445] tcp_rcv_established+0xa34/0x1d20 [ 136.546059][ T7445] tcp_v4_do_rcv+0x4ed/0xb80 [ 136.552461][ T7445] tcp_v4_rcv+0x23bf/0x2af0 [ 136.558775][ T7445] ip_protocol_deliver_rcu+0x20e/0x3f0 [ 136.566047][ T7445] ip_local_deliver_finish+0x2ca/0x510 [ 136.573317][ T7445] NF_HOOK+0x32d/0x3b0 [ 136.579198][ T7445] NF_HOOK+0x32d/0x3b0 [ 136.585079][ T7445] __netif_receive_skb+0xcc/0x290 [ 136.591919][ T7445] process_backlog+0x391/0x6f0 [ 136.598498][ T7445] __napi_poll+0xc0/0x460 [ 136.604641][ T7445] net_rx_action+0x616/0xc40 [ 136.611051][ T7445] handle_softirqs+0x280/0x820 [ 136.617625][ T7445] do_softirq+0xfa/0x1a0 [ 136.623684][ T7445] __local_bh_enable_ip+0x184/0x1c0 [ 136.630691][ T7445] sk_stream_wait_memory+0x6e3/0xee0 [ 136.637791][ T7445] tcp_sendmsg_locked+0x15cd/0x4bd0 [ 136.644801][ T7445] tcp_sendmsg+0x2f/0x50 [ 136.650852][ T7445] __sys_sendto+0x4a9/0x6b0 [ 136.657167][ T7445] __x64_sys_sendto+0xde/0xf0 [ 136.663659][ T7445] do_syscall_64+0x55/0xb0 [ 136.669888][ T7445] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 136.677599][ T7445] INITIAL USE at: [ 136.681567][ T7445] lock_acquire+0x19e/0x420 [ 136.687807][ T7445] _raw_write_lock_irq+0xaf/0xf0 [ 136.694488][ T7445] __f_setown+0x3b/0x330 [ 136.700461][ T7445] fcntl_dirnotify+0x6e2/0x8d0 [ 136.706953][ T7445] do_fcntl+0x390/0x1490 [ 136.712925][ T7445] __se_sys_fcntl+0xc9/0x1a0 [ 136.719241][ T7445] do_syscall_64+0x55/0xb0 [ 136.725383][ T7445] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 136.733009][ T7445] INITIAL READ USE at: [ 136.737410][ T7445] lock_acquire+0x19e/0x420 [ 136.744506][ T7445] _raw_read_lock_irqsave+0xbc/0x100 [ 136.751954][ T7445] send_sigurg+0x29/0x3c0 [ 136.758444][ T7445] sk_send_sigurg+0x6f/0xc0 [ 136.765109][ T7445] tcp_check_urg+0x200/0x750 [ 136.771864][ T7445] tcp_urg+0x164/0x410 [ 136.778096][ T7445] tcp_rcv_established+0xa34/0x1d20 [ 136.785457][ T7445] tcp_v4_do_rcv+0x4ed/0xb80 [ 136.792207][ T7445] __release_sock+0x1e5/0x460 [ 136.799043][ T7445] release_sock+0x5f/0x1c0 [ 136.805620][ T7445] sk_stream_wait_memory+0x6e3/0xee0 [ 136.813072][ T7445] tcp_sendmsg_locked+0x15cd/0x4bd0 [ 136.820428][ T7445] tcp_sendmsg+0x2f/0x50 [ 136.826829][ T7445] __sys_sendto+0x4a9/0x6b0 [ 136.833492][ T7445] __x64_sys_sendto+0xde/0xf0 [ 136.840326][ T7445] do_syscall_64+0x55/0xb0 [ 136.846904][ T7445] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 136.854960][ T7445] } [ 136.857530][ T7445] ... key at: [] init_file.__key+0x0/0x20 [ 136.865413][ T7445] ... acquired at: [ 136.869286][ T7445] _raw_read_lock_irqsave+0xbc/0x100 [ 136.874737][ T7445] send_sigio+0x33/0x360 [ 136.879144][ T7445] kill_fasync+0x228/0x4b0 [ 136.883726][ T7445] sock_wake_async+0x137/0x160 [ 136.888651][ T7445] sk_wake_async+0x184/0x280 [ 136.893405][ T7445] sock_def_readable+0x22d/0x420 [ 136.898508][ T7445] tcp_data_queue+0x221d/0x5ad0 [ 136.903528][ T7445] tcp_rcv_established+0xa3f/0x1d20 [ 136.908889][ T7445] tcp_v4_do_rcv+0x4ed/0xb80 [ 136.913651][ T7445] __release_sock+0x1e5/0x460 [ 136.918488][ T7445] release_sock+0x5f/0x1c0 [ 136.923069][ T7445] tcp_sendmsg+0x39/0x50 [ 136.927470][ T7445] __sys_sendto+0x4a9/0x6b0 [ 136.932138][ T7445] __x64_sys_sendto+0xde/0xf0 [ 136.936975][ T7445] do_syscall_64+0x55/0xb0 [ 136.941555][ T7445] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 136.947615][ T7445] [ 136.949927][ T7445] -> (&new->fa_lock){...-}-{2:2} { [ 136.955045][ T7445] IN-SOFTIRQ-R at: [ 136.959010][ T7445] lock_acquire+0x19e/0x420 [ 136.965156][ T7445] _raw_read_lock_irqsave+0xbc/0x100 [ 136.972085][ T7445] kill_fasync+0x192/0x4b0 [ 136.978141][ T7445] sock_wake_async+0x137/0x160 [ 136.984542][ T7445] sk_stream_write_space+0x3a1/0x510 [ 136.991469][ T7445] tcp_check_space+0x17e/0xad0 [ 136.997873][ T7445] tcp_write_xmit+0x1773/0x62e0 [ 137.004374][ T7445] __tcp_push_pending_frames+0x97/0x340 [ 137.011570][ T7445] tcp_rcv_established+0xab3/0x1d20 [ 137.018413][ T7445] tcp_v4_do_rcv+0x4ed/0xb80 [ 137.024642][ T7445] tcp_v4_rcv+0x23bf/0x2af0 [ 137.030784][ T7445] ip_protocol_deliver_rcu+0x20e/0x3f0 [ 137.037886][ T7445] ip_local_deliver_finish+0x2ca/0x510 [ 137.044985][ T7445] NF_HOOK+0x32d/0x3b0 [ 137.050692][ T7445] NF_HOOK+0x32d/0x3b0 [ 137.056397][ T7445] __netif_receive_skb+0xcc/0x290 [ 137.063064][ T7445] process_backlog+0x391/0x6f0 [ 137.069485][ T7445] __napi_poll+0xc0/0x460 [ 137.075468][ T7445] net_rx_action+0x616/0xc40 [ 137.081711][ T7445] handle_softirqs+0x280/0x820 [ 137.088120][ T7445] do_softirq+0xfa/0x1a0 [ 137.094005][ T7445] __local_bh_enable_ip+0x184/0x1c0 [ 137.100845][ T7445] tcp_sendmsg+0x39/0x50 [ 137.106732][ T7445] __sys_sendto+0x4a9/0x6b0 [ 137.112884][ T7445] __x64_sys_sendto+0xde/0xf0 [ 137.119204][ T7445] do_syscall_64+0x55/0xb0 [ 137.125261][ T7445] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 137.132800][ T7445] INITIAL USE at: [ 137.136684][ T7445] lock_acquire+0x19e/0x420 [ 137.142746][ T7445] _raw_write_lock_irq+0xaf/0xf0 [ 137.149239][ T7445] fasync_remove_entry+0xf4/0x1c0 [ 137.155815][ T7445] sock_fasync+0x88/0xf0 [ 137.161615][ T7445] __fput+0x7f3/0x970 [ 137.167151][ T7445] task_work_run+0x1d4/0x260 [ 137.173300][ T7445] exit_to_user_mode_loop+0xe6/0x110 [ 137.180141][ T7445] exit_to_user_mode_prepare+0xee/0x180 [ 137.187243][ T7445] syscall_exit_to_user_mode+0x1a/0x50 [ 137.194350][ T7445] do_syscall_64+0x61/0xb0 [ 137.200324][ T7445] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 137.207786][ T7445] INITIAL READ USE at: [ 137.212104][ T7445] lock_acquire+0x19e/0x420 [ 137.218596][ T7445] _raw_read_lock_irqsave+0xbc/0x100 [ 137.225881][ T7445] kill_fasync+0x192/0x4b0 [ 137.232288][ T7445] sock_wake_async+0x137/0x160 [ 137.239037][ T7445] sk_wake_async+0x184/0x280 [ 137.245610][ T7445] sock_def_readable+0x22d/0x420 [ 137.252538][ T7445] tcp_data_queue+0x221d/0x5ad0 [ 137.259377][ T7445] tcp_rcv_established+0xa3f/0x1d20 [ 137.266562][ T7445] tcp_v4_do_rcv+0x4ed/0xb80 [ 137.273138][ T7445] __release_sock+0x1e5/0x460 [ 137.279798][ T7445] release_sock+0x5f/0x1c0 [ 137.286204][ T7445] tcp_sendmsg+0x39/0x50 [ 137.292437][ T7445] __sys_sendto+0x4a9/0x6b0 [ 137.298931][ T7445] __x64_sys_sendto+0xde/0xf0 [ 137.305598][ T7445] do_syscall_64+0x55/0xb0 [ 137.312012][ T7445] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 137.319896][ T7445] } [ 137.322381][ T7445] ... key at: [] fasync_insert_entry.__key+0x0/0x20 [ 137.331050][ T7445] ... acquired at: [ 137.334838][ T7445] _raw_read_lock_irqsave+0xbc/0x100 [ 137.340292][ T7445] kill_fasync+0x192/0x4b0 [ 137.344875][ T7445] mousedev_notify_readers+0x6eb/0xc00 [ 137.350496][ T7445] mousedev_event+0x5f0/0x1310 [ 137.355423][ T7445] input_pass_values+0x9c7/0x12f0 [ 137.360620][ T7445] input_event_dispose+0x346/0x6c0 [ 137.365898][ T7445] input_inject_event+0x1f9/0x320 [ 137.371092][ T7445] evdev_write+0x35f/0x490 [ 137.375673][ T7445] vfs_write+0x296/0x990 [ 137.380082][ T7445] ksys_write+0x150/0x260 [ 137.384577][ T7445] do_syscall_64+0x55/0xb0 [ 137.389160][ T7445] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 137.395218][ T7445] [ 137.397525][ T7445] [ 137.397525][ T7445] stack backtrace: [ 137.403415][ T7445] CPU: 1 PID: 7445 Comm: syz.2.516 Not tainted syzkaller #0 [ 137.410687][ T7445] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 137.420738][ T7445] Call Trace: [ 137.424012][ T7445] [ 137.426935][ T7445] dump_stack_lvl+0x18c/0x250 [ 137.431612][ T7445] ? load_image+0x420/0x420 [ 137.436107][ T7445] ? show_regs_print_info+0x20/0x20 [ 137.441297][ T7445] ? load_image+0x420/0x420 [ 137.445789][ T7445] ? print_shortest_lock_dependencies+0xf4/0x160 [ 137.452109][ T7445] __lock_acquire+0x6851/0x7d40 [ 137.456960][ T7445] ? verify_lock_unused+0x140/0x140 [ 137.462156][ T7445] ? verify_lock_unused+0x140/0x140 [ 137.467347][ T7445] lock_acquire+0x19e/0x420 [ 137.471842][ T7445] ? kill_fasync+0x192/0x4b0 [ 137.476432][ T7445] ? read_lock_is_recursive+0x20/0x20 [ 137.481798][ T7445] _raw_read_lock_irqsave+0xbc/0x100 [ 137.487080][ T7445] ? kill_fasync+0x192/0x4b0 [ 137.491662][ T7445] ? _raw_read_lock+0x50/0x50 [ 137.496335][ T7445] kill_fasync+0x192/0x4b0 [ 137.500744][ T7445] ? kill_fasync+0x53/0x4b0 [ 137.505239][ T7445] mousedev_notify_readers+0x6eb/0xc00 [ 137.510699][ T7445] ? mousedev_notify_readers+0x2c/0xc00 [ 137.516242][ T7445] mousedev_event+0x5f0/0x1310 [ 137.520998][ T7445] ? mousedev_packet+0x9f0/0x9f0 [ 137.525932][ T7445] input_pass_values+0x9c7/0x12f0 [ 137.530953][ T7445] ? input_pass_values+0xa3/0x12f0 [ 137.536062][ T7445] input_event_dispose+0x346/0x6c0 [ 137.541170][ T7445] input_inject_event+0x1f9/0x320 [ 137.546192][ T7445] ? input_inject_event+0xbc/0x320 [ 137.551298][ T7445] evdev_write+0x35f/0x490 [ 137.555707][ T7445] ? evdev_read+0xba0/0xba0 [ 137.560202][ T7445] ? common_file_perm+0x198/0x1f0 [ 137.565221][ T7445] ? fsnotify_perm+0x5d/0x5e0 [ 137.569890][ T7445] ? security_file_permission+0x79/0xa0 [ 137.575425][ T7445] ? evdev_read+0xba0/0xba0 [ 137.579918][ T7445] vfs_write+0x296/0x990 [ 137.584158][ T7445] ? file_end_write+0x250/0x250 [ 137.589001][ T7445] ? __fget_files+0x28/0x4b0 [ 137.593586][ T7445] ? __fget_files+0x28/0x4b0 [ 137.598174][ T7445] ? __fget_files+0x43d/0x4b0 [ 137.602846][ T7445] ? __fdget_pos+0x1d8/0x330 [ 137.607428][ T7445] ? ksys_write+0x75/0x260 [ 137.611839][ T7445] ksys_write+0x150/0x260 [ 137.616174][ T7445] ? __ia32_sys_read+0x90/0x90 [ 137.620934][ T7445] ? lockdep_hardirqs_on+0x98/0x150 [ 137.626129][ T7445] do_syscall_64+0x55/0xb0 [ 137.630535][ T7445] ? clear_bhb_loop+0x40/0x90 [ 137.635207][ T7445] ? clear_bhb_loop+0x40/0x90 [ 137.639884][ T7445] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 137.645769][ T7445] RIP: 0033:0x7f3bccd9ce59 [ 137.650182][ T7445] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 137.669775][ T7445] RSP: 002b:00007f3bcdbc3028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 137.678181][ T7445] RAX: ffffffffffffffda RBX: 00007f3bcd015fa0 RCX: 00007f3bccd9ce59 [ 137.686142][ T7445] RDX: 0000000000000918 RSI: 0000200000000040 RDI: 0000000000000004 [ 137.694103][ T7445] RBP: 00007f3bcce32d6f R08: 0000000000000000 R09: 0000000000000000 [ 137.702065][ T7445] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 137.710024][ T7445] R13: 00007f3bcd016038 R14: 00007f3bcd015fa0 R15: 00007fff8dc006b8 [ 137.717993][ T7445] [ 137.816068][ T5772] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 137.969144][ T7458] netlink: 4 bytes leftover after parsing attributes in process `syz.1.517'. [ 138.041925][ T5775] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 138.050264][ T5775] Bluetooth: hci3: Injecting HCI hardware error event [ 138.058148][ T51] Bluetooth: hci3: hardware error 0x00 [ 140.122086][ T51] Bluetooth: hci3: Opcode 0x0c03 failed: -110