last executing test programs: 1m48.476074258s ago: executing program 0 (id=218): bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) syz_clone(0x42000, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)=ANY=[@ANYRES32=r0, @ANYRES32=r1, @ANYBLOB="02"], 0x10) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={@cgroup=r2, 0x2, 0x0, 0x0, &(0x7f0000000280)=[0x0], 0x1, 0x0, &(0x7f00000014c0), 0x0, 0x0}, 0x40) 1m47.279592536s ago: executing program 0 (id=221): openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000001400010000000000000004850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) syz_clone(0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0) 1m46.847442458s ago: executing program 0 (id=226): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x17, 0xf, &(0x7f0000000540)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0xac3a}, {}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000140)='GPL\x00', 0x5, 0xec, &(0x7f0000000000)=""/236, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x19, 0xf, &(0x7f0000000080)=@ringbuf={{}, {{}, {}, {}, {0x85, 0x0, 0x0, 0x51}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0xba}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sockopt=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8f45ae34fb00117df37538e486dd6317ce22000000"], 0xfdef) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) write$cgroup_pressure(0xffffffffffffffff, &(0x7f0000000240)={'some', 0x20, 0x8f19, 0x20, 0x5}, 0x2f) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0xc004743e, 0x110e22fff6) 1m13.001718008s ago: executing program 0 (id=226): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x17, 0xf, &(0x7f0000000540)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0xac3a}, {}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000140)='GPL\x00', 0x5, 0xec, &(0x7f0000000000)=""/236, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x19, 0xf, &(0x7f0000000080)=@ringbuf={{}, {{}, {}, {}, {0x85, 0x0, 0x0, 0x51}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0xba}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sockopt=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8f45ae34fb00117df37538e486dd6317ce22000000"], 0xfdef) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) write$cgroup_pressure(0xffffffffffffffff, &(0x7f0000000240)={'some', 0x20, 0x8f19, 0x20, 0x5}, 0x2f) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0xc004743e, 0x110e22fff6) 1m9.570236501s ago: executing program 2 (id=330): bpf$PROG_LOAD(0x5, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, 0x0) sendmsg$IPCTNL_MSG_CT_GET_DYING(0xffffffffffffffff, 0x0, 0x4090) getpeername$packet(0xffffffffffffffff, 0x0, 0x0) r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r0, 0x0, 0x0) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r1, &(0x7f0000000140)={{0x6, @rose}, [@bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_inet_SIOCSIFFLAGS(r2, 0x8914, &(0x7f0000000100)={'nr0\x00', 0x2}) 1m8.578473424s ago: executing program 2 (id=333): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r2, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={0x0, 0x18}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0xffffff14, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="5000000010008105e9c51c000000000000000000", @ANYRES32=r3, @ANYBLOB="01000000000000002800128009000100766c616e000000001800028006000100000000000c0002000c0000000d00000008000500", @ANYRES64=r1], 0x50}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYRES32=r3, @ANYBLOB="a5fdad88000000000a000100aa"], 0x2c}}, 0x0) 1m7.917974514s ago: executing program 2 (id=335): syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x69, 0x0, 0x0, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000180000000c"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000001040)=ANY=[@ANYBLOB="1800000039644bc90000000000000000850000002a00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) fsopen(&(0x7f0000000400)='cgroup2\x00', 0x0) 1m7.69134772s ago: executing program 2 (id=336): syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x2000480, &(0x7f0000000000)={[{@jqfmt_vfsv0}, {@nogrpid}]}, 0x1, 0x792, &(0x7f0000000f80)="$eJzs3c9rHGUfAPDvbJKmSfu+yQsvaD0FBA2UbkyNrYKHigcRLBT0bLtstqFmky3ZTWlCwBYRvAgqHgS99OyPevPqj6v+Fx6kpWparHiQyGx2222zm27a/RHJ5wOTfZ6Z2TzPd5+ZZ57ZGXYC2LMm0j+ZiEMR8UESMVabn0TEUDU1GHFic73b62v5dEpiY+P135LqOrfW1/LR8J7UgVrm8Yj4/t2Iw5mt5ZZXVudzxWJhqZafqiycnyqvrB45t5CbK8wVFo9Nz8wcPf7c8WOdi/WPn1YPXv/wlae/OvHXO49dff+HJE7Ewdqyxjg6ZSImap/JUPoR3uPlThfWZ0m/K8BDSXfNgc29PA7FWAxUUy2M9LJmAEC3vB0RGwDAHpM4/gPAHlP/HuDW+lq+PvX3G4neuvFSROzfjL9+fXNzyWDtmt3+6nXQ0VvJPVdGkogY70D5ExHx2TdvfpFO0aXrkADNXLocEWfGJ7b2/8mWexZ26pntFm4MV18m7put/4Pe+TYd/zzfbPyXuTP+iSbjn+Em++7DePD+n7nWgWJaSsd/Lzbc23a7If6a8YFa7j/VMd9QcvZcsZD2bf+NiMkYGk7z09VVm98FNXnz75utym8c//3+0Vufp+Wnr3fXyFwbHL73PbO5Su5R4667cTniicFm8Sd32j9pMf491WYZr77w3qetlqXxp/HWp63xd9fGlYinmrb/3bZMtr0/caq6OUzVN4omvv75k9FW5Te2fzql5dfPBXohbf/R7eMfTxrv1yzvvIwfr4x912rZg+Nvvv3vS96opvfV5l3MVSpL0xH7kte2zj969731fH39NP7JJ5vv/9tt/+k54Zk24x+8/uuXDx9/d6Xxz+6o/XeeuHp7fqBV+e21/0w1NVmb007/124FH+WzAwAAAAAAAAAAAAAAAAAAAAAAAIB2ZSLiYCSZ7J10JpPNbj7D+/8xmimWypXDZ0vLi7NRfVb2eAxl6j91Odbwe6jTtd/Dr+eP3pd/NiL+FxEfD49U89l8qTjb7+ABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoOZAi+f/p34Z7nftAICu2d/vCgAAPef4DwB7z86O/yNdqwcA0DvO/wFg72n7+H+mu/UAAHrH+T8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABddurkyXTa+HN9LZ/mZy+sLM+XLhyZLZTnswvL+Wy+tHQ+O1cqzRUL2XxpoeU/urT5UiyVzs/E4vLFqUqhXJkqr6yeXigtL1ZOn1vIzRVOF4Z6FhkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtK+8sjqfKxYLS51LDEZER//hbkiM7I5q7JrEYOyKanQkkXRjL/jXJxp7iZH+dVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAu9w/AQAA//8PEihV") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_sys\x00', 0x275a, 0x0) open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) write$binfmt_script(r0, &(0x7f0000000200)={'#! ', './bus'}, 0x9) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000020240), 0x10010) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x14113e, 0x0) write$binfmt_script(r2, &(0x7f0000000280), 0x208e24b) mlockall(0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) futex(&(0x7f00000003c0)=0x2, 0x8, 0x1, 0x0, 0x0, 0x2) 1m6.677621675s ago: executing program 2 (id=342): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x3) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000100)=0x6d) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000a80)=0xff) 1m1.411461414s ago: executing program 2 (id=356): r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x800000008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x140, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) connect$bt_l2cap(r2, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe) r3 = fcntl$getown(r0, 0x9) sched_setscheduler(r3, 0x3, &(0x7f00000003c0)=0xc00000) connect$bt_l2cap(r2, &(0x7f0000000700)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x1}, 0xe) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TIOCPKT(r4, 0x5420, &(0x7f0000000100)=0xcf5) ioctl$TCSETS(r4, 0x40045431, &(0x7f0000000dc0)={0x0, 0x4, 0x0, 0x0, 0x0, "0062ba7d82000000000000000000f7ffffff00"}) ppoll(&(0x7f0000000140)=[{r4}], 0x1, 0x0, 0x0, 0x0) r5 = syz_open_pts(r4, 0x0) ioctl$TCXONC(r5, 0x540a, 0x2) ioctl$TCSETAF(r4, 0x5408, 0x0) r6 = dup3(r5, r4, 0x0) ioctl$TCSETSW2(r6, 0x5437, 0x0) setsockopt$inet6_IPV6_RTHDRDSTOPTS(0xffffffffffffffff, 0x29, 0x37, 0x0, 0x0) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_NEW(r7, &(0x7f00000007c0)={&(0x7f0000000740)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000780)={&(0x7f0000000400)={0xcc, 0x0, 0x2, 0x201, 0x0, 0x0, {0x2, 0x0, 0x6}, [@CTA_EXPECT_CLASS={0x8, 0x9, 0x1, 0x0, 0x5}, @CTA_EXPECT_MASTER={0x30, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x3a}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x2f}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @private=0xa010100}, {0x8, 0x2, @rand_addr=0x64010101}}}]}, @CTA_EXPECT_HELP_NAME={0xf, 0x6, 'netbios-ns\x00'}, @CTA_EXPECT_ID={0x8, 0x5, 0x1, 0x0, 0x40008f}, @CTA_EXPECT_CLASS={0x8, 0x9, 0x1, 0x0, 0x1}, @CTA_EXPECT_MASK={0x60, 0x3, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x2f}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @ipv4={'\x00', '\xff\xff', @broadcast}}, {0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x2f}}]}]}, 0xcc}, 0x1, 0x0, 0x0, 0x44040}, 0xe539bdaa1e12834b) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) getresgid(&(0x7f0000000180), &(0x7f0000000240), &(0x7f0000000380)) r8 = inotify_init1(0x0) fcntl$getownex(r8, 0x10, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) 1m0.882114083s ago: executing program 32 (id=356): r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x800000008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x140, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) connect$bt_l2cap(r2, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe) r3 = fcntl$getown(r0, 0x9) sched_setscheduler(r3, 0x3, &(0x7f00000003c0)=0xc00000) connect$bt_l2cap(r2, &(0x7f0000000700)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x1}, 0xe) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TIOCPKT(r4, 0x5420, &(0x7f0000000100)=0xcf5) ioctl$TCSETS(r4, 0x40045431, &(0x7f0000000dc0)={0x0, 0x4, 0x0, 0x0, 0x0, "0062ba7d82000000000000000000f7ffffff00"}) ppoll(&(0x7f0000000140)=[{r4}], 0x1, 0x0, 0x0, 0x0) r5 = syz_open_pts(r4, 0x0) ioctl$TCXONC(r5, 0x540a, 0x2) ioctl$TCSETAF(r4, 0x5408, 0x0) r6 = dup3(r5, r4, 0x0) ioctl$TCSETSW2(r6, 0x5437, 0x0) setsockopt$inet6_IPV6_RTHDRDSTOPTS(0xffffffffffffffff, 0x29, 0x37, 0x0, 0x0) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_NEW(r7, &(0x7f00000007c0)={&(0x7f0000000740)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000780)={&(0x7f0000000400)={0xcc, 0x0, 0x2, 0x201, 0x0, 0x0, {0x2, 0x0, 0x6}, [@CTA_EXPECT_CLASS={0x8, 0x9, 0x1, 0x0, 0x5}, @CTA_EXPECT_MASTER={0x30, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x3a}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x2f}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @private=0xa010100}, {0x8, 0x2, @rand_addr=0x64010101}}}]}, @CTA_EXPECT_HELP_NAME={0xf, 0x6, 'netbios-ns\x00'}, @CTA_EXPECT_ID={0x8, 0x5, 0x1, 0x0, 0x40008f}, @CTA_EXPECT_CLASS={0x8, 0x9, 0x1, 0x0, 0x1}, @CTA_EXPECT_MASK={0x60, 0x3, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x2f}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @ipv4={'\x00', '\xff\xff', @broadcast}}, {0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x2f}}]}]}, 0xcc}, 0x1, 0x0, 0x0, 0x44040}, 0xe539bdaa1e12834b) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) getresgid(&(0x7f0000000180), &(0x7f0000000240), &(0x7f0000000380)) r8 = inotify_init1(0x0) fcntl$getownex(r8, 0x10, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) 36.889132095s ago: executing program 0 (id=226): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x17, 0xf, &(0x7f0000000540)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0xac3a}, {}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000140)='GPL\x00', 0x5, 0xec, &(0x7f0000000000)=""/236, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x19, 0xf, &(0x7f0000000080)=@ringbuf={{}, {{}, {}, {}, {0x85, 0x0, 0x0, 0x51}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0xba}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sockopt=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8f45ae34fb00117df37538e486dd6317ce22000000"], 0xfdef) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) write$cgroup_pressure(0xffffffffffffffff, &(0x7f0000000240)={'some', 0x20, 0x8f19, 0x20, 0x5}, 0x2f) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0xc004743e, 0x110e22fff6) 12.804126964s ago: executing program 0 (id=226): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x17, 0xf, &(0x7f0000000540)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0xac3a}, {}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000140)='GPL\x00', 0x5, 0xec, &(0x7f0000000000)=""/236, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x19, 0xf, &(0x7f0000000080)=@ringbuf={{}, {{}, {}, {}, {0x85, 0x0, 0x0, 0x51}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0xba}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sockopt=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8f45ae34fb00117df37538e486dd6317ce22000000"], 0xfdef) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) write$cgroup_pressure(0xffffffffffffffff, &(0x7f0000000240)={'some', 0x20, 0x8f19, 0x20, 0x5}, 0x2f) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0xc004743e, 0x110e22fff6) 11.521163759s ago: executing program 5 (id=484): syz_mount_image$squashfs(&(0x7f0000000180), &(0x7f0000000280)='./file0\x00', 0x800000, &(0x7f0000000040)=ANY=[@ANYRES32=0x0], 0x1, 0x1ff, &(0x7f0000000d80)="$eJzslU9rE0EYxn+z2XQbzaHgzavB9qLtbkE8e7F3/QCGdK3FVDG7YhMKRi9eFIpfouCX0IOgdw8ighc9KOih4qkikZl9ZzKxaU2kPQj7QJjnfd5/M7OZmRvZnSwCfu1utZjDQFHnvVKEwLwqtL2ZYvwu40DwOSzsWPRnMn6SMev23jwuaO9ms91OO1n3cBKh4C8xo2S/dOn5k1OT5/9BXj8cVRRT16kC/9h9GpJXip3d79oeUaJxMZKLUeznTDtZfOVY53yUpMZBrh918JUvR929yliXUlP91w8j4JSfdQ5cqSXvnhadx8ZUJL3G6Lb8N0TfRYYEU6VnyPfILj8I+KagytvdrZZWr8ktpt2rxc8eCZOljZdezOkQ+qAqDExRXSeU2HlgMQ9YzLq9c+sbzbV0Lb2VJMsXll6dlCM6uA/r7XRJmWkU6YEmIQ76nNY8v75GPgz9fTwob2rodQ1lV9JezgtnvMQaBF6uV0MKvHD9I9HuZhtc5SyzwL2+dieyQQ10tZDremkrKCpixKE/IfYImDWO863b7dVHKJRN2yF0NeKPVJ2RiKEbpcsXZfmBm2pDxhUZd4b9DOzbZd+k0FT4KtZCH2bYbOZ5xzxem818uxNrbcZVMN5kzm18IF3ta2ibNSImxIlJA0uUKFGiRIkSJY4JvwMAAP//rBNEiQ==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x40000, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000001, 0x10012, r0, 0x1000) 10.644711053s ago: executing program 5 (id=489): syz_mount_image$ext4(&(0x7f00000002c0)='ext4\x00', &(0x7f0000000300)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x10, &(0x7f0000000500)={[{@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x400000}}, {@resuid}, {@nojournal_checksum}, {@init_itable_val={'init_itable', 0x3d, 0x6}}, {@mb_optimize_scan}, {@test_dummy_encryption}, {@resuid}]}, 0xfd, 0x244, &(0x7f0000000900)="$eJzs3T9oJFUcB/DvzO565m6RUxtB/AMiooFwdoJNbBQCEoKIoEJExEZJhJhgl1jZWGitksomiJ3RUtIEG0WwipoiNoIGC4OFFiu7k0hMVqNu3Dkynw9MZibz3vzesPN9u83sBmisq0mmk7SSTCbpJCmON7i7Wq4e7q5PbM8nvd4TPxWDdtV+5ajflSRrSR5KslUWeamdrGw+s/fLzmP3vbncuff9zacnxnqRh/b3dh8/eG/2jY9mHlz54qsfZotMp/un6zp/xZD/tYvklv+j2HWiaNc9Av6Judc+/Lqf+1uT3DPIfydlqhfvraUbtjp54N2/6vv2j1/ePs6xAuev1+v03wPXekDjlEm6KcqpJNV2WU5NVZ/hv2ldLl9eXHp18sXF5YUX6p6pgPPSTXYf/eTSx1dO5P/7VpV/4OLq5//JuY1v+9sHrbpHA4zFHdWqn//J51bvj/xD48g/NJf8Q3PJPzSX/ENzyT80l/zDBdb5+8PyD80l/9Bc8g/NdTz/AECz9C7V/QQyUJe65x8AAAAAAAAAAAAAAAAAAOC09Ynt+aNlXDU/eyfZfyRJe1j91uD3iJMbB38v/1z0m/2hqLqN5Nm7RjzBiD6o+enrm76rt/7nd9Zbf3UhWXs9ybV2+/T9Vxzef//dzWcc7zw/YoF/qTix//BT461/0m8b9daf2Uk+7c8/14bNP2VuG6yHzz/ds79i+Uyv/DriCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABib3wMAAP//+kBtTA==") open(&(0x7f0000000040)='./file0\x00', 0x0, 0x10) r0 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) getdents(r0, &(0x7f0000001fc0)=""/184, 0xb8) 8.630701182s ago: executing program 5 (id=493): r0 = syz_usb_connect(0x5, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d010110000000090400"], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000780)={0x84, &(0x7f00000004c0)=ANY=[@ANYBLOB="00000100000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, &(0x7f0000000280)={0x14, 0x0, 0x0}, 0x0) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$EVIOCGMASK(r1, 0x5b02, 0x0) 8.577634156s ago: executing program 3 (id=495): syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x8, &(0x7f0000000000)={[{@sb={'sb', 0x3d, 0x1}}, {@delalloc}, {@errors_remount}]}, 0x4, 0x511, &(0x7f0000000540)="$eJzs3cFvVE8dAPDv23Zp6a/8CspBjQoiioawbRdoCBfhojGExEg8eYDaLk3TXbbpLpFWDuXonUQST/onePNgwsmDN29684IHE1SioSYe1ry327K023b9dduF7ueTvL43M8t+Z7rMzL6B3QlgYJ2PiPWIOBERDyJiopWftI641TzSx71983Ru483TuSQajXv/SLLyNC/a/kzqk9ZzjkbED78X8ZNkZ9za6trSbLlcWmmlJ+uV5cna6tqVxVwrpzgzPTN14+r1Ys/aeq7ym9ffXbzzo9/99iuv/rj+7Z+l1Rr/+amsrL0dvdRsej7G2/KGI+LOYQTrk+HW3x8+Pmlv+1xEXMj6/0QMZa8mAHCcNRoT0ZhoTwMAx116/z8eSa7QWgsYj1yuUGiu4Z2NsVy5Wqtfnqg+fjQf2RrW6cjnHi6WS1OttcLTkU/S9HR2/S5dfC/9vHQ1Is5ExPORk1l5Ya5anu/nGx8AGGCfbJv//z3SnP8BgGNutN8VAACOnPkfAAaP+R8ABs//Mf/7dCAAHBPu/wFg8Jj/AWDw7Dv/PzuaegAAR+IHd++mR2Oj+f3Xm9/UfWW+VFsqVB7PFeaqK8uFhWp1oVwqzDUa+z1fuVpdnr62laytrt2vVB8/qt9frMwulO6X8ofZGACgK2fOvfxzOumv3zyZHdG2l4O5Go63XL8rAPTNUL8rAPSNz/PA4OriHt8yABxzHbbofc+u/0Xohc1f4WN16YvW/2FQHWT939oBfNw+2/r/d3peD+DomcNhcDUaiT3/AWDAWOMHDvTv/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADCgxrMjyRWyvcDX05+5QiHiVEScjnzycLFcmoqITyPiTyP5kTQ93e9KAwAHlPtb0tr/69LExfHtpSeS/4xk54j46S/v/eLJbL2+Mp3m/3Mrv/4izT9ZXyme6EcDAIB2t3ZmZfN3sXVuu5F/++bp3OZxlFV8fbu5uWgad6N1NEuGYzg7j0Y+Isb+lbTSTen7laEexF9/FhFf2Gz/aDxpizCerYE0dz7dHj+Nfarn8dt//9vj595rby4rS8/57Hfx+R7UBQbNy9vNcbLV99Iu3up/uTifnTv3/9FshDq4dPxL+/XGjvEvtzX+De2In2R9/vxWeu+avL72++/vyGxMNMueRXxpuFP8ZCt+0nn8zV/sso1/+fJXL+xW1vhVxKWO7d/ckbqSDbOT9cryZG117cpiZXahtFB6VCzOTM9M3bh6vTiZrVE3f/6hU4y/37z86W7x0/aP7RJ/dO/2xze6bP+v//vgx1/bI/63vt759T+7R/x0Tvxml/Fnx27tun13Gn9+l/bv8/rH5S7jv/rr2nyXDwUAjkBtdW1ptlwurexzkb7X3O8xLrq/SO/tP4BqZBexHtGrJ8wWJSKi42PSd9QfRpMP6yL5MKrRi4t+j0zAYXvX6ftdEwAAAAAAAAAAAAAAYDe11bWlkc6f1urZRb/bCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwPH1vwAAAP//tBrD+w==") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x4000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)={0x80, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x1}, @CTA_SEQ_ADJ_REPLY={0x1c, 0x10, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8}, @CTA_SEQADJ_OFFSET_BEFORE={0x8}, @CTA_SEQADJ_OFFSET_AFTER={0x8}]}]}, 0x80}}, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) 7.426886521s ago: executing program 3 (id=500): socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt(0xffffffffffffffff, 0x84, 0x80, &(0x7f00000000c0)="1a00000002000000", 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, 0x0, 0x0) sendto$inet6(0xffffffffffffffff, &(0x7f0000000100)="130000000f01fb00ba", 0x1, 0x20044010, &(0x7f0000000080)={0xa, 0x4e23, 0x5d, @loopback, 0x1000}, 0xfffffffffffffdfb) creat(0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500), 0xc) r0 = syz_open_dev$MSR(&(0x7f0000000480), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) sendmsg$netlink(0xffffffffffffffff, 0x0, 0x80) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) prctl$PR_SET_MM(0x23, 0xa, &(0x7f00002d5000/0x2000)=nil) 5.377608782s ago: executing program 1 (id=507): write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x440) syz_mount_image$hfsplus(&(0x7f0000000100), &(0x7f0000000040)='./file1\x00', 0x2000400, &(0x7f0000000080)=ANY=[@ANYRES32=0x0, @ANYBLOB="59231af0b1448d87ebbe8a2a6330fd4403af1e30c376cbfb6c75e5f6a7cee70d5607adadb8978f42d30c4da45930e325a14ef475276eed99d55bd274ddffb8b6c4caf6c72a5e800c121342ede7866ef94ae62696fe580c93e45fcd24fa1e89513eff235f32465e8ab449167e3094f6749636"], 0x6, 0x6ba, &(0x7f0000001400)="$eJzs3UtsHGcdAPD/rHfX3oBSp03SgCphNVJBWCR+yCnm0oAQskSFqnJAHFeJ01jZuJW9RU6EaHgfuHDonSLhGxIPiXtQOQOnXn2shMSlBxRAYtE81t5dZ19p7LXV3y+ame+b7zn/ndnZWSvaAD6x1uaj/DCSWJt/dSfN7+0uN/Z2l++20xExHRGliHK+iWQzInk/4nrkS3wm3Vl0l/Qb592N1dc/+GjvwzxXLpasfmlQu0OulbqylWz9oFhiLiKmiu3H0NXfjZ7+qmN3l+wfYRqwy+3AwaSl10+ry3cvHpQMNfp1C5xYSX7fPHRBz0aciYiZ4nNAflfM79mn2oNJTwAAAACOwTO/yB7hz056HgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHCaFL//nxRLqZ2ei6T9+//VYl8U6VPt4aQnAAAAAAAAAAAjm24nvvnpnpLPPYpHsRNn2/lWkv3N/8Uscz5bfyreju1Yj624EjtRj2Y0YysWI2I2K69k6+pOvdncWhyh5dJ+y+houVTkkmTwodSePAoAAAAAAAAAcFqUx2/yo1g7+Ps/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACcBEnEVL7JlvPt9GyUyhExExHVtN6DiL+10yfSr/7cmWv9t5U5VO3hcc4JAAAAnpbKeNWfeRSPYifOtvOtJHvmv5g998/E27EZzdiIZjRiPW5m3wXkT/2lvd3lxt7u8t293fzRuvVOZ79f/edY08h6jPy7h8ePfCmrUYtbsZHtuRI34s1oxM0oZS1Tl/L5HCy/7xrkh+mcklcKI87sZrFNj/yX40b3CSQj15zNIpLOKI/IQtE2jca53kh0Nx3z1WmP1I79YpT2v/k53zFKLQ6N1Dfmj/3maCffvPybfJsez8/GislR643EUsfZd3FwzCM+/6fffud2Y/PO9K3t+ZNzSGOY7vgGrTcSyx2ReH7USNw+rZHotJBF4sJ+fi2+Ed+O+ZiL12IrNuJ7UY9mrMdcfD3qMRX14nxO17ODI3W9K/fasJlUs9elUryLjj6nZtTjxazt2diIb8WbcTPW41r2bykW4+VYiZVY7XiFLwyed3bVl8Z7p738hY63hJ9HRG20dscgndi5/btT51m/kF0H57r2HETp2RGiNOb9qPzZIpGO8eNiezL0RmKxIxLPDY7Er7O3le3G5p2t2/W3RhzvpWKbXkc/PVF3ifR8eTZ9sbJc99mRlj3XWzaTx6ta/MUlL+u+46ZlF/bLhl2p1eIz3OGelrKy5x9btpyVXeoo6/q8dT3/vAXAiXfmi2eqtX/U/lp7r/aT2u3aqzNfm/7y9AvVqPyl8pXywtRLpReSP8Z78YOD538AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAODJbd+7f6feaKxv9SRardY7fYqOMFGLiPaeiGGtKjG8zhMlyn3DUiSqEZElyu3EeENMN/71u+GVqwfTeOUPH+e4KuO2ingqwSwXJ9m9+3f+3Wq1jvFE6puoDDjnDxLFL1u2DhW1Rmo+scR/Wk+vwwm/MQFH7mrz7ltXt+/d/9LG3fob62+sb66urKwurK5c+/vVWxuN9YV8PelZAkfh4KY/6ZkAAAAAAAAAAAAAozqO/5bQZ+j/HfOhAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKfU2vx0kbqykK73dpcb6dJO71fMqpUiIvl+RPJ+xPXIl5jt6C7pN867G6uvf/DR3od5rlwsWf1SV7vKkAnPPm7ng2KJuYiYKradZob0Oqi/G8V22Mz6S/aPMA3Y5XbgYNL+HwAA//8nixgC") mknodat$null(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xb0a54e68b1cd2fdb, 0x103) 4.927223656s ago: executing program 1 (id=509): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, 0x0, 0x0, 0x2, 0x0) close(0xffffffffffffffff) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8943, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000400)='net/netstat\x00') read$FUSE(r3, &(0x7f0000006140)={0x2020}, 0x2020) 4.500562797s ago: executing program 5 (id=510): syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x8, &(0x7f0000000000)={[{@sb={'sb', 0x3d, 0x1}}, {@delalloc}, {@errors_remount}]}, 0x4, 0x511, &(0x7f0000000540)="$eJzs3cFvVE8dAPDv23Zp6a/8CspBjQoiioawbRdoCBfhojGExEg8eYDaLk3TXbbpLpFWDuXonUQST/onePNgwsmDN29684IHE1SioSYe1ry327K023b9dduF7ueTvL43M8t+Z7rMzL6B3QlgYJ2PiPWIOBERDyJiopWftI641TzSx71983Ru483TuSQajXv/SLLyNC/a/kzqk9ZzjkbED78X8ZNkZ9za6trSbLlcWmmlJ+uV5cna6tqVxVwrpzgzPTN14+r1Ys/aeq7ym9ffXbzzo9/99iuv/rj+7Z+l1Rr/+amsrL0dvdRsej7G2/KGI+LOYQTrk+HW3x8+Pmlv+1xEXMj6/0QMZa8mAHCcNRoT0ZhoTwMAx116/z8eSa7QWgsYj1yuUGiu4Z2NsVy5Wqtfnqg+fjQf2RrW6cjnHi6WS1OttcLTkU/S9HR2/S5dfC/9vHQ1Is5ExPORk1l5Ya5anu/nGx8AGGCfbJv//z3SnP8BgGNutN8VAACOnPkfAAaP+R8ABs//Mf/7dCAAHBPu/wFg8Jj/AWDw7Dv/PzuaegAAR+IHd++mR2Oj+f3Xm9/UfWW+VFsqVB7PFeaqK8uFhWp1oVwqzDUa+z1fuVpdnr62laytrt2vVB8/qt9frMwulO6X8ofZGACgK2fOvfxzOumv3zyZHdG2l4O5Go63XL8rAPTNUL8rAPSNz/PA4OriHt8yABxzHbbofc+u/0Xohc1f4WN16YvW/2FQHWT939oBfNw+2/r/d3peD+DomcNhcDUaiT3/AWDAWOMHDvTv/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADCgxrMjyRWyvcDX05+5QiHiVEScjnzycLFcmoqITyPiTyP5kTQ93e9KAwAHlPtb0tr/69LExfHtpSeS/4xk54j46S/v/eLJbL2+Mp3m/3Mrv/4izT9ZXyme6EcDAIB2t3ZmZfN3sXVuu5F/++bp3OZxlFV8fbu5uWgad6N1NEuGYzg7j0Y+Isb+lbTSTen7laEexF9/FhFf2Gz/aDxpizCerYE0dz7dHj+Nfarn8dt//9vj595rby4rS8/57Hfx+R7UBQbNy9vNcbLV99Iu3up/uTifnTv3/9FshDq4dPxL+/XGjvEvtzX+De2In2R9/vxWeu+avL72++/vyGxMNMueRXxpuFP8ZCt+0nn8zV/sso1/+fJXL+xW1vhVxKWO7d/ckbqSDbOT9cryZG117cpiZXahtFB6VCzOTM9M3bh6vTiZrVE3f/6hU4y/37z86W7x0/aP7RJ/dO/2xze6bP+v//vgx1/bI/63vt759T+7R/x0Tvxml/Fnx27tun13Gn9+l/bv8/rH5S7jv/rr2nyXDwUAjkBtdW1ptlwurexzkb7X3O8xLrq/SO/tP4BqZBexHtGrJ8wWJSKi42PSd9QfRpMP6yL5MKrRi4t+j0zAYXvX6ftdEwAAAAAAAAAAAAAAYDe11bWlkc6f1urZRb/bCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwPH1vwAAAP//tBrD+w==") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x4000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)={0x80, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x1}, @CTA_SEQ_ADJ_REPLY={0x1c, 0x10, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8}, @CTA_SEQADJ_OFFSET_BEFORE={0x8}, @CTA_SEQADJ_OFFSET_AFTER={0x8}]}]}, 0x80}}, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) 4.159301733s ago: executing program 3 (id=512): socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10) r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r3) wait4(r3, 0x0, 0x0, 0x0) 3.914449521s ago: executing program 4 (id=513): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000001040)=ANY=[@ANYBLOB="1800000039644bc90000000000000000850000002a00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) fsopen(&(0x7f0000000400)='cgroup2\x00', 0x0) 3.78069003s ago: executing program 1 (id=514): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000047, &(0x7f0000000380)={[{@delalloc}, {@data_err_abort}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@dioread_lock}, {@data_err_ignore}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x4007b1}}, {@data_err_ignore}, {@grpquota}, {@nobh}, {@user_xattr}, {@bh}, {@dioread_nolock}]}, 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==") quotactl$Q_QUOTAON(0xffffffff80000200, &(0x7f00000001c0)=@loop={'/dev/loop', 0x0}, 0x0, &(0x7f0000000340)='./file2\x00') 3.672085209s ago: executing program 4 (id=515): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003900)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b07080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf5af51d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa16509945ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000cf7b6c4ba9bec153d6834bfef080df374703a8ff56a63ec1fe5f2e05a79e3cace7283dd68d41e94420c325fe4dae144fde5ec25a87d625cab20753a77b323fa3783c8b675859b9012647885a242adfee2fe812ecbe5191e0a15142f7349e7627cc39d724e2e34e7a24154f26ae3125b36d0504965295d0453902ac7079b11a3a1e655e482331e3dc35b2e7e4e3ea99064fe5b9c8ae0ca3e5fd653f3286a99d81ce4eba765c38d097391ad4babac38ce5b4344e24a361cd54e5"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) dup(0xffffffffffffffff) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) 3.366733361s ago: executing program 1 (id=516): syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x40, &(0x7f0000000340), 0x0, 0x4f7, &(0x7f0000000540)="$eJzs3c9vI1cdAPDvTOJNmqZNCpUKCOhSCgtarZ1426jqqVxAqKqEqDhxSEPijaLYcRQ7pQkrNfkfkKjEAcGJMwckDpV64ojgBre9LAekBVagDRIHo/GPbHZjJ2HXsVX785FGM2/eeL7vrTXveb9J/AIYW1cj4iAirkTEexEx1z6ftLd4q7Vl1z24f3v16P7t1SQajXf/kTTrs3Nx4jWZZ9v3nI6I738n4kfJ6bi1vf3NlXK5tNMuF+qV7UJtb//GRmVlvbRe2ioWlxaXFt64+Xqxb319ufKbe9/eePsHH//uS3f/dPDNn2TNmm3XnexHP7W6njuOk5mMiLcvI9gQTLT7c2XYDeGJpBHxmYh4pfn8z8VE8928mC6PNQDwKdBozEVj7mQZABh1aTMHlqT5di5gNtI0n2/l8F6MmbRcrdWv36rubq21cmXzkUtvbZRLC+1c4Xzkkqy8+GF2/LBcjEfLNyPihYj46dQzzXJ+9eJ5BgCgv559bP7/91Rr/gcARtz0eRcsD6YdAMDgnDv/AwAjx/wPAOPH/A8A48f8DwDjx/wPAOPmTmf+nxh2SwCAgfjeO+9kW+Oo/f3Xa+/v7W5W37+xVqpt5iu7q/nV6s52fr1aXS+X8qvVynn3K1er24uvxe4HhXqpVi/U9vaXK9Xdrfpy83u9l0u5gfQKADjLCy9/8pckIg7efKa5xYm1HMzVMNrSYTcAGBo5fxhfvoUbxpf/4wPnreXZ81eEP3qCYI0Pn+BFQL9d+7z8P4wr+X8YX/L/ML7k/2F8NRpJrzX/0+NLAICRIscPDPTn/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAiZpvb/IlymubzEc9FxHzkklsb5dJCRDwfEX+eyk1l5cWhthgAeHrp35L2+l/X5l6dfbz2SvKfqeY+In7883d/9sFKvb6zmJ3/5/H5+kft88VhtB8AOE9nnu7M4x0P7t9e7WyDbM+9b7UWF83iHrW3Vs1kTGa7P05HLiJm/pW0ym3Z55WJPsQ/OIyIz3Xrf9LMjcy3Vz59PH4W+7mBxk8fiZ8261r77N/is6fuPNUz5nlrvcK4+CQbf97q9vylcbW5n+66+PF0c4R6ep3x7+jU+Nd53qebY0238e/qRWO89vvv9qw7jPjCZLf4yXH8pEf8Vy8Y/84Xv/xKr7rGLyOuRff4J2MV6pXtQm1v/8ZGZWW9tF7aKhaXFpcW3rj5erHQzFEXOpnq0/7+5vXne/b/1xEzPeJPn9P/r53Z68bxAPyr/773w6/0in8Y8Y2vdn//XzwjfjYnfv3M+A+tzPy25/LdWfy1Vv8P/9/3//oF49/96/7aBS8FAAagtre/uVIul3b6epCLPt/wxEFySW12MOIH2efxp73PS+2UWddr/vCLj1/KKofe074cDHlgAi7dw4d+2C0BAAAAAAAAAAAAAAB6ufQ/J0qH3UMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABG2f8CAAD//zwQyy8=") openat(0xffffffffffffff9c, &(0x7f0000000440)='./bus\x00', 0x141842, 0x1ad) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r0 = open(&(0x7f0000000240)='./bus\x00', 0x187102, 0x1) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2, 0x28011, r0, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000400)='setgroups\x00') chdir(&(0x7f0000000240)='./file0\x00') syz_mount_image$exfat(0x0, &(0x7f0000000200)='./bus\x00', 0x1200010, 0x0, 0x0, 0x0, &(0x7f0000000000)) 3.103235741s ago: executing program 5 (id=517): r0 = syz_open_dev$sndctrl(0x0, 0x6e, 0x22) ppoll(&(0x7f0000003700)=[{r0, 0x4000}], 0x1, &(0x7f0000003740), 0x0, 0x0) 3.102913471s ago: executing program 3 (id=518): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, 0x0) poll(&(0x7f0000002140)=[{r1}], 0x1, 0x0) 2.457017128s ago: executing program 3 (id=519): socketpair$unix(0x1, 0x2, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) rt_sigprocmask(0x0, &(0x7f0000000400)={[0xfffff7feffff7ffc]}, 0x0, 0x8) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0) r0 = gettid() prlimit64(r0, 0xb, &(0x7f0000000080), 0x0) tkill(r0, 0x12) r1 = gettid() tkill(r1, 0x15) 2.258205773s ago: executing program 4 (id=520): r0 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000200)) syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0xa2c25) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x80082, 0x0) r1 = syz_io_uring_setup(0xd2, &(0x7f0000000480)={0x0, 0x3, 0x400}, &(0x7f0000000340)=0x0, 0x0) prlimit64(0x0, 0x4, 0x0, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, 0x0) flistxattr(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x20051, 0xffffffffffffffff, 0xce9e1000) socket$nl_route(0x10, 0x3, 0x0) r4 = socket$inet6(0xa, 0x3, 0x88) bind$inet6(r4, 0x0, 0x0) r5 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$IP_VS_SO_SET_ADD(r5, 0x0, 0x482, &(0x7f0000000040)={0x84, @remote, 0x15, 0x3, 'wrr\x00', 0x1, 0x4, 0x75}, 0x2c) r6 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IP_VS_SO_SET_ADDDEST(r6, 0x0, 0x487, &(0x7f0000000000)={{0x84, @broadcast, 0x4e21, 0x3, 'lc\x00', 0xb, 0x323b, 0x3a}, {@rand_addr=0x64010102, 0x4e23, 0x0, 0xc3, 0x12d5c, 0x12d5c}}, 0x44) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, 0x0, &(0x7f0000000240)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, 0x0, 0x1}) io_uring_enter(r1, 0x47ba, 0x0, 0x0, 0x0, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2}) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f00000000c0)={'macsec0\x00', 0x400}) 2.209137657s ago: executing program 3 (id=521): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100"/13], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sigaltstack(0x0, &(0x7f0000000740)={0x0}) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, 0x0, 0x0) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r5, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r5, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendmmsg$inet6(r5, &(0x7f0000004900)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f00000004c0)="cc", 0x1}, {&(0x7f0000000100)="ff429b26f200c5682e48e53fa5e6b7860978df73872ee1a16890ae21157d44fb", 0x20}, {&(0x7f0000000f40)="8c45f6b22a2aa206c4907ac93d6d156383de35d1143800d2ba1f1100141b5873eafed775108bf36059086b5fead9957580cc7aca80061358b29a492e04af47cf72aeac3e180162a6e8c4ee4cc0035c7271ab6af8c701534868ced415b0f080ccc21a6103b0314e32ef371bfb3acdd1133ca442612c98ae06e00fcdb868ea7af3b875d05d9620e0e351ddd0225752bc94cfb74a1eb1182700883fb8e7ff1930c595da1ddd26d1eb801c8ee8ce16eb70cc9ea11a984f1ee629297a238e86948fbafcda3c896aed92658dbc9b6fb3e8886daf80cd5b1e16c01b697fbef098f6cf51fce8bae2acc0523991fda24eeb10ea5d1e6026a4f94dd2273528b840d45edf0ba14375653d3692442f89f38dd033bf0cda2516ef992393a5537c5150a9b40b770874c7ab0d2893245209ad4acea3627f25747fc718bcd839a1fb3796562ee818e50427a79a99b8fd1659392120a5e5ed133ae83d794af048e97d5bfd989ef9f49d86260b3d7e41e3f10858e59ee8dd26e841a1061b930e5360b8f96630acdba00b3c1212cee8c70578e0bb464691a22beab27178e819b4a18f581b51f5c12fe67426d9aa05aa560284fd4a7af952abd8cec181cd26d86e377a904f07ad9ded649201b4759c36e35fe700928f8c67d681c0bd74181150ded984e4f52ad27e32e050ccdc01a388c8e91441a91a0e8fc1e16756f361623ba2a9ae5b3fea166879fcc41d970b4b92645796042283bb658097d403a1ff3760cf51efe82b09fe863239535c848f4e585dec8066871d12bff0e98812ff3717a6d23dcec42aad8d6aca5480eaddad0ffdfb7e205882410f35a27047c6a68f3848bbce7a5a5427f4939872330aec13681b51b4d86446996aae017dd2d3573a433e51fb0203086d00f65bc725c0b6b2910ff4675bcb17e340c5225c6c86069219e241799fc20ec0f58e6014da96f089794abf9d667ea4db555233a091df1fa0ac58f3bed05912fa6b7a1e6ef22fc531fe750a5d6e968b8ad47fb02a09d563e10e4b3cc46eb4b8fb7a065a8ef7901b0a39f23330b754074d7c8f1202989aea8d19ca885128cc29a8333e5557bb85331a324ebcbf38962a55d68635179edfb5e62a31bb8dd2b993a8174a207d71118d0becc9c55d0e8a58def287f3e2ba21b8a2a60e73c66c3f562014e210ecd242f4acf76ae0643b711316bd77c7e8b5a68fd6fae22431a7d998569fee4043b3bd2be3c5ca8dea576ee8255ab3a0739749fa8637fcc1a4312ab4ef4d75250af29a7e6563d762a404af4ed6116276803ca487ce6e6a49956393626d1228de0760942da12cd1df57d2d9e32e65db7b744ec2d469d46993a91ac17b3d794e46d126b8eb5d1fed3be5c6293eb1e348a007af9436e0c40cc96a1567fcbb36b01fbc661be731cad550b5a42afaff8c1c32454168090323ee93c388d2a6fd0fab7587287145ef386fcd0c4e734722fadf1723193d525af2a185374f879dd8f2c4ebc7195255521d0e91a38d64491f0fedcbe03be62a9f5ccba3494203b42b5d246744ae96225b2a6ff78708155964afd5c37843c6a457e89a138ec07b5b2a7f36748c064cb1da695e3aba35c95c54bc2086154754bc6343951b7cd38278e6ab8dedf4cf1cd948de94e8410ab847c7af3e5fae1cf2d2960b361531682f5cdb40dbb7f66b195197cc69e86aede5d471a3b49825cd072366eae79f5ab22701d7c2fd4eae7e3bd53d85251e6c0d615be5eb7acc19a57ef32f9b70e93de8ce973ea83f10c5c76647c7f0b97425362d4b3d81580c8c436dae00140b4ef077b3eaf08ded300cdc31f2824ee38bfa412cadfb50424c07674812f1482c2d9e66616eb29c194e0a53de6f50d0fdfff4cddb117257a3eff49c7c34639d5ad2ff574660c3266a7cc37156f0639190fb5a9e4a5131bb6f26ffde99243b26b2c0205431be8da3052d7ffd77e0d7a5a45a4b24ead032b0b44e126bbb33dc0c24eb0c74c972739edc9df826d560a92d09f329072c616b6d9f6fa81588be7f56525b558161d95ba9bf2a32f1109eca00ec9b51a27c461a5308c46c9cfbef4c79f19b8f43863c7460e3f84ce2f9eae93077d1f6c99a4c5c8b6271e5f779c20c3946ca4f97c251a95b1084beb423e35607fe14eeed36a5a8a11ec04c694f34b632394ed7b8999b5d665f5f6d20710edad1f36221ca5ae250cc09617fcfb19ac6ece18ca6bcbc6a2749961472bf52a531df8411f3c8a41251fb3c20fe9e89be345d9967155cca9747237760551083aefe39ee0f772a5245ece058b0bd2b7a5a14512553832d444760dd30f74f7024885dabf4bf0e939b53b96dba2846bc4fd1d2782bdbaad2c2c3c3f79c7c6865c10e51ea9dc87971bee882616abdd9de5075bd74d053362dbc58be8fd4e41e3f37e4e9ef4eda636bdbc689316d386df895688765137a5bccfea6c651c794cab94ed558aab3abd059a0dbf995e6f940a19f5d2e7f4bf4a5794280f8ea79564001d0c2a1a12288d508de8a00e7bbbfa1b086b9ef8d1c2f7d1e4a12e583", 0x6fd}], 0x3}}, {{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000b80)="bda033176eb146b36ef41f221a4e7ce4a02598d750606488520915c6806affc0a913781c7211ce1fcd59a12b5d5afdaf9d723f092ce9d1eed16e208f2e79831ca049e8979ad94621175c2c48c10e33b29f2def51498743b057efc21efe4be4d9f02e9d236f27190c29c5da0f3799452f5e3640340502fde4ae8c56b303e1b79b3d1842bf6277771bef544c745e7a80c9e7efdd1c619f69b9d01839aa326776d335689e4db7cb7e32fad8f4c40e943b43eb4ea173d720bf5998149625a731643636c8ddbe61e1d7d4736f8414a84acc40557012c82697d8a59c873424aefb3c7ff0dba302efaaf887a477b1ab7ea6c1def9db3514e444c1ef36c6cf42cde90d4bbb2e923a5d16a1bb191ad91cab867cd55037d507a12803f3df1b81f1857fad085dbc5c46aac14230d7a4f8b36d6bc63b4a16cd309b7697b421a662b83001b5ce5ab3ff80800243107df7aa6cae9a5db6a8f2a53ef7d6c6aeac76b83a15466c74a9cdbcde8505e3d14c0c3a47a36bf464168202dc88e25f4c1da57faf0eaa7ff16bdd751c2ae5778e169c8ffba57c9a20e24ad51e6e8e02b721e8ca94f131cc98e03b34b615a1db4080362de4ef215d5a0541aeb0c742a2636ac5af8538ceb3585ef9dca8037df55baa072096073b005b53eff0b899de59bc2b5d687d109520571eeacb30124c4012fe6cb9e3bf451be3d219206ddc35099101533cff5aee6c4783e00e6dd391f664052a6c66c62f62a49fde8fbe336543bf99b55e53b801e54c1d0a292da83db26a8a870ac1d8751c4bc0d495277295cd3a17f9e9a25d70214a17b981b62d5c75356ed025df3557a8b59648edd9d1dbdf169d91f9d85cfac11a57db0a14f03e8934a2cc98d389912a0d9942a40c3ee98d35da61d3bab1a32c9d788e9f74ee57012ca5bfd0dc090b591c64aae6a205fbd349fc372bbd7429983a69cae26ff8b5b019144d318ba225e46bc6cf8d7d3e5952333042542b2fd4fb4d88a3651dd8e14ecc2845d4e71f7dfd128e9e2ee2ab0062a3e701bb2477bfd73d7396ae522f11fa481078d1c7f7905e0846fb072dcf7c06102b3816ec4a3518514c7166d7385b680469f5184a93953258952554e68d93ea8f789c4f13982b65996d7d9cf19f0b39b72e1dc9079d84413bbc30d24fc481e24ef1beacb8bc15f50c2663d684d16a1c71b2c8a568481f4f1b254ccd66fbef4cacfc3e13f2c943a264e429824bef7297f93076aea55ed9cf12512ce3ac3df331695024bd1e53369a87caf6894fce811a64dad315402678de76", 0x390}], 0x1}}], 0x2, 0x4048884) getpid() ioctl$sock_SIOCSIFBR(r0, 0x8941, 0x0) 1.467284552s ago: executing program 5 (id=522): r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x21, 0x5d, 0x6b, 0x10, 0x424, 0xcf30, 0x398c, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x20, 0x6, 0x2, 0x12, 0xe, 0xfb, 0x3, [], [{{0x9, 0x5, 0x2, 0x3, 0x200, 0x2, 0x25}}, {{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0) r1 = add_key$keyring(0x0, &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) r2 = add_key(&(0x7f0000000100)='syzkaller\x00', &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000180)="5b3aa2b781f60e7f0c94d01e6796e65ce956679f1ac58ff88efe717e3a15ce2cbcb5075a014b008220aac55c5047691d16db", 0x32, 0xfffffffffffffff9) keyctl$unlink(0x9, r1, r2) syz_usb_control_io$printer(r0, 0x0, 0x0) r3 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) shutdown(r3, 0x1) r4 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488) syz_emit_ethernet(0x4a, &(0x7f00000004c0)={@broadcast, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "101040", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x5, 0x70}}}}}}}, 0x0) syz_emit_ethernet(0x4e, &(0x7f0000000040)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x18, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0x2, 0x11, 0x0, 0x0, {[@nop]}}}}}}}}, 0x0) 962.482039ms ago: executing program 1 (id=523): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = fsopen(0x0, 0x1) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, 0x0, &(0x7f0000000040)='c:::\x00', 0x0) gettid() prlimit64(0x0, 0xe, &(0x7f0000000300)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = openat$ttyprintk(0xffffffffffffff9c, 0x0, 0x4042, 0x0) ioctl$TIOCSETD(r2, 0x5423, 0x0) r3 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0) ioctl$VIDIOC_SUBSCRIBE_EVENT(r3, 0x4020565a, 0x0) ioctl$VIDIOC_SUBSCRIBE_EVENT(r3, 0x4020565a, &(0x7f0000000280)={0x2, 0xfffffffa}) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000780)='\x90\xaa|\x00\x80\x00ACG\xba\x8c7F\x1e\x8b\x05\x00\xde(T]&\xee|v6\x1f\x9ay\xef\'xlX\xe3$\x1dk\x01&\x9fL+\xe3\xe7\xc7\x98\xde)j(\xa6\x03Z.e\xbb-\xb0\x8d\x90\a\xcd\x1d$\xe6\xb2T\xe7G\xca$\xdb05 \x95\\\xc6\xfa\x8a\x9a\xc5Wn\xb1 \x02\xd9{\x8a\xd5C\x93\xea\x15\xbc\xed#\xe6\xa3\r\t\xd9\x00\x00\x00\x00\x00\x00\x84\x0f\x1c\xe6\x17\xea\xb7\x8f\x88m\x80Z\x9ci\xde\xdb\x15\xe1k\x9e\xd5\x81MrE\xd4\xd7\xbd\x00I3\x14\'\a\b\x80\xec\x17xh\xe0\xb4', &(0x7f0000000340)='\xda\xef0\x8c\xe3H\r\xce^o\x1a5\x82\x83\xd4\x12\xdc\xdf?\xc0\x03k\a\x9e\xf8\xdb\xf6\x13\xfd\x98\x1b\x1f\xc1rm\x9e\x0f\xa9D\xbft\x17[p\xd9\xb1\b$\xad\x11a@\x92C\x7f\x03.B3\xdax\x85*\xc7\xe5\xf9\xdf\xc4\xe1\xd2\xa1\x86\xb9\xad\xe2\x92}4\x87\x05\xa9\xc6WGU\x89\xee U\x95\x15z\xed)3\xba`H\xbb\x8cv\xfcr\x0e\xfe\xb4s[\xbb\x0f\xf3s\xb3\xdb9\x05\x12P\xc9v\xd2\xa9\t\x05\xee\xab\x7fKA\x98W\xee\x9b;\xccIA\xa8me!G\\\x88\xe3*\xfa2\nr\xa2\xf1\x02\xf5M=B\xb8\xac\xdd\xbc\xc6yx\xab\xfe\xe3\xe4|t\x8f\xcd\x18\x93\x0e\xfc\x81\xb6\xfc\\\xcdlZ\xd9\xfa\xad\x97\x7f\xec', 0x0) socket$inet_udp(0x2, 0x2, 0x0) close(0x3) 869.579995ms ago: executing program 4 (id=524): socket$packet(0x11, 0x2, 0x300) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) recvmsg(r0, 0x0, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000100)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x6, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty, {[@rr={0x7, 0x3, 0x82}]}}, {0x0, 0x4e20, 0x10, 0x0, @gue={{0x2}}}}}}}, 0x0) 631.496233ms ago: executing program 4 (id=525): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000240)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cipher_null\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$unix(r1, &(0x7f0000002440)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)=[@cred={{0x1c, 0x117, 0x2, {0x0, 0xffffffffffffffff}}}], 0x20}}], 0x1, 0x0) 286.157969ms ago: executing program 4 (id=526): socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt(0xffffffffffffffff, 0x84, 0x80, &(0x7f00000000c0)="1a00000002000000", 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, 0x0, 0x0) sendto$inet6(0xffffffffffffffff, &(0x7f0000000100)="130000000f01fb00ba", 0x1, 0x20044010, &(0x7f0000000080)={0xa, 0x4e23, 0x5d, @loopback, 0x1000}, 0xfffffffffffffdfb) creat(0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500), 0xc) r0 = syz_open_dev$MSR(&(0x7f0000000480), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) sendmsg$netlink(0xffffffffffffffff, 0x0, 0x80) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) prctl$PR_SET_MM(0x23, 0xa, &(0x7f00002d5000/0x2000)=nil) 0s ago: executing program 1 (id=527): syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x8, &(0x7f0000000000)={[{@sb={'sb', 0x3d, 0x1}}, {@delalloc}, {@errors_remount}]}, 0x4, 0x511, &(0x7f0000000540)="$eJzs3cFvVE8dAPDv23Zp6a/8CspBjQoiioawbRdoCBfhojGExEg8eYDaLk3TXbbpLpFWDuXonUQST/onePNgwsmDN29684IHE1SioSYe1ry327K023b9dduF7ueTvL43M8t+Z7rMzL6B3QlgYJ2PiPWIOBERDyJiopWftI641TzSx71983Ru483TuSQajXv/SLLyNC/a/kzqk9ZzjkbED78X8ZNkZ9za6trSbLlcWmmlJ+uV5cna6tqVxVwrpzgzPTN14+r1Ys/aeq7ym9ffXbzzo9/99iuv/rj+7Z+l1Rr/+amsrL0dvdRsej7G2/KGI+LOYQTrk+HW3x8+Pmlv+1xEXMj6/0QMZa8mAHCcNRoT0ZhoTwMAx116/z8eSa7QWgsYj1yuUGiu4Z2NsVy5Wqtfnqg+fjQf2RrW6cjnHi6WS1OttcLTkU/S9HR2/S5dfC/9vHQ1Is5ExPORk1l5Ya5anu/nGx8AGGCfbJv//z3SnP8BgGNutN8VAACOnPkfAAaP+R8ABs//Mf/7dCAAHBPu/wFg8Jj/AWDw7Dv/PzuaegAAR+IHd++mR2Oj+f3Xm9/UfWW+VFsqVB7PFeaqK8uFhWp1oVwqzDUa+z1fuVpdnr62laytrt2vVB8/qt9frMwulO6X8ofZGACgK2fOvfxzOumv3zyZHdG2l4O5Go63XL8rAPTNUL8rAPSNz/PA4OriHt8yABxzHbbofc+u/0Xohc1f4WN16YvW/2FQHWT939oBfNw+2/r/d3peD+DomcNhcDUaiT3/AWDAWOMHDvTv/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADCgxrMjyRWyvcDX05+5QiHiVEScjnzycLFcmoqITyPiTyP5kTQ93e9KAwAHlPtb0tr/69LExfHtpSeS/4xk54j46S/v/eLJbL2+Mp3m/3Mrv/4izT9ZXyme6EcDAIB2t3ZmZfN3sXVuu5F/++bp3OZxlFV8fbu5uWgad6N1NEuGYzg7j0Y+Isb+lbTSTen7laEexF9/FhFf2Gz/aDxpizCerYE0dz7dHj+Nfarn8dt//9vj595rby4rS8/57Hfx+R7UBQbNy9vNcbLV99Iu3up/uTifnTv3/9FshDq4dPxL+/XGjvEvtzX+De2In2R9/vxWeu+avL72++/vyGxMNMueRXxpuFP8ZCt+0nn8zV/sso1/+fJXL+xW1vhVxKWO7d/ckbqSDbOT9cryZG117cpiZXahtFB6VCzOTM9M3bh6vTiZrVE3f/6hU4y/37z86W7x0/aP7RJ/dO/2xze6bP+v//vgx1/bI/63vt759T+7R/x0Tvxml/Fnx27tun13Gn9+l/bv8/rH5S7jv/rr2nyXDwUAjkBtdW1ptlwurexzkb7X3O8xLrq/SO/tP4BqZBexHtGrJ8wWJSKi42PSd9QfRpMP6yL5MKrRi4t+j0zAYXvX6ftdEwAAAAAAAAAAAAAAYDe11bWlkc6f1urZRb/bCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwPH1vwAAAP//tBrD+w==") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x4000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)={0x80, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x1}, @CTA_SEQ_ADJ_REPLY={0x1c, 0x10, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8}, @CTA_SEQADJ_OFFSET_BEFORE={0x8}, @CTA_SEQADJ_OFFSET_AFTER={0x8}]}]}, 0x80}}, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) kernel console output (not intermixed with test programs): v: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 83.261688][ T4263] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.272529][ T4263] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 83.283974][ T4263] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.293981][ T4263] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 83.305224][ T4263] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.315936][ T4263] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 83.327455][ T4263] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.338957][ T4263] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 83.347114][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 83.360632][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 83.369115][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 83.379043][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 83.388021][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 83.396974][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 83.419230][ T41] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.427825][ T4263] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.445039][ T4263] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.453811][ T4263] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.463085][ T4263] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.473942][ T41] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.490771][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 83.561383][ T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.569745][ T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.685498][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 83.711709][ T4303] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.729960][ T4303] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.762108][ T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.764583][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 83.781922][ T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.801312][ T4337] loop4: detected capacity change from 0 to 512 [ 83.817570][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 83.855169][ T41] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.864042][ T41] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.878453][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 83.889863][ T4337] UDF-fs: warning (device loop4): udf_load_vrs: No VRS found [ 83.906206][ T4269] Bluetooth: hci0: command 0x0419 tx timeout [ 83.919246][ T4267] Bluetooth: hci2: command 0x0419 tx timeout [ 83.936504][ T4337] UDF-fs: Scanning with blocksize 512 failed [ 83.984993][ T4269] Bluetooth: hci3: command 0x0419 tx timeout [ 83.991086][ T4269] Bluetooth: hci1: command 0x0419 tx timeout [ 83.998314][ T4267] Bluetooth: hci4: command 0x0419 tx timeout [ 84.004197][ T4337] UDF-fs: warning (device loop4): udf_load_vrs: No VRS found [ 84.013254][ T4337] UDF-fs: Scanning with blocksize 1024 failed [ 84.063423][ T4337] UDF-fs: warning (device loop4): udf_load_vrs: No VRS found [ 84.116352][ T4303] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.187930][ T4337] UDF-fs: Scanning with blocksize 2048 failed [ 84.241460][ T4337] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256 [ 84.263063][ T4303] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.308045][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 84.441084][ T4337] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 84.741882][ T4353] mmap: syz.2.6 (4353) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 85.055643][ T4353] netlink: 'syz.2.6': attribute type 4 has an invalid length. [ 85.135662][ T4359] netlink: 'syz.4.7': attribute type 3 has an invalid length. [ 85.255728][ T4353] syz.2.6 (4353) used greatest stack depth: 19104 bytes left [ 85.532424][ T0] NOHZ tick-stop error: local softirq work is pending, handler #108!!! [ 85.540931][ T0] NOHZ tick-stop error: local softirq work is pending, handler #10a!!! [ 85.549292][ T0] NOHZ tick-stop error: local softirq work is pending, handler #10a!!! [ 85.557726][ T0] NOHZ tick-stop error: local softirq work is pending, handler #10a!!! [ 85.566176][ T0] NOHZ tick-stop error: local softirq work is pending, handler #10a!!! [ 85.574710][ T0] NOHZ tick-stop error: local softirq work is pending, handler #18a!!! [ 85.583065][ T0] NOHZ tick-stop error: local softirq work is pending, handler #18a!!! [ 85.591532][ T0] NOHZ tick-stop error: local softirq work is pending, handler #18a!!! [ 85.599869][ T0] NOHZ tick-stop error: local softirq work is pending, handler #18a!!! [ 85.608394][ T0] NOHZ tick-stop error: local softirq work is pending, handler #18a!!! [ 87.202615][ T127] cfg80211: failed to load regulatory.db [ 87.783357][ T7] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 88.819049][ T7] usb 4-1: Using ep0 maxpacket: 16 [ 89.278491][ T4392] sched: RT throttling activated [ 89.376249][ T7] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 89.427999][ T7] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 89.505647][ T7] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 89.553789][ T7] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 89.573408][ T7] usb 4-1: Product: syz [ 89.577650][ T7] usb 4-1: Manufacturer: syz [ 89.596966][ T7] usb 4-1: SerialNumber: syz [ 90.667948][ T7] usb 4-1: 0:2 : does not exist [ 90.695763][ T7] usb 4-1: 5:0: failed to get current value for ch 0 (-22) [ 91.409719][ T4402] syz.4.16 (4402): drop_caches: 2 [ 91.485975][ T7] usb 4-1: USB disconnect, device number 2 [ 91.501959][ T4402] 9pnet_fd: Insufficient options for proto=fd [ 91.861133][ T4281] usb 1-1: new full-speed USB device number 2 using dummy_hcd [ 92.693058][ T4281] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 92.738929][ T4281] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 92.786424][ T4281] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 92.964175][ T4281] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5 [ 93.021622][ T4281] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 94.444101][ T4281] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 94.461795][ T4281] usb 1-1: Manufacturer: syz [ 94.487557][ T4281] usb 1-1: config 0 descriptor?? [ 94.522231][ T4420] loop3: detected capacity change from 0 to 128 [ 94.692374][ T4281] usb 1-1: can't set config #0, error -71 [ 94.699396][ T4281] usb 1-1: USB disconnect, device number 2 [ 96.043527][ T4436] loop0: detected capacity change from 0 to 128 [ 96.327042][ T4442] loop2: detected capacity change from 0 to 128 [ 96.599205][ T4442] VFS: Found a Xenix FS (block size = 512) on device loop2 [ 96.670578][ T4442] sysv_free_block: trying to free block not in datazone [ 96.695391][ T4442] sysv_free_inode: inode 0,1,2 or nonexistent inode [ 97.784079][ T4438] loop4: detected capacity change from 0 to 1024 [ 97.795410][ T4436] VFS: Found a Xenix FS (block size = 512) on device loop0 [ 97.803250][ T4436] sysv_free_block: trying to free block not in datazone [ 97.811788][ T4436] sysv_free_inode: inode 0,1,2 or nonexistent inode [ 98.064044][ T4347] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 102.632590][ T952] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 102.709683][ T4470] netlink: 4 bytes leftover after parsing attributes in process `syz.2.32'. [ 102.857153][ T952] usb 2-1: Using ep0 maxpacket: 8 [ 102.885039][ T952] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 102.987501][ T952] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 103.018921][ T952] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 103.031652][ T952] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 103.044137][ T952] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 103.060129][ T952] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 103.070005][ T952] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 103.366163][ T4473] hfsplus: b-tree write err: -5, ino 4 [ 103.494928][ T4476] loop0: detected capacity change from 0 to 1024 [ 103.665080][ T4476] hfsplus: xattr searching failed [ 103.673574][ T4476] hfsplus: xattr searching failed [ 103.772757][ T4470] team0 (unregistering): Port device team_slave_0 removed [ 103.831312][ T4470] team0 (unregistering): Port device team_slave_1 removed [ 103.947279][ T4387] hfsplus: b-tree write err: -5, ino 3 [ 103.976776][ T4483] usbtmc 2-1:16.0: usb_control_msg returned -32 [ 104.060068][ T4468] usb 2-1: USB disconnect, device number 2 [ 105.938009][ T4499] loop0: detected capacity change from 0 to 128 [ 106.051372][ T4499] VFS: Found a Xenix FS (block size = 512) on device loop0 [ 106.058963][ T4499] sysv_free_block: trying to free block not in datazone [ 106.066936][ T4499] sysv_free_inode: inode 0,1,2 or nonexistent inode [ 107.982911][ T4509] loop0: detected capacity change from 0 to 128 [ 108.940783][ T4509] VFS: Found a Xenix FS (block size = 512) on device loop0 [ 108.948924][ T4509] sysv_free_block: trying to free block not in datazone [ 109.068405][ T4509] sysv_free_inode: inode 0,1,2 or nonexistent inode [ 109.438669][ T4348] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 110.419825][ T4518] loop0: detected capacity change from 0 to 4096 [ 110.491388][ T4518] EXT4-fs: Ignoring removed nomblk_io_submit option [ 110.596150][ T4518] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 110.720035][ T4524] loop4: detected capacity change from 0 to 1024 [ 111.366783][ T4524] hfsplus: xattr searching failed [ 111.406632][ T4524] hfsplus: xattr searching failed [ 112.698535][ T4303] hfsplus: b-tree write err: -5, ino 3 [ 112.888752][ T4263] EXT4-fs (loop0): unmounting filesystem. [ 112.907872][ T4536] netlink: 8 bytes leftover after parsing attributes in process `syz.3.51'. [ 113.056677][ T4541] [U] : [ 113.059771][ T4541] [U] [ 113.062504][ T4541] [U] [ 113.065228][ T4541] [U] [ 113.067954][ T4541] [U] [ 113.070684][ T4541] [U] [ 113.073410][ T4541] [U] [ 113.076151][ T4541] [U] [ 113.079107][ T4541] [U] [ 113.081843][ T4541] [U] [ 113.084583][ T4541] [U] [ 113.087328][ T4541] [U] [ 113.090058][ T4541] [U] [ 113.092789][ T4541] [U] [ 113.095518][ T4541] [U] [ 113.098247][ T4541] [U] [ 113.100961][ C0] vkms_vblank_simulate: vblank timer overrun [ 113.107206][ T4541] [U] [ 113.109925][ T4541] [U] [ 113.112618][ T4541] [U] [ 113.115417][ T4541] [U] [ 113.118162][ T4541] [U] [ 113.120866][ T4541] [U] [ 113.123558][ T4541] [U] [ 113.126272][ T4541] [U] [ 113.129652][ T4541] [U] [ 113.132412][ T4541] [U] [ 113.135144][ T4541] [U] [ 113.137872][ T4541] [U] [ 113.140599][ T4541] [U] [ 113.143350][ T4541] [U] [ 113.146082][ T4541] [U] [ 113.148812][ T4541] [U] [ 113.151737][ T4541] [U] [ 113.154465][ T4541] [U] [ 113.157181][ T4541] [U] [ 113.159901][ T4541] [U] [ 113.162621][ T4541] [U] [ 113.165346][ T4541] [U] [ 113.168073][ T4541] [U] [ 113.170812][ T4541] [U] [ 113.173601][ C0] vkms_vblank_simulate: vblank timer overrun [ 113.179761][ T4541] [U] [ 113.182466][ T4541] [U] [ 113.185168][ T4541] [U] [ 113.187864][ T4541] [U] [ 113.190577][ T4541] [U] [ 113.193299][ T4541] [U] [ 113.195994][ T4541] [U] [ 113.198692][ T4541] [U] [ 113.201526][ T4541] [U] [ 113.204254][ T4541] [U] [ 113.206963][ T4541] [U] [ 113.209664][ T4541] [U] [ 113.212356][ T4541] [U] [ 113.215051][ T4541] [U] [ 113.217757][ T4541] [U] [ 113.220462][ T4541] [U] [ 113.223249][ T4541] [U] [ 113.225967][ T4541] [U] [ 113.228701][ T4541] [U] [ 113.231426][ T4541] [U] [ 113.234147][ T4541] [U] [ 113.236868][ T4541] [U] [ 113.239593][ T4541] [U] [ 113.242322][ T4541] [U] [ 113.245043][ C0] vkms_vblank_simulate: vblank timer overrun [ 113.251634][ T4541] [U] [ 113.254370][ T4541] [U] [ 113.257096][ T4541] [U] [ 113.259817][ T4541] [U] [ 113.262539][ T4541] [U] [ 113.265261][ T4541] [U] [ 113.267985][ T4541] [U] [ 113.270711][ T4541] [U] [ 113.273688][ T4541] [U] [ 113.276419][ T4541] [U] [ 113.279142][ T4541] [U] [ 113.281863][ T4541] [U] [ 113.284589][ T4541] [U] [ 113.287352][ T4541] [U] [ 113.290073][ T4541] [U] [ 113.292801][ T4541] [U] [ 113.295527][ C0] vkms_vblank_simulate: vblank timer overrun [ 113.301679][ T4541] [U] [ 113.304407][ T4541] [U] [ 113.307131][ T4541] [U] [ 113.309855][ T4541] [U] [ 113.312578][ T4541] [U] [ 113.315305][ T4541] [U] [ 113.318028][ T4541] [U] [ 113.320750][ T4541] [U] [ 113.323663][ T4541] [U] [ 113.326398][ T4541] [U] [ 113.329121][ T4541] [U] [ 113.331847][ T4541] [U] [ 113.334665][ T4541] [U] [ 113.337391][ T4541] [U] [ 113.340112][ T4541] [U] [ 113.342862][ T4541] [U] [ 113.346152][ T4541] [U] [ 113.348886][ T4541] [U] [ 113.351638][ T4541] [U] [ 113.354364][ T4541] [U] [ 113.357085][ T4541] [U] [ 113.359808][ T4541] [U] [ 113.362535][ T4541] [U] [ 113.365257][ T4541] [U] [ 113.367990][ C0] vkms_vblank_simulate: vblank timer overrun [ 113.374112][ T4541] [U] [ 113.376840][ T4541] [U] [ 113.379572][ T4541] [U] [ 113.382305][ T4541] [U] [ 113.385028][ T4541] [U] [ 113.387749][ T4541] [U] [ 113.390561][ T4541] [U] [ 113.393282][ T4541] [U] [ 113.396232][ T4541] [U] [ 113.398958][ T4541] [U] [ 113.401676][ T4541] [U] [ 113.404393][ T4541] [U] [ 113.407108][ T4541] [U] [ 113.409831][ T4541] [U] [ 113.412558][ T4541] [U] [ 113.415285][ T4541] [U] [ 113.418169][ T4541] [U] [ 113.420903][ T4541] [U] [ 113.423634][ T4541] [U] [ 113.426360][ T4541] [U] [ 113.429081][ T4541] [U] [ 113.431807][ T4541] [U] [ 113.434532][ T4541] [U] [ 113.550737][ T4520] [U] [ 114.680350][ T4549] loop0: detected capacity change from 0 to 128 [ 114.837229][ T4549] VFS: Found a Xenix FS (block size = 512) on device loop0 [ 114.845062][ T4549] sysv_free_block: trying to free block not in datazone [ 114.855632][ T4554] netlink: 4 bytes leftover after parsing attributes in process `syz.2.56'. [ 114.860149][ T4549] sysv_free_inode: inode 0,1,2 or nonexistent inode [ 116.890073][ T4576] loop2: detected capacity change from 0 to 1024 [ 118.188599][ T4576] hfsplus: xattr searching failed [ 118.203797][ T4576] hfsplus: xattr searching failed [ 118.290784][ T4379] hfsplus: b-tree write err: -5, ino 3 [ 118.422556][ T4468] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 118.443960][ T22] usb 1-1: new full-speed USB device number 3 using dummy_hcd [ 118.615063][ T4468] usb 2-1: Using ep0 maxpacket: 16 [ 118.622763][ T4468] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 118.649690][ T22] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 118.679238][ T22] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 118.708157][ T4468] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 118.717514][ T22] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 118.737245][ T4468] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 118.937786][ T22] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5 [ 118.951380][ T4468] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 118.959832][ T4468] usb 2-1: Product: syz [ 118.964047][ T4468] usb 2-1: Manufacturer: syz [ 118.969243][ T4468] usb 2-1: SerialNumber: syz [ 118.975172][ T22] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 118.987113][ T22] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 118.999899][ T22] usb 1-1: Manufacturer: syz [ 119.007194][ T22] usb 1-1: config 0 descriptor?? [ 119.176454][ T4605] loop2: detected capacity change from 0 to 128 [ 119.188570][ T4605] VFS: Found a Xenix FS (block size = 512) on device loop2 [ 119.196527][ T4605] sysv_free_block: trying to free block not in datazone [ 119.206434][ T4605] sysv_free_inode: inode 0,1,2 or nonexistent inode [ 119.214644][ T4468] usb 2-1: 0:2 : does not exist [ 119.237307][ T4468] usb 2-1: 5:0: failed to get current value for ch 0 (-22) [ 119.274532][ T4346] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 119.331487][ T4468] usb 2-1: USB disconnect, device number 3 [ 119.406325][ T22] rc_core: IR keymap rc-hauppauge not found [ 119.414973][ T22] Registered IR keymap rc-empty [ 119.426925][ T22] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 119.460206][ T22] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 119.505700][ T22] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0 [ 119.529300][ T22] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input5 [ 119.550410][ T22] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 119.600923][ T4348] udevd[4348]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 119.621041][ T22] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 119.662922][ T22] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 119.695141][ T22] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 119.739059][ T22] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 119.796912][ T22] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 119.844559][ T22] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 119.897973][ T22] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 119.957713][ T4613] loop2: detected capacity change from 0 to 1024 [ 119.962154][ T22] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 120.005396][ T22] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 120.080920][ T22] mceusb 1-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 120.100041][ T4613] hfsplus: xattr searching failed [ 120.113536][ T22] mceusb 1-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 120.287402][ T22] usb 1-1: USB disconnect, device number 3 [ 120.473567][ T4613] hfsplus: xattr searching failed [ 120.876004][ T4513] hfsplus: b-tree write err: -5, ino 3 [ 120.949308][ T4622] syz.0.78 (4622) used obsolete PPPIOCDETACH ioctl [ 122.540861][ T4651] loop1: detected capacity change from 0 to 128 [ 122.584146][ T4651] VFS: Found a Xenix FS (block size = 512) on device loop1 [ 122.592039][ T4651] sysv_free_block: trying to free block not in datazone [ 122.600193][ T4651] sysv_free_inode: inode 0,1,2 or nonexistent inode [ 124.626002][ T4676] loop1: detected capacity change from 0 to 512 [ 124.772289][ T4676] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 124.846912][ T4676] ext4 filesystem being mounted at /13/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 125.856042][ T4693] loop0: detected capacity change from 0 to 128 [ 125.865579][ T4693] VFS: Found a Xenix FS (block size = 512) on device loop0 [ 125.873185][ T4693] sysv_free_block: trying to free block not in datazone [ 125.887959][ T4693] sysv_free_inode: inode 0,1,2 or nonexistent inode [ 126.020178][ T4348] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 126.591361][ T4250] EXT4-fs (loop1): unmounting filesystem. [ 126.809892][ T4281] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 129.027858][ T4281] usb 3-1: Using ep0 maxpacket: 16 [ 129.035364][ T4281] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 129.091975][ T4281] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 129.329655][ T4281] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 129.348714][ T4281] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 129.512698][ T4281] usb 3-1: Product: syz [ 129.635316][ T4281] usb 3-1: Manufacturer: syz [ 129.855288][ T4281] usb 3-1: SerialNumber: syz [ 130.110540][ T4281] usb 3-1: can't set config #1, error -71 [ 130.135200][ T4281] usb 3-1: USB disconnect, device number 2 [ 130.495163][ T4727] loop0: detected capacity change from 0 to 64 [ 130.522112][ T4727] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 133.335966][ T22] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 133.731595][ T22] usb 1-1: Using ep0 maxpacket: 8 [ 134.366621][ T22] usb 1-1: device descriptor read/all, error -71 [ 134.641383][ T4300] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 134.660978][ T4764] loop4: detected capacity change from 0 to 164 [ 135.569435][ T4764] rock: corrupted directory entry. extent=41, offset=65536, size=8 [ 135.602437][ T4300] usb 3-1: Using ep0 maxpacket: 16 [ 135.772702][ T4300] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 138.929903][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 138.936989][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 139.149748][ T4300] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 139.654565][ T4300] usb 3-1: string descriptor 0 read error: -71 [ 139.661199][ T4300] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 139.826522][ T4300] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 140.093521][ T4300] usb 3-1: can't set config #1, error -71 [ 140.109100][ T4300] usb 3-1: USB disconnect, device number 3 [ 142.027241][ T4817] loop3: detected capacity change from 0 to 164 [ 142.059975][ T4817] rock: corrupted directory entry. extent=41, offset=65536, size=8 [ 142.358958][ T4254] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 142.588918][ T4254] usb 3-1: Using ep0 maxpacket: 16 [ 142.611078][ T4254] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 142.666942][ T4254] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 142.759601][ T4254] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 142.825258][ T4254] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 142.874326][ T4254] usb 3-1: Product: syz [ 142.909997][ T4254] usb 3-1: Manufacturer: syz [ 142.939787][ T4254] usb 3-1: SerialNumber: syz [ 143.255744][ T4254] usb 3-1: 0:2 : does not exist [ 143.271173][ T4254] usb 3-1: 5:0: failed to get current value for ch 0 (-22) [ 143.336312][ T4254] usb 3-1: USB disconnect, device number 4 [ 144.316385][ T4815] device wg2 entered promiscuous mode [ 144.852325][ T4830] loop1: detected capacity change from 0 to 128 [ 144.874080][ T4830] VFS: Found a Xenix FS (block size = 512) on device loop1 [ 144.883241][ T4830] sysv_free_block: trying to free block not in datazone [ 144.899976][ T4830] sysv_free_inode: inode 0,1,2 or nonexistent inode [ 148.790919][ T4849] device syzkaller0 entered promiscuous mode [ 149.467325][ T4860] Driver unsupported XDP return value 0 on prog (id 65) dev N/A, expect packet loss! [ 149.505440][ T4869] loop0: detected capacity change from 0 to 164 [ 149.542560][ T4869] rock: corrupted directory entry. extent=41, offset=65536, size=8 [ 153.043749][ T4882] loop3: detected capacity change from 0 to 128 [ 153.053364][ T4882] VFS: Found a Xenix FS (block size = 512) on device loop3 [ 153.061332][ T4882] sysv_free_block: trying to free block not in datazone [ 153.083950][ T4882] sysv_free_inode: inode 0,1,2 or nonexistent inode [ 153.229745][ T4348] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 154.525676][ T4861] device wg2 entered promiscuous mode [ 154.539638][ T4868] netlink: 4 bytes leftover after parsing attributes in process `syz.2.162'. [ 154.551886][ T4885] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 154.563325][ T4885] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready [ 154.576770][ T4885] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready [ 154.587080][ T4885] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready [ 154.598174][ T4885] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready [ 154.607943][ T4885] IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready [ 154.619129][ T4885] IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready [ 155.340898][ T4910] loop2: detected capacity change from 0 to 164 [ 155.414583][ T4910] rock: corrupted directory entry. extent=41, offset=65536, size=8 [ 155.445580][ T4914] netlink: 4 bytes leftover after parsing attributes in process `syz.3.179'. [ 156.685570][ T4914] team0 (unregistering): Port device team_slave_0 removed [ 156.713459][ T4914] team0 (unregistering): Port device team_slave_1 removed [ 156.749400][ T4922] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 156.758414][ T4922] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready [ 156.766111][ T4922] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready [ 156.773675][ T4922] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready [ 156.781342][ T4922] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready [ 156.789013][ T4922] IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready [ 156.796852][ T4922] IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready [ 157.466882][ T4940] loop1: detected capacity change from 0 to 128 [ 157.501813][ T4940] VFS: Found a Xenix FS (block size = 512) on device loop1 [ 157.512849][ T4940] sysv_free_block: trying to free block not in datazone [ 157.527416][ T4940] sysv_free_inode: inode 0,1,2 or nonexistent inode [ 158.941609][ T4958] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 158.952482][ T4958] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready [ 158.963861][ T4958] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready [ 158.975100][ T4958] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready [ 158.986951][ T4958] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready [ 158.992349][ T4959] loop3: detected capacity change from 0 to 128 [ 158.997293][ T4958] IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready [ 159.011818][ T4958] IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready [ 159.024795][ T4959] VFS: Found a Xenix FS (block size = 512) on device loop3 [ 159.032566][ T4959] sysv_free_block: trying to free block not in datazone [ 159.041343][ T4959] sysv_free_inode: inode 0,1,2 or nonexistent inode [ 159.380915][ T4969] netlink: 4 bytes leftover after parsing attributes in process `syz.2.197'. [ 160.019793][ T22] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 160.233723][ T22] usb 4-1: Using ep0 maxpacket: 8 [ 160.247767][ T22] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 160.270257][ T22] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 160.325327][ T4987] loop1: detected capacity change from 0 to 8 [ 160.331729][ T22] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 160.331893][ T22] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 160.331985][ T22] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 160.332190][ T22] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 160.332281][ T22] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 160.391094][ T4306] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 160.402012][ T4987] MTD: Attempt to mount non-MTD device "/dev/loop1" [ 160.426324][ T4987] process 'syz.1.196' launched './file2' with NULL argv: empty string added [ 160.444493][ T4987] cramfs: Error -5 while decompressing! [ 160.451754][ T4987] cramfs: ffffffff97548568(26)->ffff888050bd7000(4096) [ 160.460590][ T4987] cramfs: Error -3 while decompressing! [ 160.467082][ T4987] cramfs: ffffffff97548582(26)->ffff888050bd8000(4096) [ 160.474879][ T4987] cramfs: Error -3 while decompressing! [ 160.482320][ T4987] cramfs: ffffffff9754859c(16)->ffff888050bd9000(4096) [ 160.489913][ T4987] cramfs: Error -5 while decompressing! [ 160.495809][ T4987] cramfs: ffffffff97548568(26)->ffff888050bd7000(4096) [ 160.800121][ T4306] usb 3-1: Using ep0 maxpacket: 16 [ 160.807466][ T4306] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 160.824238][ T4306] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 160.864493][ T4306] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 160.882645][ T4306] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 160.899875][ T4306] usb 3-1: Product: syz [ 160.908685][ T4306] usb 3-1: Manufacturer: syz [ 160.918997][ T4306] usb 3-1: SerialNumber: syz [ 161.154493][ T4306] usb 3-1: 0:2 : does not exist [ 161.168078][ T4306] usb 3-1: 5:0: failed to get current value for ch 0 (-22) [ 161.218979][ T4306] usb 3-1: USB disconnect, device number 5 [ 161.519025][ T4793] udevd[4793]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 162.319035][ T5000] loop0: detected capacity change from 0 to 128 [ 162.327328][ T5000] VFS: Found a Xenix FS (block size = 512) on device loop0 [ 162.335268][ T5000] sysv_free_block: trying to free block not in datazone [ 162.344568][ T5000] sysv_free_inode: inode 0,1,2 or nonexistent inode [ 162.516264][ T5002] device wg2 entered promiscuous mode [ 163.513941][ T5009] IPv6: ADDRCONF(NETDEV_CHANGE): vlan2: link becomes ready [ 163.545438][ T4379] IPv6: ADDRCONF(NETDEV_CHANGE): vlan2: link becomes ready [ 163.584596][ T5009] device vlan2 entered promiscuous mode [ 163.597815][ T5009] device gretap0 entered promiscuous mode [ 163.619434][ T5009] IPv6: ADDRCONF(NETDEV_CHANGE): vlan2: link becomes ready [ 163.628472][ T5013] loop1: detected capacity change from 0 to 128 [ 166.243451][ T4972] usbtmc 4-1:16.0: usb_control_msg returned -110 [ 166.282872][ T4468] usb 4-1: USB disconnect, device number 3 [ 166.287823][ T4351] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 166.431365][ T5040] loop1: detected capacity change from 0 to 8 [ 166.464899][ T5040] MTD: Attempt to mount non-MTD device "/dev/loop1" [ 166.647468][ T5040] cramfs: Error -5 while decompressing! [ 166.671456][ T5040] cramfs: ffffffff9754c568(26)->ffff8880695d5000(4096) [ 166.722191][ T4351] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 166.745106][ T5040] cramfs: Error -3 while decompressing! [ 166.750716][ T5040] cramfs: ffffffff9754c582(26)->ffff888052f99000(4096) [ 166.788282][ T5040] cramfs: Error -3 while decompressing! [ 166.808319][ T5040] cramfs: ffffffff9754c59c(16)->ffff8880695d2000(4096) [ 166.817438][ T4351] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 166.833605][ T5040] cramfs: Error -5 while decompressing! [ 166.839229][ T5040] cramfs: ffffffff9754c568(26)->ffff8880695d5000(4096) [ 166.913936][ T4351] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 167.400690][ T5054] loop4: detected capacity change from 0 to 128 [ 169.005831][ T4267] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 169.016411][ T4267] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 169.024846][ T4267] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 169.036645][ T4267] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 169.045473][ T4267] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 169.053011][ T4267] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 170.176103][ T4306] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 170.475206][ T4306] usb 2-1: Using ep0 maxpacket: 8 [ 170.501251][ T4306] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 170.629296][ T4306] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 170.647180][ T4306] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 170.662520][ T4306] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 170.678299][ T4306] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 170.691808][ T4306] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 170.701039][ T4306] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 171.292362][ T4267] Bluetooth: hci4: command 0x0409 tx timeout [ 172.770650][ T5084] device syzkaller0 entered promiscuous mode [ 172.794774][ T4302] syzkaller0: tun_net_xmit 48 [ 173.512249][ T4267] Bluetooth: hci4: command 0x041b tx timeout [ 174.890292][ C1] hrtimer: interrupt took 52722 ns [ 175.735047][ T4267] Bluetooth: hci4: command 0x040f tx timeout [ 176.594871][ T5091] usbtmc 2-1:16.0: usb_control_msg returned -110 [ 176.632375][ T5106] IPv6: ADDRCONF(NETDEV_CHANGE): vlan2: link becomes ready [ 176.741976][ T4264] usb 2-1: USB disconnect, device number 4 [ 176.764260][ T4351] device gretap0 left promiscuous mode [ 177.179722][ T5120] loop3: detected capacity change from 0 to 8192 [ 177.285274][ T22] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 177.498197][ T22] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 177.570191][ T22] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 177.703311][ T22] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 177.750896][ T4781] IPv6: ADDRCONF(NETDEV_CHANGE): vlan2: link becomes ready [ 177.897121][ T22] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 177.910106][ T22] usb 3-1: SerialNumber: syz [ 177.958641][ T4267] Bluetooth: hci4: command 0x0419 tx timeout [ 178.220639][ T22] usb 3-1: 0:2 : does not exist [ 178.241910][ T22] usb 3-1: USB disconnect, device number 6 [ 179.010008][ T4793] udevd[4793]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 179.731541][ T5069] chnl_net:caif_netlink_parms(): no params data found [ 180.079402][ T5165] loop2: detected capacity change from 0 to 1024 [ 180.245813][ T5173] hfsplus: inconsistency in B*Tree (9,1,255,1,0) [ 180.262574][ T5173] hfsplus: xattr searching failed [ 180.520096][ T4640] hfsplus: b-tree write err: -5, ino 4 [ 180.529012][ T4351] device hsr_slave_0 left promiscuous mode [ 180.591441][ T4351] device hsr_slave_1 left promiscuous mode [ 180.600137][ T4351] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 180.616778][ T4351] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 180.636774][ T4351] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 180.642178][ T4468] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 180.670623][ T4351] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 180.699818][ T5186] loop2: detected capacity change from 0 to 1024 [ 180.702605][ T4351] device bridge_slave_1 left promiscuous mode [ 180.725607][ T4351] bridge0: port 2(bridge_slave_1) entered disabled state [ 180.752060][ T4351] device bridge_slave_0 left promiscuous mode [ 180.758400][ T4351] bridge0: port 1(bridge_slave_0) entered disabled state [ 180.900454][ T4351] device veth1_macvtap left promiscuous mode [ 180.908181][ T5186] hfsplus: xattr searching failed [ 180.914607][ T4351] device veth0_macvtap left promiscuous mode [ 180.922649][ T4351] device veth1_vlan left promiscuous mode [ 180.928556][ T4351] device veth0_vlan left promiscuous mode [ 180.980958][ T5190] loop4: detected capacity change from 0 to 128 [ 181.103758][ T4468] usb 4-1: Using ep0 maxpacket: 8 [ 181.112871][ T4468] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 181.121231][ T4468] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 181.131626][ T4468] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 181.141640][ T4468] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 181.165722][ T4468] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 181.179265][ T4468] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 181.494252][ T4468] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 181.891095][ T4468] usb 4-1: usb_control_msg returned -32 [ 181.909745][ T4468] usbtmc 4-1:16.0: can't read capabilities [ 181.923936][ T4654] hfsplus: b-tree write err: -5, ino 3 [ 181.935243][ T4468] usb 4-1: USB disconnect, device number 4 [ 183.653668][ T4351] team0 (unregistering): Port device team_slave_1 removed [ 183.791612][ T4351] team0 (unregistering): Port device team_slave_0 removed [ 183.866227][ T4351] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 183.944007][ T4351] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 184.052240][ T4468] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 184.279243][ T4468] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 184.289815][ T4468] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 184.301569][ T4468] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 184.313567][ T4468] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 184.322225][ T4468] usb 3-1: SerialNumber: syz [ 184.575083][ T4468] usb 3-1: 0:2 : does not exist [ 184.661805][ T4468] usb 3-1: USB disconnect, device number 7 [ 184.792280][ T4351] bond0 (unregistering): Released all slaves [ 184.821489][ T5209] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 185.099640][ T5069] bridge0: port 1(bridge_slave_0) entered blocking state [ 185.108055][ T5069] bridge0: port 1(bridge_slave_0) entered disabled state [ 185.116913][ T5069] device bridge_slave_0 entered promiscuous mode [ 185.127447][ T5069] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.153640][ T5069] bridge0: port 2(bridge_slave_1) entered disabled state [ 185.182376][ T5069] device bridge_slave_1 entered promiscuous mode [ 185.336697][ T5069] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 185.409125][ T5069] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 185.453387][ T5211] kvm: emulating exchange as write [ 185.584626][ T5069] team0: Port device team_slave_0 added [ 185.604430][ T5069] team0: Port device team_slave_1 added [ 185.776823][ T5221] netlink: 12 bytes leftover after parsing attributes in process `syz.1.270'. [ 185.855505][ T5226] loop2: detected capacity change from 0 to 1024 [ 185.916254][ T5069] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 185.934881][ T5069] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 185.996994][ T5069] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 186.041993][ T5226] hfsplus: xattr searching failed [ 186.067404][ T5069] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 186.090535][ T5069] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 186.146104][ T5069] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 186.245547][ T4640] hfsplus: b-tree write err: -5, ino 3 [ 186.325376][ T5069] device hsr_slave_0 entered promiscuous mode [ 186.357325][ T5069] device hsr_slave_1 entered promiscuous mode [ 186.370433][ T5069] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 186.390254][ T5069] Cannot create hsr debugfs directory [ 186.415718][ T4300] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 186.658548][ T5246] loop4: detected capacity change from 0 to 128 [ 186.703729][ T4300] usb 2-1: Using ep0 maxpacket: 8 [ 186.711919][ T4300] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 186.742627][ T4300] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 186.984961][ T4300] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 187.236707][ T4300] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 187.290814][ T4300] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 187.304578][ T4300] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 187.314030][ T4300] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 188.167504][ T4300] usb 2-1: usb_control_msg returned -32 [ 188.181770][ T4300] usbtmc 2-1:16.0: can't read capabilities [ 188.270998][ T4300] usb 2-1: USB disconnect, device number 5 [ 188.649521][ T4306] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 188.728893][ T5275] netlink: 12 bytes leftover after parsing attributes in process `syz.3.283'. [ 188.865017][ T4306] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 188.892176][ T4306] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 188.944684][ T4306] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 188.955533][ T5279] loop1: detected capacity change from 0 to 512 [ 188.969323][ T4306] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 189.003931][ T4306] usb 5-1: SerialNumber: syz [ 189.036183][ T5279] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 189.115176][ T5285] loop3: detected capacity change from 0 to 1024 [ 189.127589][ T5286] loop2: detected capacity change from 0 to 512 [ 189.207729][ T5069] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 189.224591][ T5286] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 189.234540][ T5285] hfsplus: xattr searching failed [ 189.240351][ T5069] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 189.247907][ T4306] usb 5-1: 0:2 : does not exist [ 189.283315][ T5069] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 189.306812][ T5069] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 189.329502][ T4306] usb 5-1: USB disconnect, device number 2 [ 189.360480][ T5286] [EXT4 FS bs=4096, gc=1, bpg=3008, ipg=32, mo=a002e018, mo2=0000] [ 189.371516][ T5286] EXT4-fs (loop2): failed to initialize system zone (-117) [ 189.398633][ T5279] EXT4-fs error (device loop1): ext4_do_update_inode:5224: inode #16: comm syz.1.284: corrupted inode contents [ 189.402404][ T5286] EXT4-fs (loop2): mount failed [ 189.460788][ T5279] EXT4-fs error (device loop1): ext4_dirty_inode:6089: inode #16: comm syz.1.284: mark_inode_dirty error [ 189.500160][ T5279] EXT4-fs error (device loop1): ext4_do_update_inode:5224: inode #16: comm syz.1.284: corrupted inode contents [ 189.527752][ T5279] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #16: comm syz.1.284: mark_inode_dirty error [ 189.528834][ T4318] hfsplus: b-tree write err: -5, ino 3 [ 189.546995][ T5069] 8021q: adding VLAN 0 to HW filter on device bond0 [ 189.569286][ T5279] EXT4-fs error (device loop1): ext4_do_update_inode:5224: inode #16: comm syz.1.284: corrupted inode contents [ 189.619538][ T4318] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 189.630157][ T5279] EXT4-fs error (device loop1) in ext4_orphan_del:305: Corrupt filesystem [ 189.654647][ T5279] EXT4-fs error (device loop1): ext4_do_update_inode:5224: inode #16: comm syz.1.284: corrupted inode contents [ 189.666897][ T4318] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 189.676464][ T5279] EXT4-fs error (device loop1): ext4_truncate:4311: inode #16: comm syz.1.284: mark_inode_dirty error [ 189.701408][ T5069] 8021q: adding VLAN 0 to HW filter on device team0 [ 189.836503][ T5069] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 189.877045][ T5069] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 189.898791][ T5279] EXT4-fs error (device loop1) in ext4_process_orphan:347: Corrupt filesystem [ 189.921915][ T4318] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 189.934696][ T5279] EXT4-fs (loop1): 1 truncate cleaned up [ 189.942333][ T5279] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 189.952073][ T5279] ext4 filesystem being mounted at /47/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 189.956316][ T4318] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 189.974060][ T11] Quota error (device loop1): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 190.014930][ T4318] bridge0: port 1(bridge_slave_0) entered blocking state [ 190.022239][ T4318] bridge0: port 1(bridge_slave_0) entered forwarding state [ 190.034724][ T11] EXT4-fs error (device loop1): ext4_release_dquot:6818: comm kworker/u4:1: Failed to release dquot type 1 [ 190.066688][ T4318] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 190.093574][ T5279] Quota error (device loop1): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 190.103778][ T4318] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 190.105558][ T4318] bridge0: port 2(bridge_slave_1) entered blocking state [ 190.119120][ T4318] bridge0: port 2(bridge_slave_1) entered forwarding state [ 190.131846][ T5279] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 190.155815][ T5279] EXT4-fs error (device loop1): ext4_acquire_dquot:6795: comm syz.1.284: Failed to acquire dquot type 1 [ 190.162582][ T4318] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 190.173159][ T5305] loop2: detected capacity change from 0 to 512 [ 190.228608][ T4318] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 190.257022][ T4318] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 190.266383][ T4318] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 190.266604][ T4250] EXT4-fs (loop1): unmounting filesystem. [ 190.276424][ T4318] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 190.290354][ T4318] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 190.302289][ T4318] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 190.311654][ T4318] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 190.321161][ T4318] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 190.330060][ T4318] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 190.339238][ T4318] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 190.347523][ T4318] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 190.355868][ T4318] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 190.411576][ T5305] EXT4-fs (loop2): 1 orphan inode deleted [ 190.421558][ T4640] Quota error (device loop2): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 190.470840][ T4640] EXT4-fs error (device loop2): ext4_release_dquot:6818: comm kworker/u4:16: Failed to release dquot type 1 [ 190.489606][ T5305] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 190.555825][ T5305] ext4 filesystem being mounted at /67/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 191.667866][ T5328] loop4: detected capacity change from 0 to 512 [ 191.724527][ T5328] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 191.812072][ T5328] EXT4-fs warning (device loop4): ext4_expand_extra_isize_ea:2809: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 191.826753][ T952] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 191.848042][ T27] audit: type=1800 audit(1739525538.827:2): pid=5305 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.289" name="file1" dev="loop2" ino=15 res=0 errno=0 [ 191.869211][ T5328] EXT4-fs (loop4): 1 truncate cleaned up [ 191.892969][ T5328] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 191.905053][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 191.940509][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 192.014104][ T4251] EXT4-fs (loop2): unmounting filesystem. [ 192.027619][ T952] usb 4-1: Using ep0 maxpacket: 8 [ 192.035525][ T952] usb 4-1: config 0 has an invalid interface number: 31 but max is 0 [ 192.045655][ T952] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 192.057159][ T952] usb 4-1: config 0 has no interface number 0 [ 192.076546][ T5069] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 192.087638][ T952] usb 4-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16 [ 192.102254][ T952] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 192.121368][ T952] usb 4-1: Product: syz [ 192.132228][ T952] usb 4-1: Manufacturer: syz [ 192.139141][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 192.147672][ T952] usb 4-1: SerialNumber: syz [ 192.155154][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 192.219319][ T952] usb 4-1: config 0 descriptor?? [ 192.252303][ T4264] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 192.527852][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 192.551365][ T4264] usb 2-1: Using ep0 maxpacket: 8 [ 192.647456][ T4264] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 192.707638][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 192.716070][ T4264] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 192.768416][ T5069] device veth0_vlan entered promiscuous mode [ 192.776256][ T4264] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 192.791658][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 192.812273][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 192.835845][ T4264] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 192.851331][ T5343] netlink: 12 bytes leftover after parsing attributes in process `syz.2.295'. [ 192.884955][ T5069] device veth1_vlan entered promiscuous mode [ 192.908825][ T4264] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 192.910327][ T952] usb 4-1: Found UVC 0.04 device syz (046d:08c3) [ 192.929558][ T952] usb 4-1: No valid video chain found. [ 192.979320][ T4264] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 192.996140][ T4264] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 193.005071][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 193.019867][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 193.047118][ T4248] EXT4-fs (loop4): unmounting filesystem. [ 193.067295][ T5069] device veth0_macvtap entered promiscuous mode [ 193.080496][ T5346] loop2: detected capacity change from 0 to 1024 [ 193.082066][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 193.121802][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 193.163919][ T4306] usb 4-1: USB disconnect, device number 5 [ 193.200313][ T5069] device veth1_macvtap entered promiscuous mode [ 193.223560][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 193.242387][ T5346] hfsplus: xattr searching failed [ 193.242547][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 193.278610][ T4264] usb 2-1: usb_control_msg returned -32 [ 193.284438][ T4264] usbtmc 2-1:16.0: can't read capabilities [ 193.317943][ T4264] usb 2-1: USB disconnect, device number 6 [ 193.321862][ T5349] device sit0 entered promiscuous mode [ 193.346790][ T5349] netlink: 'syz.4.296': attribute type 1 has an invalid length. [ 193.356568][ T41] hfsplus: b-tree write err: -5, ino 3 [ 193.379518][ T5349] netlink: 1 bytes leftover after parsing attributes in process `syz.4.296'. [ 193.444786][ T5069] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 193.466265][ T5069] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 193.478853][ T5069] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 193.489851][ T5069] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 193.500828][ T5069] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 193.512184][ T5069] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 193.523100][ T5069] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 193.555618][ T5069] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 193.604305][ T5069] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 193.622326][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 193.635847][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 193.660581][ T5069] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 193.682863][ T5069] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 193.703137][ T5069] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 193.721698][ T5069] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 193.747259][ T5069] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 193.759674][ T5069] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 193.769631][ T5069] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 193.786523][ T5069] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 193.833943][ T5069] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 193.894576][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 193.927403][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 194.076098][ T5069] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 194.131875][ T5069] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 194.152311][ T5069] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 194.176274][ T5069] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 196.623090][ T5371] device wg2 entered promiscuous mode [ 196.900140][ T5398] loop2: detected capacity change from 0 to 1024 [ 197.020499][ T5398] hfsplus: xattr searching failed [ 197.062760][ T4379] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 197.079914][ T4379] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 197.138473][ T4387] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 197.213008][ T4387] hfsplus: b-tree write err: -5, ino 3 [ 197.304640][ T4379] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 197.318983][ T4379] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 197.359020][ T5388] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 197.772822][ T5415] loop1: detected capacity change from 0 to 164 [ 198.416945][ T5425] loop1: detected capacity change from 0 to 8192 [ 200.072355][ T4473] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 200.289017][ T4473] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 200.460609][ T4473] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 200.723341][ T5452] device wg2 left promiscuous mode [ 200.768578][ T5460] device wg2 entered promiscuous mode [ 200.787539][ T5462] loop1: detected capacity change from 0 to 8 [ 200.847176][ T4298] usb 4-1: new full-speed USB device number 6 using dummy_hcd [ 200.925470][ T4473] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 201.052927][ T4298] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 201.076069][ T4298] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 201.136620][ T4298] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 201.136655][ T4298] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5 [ 201.138103][ T4298] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 201.138134][ T4298] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 201.138156][ T4298] usb 4-1: Manufacturer: syz [ 201.147636][ T4298] usb 4-1: config 0 descriptor?? [ 201.149257][ T5472] loop4: detected capacity change from 0 to 2048 [ 201.173992][ T5472] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 201.419523][ T5478] loop2: detected capacity change from 0 to 256 [ 201.500790][ T4269] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 201.503577][ T4269] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 201.506678][ T4269] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 201.516676][ T4269] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 201.518470][ T4269] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 201.518847][ T4269] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 201.603734][ T5478] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 201.638294][ T4298] rc_core: IR keymap rc-hauppauge not found [ 201.644257][ T4298] Registered IR keymap rc-empty [ 201.650250][ T4298] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 201.681179][ T4298] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 201.713716][ T4298] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0 [ 201.758353][ T4298] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input6 [ 201.843594][ T5488] loop4: detected capacity change from 0 to 2048 [ 201.851518][ T4298] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 201.907092][ T4298] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 202.131943][ T4298] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 202.156843][ T5488] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 202.162249][ T4298] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 202.215794][ T4298] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 202.262325][ T4298] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 202.312016][ T4298] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 202.341038][ T5487] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 202.358374][ T4298] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 202.397325][ T4298] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 202.405007][ T5487] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 84 with error 28 [ 202.439520][ T5487] EXT4-fs (loop4): This should not happen!! Data will be lost [ 202.439520][ T5487] [ 202.450827][ T4298] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 202.472163][ T5487] EXT4-fs (loop4): Total free blocks count 0 [ 202.484589][ T4298] mceusb 4-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 202.494875][ T5487] EXT4-fs (loop4): Free/Dirty block details [ 202.496788][ T5501] loop1: detected capacity change from 0 to 1764 [ 202.500857][ T5487] EXT4-fs (loop4): free_blocks=2415919104 [ 202.518685][ T5487] EXT4-fs (loop4): dirty_blocks=96 [ 202.524252][ T4298] mceusb 4-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 202.534000][ T5487] EXT4-fs (loop4): Block reservation details [ 202.558387][ T4298] usb 4-1: USB disconnect, device number 6 [ 202.622159][ T5487] EXT4-fs (loop4): i_reserved_data_blocks=6 [ 202.790386][ T4248] EXT4-fs (loop4): unmounting filesystem. [ 203.241054][ T5482] chnl_net:caif_netlink_parms(): no params data found [ 203.701670][ T4269] Bluetooth: hci4: command 0x0409 tx timeout [ 204.394549][ T5533] loop3: detected capacity change from 0 to 16 [ 204.469445][ T5533] erofs: (device loop3): mounted with root inode @ nid 36. [ 204.932596][ T5546] loop2: detected capacity change from 0 to 2048 [ 204.939317][ T5482] bridge0: port 1(bridge_slave_0) entered blocking state [ 204.963170][ T5482] bridge0: port 1(bridge_slave_0) entered disabled state [ 205.003934][ T5482] device bridge_slave_0 entered promiscuous mode [ 205.013022][ T5546] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 205.047053][ T5482] bridge0: port 2(bridge_slave_1) entered blocking state [ 205.057400][ T5482] bridge0: port 2(bridge_slave_1) entered disabled state [ 205.065766][ T5482] device bridge_slave_1 entered promiscuous mode [ 205.138300][ T4473] device hsr_slave_0 left promiscuous mode [ 205.166364][ T4473] device hsr_slave_1 left promiscuous mode [ 205.227008][ T5545] EXT4-fs error (device loop2): ext4_map_blocks:744: inode #18: block 62218: comm syz.2.336: lblock 0 mapped to illegal pblock 62218 (length 1) [ 205.251846][ T4473] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 205.259376][ T4473] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 205.309420][ T5545] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 117 [ 205.340588][ T4473] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 205.369418][ T5545] EXT4-fs (loop2): This should not happen!! Data will be lost [ 205.369418][ T5545] [ 205.381356][ T4473] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 205.428463][ T4473] device bridge_slave_1 left promiscuous mode [ 205.455538][ T4473] bridge0: port 2(bridge_slave_1) entered disabled state [ 205.466696][ T4473] device bridge_slave_0 left promiscuous mode [ 205.487173][ T4473] bridge0: port 1(bridge_slave_0) entered disabled state [ 205.612813][ T5560] loop3: detected capacity change from 0 to 256 [ 205.619965][ T4473] device veth1_macvtap left promiscuous mode [ 205.636634][ T4473] device veth0_macvtap left promiscuous mode [ 205.644253][ T4473] device veth1_vlan left promiscuous mode [ 205.645285][ T4251] EXT4-fs error (device loop2): ext4_map_blocks:634: inode #2: block 16: comm syz-executor: lblock 0 mapped to illegal pblock 16 (length 1) [ 205.661531][ T4473] device veth0_vlan left promiscuous mode [ 205.768913][ T4251] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5885: Corrupt filesystem [ 205.809097][ T4251] EXT4-fs error (device loop2): ext4_dirty_inode:6089: inode #18: comm syz-executor: mark_inode_dirty error [ 205.813084][ T5562] loop1: detected capacity change from 0 to 512 [ 205.845327][ T5562] EXT4-fs: inline encryption not supported [ 205.866295][ T4251] EXT4-fs (loop2): Inode 18 (ffff8880729d6450): i_reserved_data_blocks (1) not cleared! [ 205.881615][ T4251] EXT4-fs (loop2): unmounting filesystem. [ 205.925357][ T4269] Bluetooth: hci4: command 0x041b tx timeout [ 206.004074][ T5562] EXT4-fs error (device loop1): ext4_do_update_inode:5224: inode #16: comm syz.1.343: corrupted inode contents [ 206.136450][ T5562] EXT4-fs (loop1): Remounting filesystem read-only [ 206.153246][ T5562] EXT4-fs error (device loop1): ext4_dirty_inode:6089: inode #16: comm syz.1.343: mark_inode_dirty error [ 206.212753][ T5562] EXT4-fs (loop1): Remounting filesystem read-only [ 206.231437][ T5562] EXT4-fs error (device loop1): ext4_do_update_inode:5224: inode #16: comm syz.1.343: corrupted inode contents [ 206.360366][ T5562] EXT4-fs (loop1): Remounting filesystem read-only [ 206.377883][ T5562] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #16: comm syz.1.343: mark_inode_dirty error [ 206.433667][ T5562] EXT4-fs (loop1): Remounting filesystem read-only [ 206.533339][ T5562] EXT4-fs error (device loop1): ext4_do_update_inode:5224: inode #16: comm syz.1.343: corrupted inode contents [ 206.651497][ T5562] EXT4-fs (loop1): Remounting filesystem read-only [ 206.739664][ T5562] EXT4-fs error (device loop1) in ext4_orphan_del:305: Corrupt filesystem [ 206.781001][ T5562] EXT4-fs (loop1): Remounting filesystem read-only [ 206.799884][ T5562] EXT4-fs error (device loop1): ext4_do_update_inode:5224: inode #16: comm syz.1.343: corrupted inode contents [ 206.819745][ T5562] EXT4-fs (loop1): Remounting filesystem read-only [ 206.828793][ T5562] EXT4-fs error (device loop1): ext4_truncate:4311: inode #16: comm syz.1.343: mark_inode_dirty error [ 206.855900][ T5562] EXT4-fs (loop1): Remounting filesystem read-only [ 206.868345][ T5562] EXT4-fs error (device loop1) in ext4_process_orphan:347: Corrupt filesystem [ 206.886714][ T5562] EXT4-fs (loop1): Remounting filesystem read-only [ 206.931171][ T5562] EXT4-fs (loop1): 1 truncate cleaned up [ 206.938191][ T5562] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 206.958625][ T56] Quota error (device loop1): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 206.970172][ T56] EXT4-fs error (device loop1): ext4_release_dquot:6818: comm kworker/u4:4: Failed to release dquot type 1 [ 206.984568][ T5562] ext4 filesystem being mounted at /62/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 207.048969][ T56] EXT4-fs (loop1): Remounting filesystem read-only [ 207.226919][ T5576] loop4: detected capacity change from 0 to 512 [ 207.266268][ T5576] EXT4-fs (loop4): orphan cleanup on readonly fs [ 207.274649][ T5576] EXT4-fs error (device loop4): ext4_ext_check_inode:520: inode #3: comm syz.4.347: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0) [ 207.303826][ T5576] EXT4-fs error (device loop4): ext4_quota_enable:6989: comm syz.4.347: Bad quota inode: 3, type: 0 [ 207.319362][ T5576] EXT4-fs warning (device loop4): ext4_enable_quotas:7030: Failed to enable quota tracking (type=0, err=-117, ino=3). Please run e2fsck to fix. [ 207.334712][ T5576] EXT4-fs (loop4): Cannot turn on quotas: error -117 [ 207.341821][ T5576] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 207.368844][ T5576] EXT4-fs (loop4): shut down requested (2) [ 207.376611][ T5576] EXT4-fs (loop4): warning: mounting fs with errors, running e2fsck is recommended [ 207.385891][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 207.385968][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 207.406050][ T4250] EXT4-fs (loop1): unmounting filesystem. [ 207.426776][ T5576] EXT4-fs warning (device loop4): ext4_enable_quotas:7030: Failed to enable quota tracking (type=0, err=-117, ino=3). Please run e2fsck to fix. [ 207.527799][ T4248] EXT4-fs (loop4): unmounting filesystem. [ 207.609959][ T4473] team0 (unregistering): Port device team_slave_1 removed [ 207.702308][ T4473] team0 (unregistering): Port device team_slave_0 removed [ 207.811779][ T4473] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 207.948582][ T4473] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 208.894005][ T4269] Bluetooth: hci4: command 0x040f tx timeout [ 209.574272][ T5591] loop4: detected capacity change from 0 to 1024 [ 209.602836][ T4269] Bluetooth: hci1: command 0x0406 tx timeout [ 209.608908][ T4269] Bluetooth: hci0: command 0x0406 tx timeout [ 209.615144][ T4267] Bluetooth: hci3: command 0x0406 tx timeout [ 209.750810][ T5591] hfsplus: xattr searching failed [ 209.761474][ T27] audit: type=1800 audit(1739525555.580:3): pid=5591 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.351" name="file1" dev="loop4" ino=3 res=0 errno=0 [ 209.871085][ T11] hfsplus: b-tree write err: -5, ino 3 [ 210.496277][ T4473] bond0 (unregistering): Released all slaves [ 210.718031][ T5482] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 210.771168][ T5482] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 210.980853][ T5482] team0: Port device team_slave_0 added [ 211.031798][ T5482] team0: Port device team_slave_1 added [ 211.057000][ T4269] Bluetooth: hci4: command 0x0419 tx timeout [ 211.248491][ T5482] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 211.267879][ T5482] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 211.371460][ T5482] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 211.396380][ T5482] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 211.420363][ T5482] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 211.516392][ T5482] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 211.600158][ T5621] loop4: detected capacity change from 0 to 164 [ 211.638437][ T5621] rock: corrupted directory entry. extent=41, offset=65536, size=8 [ 211.793861][ T5482] device hsr_slave_0 entered promiscuous mode [ 211.889760][ T5482] device hsr_slave_1 entered promiscuous mode [ 212.219889][ T5482] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 212.416641][ T5482] Cannot create hsr debugfs directory [ 213.152643][ T4473] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 213.569186][ T4261] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 213.579020][ T4267] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 213.589361][ T4261] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 213.597611][ T4267] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 213.607910][ T4261] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 213.616085][ T4267] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 213.816666][ T4473] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 213.950310][ T4473] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 214.054161][ T4473] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 214.189227][ T4306] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 214.249713][ T5646] loop3: detected capacity change from 0 to 2048 [ 214.269261][ T5646] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 214.391641][ T4252] EXT4-fs (loop3): unmounting filesystem. [ 214.426511][ T4306] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 214.443102][ T4306] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 214.461539][ T4306] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 214.478921][ T4306] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 214.498890][ T4306] usb 2-1: SerialNumber: syz [ 214.619759][ T5656] loop3: detected capacity change from 0 to 16 [ 214.672998][ T5656] erofs: (device loop3): mounted with root inode @ nid 36. [ 214.695078][ T5634] chnl_net:caif_netlink_parms(): no params data found [ 214.736164][ T4306] usb 2-1: 0:2 : does not exist [ 214.885101][ T4306] usb 2-1: USB disconnect, device number 7 [ 215.193072][ T5482] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 215.205357][ T4793] udevd[4793]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 215.272332][ T5482] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 215.319454][ T5482] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 215.326710][ T952] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 215.380845][ T5634] bridge0: port 1(bridge_slave_0) entered blocking state [ 215.391673][ T5634] bridge0: port 1(bridge_slave_0) entered disabled state [ 215.413151][ T5634] device bridge_slave_0 entered promiscuous mode [ 215.470961][ T5482] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 215.532479][ T5634] bridge0: port 2(bridge_slave_1) entered blocking state [ 215.546933][ T952] usb 4-1: Using ep0 maxpacket: 16 [ 215.554616][ T952] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 215.579338][ T5634] bridge0: port 2(bridge_slave_1) entered disabled state [ 215.586287][ T952] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 215.599967][ T5634] device bridge_slave_1 entered promiscuous mode [ 215.609507][ T952] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 215.621719][ T952] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 215.629827][ T952] usb 4-1: Product: syz [ 215.634755][ T952] usb 4-1: Manufacturer: syz [ 215.639402][ T952] usb 4-1: SerialNumber: syz [ 215.846171][ T4269] Bluetooth: hci2: command 0x0409 tx timeout [ 215.858985][ T5634] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 215.884224][ T952] usb 4-1: 0:2 : does not exist [ 215.892597][ T5634] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 215.910348][ T952] usb 4-1: 5:0: failed to get current value for ch 0 (-22) [ 215.938148][ T952] usb 4-1: USB disconnect, device number 7 [ 216.189375][ T4793] udevd[4793]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 216.276468][ T5634] team0: Port device team_slave_0 added [ 216.346121][ T5634] team0: Port device team_slave_1 added [ 216.347721][ T5694] loop4: detected capacity change from 0 to 16 [ 216.367707][ T5482] 8021q: adding VLAN 0 to HW filter on device bond0 [ 216.410924][ T5694] erofs: (device loop4): mounted with root inode @ nid 36. [ 216.837376][ T5634] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 216.837526][ T5704] loop4: detected capacity change from 0 to 512 [ 216.861223][ T5634] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 216.862632][ T5704] EXT4-fs: Ignoring removed mblk_io_submit option [ 218.048474][ T5634] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 218.070061][ T4269] Bluetooth: hci2: command 0x041b tx timeout [ 218.121989][ T5482] 8021q: adding VLAN 0 to HW filter on device team0 [ 218.216535][ T4640] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 218.252484][ T5704] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=b816c118, mo2=0002] [ 218.261412][ T4640] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 218.303885][ T5704] System zones: 1-12 [ 218.323896][ T5704] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2186: inode #15: comm syz.4.378: corrupted in-inode xattr [ 218.398196][ T5704] EXT4-fs error (device loop4): ext4_orphan_get:1405: comm syz.4.378: couldn't read orphan inode 15 (err -117) [ 218.460437][ T5704] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 218.530137][ T5634] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 218.537184][ T5634] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 218.688591][ T5634] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 219.438275][ T5388] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 219.461903][ T5388] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 219.473069][ T4248] EXT4-fs (loop4): unmounting filesystem. [ 219.543215][ T5388] bridge0: port 1(bridge_slave_0) entered blocking state [ 219.550462][ T5388] bridge0: port 1(bridge_slave_0) entered forwarding state [ 219.567129][ T5388] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 219.588547][ T5388] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 219.597288][ T5388] bridge0: port 2(bridge_slave_1) entered blocking state [ 219.604489][ T5388] bridge0: port 2(bridge_slave_1) entered forwarding state [ 219.855236][ T4473] device hsr_slave_0 left promiscuous mode [ 219.882456][ T5721] loop3: detected capacity change from 0 to 512 [ 219.929975][ T4473] device hsr_slave_1 left promiscuous mode [ 219.931065][ T5721] EXT4-fs: Ignoring removed orlov option [ 219.990502][ T5721] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 220.002244][ T4473] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 220.015523][ T4473] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 220.054896][ T4473] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 220.076605][ T4473] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 220.080213][ T5721] EXT4-fs error (device loop3): ext4_orphan_get:1400: inode #15: comm syz.3.381: casefold flag without casefold feature [ 220.114463][ T4473] device bridge_slave_1 left promiscuous mode [ 220.120792][ T4473] bridge0: port 2(bridge_slave_1) entered disabled state [ 220.151741][ T4473] device bridge_slave_0 left promiscuous mode [ 220.240228][ T5721] EXT4-fs (loop3): Remounting filesystem read-only [ 220.246858][ T5721] EXT4-fs error (device loop3): ext4_orphan_get:1405: comm syz.3.381: couldn't read orphan inode 15 (err -117) [ 220.278305][ T4473] bridge0: port 1(bridge_slave_0) entered disabled state [ 220.284196][ T5721] EXT4-fs (loop3): Remounting filesystem read-only [ 220.291953][ T5721] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 220.302157][ T4269] Bluetooth: hci2: command 0x040f tx timeout [ 220.820295][ T4473] device veth1_macvtap left promiscuous mode [ 220.858404][ T4473] device veth0_macvtap left promiscuous mode [ 220.881492][ T4473] device veth1_vlan left promiscuous mode [ 220.887403][ T4473] device veth0_vlan left promiscuous mode [ 220.922366][ T4252] EXT4-fs (loop3): unmounting filesystem. [ 220.970043][ T5730] loop1: detected capacity change from 0 to 128 [ 221.009126][ T5730] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (39871!=39978) [ 221.043511][ T5730] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 221.261475][ T4250] EXT4-fs (loop1): unmounting filesystem. [ 221.403904][ T5738] loop1: detected capacity change from 0 to 1024 [ 221.524629][ T11] hfsplus: b-tree write err: -5, ino 4 [ 223.360837][ T4269] Bluetooth: hci2: command 0x0419 tx timeout [ 223.427899][ T4473] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 223.572074][ T4473] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 224.707533][ T4473] bond0 (unregistering): Released all slaves [ 224.770274][ T5753] binder: binder_mmap: 5752 400000ffd000-400001000000 bad vm_flags failed -1 [ 224.853096][ T5388] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 224.862085][ T5388] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 224.871686][ T5388] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 224.892283][ T5388] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 224.910958][ T5388] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 224.931762][ T5482] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 224.950109][ T5482] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 224.981216][ T5634] device hsr_slave_0 entered promiscuous mode [ 224.991772][ T5634] device hsr_slave_1 entered promiscuous mode [ 224.999573][ T5634] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 225.007636][ T5634] Cannot create hsr debugfs directory [ 225.014251][ T5733] netlink: 12 bytes leftover after parsing attributes in process `syz.4.385'. [ 225.029521][ T5388] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 225.058311][ T5388] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 225.068406][ T5388] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 225.116477][ T5388] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 225.161082][ T5388] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 225.192366][ T5388] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 225.214951][ T5388] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 225.583989][ T5388] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 226.474599][ T5775] loop3: detected capacity change from 0 to 8 [ 226.961026][ T5775] SQUASHFS error: Failed to read block 0x63a: -5 [ 226.969745][ T5775] SQUASHFS error: Unable to read metadata cache entry [638] [ 226.978500][ T5775] SQUASHFS error: Unable to read directory block [26067d:ffff] [ 227.061497][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 227.083267][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 227.122466][ T5634] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 227.162982][ T5482] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 227.185323][ T5634] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 227.218104][ T5634] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 227.270656][ T4473] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 227.280740][ T4473] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 227.291164][ T5634] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 227.497463][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 228.739919][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 228.783383][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 228.913876][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 228.981116][ T5792] loop4: detected capacity change from 0 to 128 [ 229.203364][ T5482] device veth0_vlan entered promiscuous mode [ 229.262412][ T5482] device veth1_vlan entered promiscuous mode [ 229.830540][ T4351] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 229.841389][ T4351] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 229.961877][ T5482] device veth0_macvtap entered promiscuous mode [ 229.987545][ T4351] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 230.049866][ T5634] 8021q: adding VLAN 0 to HW filter on device bond0 [ 230.084370][ T5482] device veth1_macvtap entered promiscuous mode [ 230.117409][ T4473] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 230.482796][ T4473] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 230.566860][ T5634] 8021q: adding VLAN 0 to HW filter on device team0 [ 230.615111][ T5482] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 230.674189][ T5482] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 230.698792][ T5482] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 230.729592][ T5482] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 230.745916][ T5482] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 230.873021][ T5482] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 230.901880][ T5482] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 230.990348][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 231.001490][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 231.315042][ T5809] ip6t_REJECT: ECHOREPLY is not supported [ 231.377287][ T5809] loop3: detected capacity change from 0 to 512 [ 231.403665][ T5809] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 231.662406][ T5809] EXT4-fs (loop3): 1 truncate cleaned up [ 231.668761][ T5809] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 231.797108][ T5482] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 231.821369][ T5482] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 231.832461][ T5482] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 231.847295][ T5482] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 231.858964][ T5482] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 231.870105][ T5482] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 231.894646][ T5482] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 231.940193][ T5482] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 231.973367][ T5482] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 231.983011][ T5482] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 231.998912][ T5482] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 232.028350][ T4252] EXT4-fs (loop3): unmounting filesystem. [ 232.042905][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 232.051709][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 232.083248][ T5817] loop1: detected capacity change from 0 to 256 [ 232.110016][ T5817] ======================================================= [ 232.110016][ T5817] WARNING: The mand mount option has been deprecated and [ 232.110016][ T5817] and is ignored by this kernel. Remove the mand [ 232.110016][ T5817] option from the mount to silence this warning. [ 232.110016][ T5817] ======================================================= [ 232.130887][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 232.152234][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 232.192594][ T5817] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 232.295108][ T5817] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 232.313298][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 232.562517][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 232.574222][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 232.581463][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 232.612623][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 232.628037][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 232.724666][ T5814] netlink: 12 bytes leftover after parsing attributes in process `syz.4.403'. [ 232.858541][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 232.913587][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 232.952055][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 233.036278][ T5825] loop4: detected capacity change from 0 to 512 [ 233.068139][ T5825] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 233.124319][ T5825] EXT4-fs (loop4): 1 truncate cleaned up [ 233.130182][ T5825] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 233.163104][ T4351] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 233.240086][ T4351] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 233.249038][ T4351] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 234.015923][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 234.053326][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 234.102398][ T5634] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 234.126208][ T5634] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 234.139703][ T4248] EXT4-fs (loop4): unmounting filesystem. [ 234.146368][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 234.177162][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 234.183520][ T5832] loop3: detected capacity change from 0 to 2048 [ 234.238927][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 234.264133][ T5832] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 234.277762][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 234.288729][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 234.431682][ T4351] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 234.455248][ T4351] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 234.512569][ T4351] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 234.592341][ T4379] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 234.650882][ T4379] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 234.677328][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 235.372126][ T5634] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 235.652217][ T4534] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 235.856007][ T4379] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 235.863753][ T4379] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 235.968838][ T4534] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 236.123738][ T4534] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 236.273027][ T5878] loop1: detected capacity change from 0 to 512 [ 236.307222][ T4534] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 236.720714][ T5878] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 236.878810][ T5878] ext4 filesystem being mounted at /83/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 237.152810][ T4379] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 237.164651][ T4379] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 237.313455][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 237.322705][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 237.366472][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 237.376702][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 237.399913][ T5634] device veth0_vlan entered promiscuous mode [ 237.511473][ T4250] EXT4-fs (loop1): unmounting filesystem. [ 237.638630][ T5634] device veth1_vlan entered promiscuous mode [ 237.724752][ T5893] netlink: 12 bytes leftover after parsing attributes in process `syz.3.418'. [ 237.862484][ T5634] device veth0_macvtap entered promiscuous mode [ 237.880864][ T4261] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 237.897004][ T4261] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 237.918606][ T4261] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 237.928131][ T4261] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 237.937209][ T4261] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 237.947811][ T4261] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 238.219096][ T4351] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 238.228903][ T4351] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 238.237798][ T4351] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 238.272780][ T4351] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 239.134424][ T5634] device veth1_macvtap entered promiscuous mode [ 239.222407][ T4351] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 239.236876][ T4351] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 239.461909][ T26] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 239.537976][ T5634] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 239.564969][ T5634] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 239.597462][ T5634] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 239.614802][ T5634] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 239.628177][ T5634] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 239.654045][ T5634] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 239.678727][ T26] usb 5-1: unable to get BOS descriptor or descriptor too short [ 239.696853][ T5634] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 239.710058][ T26] usb 5-1: config 9 has an invalid interface number: 38 but max is 0 [ 239.724766][ T5634] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 239.736534][ T26] usb 5-1: config 9 has an invalid descriptor of length 0, skipping remainder of the config [ 239.757996][ T26] usb 5-1: config 9 has no interface number 0 [ 239.766839][ T5634] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 239.775936][ T26] usb 5-1: config 9 interface 38 altsetting 3 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 239.804647][ T26] usb 5-1: config 9 interface 38 has no altsetting 0 [ 239.812768][ T4513] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 239.827410][ T26] usb 5-1: New USB device found, idVendor=133e, idProduct=0815, bcdDevice=fd.63 [ 239.837235][ T4513] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 239.846915][ T26] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 239.854957][ T26] usb 5-1: Product: syz [ 239.860338][ T26] usb 5-1: Manufacturer: syz [ 239.864979][ T26] usb 5-1: SerialNumber: syz [ 239.911756][ T5634] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 239.927177][ T5634] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 239.937992][ T5634] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 239.962690][ T5634] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 239.974026][ T5634] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 239.985075][ T5634] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 239.995505][ T5634] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 240.014388][ T5634] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 240.027834][ T5634] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 240.147838][ T4261] Bluetooth: hci4: command 0x0409 tx timeout [ 240.162104][ T26] snd-usb-audio: probe of 5-1:9.38 failed with error -22 [ 240.235378][ T26] usb 5-1: USB disconnect, device number 3 [ 240.421211][ T4513] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 240.440832][ T4513] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 240.474846][ T5634] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 240.491134][ T5634] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 240.516334][ T5634] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 240.536905][ T5634] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 240.747827][ T5900] chnl_net:caif_netlink_parms(): no params data found [ 241.088424][ T26] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 241.322021][ T26] usb 4-1: Using ep0 maxpacket: 16 [ 241.355064][ T26] usb 4-1: config 1 has an invalid interface number: 203 but max is 0 [ 241.364683][ T26] usb 4-1: config 1 has no interface number 0 [ 241.383115][ T26] usb 4-1: New USB device found, idVendor=0b95, idProduct=2790, bcdDevice=63.9c [ 241.392437][ T26] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 241.401524][ T26] usb 4-1: Product: syz [ 241.405822][ T26] usb 4-1: Manufacturer: syz [ 241.410688][ T26] usb 4-1: SerialNumber: syz [ 241.704867][ T26] aqc111: probe of 4-1:1.203 failed with error -22 [ 241.750257][ T26] usb 4-1: USB disconnect, device number 8 [ 241.946574][ T4473] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 241.980966][ T4473] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 242.053025][ T4303] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 242.061634][ T5900] bridge0: port 1(bridge_slave_0) entered blocking state [ 242.066609][ T4303] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 242.068742][ T5900] bridge0: port 1(bridge_slave_0) entered disabled state [ 242.087475][ T5900] device bridge_slave_0 entered promiscuous mode [ 242.097194][ T4379] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 242.109719][ T4379] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 242.122358][ T5900] bridge0: port 2(bridge_slave_1) entered blocking state [ 242.129975][ T5900] bridge0: port 2(bridge_slave_1) entered disabled state [ 242.138357][ T5900] device bridge_slave_1 entered promiscuous mode [ 242.174198][ T4534] device hsr_slave_0 left promiscuous mode [ 242.200116][ T4534] device hsr_slave_1 left promiscuous mode [ 242.207121][ T4534] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 242.223790][ T4534] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 242.232348][ T4534] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 242.240321][ T4534] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 242.248379][ T4534] device bridge_slave_1 left promiscuous mode [ 242.254927][ T4534] bridge0: port 2(bridge_slave_1) entered disabled state [ 242.265311][ T4534] device bridge_slave_0 left promiscuous mode [ 242.271613][ T4534] bridge0: port 1(bridge_slave_0) entered disabled state [ 242.333891][ T4534] device veth1_macvtap left promiscuous mode [ 242.343686][ T4534] device veth0_macvtap left promiscuous mode [ 242.351841][ T4534] device veth1_vlan left promiscuous mode [ 242.358029][ T4534] device veth0_vlan left promiscuous mode [ 242.363986][ T4261] Bluetooth: hci4: command 0x041b tx timeout [ 243.668341][ T4534] team0 (unregistering): Port device team_slave_1 removed [ 243.852792][ T4534] team0 (unregistering): Port device team_slave_0 removed [ 243.963056][ T4534] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 244.016843][ T4534] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 244.451251][ T5983] loop4: detected capacity change from 0 to 128 [ 244.582831][ T4261] Bluetooth: hci4: command 0x040f tx timeout [ 245.014228][ T4534] bond0 (unregistering): Released all slaves [ 245.348554][ T5970] netlink: 12 bytes leftover after parsing attributes in process `syz.3.430'. [ 245.456884][ T5900] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 245.578940][ T5900] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 245.794935][ T5900] team0: Port device team_slave_0 added [ 245.836131][ T5900] team0: Port device team_slave_1 added [ 245.952757][ T5900] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 245.978943][ T5900] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 246.106875][ T6005] netlink: 'syz.3.439': attribute type 83 has an invalid length. [ 246.115190][ T6005] netlink: 8 bytes leftover after parsing attributes in process `syz.3.439'. [ 246.162653][ T5900] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 246.723882][ T5900] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 246.943817][ T4269] Bluetooth: hci4: command 0x0419 tx timeout [ 247.057997][ T5900] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 247.228551][ T5900] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 247.532126][ T6019] loop1: detected capacity change from 0 to 128 [ 247.603442][ T5900] device hsr_slave_0 entered promiscuous mode [ 248.478712][ T27] audit: type=1804 audit(1739525591.799:4): pid=6019 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.443" name="/newroot/88/file2/bus" dev="loop1" ino=1048615 res=1 errno=0 [ 248.530409][ T5900] device hsr_slave_1 entered promiscuous mode [ 248.541500][ T5900] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 248.581794][ T5900] Cannot create hsr debugfs directory [ 248.691969][ T6027] loop3: detected capacity change from 0 to 256 [ 248.935373][ T6032] loop5: detected capacity change from 0 to 128 [ 249.787824][ T6040] netlink: 12 bytes leftover after parsing attributes in process `syz.1.447'. [ 249.836924][ T6041] loop3: detected capacity change from 0 to 1024 [ 249.917663][ T6041] hfsplus: inconsistency in B*Tree (9,1,255,1,0) [ 249.938577][ T6041] hfsplus: xattr searching failed [ 249.977709][ T6041] hfsplus: inconsistency in B*Tree (9,1,255,1,0) [ 250.025617][ T6041] hfsplus: inconsistency in B*Tree (9,1,255,1,0) [ 250.139667][ T5900] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 250.149181][ T4303] hfsplus: b-tree write err: -5, ino 4 [ 250.230582][ T5900] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 250.300102][ T5900] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 250.322854][ T5900] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 250.591008][ T4264] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 250.629430][ T5900] 8021q: adding VLAN 0 to HW filter on device bond0 [ 250.666408][ T6059] loop1: detected capacity change from 0 to 1024 [ 250.704618][ T6059] EXT4-fs: Ignoring removed nobh option [ 250.823251][ T6059] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 250.872551][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 250.876991][ T6067] loop4: detected capacity change from 0 to 164 [ 250.887384][ T4264] usb 4-1: config 0 has an invalid interface number: 11 but max is 0 [ 250.891501][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 250.912766][ T4264] usb 4-1: config 0 has no interface number 0 [ 250.918933][ T4264] usb 4-1: config 0 interface 11 has no altsetting 0 [ 250.931563][ T4264] usb 4-1: New USB device found, idVendor=1871, idProduct=0306, bcdDevice=1a.d2 [ 250.958837][ T5900] 8021q: adding VLAN 0 to HW filter on device team0 [ 250.964353][ T4264] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 250.995570][ T4424] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 250.995987][ T6059] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 251.013300][ T4264] usb 4-1: config 0 descriptor?? [ 251.088963][ T4424] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 251.142307][ T4424] bridge0: port 1(bridge_slave_0) entered blocking state [ 251.149745][ T4424] bridge0: port 1(bridge_slave_0) entered forwarding state [ 251.222910][ T4424] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 251.231455][ T4424] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 251.242147][ T4424] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 251.252375][ T4424] bridge0: port 2(bridge_slave_1) entered blocking state [ 251.252402][ T4264] usb 4-1: string descriptor 0 read error: -71 [ 251.259561][ T4424] bridge0: port 2(bridge_slave_1) entered forwarding state [ 251.261966][ T4424] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 251.808751][ T4424] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 252.007845][ T5900] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 252.019220][ T5900] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 252.132787][ T4424] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 252.142989][ T4264] usb 4-1: Found multiple Units with ID 1 [ 252.172391][ T4264] usb 4-1: USB disconnect, device number 9 [ 252.185226][ T4424] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 252.280614][ T4424] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 252.289566][ T4424] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 252.333271][ T4250] EXT4-fs (loop1): unmounting filesystem. [ 252.412664][ T4424] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 252.433746][ T4424] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 252.468798][ T6085] loop3: detected capacity change from 0 to 512 [ 252.478316][ T4424] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 252.491241][ T4424] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 252.505215][ T6085] ext4: Unknown parameter 'noacl' [ 252.578114][ T6090] loop5: detected capacity change from 0 to 2048 [ 252.597171][ T4424] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 252.625584][ T4424] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 252.660676][ T6090] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found [ 252.688302][ T6090] UDF-fs: Scanning with blocksize 512 failed [ 252.741828][ T4793] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 252.862467][ T6095] loop1: detected capacity change from 0 to 16 [ 252.880155][ T4254] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 252.930928][ T6090] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 252.948393][ T6095] erofs: (device loop1): mounted with root inode @ nid 36. [ 253.099702][ T4254] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 253.271742][ T4254] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 253.654058][ T4254] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 253.667660][ T4254] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 253.676829][ T4254] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 253.687799][ T4254] usb 5-1: config 0 descriptor?? [ 254.122964][ T4424] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 254.168690][ T4424] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 254.218249][ T4254] plantronics 0003:047F:FFFF.0001: No inputs registered, leaving [ 254.280351][ T5900] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 254.351819][ T6102] loop1: detected capacity change from 0 to 2048 [ 254.361081][ T4254] plantronics 0003:047F:FFFF.0001: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 254.408445][ T6102] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [ 254.419376][ T4424] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 254.423007][ T6102] UDF-fs: Scanning with blocksize 512 failed [ 254.451449][ T4424] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 254.519868][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 254.535976][ T6102] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 254.542002][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 254.575543][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 254.586569][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 254.617340][ T5900] device veth0_vlan entered promiscuous mode [ 254.696131][ T26] usb 5-1: USB disconnect, device number 4 [ 254.739225][ T5900] device veth1_vlan entered promiscuous mode [ 254.833548][ T5900] device veth0_macvtap entered promiscuous mode [ 254.840466][ T6114] binder: 6113:6114 ioctl c00c620f 4000000005c0 returned -22 [ 254.953840][ T4513] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 254.983414][ T4513] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 255.034058][ T4513] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 255.065129][ T4513] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 255.084878][ T4513] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 255.100678][ T6119] loop1: detected capacity change from 0 to 512 [ 255.113953][ T5900] device veth1_macvtap entered promiscuous mode [ 255.184565][ T5900] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 255.228108][ T5900] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 255.245588][ T6119] EXT4-fs error (device loop1): ext4_expand_extra_isize_ea:2759: inode #12: comm syz.1.466: corrupted xattr block 142 [ 255.250514][ T5900] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 255.269358][ T5900] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 255.280102][ T5900] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 255.295611][ T5900] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 255.310150][ T5900] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 255.320936][ T5900] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 255.334435][ T5900] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 255.342706][ T4513] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 255.351417][ T4513] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 255.362485][ T4513] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 255.387701][ T5900] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 255.426086][ T6119] EXT4-fs (loop1): Remounting filesystem read-only [ 255.445827][ T5900] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 255.456145][ T6119] EXT4-fs (loop1): 1 truncate cleaned up [ 255.480994][ T6119] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 255.489815][ T5900] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 255.500444][ T5900] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 255.541757][ T6119] EXT4-fs error (device loop1): ext4_xattr_block_list:719: inode #12: comm syz.1.466: corrupted xattr block 142 [ 255.556641][ T5900] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 255.567407][ T5900] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 255.579895][ T5900] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 255.590531][ T6119] EXT4-fs (loop1): Remounting filesystem read-only [ 255.598202][ T5900] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 255.627490][ T5900] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 255.636892][ T4513] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 255.660138][ T4513] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 255.694639][ T5900] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 255.711877][ T5900] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 255.720416][ T4250] EXT4-fs (loop1): unmounting filesystem. [ 255.754139][ T4254] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 255.762511][ T5900] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 255.802637][ T5900] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 255.981097][ T4254] usb 4-1: config 0 has no interfaces? [ 255.993695][ T4254] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 256.035727][ T4254] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 256.062663][ T4254] usb 4-1: Product: syz [ 256.079647][ T4303] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 256.081455][ T4254] usb 4-1: Manufacturer: syz [ 256.110992][ T4303] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 256.150117][ T4254] usb 4-1: SerialNumber: syz [ 256.163882][ T4254] usb 4-1: config 0 descriptor?? [ 256.171395][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 256.218596][ T5388] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 256.244414][ T5388] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 256.281911][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 256.473053][ T4281] usb 4-1: USB disconnect, device number 10 [ 259.037256][ T6177] loop1: detected capacity change from 0 to 512 [ 259.078971][ T4264] usb 4-1: new full-speed USB device number 11 using dummy_hcd [ 259.109796][ T6177] EXT4-fs (loop1): couldn't mount as ext3 due to feature incompatibilities [ 259.164562][ T4793] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 259.194655][ T6177] loop1: detected capacity change from 0 to 256 [ 259.233970][ T6177] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 259.294307][ T4264] usb 4-1: config 1 has an invalid descriptor of length 78, skipping remainder of the config [ 259.314154][ T4264] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 39373, setting to 64 [ 259.336535][ T4264] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 259.367384][ T4264] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40 [ 259.409940][ T4264] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 259.427022][ T4264] usb 4-1: SerialNumber: syz [ 259.433720][ T27] audit: type=1800 audit(1739525602.042:5): pid=6177 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.478" name="file1" dev="loop1" ino=1048625 res=0 errno=0 [ 259.470664][ T6164] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 259.486549][ T4264] cdc_ether: probe of 4-1:1.0 failed with error -22 [ 259.493626][ T4264] usb-storage 4-1:1.0: USB Mass Storage device detected [ 259.512201][ T6192] loop5: detected capacity change from 0 to 512 [ 259.551093][ T4264] usb-storage 4-1:1.0: Quirks match for vid 0525 pid a4a5: 10000 [ 259.567110][ T6192] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 259.627009][ T6192] ext4 filesystem being mounted at /16/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 259.708250][ T4473] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 259.842822][ T26] usb 4-1: USB disconnect, device number 11 [ 260.670464][ T5634] EXT4-fs (loop5): unmounting filesystem. [ 260.678779][ T4473] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 260.867750][ T4473] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 260.898801][ T6220] loop4: detected capacity change from 0 to 128 [ 260.908455][ T6221] loop5: detected capacity change from 0 to 8 [ 260.932489][ T6218] netlink: 4 bytes leftover after parsing attributes in process `syz.3.485'. [ 260.979235][ T6221] SQUASHFS error: Failed to read block 0x4de: -5 [ 261.044370][ T6221] SQUASHFS error: Failed to read block 0x4de: -5 [ 261.092152][ T4473] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 261.121531][ T27] audit: type=1800 audit(1739525603.623:6): pid=6221 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.484" name="file1" dev="loop5" ino=5 res=0 errno=0 [ 261.845862][ T6236] loop5: detected capacity change from 0 to 128 [ 262.303359][ T6240] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input7 [ 262.969180][ T6236] EXT4-fs (loop5): Test dummy encryption mode enabled [ 263.074658][ T6247] loop4: detected capacity change from 0 to 512 [ 263.147328][ T6236] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 263.219307][ T6247] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 1 overlaps superblock [ 263.240602][ T6236] ext4 filesystem being mounted at /18/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 263.302875][ T6247] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 1 overlaps superblock [ 263.345431][ T6247] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 1 overlaps superblock [ 263.388629][ T6247] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 263.396603][ T6247] [EXT4 FS bs=4096, gc=2, bpg=35, ipg=32, mo=e040e01c, mo2=0000] [ 263.487536][ T6247] EXT4-fs (loop4): failed to initialize system zone (-117) [ 263.494969][ T6247] EXT4-fs (loop4): mount failed [ 263.764496][ T4261] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 263.779073][ T4261] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 263.787895][ T4261] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 263.796386][ T4261] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 263.814952][ T4261] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 263.823458][ T4261] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 263.852621][ T6261] loop1: detected capacity change from 0 to 1024 [ 263.866209][ T6263] loop3: detected capacity change from 0 to 512 [ 263.876056][ T5634] EXT4-fs (loop5): unmounting filesystem. [ 264.070367][ T6270] loop4: detected capacity change from 0 to 256 [ 264.086431][ T6270] exfat: Bad value for 'uid' [ 264.091816][ T6263] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 264.122208][ T6263] ext4 filesystem being mounted at /117/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 264.381551][ T4341] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 264.614453][ T4341] usb 6-1: Using ep0 maxpacket: 8 [ 264.622713][ T4341] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 264.662246][ T4341] usb 6-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 264.683623][ T4341] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 264.699303][ T4341] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 264.699616][ T6287] loop4: detected capacity change from 0 to 128 [ 264.771722][ T6287] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 264.825221][ T6287] ext4 filesystem being mounted at /122/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 264.906266][ T4252] EXT4-fs (loop3): unmounting filesystem. [ 264.984018][ T4248] EXT4-fs (loop4): unmounting filesystem. [ 265.205881][ T6301] loop1: detected capacity change from 0 to 164 [ 265.224002][ T6301] ISOFS: unable to read i-node block [ 265.244732][ T6301] ISOFS: root inode is unusable. Disabling Rock Ridge and switching to Joliet. [ 266.415977][ T4269] Bluetooth: hci4: command 0x0409 tx timeout [ 266.494105][ T6310] netlink: 'syz.4.504': attribute type 2 has an invalid length. [ 266.500781][ T6301] ISOFS: unable to read i-node block [ 266.635866][ T6254] chnl_net:caif_netlink_parms(): no params data found [ 267.151474][ T6319] loop4: detected capacity change from 0 to 1024 [ 267.159710][ T6319] EXT4-fs: Ignoring removed orlov option [ 267.165599][ T6319] EXT4-fs: Ignoring removed nomblk_io_submit option [ 267.175783][ T6317] loop1: detected capacity change from 0 to 1024 [ 267.238428][ T6319] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 267.393244][ T4473] device hsr_slave_0 left promiscuous mode [ 267.425187][ T4473] device hsr_slave_1 left promiscuous mode [ 267.620178][ T4473] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 267.653646][ T4473] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 267.687668][ T4473] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 267.711969][ T4473] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 267.765746][ T4473] device bridge_slave_1 left promiscuous mode [ 267.786814][ T4281] usb 6-1: USB disconnect, device number 2 [ 267.876253][ T4473] bridge0: port 2(bridge_slave_1) entered disabled state [ 267.953892][ T4473] device bridge_slave_0 left promiscuous mode [ 267.966858][ T4248] EXT4-fs (loop4): unmounting filesystem. [ 267.990703][ T4473] bridge0: port 1(bridge_slave_0) entered disabled state [ 268.162183][ T6332] loop5: detected capacity change from 0 to 512 [ 268.245783][ T4473] device veth1_macvtap left promiscuous mode [ 268.278286][ T4473] device veth0_macvtap left promiscuous mode [ 268.297195][ T6332] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 268.320600][ T4473] device veth1_vlan left promiscuous mode [ 268.333497][ T6332] ext4 filesystem being mounted at /20/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 268.550187][ T4473] device veth0_vlan left promiscuous mode [ 268.659104][ T4269] Bluetooth: hci4: command 0x041b tx timeout [ 268.683725][ T6345] loop1: detected capacity change from 0 to 1024 [ 268.691163][ T6345] EXT4-fs: Ignoring removed nobh option [ 268.696778][ T6345] EXT4-fs: Ignoring removed bh option [ 268.703763][ T6345] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 268.735608][ T6345] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 268.974059][ T4250] EXT4-fs (loop1): unmounting filesystem. [ 269.260269][ T5634] EXT4-fs (loop5): unmounting filesystem. [ 270.776470][ T6361] loop1: detected capacity change from 0 to 512 [ 270.838723][ T4269] Bluetooth: hci4: command 0x040f tx timeout [ 270.879790][ T6361] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 270.895935][ T6361] ext4 filesystem being mounted at /109/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 271.170147][ T4341] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 271.426669][ T4341] usb 6-1: Using ep0 maxpacket: 16 [ 271.452725][ T4341] usb 6-1: config 0 has an invalid interface number: 32 but max is 0 [ 271.462179][ T4341] usb 6-1: config 0 has no interface number 0 [ 271.479615][ T4341] usb 6-1: config 0 interface 32 has no altsetting 0 [ 271.497239][ T4341] usb 6-1: New USB device found, idVendor=0424, idProduct=cf30, bcdDevice=39.8c [ 271.498893][ T4250] EXT4-fs (loop1): unmounting filesystem. [ 271.513625][ T4341] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 271.521874][ T4341] usb 6-1: Product: syz [ 271.527158][ T4341] usb 6-1: Manufacturer: syz [ 271.541697][ T4341] usb 6-1: SerialNumber: syz [ 271.564319][ T4341] usb 6-1: config 0 descriptor?? [ 272.518009][ T4341] usb 6-1: USB disconnect, device number 3 [ 272.534036][ T6385] loop1: detected capacity change from 0 to 512 [ 272.555816][ T4341] ================================================================== [ 272.563934][ T4341] BUG: KASAN: use-after-free in hdm_disconnect+0x109/0x1c0 [ 272.571162][ T4341] Read of size 8 at addr ffff8880272b5898 by task kworker/0:8/4341 [ 272.579076][ T4341] [ 272.581411][ T4341] CPU: 0 PID: 4341 Comm: kworker/0:8 Not tainted 6.1.128-syzkaller #0 [ 272.589566][ T4341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 272.599639][ T4341] Workqueue: usb_hub_wq hub_event [ 272.604709][ T4341] Call Trace: [ 272.607986][ T4341] [ 272.610921][ T4341] dump_stack_lvl+0x1e3/0x2cb [ 272.615616][ T4341] ? nf_tcp_handle_invalid+0x642/0x642 [ 272.621106][ T4341] ? panic+0x764/0x764 [ 272.625226][ T4341] ? _printk+0xd1/0x111 [ 272.629404][ T4341] ? __virt_addr_valid+0x17f/0x530 [ 272.634535][ T4341] ? __virt_addr_valid+0x17f/0x530 [ 272.639685][ T4341] print_report+0x15f/0x4f0 [ 272.644216][ T4341] ? __virt_addr_valid+0x17f/0x530 [ 272.649355][ T4341] ? __virt_addr_valid+0x17f/0x530 [ 272.654495][ T4341] ? __virt_addr_valid+0x45b/0x530 [ 272.659635][ T4341] ? __phys_addr+0xb6/0x170 [ 272.664164][ T4341] ? hdm_disconnect+0x109/0x1c0 [ 272.669047][ T4341] kasan_report+0x136/0x160 [ 272.673583][ T4341] ? hdm_disconnect+0x109/0x1c0 [ 272.678461][ T4341] hdm_disconnect+0x109/0x1c0 [ 272.683161][ T4341] usb_unbind_interface+0x1cd/0x840 [ 272.688394][ T4341] ? kernfs_remove_by_name_ns+0x10f/0x150 [ 272.694129][ T4341] ? usb_driver_release_interface+0x1c0/0x1c0 [ 272.700222][ T4341] device_release_driver_internal+0x59e/0x880 [ 272.706314][ T4341] bus_remove_device+0x2e5/0x400 [ 272.711279][ T4341] device_del+0x6e2/0xbd0 [ 272.715633][ T4341] ? kill_device+0x160/0x160 [ 272.720235][ T4341] ? kobject_put+0x429/0x460 [ 272.724843][ T4341] usb_disable_device+0x3b8/0x840 [ 272.729892][ T4341] usb_disconnect+0x33c/0x8c0 [ 272.734588][ T4341] hub_event+0x1f78/0x5730 [ 272.739040][ T4341] ? led_work+0x700/0x700 [ 272.743383][ T4341] ? read_lock_is_recursive+0x10/0x10 [ 272.748781][ T4341] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 272.754784][ T4341] ? print_irqtrace_events+0x210/0x210 [ 272.760264][ T4341] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 272.766190][ T4341] ? do_raw_spin_unlock+0x137/0x8a0 [ 272.771414][ T4341] ? process_one_work+0x806/0x1260 [ 272.776541][ T4341] process_one_work+0x917/0x1260 [ 272.781502][ T4341] ? worker_detach_from_pool+0x260/0x260 [ 272.787153][ T4341] ? _raw_spin_lock_irqsave+0x120/0x120 [ 272.792722][ T4341] ? kthread_data+0x4e/0xc0 [ 272.797249][ T4341] ? wq_worker_running+0x97/0x190 [ 272.802287][ T4341] worker_thread+0xd04/0x1200 [ 272.806986][ T4341] ? _raw_spin_unlock+0x40/0x40 [ 272.811886][ T4341] kthread+0x28d/0x320 [ 272.815967][ T4341] ? worker_clr_flags+0x190/0x190 [ 272.821012][ T4341] ? kthread_blkcg+0xd0/0xd0 [ 272.825615][ T4341] ret_from_fork+0x1f/0x30 [ 272.830057][ T4341] [ 272.833079][ T4341] [ 272.835406][ T4341] Allocated by task 4341: [ 272.839735][ T4341] kasan_set_track+0x4b/0x70 [ 272.844340][ T4341] __kasan_kmalloc+0x97/0xb0 [ 272.848954][ T4341] hdm_probe+0x91/0x13d0 [ 272.853214][ T4341] usb_probe_interface+0x5c0/0xaf0 [ 272.858350][ T4341] really_probe+0x2ab/0xcb0 [ 272.862876][ T4341] __driver_probe_device+0x1a2/0x3d0 [ 272.868192][ T4341] driver_probe_device+0x50/0x420 [ 272.873229][ T4341] __device_attach_driver+0x2cf/0x510 [ 272.878613][ T4341] bus_for_each_drv+0x183/0x200 [ 272.883481][ T4341] __device_attach+0x359/0x570 [ 272.888252][ T4341] bus_probe_device+0xba/0x1e0 [ 272.893037][ T4341] device_add+0xb48/0xfd0 [ 272.897377][ T4341] usb_set_configuration+0x19dd/0x2020 [ 272.902853][ T4341] usb_generic_driver_probe+0x84/0x140 [ 272.908352][ T4341] usb_probe_device+0x130/0x260 [ 272.913220][ T4341] really_probe+0x2ab/0xcb0 [ 272.917731][ T4341] __driver_probe_device+0x1a2/0x3d0 [ 272.923025][ T4341] driver_probe_device+0x50/0x420 [ 272.928058][ T4341] __device_attach_driver+0x2cf/0x510 [ 272.933440][ T4341] bus_for_each_drv+0x183/0x200 [ 272.938305][ T4341] __device_attach+0x359/0x570 [ 272.943077][ T4341] bus_probe_device+0xba/0x1e0 [ 272.947856][ T4341] device_add+0xb48/0xfd0 [ 272.952202][ T4341] usb_new_device+0xbdd/0x1900 [ 272.956978][ T4341] hub_event+0x2efe/0x5730 [ 272.961405][ T4341] process_one_work+0x917/0x1260 [ 272.966360][ T4341] worker_thread+0xa47/0x1200 [ 272.971086][ T4341] kthread+0x28d/0x320 [ 272.975170][ T4341] ret_from_fork+0x1f/0x30 [ 272.979603][ T4341] [ 272.981929][ T4341] Freed by task 4341: [ 272.985910][ T4341] kasan_set_track+0x4b/0x70 [ 272.990514][ T4341] kasan_save_free_info+0x27/0x40 [ 272.995552][ T4341] ____kasan_slab_free+0xd6/0x120 [ 273.000586][ T4341] __kmem_cache_free+0x25c/0x3c0 [ 273.005542][ T4341] device_release+0x91/0x1c0 [ 273.010146][ T4341] kobject_put+0x224/0x460 [ 273.014576][ T4341] hdm_disconnect+0xef/0x1c0 [ 273.019220][ T4341] usb_unbind_interface+0x1cd/0x840 [ 273.024440][ T4341] device_release_driver_internal+0x59e/0x880 [ 273.030514][ T4341] bus_remove_device+0x2e5/0x400 [ 273.035471][ T4341] device_del+0x6e2/0xbd0 [ 273.039815][ T4341] usb_disable_device+0x3b8/0x840 [ 273.044859][ T4341] usb_disconnect+0x33c/0x8c0 [ 273.049545][ T4341] hub_event+0x1f78/0x5730 [ 273.053974][ T4341] process_one_work+0x917/0x1260 [ 273.058934][ T4341] worker_thread+0xd04/0x1200 [ 273.063622][ T4341] kthread+0x28d/0x320 [ 273.067701][ T4341] ret_from_fork+0x1f/0x30 [ 273.072135][ T4341] [ 273.074467][ T4341] The buggy address belongs to the object at ffff8880272b4000 [ 273.074467][ T4341] which belongs to the cache kmalloc-8k of size 8192 [ 273.088540][ T4341] The buggy address is located 6296 bytes inside of [ 273.088540][ T4341] 8192-byte region [ffff8880272b4000, ffff8880272b6000) [ 273.102002][ T4341] [ 273.104327][ T4341] The buggy address belongs to the physical page: [ 273.110753][ T4341] page:ffffea00009cac00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x272b0 [ 273.120916][ T4341] head:ffffea00009cac00 order:3 compound_mapcount:0 compound_pincount:0 [ 273.129285][ T4341] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 273.137288][ T4341] raw: 00fff00000010200 0000000000000000 dead000000000001 ffff888017c42280 [ 273.145882][ T4341] raw: 0000000000000000 0000000080020002 00000001ffffffff 0000000000000000 [ 273.154485][ T4341] page dumped because: kasan: bad access detected [ 273.160919][ T4341] page_owner tracks the page as allocated [ 273.166655][ T4341] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d28c0(GFP_NOWAIT|__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 3916, tgid 3916 (dhcpcd), ts 260231604606, free_ts 245398063806 [ 273.190044][ T4341] post_alloc_hook+0x18d/0x1b0 [ 273.194833][ T4341] get_page_from_freelist+0x3731/0x38d0 [ 273.200400][ T4341] __alloc_pages+0x28d/0x770 [ 273.205008][ T4341] alloc_slab_page+0x6a/0x150 [ 273.209704][ T4341] new_slab+0x84/0x2d0 [ 273.213790][ T4341] ___slab_alloc+0xc20/0x1270 [ 273.218482][ T4341] __kmem_cache_alloc_node+0x19f/0x260 [ 273.223961][ T4341] __kmalloc_node_track_caller+0xa0/0x220 [ 273.229698][ T4341] __alloc_skb+0x12a/0x2c0 [ 273.234135][ T4341] netlink_dump+0x1fb/0xca0 [ 273.238648][ T4341] netlink_recvmsg+0x6ca/0x1180 [ 273.243508][ T4341] ____sys_recvmsg+0x285/0x530 [ 273.248281][ T4341] __sys_recvmsg+0x2e9/0x3d0 [ 273.252880][ T4341] do_syscall_64+0x3b/0xb0 [ 273.257310][ T4341] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 273.263213][ T4341] page last free stack trace: [ 273.267885][ T4341] free_unref_page_prepare+0x12a6/0x15b0 [ 273.273531][ T4341] free_unref_page+0x33/0x3e0 [ 273.278221][ T4341] __unfreeze_partials+0x1b7/0x210 [ 273.283354][ T4341] put_cpu_partial+0x17b/0x250 [ 273.288136][ T4341] qlist_free_all+0x76/0xe0 [ 273.292656][ T4341] kasan_quarantine_reduce+0x156/0x170 [ 273.298137][ T4341] __kasan_slab_alloc+0x1f/0x70 [ 273.302998][ T4341] slab_post_alloc_hook+0x52/0x3a0 [ 273.308123][ T4341] kmem_cache_alloc+0x10c/0x2d0 [ 273.312989][ T4341] mas_alloc_nodes+0x276/0x800 [ 273.317767][ T4341] mas_preallocate+0x12d/0x350 [ 273.322544][ T4341] do_mas_align_munmap+0x2e1/0x15a0 [ 273.327754][ T4341] do_mas_munmap+0x246/0x2b0 [ 273.332364][ T4341] mmap_region+0x8d4/0x2660 [ 273.336875][ T4341] do_mmap+0x8c5/0xf60 [ 273.340948][ T4341] vm_mmap_pgoff+0x1ca/0x2d0 [ 273.345558][ T4341] [ 273.347885][ T4341] Memory state around the buggy address: [ 273.353530][ T4341] ffff8880272b5780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 273.361605][ T4341] ffff8880272b5800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 273.369672][ T4341] >ffff8880272b5880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 273.377735][ T4341] ^ [ 273.382585][ T4341] ffff8880272b5900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 273.390650][ T4341] ffff8880272b5980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 273.398715][ T4341] ================================================================== [ 273.410843][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 273.417253][ T4269] Bluetooth: hci4: command 0x0419 tx timeout [ 273.424346][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 273.477838][ T6385] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 273.487867][ T6385] ext4 filesystem being mounted at /111/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 273.492100][ T4341] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 273.492119][ T4341] CPU: 0 PID: 4341 Comm: kworker/0:8 Not tainted 6.1.128-syzkaller #0 [ 273.492145][ T4341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 273.492160][ T4341] Workqueue: usb_hub_wq hub_event [ 273.492194][ T4341] Call Trace: [ 273.492202][ T4341] [ 273.492210][ T4341] dump_stack_lvl+0x1e3/0x2cb [ 273.492249][ T4341] ? nf_tcp_handle_invalid+0x642/0x642 [ 273.492284][ T4341] ? panic+0x764/0x764 [ 273.492306][ T4341] ? preempt_schedule_common+0xa6/0xd0 [ 273.492337][ T4341] ? vscnprintf+0x59/0x80 [ 273.492362][ T4341] panic+0x318/0x764 [ 273.492385][ T4341] ? check_panic_on_warn+0x1d/0xa0 [ 273.492414][ T4341] ? memcpy_page_flushcache+0xfc/0xfc [ 273.492441][ T4341] ? _raw_spin_unlock_irqrestore+0x128/0x130 [ 273.492477][ T4341] ? _raw_spin_unlock+0x40/0x40 [ 273.492510][ T4341] ? print_report+0x4a3/0x4f0 [ 273.492539][ T4341] check_panic_on_warn+0x7e/0xa0 [ 273.492566][ T4341] ? hdm_disconnect+0x109/0x1c0 [ 273.492598][ T4341] end_report+0x66/0x110 [ 273.492622][ T4341] kasan_report+0x143/0x160 [ 273.492648][ T4341] ? hdm_disconnect+0x109/0x1c0 [ 273.492682][ T4341] hdm_disconnect+0x109/0x1c0 [ 273.492714][ T4341] usb_unbind_interface+0x1cd/0x840 [ 273.492755][ T4341] ? kernfs_remove_by_name_ns+0x10f/0x150 [ 273.492780][ T4341] ? usb_driver_release_interface+0x1c0/0x1c0 [ 273.492814][ T4341] device_release_driver_internal+0x59e/0x880 [ 273.492843][ T4341] bus_remove_device+0x2e5/0x400 [ 273.492881][ T4341] device_del+0x6e2/0xbd0 [ 273.492913][ T4341] ? kill_device+0x160/0x160 [ 273.492942][ T4341] ? kobject_put+0x429/0x460 [ 273.492971][ T4341] usb_disable_device+0x3b8/0x840 [ 273.493010][ T4341] usb_disconnect+0x33c/0x8c0 [ 273.493040][ T4341] hub_event+0x1f78/0x5730 [ 273.493099][ T4341] ? led_work+0x700/0x700 [ 273.493126][ T4341] ? read_lock_is_recursive+0x10/0x10 [ 273.493164][ T4341] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 273.493202][ T4341] ? print_irqtrace_events+0x210/0x210 [ 273.493235][ T4341] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 273.493273][ T4341] ? do_raw_spin_unlock+0x137/0x8a0 [ 273.493302][ T4341] ? process_one_work+0x806/0x1260 [ 273.493330][ T4341] process_one_work+0x917/0x1260 [ 273.493367][ T4341] ? worker_detach_from_pool+0x260/0x260 [ 273.493397][ T4341] ? _raw_spin_lock_irqsave+0x120/0x120 [ 273.493432][ T4341] ? kthread_data+0x4e/0xc0 [ 273.493469][ T4341] ? wq_worker_running+0x97/0x190 [ 273.493492][ T4341] worker_thread+0xd04/0x1200 [ 273.493527][ T4341] ? _raw_spin_unlock+0x40/0x40 [ 273.493568][ T4341] kthread+0x28d/0x320 [ 273.493590][ T4341] ? worker_clr_flags+0x190/0x190 [ 273.493618][ T4341] ? kthread_blkcg+0xd0/0xd0 [ 273.493641][ T4341] ret_from_fork+0x1f/0x30 [ 273.493682][ T4341] [ 273.498601][ T4341] Kernel Offset: disabled [ 273.769863][ T4341] Rebooting in 86400 seconds..