last executing test programs: 45.878534694s ago: executing program 2: bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xa, 0x6, &(0x7f0000000000)=@framed={{0xffffffb4, 0x8, 0x0, 0x0, 0x0, 0x6b, 0x11, 0x9}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0xb7}, @exit={0x95, 0x0, 0xc2}], {0x95, 0x0, 0x1200}}, &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195}, 0x70) 45.779633699s ago: executing program 2: r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) ioctl$sock_SIOCOUTQ(r0, 0x10, 0x0) 45.627801223s ago: executing program 2: bpf$MAP_CREATE(0x0, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./bus\x00', 0x200000, &(0x7f0000000180), 0xfc, 0x57c, &(0x7f00000013c0)="$eJzs3U1rG9caAOB3xnbifNxrB0K4t4tiyKIpaaTY7kcKXaTL0oYG2n0qbMUEy1Gw5BC7gSaLZtNNCYVSGijtvvsuQ/9Af0WgDYQSTLvoxmXkkaPEki078kei54Gxz5kZ+ZxXM+/xGY2EAuhbY9mPNOL/EfF1EjHSsm0w8o1jq/stP745lS1JrKx88mcSSb6uuX+S/z6SV/4XEb9+GXE6Xd9ubXFptlSplOfzejGSa8Xa4tKZK3OlmfJM+erE5OS5tyYn3n3n7Z7F+vrFv7/7+P4H5746ufztzw+P3U3ifBzNt7XG8RxutVbGYix/Tobi/DM7jvegsf0k2esOsC0DeZ4PRTYGjMRAnvVtrYzsZteAHfZFltZAn0rkP/Sp5jygeW3fo+vgF8aj91cvgNbHP7j62kgMN66NDi8nT10ZZde7oz1oP2vjlz/u3c2W6N3rEACbunU7Is4ODq4f/5J8/Nu+s13s82wbxj/YPfez+c8b7eY/6dr8J9rMf460yd3t2Dz/04c9aKajbP73Xtv579pNq9GBvPafxpxvKLl8pVLOxrb/RsSpGDqY1Te4n/NZuvxgpdPG1vlftmTtN+eCeT8eDh58+jHTpXrpuYJu8eh2xCtt57/J2vFP2hz/7Pm42GUbJ8r3Xu20bfP4d9bKjxGvtT3+T+5oZaVifa7T/cli43woNs+K9f66c+K3Tu3vdfzZ8T+8cfyjSev92trW2/hh+J9yp23bPf8PJJ82ygfydTdK9fr8eMSB5KP16yeePLZZb+6fxX/q5MbjX7vz/1CW2F3Gf+f4ndZdh7cW/87K4p/e0vHfeuHBh59/36n97o7/m43SqXxNN+Nftx18nucOAAAAAAAA9ps0Io5GkhbWymlaKKy+v+N4HE4r1Vr99OXqwtXpaHxWdjSG0uad7pGW90OM5++HbdYnnqlPRsSxiPhm4FCjXpiqVqb3OngAAAAAAAAAAAAAAAAAAADYJ45EDLf7/H/m94G97h2w4zb4ym/gJdc5//MtvfimJ2Bfas3/g3vYD2D3mf9D/+oi/9Pd6Aew+/z/h/4l/6F/yX/oX/If+tdW8v+nCzvYEQAAAAAAAAAAAAAAAAAAAAAAAAAAAHg5XLxwIVtWlh/fnMrq09cXF2ar189Ml2uzhbmFqcJUdf5aYaZanamUC1PVuc3+XqVavTY+EQs3ivVyrV6sLS5dmqsuXK1fujJXmilfKg/tSlQAAAAAAAAAAAAAAAAAAADwYqktLs2WKpXyvILCtgqD+6MbnQppfqLvl/68MIU9HpgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoMW/AQAA//+LGzah") r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x42, 0x0) pwritev2(r0, &(0x7f0000000300)=[{&(0x7f0000000240)="e7", 0x1}], 0x1, 0xffff, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x60142, 0x0) mount(&(0x7f00000004c0)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x14113e, 0x0) write$binfmt_script(r1, &(0x7f0000000280), 0x208e24b) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0) pwritev2(r2, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xc02}], 0x1, 0x900, 0x0, 0x0) 44.896494608s ago: executing program 4: write$binfmt_misc(0xffffffffffffffff, 0x0, 0xfffffecc) syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f00000000c0)='./bus\x00', 0x0, &(0x7f0000000240), 0x21, 0x4a6, &(0x7f0000000a40)="$eJzs3cFPG9kZAPBvBgiEkEDaHNqqbdI0bVpFscFJUJRTemlVRZGqRj31kFBwEMLGCJs00BzI/1CpkXpq/4QeKvVQKae97233tpfsYaXsbrSrsNIevJqxIYRgYDcES/j3k55m3jzj7z2sec98gF8APetcRKxFxLGIuBcRo+3rSbvEzVbJHvfyxaPp9RePppNoNu98luTt2bXY8jWZE+3nHIqIP/4u4i/Jm3HrK6vzU5VKealdLzaqi8X6yurluerUbHm2vFAqTU5Mjl+/cq10YGM9W/3P89/O3frT///3k2fvr/36b1m3RtptW8dxkFpDH9iMk+mPiFvvIlgX9LXHc6zbHeE7SSPiexFxPr//R6MvfzUBgKOs2RyN5ujWOgBw1KV5DixJC+1cwEikaaHQyuGdieG0Uqs3Lt2vLS/MtHJlYzGQ3p+rlMfbucKxGEiy+kR+/qpe2la/EhGnI+Lvg8fzemG6Vpnp5hsfAOhhJ7at/18OttZ/AOCIG+p2BwCAQ2f9B4DeY/0HgN5j/QeA3mP9B4DeY/0HgN5j/QeAnvKH27ez0lxvf/71zIOV5fnag8sz5fp8obo8XZiuLS0WZmu12fwze6p7PV+lVlucuBrLD4uNcr1RrK+s3q3Wlhcad/PP9b5bHjiUUQEAuzl99umHSUSs3Tiel9iyl4O1Go62tNsdALqmr9sdALrGbl/Qu/yMD+ywRe9rOv6J0JOD7wtwOC7+UP4fepX8P/Qu+X/oXfL/0LuazcSe/wDQY+T4Ab//BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgG9vJC9JWmjvBT4SaVooRJyMiLEYSO7PVcrjEXEqIj4YHBjM6hPd7jQA8JbST5L2/l8XRy+MbG89lnw1mB8j4q//vPOPh1ONxtJEdv3zzeuNJ+3rpW70HwDYy8Y6vbGOb3j54tH0RjnM/jz/TWtz0Szueru0WvqjPz8OxUBEDH+RtOst2fuVvgOIv/Y4In6w0/iTPDcy1t75dHv8LPbJQ42fvhY/zdtax+x78f0D6Av0mqfZ/HNzp/svjXP5cef7fyifod7exvy3/sb8l27Of30d5r9z+41x9b3fd2x7HPGj/p3iJ5vxkw7xL+wz/kc//un5Tm3Nf0VcjJ3jb41VbFQXi/WV1ctz1anZ8mx5oVSanJgcv37lWqmY56iLG5nqN31649Kp3cY/3CH+0B7j/8U+x//vr+/9+We7xP/Vz3d+/c/sEj9bE3+5z/hTw//tuH13Fn+mw/j3ev0v7TP+s49XZ/b5UADgENRXVuenKpXykhMnTpxsnnR7ZgLetVc3fbd7AgAAAAAAAAAAAAAAdHIY/07U7TECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwdH0TAAD//yyP2UE=") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet6(0xa, 0x3, 0x0) connect$inet6(r3, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg(r3, 0x0, 0x0, 0x0) quotactl$Q_GETNEXTQUOTA(0xffffffff80000901, &(0x7f0000000200)=@loop={'/dev/loop', 0x0}, 0xffffffffffffffff, 0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x8001, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r4, &(0x7f0000000400)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000000000)={0x2, 0x24e23, @loopback}, 0x10) setsockopt$SO_TIMESTAMPING(r4, 0x1, 0x25, &(0x7f0000000040)=0x1b3a, 0x4) sendto$inet(r4, &(0x7f0000000080)='m', 0x1, 0x0, 0x0, 0x0) recvmsg(r4, &(0x7f0000001180)={0x0, 0x6, 0x0, 0x0, &(0x7f0000000580)=""/200, 0xc8}, 0x2000) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x1b, &(0x7f0000000000)={@remote}, 0x20) r5 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="200000001100010100"/18, @ANYRES32=r6], 0x20}}, 0x0) 44.673090612s ago: executing program 2: bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001480)={&(0x7f0000001300)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x10, 0x10, 0x2, [@int={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5}]}}, &(0x7f0000001380)=""/197, 0x2a, 0xc5, 0x1}, 0x20) 43.467750981s ago: executing program 4: socket$nl_route(0x10, 0x3, 0x0) signalfd(0xffffffffffffffff, &(0x7f0000000000), 0x8) socket$tipc(0x1e, 0x2, 0x0) socket$tipc(0x1e, 0x2, 0x0) socket(0x840000000002, 0x3, 0xff) r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000080)=0xb0000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@my=0x0}) ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r0, 0x7a5, &(0x7f0000000200)={{@my=0x0}, 0x0, 0x1}) ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r0, 0x7a5, &(0x7f00000000c0)={{@my=0x0}, 0x1}) bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x90) ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) 43.209665011s ago: executing program 4: bpf$MAP_CREATE(0x0, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./bus\x00', 0x200000, &(0x7f0000000180), 0xfc, 0x57c, &(0x7f00000013c0)="$eJzs3U1rG9caAOB3xnbifNxrB0K4t4tiyKIpaaTY7kcKXaTL0oYG2n0qbMUEy1Gw5BC7gSaLZtNNCYVSGijtvvsuQ/9Af0WgDYQSTLvoxmXkkaPEki078kei54Gxz5kZ+ZxXM+/xGY2EAuhbY9mPNOL/EfF1EjHSsm0w8o1jq/stP745lS1JrKx88mcSSb6uuX+S/z6SV/4XEb9+GXE6Xd9ubXFptlSplOfzejGSa8Xa4tKZK3OlmfJM+erE5OS5tyYn3n3n7Z7F+vrFv7/7+P4H5746ufztzw+P3U3ifBzNt7XG8RxutVbGYix/Tobi/DM7jvegsf0k2esOsC0DeZ4PRTYGjMRAnvVtrYzsZteAHfZFltZAn0rkP/Sp5jygeW3fo+vgF8aj91cvgNbHP7j62kgMN66NDi8nT10ZZde7oz1oP2vjlz/u3c2W6N3rEACbunU7Is4ODq4f/5J8/Nu+s13s82wbxj/YPfez+c8b7eY/6dr8J9rMf460yd3t2Dz/04c9aKajbP73Xtv579pNq9GBvPafxpxvKLl8pVLOxrb/RsSpGDqY1Te4n/NZuvxgpdPG1vlftmTtN+eCeT8eDh58+jHTpXrpuYJu8eh2xCtt57/J2vFP2hz/7Pm42GUbJ8r3Xu20bfP4d9bKjxGvtT3+T+5oZaVifa7T/cli43woNs+K9f66c+K3Tu3vdfzZ8T+8cfyjSev92trW2/hh+J9yp23bPf8PJJ82ygfydTdK9fr8eMSB5KP16yeePLZZb+6fxX/q5MbjX7vz/1CW2F3Gf+f4ndZdh7cW/87K4p/e0vHfeuHBh59/36n97o7/m43SqXxNN+Nftx18nucOAAAAAAAA9ps0Io5GkhbWymlaKKy+v+N4HE4r1Vr99OXqwtXpaHxWdjSG0uad7pGW90OM5++HbdYnnqlPRsSxiPhm4FCjXpiqVqb3OngAAAAAAAAAAAAAAAAAAADYJ45EDLf7/H/m94G97h2w4zb4ym/gJdc5//MtvfimJ2Bfas3/g3vYD2D3mf9D/+oi/9Pd6Aew+/z/h/4l/6F/yX/oX/If+tdW8v+nCzvYEQAAAAAAAAAAAAAAAAAAAAAAAAAAAHg5XLxwIVtWlh/fnMrq09cXF2ar189Ml2uzhbmFqcJUdf5aYaZanamUC1PVuc3+XqVavTY+EQs3ivVyrV6sLS5dmqsuXK1fujJXmilfKg/tSlQAAAAAAAAAAAAAAAAAAADwYqktLs2WKpXyvILCtgqD+6MbnQppfqLvl/68MIU9HpgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoMW/AQAA//+LGzah") r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x42, 0x0) pwritev2(r0, &(0x7f0000000300)=[{&(0x7f0000000240)="e7", 0x1}], 0x1, 0xffff, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x60142, 0x0) mount(&(0x7f00000004c0)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x14113e, 0x0) write$binfmt_script(r1, &(0x7f0000000280), 0x208e24b) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0) pwritev2(r2, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xc02}], 0x1, 0x900, 0x0, 0x0) 42.936986784s ago: executing program 2: mkdir(&(0x7f00000020c0)='./file0\x00', 0x0) r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r0, 0x800c6613, &(0x7f0000000140)=@v1={0x0, @aes128, 0x0, @desc3}) add_key$fscrypt_v1(&(0x7f00000000c0), &(0x7f0000000240)={'fscrypt:', @desc3}, &(0x7f00000002c0)={0x0, "615a091a55a8c9a640115d99d981b3886420589c6695d4982a83b71b906769e737201ac6b7a7804454ebc957b5831b89b59d703e74497c00"}, 0x48, 0xfffffffffffffffd) futimesat(r0, &(0x7f0000000040)='./file0\x00', 0x0) 42.552702674s ago: executing program 2: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000940)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0ff0000000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010001010404000001007de0b7030000010000006a0a00fe00000000850000000d000000b700000001000000950000000000000075cd67b5b18065752a3ad500000000000000cb450063bc36005400000000000000ff7f00000001000000000000000000cb04fcbb0b5ba9918d37b056b9bbd11b6b9f260000000000008062d77e84cef4a2ab938f65aac33c4d620de2c9b7dc10d7d313f9f57606b83b994fb4845124ef2e487204000000aaf75e5cc4051ade12f41deff6df6a936b4ec3827c739bb39aadffcc75fe369258673b5d053bdec75dca377232a790bce5a6f087ae8f5e64be2c9d2d29db3d36dd015c7bd3f15aa6aadbeab2a01685108e61aa000000000000000000000000008b798b4f7458d1863cc67d4c6a06e828e5216f601b19db9af1b5d356d0f062137d866d11be4b1260b06cca9098a3f0151fdbbd4e97d62ecc6405003a60f1c6edc76683073909826151e2b42bf0ed0c8cef3ba2a730a00c87c493db845b10e9468bdaeecc952a3fd2c46f3c1cde71a19d1a2982492abaa96765372831210e00d2bfea3b8df2eff8d56aaae7d32a2e183722537395019f02ec4b85f6aad7faca088de9b26797a8446b16c28d85f22542c133aadafdc96fdb49cc992dbdd5ac01ba51508951c7a7c5f5093bd6ca0916c3a12912715649c2b1c7193a4251b59d378d0616a48c7957e122665c8b7e89eddfc3783f000000000000000050572061dfb5248d3d4a1c37dcb92d9ef99e2f638f7eb12f63be72a3d817b324d6e417b1c2cbfdcada0a16e31790e26cf19524cf30f810da3204f4c93f4f5d7321acfefc4d1c9139ca4b65b9990995000000000000000000000000000000c8a3988cca41217c950554bb043cf364d709c2bf3ec46b75f1bce43e726210b53d362072bc120c076b4647afc595d97c288f5017088ac2b02ed97fc883a102ae6000044542e3aa7ada6d13ff93ec634a0fa0b5f41ed317b48b8b8c03b243d6e14b7087e2c5d41f8a51408e27283b54d04212cbb0f5af76b70b1bdcec7c0abe6407e7fa204b9919490af8bffca6fbbd2174a84328af4acc9c7ec655729125fc15da558cb6edfcdd0c3fca7130863d13369f79f1d13ac166249e4bffa4a272a0116b591a63bfca11205d216b34000000000000000045b5ade570aeb7cf89e900004dc6c89355082bdcb0b08b810cf63fd19a17f4d440f1546e8e5f8addedb88c7f7990947505d2fcd8cb14"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000100), 0x237}, 0x48) set_mempolicy(0x4005, &(0x7f0000000040)=0x10000000005, 0x7) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x9, 0x4, &(0x7f0000000040)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x2, 0x1, 0x23}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xd}, 0x80) r1 = gettid() socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$int_in(r2, 0x5452, &(0x7f0000b28000)=0x3) fcntl$setsig(r2, 0xa, 0x12) poll(&(0x7f0000b2c000)=[{r3}], 0x2c, 0xffffffffffbffff8) dup2(r2, r3) fcntl$setown(r2, 0x8, r1) tkill(r1, 0x16) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r0, 0x1f2f, 0x18, 0x1e8, &(0x7f00000007c0)="9f44948721919580684010a49e66", 0x0, 0x5a, 0x0, 0xb1, 0x0, &(0x7f0000000700)="389ceff69d08b0af1cc71b6262d50660bbaf31a7f8cd6a6f911beb65d5fe6b54bf21a66489121f24fefd198059288c9b735e1898e77a7469489a249292c02a72bc193a3008ebdbf4e9dd4ee8fcceef55402c913c8dd0ebece1330aaa93ece835c5044a246a5967e3acd7c950b3b19f351830e545eb9bc3a9c6dd22ce97f1f857cfe8b68a2370b69ea336006b589368f92deb68f3dfc6f2bfee09f8342da437fce5dcdf658e453e3132bb42067575318c39"}, 0x23) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x7, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="620ac4ff000021007110a900000000009500000000000000c1eed439fe5e7ab2cf97d23c7d8793eaf84cbe96ef9a5587dc44dd42151948f8e9b3692f143ca4588b3977a5d36c330f61564089fab3a10e40050b98e3ce7f7e190357808954cf43b81ea64c25732a45aaddd09f15e80606424ed219d772a87476082ce411676b099412c311dc1a6df3f086f241f0f4263ced0bc69e613287519d97b63b5a29c740fcb7b5a1348ed15197db1b9cc733cd29b02fd888a82a95e29d9b75ec9639c96c0d927a7673583a06937c3629a4baf9307906690bd270c775a0d50bd5003b842c49dc1660384361e57c1aa0b87f0e867bd3cc55a2e1a78b56e2522346090905e9a62f39ce501b9b4e1b5d494d03990a4b3143aebe55f2cb799aa2533c6113cbb23f6f9309ac2eb2a0a9bf02fd570fb7540a51f81740c104fecf1a5ba98ed326a76ee1"], &(0x7f0000000080)='GPL\x00'}, 0x90) 42.38630096s ago: executing program 4: socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000100)=0xcf5) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, 0x0, "0062ba7d82000000000000000000f7ffffff00"}) r1 = syz_io_uring_setup(0xec5, &(0x7f00000008c0), &(0x7f0000000080)=0x0, &(0x7f0000000340)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x0, @fd_index=0x4}) io_uring_enter(r1, 0x47fa, 0x0, 0x0, 0x0, 0x0) r4 = syz_open_pts(r0, 0x0) r5 = dup3(r4, r0, 0x0) ioctl$TIOCSTI(r5, 0x5412, &(0x7f0000000000)=0x13) 40.628494685s ago: executing program 4: ioperm(0x0, 0x1, 0x5) r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) sched_setscheduler(0x0, 0x0, &(0x7f0000000080)) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r1 = userfaultfd(0x1) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)) r2 = io_uring_setup(0x3eae, &(0x7f0000000080)) io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) ioctl$UFFDIO_COPY(r1, 0xc028aa05, &(0x7f0000000080)={&(0x7f0000c15000/0x1000)=nil, &(0x7f0000508000/0x4000)=nil, 0x1000}) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x15) syz_usb_disconnect(0xffffffffffffffff) ioctl$EVIOCRMFF(r0, 0x5509, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) mknod$loop(&(0x7f0000000080)='./file0\x00', 0x100000000000600d, 0x1) r3 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) fsync(r3) 40.235632277s ago: executing program 3: bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001480)={&(0x7f0000001300)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x10, 0x10, 0x2, [@int={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5}]}}, &(0x7f0000001380)=""/197, 0x2a, 0xc5, 0x1}, 0x20) 40.234450887s ago: executing program 4: r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) ioctl$sock_SIOCOUTQ(r0, 0x10, 0x0) 40.076976071s ago: executing program 3: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x54, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:net\x00'}]}, 0x54}}, 0x0) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x1c, 0x4, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) 39.955391221s ago: executing program 3: bpf$MAP_CREATE(0x0, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./bus\x00', 0x200000, &(0x7f0000000180), 0xfc, 0x57c, &(0x7f00000013c0)="$eJzs3U1rG9caAOB3xnbifNxrB0K4t4tiyKIpaaTY7kcKXaTL0oYG2n0qbMUEy1Gw5BC7gSaLZtNNCYVSGijtvvsuQ/9Af0WgDYQSTLvoxmXkkaPEki078kei54Gxz5kZ+ZxXM+/xGY2EAuhbY9mPNOL/EfF1EjHSsm0w8o1jq/stP745lS1JrKx88mcSSb6uuX+S/z6SV/4XEb9+GXE6Xd9ubXFptlSplOfzejGSa8Xa4tKZK3OlmfJM+erE5OS5tyYn3n3n7Z7F+vrFv7/7+P4H5746ufztzw+P3U3ifBzNt7XG8RxutVbGYix/Tobi/DM7jvegsf0k2esOsC0DeZ4PRTYGjMRAnvVtrYzsZteAHfZFltZAn0rkP/Sp5jygeW3fo+vgF8aj91cvgNbHP7j62kgMN66NDi8nT10ZZde7oz1oP2vjlz/u3c2W6N3rEACbunU7Is4ODq4f/5J8/Nu+s13s82wbxj/YPfez+c8b7eY/6dr8J9rMf460yd3t2Dz/04c9aKajbP73Xtv579pNq9GBvPafxpxvKLl8pVLOxrb/RsSpGDqY1Te4n/NZuvxgpdPG1vlftmTtN+eCeT8eDh58+jHTpXrpuYJu8eh2xCtt57/J2vFP2hz/7Pm42GUbJ8r3Xu20bfP4d9bKjxGvtT3+T+5oZaVifa7T/cli43woNs+K9f66c+K3Tu3vdfzZ8T+8cfyjSev92trW2/hh+J9yp23bPf8PJJ82ygfydTdK9fr8eMSB5KP16yeePLZZb+6fxX/q5MbjX7vz/1CW2F3Gf+f4ndZdh7cW/87K4p/e0vHfeuHBh59/36n97o7/m43SqXxNN+Nftx18nucOAAAAAAAA9ps0Io5GkhbWymlaKKy+v+N4HE4r1Vr99OXqwtXpaHxWdjSG0uad7pGW90OM5++HbdYnnqlPRsSxiPhm4FCjXpiqVqb3OngAAAAAAAAAAAAAAAAAAADYJ45EDLf7/H/m94G97h2w4zb4ym/gJdc5//MtvfimJ2Bfas3/g3vYD2D3mf9D/+oi/9Pd6Aew+/z/h/4l/6F/yX/oX/If+tdW8v+nCzvYEQAAAAAAAAAAAAAAAAAAAAAAAAAAAHg5XLxwIVtWlh/fnMrq09cXF2ar189Ml2uzhbmFqcJUdf5aYaZanamUC1PVuc3+XqVavTY+EQs3ivVyrV6sLS5dmqsuXK1fujJXmilfKg/tSlQAAAAAAAAAAAAAAAAAAADwYqktLs2WKpXyvILCtgqD+6MbnQppfqLvl/68MIU9HpgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoMW/AQAA//+LGzah") r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x42, 0x0) pwritev2(r0, &(0x7f0000000300)=[{&(0x7f0000000240)="e7", 0x1}], 0x1, 0xffff, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x60142, 0x0) mount(&(0x7f00000004c0)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x14113e, 0x0) write$binfmt_script(r1, &(0x7f0000000280), 0x208e24b) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0) pwritev2(r2, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xc02}], 0x1, 0x900, 0x0, 0x0) 39.004956149s ago: executing program 3: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000040)={0x1, 0x4}, 0x8) bind$bt_sco(r0, &(0x7f0000000400)={0x1f, @none}, 0x8) listen(r0, 0x0) shutdown(r0, 0x0) 37.530574469s ago: executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000480)='vegas\x00', 0x6) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c) r1 = socket$inet6(0x10, 0x2, 0x4) sendto$inet6(r1, &(0x7f0000000080)="4c00000012001f15b9409b849ac00a00a5784002000000000000030038c88cc055c5ac27a6c5b068d0bf46d323452536005ad94a461cdbfee9bdb942352359a351d1ec0cffc8792cd8000080", 0x4c, 0x0, 0x0, 0x0) 37.236135486s ago: executing program 3: landlock_create_ruleset(&(0x7f0000000040)={0x0, 0x3}, 0x10, 0x0) r0 = io_uring_setup(0x1de0, &(0x7f0000000440)) r1 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) io_uring_register$IORING_UNREGISTER_PERSONALITY(r0, 0x16, 0x20000028, r1) 35.985175671s ago: executing program 0: bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) pipe(&(0x7f0000000100)) openat$incfs(0xffffffffffffff9c, &(0x7f0000000180)='.pending_reads\x00', 0x402000, 0x10) r0 = socket(0x10, 0x803, 0x0) r1 = socket(0x1, 0x803, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x40, 0x0, 0x0, r2}, [@IFA_LOCAL={0x14, 0x2, @mcast1={0xff, 0x5}}, @IFA_FLAGS={0x8, 0x8, 0x708}]}, 0x34}}, 0x0) r3 = socket$inet6(0xa, 0x3, 0x8000000003c) connect$inet6(r3, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x4}, 0x1c) r4 = socket$igmp(0x2, 0x3, 0x2) ioctl$EXT4_IOC_GROUP_EXTEND(r4, 0x40086607, &(0x7f0000000140)=0x9) setsockopt$inet6_int(r3, 0x29, 0x48, 0x0, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) socketpair(0x0, 0x0, 0x0, &(0x7f0000000000)) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r9, &(0x7f0000718000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, &(0x7f0000000040)="64111b670fc7360c000f00180f01df320c570f0134df66baf80cb81a869f86ef66bafc0c66edf3f20f86400000000f35", 0x30}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_NESTED_STATE(r9, 0x4080aebf, &(0x7f0000003680)={{0x0, 0x0, 0x80}, "cb31455c9ea4288a70a2a6bb8068fd95dd041cf5b177a3bffe992dfbbdf959487337b92336ce1de32e7695c411c0bf9f852d2d71192f33001fd51f5b396a55cb98699a09d21648c4cb30d9d7e3e397c7a3c041c76c72385a46c48c5302848c3696facce956952c2a85822ddf20434ccee5806294ed563ff3a972cddf6ef16ddace933d8a5adea40cd3ad40c9873c29368838e815ff59723519154856b2d5cd9cd79a97dc2fa08dada1175817886e5f9e7aa3dca783a44c667a4806826570ec6acb57d65efc313a384e11fb633dee17ee600145f2cb3103384606140021be766fcb7fa029f0513bbb466177ca1068192550bbf4e6f5694aec747a16e27688a988fa595bca1761b8e88a7dbcaeaf97a8b7b53058b1faf880dd6f1b6eb4c7beb0582b4007f1a67db1352407adbe1456bf762c94fd825b9419d74f63cdeb6c6976de1890d773f0c8088d2bd48a838cf5b87f5ddf926352960fb978874b0f175acfa55ddfe84de3fc9f75b58bf7a35f33d3c43ed5e3224e92751fa1b43f94f64b681163ef1360a3f3bb7403afc67a188b2104b45c5814aaa9e218552498bf85f4b221d9acc32a331f5f8c109cc9f335ff4e418ab30b54b99d5376cd928c431fc8211fcbaf64716afdc4b6d0417e04d5723e4675d282b36bef3a3a19e855029ec7c33830a6df19332b63e9d8a0f22d96ac230c67657a4e7f7afab91dc0ce751b68980e5a4f6d9d6d9b98802ba9d8576640eea61b8c308a1745df61560e56108bececa3016d93246fdc8b768634e8319b1ffde103c07378f8f4927baba05e992a4b5af0958a7e495e7ce53f7917451d15a963ca14f5cdc4563775688b6533a4b97e0f84b0a33c30077b20805c1f42cc7815efada97ad59ac486bc9e0ee386b49cb97b47fbf8f919f06c75a49636795054b5ebee3e91602c90d7f4db49220affe56d56b96e4f662b2bf36dae482ffc7ba21cbc55e21b73309d6b7aa5509defcb77c236e43b579c61eae5c8d8f8fa71ad876b96069f2e4352c8aaf16e299d21edf5434c0cd9b25cdc9210fb0de759b1dd3fc7fe4c7118bbde72a5617dff21f7a5036448fba7fe41aaee0c289cd076d757e47b0713b236f6f141ba0112c9312b3ec853aabafdf1eb2cbb517d2d7352725f557214d27d9a340af0128fc960a4ea64c933b0d8dd226b6e024471aaac8a7074b2a8695ab990fabba5bf315d246fbfe4260f1fffe54814e33b6235c5b4095437298858909bcbd40a8a286d1bedb06b7b1775bce0a5bca19b0a5c2fa8dbf87b55ae0a43c5086422e5bacb94047e150451f5996420b0d4a697f59decb49900b2b9c13aade536933e14d672c21a35cb68572c3de02f3147414eff4b8674b91f7aebf35f056a8d388f67f8ef7cfaf6b28fe745831ef41def1839791647016932c70685752851327f1837d2f1e9d8f93443eefed2317119c8152ca451a5d3aeb253fb484283f52e5db9f61f059ad3c217a860ee0571d254483501b00699208c7fa5571cf58b9715c954115bc2db0af28361938bb95ced7370c8cbb6141ef62fdbf369dfc4eccd98ab9886d79a52cbf91a27dd0f4b29940492e860fb94654dea54fad6290570760e3b59a0cf28053732472dc313b5fedfc583fc702a880971dc61286370aaf167810455cce7654dc4325a41d9d1944abcdc4d81378f1e96a8f94cd95b886a01f086e379601504219d57d531ba34e1ba0905785fb629c61f6b940a652cdee9dbef12b7fcde087b92816db3386a5769049ba00788e31de4ddbb8b56de1fbe3a5e671728effda7cfd0b650cf5df2faf22470812efbbb548e47cbf36c64e05a7877820f08948ceedb35e12a4a143ee0101a7bf0a00a4062b50c39020669700adf739a6f75352a45fd1373d3e85c3867170373f0c7a794d8590f4c22ae62d438ec365b0f6a15cb2ffe0fc6f57185e1760761bd4370027c01dfad0502f00b6898115df3c530d0b0b4a64e623fd580b528a733e4c881cf5843a975a97f92a7833527887c79fa8eec82b9526a15c6c5f2972083ce8aec735810580ffa4ea2cef4823aee044dd70927f7c07bba18b930006aa86ae7399ac6b4c24bc9d6a6ab0c5b428d7255d4d983eadf97e10c1b00867da29ac981acb453073a37236e7ae808e7759b2e0cffc3ec43afb1e95cd090a7d4b9225a0e3cbebfe49b93846ab603891e2da7d85a04bf42d12d16a97c965bc4911d3ba7a9ca505794d8744fef00a436089de67aa8b480070230dfb002eb91edaff428d4908a87afae418dff7ca59aefe1ad8f6935f309fe7985c2310881659c60a66a5e50242497ba1cd5d2bd79496ccd23f9fd901afc6622829cb3701caa50f96e09e3b23bfa3181b74ec7dae2e42c9caab43e49ae1d922a1a1eb3682de026323d9215fcec42c54401a1af81450830a4b784ed1c7922734bf3632409147680dd3fabcef296353705bb5c0e650e12905a05db1e7923923a96ddc783fc1ed46e2010416c37d9d149ad73e808bd6e4464f62893024a8501803b6c88fc55c8bbc1da7cbf580b5a81fb7c61455ae3a8aaec303fba12e0f2b51ed5e8bd31db40e8bdbd00e7b1ddd364766c974d813d86fc88a27bf82bba60c62e5f0f6af6bda3390f8e72a2811baf3d6325e70d9a3b59cab1abe95290ecb87985567e1243504c038de9d4d100ea64eec45208cd8d2474e646f7d81eed6d59b8b0859552b6fc088d874cde3e75ee30243dc9d88ed5b577851a5bd9e2a453287025777fcac19ac33e1c94b4ad272f1055b16b842a6bd6168fb45f1f74ed2467020df5431068a5f2cbeaa6ac1841308c7c9f752aa06927f91fdf18ef9d9e942367e5ecac0abf4d3b8fc7b80238c0e7faf2ea7d3f5271028fc558a44799bde63168becc67c5531e843336fb16ab618d37f95a91937b824bf896b044146bc3a5e264a8f23ddd00729cd9aa56d9a9a24b7ab96ae021b193d8874d43ff4b723d86b7564e550378599c3e0c7a2b3d447ad76eb4cd699733d970a5ab218429a1af81df9c8013d6d16a6bcb019f6ace4461cdaa785d20ea027cfa53d521bb91ad2c04aaa6c0f268b14924803977633280c7b7beb14c88fae542b7a13e96253259e7296e37276da88891c14664340e84ae732edbd71e67047e476735b220ca231de31a380ece372db632ec3cb3ef5ac97ec41148febd2acb15cde1ee5e990ea0aaa95c2df39e2111dd1185d14a194e22d34fda8f54e99d3a73e5a231682c726d40816e048c1d059bf3bb9ee2b5f895365d95aa28f6adbf6e16469926b4d8ee7f04c7dbafaa444df5b88596c17874f0efe35e5ada1a69634f4b430f852d33b032f823c5deb54f47a7a4adb1adf56d5440b7a917580004c13e0b36c8e0a203a2be3f8fffd9efef3af19389a12c67859d4381ac0a02da18e25931b41216b731de25e1245482c84d45de1cddbce2109322a3428bff692012573fe9efd02109dbf35c5d3a287dec105cf3f1a2e5f0b1cc08c7b4759766d25d0f7b42c3ea8bf8101e61159a2ba7602e9c7947cf936ac39bf59b24084709fd61d704bbdba7d282aac778b7ec1dcaf984527c8112d56e75ab774d1598d9816abc77b0e693880beca5f330c626774ab5cb6967fb0ea8e14efce120947092c3b6f8a22f07cad22e971418092481fcad36ecf0cfd6bc3864115b8507c13554584f1f6fee5ee07eb6a091638d8e7781c1c006166e0f987f9f4de535e9f3df1db8c9328e9a19a73c76059ab4edfe9eda7f16cc6b869229bafb179d194e20ccc6f9338183b673de8138ddab9a0907278f6eaacc55bf59a450ebc10e0b88c82d9f0deca86ff771f46509250fde94e0c94256b77616d099862ddc9b341838d634a9dc4b55a88fcc6248901135f6aa76365433e7e534e0e5ae8eec2a63df62c3e244a40481189ff54122698c7e2da2c829b2eec9efc9894ee05be04ae6dd48406eaace17827e38bf38b414059aded0343e0711a8d864ff41a8d9ed40fb2aa1a3f4014f691cd0e8af62445a021820ff03afa8a192ee255862f306851df1de96ce36cafb6a60b7069db7aa96fd1ffb2fb01e6247f770304dffe4b1c8d0eeb336dd6806d6ab5d418953b1cae7cbbf53766b61e4aad5cfce8255b78af26f9bd11283a9c7d12cd63b82cd2b506fd4061d1e16fc7c713d80763c3b0aa0faadcd9b7d676101aad80e1ca00369297e1f714003ab8d0b545c335014a522a25a767950963ef821425b79b521076166d0df3ef358c7d60d99cc85463c186e8faf16af79785680382e4cc93f6594f8c4461e0988c08717640df24a5f357db22432fcae21702dc792d201212fb3791e0164bb3d433a8268ec96df73766fdba42965e00e619246cba5d96eb853a7c22c34d2fe5e5d3f3ccf9c627d069517b743cd07f6f7b444074bb9a50269f2e03309c58930e56a9583eb00c37fbcdd391972261f41756c10c8899fcd036e2017e088ef9e6ec31f795d55b3bba214c53c98fc9318e4ade0e7e6fd259aa277fed54c27e5210787a5f6937f56fdbe1da5113f059061ca590ddf536a55cb91ac6ed41cb9c0418b115b29f5e823c1b0ee7c2b3982087763545b34e2c945d587ebce69bbe299a7f52b674f351977370fc700474bc15d7e6ef98c14258ecf401a4f3bba1a9aa76c5ab0b8819fe6efe3fba1899909e5e48554299150ee272451b56142d12ae2bb4942db430239701d494917f2c939a6fb9d98d4751a6f2c4537ec870342d223343a9bd7b8d8c99aff8cbfa298395551185f35dec120228073a1e496a58b59d9ac5986249a7c6db9398395cbf341c08ee910700e2daa042dba1846fef59c72ce872bba2046a14fcf9a47a5686d62bfba76309a9865c26e5fa41dd872fc749fdc57953105ace4978f9eb788c8d061c853ad0313e51e732c5d7bc05e752443c8e99b8e81c688befdb5b14c3cc2f96eb8ce8290303e483992fcbece1ff278d0dc036ad437b6cbc695c7741ba4556e242146d40843c73deaf8fceba40e4a4acd739b3031848b17a210a1ff0dc1908b77c4bb94543af52e1fe2a090c8f217428d02336303f7952c3ddefa7c81850676e7f4cc3d32c3937281fa5ab279c3fe39f92ba077dadb8c2c3df17cc511bd33c41cb161d24aea154f0f5902c94b56fe072d321a983668bd9f4838878e66ec44cb233d7d0ca908a794c844ff8b3ba4c57f6c5fc2f3a54db448b013f0c4998bbc6ed0409b3368391cb28c6df4a909fff90f308ff38c758ff7d8a2920bc221236d89b3b76de44e8ce649b32f5135a0217ba9036a8edddee97d7ba15f2c21fb7d3cae3eb6ef09dd03eed650489c83b5ba5dd9daf7a86cf0544fb8a58e46b860e3e42e10cd6f1c4f81179eb2c3ba611793a32abb4c0768db90e8bdd1694efaa9c2b45c89d203fdfb8b926b6a0d666d91b93065a83184fc2065961f2308056241b66f427c0f0aabc75852c90f0624cf036d537032ca8d73325d2ae2a79a7292c240c34584bb881fe5d468a051cbc0bde061f9eddfb758cd2dfba296eef549e5c4ede097111216a0ec60f90e8d6f5dd843c82e15f505f8c74e854ba9cd386249d552978eb8135a5f8c79c3ceb8dd5828b0218ffe40f375d6cf3ff2f47c276c8169ab98336582a852c1535018fb2306aca6b8c9f9e38d64c66a722762b76c69d4ca6c14bd6992549e4eec17287fce194467f972d9200c3d1ac4fd4a8f2620e2e4281d28c099946ed90789ba122705326390d3e058ceed24044e542efb36416272eadf6304f30efa0b7bc1ae5be92fe50e591ee6f725726e917ec113506920beb2aa53b39f1d76b31500", "cfb220c7d481332f3f1f8079dfe27e23185fd67a407358db7892789f96b7fa9b14daa48617a10d8a91b820ecbaa470ec0bb1f3cbce7f70ec70b19a4cad082229c2788f8611d7dc306d9a45761a97828c36ed87ebde5d4a3e1609c1422a8ae2f7cca428ebdb0dd38b90b9598a353b18a600bf35a369e6e3e5abb0a1c5c0c0e48e014e7ef1b7d768b3c5657f1adfbb7ff2985082b16c99eb83ec3660990dcf1106efa6b7f8a4798fec811c2c85faec0235c83b7093b3d02367421abc40a554e0b0d7fc1bcaece4222c594f8d20e368fe625ca433c75486fe5c94103cd17291349ee12b877602936688666f82ecd8f4f83d50bb1650e08b96cd25ad147c4c956c98649806a3736d072c8d97c6e3a46a7c18535df8d828b86662400d8e9cc861fa1dd5dc193892d3168396c499e07b279fb76c7e289f2fd955691363bc1de74536dc571817615c88b0d594a136966c129e424ccb7ef1c7c7461eac7ca5f03d72ea4c9c3d1156ee4cb1bb70e097357588b5c49f6716bbae1bd118104b42786f09a3b9f7cb80f383cadfd0c462096ff2bb637b7cf79764b6a4b7ffc5d87c1f063fb48e7f08ad5af534c70079f12f28e8921abbd4280801cdf6101ea494768b1274afd0eea5939843d56022a83590920fe446d52dfe699c33977d5592dbf7e0e236b8175d7faae06e0c50f7402174023ce4b996564e945c416fa823f2f9c3213ac50b20bd1fd55bb8d9fe70ee31ea2f404ae0fcbf857bebcc9196c8c622059fea2e248e4058905b69fb98be312d3193ea1d8ff653173e8c4ad8c81d77a5bea45b3cd6fba19b6336f94ec04c8f86d24e9ca959874577d7ca0baf3c4ff30b554bc3ccc06df46d925373fbf7863e2cf684d3bc9603ab72b851ca4728294de87f2dec6f23ca9e43ed2e5cbba662d13137fc1ce0f6ae6aeb974f72f4b750825fafb67715e425f40c7da83b92d4249a0a4e96b789cceb7b07f38cb83f72dd093a345ab3cb8ae760fc14e40ea182a0d7fe1facc62a1ab0902349fd7e27bb0cd349fb5053f4734823abf020739b4b43bb11f5d69b61295068df31177959903c2ea1bb82d24eeaa93d0d4738d5d15b2a401e7ebe0d3cfbd45b2db2882cdb41408aaa718f8320fbb7f9da4f68d0eebeef175442e807e9908132731fe5e268582dcf6dffa4251ebb7121db8e412089fa9d8af9919799547a26b6b8eb44c28f1ce5f9a3021fe30841be204c1b4b3813dccae6baeef9b53fe413cbec46bb0cd95d3793cdc9bfe6cdd96ce0c4aa4a25e1cbbeeee6c9fa558b279048c7e31d07b125bac68d4e1f4253bd4dc7824cf3d722c94cf2b8f61bc8155731f072fd447082b181a13ffb8c08a1d568298c5de2d969fae2bea070a9e2688f294e76b8c200dfb993ec19778eb56ae3127c1116ccc85ef8806fdcb9ee0cb66ff03fbb0fa6c52b9b101b3830fc1650efa859163a264b4059092e5dc9a415ec09bfd1460f142fe5ef00beb6aa9032bd0de97aefc6f65e8cfeea761b3d8174caf528b6627682ff4d4450cb0f34251fc000ed01dd538ef13260984f44703b89dfb511bfb538d0b1c8aded964e1bcc5ca57437468b14a31ec0000a17e4d24369c40500449c37e7dccedba3eceb59d827dace246b5c48afb6a5988e64c560b3dc76c32d831f51cdbc5cfc4364ac8b25372b87c92bacfedc6bc8feb44098dbebc89cda03c59e4c58a31372bd574704b9e788834b9f83c6703f6709efad97c4ce499ea580dae1de282a019247cb3dce5c1906322e6d3ca5157ea6428bc42416936fac194efe136089c07faf7adf1e923003f1dc63fcbc634b389a4f351a6acee785e23c6bb04ca2f265be1e634362b87c6f9fd369bbe62a1db6b286c7ffde6370bb4d6e9e0cc3ec451e1a99d134726c9075e71319d3a683e91e4b900061c0e6d086481069cd32f4cde7816f8e3a0ac6428a7488f31f06ee0da10df3ed0c150d29085879d064f914407f60018bb588735663647bfeda930407d69abef3f72fd461c2b85b00988b412a180fd267fc646a86d297e7e40912607157b6fa873df6442579b1523d8117f0c06c87adf75843b8bff30a5bfb4fe1e9846b7fdd58774641baf9cc9c4e38e53ed24a9d9e9dbc7657aa9b220a8545852b0409f5c0812e953823e841967bf55059acc7a4600818134359e72cfae0d04a0738ac8acca133d6395a455b22cdd6f901d4cdea1cf17415f7d7895a4b65f80d2f7c5c60a0dc04b40c9ae5ffc922e074a82afd704673e1766d19db9f60eab0238fb4a3169a08aded607847e5d752d4e24c4914b95bac3892bcfc2076f16a7f07583f0d418b9dec03afdb2e93335a392e1b1ef2910eb2a4b6a63fe61641f3c02bef73cd7e4a77a6f30ae821598c3160511603541bea89022b54f321c2a55cdeeb19335d78a821ab6ca0f36588a9a79a41e2123905a491d658c2a1caeee998c995bb0f816c92c5dc2b862183f80b9f9786c9c5524723c944d11f6894c7f008ab8194f577e22c03631d2a33205f508ea49653e7600639242dbaba704f700ac227f32dc575c559a0a1f4fe0cf6c22fbf7e1ca2ab4b1e4724e8379021e3c9a7c1509c6a413bd7d9c98938e440762eda2546d636597defa86c1ad31126a1182d365f858927d140fb0a97f80adcc5f4ed5efe11ac503453917a263f1d64692348d30f382e85e464ef7616067a42df5de1a1b622fabefe2ca4ceffa4801f7a02fdef40644cd1d079590d900727628d54b44db7ac700d8d664f7eea12837fcf347360d8e43a354fe51b4c49e8fcda3c322b738ed2b800b5cc06e22c72af2a67ee7bc8ae894e841f2cf2b0a7e381caf944bf4e91ded63b6f82f7474e4f81e986fff7e5339b8e9f60103a1af81833e120f0c88893ecabac044a4a2867cda4fdcb084459a00507aa9e5a8e761a72df3322a1ae8cd918b4994c23bdb1e459b4f21651bd7fa067a00e2a2877bf6b29f289ed8018e0a78f6fb4ded9749640e0e37f6381b320ab72da404f3d70d60152f6fa6738932387b83250cb3148141edb52f109bfd4bda8054959db01f4c550609a63c08cf01ecd110cfc6f0055638c0dde039d2ac2daafe59e561f9f08a8830c3f661e4325de63e98f4a4216ec3b83fd200201ed3f647147611424286ffc6c4a8aca64a6874743242d4feeaa9153de06e51c512d9cab7ae712c6424069f3e5db4ddebe9b48b5f6caa741162edf97674d2368e03a387f798151a4b9b9fa9e3a5838a343133158364a9fe3bb4b9a3c464c0c54a4c64ca774ad200925ac6bf59508c10a8574afde9b821741af43ec64cedc13aa220b39772195283506dfe899dd6a7b37eb21f154056a2df3564ef2bb918a928651de88c3613b84e7960bddd7b46b1304deb30f57b6fe5a3b4788629e91bcc245e748b3387f52da4bb094782326dcfde0827e2d674e41bb375247d349cade9c704e5431785009b0e53f1b45c70b237c9432e07e4c7a8464ed11608a3d2184338dd9e6f6ef4b3d751e979667b6a3953c89aff4eead7a978071a912b3de21a85a5849c57933cf53cd74a610f3e60f699766fbc7e0bb8a891a429c77bb6f3b6f9f8eb0b1bd9588ef2ce98fdf0a0838e4b0bed807d8b673093c717feec8d697e32542274887d039db7a2daed5d52c8e9767443229f8003c5d67e907376ea2f393484fa70deee159cb56f8d097b8fe2736e95f540137e20725f0940a8d049068ead4c46bb3771a671bb00de88931e03445a55868de0c220db05cbda9f996d5fe7c1070efe5e718fed4d4cb4ecacad3d6b643bc0ffe9a71b720ba7b5adbbdefe29106ef6a6ffe4547f5d02bec312147df0abe80efb2d5e598fc7c8b268e58b59e0d75728e9a18126f013c963ddc92d251405f857fe3a5cbacf443be7772975b7bf4f6d7ed6f80dfcc47a88c6d19120942adb5385be6ef3c0d7e396bcac5affc8f9276d6cd1a0b069aed72a98cde8ea7aabe6cc091b19efcfaf9368dfeb3087a05a42e3b893dae5ffeb72e6ac06e995a2a75ea0b5f7876247bb4c38cf3f0153f1f7473b522f1c440b632270e2b1d654d3a5ae16cb788482760d34ca79c8951b29c628e21029715683a3e6f8f77c5d89ecdae37e0190f79c4c1dbc9d0160e359cd6c94d6662ed53bb01a83374ff593c823acc59241b11f020902069fc0054a9b26cb320bef4fb1f8cc5bd8ae76eb029afab731b9876bc4e8708a8315512823cff1f9375d284ce66e53d4efad6c76d17bb532fc938b8f80c13ce86b5ba3e540164bc5a5d47cd321c241d8740f453ef95bd3878d578561ad6ce20877ffbd44062dce8df1d048d8d5e4045be647886108cbb1f0b26a8b74b66858afedb830a161bb02bde4c46a688a0ea3a7018ce24666aab0f422ede2f78ea29f77e28d87c744cba0285ce33d0d9ac45774829699de6d725a9b6db6e7d03ad4ec9d075c386e68ca0bcd9e9911d741ed0168cbddb87a7918a964d206629da4e887277b0ef7d3f9c7082f3f15f29a0dfb39f3b0877a5ec3ac4343e0d808f5aee8f1869923aab6dfc1016821c013109f34aece6183994b853d0e9561375c02cdd26b1b55194757341929a8038864cedd6b5a3b8b51ade44637044c4ebddb190f173969a0ca4cf5d42153763a0b91da0110ae7a25204850927d81b00176d4568a3d444d8029bd010df784e3f673fe855601ec4f1b26b2df58841e6a65f0db66373f63cc14a8b07dfc52ac9957eb542d05ed687c79519609de96df18b63cb294b534ddf7d2e8f41bcc1e5a006191c4db057b6709f0a96f18e7e8f67b8be2a19c015b9c4b0b3f42e4de366b71f8da8888809473c3c7a02a1158e375f29997a43bc7118ca4d1abb8f8f21972fc589aaa3d73a4d40a1e1705e169ac6e56cff50d89fc45b6863c8fc67bb2b5939a7f33072539ba4c24077be5711ba368bf7efd4897931531d388eb5c2e56bef337777150dd59518652145c9594e110e41d2615196c6b197916c88cc2814e13a3a922b4ecb044bf31cc90e0bfe0ce07de29188bbcb0ec1a12b509f52582fbb948c3cbe0c6964f46991cec0704bfac08aec6ad8ddfc36dc68c7f547c5ee6af4a8d55c79e3dc1c49b045379811f81e9a185a92cd37ae4ee32c5d3c82d36d6202a6c84fd231fe467071d42072827fd77afa5d757e6f37247f783ef09bdfd7536b666e84bc4bb878005b7829293a04ba090272dec844f4ef0e934617c08518bdc6b915ac6f3f03e4a6ab88e21c3f21f93b31d95ea3b9228e0031cb69795de5abd19c4cb4a0cf2984e53ca391cc66e33ee0d510151670331fa264753704fea5e4b1760f74890c49a74a47e0da13155c5470013d53dea0f05b5e088f1511c209f5be940232318af2757951d399e32eb862d915784713baa8ba93645caf04ba78fa3cf600ff92b9c5be58ad87438a340bac00a5ea9fb17e39478ba61fe36335e48d8c5a0b25f024cbd2ec7f217d0f260951da396dc13a2a74cd90df4b52db686e3b34d27cfa4cebd7bf59cbcfaf4007dc943a1da6e0bd1799a21ab449d7bb42935e50c839c5b567c59742436af15bc8d46095520dcd9273ae2b6f3c1cc2b4311ac9e5d297f0940b1552c5955adb302022022bb7457978998b56328629b7725dfbe3dedb37f37af0697a4471d1d6ff6bec633a38540adeba903f3eaaec5785fbb3c6a598f49dbd9ff93c67dea1ef39a614331b119fa8efccc8bac01595fb95a2a57eec9fc6c6fe82782aa89ea971866fd9a3bca4010182092ab6d1e2b49b964be9e3bb13bd6b77850e435f55a5d46e5bcb3330c7edefd31c33f61275e51600"}) ioctl$KVM_RUN(r9, 0xae80, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r10 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r10, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x74, 0x0, 0x0) ioctl$KVM_RUN(r10, 0xae80, 0x0) ioctl$KVM_SET_REGS(r10, 0x4090ae82, &(0x7f0000000180)={[], 0x0, 0x20002}) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r10, 0xae80, 0x0) 35.055654977s ago: executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xa, 0x6, &(0x7f0000000000)=@framed={{0xffffffb4, 0x8, 0x0, 0x0, 0x0, 0x6b, 0x11, 0x9}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0xb7}, @exit={0x95, 0x0, 0xc2}], {0x95, 0x0, 0x1200}}, &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195}, 0x70) 34.90702842s ago: executing program 0: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000280)='./file0\x00', 0xc, &(0x7f00000000c0)=ANY=[], 0x1, 0x25d, &(0x7f0000000c00)="$eJzs3E+LG2UcB/Cf27q73dJmDyIoiA960cvQ3b6CIC2IC8raiHoQpu6shh2TJRMiEbG9efV1FI/eBPUN7MWbd297Ebz0IEY2f7axRrRl11Hz+UB4fuHJlzyTTMJv5vAcv/3FRwf7Vbaf92NlPcVKxN24H7F5Uk09MR1XxvVqzLsbL1/++Yfn3nzn3deaOzs3dlO62bx1fTuldPX5bz7+9MsXvutffuurq1+vxdHme8c/bf949PTRM8e/3vqwXaV2lTrdfsrT7W539m7VQZbSG2WRV0Vqd6qiN53v57fLIu2X3cPDYco7e1c2DntFVaW8M0wHxTD1u6nfG6b8g7zdSVmWpSsbwV9p3dvdzZt1r4Lz1es18wsRcekPM60LtSwIAKjVWfX/q7P+/2T6Mfr/SX+/1/5H+//rZ/1p/tfo/5fBSf+/Mf39/l7rXi0LAgAAAAAAAAAAAAAAHsn90agxGo0as3H2WIuI9YiYPa97nZwP3/9ym9u4Yz2i/HzQGrQm42S+uR/tKKOIa9GIX8bnw9Skvvnqzo1raWwzvi3vTPN3BtOtBU7zW9GIzcX5rUk+zeej9WRszOe3oxFPLc5vL8gPWqvx0otz+Swa8f370Y0y9sbn9YP8Z1spvfL6zkP5S+PXAQAAwP9Blk4tvH7Psj+bn+Qf4f7AQ9fXF+PZi/UeOwAAACyLavjJQV6WRU+hUChOi7r/mQAAgLP2oOmveyUAAAAAAAAAAAAAAAAAAACwvB5rh7DR2iT8N1N1HyMAAAAAAAAAAAAAAAAAAAAAAAD8W/wWAAD//ySDKGU=") r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) renameat2(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', r0, &(0x7f0000000980)='./file0\x00', 0x2) 34.663044168s ago: executing program 0: prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000340)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r0}, 0x10) rt_sigtimedwait(&(0x7f00000001c0), 0x0, 0xfffffffffffffffc, 0x8) 33.686410951s ago: executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001c40)=@newtaction={0xf0, 0x30, 0x1, 0x0, 0x0, {}, [{0xdc, 0x1, [@m_police={0x6c, 0x1, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c}]]}, {0x4}, {0xc}, {0xc}}}, @m_police={0x6c, 0x2, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x1}}]]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xf0}}, 0x0) 30.799621653s ago: executing program 1: syz_mount_image$nilfs2(&(0x7f0000000dc0), &(0x7f0000000e00)='./file0\x00', 0x0, &(0x7f0000000e40), 0x1, 0xd99, &(0x7f0000000e80)="$eJzs3UtvXNUdAPBzx544LxqHmMZN09glpbiP2CRYpbsaKV2gSqgSnwClgYYa+ghdgIKUsOi2kRAfoIh9F31mgRSxSsWmVb8AYtVNipBoG1UCI9vnjMf/zOjOOLbH4/n9pDtn7v2fe88587hz575OAkZWY+1xcXG6SuntW29dvDcz/r/VKTOtHLNrj+N5bCml1GzNl9JkWN7SxHr62SfXLrWnn+e0ShdSlarW9PTs3da8R1JK19Nsup0m03Mfn7z50gfPLL934saJi2/M3dmZ1gMAwGi596N3f/m3x3947fj/f39mKU20ppft86U8fjRv9y9V6+M5af0PqNrSqm28OBDyjeehEfKNdcjXXk4z5BvvUv6BsNxml3wTNeWPtU3r1G4YZhv/46vG/KbxRmN+fv0/+aoPxw5U869cWX7h6oAqCmy7T2fyLj6DwTByw8qxQa+BANbF44b3uR73LDyY1tLGeyv/7tONzvPDNtjtz7/yh6v8d29Y47B99uunqbSrfI+O5vF4HGE8zNfv978sLx6PaPZYz27HEYbl+EK3eo7tcj22qlv94+div/paTsvrcCbE278/8T0dlvcY6Oye/f8Gw8gOK4NeAQF7VjxvbiUr8XheX4xP1MQP1sQP1cQP18SP1MRhlP3h1d+mm9XG//z4n77f/WFlP9tDOf1Sn/WJ+yP7LT+e99uvBy0/nk8Me9rcf09/+uvbf4/n/38ezv8/m39LJ/MKouwvjPvVW+f+hwuDG13yPRyq81CH/GvPpzbnq6Y2lpPa1jP31WN683zHuuU7vTnfZMh3OG+LHAz1jdsnh8N8ZfujrFfL6zUe2tsM7TgQ6lHemeM5PRjac7xbu8KO7AMhXzMPJ0K7pkK7HgnzfTm0q5re3K64/7zU52SYHo+TlHzhbbvvdym+F/G6jEdz+mZO38np+zn9qEO5o6h8Hrud/18+n9OpWb1wZfnyE3m8fE7vjDUnVqef3+V6Aw+u1+t/ptPm63+OtqY3G+3rhWMb06v29cJkmH6hy/Qn83j5Pfvp2KG16fOXfr78k+1uPIy4q6+9/rPnl5cv/8oTTzzxpPVk0GsmYKctvPryLxauvvb6uSsvP//i5Rcvv3L+ie9/78mnnlpcWNuqX2jftgf2l40f/UHXBAAAAAAAAAAAAOhZdajz5JzW3d+2XE9erk+P18czHMr7Vj4N5T4G5frPbvd1KddvHt+FOrL9duNyokG3Eejs3+7/azCM7LCy4i7+wN4w6P7/yn0PS3r03D+Prw4l292nN68v4/0L4UHs9f7nlL+/+v9r9X/V8/ov9Jg1ubVy/3jv0D/aik2nei0/tr/cB3aqv/L/lMsvrXks9Vb+yu9C+fFGpT36cyj/cI/l39f+01sr/y+5/PKyzZ3ttfz1GleNzfWI+43LfQDjfuPir6H95d5+fbd/ix213crlwygbln4m+zUs/X92U5Zb1oN59dw6Tlfuvx37O+i3/uW+3+V34JGw/Krm903/n8Otrv/P8vlb0P8n7DsfOv5nMIzssLKyMtCuT0a135W9YtCv/6C3IQdd/qBf/zqx/8/4fyn2/xnjsf/PGI/9f8Z47F8rxmP/n/H1jP1/xvjJsNzYP+h0TfwrNfFTNfGv1sRP18Tj/7cYn62Jn6mJz9TEH66JP1oTP1sT/0ZN/LGa+OM18bma+H739ZyOavthlMV+I33/YXSU4z/dvv9TNXFgeMV+neP3+5s1cWB4lfM8fL9hBFWd79gR97eX/bhv5vSdnL6f0492rILshm/l9Ns5/U5Ov5vTczmdz+lCTvUNOdx+869TZ25WG+f5HQvxXs8njdcDxPvEnO+xPvH4XL/ns57ssZydKn+Ll4MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADI3G2uPi4nSV0tu33rr4n6kf/Hh1ykwrx+za43geW0opNVNKVR4fD8u7PrGefvbJtUud0ipdWHss4+nZu615j6zOn2bT7TSZnvv45M2XPnhm+b0TN05cfGPuzs60HgAAAEbDFwEAAP//ManlwQ==") openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events\x00', 0x275a, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuset.effective_cpus\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuset.effective_cpus\x00', 0x275a, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0xffc9) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r2, &(0x7f0000000200), 0xf000) write$binfmt_script(r1, &(0x7f0000000140), 0xfcb8) 30.357683022s ago: executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000100)='fd\x00') r1 = landlock_create_ruleset(&(0x7f0000000240)={0x1fff}, 0x10, 0x0) landlock_restrict_self(r1, 0x0) fchdir(r0) open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0) 30.245971839s ago: executing program 1: syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0xffffffffffffff33, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0) socket$netlink(0x10, 0x3, 0x0) syz_emit_ethernet(0x0, 0x0, &(0x7f00000000c0)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 30.077989295s ago: executing program 1: r0 = open(&(0x7f0000000000)='./bus\x00', 0x1c5c7e, 0x0) r1 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) close(r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) write$binfmt_elf64(r2, &(0x7f0000000000)=ANY=[], 0x10132) mount$9p_fd(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000100), 0x0, &(0x7f00000001c0)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 30.027243983s ago: executing program 1: r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00'}, 0x80) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r0, 0xf, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x6, 0x17, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7020000000000008500000017000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r2, 0xfca804a0, 0x0, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 3.638881472s ago: executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$IEEE802154_LIST_IFACE(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x28, r1, 0x8, 0x70bd2c, 0x25dfdbfc, {}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}, @IEEE802154_ATTR_DEV_INDEX={0x8}]}, 0x28}}, 0x40014) r2 = socket(0x40000000015, 0x5, 0x0) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a01010000000000000000020000000900010073797a300000000008000240000000032c000000030a01030000000000000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) r4 = dup(r3) sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)=ANY=[@ANYBLOB="140000001000011b00000000000000000000000a2c000000050a01010000000000000000020000000900010073797a30000000000900030073797a32000000002c000000030acd8f0000000000000000020000000900030073797a32000000000900010073797a30"], 0x80}}, 0x0) 0s ago: executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x3, 0xc, &(0x7f0000000000)=@framed={{}, [@ringbuf_output={{0x18, 0x5, 0x1, 0x0, r0}, {}, {0x3, 0x3, 0x3, 0xa, 0x5}, {}, {}, {}, {0x7, 0x0, 0xb, 0x2}, {0x85, 0x0, 0x0, 0x98}}]}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) kernel console output (not intermixed with test programs): bulk endpoint 0x3 has invalid maxpacket 0 [ 325.813737][ T6780] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 325.831274][ T4354] usb 3-1: string descriptor 0 read error: -22 [ 325.855485][ T4354] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 325.901403][ T4354] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 325.948362][ T4677] EXT4-fs (loop4): unmounting filesystem. [ 326.060565][ T6783] loop1: detected capacity change from 0 to 2048 [ 326.089578][ T6783] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 326.375526][ T4354] cdc_ncm 3-1:1.0: bind() failure [ 326.656377][ T4354] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found [ 326.835866][ T4354] cdc_ncm 3-1:1.1: bind() failure [ 327.165192][ T4354] usb 3-1: USB disconnect, device number 4 [ 327.317910][ T6789] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.2'. [ 327.543864][ T6670] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 327.778391][ T6670] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 327.857867][ T1255] ieee802154 phy0 wpan0: encryption failed: -22 [ 327.868732][ T1255] ieee802154 phy1 wpan1: encryption failed: -22 [ 327.901278][ T6366] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 327.978167][ T6670] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 328.081965][ T6670] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 328.112562][ T6812] loop0: detected capacity change from 0 to 64 [ 328.143946][ T3585] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 328.164746][ T3585] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 328.192112][ T3585] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 328.203350][ T3585] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 328.212321][ T3585] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 328.223090][ T3585] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 328.321316][ T6366] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 328.383058][ T6366] usb 3-1: config 0 has no interfaces? [ 328.401681][ T6366] usb 3-1: New USB device found, idVendor=056a, idProduct=4001, bcdDevice= 0.00 [ 328.461131][ T6366] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 328.503018][ T6366] usb 3-1: config 0 descriptor?? [ 328.526035][ T6820] loop0: detected capacity change from 0 to 2048 [ 328.566826][ T6820] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 328.740012][ T6794] loop4: detected capacity change from 0 to 32768 [ 328.761109][ T6794] XFS: noikeep mount option is deprecated. [ 328.806887][ T4358] usb 3-1: USB disconnect, device number 5 [ 328.849260][ T6794] XFS (loop4): Mounting V5 Filesystem [ 329.049069][ T6794] XFS (loop4): Ending clean mount [ 329.079260][ T6794] XFS (loop4): Quotacheck needed: Please wait. [ 329.136093][ T6813] chnl_net:caif_netlink_parms(): no params data found [ 329.181267][ T6794] XFS (loop4): Quotacheck: Done. [ 329.448086][ T4677] XFS (loop4): Unmounting Filesystem [ 329.804757][ T6813] bridge0: port 1(bridge_slave_0) entered blocking state [ 329.822339][ T6813] bridge0: port 1(bridge_slave_0) entered disabled state [ 329.860776][ T6813] device bridge_slave_0 entered promiscuous mode [ 330.008185][ T6813] bridge0: port 2(bridge_slave_1) entered blocking state [ 330.017299][ T6868] loop0: detected capacity change from 0 to 512 [ 330.039022][ T6813] bridge0: port 2(bridge_slave_1) entered disabled state [ 330.101603][ T6813] device bridge_slave_1 entered promiscuous mode [ 330.112487][ T6868] EXT4-fs: Ignoring removed nobh option [ 330.178139][ T6868] EXT4-fs (sda1): can't mount with journal_async_commit in data=ordered mode [ 330.253666][ T3582] Bluetooth: hci4: command tx timeout [ 330.309361][ T6813] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 330.315979][ T6876] loop1: detected capacity change from 0 to 190 [ 330.336230][ T6876] __ntfs_warning: 17 callbacks suppressed [ 330.336251][ T6876] ntfs: (device loop1): is_boot_sector_ntfs(): Invalid boot sector checksum. [ 330.360565][ T6876] ntfs: (device loop1): ntfs_mapping_pairs_decompress(): Corrupt attribute. [ 330.385922][ T6876] ntfs: (device loop1): ntfs_read_block(): Failed to read from inode 0x1, attribute type 0x80, vcn 0x0, offset 0x0 because its location on disk could not be determined even after retrying (error code -5). [ 330.463746][ T6670] device hsr_slave_0 left promiscuous mode [ 330.489414][ T6876] ntfs: (device loop1): check_mft_mirror(): Failed to read $MFTMirr. [ 330.531185][ T6876] ntfs: (device loop1): load_system_files(): $MFTMirr does not match $MFT. Will not be able to remount read-write. Run ntfsfix and/or chkdsk. [ 330.569411][ T6670] device hsr_slave_1 left promiscuous mode [ 330.580269][ T6882] loop2: detected capacity change from 0 to 256 [ 330.589402][ T6670] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 330.609372][ T6670] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 330.621440][ T6876] ntfs: (device loop1): ntfs_attr_find(): Inode is corrupt. Run chkdsk. [ 330.643128][ T6670] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 330.656858][ T6876] ntfs: (device loop1): ntfs_read_locked_inode(): Failed to lookup attribute list attribute. [ 330.674910][ T6670] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 330.711147][ T6876] ntfs: (device loop1): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xa as bad. Run chkdsk. [ 330.742588][ T6670] device bridge_slave_1 left promiscuous mode [ 330.751355][ T6670] bridge0: port 2(bridge_slave_1) entered disabled state [ 330.766438][ T6670] device bridge_slave_0 left promiscuous mode [ 330.776348][ T6876] ntfs: (device loop1): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 330.792174][ T6670] bridge0: port 1(bridge_slave_0) entered disabled state [ 330.807112][ T6876] ntfs: volume version 3.1. [ 330.823318][ T6876] ntfs: (device loop1): ntfs_read_locked_inode(): Inode is not in use! [ 330.842586][ T6876] syz-executor.1: attempt to access beyond end of device [ 330.842586][ T6876] loop1: rw=0, sector=552, nr_sectors = 8 limit=190 [ 330.894094][ T6670] device veth1_macvtap left promiscuous mode [ 330.919885][ T6670] device veth0_macvtap left promiscuous mode [ 330.932751][ T6876] syz-executor.1: attempt to access beyond end of device [ 330.932751][ T6876] loop1: rw=0, sector=552, nr_sectors = 8 limit=190 [ 330.963035][ T6670] device veth1_vlan left promiscuous mode [ 330.971617][ T6670] device veth0_vlan left promiscuous mode [ 330.988981][ T6892] loop2: detected capacity change from 0 to 128 [ 331.702490][ T6883] loop0: detected capacity change from 0 to 32768 [ 331.713891][ T6883] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz-executor.0 (6883) [ 331.747083][ T6883] BTRFS info (device loop0): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 331.765041][ T6883] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 331.781070][ T6883] BTRFS info (device loop0): force clearing of disk cache [ 331.791277][ T6883] BTRFS info (device loop0): use zlib compression, level 3 [ 331.821897][ T6883] BTRFS info (device loop0): using free space tree [ 331.862116][ T6670] team0 (unregistering): Port device team_slave_1 removed [ 331.884442][ T6670] team0 (unregistering): Port device team_slave_0 removed [ 331.909009][ T6670] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 331.927649][ T6883] BTRFS info (device loop0): enabling ssd optimizations [ 331.956023][ T6883] BTRFS info (device loop0): rebuilding free space tree [ 331.974349][ T6670] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 332.141422][ T6670] bond0 (unregistering): Released all slaves [ 332.221758][ T4947] BTRFS info (device loop0): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 332.248421][ T6813] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 332.331579][ T3585] Bluetooth: hci4: command tx timeout [ 332.445336][ T6813] team0: Port device team_slave_0 added [ 332.522963][ T6813] team0: Port device team_slave_1 added [ 332.804342][ T6929] loop2: detected capacity change from 0 to 2048 [ 332.828530][ T6929] UDF-fs: error (device loop2): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 332.855800][ T6929] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 333.005442][ T6813] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 333.040231][ T6813] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 333.207157][ T6813] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 333.267669][ T6813] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 333.301896][ T6813] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 333.319839][ T6937] loop0: detected capacity change from 0 to 2048 [ 333.400879][ T6937] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 333.447984][ T6941] loop4: detected capacity change from 0 to 2048 [ 333.459569][ T6813] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 333.489179][ T6945] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 333.489934][ T6937] syz-executor.0: attempt to access beyond end of device [ 333.489934][ T6937] loop0: rw=524288, sector=33554430, nr_sectors = 2 limit=2048 [ 333.554734][ T6941] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 333.663672][ T6947] loop2: detected capacity change from 0 to 1024 [ 333.724684][ T6813] device hsr_slave_0 entered promiscuous mode [ 333.777225][ T6947] hfsplus: bad catalog entry type [ 333.794025][ T6813] device hsr_slave_1 entered promiscuous mode [ 333.832275][ T6813] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 333.911639][ T6813] Cannot create hsr debugfs directory [ 333.912887][ T3638] hfsplus: b-tree write err: -5, ino 4 [ 334.451256][ T3585] Bluetooth: hci4: command tx timeout [ 335.637010][ T6965] tmpfs: Cannot retroactively limit size [ 336.511924][ T3585] Bluetooth: hci4: command tx timeout [ 337.014629][ T26] kauditd_printk_skb: 9 callbacks suppressed [ 337.014647][ T26] audit: type=1804 audit(1718713787.721:44): pid=6981 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir1916410237/syzkaller.fz1xyQ/123/file0" dev="sda1" ino=1956 res=1 errno=0 [ 337.267877][ T6813] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 337.351528][ T6813] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 337.405131][ T6813] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 337.517119][ T6813] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 338.921264][ T6813] 8021q: adding VLAN 0 to HW filter on device bond0 [ 339.084705][ T4136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 339.112607][ T4136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 339.182742][ T6813] 8021q: adding VLAN 0 to HW filter on device team0 [ 339.239328][ T4136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 339.290600][ T4136] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 339.342280][ T4136] bridge0: port 1(bridge_slave_0) entered blocking state [ 339.352092][ T4136] bridge0: port 1(bridge_slave_0) entered forwarding state [ 339.441092][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 339.500194][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 339.552112][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 339.606237][ T153] bridge0: port 2(bridge_slave_1) entered blocking state [ 339.620182][ T153] bridge0: port 2(bridge_slave_1) entered forwarding state [ 339.734626][ T4135] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 339.762369][ T4135] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 339.813765][ T4135] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 339.839973][ T7018] loop2: detected capacity change from 0 to 2048 [ 339.853756][ T4135] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 339.924738][ T7018] UDF-fs: error (device loop2): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 339.945145][ T7020] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 340.032133][ T4136] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 340.042178][ T7018] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 340.073117][ T4136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 340.117473][ T4136] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 340.171320][ T3582] Bluetooth: hci2: command 0x0406 tx timeout [ 340.195206][ T4136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 340.341529][ T4136] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 340.448413][ T7022] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 340.546676][ T4136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 340.588029][ T4136] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 340.669605][ T6813] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 340.765218][ T7010] loop1: detected capacity change from 0 to 32768 [ 340.787348][ T7010] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop1 scanned by syz-executor.1 (7010) [ 340.833071][ T7010] BTRFS info (device loop1): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 340.878313][ T7010] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 340.931484][ T7010] BTRFS info (device loop1): force clearing of disk cache [ 340.961028][ T7010] BTRFS info (device loop1): use zlib compression, level 3 [ 341.030225][ T7010] BTRFS info (device loop1): using free space tree [ 341.056079][ T7044] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 342.657933][ T4135] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 342.701358][ T4135] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 342.748462][ T6813] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 342.860619][ T4135] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 342.902466][ T4135] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 342.944023][ T7010] BTRFS error (device loop1): open_ctree failed [ 343.268922][ T6813] device veth0_vlan entered promiscuous mode [ 343.295517][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 343.318550][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 343.412335][ T7086] tmpfs: Cannot retroactively limit size [ 343.650837][ T4120] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 344.088536][ T4120] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 344.134543][ T6813] device veth1_vlan entered promiscuous mode [ 344.244230][ T4120] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 344.431817][ T6813] device veth0_macvtap entered promiscuous mode [ 344.501865][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 344.532385][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 344.594953][ T6813] device veth1_macvtap entered promiscuous mode [ 344.702880][ T4135] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 344.754754][ T4135] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 344.853271][ T7109] loop1: detected capacity change from 0 to 256 [ 344.878952][ T7109] exfat: Deprecated parameter 'namecase' [ 344.904218][ T6813] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 344.965294][ T6813] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 345.024075][ T6813] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 345.042417][ T7109] exFAT-fs (loop1): failed to load upcase table (idx : 0x00011e5d, chksum : 0x63a11b78, utbl_chksum : 0xe619d30d) [ 345.089076][ T6813] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 345.136422][ T6813] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 345.185008][ T6813] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 345.231630][ T6813] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 345.290386][ T6813] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 345.374735][ T6813] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 345.439221][ T3619] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 345.468167][ T3619] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 345.482865][ T7116] loop4: detected capacity change from 0 to 512 [ 345.542965][ T6813] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 345.607070][ T7116] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256 [ 345.651116][ T6813] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 345.695208][ T6813] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 345.775073][ T6813] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 345.831673][ T6813] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 345.881032][ T6813] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 345.915858][ T6813] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 345.959345][ T6813] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 346.010855][ T6813] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 346.063715][ T4357] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 346.109861][ T4357] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 346.147874][ T6813] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 346.199878][ T6813] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 346.252306][ T6813] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 346.291066][ T6813] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 346.626665][ T6670] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 346.679731][ T6670] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 346.781380][ T102] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 346.801669][ T3619] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 346.844017][ T102] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 346.947677][ T4357] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 347.065115][ T7120] loop1: detected capacity change from 0 to 32768 [ 347.107993][ T7120] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by syz-executor.1 (7120) [ 347.219919][ T7120] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 347.301601][ T7120] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 347.327365][ T7120] BTRFS info (device loop1): using free space tree [ 347.601816][ T7125] loop4: detected capacity change from 0 to 32768 [ 347.620412][ T7125] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop4 scanned by syz-executor.4 (7125) [ 347.642409][ T7120] BTRFS info (device loop1): enabling ssd optimizations [ 347.655389][ T7125] BTRFS info (device loop4): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 347.672252][ T7125] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [ 347.690187][ T7125] BTRFS info (device loop4): force clearing of disk cache [ 347.704263][ T7125] BTRFS info (device loop4): use zlib compression, level 3 [ 347.737012][ T7125] BTRFS info (device loop4): using free space tree [ 347.831935][ T4876] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 348.892996][ T7125] BTRFS info (device loop4): enabling ssd optimizations [ 348.995673][ T7125] BTRFS info (device loop4): rebuilding free space tree [ 349.371835][ T7197] loop3: detected capacity change from 0 to 2048 [ 349.385832][ T7199] loop0: detected capacity change from 0 to 256 [ 349.394336][ T7197] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 349.416610][ T7199] exfat: Deprecated parameter 'namecase' [ 349.477122][ T4677] BTRFS info (device loop4): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 349.481763][ T7199] exFAT-fs (loop0): failed to load upcase table (idx : 0x00011e5d, chksum : 0x63a11b78, utbl_chksum : 0xe619d30d) [ 351.052092][ T7215] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 351.168851][ T7218] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 352.988685][ T7256] loop3: detected capacity change from 0 to 1024 [ 353.150641][ T7267] loop2: detected capacity change from 0 to 8 [ 353.157674][ T7256] syz-executor.3: attempt to access beyond end of device [ 353.157674][ T7256] loop3: rw=2057, sector=262, nr_sectors = 65274 limit=1024 [ 353.158402][ T7256] syz-executor.3: attempt to access beyond end of device [ 353.158402][ T7256] loop3: rw=1, sector=262, nr_sectors = 2048 limit=1024 [ 353.229426][ T7256] syz-executor.3: attempt to access beyond end of device [ 353.229426][ T7256] loop3: rw=1, sector=2310, nr_sectors = 2048 limit=1024 [ 353.252272][ T7256] syz-executor.3: attempt to access beyond end of device [ 353.252272][ T7256] loop3: rw=1, sector=4358, nr_sectors = 2048 limit=1024 [ 354.053942][ T7256] syz-executor.3: attempt to access beyond end of device [ 354.053942][ T7256] loop3: rw=1, sector=6406, nr_sectors = 2048 limit=1024 [ 354.111630][ T7256] syz-executor.3: attempt to access beyond end of device [ 354.111630][ T7256] loop3: rw=1, sector=8454, nr_sectors = 2048 limit=1024 [ 354.239622][ T7274] loop4: detected capacity change from 0 to 512 [ 354.257579][ T7256] syz-executor.3: attempt to access beyond end of device [ 354.257579][ T7256] loop3: rw=1, sector=10502, nr_sectors = 2048 limit=1024 [ 354.287150][ T7256] syz-executor.3: attempt to access beyond end of device [ 354.287150][ T7256] loop3: rw=1, sector=12550, nr_sectors = 2048 limit=1024 [ 354.325452][ T7256] syz-executor.3: attempt to access beyond end of device [ 354.325452][ T7256] loop3: rw=1, sector=14598, nr_sectors = 2048 limit=1024 [ 354.350371][ T7272] loop1: detected capacity change from 0 to 4096 [ 354.351879][ T7256] syz-executor.3: attempt to access beyond end of device [ 354.351879][ T7256] loop3: rw=1, sector=16646, nr_sectors = 2048 limit=1024 [ 354.416532][ T7274] EXT4-fs error (device loop4): ext4_get_branch:178: inode #11: block 4294967295: comm syz-executor.4: invalid block [ 354.484057][ T7274] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #11: comm syz-executor.4: invalid indirect mapped block 4294967295 (level 1) [ 354.485035][ T7272] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 354.542829][ T7274] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #11: comm syz-executor.4: invalid indirect mapped block 4294967295 (level 1) [ 354.610522][ T7274] EXT4-fs (loop4): 2 truncates cleaned up [ 354.629645][ T7274] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 354.698000][ T4876] EXT4-fs (loop1): unmounting filesystem. [ 354.846750][ T4677] EXT4-fs (loop4): unmounting filesystem. [ 355.271185][ T4135] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 355.350188][ T7318] loop4: detected capacity change from 0 to 8 [ 355.536882][ T7323] loop2: detected capacity change from 0 to 4096 [ 355.560206][ T7323] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 355.645317][ T5111] EXT4-fs (loop2): unmounting filesystem. [ 355.722488][ T4135] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 355.757945][ T4135] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 355.786648][ T4135] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 356.022054][ T4135] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 356.051227][ T4135] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 356.084962][ T4135] usb 4-1: Product: syz [ 356.089980][ T4135] usb 4-1: Manufacturer: syz [ 356.116759][ T4135] usb 4-1: SerialNumber: syz [ 356.192097][ T4135] usb 4-1: selecting invalid altsetting 1 [ 356.402026][ T7343] loop4: detected capacity change from 0 to 8192 [ 356.456550][ T7343] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 356.562389][ T7356] loop0: detected capacity change from 0 to 4096 [ 356.593684][ T7329] loop1: detected capacity change from 0 to 32768 [ 356.593795][ T7343] REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal [ 356.615227][ T7343] REISERFS (device loop4): using ordered data mode [ 356.620015][ T7329] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by syz-executor.1 (7329) [ 356.630087][ T7343] reiserfs: using flush barriers [ 356.653404][ T4135] usb 4-1: selecting invalid altsetting 1 [ 356.660366][ T4135] cdc_ncm 4-1:1.0: bind() failure [ 356.662210][ T7356] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 356.681678][ T7343] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 356.708151][ T7343] REISERFS (device loop4): checking transaction log (loop4) [ 356.727217][ T7343] REISERFS (device loop4): Using tea hash to sort names [ 356.740055][ T7343] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage. [ 356.796349][ T7329] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 356.822409][ T4947] EXT4-fs (loop0): unmounting filesystem. [ 356.824276][ T7329] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 356.841176][ T22] usb 4-1: USB disconnect, device number 5 [ 356.873442][ T7329] BTRFS info (device loop1): turning off barriers [ 356.911247][ T7363] loop2: detected capacity change from 0 to 512 [ 356.916858][ T7329] BTRFS info (device loop1): setting nodatasum [ 356.938061][ T7363] EXT4-fs: Ignoring removed bh option [ 356.940736][ T7329] BTRFS info (device loop1): setting incompat feature flag for COMPRESS_LZO (0x8) [ 356.978058][ T7363] EXT4-fs (loop2): orphan cleanup on readonly fs [ 356.994213][ T7329] BTRFS info (device loop1): force lzo compression, level 0 [ 357.004638][ T7363] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -2 [ 357.023181][ T7363] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz-executor.2: invalid indirect mapped block 8 (level 2) [ 357.042699][ T7329] BTRFS info (device loop1): using free space tree [ 357.050772][ T7363] EXT4-fs (loop2): Remounting filesystem read-only [ 357.070849][ T7363] EXT4-fs (loop2): 1 truncate cleaned up [ 357.089349][ T7363] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 357.172332][ T7329] BTRFS info (device loop1): checking UUID tree [ 357.354025][ T4876] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 357.955195][ T7402] loop4: detected capacity change from 0 to 1024 [ 358.172581][ T7405] loop0: detected capacity change from 0 to 4096 [ 358.256571][ T5111] EXT4-fs (loop2): unmounting filesystem. [ 358.361542][ T6609] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 358.510019][ T7411] loop4: detected capacity change from 0 to 8192 [ 358.557880][ T7411] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 358.630169][ T7411] REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal [ 358.656017][ T7411] REISERFS (device loop4): using ordered data mode [ 358.671552][ T6609] usb 4-1: Using ep0 maxpacket: 32 [ 358.713456][ T7411] reiserfs: using flush barriers [ 358.741213][ T7411] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 358.799928][ T7411] REISERFS (device loop4): checking transaction log (loop4) [ 358.823648][ T7411] REISERFS (device loop4): Using tea hash to sort names [ 358.841490][ T6609] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 358.859255][ T7411] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage. [ 358.898326][ T6609] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 358.952567][ T6609] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 359.008788][ T6609] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 359.060435][ T6609] usb 4-1: New USB device found, idVendor=1b96, idProduct=000a, bcdDevice= 0.00 [ 359.113228][ T6609] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 359.162660][ T6609] usb 4-1: config 0 descriptor?? [ 359.271710][ T7434] TCP: request_sock_subflow_v6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 359.448657][ T7414] loop2: detected capacity change from 0 to 40427 [ 359.492776][ T7436] loop1: detected capacity change from 0 to 1024 [ 359.501533][ T7414] F2FS-fs (loop2): invalid crc value [ 359.519855][ T7414] F2FS-fs (loop2): Found nat_bits in checkpoint [ 359.533980][ T7436] bio_check_eod: 56 callbacks suppressed [ 359.534003][ T7436] syz-executor.1: attempt to access beyond end of device [ 359.534003][ T7436] loop1: rw=2057, sector=262, nr_sectors = 65274 limit=1024 [ 359.606968][ T7436] syz-executor.1: attempt to access beyond end of device [ 359.606968][ T7436] loop1: rw=1, sector=262, nr_sectors = 2048 limit=1024 [ 359.651510][ T7436] syz-executor.1: attempt to access beyond end of device [ 359.651510][ T7436] loop1: rw=1, sector=2310, nr_sectors = 2048 limit=1024 [ 359.683515][ T6609] ntrig 0003:1B96:000A.0005: unknown main item tag 0x0 [ 359.691479][ T7414] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 359.701725][ T6609] ntrig 0003:1B96:000A.0005: item fetching failed at offset 4/5 [ 359.710150][ T7436] syz-executor.1: attempt to access beyond end of device [ 359.710150][ T7436] loop1: rw=1, sector=4358, nr_sectors = 2048 limit=1024 [ 359.722860][ T6609] ntrig 0003:1B96:000A.0005: parse failed [ 359.749914][ T6609] ntrig: probe of 0003:1B96:000A.0005 failed with error -22 [ 359.758239][ T7436] syz-executor.1: attempt to access beyond end of device [ 359.758239][ T7436] loop1: rw=1, sector=6406, nr_sectors = 2048 limit=1024 [ 359.793257][ T7436] syz-executor.1: attempt to access beyond end of device [ 359.793257][ T7436] loop1: rw=1, sector=8454, nr_sectors = 2048 limit=1024 [ 359.847413][ T7436] syz-executor.1: attempt to access beyond end of device [ 359.847413][ T7436] loop1: rw=1, sector=10502, nr_sectors = 2048 limit=1024 [ 359.888081][ T6609] usb 4-1: USB disconnect, device number 6 [ 359.909089][ T7437] f2fs_ckpt-7:2: attempt to access beyond end of device [ 359.909089][ T7437] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 359.927228][ T7436] syz-executor.1: attempt to access beyond end of device [ 359.927228][ T7436] loop1: rw=1, sector=12550, nr_sectors = 2048 limit=1024 [ 359.979743][ T7436] syz-executor.1: attempt to access beyond end of device [ 359.979743][ T7436] loop1: rw=1, sector=14598, nr_sectors = 2048 limit=1024 [ 360.123832][ T7451] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 360.215179][ T7451] overlayfs: option "index=on" is useless in a non-upper mount, ignore [ 360.269432][ T7451] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 360.458635][ T7453] loop1: detected capacity change from 0 to 4096 [ 361.292581][ T7481] loop2: detected capacity change from 0 to 1024 [ 361.635410][ T7487] loop3: detected capacity change from 0 to 4096 [ 362.971884][ T7510] netlink: 'syz-executor.2': attribute type 1 has an invalid length. [ 363.023320][ T7514] loop3: detected capacity change from 0 to 256 [ 363.086194][ T7514] exFAT-fs (loop3): failed to load upcase table (idx : 0x0001003e, chksum : 0x00424b3e, utbl_chksum : 0xe619d30d) [ 363.098334][ T7512] loop4: detected capacity change from 0 to 2048 [ 363.239880][ T7512] UDF-fs: error (device loop4): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 363.295282][ T7512] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 363.477451][ T7532] loop0: detected capacity change from 0 to 4096 [ 363.850508][ T7549] loop0: detected capacity change from 0 to 256 [ 363.900163][ T7549] exFAT-fs (loop0): failed to load upcase table (idx : 0x0001003e, chksum : 0x00424b3e, utbl_chksum : 0xe619d30d) [ 363.921186][ C0] vkms_vblank_simulate: vblank timer overrun [ 364.434063][ T7567] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 364.455013][ T7563] loop4: detected capacity change from 0 to 2048 [ 364.487905][ T7567] overlayfs: option "index=on" is useless in a non-upper mount, ignore [ 364.529665][ T7543] loop1: detected capacity change from 0 to 40427 [ 364.537584][ T7563] UDF-fs: error (device loop4): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 364.554892][ T7567] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 364.573838][ T7543] F2FS-fs (loop1): Small segment_count (9 < 1 * 24) [ 364.584728][ T7543] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 364.607120][ T7563] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 364.639737][ T7572] TCP: request_sock_subflow_v6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 364.677295][ T7543] F2FS-fs (loop1): Found nat_bits in checkpoint [ 364.889862][ T7543] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 364.911108][ T7543] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 365.026880][ T26] audit: type=1804 audit(1718713815.731:45): pid=7543 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir1028619555/syzkaller.5acHPt/140/file2/file0" dev="loop1" ino=10 res=1 errno=0 [ 365.061709][ C0] vkms_vblank_simulate: vblank timer overrun [ 365.081087][ T3621] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 365.127559][ T4876] bio_check_eod: 57 callbacks suppressed [ 365.127593][ T4876] syz-executor.1: attempt to access beyond end of device [ 365.127593][ T4876] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 365.331394][ T3621] usb 4-1: Using ep0 maxpacket: 32 [ 365.468855][ T7595] TCP: request_sock_subflow_v6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 365.471257][ T3621] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 365.527083][ T3621] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 365.548928][ T3621] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 365.591042][ T3621] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 365.613838][ T3621] usb 4-1: config 0 descriptor?? [ 365.652094][ T3621] hub 4-1:0.0: USB hub found [ 365.760230][ T7599] loop0: detected capacity change from 0 to 2048 [ 365.786991][ T7599] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 365.815205][ T7599] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 365.871171][ T3621] hub 4-1:0.0: 1 port detected [ 366.087670][ T7577] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.3'. [ 366.151341][ T3621] hub 4-1:0.0: hub_hub_status failed (err = -71) [ 366.160170][ T3621] hub 4-1:0.0: config failed, can't get hub status (err -71) [ 366.334360][ T7618] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 366.351138][ T3621] usbhid 4-1:0.0: can't add hid device: -71 [ 366.359236][ T3621] usbhid: probe of 4-1:0.0 failed with error -71 [ 366.359473][ T7619] TCP: request_sock_subflow_v6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 366.413551][ T3621] usb 4-1: USB disconnect, device number 7 [ 366.521892][ T7623] loop1: detected capacity change from 0 to 16 [ 366.562775][ T7623] erofs: (device loop1): mounted with root inode @ nid 36. [ 367.318573][ T7643] loop3: detected capacity change from 0 to 2048 [ 367.339475][ T7613] loop2: detected capacity change from 0 to 40427 [ 367.379151][ T7613] F2FS-fs (loop2): Small segment_count (9 < 1 * 24) [ 367.396164][ T7647] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 367.421465][ T7613] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 367.492124][ T7643] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 367.523028][ T7613] F2FS-fs (loop2): Found nat_bits in checkpoint [ 367.644754][ T6813] EXT4-fs (loop3): unmounting filesystem. [ 367.749343][ T7613] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 367.761139][ T7613] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 367.820105][ T7625] loop4: detected capacity change from 0 to 40427 [ 367.831526][ T26] audit: type=1804 audit(1718713818.521:46): pid=7613 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir1916410237/syzkaller.fz1xyQ/173/file2/file0" dev="loop2" ino=10 res=1 errno=0 [ 367.871359][ C0] vkms_vblank_simulate: vblank timer overrun [ 367.884831][ T7659] loop1: detected capacity change from 0 to 16 [ 367.900714][ T7625] F2FS-fs (loop4): invalid crc value [ 367.928691][ T7659] erofs: (device loop1): mounted with root inode @ nid 36. [ 367.954872][ T7625] F2FS-fs (loop4): Found nat_bits in checkpoint [ 367.965948][ T5111] syz-executor.2: attempt to access beyond end of device [ 367.965948][ T5111] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 368.134938][ T7625] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 368.165769][ T7629] loop0: detected capacity change from 0 to 40427 [ 368.230820][ T7629] F2FS-fs (loop0): invalid crc value [ 368.250178][ T7662] f2fs_ckpt-7:4: attempt to access beyond end of device [ 368.250178][ T7662] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 368.271210][ C0] vkms_vblank_simulate: vblank timer overrun [ 368.320188][ T7629] F2FS-fs (loop0): Found nat_bits in checkpoint [ 368.531616][ T7629] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 368.675884][ T7675] loop3: detected capacity change from 0 to 2048 [ 368.689055][ T7677] loop1: detected capacity change from 0 to 256 [ 368.705667][ T4947] syz-executor.0: attempt to access beyond end of device [ 368.705667][ T4947] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 368.775324][ T7675] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 369.038810][ T6813] EXT4-fs (loop3): unmounting filesystem. [ 369.160702][ T7685] vhci_hcd: default hub control req: 0000 v0000 i0000 l0 [ 369.251086][ T4136] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 369.274797][ T7689] vxcan1: tx address claim with dest, not broadcast [ 369.315830][ T26] audit: type=1804 audit(1718713820.021:47): pid=7691 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir713794166/syzkaller.mMavZl/32/bus" dev="sda1" ino=1964 res=1 errno=0 [ 369.358406][ C0] vkms_vblank_simulate: vblank timer overrun [ 369.551365][ T4136] usb 3-1: Using ep0 maxpacket: 32 [ 369.590644][ T7696] loop3: detected capacity change from 0 to 512 [ 369.610170][ T7696] EXT4-fs (loop3): filesystem is read-only [ 369.628984][ T7696] EXT4-fs (loop3): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors [ 369.664579][ T7696] EXT4-fs (loop3): filesystem is read-only [ 369.674498][ T7696] EXT4-fs (loop3): orphan cleanup on readonly fs [ 369.692594][ T7696] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor.3: bg 0: block 64: padding at end of block bitmap is not set [ 369.725000][ T4136] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 369.730550][ T7696] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6173: Corrupt filesystem [ 369.742069][ T4136] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 369.766400][ T7696] EXT4-fs (loop3): 1 orphan inode deleted [ 369.775983][ T4136] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 369.796403][ T4136] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 369.821212][ T4136] usb 3-1: New USB device found, idVendor=1b96, idProduct=000a, bcdDevice= 0.00 [ 369.835745][ T4136] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 369.851195][ T7696] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 369.869067][ T4136] usb 3-1: config 0 descriptor?? [ 369.909872][ T6813] EXT4-fs (loop3): unmounting filesystem. [ 370.364127][ T4136] ntrig 0003:1B96:000A.0006: unknown main item tag 0x0 [ 370.372878][ T4136] ntrig 0003:1B96:000A.0006: item fetching failed at offset 4/5 [ 370.381041][ T4136] ntrig 0003:1B96:000A.0006: parse failed [ 370.389107][ T4136] ntrig: probe of 0003:1B96:000A.0006 failed with error -22 [ 370.572753][ T4353] usb 3-1: USB disconnect, device number 6 [ 371.679031][ T7720] netlink: 'syz-executor.3': attribute type 1 has an invalid length. [ 371.926552][ T7728] loop1: detected capacity change from 0 to 512 [ 371.963479][ T7731] dvmrp1: tun_chr_ioctl cmd 2147767511 [ 371.973161][ T7728] EXT4-fs (loop1): filesystem is read-only [ 371.993639][ T7728] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors [ 372.023549][ T7728] EXT4-fs (loop1): filesystem is read-only [ 372.041192][ T7728] EXT4-fs (loop1): orphan cleanup on readonly fs [ 372.077614][ T7728] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor.1: bg 0: block 64: padding at end of block bitmap is not set [ 372.127203][ T7728] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6173: Corrupt filesystem [ 372.192271][ T7728] EXT4-fs (loop1): 1 orphan inode deleted [ 372.199745][ T7728] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 372.417445][ T7737] loop4: detected capacity change from 0 to 128 [ 372.921635][ T4876] EXT4-fs (loop1): unmounting filesystem. [ 373.428052][ T7714] loop0: detected capacity change from 0 to 40427 [ 373.480210][ T7714] F2FS-fs (loop0): invalid crc value [ 373.559719][ T7714] F2FS-fs (loop0): Found nat_bits in checkpoint [ 373.743733][ T7714] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 373.927936][ T4947] syz-executor.0: attempt to access beyond end of device [ 373.927936][ T4947] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 374.034322][ T7761] loop1: detected capacity change from 0 to 512 [ 374.064969][ T7761] EXT4-fs (loop1): filesystem is read-only [ 374.082451][ T7761] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors [ 374.108508][ T7761] EXT4-fs (loop1): filesystem is read-only [ 374.108534][ T7761] EXT4-fs (loop1): orphan cleanup on readonly fs [ 374.109049][ T7761] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor.1: bg 0: block 64: padding at end of block bitmap is not set [ 374.109481][ T7761] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6173: Corrupt filesystem [ 374.110200][ T7761] EXT4-fs (loop1): 1 orphan inode deleted [ 374.110238][ T7761] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 374.170457][ T4876] EXT4-fs (loop1): unmounting filesystem. [ 374.601549][ T7732] loop3: detected capacity change from 0 to 65536 [ 374.640489][ T7732] XFS (loop3): Mounting V5 Filesystem [ 374.751780][ T7732] XFS (loop3): Ending clean mount [ 374.797959][ T7732] XFS (loop3): Quotacheck needed: Please wait. [ 374.935775][ T7732] XFS (loop3): Quotacheck: Done. [ 374.961786][ T7797] program syz-executor.0 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 374.990866][ T6813] XFS (loop3): Unmounting Filesystem [ 375.406566][ T7815] device syzkaller1 entered promiscuous mode [ 375.634565][ T7821] loop1: detected capacity change from 0 to 1764 [ 375.765971][ T7828] EXT4-fs warning (device sda1): verify_group_input:151: Cannot add at group 13 (only 8 groups) [ 376.130554][ T7836] netlink: 104 bytes leftover after parsing attributes in process `syz-executor.4'. [ 376.228726][ T7834] netlink: 'syz-executor.0': attribute type 27 has an invalid length. [ 376.253038][ T7834] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 376.336517][ T26] audit: type=1804 audit(1718713827.041:48): pid=7841 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir3047276704/syzkaller.jRXo7m/225/bus" dev="sda1" ino=1962 res=1 errno=0 [ 377.187857][ T7830] loop3: detected capacity change from 0 to 40427 [ 377.247172][ T7830] F2FS-fs (loop3): invalid crc value [ 377.311629][ T7830] F2FS-fs (loop3): Found nat_bits in checkpoint [ 377.446276][ T7834] bridge0: port 2(bridge_slave_1) entered disabled state [ 377.458254][ T7834] bridge0: port 1(bridge_slave_0) entered disabled state [ 377.500478][ T7830] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 377.647219][ T6813] syz-executor.3: attempt to access beyond end of device [ 377.647219][ T6813] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 377.673387][ T7825] loop2: detected capacity change from 0 to 65536 [ 377.787411][ T7825] XFS (loop2): Mounting V5 Filesystem [ 377.886004][ T7825] XFS (loop2): Ending clean mount [ 377.924588][ T7825] XFS (loop2): Quotacheck needed: Please wait. [ 378.073766][ T7825] XFS (loop2): Quotacheck: Done. [ 378.315927][ T5111] XFS (loop2): Unmounting Filesystem [ 378.902037][ T7834] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 378.987139][ T7834] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 379.419654][ T7869] loop3: detected capacity change from 0 to 1764 [ 379.769901][ T7834] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 379.796028][ T7834] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 379.808485][ T7834] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 379.826808][ T7834] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 380.040732][ T7834] netdevsim netdevsim0 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 380.056712][ T7834] netdevsim netdevsim0 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 380.076254][ T7834] netdevsim netdevsim0 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 380.092477][ T7834] netdevsim netdevsim0 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 380.115794][ T7834] device vxlan0 left promiscuous mode [ 380.362357][ T7879] loop3: detected capacity change from 0 to 512 [ 380.415782][ T7878] netlink: 104 bytes leftover after parsing attributes in process `syz-executor.0'. [ 380.443311][ T7879] EXT4-fs: Ignoring removed nomblk_io_submit option [ 380.474191][ T7879] EXT4-fs: old and new quota format mixing [ 380.805226][ T7890] device syzkaller1 entered promiscuous mode [ 381.028778][ T7898] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.0'. [ 381.296251][ T7904] netlink: 'syz-executor.0': attribute type 27 has an invalid length. [ 381.371211][ T7904] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 381.407651][ T7909] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 381.542900][ T7911] Zero length message leads to an empty skb [ 381.973645][ T7923] device syzkaller1 entered promiscuous mode [ 382.035947][ T3582] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 382.056795][ T3582] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 382.068594][ T3580] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 382.099986][ T3580] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 382.116584][ T3580] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 382.131190][ T3580] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 382.363292][ T7935] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 382.560842][ T26] audit: type=1326 audit(1718713833.261:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7929 comm="syz-executor.2" exe="/root/syz-executor.2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f084ea7cf29 code=0x0 [ 383.065864][ T7950] loop1: detected capacity change from 0 to 512 [ 383.077195][ T7950] ext3: Unknown parameter 'fsname' [ 383.863776][ T7925] chnl_net:caif_netlink_parms(): no params data found [ 384.093656][ T7958] netlink: 'syz-executor.0': attribute type 27 has an invalid length. [ 384.110463][ T7958] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 384.115986][ T7947] loop1: detected capacity change from 0 to 32768 [ 384.142947][ T7947] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 scanned by syz-executor.1 (7947) [ 384.165266][ T7947] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 384.184114][ T7947] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 384.200480][ T7947] BTRFS info (device loop1): using free space tree [ 384.254562][ T3585] Bluetooth: hci0: command tx timeout [ 384.312658][ T7947] BTRFS info (device loop1): enabling ssd optimizations [ 384.863965][ T4876] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 385.131149][ T7925] bridge0: port 1(bridge_slave_0) entered blocking state [ 385.523552][ T7925] bridge0: port 1(bridge_slave_0) entered disabled state [ 385.595651][ T7925] device bridge_slave_0 entered promiscuous mode [ 385.672591][ T7925] bridge0: port 2(bridge_slave_1) entered blocking state [ 385.751905][ T7925] bridge0: port 2(bridge_slave_1) entered disabled state [ 385.851172][ T7925] device bridge_slave_1 entered promiscuous mode [ 386.264001][ T8008] loop0: detected capacity change from 0 to 128 [ 386.421141][ T3585] Bluetooth: hci0: command tx timeout [ 387.213544][ T7925] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 387.314665][ T7925] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 387.514215][ T7925] team0: Port device team_slave_0 added [ 387.581403][ T7925] team0: Port device team_slave_1 added [ 387.765071][ T8021] loop2: detected capacity change from 0 to 1024 [ 387.838007][ T8024] loop3: detected capacity change from 0 to 512 [ 387.852398][ T8024] ext3: Unknown parameter 'fsname' [ 387.979808][ T7925] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 388.027958][ T7925] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 388.301290][ T7925] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 388.429466][ T7925] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 388.488828][ T7925] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 388.541388][ T3580] Bluetooth: hci0: command tx timeout [ 388.578830][ T7925] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 388.798067][ T8019] loop3: detected capacity change from 0 to 32768 [ 388.809594][ T8019] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 scanned by syz-executor.3 (8019) [ 388.846445][ T8019] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 388.863978][ T8019] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 388.877774][ T8019] BTRFS info (device loop3): using free space tree [ 388.913895][ T4138] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 389.300156][ T1255] ieee802154 phy0 wpan0: encryption failed: -22 [ 389.314542][ T1255] ieee802154 phy1 wpan1: encryption failed: -22 [ 389.538762][ T7925] device hsr_slave_0 entered promiscuous mode [ 389.803928][ T7925] device hsr_slave_1 entered promiscuous mode [ 389.815144][ T7925] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 389.836669][ T7925] Cannot create hsr debugfs directory [ 389.853279][ T4138] usb 1-1: Using ep0 maxpacket: 32 [ 390.084337][ T6670] netdevsim netdevsim4 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 390.100725][ T6670] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 390.122109][ T4138] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 390.138921][ T4138] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 390.144989][ T8019] BTRFS info (device loop3): enabling ssd optimizations [ 390.182583][ T4138] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 390.247681][ T4138] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 390.268358][ T4138] usb 1-1: New USB device found, idVendor=1b96, idProduct=000a, bcdDevice= 0.00 [ 390.283560][ T4138] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 390.317527][ T4138] usb 1-1: config 0 descriptor?? [ 390.329257][ T6813] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 390.571478][ T3580] Bluetooth: hci0: command tx timeout [ 390.712944][ T8073] loop2: detected capacity change from 0 to 2048 [ 390.758950][ T8073] UDF-fs: error (device loop2): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 390.779030][ T8073] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 390.801583][ T6670] netdevsim netdevsim4 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 390.825343][ T4138] ntrig 0003:1B96:000A.0007: unknown main item tag 0x0 [ 390.849589][ T6670] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 390.875684][ T4138] ntrig 0003:1B96:000A.0007: item fetching failed at offset 4/5 [ 390.936997][ T8072] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. [ 390.961814][ T4138] ntrig 0003:1B96:000A.0007: parse failed [ 390.970642][ T4138] ntrig: probe of 0003:1B96:000A.0007 failed with error -22 [ 391.071866][ T22] usb 1-1: USB disconnect, device number 5 [ 391.099780][ T6670] netdevsim netdevsim4 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 391.140283][ T6670] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 391.239403][ T6670] netdevsim netdevsim4 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 391.302214][ T6670] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 391.335950][ T8079] loop1: detected capacity change from 0 to 1024 [ 393.936746][ T8107] loop0: detected capacity change from 0 to 2048 [ 394.034072][ T8107] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 394.060895][ T8107] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 394.345701][ T8117] loop2: detected capacity change from 0 to 128 [ 394.799265][ T8116] loop3: detected capacity change from 0 to 1024 [ 395.439493][ T8122] netlink: 'syz-executor.3': attribute type 11 has an invalid length. [ 395.950358][ T8132] debugfs: Directory 'ttyS3' with parent 'caif_serial' already present! [ 396.084179][ T7925] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 396.146339][ T8146] loop2: detected capacity change from 0 to 1024 [ 396.230156][ T8150] loop0: detected capacity change from 0 to 128 [ 397.363245][ T26] audit: type=1326 audit(1718713848.071:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8149 comm="syz-executor.3" exe="/root/syz-executor.3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f260d87cf29 code=0x0 [ 397.412008][ T7925] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 397.499599][ T7925] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 397.549349][ T7925] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 397.625014][ T8160] netlink: 80 bytes leftover after parsing attributes in process `syz-executor.1'. [ 397.674409][ T8160] netlink: 80 bytes leftover after parsing attributes in process `syz-executor.1'. [ 397.713439][ T8160] netlink: 80 bytes leftover after parsing attributes in process `syz-executor.1'. [ 398.733713][ T8166] netlink: 'syz-executor.0': attribute type 11 has an invalid length. [ 398.774281][ T6670] device hsr_slave_0 left promiscuous mode [ 398.794997][ T6670] device hsr_slave_1 left promiscuous mode [ 398.836715][ T6670] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 398.863469][ T6670] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 398.901642][ T8173] loop2: detected capacity change from 0 to 1024 [ 398.921803][ T8174] loop1: detected capacity change from 0 to 8192 [ 398.923939][ T6670] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 398.947710][ T8174] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 398.962725][ T6670] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 398.985634][ T8174] REISERFS (device loop1): found reiserfs format "3.6" with non-standard journal [ 399.007590][ T8174] REISERFS (device loop1): using ordered data mode [ 399.019155][ T8174] reiserfs: using flush barriers [ 399.027001][ T8174] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 399.042186][ T6670] device bridge_slave_1 left promiscuous mode [ 399.062085][ T6670] bridge0: port 2(bridge_slave_1) entered disabled state [ 399.084919][ T6670] device bridge_slave_0 left promiscuous mode [ 399.093403][ T6670] bridge0: port 1(bridge_slave_0) entered disabled state [ 399.125431][ T8174] REISERFS (device loop1): checking transaction log (loop1) [ 399.144049][ T6569] hfsplus: b-tree write err: -5, ino 4 [ 399.153539][ T6670] device veth1_macvtap left promiscuous mode [ 399.183029][ T6670] device veth0_macvtap left promiscuous mode [ 399.212905][ T6670] device veth1_vlan left promiscuous mode [ 399.223362][ T6670] device veth0_vlan left promiscuous mode [ 399.291872][ T8177] loop2: detected capacity change from 0 to 128 [ 399.314597][ T8177] journal_path: Non-blockdev passed as '' [ 399.335715][ T8177] EXT4-fs: error: could not find journal device path [ 399.380465][ T8174] REISERFS (device loop1): Using tea hash to sort names [ 399.405107][ T8174] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage. [ 399.919931][ T6670] team0 (unregistering): Port device team_slave_1 removed [ 399.946646][ T6670] team0 (unregistering): Port device team_slave_0 removed [ 399.966969][ T6670] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 399.990542][ T6670] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 400.098726][ T6670] bond0 (unregistering): Released all slaves [ 400.601104][ T8198] loop2: detected capacity change from 0 to 128 [ 401.475473][ T7925] 8021q: adding VLAN 0 to HW filter on device bond0 [ 401.776545][ T7925] 8021q: adding VLAN 0 to HW filter on device team0 [ 401.839769][ T4357] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 402.989664][ T4357] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 403.025336][ T4357] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 403.041990][ T4357] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 403.060124][ T4357] bridge0: port 1(bridge_slave_0) entered blocking state [ 403.077062][ T4357] bridge0: port 1(bridge_slave_0) entered forwarding state [ 403.091596][ T4357] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 403.104580][ T4357] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 403.121270][ T4357] bridge0: port 2(bridge_slave_1) entered blocking state [ 403.133005][ T4357] bridge0: port 2(bridge_slave_1) entered forwarding state [ 403.148838][ T4353] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 403.302285][ T4353] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 403.392594][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 403.463134][ T8221] netlink: 'syz-executor.1': attribute type 11 has an invalid length. [ 403.487658][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 403.505845][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 403.507038][ T8220] loop0: detected capacity change from 0 to 1024 [ 403.552464][ T3619] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 403.618399][ T3619] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 403.655747][ T26] audit: type=1326 audit(1718713854.361:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8218 comm="syz-executor.2" exe="/root/syz-executor.2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f084ea7cf29 code=0x0 [ 403.662472][ T3619] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 403.802245][ T3619] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 403.839173][ T3619] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 403.886207][ T11] hfsplus: b-tree write err: -5, ino 4 [ 403.888614][ T8228] loop3: detected capacity change from 0 to 2048 [ 403.912408][ T3619] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 403.927098][ T3619] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 403.950267][ T8228] UDF-fs: error (device loop3): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 403.977113][ T7925] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 403.984093][ T8228] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 405.093232][ T8259] fscrypt: key with description 'fscrypt:0000111122223333' has invalid payload [ 405.113477][ T6366] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 405.141484][ T6366] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 405.205041][ T7925] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 405.313623][ T8265] netlink: 'syz-executor.3': attribute type 11 has an invalid length. [ 405.916923][ T8276] loop3: detected capacity change from 0 to 2048 [ 405.993806][ T8276] UDF-fs: error (device loop3): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 406.086539][ T8276] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 406.244358][ T8281] netlink: 'syz-executor.1': attribute type 23 has an invalid length. [ 406.281138][ T8281] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 406.362943][ T8281] bridge0: port 2(bridge_slave_1) entered disabled state [ 406.375678][ T8281] bridge0: port 1(bridge_slave_0) entered disabled state [ 406.455639][ T8281] device bridge0 entered promiscuous mode [ 406.785641][ T8285] netlink: 'syz-executor.1': attribute type 2 has an invalid length. [ 406.807067][ T8258] loop2: detected capacity change from 0 to 40427 [ 406.896196][ T8258] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 406.931132][ T8258] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 407.035544][ T8258] F2FS-fs (loop2): invalid crc value [ 407.096659][ T7084] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 407.122515][ T8258] F2FS-fs (loop2): Found nat_bits in checkpoint [ 407.143159][ T7084] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 407.240282][ T8271] loop0: detected capacity change from 0 to 32768 [ 407.243429][ T7084] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 407.292156][ T7084] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 407.324720][ T8271] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor.0 (8271) [ 407.364149][ T7925] device veth0_vlan entered promiscuous mode [ 407.388099][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 407.406022][ T8297] fscrypt: key with description 'fscrypt:0000111122223333' has invalid payload [ 407.416885][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 407.441024][ T8258] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 407.458383][ T7925] device veth1_vlan entered promiscuous mode [ 407.469474][ T8271] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 407.499132][ T8258] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 407.530834][ T7084] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 407.531100][ T8271] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 407.562282][ T7084] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 407.595441][ T8271] BTRFS info (device loop0): use zlib compression, level 3 [ 407.667514][ T8271] BTRFS info (device loop0): using free space tree [ 407.670298][ T7084] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 407.705536][ T7084] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 407.708753][ T8300] loop3: detected capacity change from 0 to 4096 [ 407.781819][ T7925] device veth0_macvtap entered promiscuous mode [ 407.786059][ T8300] ntfs3: loop3: Different NTFS' sector size (4096) and media sector size (512) [ 407.843201][ T8300] ntfs3: loop3: Failed to load $MFT. [ 407.911900][ T7925] device veth1_macvtap entered promiscuous mode [ 408.066194][ T8271] BTRFS info (device loop0): enabling ssd optimizations [ 408.083558][ T7925] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 408.166885][ T7925] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 408.206661][ T7925] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 408.222172][ T7925] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 408.237722][ T7925] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 408.270063][ T7925] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 408.343230][ T7925] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 408.386577][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 408.410755][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 408.424633][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 408.444148][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 408.599674][ T7925] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 408.636872][ T7925] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 408.667876][ T7925] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 408.698935][ T7925] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 408.737993][ T7925] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 408.801767][ T7925] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 408.847890][ T7925] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 408.911328][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 408.929500][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 408.955598][ T7925] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 409.005530][ T7925] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 409.033492][ T7925] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 409.066264][ T7925] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 409.113109][ T4353] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 409.473948][ T6569] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 409.503458][ T4353] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 409.544020][ T4353] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 409.548497][ T6569] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 409.601268][ T4353] usb 4-1: New USB device found, idVendor=056a, idProduct=00f8, bcdDevice= 0.00 [ 409.638278][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 409.654630][ T4353] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 409.682791][ T6569] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 409.683055][ T8353] fscrypt: key with description 'fscrypt:0000111122223333' has invalid payload [ 409.722464][ T4353] usb 4-1: config 0 descriptor?? [ 409.738595][ T6569] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 409.810661][ T8352] device pim6reg1 entered promiscuous mode [ 409.916634][ T4947] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 409.956473][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 409.984043][ T8355] netlink: 'syz-executor.1': attribute type 2 has an invalid length. [ 410.352010][ T8363] loop1: detected capacity change from 0 to 128 [ 410.863458][ T4353] wacom 0003:056A:00F8.0008: hidraw0: USB HID v0.00 Device [HID 056a:00f8] on usb-dummy_hcd.3-1/input0 [ 411.181300][ T4353] usb 4-1: USB disconnect, device number 8 [ 411.616630][ T26] audit: type=1800 audit(1718713862.321:52): pid=8372 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=1963 res=0 errno=0 [ 411.731265][ T26] audit: type=1800 audit(1718713862.321:53): pid=8372 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=1963 res=0 errno=0 [ 411.833546][ T8381] netlink: 'syz-executor.2': attribute type 23 has an invalid length. [ 411.875879][ T26] audit: type=1326 audit(1718713862.531:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8373 comm="syz-executor.1" exe="/root/syz-executor.1" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7efed2c7cf29 code=0x0 [ 411.878177][ T8381] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.2'. [ 412.024799][ T8381] bridge0: port 2(bridge_slave_1) entered disabled state [ 412.037437][ T8381] bridge0: port 1(bridge_slave_0) entered disabled state [ 412.062909][ T8381] device bridge0 entered promiscuous mode [ 412.094646][ T8386] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 412.116249][ T8388] netlink: 'syz-executor.4': attribute type 2 has an invalid length. [ 412.339297][ T8399] loop3: detected capacity change from 0 to 128 [ 412.364596][ T8402] device syzkaller0 entered promiscuous mode [ 412.398903][ T8399] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 412.438197][ T8399] ext4 filesystem being mounted at /root/syzkaller-testdir713794166/syzkaller.mMavZl/80/mnt supports timestamps until 2038 (0x7fffffff) [ 412.593986][ T6813] EXT4-fs (loop3): unmounting filesystem. [ 412.929280][ T8417] loop4: detected capacity change from 0 to 4096 [ 412.972278][ T8417] ntfs3: loop4: Different NTFS' sector size (4096) and media sector size (512) [ 413.039070][ T8417] ntfs3: loop4: Failed to load $MFT. [ 413.086225][ T8429] netlink: 'syz-executor.3': attribute type 2 has an invalid length. [ 413.300867][ T8442] device syzkaller0 entered promiscuous mode [ 413.337793][ T8444] loop3: detected capacity change from 0 to 128 [ 413.416100][ T8444] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 413.441823][ T8444] ext4 filesystem being mounted at /root/syzkaller-testdir713794166/syzkaller.mMavZl/83/mnt supports timestamps until 2038 (0x7fffffff) [ 413.564661][ T26] audit: type=1326 audit(1718713864.271:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8443 comm="syz-executor.2" exe="/root/syz-executor.2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f084ea7cf29 code=0x0 [ 413.770537][ T6813] EXT4-fs (loop3): unmounting filesystem. [ 413.814289][ T8458] loop0: detected capacity change from 0 to 8192 [ 413.869009][ T8458] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 413.891564][ T8458] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 413.944913][ T8458] REISERFS (device loop0): using ordered data mode [ 414.001744][ T8458] reiserfs: using flush barriers [ 414.016116][ T8458] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 414.057636][ T8458] REISERFS (device loop0): checking transaction log (loop0) [ 414.104380][ T8471] loop3: detected capacity change from 0 to 512 [ 414.180231][ T8471] EXT4-fs: Ignoring removed nomblk_io_submit option [ 414.211466][ T8471] EXT4-fs: old and new quota format mixing [ 414.351240][ T8458] REISERFS (device loop0): Using tea hash to sort names [ 414.383867][ T8458] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 414.392518][ T8475] loop4: detected capacity change from 0 to 4096 [ 414.447458][ T8475] ntfs3: loop4: Different NTFS' sector size (4096) and media sector size (512) [ 414.498550][ T8475] ntfs3: loop4: Failed to load $MFT. [ 414.641911][ T8489] loop1: detected capacity change from 0 to 8 [ 414.677084][ T8489] MTD: Attempt to mount non-MTD device "/dev/loop1" [ 414.856420][ T8489] cramfs: Error -3 while decompressing! [ 414.873794][ T8489] cramfs: ffffffff91e22568(26)->ffff888053341000(4096) [ 414.890875][ T8489] cramfs: Error -3 while decompressing! [ 414.922676][ T8489] cramfs: ffffffff91e22582(26)->ffff88804f1b0000(4096) [ 414.945809][ T8489] cramfs: Error -3 while decompressing! [ 414.973187][ T8489] cramfs: ffffffff91e2259c(16)->ffff888065d42000(4096) [ 414.995768][ T8489] cramfs: Error -3 while decompressing! [ 415.014296][ T8489] cramfs: ffffffff91e22568(26)->ffff888053341000(4096) [ 415.730537][ T8492] loop2: detected capacity change from 0 to 32768 [ 415.765193][ T8492] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz-executor.2 (8492) [ 415.832201][ T8492] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 415.898412][ T8492] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 415.963351][ T8492] BTRFS info (device loop2): enabling disk space caching [ 415.998522][ T8492] BTRFS info (device loop2): enabling free space tree [ 416.040404][ T8492] BTRFS info (device loop2): disabling tree log [ 416.047954][ T8527] loop3: detected capacity change from 0 to 8192 [ 416.083368][ T8492] BTRFS info (device loop2): setting nodatasum [ 416.110697][ T8492] BTRFS info (device loop2): turning on sync discard [ 416.135851][ T8492] BTRFS info (device loop2): using free space tree [ 416.135901][ T8527] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 416.226197][ T8527] REISERFS (device loop3): found reiserfs format "3.6" with non-standard journal [ 416.284370][ T8527] REISERFS (device loop3): using ordered data mode [ 416.296274][ T8527] reiserfs: using flush barriers [ 416.312101][ T8527] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 416.369033][ T8527] REISERFS (device loop3): checking transaction log (loop3) [ 416.453586][ T8492] BTRFS info (device loop2): enabling ssd optimizations [ 416.600265][ T8527] REISERFS (device loop3): Using tea hash to sort names [ 416.651245][ T8527] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage. [ 417.197759][ T5111] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 417.671952][ T8613] loop3: detected capacity change from 0 to 736 [ 419.009209][ T8658] loop3: detected capacity change from 0 to 512 [ 419.112594][ T8658] EXT4-fs: Ignoring removed nomblk_io_submit option [ 419.191068][ T8658] EXT4-fs: old and new quota format mixing [ 419.627928][ T3585] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 419.648044][ T3585] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 419.684215][ T3585] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 419.704017][ T3585] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 419.714720][ T3585] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 419.736357][ T3585] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 419.902691][ T3667] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 419.983787][ T8642] loop0: detected capacity change from 0 to 32768 [ 420.144531][ T3667] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 420.155031][ T8642] XFS (loop0): Mounting V5 Filesystem [ 420.244395][ T3667] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 420.320579][ T8642] XFS (loop0): Ending clean mount [ 420.478189][ T3667] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 420.547476][ T8665] loop1: detected capacity change from 0 to 32768 [ 420.647923][ T4947] XFS (loop0): Unmounting Filesystem [ 420.684769][ T8665] XFS (loop1): Mounting V5 Filesystem [ 420.752723][ T8672] chnl_net:caif_netlink_parms(): no params data found [ 420.812656][ T8665] XFS (loop1): Ending clean mount [ 420.841603][ T8665] XFS (loop1): Quotacheck needed: Please wait. [ 420.864773][ T8720] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 421.047738][ T8665] XFS (loop1): Quotacheck: Done. [ 421.148285][ T8672] bridge0: port 1(bridge_slave_0) entered blocking state [ 421.158575][ T8672] bridge0: port 1(bridge_slave_0) entered disabled state [ 421.167962][ T8672] device bridge_slave_0 entered promiscuous mode [ 421.183450][ T8672] bridge0: port 2(bridge_slave_1) entered blocking state [ 421.195544][ T8672] bridge0: port 2(bridge_slave_1) entered disabled state [ 421.218045][ T8672] device bridge_slave_1 entered promiscuous mode [ 421.412287][ T8672] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 421.531516][ T4876] XFS (loop1): Unmounting Filesystem [ 421.564717][ T8672] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 421.755325][ T8672] team0: Port device team_slave_0 added [ 421.782184][ T3580] Bluetooth: hci2: command tx timeout [ 421.826466][ T8672] team0: Port device team_slave_1 added [ 422.008906][ T8672] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 422.060766][ T8672] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 422.176051][ T8672] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 422.242580][ T8672] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 422.269124][ T8672] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 422.408491][ T8672] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 422.592681][ T8742] loop4: detected capacity change from 0 to 32768 [ 422.656596][ T8672] device hsr_slave_0 entered promiscuous mode [ 422.669818][ T8672] device hsr_slave_1 entered promiscuous mode [ 422.679949][ T8672] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 422.692741][ T8672] Cannot create hsr debugfs directory [ 422.714929][ T8742] XFS (loop4): Mounting V5 Filesystem [ 422.908366][ T8742] XFS (loop4): Ending clean mount [ 422.943869][ T3620] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 423.124214][ T7925] XFS (loop4): Unmounting Filesystem [ 423.170208][ T8782] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 423.268626][ T8784] loop1: detected capacity change from 0 to 512 [ 423.289470][ T3667] device hsr_slave_0 left promiscuous mode [ 423.320520][ T3667] device hsr_slave_1 left promiscuous mode [ 423.332556][ T3667] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 423.343841][ T3667] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 423.358556][ T3667] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 423.367184][ T3667] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 423.370856][ T8784] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 423.375481][ T3620] usb 4-1: config 1 interface 0 altsetting 8 endpoint 0x1 has invalid wMaxPacketSize 0 [ 423.400149][ T8784] ext4 filesystem being mounted at /root/syzkaller-testdir1028619555/syzkaller.5acHPt/262/bus supports timestamps until 2038 (0x7fffffff) [ 423.404747][ T3667] device bridge_slave_1 left promiscuous mode [ 423.423342][ T3620] usb 4-1: config 1 interface 0 altsetting 8 bulk endpoint 0x1 has invalid maxpacket 0 [ 423.448264][ T3620] usb 4-1: config 1 interface 0 altsetting 8 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 423.467228][ T3620] usb 4-1: config 1 interface 0 has no altsetting 0 [ 423.476621][ T3667] bridge0: port 2(bridge_slave_1) entered disabled state [ 423.487892][ T3667] device bridge_slave_0 left promiscuous mode [ 423.498556][ T3667] bridge0: port 1(bridge_slave_0) entered disabled state [ 423.551496][ T3667] device veth1_macvtap left promiscuous mode [ 423.584837][ T3667] device veth0_macvtap left promiscuous mode [ 423.604468][ T3667] device veth1_vlan left promiscuous mode [ 423.640333][ T3667] device veth0_vlan left promiscuous mode [ 423.651777][ T3620] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 423.681269][ T3620] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 423.712566][ T3620] usb 4-1: Product: syz [ 423.732884][ T3620] usb 4-1: Manufacturer: syz [ 423.739675][ T3620] usb 4-1: SerialNumber: syz [ 423.851127][ T3580] Bluetooth: hci2: command tx timeout [ 424.651738][ T3620] usb 4-1: USB disconnect, device number 9 [ 424.678756][ T4876] EXT4-fs (loop1): unmounting filesystem. [ 424.733859][ T8778] loop0: detected capacity change from 0 to 32768 [ 424.890216][ T8778] XFS (loop0): Mounting V5 Filesystem [ 424.917614][ T3667] bond1 (unregistering): Released all slaves [ 425.073860][ T8778] XFS (loop0): Ending clean mount [ 425.096555][ T8778] XFS (loop0): Quotacheck needed: Please wait. [ 425.267515][ T8778] XFS (loop0): Quotacheck: Done. [ 425.398909][ T3667] team0 (unregistering): Port device team_slave_1 removed [ 425.447512][ T3667] team0 (unregistering): Port device team_slave_0 removed [ 425.495649][ T3667] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 425.548806][ T3667] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 425.690126][ T4947] XFS (loop0): Unmounting Filesystem [ 425.744208][ T3667] bond0 (unregistering): Released all slaves [ 425.933967][ T3580] Bluetooth: hci2: command tx timeout [ 426.371782][ T6361] usb 5-1: new low-speed USB device number 6 using dummy_hcd [ 426.761406][ T6361] usb 5-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 426.795121][ T6361] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 426.826120][ T6361] usb 5-1: config 0 descriptor?? [ 426.836057][ T8840] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 427.020522][ T8672] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 427.065192][ T8672] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 427.103690][ T8672] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 427.123780][ T8818] loop4: detected capacity change from 0 to 1024 [ 427.134603][ T8672] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 427.161864][ T8818] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 427.226214][ T8820] loop1: detected capacity change from 0 to 32768 [ 427.238075][ T8848] netlink: 'syz-executor.0': attribute type 5 has an invalid length. [ 427.281284][ T8818] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 427.317484][ T8848] netlink: 156 bytes leftover after parsing attributes in process `syz-executor.0'. [ 427.359520][ T8820] XFS (loop1): Mounting V5 Filesystem [ 427.379908][ T8855] fscrypt: key with description 'fscrypt:e8dab99234bb312e' has invalid payload [ 428.011902][ T3580] Bluetooth: hci2: command tx timeout [ 428.223525][ T8820] XFS (loop1): Ending clean mount [ 428.248227][ T8672] 8021q: adding VLAN 0 to HW filter on device bond0 [ 428.271302][ T6361] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 428.294172][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 428.302250][ T6361] asix: probe of 5-1:0.0 failed with error -71 [ 428.313928][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 428.330278][ T6361] usb 5-1: USB disconnect, device number 6 [ 428.379860][ T8672] 8021q: adding VLAN 0 to HW filter on device team0 [ 428.422643][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 428.422950][ T4876] XFS (loop1): Unmounting Filesystem [ 428.442429][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 428.469405][ T7] bridge0: port 1(bridge_slave_0) entered blocking state [ 428.479203][ T7] bridge0: port 1(bridge_slave_0) entered forwarding state [ 428.509188][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 428.520885][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 428.536460][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 428.549567][ T7] bridge0: port 2(bridge_slave_1) entered blocking state [ 428.557928][ T3620] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 428.566057][ T7] bridge0: port 2(bridge_slave_1) entered forwarding state [ 428.587664][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 428.639983][ T4354] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 428.664079][ T4354] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 428.686580][ T4354] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 428.727837][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 428.745874][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 428.757391][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 428.772413][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 428.792318][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 428.821140][ T3620] usb 1-1: Using ep0 maxpacket: 8 [ 428.864748][ T8672] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 428.896750][ T7925] EXT4-fs (loop4): unmounting filesystem. [ 428.898590][ T8672] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 428.920259][ T6366] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 428.934008][ T6366] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 428.976571][ T3620] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 429.016248][ T3620] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 429.048810][ T3620] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 429.086227][ T3620] usb 1-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 429.101219][ T8874] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 429.131079][ T3620] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 429.202039][ T3620] hub 1-1:1.0: bad descriptor, ignoring hub [ 429.221308][ T3620] hub: probe of 1-1:1.0 failed with error -5 [ 429.244870][ T3620] cdc_wdm 1-1:1.0: invalid descriptor buffer length [ 429.281074][ T3620] cdc_wdm: probe of 1-1:1.0 failed with error -22 [ 429.406439][ T8884] fscrypt: key with description 'fscrypt:e8dab99234bb312e' has invalid payload [ 429.525660][ T153] usb 1-1: USB disconnect, device number 6 [ 429.696704][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 429.709228][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 429.729009][ T8672] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 429.858735][ T4662] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 429.879960][ T4662] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 429.999065][ T4662] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 430.022101][ T4662] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 430.048512][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 430.087349][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 430.106915][ T8672] device veth0_vlan entered promiscuous mode [ 430.220841][ T8672] device veth1_vlan entered promiscuous mode [ 430.343610][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 430.373017][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 430.420972][ T8672] device veth0_macvtap entered promiscuous mode [ 430.471134][ T4354] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 430.484884][ T8904] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 430.492884][ T4354] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 430.544734][ T8672] device veth1_macvtap entered promiscuous mode [ 430.572034][ T4354] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 430.591942][ T4354] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 430.597204][ T153] usb 5-1: new low-speed USB device number 7 using dummy_hcd [ 430.646092][ T8672] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 430.679368][ T8672] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 430.709742][ T8672] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 430.728085][ T8672] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 430.745949][ T8890] loop3: detected capacity change from 0 to 32768 [ 430.767394][ T8672] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 430.793133][ T8890] XFS (loop3): Mounting V5 Filesystem [ 430.805671][ T8672] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 430.840231][ T8922] fscrypt: key with description 'fscrypt:e8dab99234bb312e' has invalid payload [ 430.854325][ T8672] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 430.866307][ T8672] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 430.881618][ T8672] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 430.902163][ T8672] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 430.918003][ T8672] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 430.930778][ T8672] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 430.946036][ T8672] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 430.955919][ T8890] XFS (loop3): Ending clean mount [ 430.964347][ T8672] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 430.993427][ T7084] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 431.035231][ T153] usb 5-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 431.061481][ T7084] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 431.069331][ T153] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 431.074150][ T7084] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 431.135618][ T153] usb 5-1: config 0 descriptor?? [ 431.138711][ T7084] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 431.192996][ T8672] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 431.235292][ T8672] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 431.251067][ T8672] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 431.273116][ T8672] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 431.346924][ T6813] XFS (loop3): Unmounting Filesystem [ 431.468942][ T8902] loop4: detected capacity change from 0 to 1024 [ 431.563671][ T26] audit: type=1800 audit(1718713882.271:56): pid=8931 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=1947 res=0 errno=0 [ 431.565805][ T8902] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 431.710050][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 431.770271][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 431.773266][ T8902] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 431.805903][ T6670] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 431.859750][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 431.873089][ T6670] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 431.966503][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 433.012347][ T153] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 433.033091][ T153] asix: probe of 5-1:0.0 failed with error -71 [ 433.065178][ T153] usb 5-1: USB disconnect, device number 7 [ 433.086635][ T8957] netlink: 'syz-executor.1': attribute type 5 has an invalid length. [ 433.114817][ T8957] netlink: 156 bytes leftover after parsing attributes in process `syz-executor.1'. [ 433.314905][ T8969] loop2: detected capacity change from 0 to 1024 [ 433.391110][ T4662] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 433.422354][ T8969] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 433.549265][ T8984] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5868: Corrupt filesystem [ 433.613909][ T7925] EXT4-fs (loop4): unmounting filesystem. [ 433.651541][ T4662] usb 4-1: Using ep0 maxpacket: 8 [ 433.682537][ T8984] EXT4-fs error (device loop2): ext4_dirty_inode:6072: inode #15: comm syz-executor.2: mark_inode_dirty error [ 433.801334][ T4662] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 433.804851][ T8984] EXT4-fs error (device loop2): ext4_map_blocks:721: inode #15: block 1803188595: comm syz-executor.2: lblock 0 mapped to illegal pblock 1803188595 (length 1) [ 433.871184][ T4662] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 433.877962][ T8984] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 117 [ 433.899915][ T4662] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 433.964596][ T8988] loop4: detected capacity change from 0 to 512 [ 433.989086][ T4662] usb 4-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 433.997267][ T8984] EXT4-fs (loop2): This should not happen!! Data will be lost [ 433.997267][ T8984] [ 434.004610][ T8990] loop1: detected capacity change from 0 to 128 [ 434.022568][ T4662] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 434.097058][ T4662] hub 4-1:1.0: bad descriptor, ignoring hub [ 434.108398][ T4662] hub: probe of 4-1:1.0 failed with error -5 [ 434.110579][ T8672] EXT4-fs error (device loop2): ext4_map_blocks:607: inode #2: block 16: comm syz-executor.2: lblock 0 mapped to illegal pblock 16 (length 1) [ 434.123833][ T4662] cdc_wdm 4-1:1.0: invalid descriptor buffer length [ 434.156109][ T8988] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 434.168857][ T4662] cdc_wdm: probe of 4-1:1.0 failed with error -22 [ 434.190601][ T8994] netlink: 'syz-executor.1': attribute type 5 has an invalid length. [ 434.211216][ T8988] ext4 filesystem being mounted at /root/syzkaller-testdir2276932399/syzkaller.vnahaO/51/bus supports timestamps until 2038 (0x7fffffff) [ 434.236869][ T8994] netlink: 156 bytes leftover after parsing attributes in process `syz-executor.1'. [ 434.268824][ T8672] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5868: Corrupt filesystem [ 434.327669][ T8672] EXT4-fs error (device loop2): ext4_dirty_inode:6072: inode #2: comm syz-executor.2: mark_inode_dirty error [ 434.429490][ T3667] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:477: comm kworker/u4:7: Invalid block bitmap block 0 in block_group 0 [ 434.466245][ T4662] usb 4-1: USB disconnect, device number 10 [ 434.529726][ T3667] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 4 with max blocks 2 with error 117 [ 435.081247][ T3667] EXT4-fs (loop2): This should not happen!! Data will be lost [ 435.081247][ T3667] [ 435.162937][ T9011] netlink: 144 bytes leftover after parsing attributes in process `syz-executor.0'. [ 435.180816][ T7188] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 63 with max blocks 1 with error 28 [ 435.205290][ T7188] EXT4-fs (loop2): This should not happen!! Data will be lost [ 435.205290][ T7188] [ 435.284694][ T7188] EXT4-fs (loop2): Total free blocks count 0 [ 435.320991][ T7188] EXT4-fs (loop2): Free/Dirty block details [ 435.342607][ T7188] EXT4-fs (loop2): free_blocks=68719476736 [ 435.376306][ T7925] EXT4-fs (loop4): unmounting filesystem. [ 435.668316][ T9020] loop3: detected capacity change from 0 to 128 [ 435.681165][ T4662] usb 1-1: new low-speed USB device number 7 using dummy_hcd [ 435.730302][ T9022] loop4: detected capacity change from 0 to 1024 [ 435.768589][ T9022] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 435.857183][ T9025] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5868: Corrupt filesystem [ 435.986134][ T9025] EXT4-fs error (device loop4): ext4_dirty_inode:6072: inode #15: comm syz-executor.4: mark_inode_dirty error [ 436.060741][ T9012] loop1: detected capacity change from 0 to 32768 [ 436.110211][ T7188] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 436.131561][ T4662] usb 1-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 436.146063][ T9025] EXT4-fs error (device loop4): ext4_map_blocks:721: inode #15: block 1803188595: comm syz-executor.4: lblock 0 mapped to illegal pblock 1803188595 (length 1) [ 436.161064][ T4662] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 436.177703][ T9030] netlink: 'syz-executor.3': attribute type 5 has an invalid length. [ 436.190788][ T9025] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 117 [ 436.232559][ T9030] netlink: 156 bytes leftover after parsing attributes in process `syz-executor.3'. [ 436.251246][ T9012] XFS (loop1): Mounting V5 Filesystem [ 436.251984][ T4662] usb 1-1: config 0 descriptor?? [ 436.272818][ T9025] EXT4-fs (loop4): This should not happen!! Data will be lost [ 436.272818][ T9025] [ 436.323062][ T7188] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 436.389107][ T9012] XFS (loop1): Ending clean mount [ 436.416350][ T7925] EXT4-fs error (device loop4): ext4_map_blocks:607: inode #2: block 16: comm syz-executor.4: lblock 0 mapped to illegal pblock 16 (length 1) [ 436.447259][ T9012] XFS (loop1): Quotacheck needed: Please wait. [ 436.461859][ T7188] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 436.470530][ T7925] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5868: Corrupt filesystem [ 436.546872][ T9016] loop0: detected capacity change from 0 to 1024 [ 436.579435][ T9012] XFS (loop1): Quotacheck: Done. [ 436.589869][ T9016] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 436.605918][ T7925] EXT4-fs error (device loop4): ext4_dirty_inode:6072: inode #2: comm syz-executor.4: mark_inode_dirty error [ 436.625162][ T7188] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 436.661650][ T6569] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:477: comm kworker/u4:10: Invalid block bitmap block 0 in block_group 0 [ 436.686690][ T9016] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 436.729199][ T9043] netlink: 144 bytes leftover after parsing attributes in process `syz-executor.3'. [ 436.751064][ T6569] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 4 with max blocks 2 with error 117 [ 436.798720][ T6569] EXT4-fs (loop4): This should not happen!! Data will be lost [ 436.798720][ T6569] [ 437.012215][ T6569] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 63 with max blocks 1 with error 28 [ 437.309276][ T6569] EXT4-fs (loop4): This should not happen!! Data will be lost [ 437.309276][ T6569] [ 437.455747][ T6569] EXT4-fs (loop4): Total free blocks count 0 [ 437.518902][ T6569] EXT4-fs (loop4): Free/Dirty block details [ 437.712240][ T6569] EXT4-fs (loop4): free_blocks=68719476736 [ 437.817297][ T4662] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 437.844144][ T4662] asix: probe of 1-1:0.0 failed with error -71 [ 437.871833][ T4662] usb 1-1: USB disconnect, device number 7 [ 438.008294][ T4876] XFS (loop1): Unmounting Filesystem [ 438.008624][ T3585] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 438.048639][ T3585] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 438.063477][ T3585] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 438.103657][ T3585] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 438.148221][ T3585] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 438.164015][ T3585] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 438.405208][ T4947] EXT4-fs (loop0): unmounting filesystem. [ 438.830319][ T9062] loop0: detected capacity change from 0 to 736 [ 438.990554][ T9068] loop3: detected capacity change from 0 to 1024 [ 439.021497][ T9050] chnl_net:caif_netlink_parms(): no params data found [ 439.257245][ T9068] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 439.267782][ T3585] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 439.281797][ T3582] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 439.294050][ T3582] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 439.308185][ T3582] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 439.321624][ T3582] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 439.373496][ T3582] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 439.427458][ T9073] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5868: Corrupt filesystem [ 439.442588][ T9073] EXT4-fs error (device loop3): ext4_dirty_inode:6072: inode #15: comm syz-executor.3: mark_inode_dirty error [ 439.488675][ T9073] EXT4-fs error (device loop3): ext4_map_blocks:721: inode #15: block 1803188595: comm syz-executor.3: lblock 0 mapped to illegal pblock 1803188595 (length 1) [ 439.575359][ T9073] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 117 [ 439.611094][ T9073] EXT4-fs (loop3): This should not happen!! Data will be lost [ 439.611094][ T9073] [ 439.759705][ T9050] bridge0: port 1(bridge_slave_0) entered blocking state [ 439.791560][ T9050] bridge0: port 1(bridge_slave_0) entered disabled state [ 439.833824][ T9050] device bridge_slave_0 entered promiscuous mode [ 439.842388][ T6813] EXT4-fs error (device loop3): ext4_map_blocks:607: inode #2: block 16: comm syz-executor.3: lblock 0 mapped to illegal pblock 16 (length 1) [ 439.862448][ T9050] bridge0: port 2(bridge_slave_1) entered blocking state [ 439.901706][ T9050] bridge0: port 2(bridge_slave_1) entered disabled state [ 439.921664][ T6813] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5868: Corrupt filesystem [ 439.949588][ T9050] device bridge_slave_1 entered promiscuous mode [ 439.967529][ T9066] loop1: detected capacity change from 0 to 32768 [ 439.968152][ T6813] EXT4-fs error (device loop3): ext4_dirty_inode:6072: inode #2: comm syz-executor.3: mark_inode_dirty error [ 440.020129][ T7188] device hsr_slave_0 left promiscuous mode [ 440.045301][ T6569] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:477: comm kworker/u4:10: Invalid block bitmap block 0 in block_group 0 [ 440.073476][ T7188] device hsr_slave_1 left promiscuous mode [ 440.078774][ T6569] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 4 with max blocks 2 with error 117 [ 440.103835][ T6569] EXT4-fs (loop3): This should not happen!! Data will be lost [ 440.103835][ T6569] [ 440.119705][ T7188] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 440.119778][ T6569] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 63 with max blocks 1 with error 28 [ 440.150116][ T6569] EXT4-fs (loop3): This should not happen!! Data will be lost [ 440.150116][ T6569] [ 440.169503][ T7188] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 440.191107][ T6569] EXT4-fs (loop3): Total free blocks count 0 [ 440.199200][ T6569] EXT4-fs (loop3): Free/Dirty block details [ 440.219257][ T6569] EXT4-fs (loop3): free_blocks=68719476736 [ 440.232545][ T7188] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 440.255992][ T3582] Bluetooth: hci0: command tx timeout [ 440.287931][ T7188] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 440.340011][ T7188] device bridge_slave_1 left promiscuous mode [ 440.361151][ T4354] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 440.361446][ T7188] bridge0: port 2(bridge_slave_1) entered disabled state [ 440.385528][ T7188] device bridge_slave_0 left promiscuous mode [ 440.395729][ T7188] bridge0: port 1(bridge_slave_0) entered disabled state [ 440.415177][ T7188] device veth1_macvtap left promiscuous mode [ 440.424002][ T7188] device veth0_macvtap left promiscuous mode [ 440.434837][ T7188] device veth1_vlan left promiscuous mode [ 440.441408][ T7188] device veth0_vlan left promiscuous mode [ 440.741216][ T4354] usb 1-1: config 1 interface 0 altsetting 8 endpoint 0x1 has invalid wMaxPacketSize 0 [ 440.761854][ T4354] usb 1-1: config 1 interface 0 altsetting 8 bulk endpoint 0x1 has invalid maxpacket 0 [ 440.780694][ T4354] usb 1-1: config 1 interface 0 altsetting 8 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 440.800163][ T7188] team0 (unregistering): Port device team_slave_1 removed [ 440.805544][ T4354] usb 1-1: config 1 interface 0 has no altsetting 0 [ 440.832738][ T7188] team0 (unregistering): Port device team_slave_0 removed [ 440.849097][ T7188] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 440.866884][ T7188] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 440.957633][ T7188] bond0 (unregistering): Released all slaves [ 440.994151][ T4354] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 441.006233][ T6366] usb 2-1: new low-speed USB device number 10 using dummy_hcd [ 441.015086][ T4354] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 441.025410][ T4354] usb 1-1: Product: syz [ 441.032089][ T4354] usb 1-1: Manufacturer: syz [ 441.037287][ T4354] usb 1-1: SerialNumber: syz [ 441.130213][ T9050] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 441.155403][ T9050] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 441.255064][ T9050] team0: Port device team_slave_0 added [ 441.269387][ T9050] team0: Port device team_slave_1 added [ 441.332248][ T9050] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 441.346400][ T153] usb 1-1: USB disconnect, device number 8 [ 441.371086][ T9050] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 441.408192][ T9050] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 441.408224][ T6366] usb 2-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 441.436475][ T9050] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 441.445311][ T9050] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 441.483333][ T9050] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 441.488406][ T3582] Bluetooth: hci2: command tx timeout [ 441.516556][ T6366] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 441.532035][ T6366] usb 2-1: config 0 descriptor?? [ 441.688533][ T9050] device hsr_slave_0 entered promiscuous mode [ 441.700132][ T9050] device hsr_slave_1 entered promiscuous mode [ 441.797386][ T9089] loop1: detected capacity change from 0 to 1024 [ 441.845718][ T9089] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 441.894106][ T9071] chnl_net:caif_netlink_parms(): no params data found [ 441.956077][ T9089] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 442.332202][ T3582] Bluetooth: hci0: command tx timeout [ 442.659604][ T9071] bridge0: port 1(bridge_slave_0) entered blocking state [ 442.835581][ T9071] bridge0: port 1(bridge_slave_0) entered disabled state [ 442.925338][ T9071] device bridge_slave_0 entered promiscuous mode [ 443.012026][ T9071] bridge0: port 2(bridge_slave_1) entered blocking state [ 443.021621][ T6366] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 443.027064][ T9071] bridge0: port 2(bridge_slave_1) entered disabled state [ 443.075689][ T6366] asix: probe of 2-1:0.0 failed with error -71 [ 443.125763][ T9071] device bridge_slave_1 entered promiscuous mode [ 443.129962][ T6366] usb 2-1: USB disconnect, device number 10 [ 443.174133][ T3580] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 443.201583][ T3580] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 443.221684][ T3580] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 443.236883][ T3580] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 443.249182][ T3580] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 443.262824][ T3580] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 443.397889][ T9071] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 443.458561][ T9071] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 443.531100][ T3582] Bluetooth: hci2: command tx timeout [ 443.622786][ T9071] team0: Port device team_slave_0 added [ 443.653086][ T4876] EXT4-fs (loop1): unmounting filesystem. [ 443.801340][ T9071] team0: Port device team_slave_1 added [ 443.955532][ T26] audit: type=1800 audit(1718713894.661:57): pid=9114 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=1945 res=0 errno=0 [ 443.998262][ T9071] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 444.032157][ T9071] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 444.084643][ T9117] loop0: detected capacity change from 0 to 128 [ 444.164382][ T9071] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 444.227326][ T26] audit: type=1326 audit(1718713894.931:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9121 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa55c7cf29 code=0x7ffc0000 [ 444.324522][ T26] audit: type=1326 audit(1718713894.961:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9121 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa55c7cf29 code=0x7ffc0000 [ 444.326526][ T9071] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 444.411817][ T3580] Bluetooth: hci0: command tx timeout [ 444.420050][ T26] audit: type=1326 audit(1718713894.961:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9121 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ffa55c7cf29 code=0x7ffc0000 [ 444.481881][ T9071] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 444.531018][ T26] audit: type=1326 audit(1718713894.961:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9121 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa55c7cf29 code=0x7ffc0000 [ 444.591349][ T9071] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 444.611258][ T26] audit: type=1326 audit(1718713894.961:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9121 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa55c7cf29 code=0x7ffc0000 [ 444.757468][ T26] audit: type=1326 audit(1718713894.961:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9121 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ffa55c7cf29 code=0x7ffc0000 [ 444.842628][ T26] audit: type=1326 audit(1718713894.991:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9121 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa55c7cf29 code=0x7ffc0000 [ 444.890020][ T26] audit: type=1326 audit(1718713894.991:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9121 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7ffa55c7a6a7 code=0x7ffc0000 [ 444.942670][ T9071] device hsr_slave_0 entered promiscuous mode [ 444.954126][ T9071] device hsr_slave_1 entered promiscuous mode [ 444.967642][ T26] audit: type=1326 audit(1718713894.991:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9121 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7ffa55c40379 code=0x7ffc0000 [ 445.016885][ T9071] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 445.038815][ T9071] Cannot create hsr debugfs directory [ 445.152298][ T9050] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 445.166356][ T9128] loop1: detected capacity change from 0 to 128 [ 445.198620][ T9050] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 445.372382][ T3582] Bluetooth: hci4: command tx timeout [ 445.630022][ T3580] Bluetooth: hci2: command tx timeout [ 445.781029][ T3620] usb 2-1: new low-speed USB device number 11 using dummy_hcd [ 446.171386][ T3620] usb 2-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 446.205643][ T3620] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 446.224515][ T3620] usb 2-1: config 0 descriptor?? [ 446.491031][ T3580] Bluetooth: hci0: command tx timeout [ 446.509457][ T9134] loop1: detected capacity change from 0 to 1024 [ 446.527653][ T9134] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 446.618057][ T9134] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 447.451240][ T3582] Bluetooth: hci4: command tx timeout [ 447.481283][ T3620] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 447.497903][ T3620] asix: probe of 2-1:0.0 failed with error -71 [ 447.509088][ T3620] usb 2-1: USB disconnect, device number 11 [ 447.692230][ T3582] Bluetooth: hci2: command tx timeout [ 448.067831][ T4876] EXT4-fs (loop1): unmounting filesystem. [ 448.216666][ T9139] loop1: detected capacity change from 0 to 4096 [ 448.277917][ T9140] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 449.531393][ T3580] Bluetooth: hci4: command tx timeout [ 450.734626][ T1255] ieee802154 phy0 wpan0: encryption failed: -22 [ 450.741494][ T1255] ieee802154 phy1 wpan1: encryption failed: -22 [ 451.613775][ T3580] Bluetooth: hci4: command tx timeout [ 475.603674][ T3582] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 475.631286][ T3582] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 475.648675][ T3582] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 475.662305][ T3582] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 475.678359][ T3582] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 475.688468][ T3582] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 477.771346][ T3580] Bluetooth: hci5: command tx timeout [ 479.158033][ T3582] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 479.176428][ T3582] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 479.190128][ T3582] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 479.206500][ T3582] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 479.223669][ T3582] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 479.239043][ T3582] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 479.851122][ T3580] Bluetooth: hci5: command tx timeout [ 481.291186][ T3580] Bluetooth: hci6: command tx timeout [ 481.933166][ T3580] Bluetooth: hci5: command tx timeout [ 483.371276][ T3580] Bluetooth: hci6: command tx timeout [ 484.011031][ T3580] Bluetooth: hci5: command tx timeout [ 485.451104][ T3582] Bluetooth: hci6: command tx timeout [ 487.531394][ T3582] Bluetooth: hci6: command tx timeout [ 501.768946][ T3582] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 501.785507][ T3582] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 501.803042][ T3582] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 501.819669][ T3582] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 501.831886][ T3582] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 501.841087][ T3582] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 503.931128][ T3582] Bluetooth: hci7: command tx timeout [ 503.987108][ T3580] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 504.006162][ T3580] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 504.021128][ T3580] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 504.029244][ T3580] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 504.037442][ T3580] Bluetooth: hci8: unexpected cc 0x0c25 length: 249 > 3 [ 504.048100][ T3580] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 506.011438][ T3580] Bluetooth: hci7: command tx timeout [ 506.171142][ T3580] Bluetooth: hci8: command tx timeout [ 507.088319][ T3582] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 507.104301][ T3582] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 507.116237][ T3582] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 507.132611][ T3582] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 507.147200][ T3585] Bluetooth: hci9: unexpected cc 0x0c25 length: 249 > 3 [ 507.155373][ T3585] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 508.101329][ T3580] Bluetooth: hci7: command tx timeout [ 508.254945][ T3580] Bluetooth: hci8: command tx timeout [ 509.211518][ T3580] Bluetooth: hci9: command tx timeout [ 510.171310][ T3580] Bluetooth: hci7: command tx timeout [ 510.331932][ T3580] Bluetooth: hci8: command tx timeout [ 511.291065][ T3580] Bluetooth: hci9: command tx timeout [ 512.172997][ T1255] ieee802154 phy0 wpan0: encryption failed: -22 [ 512.180105][ T1255] ieee802154 phy1 wpan1: encryption failed: -22 [ 512.412271][ T3580] Bluetooth: hci8: command tx timeout [ 513.372207][ T3580] Bluetooth: hci9: command tx timeout [ 515.451181][ T3580] Bluetooth: hci9: command tx timeout [ 540.656827][ T3585] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1 [ 540.676846][ T3585] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9 [ 540.693477][ T3585] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9 [ 540.707203][ T3585] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4 [ 540.717597][ T3585] Bluetooth: hci10: unexpected cc 0x0c25 length: 249 > 3 [ 540.727354][ T3585] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2 [ 542.811101][ T3580] Bluetooth: hci10: command tx timeout [ 544.407994][ T3585] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1 [ 544.423422][ T3585] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9 [ 544.439939][ T3585] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9 [ 544.471147][ T3585] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4 [ 544.485219][ T3585] Bluetooth: hci11: unexpected cc 0x0c25 length: 249 > 3 [ 544.495159][ T3585] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2 [ 544.891235][ T3585] Bluetooth: hci10: command tx timeout [ 546.571263][ T3585] Bluetooth: hci11: command tx timeout [ 546.971202][ T3585] Bluetooth: hci10: command tx timeout [ 548.651254][ T3585] Bluetooth: hci11: command tx timeout [ 549.051066][ T3585] Bluetooth: hci10: command tx timeout [ 550.731097][ T3585] Bluetooth: hci11: command tx timeout [ 552.811231][ T3585] Bluetooth: hci11: command tx timeout [ 560.331207][ T3585] Bluetooth: hci0: command 0x0406 tx timeout [ 565.451074][ T3585] Bluetooth: hci2: command 0x0406 tx timeout [ 565.451437][ T9179] Bluetooth: hci4: command 0x0406 tx timeout [ 566.936411][ T3580] Bluetooth: hci12: unexpected cc 0x0c03 length: 249 > 1 [ 566.949074][ T3580] Bluetooth: hci12: unexpected cc 0x1003 length: 249 > 9 [ 566.968433][ T3580] Bluetooth: hci12: unexpected cc 0x1001 length: 249 > 9 [ 566.984052][ T3580] Bluetooth: hci12: unexpected cc 0x0c23 length: 249 > 4 [ 566.995123][ T3580] Bluetooth: hci12: unexpected cc 0x0c25 length: 249 > 3 [ 567.004745][ T3580] Bluetooth: hci12: unexpected cc 0x0c38 length: 249 > 2 [ 569.051272][ T9179] Bluetooth: hci12: command tx timeout [ 569.126531][ T3582] Bluetooth: hci13: unexpected cc 0x0c03 length: 249 > 1 [ 569.140802][ T3582] Bluetooth: hci13: unexpected cc 0x1003 length: 249 > 9 [ 569.158109][ T3582] Bluetooth: hci13: unexpected cc 0x1001 length: 249 > 9 [ 569.167978][ T3582] Bluetooth: hci13: unexpected cc 0x0c23 length: 249 > 4 [ 569.177939][ T3582] Bluetooth: hci13: unexpected cc 0x0c25 length: 249 > 3 [ 569.190974][ T3582] Bluetooth: hci13: unexpected cc 0x0c38 length: 249 > 2 [ 571.131061][ T9179] Bluetooth: hci12: command tx timeout [ 571.291396][ T9179] Bluetooth: hci13: command tx timeout [ 572.222000][ T3580] Bluetooth: hci14: unexpected cc 0x0c03 length: 249 > 1 [ 572.237950][ T3580] Bluetooth: hci14: unexpected cc 0x1003 length: 249 > 9 [ 572.248862][ T3580] Bluetooth: hci14: unexpected cc 0x1001 length: 249 > 9 [ 572.260383][ T3580] Bluetooth: hci14: unexpected cc 0x0c23 length: 249 > 4 [ 572.268705][ T3580] Bluetooth: hci14: unexpected cc 0x0c25 length: 249 > 3 [ 572.277244][ T3580] Bluetooth: hci14: unexpected cc 0x0c38 length: 249 > 2 [ 573.211056][ T9179] Bluetooth: hci12: command tx timeout [ 573.371691][ T9179] Bluetooth: hci13: command tx timeout [ 573.614679][ T1255] ieee802154 phy0 wpan0: encryption failed: -22 [ 573.622074][ T1255] ieee802154 phy1 wpan1: encryption failed: -22 [ 574.331301][ T9179] Bluetooth: hci14: command tx timeout [ 575.291165][ T9179] Bluetooth: hci12: command tx timeout [ 575.451318][ T9179] Bluetooth: hci13: command tx timeout [ 576.411252][ T9179] Bluetooth: hci14: command tx timeout [ 577.531206][ T9179] Bluetooth: hci13: command tx timeout [ 578.491141][ T9179] Bluetooth: hci14: command tx timeout [ 580.571247][ T9179] Bluetooth: hci14: command tx timeout [ 593.461406][ T28] INFO: task kworker/0:10:4354 blocked for more than 143 seconds. [ 593.484305][ T28] Not tainted 6.1.94-syzkaller #0 [ 593.496778][ T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. 2024/06/18 12:34:04 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF [ 593.510464][ T28] task:kworker/0:10 state:D stack:20832 pid:4354 ppid:2 flags:0x00004000 [ 593.570996][ T28] Workqueue: events linkwatch_event [ 593.576488][ T28] Call Trace: [ 593.580178][ T28] [ 593.618821][ T28] __schedule+0x142d/0x4550 [ 593.623980][ T28] ? do_raw_spin_unlock+0x137/0x8a0 [ 593.629356][ T28] ? __sched_text_start+0x8/0x8 [ 593.650967][ T28] ? print_irqtrace_events+0x210/0x210 [ 593.656557][ T28] ? do_raw_spin_unlock+0x137/0x8a0 [ 593.670973][ T28] ? _raw_spin_unlock_irq+0x1f/0x40 [ 593.676275][ T28] ? lockdep_hardirqs_on+0x94/0x130 [ 593.700944][ T28] schedule+0xbf/0x180 [ 593.705470][ T28] schedule_preempt_disabled+0xf/0x20 [ 593.720951][ T28] __mutex_lock+0x6b9/0xd80 [ 593.725642][ T28] ? __mutex_lock+0x53c/0xd80 [ 593.730414][ T28] ? linkwatch_event+0xa/0x50 [ 593.750933][ T28] ? mutex_lock_nested+0x10/0x10 [ 593.755968][ T28] ? do_raw_spin_unlock+0x137/0x8a0 [ 593.777859][ T28] ? process_one_work+0x7a9/0x11d0 [ 593.783125][ T28] linkwatch_event+0xa/0x50 [ 593.787882][ T28] process_one_work+0x8a9/0x11d0 [ 593.838461][ T28] ? worker_detach_from_pool+0x260/0x260 [ 593.844416][ T28] ? _raw_spin_lock_irqsave+0x120/0x120 [ 593.850040][ T28] ? kthread_data+0x4e/0xc0 [