last executing test programs: 4.893461728s ago: executing program 1 (id=750): syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000000)=ANY=[], 0x1, 0x357, &(0x7f0000000180)="$eJzs3c9rI2UYwPEnaTa/lm1yEEVB+qAXvQxt9KwG2QUx4NLdiLuCMLudaMiYlJlQiYitJ6/izX9AcNljbwX1H+jFW7148dZLQdAi4shMZtr8mCRNmpLWfj9Q8kze95mZNzOE5w3M28MPvvm0UXONmtmWZFYlISJyLFKUpEQS4WsyiNPSa0devfnHwYv3Hjx8t1yp3F5XvVO+/1pJVZdXfvzsi1zYbS8j+8WPDo9Kv+8/u//84b/3P6m7Wne12WqrqY9av7XNR7alG3W3YajetS3TtbTedC2n297qttfs1uZmR83mxq38pmO5rprNjjasjrZb2nY6an5s1ptqGIbeysv1kh3Y9hKTc6pP1tfN8owHfDxjHubtb8/zxjQ7TtlcEjFyQy3VJxd6XgAA4FIaqP+/i2qEoiRPCspE31xguP6P4qD+96vO0/r/6Us/t2++v7sc1v976bj6//Vfu/l99b9/9LnX/z8MbA9XRFfe9jSdz1X/43JYSQ+91T/18+v/fDh/D3z14dPVIKD+BwAAAAAAAAAAAAAAAAAAAADgKjj2vILneYXoNfo7fYQg3I62xj1ojCtn1PXPhCsKnNwP+F+69+ChZIMH91LLIvbXW9Wtavc1bI86rkpB/gnuh1B3wYmdoFF9RfnJ3g7zt7eqS0FLWUTFFkvWpCDFvvwgvvNO5faadvXnJ1J5P78m9SC/JAV5Jj6/FJufllde7sk3pCC/PJaW2LIRfo9F+V+uqb79XmUgPxf0i/PmxV8WAAAAAADmylDNhtPn2Pm7YajGtftzeemdnw//PnAyv16NnZ+nCi+kFjt2AAAAAACuCzf9ecO0bctxOyODnEzqkwn3Nn4/8UFqms5+cBAEN8b1WeoZ4Vn3nA7/g8YUJy/TjdS07T8zEvthRku49jVlz/GpmnY0/jN0zk57CRw3Of3YLcdd8c9HZxpOTxD9bDSqj9yddc+jgmjl3Emdn/v2+79mO0QiXLW3t+mN3eyEkQZBYuCdnQk37ZHnTTyfGxf5nQMAAABgMaKiP+dG77y12BMCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAamusyaSOCRY8RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuCz+CwAA//+9m/li") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_aout(r0, &(0x7f00000002c0)=ANY=[], 0xc1) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3000005, 0x13, r0, 0x0) r1 = socket$inet_dccp(0x2, 0x6, 0x0) getsockopt$inet_int(r1, 0x10d, 0x95, 0x0, &(0x7f00000000c0)) 4.761470959s ago: executing program 1 (id=757): unshare(0x68060200) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x400000a, 0x8031, 0xffffffffffffffff, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$EBT_SO_GET_ENTRIES(r0, 0x0, 0x82, &(0x7f0000001100)={'broute\x00', 0x0, 0x0, 0x0, [], 0x0, 0x0, 0x0}, &(0x7f0000000240)=0x50) 3.581646543s ago: executing program 3 (id=763): syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000480)='./file0\x00', 0x8a, &(0x7f0000000300)={[{@jqfmt_vfsold}, {@usrjquota}, {@min_batch_time={'min_batch_time', 0x3d, 0x1}}, {@noload}, {@nombcache}, {@usrjquota, 0x22}, {@init_itable_val={'init_itable', 0x3d, 0x601}}, {@noacl}, {@data_err_abort}]}, 0xfe, 0x451, &(0x7f00000016c0)="$eJzs3M9PHFUcAPDv7rK0tEWw/iy2ilYj8QcU+sMevNRo4kETEz3UeEKgDXZbTMHENkTRAx5NE+/Go4l/gRfrxagnE696NybEcLF6WjO7M3SBXVhgYWv380kG3tv3Nu99Z+btvn2zswF0rMHkTy7iUET8FhF91ezqCoPVf7eW5yf+WZ6fyEW5/OZfuUq9v5fnJ7Kq2fMOVjPl8gbtLr4TMV4qTV1N8yNzl98fmb12/fnpy+MXpy5OXRk7e/bUyWPdZ8ZOtyTO3qSvAx/NHD3y6ts3Xp84f+Pdn75J+nsoLa+No1UGq3u3rqda3Vib9dakc11t7AhbUoiI5HAVK+O/LwrRs1LWF6982tbOAbuqXM6X9zUuXigDd7Fkog50ouyNPvn8m217NPW4Iyydi5V1jFvpVi3pinxap5h+RtoNgxFxfuHfL5MtdmkdAgCg1s1zEfFcvflfPh6sqXdPem2oPyLujYjDEXFfRNwfEQ9EVOo+FBEPb7H9tVdI1s9/yn3bCqxJyfzvxfTa1ur5Xzb7i/5CmuutxF/MXZguTZ1I98lQFPcl+dEN2vj+5V8/b1RWO/9LtqT9bC6Y9uPPrjULdJPjc+M7ibnW0icRA1314s+tzHmT+fGRiBjYZhvTz3x9tFFZ/6bxb6AFk/LyVxFPV4//QqyJP5NreH1y9IUzY6dH9kdp6sRIdlas9/Mvi280an/z47+7lm6W40Dd838l/v7c/ojZa9cvVa7Xzm69jcXfP2v4mWa753937q1Kujt97MPxubmroxHdudfWPz52+7lZPqufnP9Dx+uP/8Nxe088EhHJSXwsIh6NiMfSvj8eEU9ExPEN4v/xpSff23r8G6zKt1AS/+Rmxz9qj//WE4VLP3xbt/Fis8f/VCU1lD7SzOtfsx3c4e4DAACA/4V85TvwufzwSjqfHx6OWKis7R7Il2Zm5569MPPBlcnqd+X7o5jPVrr6atZDR9O1vCw/tiZ/Ml03/qLQU8kPT8yUJtsdPHS4g9n4L6we/4k/Cu3uHbDr3K8Fncv4h85l/EPnMv6hcxn/0Lnqjf+P29APYO9t8v7fs1f9APae+T90LuMfOpfxDx2p4b3x+R3d8i/RpsR33Tv7rYbmE5G/Q0K+axLFqFvU1fSPWWwzsa9uUbtfmQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFrjvwAAAP//gk3jgQ==") memfd_create(&(0x7f00000004c0)='\xf3e\t\x05\x00\vty\x01sen\x01C\x1f\xc6\xcf\x12\xd3A\xbbZ%\xb2\xc8<\xf8\xff\xff\xff\xe2\x8e\x9a:\x1c\xec\x87\x87\xcf\x83\xcf\x14\xb0\xfcK\xb9\x1a\xa9\xec{\xb7bn`\xbb\x0e_\bm\x1f\xb1x\x05;,\xf1h\x8cwR-\x81^T\xa8\x90\x17\x03B\x99\x85\x93scH\xe4\xfb\xda\xe7\xaa\x93ZY\xe4\xa0\x040\x8cw#\xfd\x12\xddi \xf62\xee\xe5\x92u\xd8\x06H\xbb*xN\x8c\xe1a\xe8\xcf\x99\x8f\xbe\xbe\aaC\xb0\x9d\x19*3_\xc4\xf9\xecEunE\xfa\xe82\x9f\x8d\xd4\x1d\xfeD\xba*\xef\xdb\xa4U\xfd4v\x8ei\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa7L\xbf\x9c\xe6\x89\xe1Vij\xd1yy\xefg\x8cn\xb2N\xc8Sc\x9cbF[\xecM\x15Z\xbe\xdf\x00+\x89\xcc/.\x95\x11\x97\xade\x9eZvM\x1c\xd0\xc2\x89j\x1e\xe1\xee\xf7J\x17.\xfdl\x99\x82\xf1\x05\xd9C\x1b\xceK\r\xcc', 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, 0xffffffffffffffff, 0x0, 0x5, &(0x7f0000000100)=',*\xf3!\x00'}, 0x30) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r3, 0x29, 0x20, &(0x7f0000000280)={@mcast2, 0x800, 0x0, 0x103, 0x1, 0xb00}, 0x20) setsockopt$inet6_int(r3, 0x29, 0x1000000000021, &(0x7f0000000040)=0x5, 0x4) sendmsg$inet6(r3, &(0x7f0000000140)={&(0x7f0000000080)={0xa, 0x4e26, 0x80000, @mcast1}, 0x1c, 0x0, 0x0, &(0x7f0000000b00)=[@dstopts_2292={{0x18}}, @dstopts_2292={{0x18}}], 0x30}, 0x0) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r4) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) r5 = inotify_init1(0x0) fcntl$setown(r5, 0x8, 0xffffffffffffffff) fcntl$getownex(r5, 0x10, &(0x7f0000000140)={0x0, 0x0}) r7 = syz_open_procfs(r6, &(0x7f0000000600)='fd/4\x00') ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r7, 0xc020660b, &(0x7f0000000180)={@desc={0x1, 0x0, @auto="e2c3cb017721575b"}}) 3.518636992s ago: executing program 1 (id=765): pipe2(&(0x7f0000000000)={0x0, 0x0}, 0x0) r1 = userfaultfd(0x1) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000040)) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mremap(&(0x7f00002d7000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil) get_mempolicy(0x0, 0x0, 0x0, &(0x7f0000a88000/0x2000)=nil, 0x3) ioctl$UFFDIO_WRITEPROTECT(r1, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000800000/0x800000)=nil, 0x802000}, 0x2}) ioctl$UFFDIO_COPY(0xffffffffffffffff, 0xc028aa03, &(0x7f0000000400)={&(0x7f0000b36000/0x12000)=nil, &(0x7f0000841000/0x4000)=nil, 0x12000}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$UFFDIO_CONTINUE(r2, 0xc018aa06, &(0x7f00000000c0)={{&(0x7f0000800000/0x800000)=nil, 0x800000}, 0x1}) syz_io_uring_setup(0x6865, &(0x7f00000003c0)={0x0, 0x0, 0x2000}, &(0x7f0000000080), &(0x7f0000000140)) ioctl$UFFDIO_COPY(r1, 0x8010aa02, &(0x7f0000000100)={&(0x7f00009e5000/0x2000)=nil, &(0x7f0000962000/0x2000)=nil, 0x2000}) close_range(r0, 0xffffffffffffffff, 0x0) 3.468188065s ago: executing program 0 (id=767): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) close(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events\x00', 0x100002, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x7a05, 0x1700) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_DELETE(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000001000)=ANY=[@ANYBLOB="b0000000020101010000000000000000020000040600124000040000540002"], 0xb0}}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mkdir(&(0x7f00000004c0)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000000140)='./bus\x00') r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) r5 = fanotify_init(0x200, 0x0) fanotify_mark(r5, 0x1, 0x4800003e, r4, 0x0) creat(&(0x7f0000000100)='./file0\x00', 0x0) openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000080), 0x12) write$cgroup_int(r2, &(0x7f0000000200), 0x48400) r6 = socket$alg(0x26, 0x5, 0x0) bind$alg(r6, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'crc32\x00'}, 0x58) r7 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000640), 0x0, 0x0) r8 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8}, 0x48) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000002007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000000700000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000380)={0x3, &(0x7f0000000340)=[{}, {0xa4}, {0x6}]}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r9}, 0x10) close_range(r7, 0xffffffffffffffff, 0x0) writev(r0, &(0x7f0000000040)=[{&(0x7f0000000100)="8a031f176e63fc203aa6d134df2cda5bc736ca6ee0009be5d6e94caeb88536877a6137014a5179cb777633761a1faf9b03dad1d9ffcd7316546e35b7e029c296392e8897eb2597c2d04094395067faf348c22015cc65022e71ac0bce9be6a8e1f86e932883d1b9c60ed2b492f91f3ef4325107ec1960091f679cf2ee3c6543c8e613eec70860ba08e8330f3f3aceff5a46f84b0e103adac594c54178cece662dce4ebba454a33fed5cec89", 0xab}], 0x1) r10 = accept4(r6, 0x0, 0x0, 0x0) sendfile(r10, r0, 0x0, 0xfacf) 3.14162119s ago: executing program 1 (id=768): syz_mount_image$hfs(&(0x7f0000000100), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000000)={[{@iocharset={'iocharset', 0x3d, 'cp949'}}, {@codepage={'codepage', 0x3d, 'macromanian'}}, {@type={'type', 0x3d, "3ae6f83f"}}]}, 0x1, 0x2e5, &(0x7f0000000140)="$eJzs3U1PE0Ecx/HfbFsoD8EVMCZeNCiJXoioB+OlxvTq3ZNR25IQG4iAiXoRjUfjC/DuW/BFeNH4BvTkybucHDPTadnCdkvFshS/n4RmOzuz+5/OPsx/Y60A/LfuVL99uP7D/RmpoIKkW1IkqSwVJZ3R2fLTta3VrWajnrWhgm/h/oxaLc2+OrW1RlpT1863CGL3rqjpZBmGw1p7+3veQSB3/uxPEUnj4Tz068tHHNewbEvn847hqCUH2OxoR880k2M4AIBjINz/o3CbmPZFRlEkLYbb/om6/++cnK44N5r7imxmg8T938/urHHje8qv2s33fArn1kftLPEgwZT2vB9T68jqmmCaflmljyWaWFktaqn2SvVIr1UJEtXm/Wu9dei29Yl2ISU3zdB7ayXdnWz1xs8o92qHtLLabIy7hZT45wbb4+GZT+aLuW9ivVe9M/8rWuOGyY9UvGekopKL/2rvLU75Vq6WQtpfqVSiriqn/U7OhT0EfXpZTs9IkttsPyDY7kSQFaff96y6Hyu0erfcp9VcWqu4865Hq/muVoVwJCzV1puZj1KGo91F887cMwv6qY+qJub/kYtvUYkzM+v6aHzNcGTU1vXb2rH0mkVfM953ud09XS50IgjGB+4bpAGflr3VI93UzObzF48LzWZjwy08TFl4Mr1hQknpjZRaZ/gLBWXU0fZuiXVeWnvQLdtDBGb6fRpX+m/n18F36q4fnRJ3+qRVdmdZpyT6B5+8NTkM93FfqH5W1gE5OgvWSj1WDe06hWNk07QHPRRM5BwQjpqbd5lW/udn8mFW51Mk9xJnzNOzk0x1bXG5k8F1TwVn/evkQBncVO8MLrHHaz1yRp9zXbwsXUoUGmXuMQ5xnhCmqq96wPN/AAAAAAAAAAAAAAAAAACAURP+0X/7K5tD+aZBzl0EAAAAAAAAAAAAAAAAAAAAAGDk/dXv/6b9H/H+939jfv8XGCF/AgAA///7WndM") mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) socket$netlink(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000840)={0x0, {0x2, 0x0, @empty}, {0x4, 0x1}, {0x2, 0x4e24, @remote}, 0x184, 0x0, 0x0, 0x0, 0xfffd, &(0x7f0000000180)='lo\x00', 0x9}) r0 = socket$inet6(0xa, 0x1, 0x0) dup2(r0, r0) socket$netlink(0x10, 0x3, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000300)=@acquire={0x128, 0x17, 0x1, 0x0, 0x0, {{@in6=@ipv4={'\x00', '\xff\xff', @multicast2}}, @in=@multicast2, {@in=@dev, @in=@initdev={0xac, 0x1e, 0x0, 0x0}}, {{@in=@empty, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0x3}}}, 0x128}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast2, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x19}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3}}}, 0xb8}}, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast1=0xe0000002, @in=@private=0xa010100, 0x0, 0x0, 0x0, 0x0, 0xa}}}, 0xb8}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@updpolicy={0xb8, 0x15, 0x1, 0x0, 0x0, {{@in=@multicast1=0xe0000002, @in, 0x0, 0x0, 0x0, 0x0, 0xa}}}, 0xb8}}, 0x0) 2.75761959s ago: executing program 1 (id=769): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10) r4 = syz_open_dev$vim2m(&(0x7f0000000140), 0x10001, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r4, 0xc0d05605, &(0x7f0000000240)={0x1, @raw_data="a425e2f1a54d24f15852323460608d70566e425a6c36af37b33fac9d31c8a9c7044410d324b03e044e454d2092a62fea8f13441431ce248bfc73a6726ee61ba491d15d8f392ff66fe0b17f0e11f5d2367d5593205ab1efa97d40619a553e7da2518125b850a186ef691daa55c9e50ffaf6ddc25220ded32aeba4524cec1afbd17abba1d15ea05e97ed3dcad452db6e08a991e2c78b057f55de7fdeba7411ce65700c0a1ad7946ff7c355db87566e3e5abb7a37a06731ed19ddfa970bb58a27fd9fa194c092730319"}) mkdir(&(0x7f0000000440)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r6, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) r7 = dup(r6) write$FUSE_DIRENTPLUS(r7, &(0x7f0000000300)=ANY=[@ANYBLOB="b0000000000000008d15c937040795e9ec68ba339b8fd15e58983b3da942"], 0xb0) getresuid(&(0x7f0000000440), &(0x7f0000000480), &(0x7f00000004c0)=0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r5, @ANYBLOB=',wfdno=', @ANYRESHEX=r7, @ANYBLOB, @ANYRESDEC=r8]) removexattr(&(0x7f0000000180)='./file0\x00', &(0x7f0000000200)=@random={'security.', '9p\x00'}) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) 2.72670809s ago: executing program 4 (id=770): r0 = syz_mount_image$hfsplus(&(0x7f0000000040), &(0x7f0000000980)='./file3\x00', 0x2000014, &(0x7f0000000100)=ANY=[], 0x1, 0x6b9, &(0x7f0000001540)="$eJzs3c1vHGcdB/DvrNcbb6iC0yY0QkVYiVSQIhInVgrhgkEI5VChqhw4W4nTWNkkleOitELgAoITEof+AQXJN05I3IPCudx69bESEpeIQ9TLopmdddbedbxO/Fb6+UTj55l9Zp757W+emdmXrCbAl9a182k+TJFr5998UM6vr8111tfmjtXNnSRlvZE0e0WKu0nxKJkv24uBKQPlkI+Wrr796eP1z3pzzXqqlp941nojjFh2tZ4yU/c3M3LNyXE3sVqHl5eSXK/LzVrj9rVpwTJp5+oSDl13yOpuVt/NcQscMf2rU9G7bg6ZTo4nmapfB6Q+OzQOLsL9sauzHAAAAHxBfXLvsCMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAL576/v9FPTXqMjMp+vf/b/Ufq+tH0PzYSz7c1zgAAAAAAAAA4GB880me5EFO9Oe7RfWd/9lq5lQ+7yZfyXu5n8Us50IeZCErWclyLiWZHuio9WBhZWX50saapdFrXh655uWDesYAAAAAAAAA8H/pN2k//f4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACOgiKZ6BXVdKouM51GM0/bspr8K0nrsOPdhWLUgw8PPg4AAAB4IVPPsc5Xn+RJHuRE//1xt6je83+tmp/Ke7mblSxlJZ0s5kb9Hrp8199YX5vrrK/N3Smn4X5/+J9dhVH1WH++MHrLZ6ol2rmZpeqRC7leBXMjjWrNnEvO9OMZHdeHZUzFD2pjRtas01pu7E/bfYqwJ3b7UcR0GVyykZHZOrYyGyd7GSiqD2qSrZnYce80t24pjUxubOlSGhuf/Jzaw5yv1uXxuiyfz+/3Nee7tZGJRqpMXO6PvvKYeXYmkm/9/a8/v9W5205y/ug8pR1MbPP41jExN5CJV8fMxO1bN+8fvUw0d7n8bJWJ0xvz1/KT/CznM5O3spyl/CILWcliunX7Qj2ey7/Tz87U/Ka5t3aKpFXvl94+Gyemmfy4qi3kbLXuiSylyL3cyGLeqP5dzqV8N1dyJVcH9vDpbeOunlt11De2HvX9Pf2PkcGf+3ZdKY+PP9TlUA622G507pXeub/M68mBvPZG/eONpU4OHAezA1l6uZ+dyZGdP8/1qPn1ulJu47d1eTRM15koD6D+VaIf3Su9TDSra9HwOP9zt1wvnbu3l28tvLtN/6tb5l+vy3JYrX1j3ChH74q9VY6XlzNVn0k2j46y7ZWNs8zJTVfVVv2NS6+tMdR2umoriv6R+tPcqwbA8JHaql/DDfd0uWp7dWTbXNV2ZqBt0+ut3EsnNw4gfwC8oOkcb7X/3f6k/XH7d+1b7TenfnTse8dea2Xyn5Pfb85OvN54rfhbPs6vqvf/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAC7r//ge3FzqdxeXRlcb2TTtUdup5S6Wob+jzXNs6gpWpJJseqe5zdOBhtLeGMVTp/jrZ0tTa91D7NxEcvcwfy0ozz+hnqh/h/E7b+vDQR8JRr0xkaABUlUM+MQH77uLKnXcv3n//g+8s3Vl4Z/GdxbuTV65cnb165Y25izeXOouzvb+HHSWwH55e9A87EgAAAAAAAAAAAGBco34YcPalnX40MtZvPPzPQgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGBPXDuf5sMUuTR7YbacX1+b65RTv/50yWaSRiMpfpkUj5L59KZMD3RX5C+P0h2xnY+Wrr796eP1z5721ewtnzTq8gWs1lNmkkzU5bDuxPP0d33b/sZV/Lf/DMuEfd7tdudfqD/YI/8LAAD//+ja80s=") openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={0x280c0}, 0x18) syz_open_dev$tty1(0xc, 0x4, 0x1) write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000000080)={0xc, {"a2e3ad21ed0d52f91b5d520987f70e06d038e7ff7fc6e5539b3247298b089b0708356d090890e0878f0e1ac6e7049b3350959bfc9a240d2567f3988f7ef319520100ffe8d178708c523c921b1b9b31070d074b0936cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb056d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498be0800000000000000f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6efcffac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ec126c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b8247068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c198045651cf4778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c5409711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e24919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5136651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f00000000000000000000b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d53588a0f9455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d664130bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7899484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ea4cd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f031755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb24ee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_new={'new ', 'default', 0x20, 'user:', 'syz', 0x20, 0xffd}, 0x2a, 0x0) r1 = socket$inet6(0xa, 0x802, 0x88) setsockopt$inet6_udp_int(r1, 0x11, 0x100000000a, &(0x7f00000003c0), 0x4) sendto$inet6(r1, 0x0, 0x0, 0x4008840, &(0x7f0000000180)={0xa, 0x4e23, 0x0, @local}, 0x1c) sendto$inet6(r1, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x0, 0x11, &(0x7f0000000080)=@framed={{0x18, 0x3}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd, @initr0, @exit, @printk={@x={0x18, 0x1, 0x0, 0x0, 0x25782020, 0x30}, {}, {}, {0x4, 0x0, 0x0, 0x1, 0x0, 0x0, 0xfffffe00}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0xf4240}, {0x7, 0x0, 0x8}, {0x85, 0x0, 0x0, 0x2d}}]}, &(0x7f0000000000)='GPL\x00', 0x4}, 0x90) keyctl$read(0xb, 0x0, 0x0, 0x0) request_key(&(0x7f00000001c0)='blacklist\x00', 0x0, &(0x7f00000003c0)='user:', 0x0) ioctl$IOMMU_VFIO_IOAS$GET(0xffffffffffffffff, 0x3b88, &(0x7f0000000080)={0xc}) ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r0, 0xc0506617, 0x0) ftruncate(0xffffffffffffffff, 0xc17a) 2.268063298s ago: executing program 3 (id=771): r0 = timerfd_create(0x0, 0x0) poll(&(0x7f0000000000)=[{r0}], 0x1, 0x784f) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) ioctl$TFD_IOC_SET_TICKS(r0, 0x40085400, &(0x7f0000000140)=0x7) 2.254500607s ago: executing program 0 (id=772): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000080)={{r0}, &(0x7f0000000180), &(0x7f0000000780)='%+9llu \x00'}, 0x20) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000140)={r0}, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x3, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000ffffff857b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r1, 0x2f08, 0xe, 0x0, &(0x7f0000001000)="0000000009000005ed14a3c9d27f", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 2.19201704s ago: executing program 4 (id=773): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000000c0)={0x34, r0, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_MESH_SETUP={0xc, 0x70, [@NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC={0x5}]}]}, 0x34}}, 0x0) 2.191523533s ago: executing program 0 (id=774): syz_mount_image$hfsplus(&(0x7f00000000c0), &(0x7f0000000980)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="666f7263652c6e6f626172726965722c63726561746f723dbd3c66f52c6e6c733d6d6163696e7569742c666f7263652c666f7263652c00e4fc379f5d3b737931087563d08075a28550d98b7ceb93413b717546de81c69d046a7c7de8b7877acbd69ee6be03a2ee9a6f18a95984da551773b44694170cc523576b447ba266b98f316ea57b543f70ba341c31a3ebdda905e7fe6b43c2a3df705330ee5e204149ac4976e64dd1fadd4aa5366c443b6b98d34c"], 0x3, 0x6a4, &(0x7f0000000100)="$eJzs3U9sHFcdB/DvbDbrbJBS918aEFKtRqqgEYmdVUmQkBoQQjlEKIJLr1biNFY2aeW4KK0Q2QAFiRMn1AOHIhQOPSGEkMoJUc5ISFw4+R6JG4ccAKOZnV2v7Y1jJ7HXbT8faTzv7Zv33m9+nT+7s402wGfW+ddzsJci509cuFXWV+52uit3O9cH5SRTSRpJs79K0U6Kj5Nz6S/5fPliPVzxoHlevfdR0Xz/w06/1qyXavvGVv02GbtlLzk0rBxIMtMv/mfbw24ar1qqcS6tjfeIimHcZcKODxIHk7a6SW+tsfHQ7ts/b4F963b/vrnJdHI4/btr+T4g9dXh4VeGydvy2tTbuzgAAABgt4z9LD/qqfu5n1s5sjfhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwKdD0f/NwKJeGoPyTIrB7/+3Rn5TvzXhcB/Te1eq1XefmnQgAAAAAAAAAPBYXryf+7mVI4P6alF95/9SVXmu+vu5vJ2bWchSTuZW5rOc5SxlLsn0yECtW/PLy0tzm3v+MmXP1dXV23XP02N7nl4fV29joOP+T4NNGwEAAAAAAADAZ9aPcn7t+38AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANgPiuRAf1Utzw3K02k0kxxK0ipmhpu3JhrsE/DnSQcAAAAAu69dr48U/+sXVovqM//R6nP/obydG1nOYpbTzUIuV88C+p/6G3/vdbordzvXy2XzwN/4147iqEZM/9nD+Jlnqy2eH/Y4n2/nezmRmVzMUhbz/cxnOQuZybeq0nyKTNdPL6ZX7rYziHVzvOfW1S5ujO3FkXIZ37EqknauZLGK7WQutQahN+rtjo3M9sdWsmHGO2V2itdq28zR5Xpd7tEv6vX+MF3t+cFhRmbr3JfZeHo075tzv8PjZONMc2kMn0E9tzZLWd040yPl/HC9LnP9093N+Q4fpa3PRO/nZW1w9B3dOufJl//xl4tXGzeuXb1y88T+OYwe0cZjojOSiRe2lYlumYneY2Ti0OPE/+S06mz0r6I7u1q+VPU9ksV8J2/mchZyJrOZy9nM5ms5nU5Oj+T1+a3zWp1rjZ2da8e/VBfKe9LPRu5Ne2bqQQ1lXp8eyevolW66aht9ZS1Lz2wjS0Ur47P0z7GhNL9QF8o5fjxyx5m8jZmYG8nEs1tn4tf/XU1ys3vj2tLV+be2Od/L9bo8bd9bf23+zRPZoZ2rd7c8Xp4p/2Olf9sYPTrKtmcHbRvy1aq/cWnWg61ra6U6n/ttDztTy5GO3hk3Ur/thbGzdKq2YyNt697l5M10h+9CANjHDr9yuNW+1/5b+4P2T9pX2xcOfXPq7NQXWzn41+afDvyu8dvG14tX8kF+mCOTjhQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4Nbr7z7rX5bndhaR8W0njCA94Z2zRIRf+V1v7Y909qYWqrI+r3Sbbo3ppEzO0k+yJ1ae7BXFMZ03Rh+Eo7aQzjSXJtn/zAHbAbTi1ff+vUzXfe/cri9fk3Ft5YuHH67JnXznS+Onf71JXF7sJs/++kowR2w9rbgElHAgAAAAAAAAAAAGzXXvzzhjHTFr0J7CsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwyXT+9Rzspcjc7MnZsr5yt9Mtl0F5bctmkkaS4gdJ8XFyLv0l0yPDFQ+a59V7H/3q5fc/7KyN1Rxs39jQ7w//Xl3d4V706iUzSQ7U64eb2tZ4l0bG6+0wsL5iuIdlwo4PEgeT9v8AAAD//x5LB84=") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_queued_recursive\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f00000001c0), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x800001, 0x28011, r0, 0x0) openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) 2.19074872s ago: executing program 4 (id=775): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000940)={0x16, 0xc, &(0x7f00000000c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}}]}, &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r1, 0x0, 0x10, 0x38, &(0x7f00000006c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000700)=""/8, 0x60ff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) 2.121302405s ago: executing program 4 (id=776): socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r0, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x60ae0}], 0x318, 0x0, 0xdb0, 0xf5ffffff}, 0x0) sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0x18, &(0x7f00000000c0), 0x31}, 0x0) close(r1) 2.108980048s ago: executing program 0 (id=777): r0 = socket$netlink(0x10, 0x3, 0x0) unshare(0x22020600) r1 = syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000140)='./file1\x00', 0x1000801, &(0x7f0000000840)=ANY=[], 0x2, 0x1ea, &(0x7f00000003c0)="$eJzsmb2LE0EYxp+Z3eydhyg2FjYWHniit9ndqFxzxQmWgnCKWgZvPU73LpKskAQEg42NpYVga2NpYWFl4V9gq4UKgoUp7YSR+djdyWYT4gdG9P3BzT7z9c68L9yzsAFBEP8tHz98ff/w3NqlUwD2YxkLZvyzo5/i4Oj6d4/vnHy0fv7J87dPX+8duPuyHI/JPWL28z0ArzYcpGCuOXFk93IRNtO4DI4TRl8Bg6/lN6HQnRgM18yam5Zu7TMiif3rrWTrxk4SB7IJZRPJpmGfLy81HDBsAVhUtxOCWfOdXv9WM0nidlnURHbO2NSPimn1U/fb4FhHVj0hOICrD+4PZN/UBgF4Xr8QHKHRDTBsGr2GBfi+X5TEyv+IW8R3Zsl/vuKZEodW/9Sh4Locf0Pu/7Co/ZY4rDwi/6HzkcPDzAPtNZ/mnvvPC2VcAMam3iwlyYVfiOxVFCoXhT9JZz9u+ZMLN/ePerp7u97p9Vd3dpvb8Xa8F0WNs8HpIDgT1ZUR6XaK/y0qf1qy4tcmrPWYh24zTdthF0jbYd6PdGs57uaL1he1hyv/41g5pmMw887KX5QlmPnj6inVilO98t7EnAiCIAiCIAiCIAiCIAiCIKo5Cgb9S5hg5oNoFdFF9YXyewAAAP//L0Rm/Q==") move_mount(0xffffffffffffff9c, &(0x7f00000003c0)='./file0/file0\x00', 0xffffffffffffff9c, 0x0, 0x0) setns(r1, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 2.037274498s ago: executing program 4 (id=778): openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='hugetlb.2MB.usage_in_bytes\x00', 0x26e1, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000240)) socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x0, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e21, @empty}, 0x10) connect$inet(r2, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000000)=[@mss, @sack_perm, @window, @mss, @window={0x3, 0x0, 0x401}, @window], 0x20000000000000e4) setsockopt$inet_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f00000001c0), 0xc7) sendto$inet(r2, &(0x7f0000000000), 0xffffffffffffff94, 0xb, 0x0, 0x0) recvfrom$inet(r2, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x12, 0x0, 0xfffffffffffffd25) 2.026849933s ago: executing program 0 (id=779): syz_mount_image$vfat(&(0x7f0000000440), &(0x7f0000000080)='./file0\x00', 0x3808008, &(0x7f0000000540)=ANY=[@ANYBLOB="73686f72746e616d653d77696e6e742c756e695f786c6174653d312c756e695f786c6174653d302c6e6f6e756d7461696c3d302c73686f72746e616d653d77696e39352c73686f72746e616d653d77696e39352c757466383d312c757466383d302c636865636b3d7374726963742c73686f72746e616d653d6c6f7765722c756e695f786c6174653d312c696f636861727365743d6d616363726f617469616e2c636f6465706167653d3836362c73686f72746e616d653d6c6f7765722c73686f72746e616d653d6d697865642c646d61736b3d30303030303030303030303030303030303030303130302c757466383d312c757466383d312c757466383d302c756e695f786c6174653d312c6e6e6f6e756d7461696c3d312c73686f72746e616d653d77696e39352c726f6469722c73686f72746e616d653d6d697865642c73686f72746e616d653d77696e6e742c756e695f786c6174653d312c757466383d302c726f6f74636f6e746578743d73797374656d5f752c00e0035aa2cd29c600891cd4d693993d07e9df4154c218b442a453"], 0x6, 0x2d3, &(0x7f0000000a40)="$eJzs3b1rJGUYAPBnNrMfarFbWInggBZWx+Vamw1yB2Iqjy1OCw3eHUh2ES4Q8QPXq8TOxtK/QBD8Q2zsLAVbwc4IgZGZncl+ZNhsJBvx8vsVyZuZ55n3ed+ZJNPkyQcvTw4fZvH46Re/Ra+XRGvYjThJYhCtqH0VS4bfBgDwf3aS5/FnPtNw+tdv1uT2tlgXALA9F/z+r6TlxwdFxE/XVxsAsB33H7z79t7+/t13sqwX9yZfH4+SiCg+z87vPY6PYhyP4nb04zSifFFoR/m2UAzv5Xk+TbPCIF6bTI9HRebk/Z+r6+/9EVHm70Y/BuWhs7eNMv+t/bu72cxC/rSo4/lq/mGRfyf68eJZ8lL+nYb8GHXi9VcX6r8V/fjlw/g4xvGwLGKe/+Vulr2Zf/fX5+8V5RX5yfR41C3j5vKdevLpNd8jAAAAAAAAAAAAAAAAAAAAAACePbeq3jndKPv3FIeq/js7p8UX7chqg+X+PLP8pL7QvD9QtPI8n+bxfd1f53aWZXkVOM9P46W0aiwIAAAAAAAAAAAAAAAAAAAAN9zRp58dHozHj55cyaDuBpBGxN/3I/7tdYYLR16J9cHdas6D8bhVDZdj0sUjsVPHJBFryygWcUXbctHguXM1V4MffmzMKlZ0lEbTqd7Fk7ab57rk4JP2bB8bY+qn6/Agad7D7lnxveLGxeqN60Tz7O1YOdKp7+dqcP0obracTuOp/qW3pfNCOZiuiYlk3ffFG78vLSeJleBO2XGjMb1dDZp2Y/ZsbPQ8R2+Wfv5nRaJbBwAAAAAAAAAAAAAAAAAAbNX8r38bTj5dm9rKu1srCwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACu1fz//28ySJeTN8jqxJOj/2ptAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3Bz/BAAA//8a6VGq") fgetxattr(0xffffffffffffffff, &(0x7f00000000c0)=ANY=[@ANYBLOB="757365722efa"], 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040), 0xfea7) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) 1.952541072s ago: executing program 0 (id=780): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() sched_setscheduler(0x0, 0x2, &(0x7f0000000200)) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f0000000300)=@abs, 0x6e) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) sched_setscheduler(0x0, 0x0, 0x0) socket$qrtr(0x2a, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x80001) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x19}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000010000/0x1000)=nil, 0x1000}, 0x5}) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) close(r1) connect$inet6(0xffffffffffffffff, 0x0, 0x0) getsockopt$inet_sctp_SCTP_GET_ASSOC_NUMBER(r0, 0x84, 0x1c, &(0x7f0000000180), 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={0x0, 0x58}, 0x1, 0xba01}, 0x0) 1.86018123s ago: executing program 1 (id=781): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000001440), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = syz_open_procfs(0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, r2, 0x0, 0x100800001) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) socket$inet_udp(0x2, 0x2, 0x0) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="04080400"], 0x51) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f00000000c0)='scalable\x00', 0x9) connect$inet6(r4, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c) write$binfmt_script(r4, &(0x7f0000000200), 0x4) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c90012000e00050014010a00c4e05ef81b9f5dce0e4d00000700ffff00000700"], 0x17) syz_emit_vhci(&(0x7f0000000280)=ANY=[], 0x1ac) syz_emit_vhci(0x0, 0x0) syz_open_dev$usbmon(&(0x7f0000000080), 0x4, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) pidfd_send_signal(0xffffffffffffffff, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f0000001400)=[{{0x0, 0x0, &(0x7f00000013c0)=[{&(0x7f0000000300)=""/84, 0x54}, {&(0x7f0000000380)=""/4096, 0x1000}, {&(0x7f0000001380)=""/39, 0x27}], 0x3}, 0x8}], 0x1, 0x22, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r6, 0x4004ae99, &(0x7f0000000040)=0x4) socket$unix(0x1, 0x5, 0x0) 1.441457625s ago: executing program 2 (id=782): r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_mtu(r0, 0x29, 0x17, 0x0, 0x50) 1.351410997s ago: executing program 3 (id=783): sendmsg$NL80211_CMD_SET_NOACK_MAP(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$wireguard(&(0x7f00000000c0), 0xffffffffffffffff) openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) r3 = mq_open(0x0, 0x0, 0x0, 0x0) mq_timedsend(r3, 0x0, 0x0, 0x0, 0x0) mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x1, 0x0) mq_unlink(&(0x7f0000000340)='eth0\x00') quotactl_fd$Q_SYNC(0xffffffffffffffff, 0x0, 0x0, 0x0) r4 = socket(0x10, 0x3, 0x0) sendmsg$kcm(r4, &(0x7f00000016c0)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000040)="2e00000022008102e00f80ecdb4cb9020a", 0x4a}, {&(0x7f0000001700)="0c74c75350f4a590e15c61c7942348092734fe1863473bbce6798a60e9", 0x1d}], 0x2, 0x0, 0x0, 0x10}, 0x0) 1.287489491s ago: executing program 2 (id=784): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000000c0)='syzkaller\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000180)='page_pool_release\x00', r0}, 0x10) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="1800000002000000000000000000eb1d95"], &(0x7f0000000040)='GPL\x00'}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r1, 0x2000008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 1.157617992s ago: executing program 2 (id=785): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000080)={{r0}, &(0x7f0000000180), &(0x7f0000000780)='%+9llu \x00'}, 0x20) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000140)={r0}, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x3, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000ffffff857b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r1, 0x2f08, 0xe, 0x0, &(0x7f0000001000)="0000000009000005ed14a3c9d27f", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 416.410339ms ago: executing program 3 (id=786): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r0, &(0x7f0000002480)={0x0, 0x0, &(0x7f0000001b80)={&(0x7f0000001880)={0x44, 0x3, 0x8, 0x401, 0x0, 0x0, {}, [@CTA_TIMEOUT_L3PROTO={0x6}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz1\x00'}, @CTA_TIMEOUT_DATA={0x14, 0x4, 0x0, 0x1, @tcp=[@CTA_TIMEOUT_TCP_FIN_WAIT={0x9}, @CTA_TIMEOUT_TCP_TIME_WAIT={0x8}]}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x21}]}, 0x44}}, 0x0) 377.957507ms ago: executing program 2 (id=787): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000940)={0x16, 0xc, &(0x7f00000000c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}}]}, &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r1, 0x0, 0x10, 0x38, &(0x7f00000006c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000700)=""/8, 0x60ff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) 173.343684ms ago: executing program 2 (id=788): r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f00000006c0)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f00000003c0)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_SETCRTC(r0, 0xc06864a2, &(0x7f0000000400)={0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "b4bc323ef77d1f000071849800000000deff00000000e6ffffff00"}}) ioctl$DRM_IOCTL_MODE_PAGE_FLIP(r0, 0xc01864b0, &(0x7f0000000040)={r2}) 168.080717ms ago: executing program 3 (id=789): socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r0, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x60ae0}], 0x318, 0x0, 0xdb0, 0xf5ffffff}, 0x0) sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0x18, &(0x7f00000000c0), 0x31}, 0x0) close(r1) 120.875448ms ago: executing program 2 (id=790): r0 = syz_open_dev$vbi(&(0x7f0000000040), 0x2, 0x2) fstat(r0, &(0x7f0000000200)) syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "120008", 0x30, 0x3a, 0x0, @loopback, @mcast1, {[], @pkt_toobig={0x3, 0x2, 0x0, 0x0, {0x0, 0x6, "000810", 0x0, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @multicast2}, @empty}}}}}}}, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x90) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0x6, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 66.506149ms ago: executing program 3 (id=791): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = getpid() process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x2, 0x4, 0x6, 0xbaa}, 0x48) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000200), 0xa7c, r1}, 0x38) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r2, &(0x7f0000000700)=ANY=[@ANYBLOB="0902f1f6681965fd47de1bec9a18727a2d1f27ed62c408443ca87a7ee56abc3d6dd21c47842614"], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r2, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, &(0x7f0000000000)=@mangle={'mangle\x00', 0x44, 0x6, 0x3c8, 0x2e0, 0x218, 0x0, 0x180, 0x2e0, 0x448, 0x448, 0x448, 0x448, 0x448, 0x6, 0x0, {[{{@uncond, 0x0, 0x70, 0x98}, @common=@unspec=@STANDARD={0x28}}, {{@uncond, 0x0, 0x70, 0x98}, @inet=@DSCP={0x28}}, {{@uncond, 0x0, 0x70, 0x98}, @ECN={0x28}}, {{@ip={@rand_addr, @dev, 0x0, 0x0, 'syzkaller0\x00', 'macvlan1\x00'}, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@SET={0x60}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x428) 0s ago: executing program 4 (id=792): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) syz_open_dev$usbmon(0x0, 0x0, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000009c0)=@newqdisc={0x24, 0x24, 0x300, 0x70bd28, 0x0, {0x0, 0x0, 0x0, 0x0, {0x9, 0xd}, {0x0, 0xd}, {0x4, 0xfff1}}}, 0x24}, 0x1, 0x0, 0x0, 0x2000040}, 0x0) mkdir(&(0x7f0000000000)='./file1\x00', 0x2) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r1 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) r2 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) symlinkat(&(0x7f00000000c0)='./file1\x00', r2, &(0x7f0000000100)='./file1\x00') ioctl$AUTOFS_IOC_PROTOSUBVER(0xffffffffffffffff, 0x40049366, 0x0) unlinkat(r1, &(0x7f0000000140)='./file1\x00', 0x0) kernel console output (not intermixed with test programs): ting new IBSS network, BSSID 50:50:50:50:50:50 [ 118.124063][ T63] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.145509][ T63] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 118.212037][ T52] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 118.290874][ T52] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 118.350506][ T52] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 118.391038][ T52] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 118.486432][ T6437] loop3: detected capacity change from 0 to 2048 [ 118.555010][ T6437] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 118.605615][ T52] veth0_to_batadv: left allmulticast mode [ 118.628529][ T29] audit: type=1804 audit(1721111569.443:18): pid=6437 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.398" name="/newroot/54/file0/bus" dev="loop3" ino=18 res=1 errno=0 [ 118.642562][ T52] veth0_to_batadv: left promiscuous mode [ 118.671776][ T29] audit: type=1804 audit(1721111569.483:19): pid=6437 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.398" name="/newroot/54/file0/bus" dev="loop3" ino=18 res=1 errno=0 [ 118.705423][ T5132] Bluetooth: hci0: command tx timeout [ 118.720845][ T52] bridge0: port 3(veth0_to_batadv) entered disabled state [ 118.781590][ T5503] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 118.793046][ T52] bridge_slave_1: left allmulticast mode [ 118.824221][ T52] bridge_slave_1: left promiscuous mode [ 118.830057][ T5139] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 118.838720][ T52] bridge0: port 2(bridge_slave_1) entered disabled state [ 118.846431][ T5139] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 118.876562][ T5139] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 118.899288][ T5139] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 118.907095][ T5139] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 118.914475][ T5139] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 118.930514][ T52] bridge_slave_0: left allmulticast mode [ 118.945213][ T52] bridge_slave_0: left promiscuous mode [ 119.158877][ T52] bridge0: port 1(bridge_slave_0) entered disabled state [ 119.375717][ T5132] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 119.384086][ T5132] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 119.392622][ T5132] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 119.400468][ T5132] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 119.410241][ T5132] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 119.417632][ T5132] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 119.701829][ T52] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 119.721304][ T52] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 119.733914][ T52] bond0 (unregistering): Released all slaves [ 119.787287][ T5608] usb 3-1: USB disconnect, device number 6 [ 120.074133][ T6475] netlink: 68 bytes leftover after parsing attributes in process `syz.3.408'. [ 120.083642][ T6475] netlink: 68 bytes leftover after parsing attributes in process `syz.3.408'. [ 120.212824][ T6456] chnl_net:caif_netlink_parms(): no params data found [ 120.221865][ T5608] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 120.253251][ T6480] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7) [ 120.259816][ T6480] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 120.273090][ T6480] vhci_hcd vhci_hcd.0: Device attached [ 120.282705][ T6482] vhci_hcd: connection closed [ 120.283123][ T2470] vhci_hcd: stop threads [ 120.287639][ T6447] chnl_net:caif_netlink_parms(): no params data found [ 120.287891][ T2470] vhci_hcd: release socket [ 120.303522][ T2470] vhci_hcd: disconnect device [ 120.381965][ T6487] loop1: detected capacity change from 0 to 256 [ 120.439808][ T6487] exFAT-fs (loop1): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 120.692533][ T52] hsr_slave_0: left promiscuous mode [ 120.704399][ T52] hsr_slave_1: left promiscuous mode [ 120.710571][ T52] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 120.718511][ T52] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 120.726625][ T52] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 120.736287][ T52] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 120.746581][ T52] veth1_macvtap: left promiscuous mode [ 120.752127][ T52] veth0_macvtap: left promiscuous mode [ 120.758337][ T52] veth1_vlan: left promiscuous mode [ 120.763688][ T52] veth0_vlan: left promiscuous mode [ 120.771175][ T5608] usb 3-1: Using ep0 maxpacket: 16 [ 120.776984][ T5139] Bluetooth: hci0: command tx timeout [ 120.796219][ T5608] usb 3-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 9.00 [ 120.806100][ T5608] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 120.814122][ T5608] usb 3-1: Product: syz [ 120.820540][ T5608] usb 3-1: Manufacturer: syz [ 120.825525][ T5608] usb 3-1: SerialNumber: syz [ 120.831925][ T5608] usb 3-1: config 0 descriptor?? [ 120.846114][ T5608] ftdi_sio 3-1:0.0: FTDI USB Serial Device converter detected [ 120.854177][ T5608] usb 3-1: Detected FT232H [ 121.019282][ T5139] Bluetooth: hci2: command tx timeout [ 121.063532][ T6464] loop2: detected capacity change from 0 to 128 [ 121.092926][ T6464] netlink: 4 bytes leftover after parsing attributes in process `syz.2.404'. [ 121.120856][ T52] team0 (unregistering): Port device team_slave_1 removed [ 121.167060][ T52] team0 (unregistering): Port device team_slave_0 removed [ 121.320766][ T6500] netlink: 80 bytes leftover after parsing attributes in process `syz.3.414'. [ 121.495117][ T5139] Bluetooth: hci1: command tx timeout [ 121.730932][ T5608] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 121.739569][ T5608] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 121.747120][ T5608] ftdi_sio 3-1:0.0: GPIO initialisation failed: -71 [ 122.195778][ T5608] usb 3-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 122.205854][ T5608] usb 3-1: USB disconnect, device number 7 [ 122.214128][ T5608] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 122.223835][ T5608] ftdi_sio 3-1:0.0: device disconnected [ 122.244004][ T6456] bridge0: port 1(bridge_slave_0) entered blocking state [ 122.253002][ T6456] bridge0: port 1(bridge_slave_0) entered disabled state [ 122.261850][ T6456] bridge_slave_0: entered allmulticast mode [ 122.269275][ T6456] bridge_slave_0: entered promiscuous mode [ 122.279127][ T6447] bridge0: port 1(bridge_slave_0) entered blocking state [ 122.288056][ T6447] bridge0: port 1(bridge_slave_0) entered disabled state [ 122.295515][ T6447] bridge_slave_0: entered allmulticast mode [ 122.302417][ T6447] bridge_slave_0: entered promiscuous mode [ 122.309490][ T6456] bridge0: port 2(bridge_slave_1) entered blocking state [ 122.316999][ T6456] bridge0: port 2(bridge_slave_1) entered disabled state [ 122.324228][ T6456] bridge_slave_1: entered allmulticast mode [ 122.331094][ T6456] bridge_slave_1: entered promiscuous mode [ 122.338600][ T6447] bridge0: port 2(bridge_slave_1) entered blocking state [ 122.346089][ T6447] bridge0: port 2(bridge_slave_1) entered disabled state [ 122.353427][ T6447] bridge_slave_1: entered allmulticast mode [ 122.360275][ T6447] bridge_slave_1: entered promiscuous mode [ 122.403288][ T6447] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 122.415766][ T6447] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 122.443877][ T6456] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 122.467503][ T6447] team0: Port device team_slave_0 added [ 122.476793][ T6456] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 122.500963][ T6447] team0: Port device team_slave_1 added [ 122.515937][ T6456] team0: Port device team_slave_0 added [ 122.523254][ T6456] team0: Port device team_slave_1 added [ 122.543766][ T6447] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 122.550895][ T6447] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 122.576829][ C0] vkms_vblank_simulate: vblank timer overrun [ 122.584214][ T6447] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 122.623567][ T6447] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 122.630909][ T6447] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 122.659182][ T6447] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 122.670880][ T6456] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 122.678823][ T6456] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 122.704803][ C0] vkms_vblank_simulate: vblank timer overrun [ 122.712203][ T6456] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 122.724342][ T6456] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 122.731456][ T6456] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 122.757340][ C0] vkms_vblank_simulate: vblank timer overrun [ 122.763423][ T6456] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 122.785079][ T5608] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 122.810026][ T52] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 122.888610][ T52] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 122.909443][ T6447] hsr_slave_0: entered promiscuous mode [ 122.916357][ T6447] hsr_slave_1: entered promiscuous mode [ 122.922444][ T6447] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 122.930109][ T6447] Cannot create hsr debugfs directory [ 122.947530][ T6456] hsr_slave_0: entered promiscuous mode [ 122.953991][ T6456] hsr_slave_1: entered promiscuous mode [ 122.961251][ T6456] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 122.969612][ T5608] usb 3-1: Using ep0 maxpacket: 16 [ 122.974814][ T6456] Cannot create hsr debugfs directory [ 122.982614][ T5608] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 122.997508][ T5608] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 64 [ 123.007454][ T5608] usb 3-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22 [ 123.022005][ T5608] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 123.022208][ T52] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 123.031104][ T5608] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 123.031125][ T5608] usb 3-1: SerialNumber: syz [ 123.035091][ T6512] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 123.061427][ C0] vkms_vblank_simulate: vblank timer overrun [ 123.095017][ T5139] Bluetooth: hci2: command tx timeout [ 123.113935][ T52] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 123.225422][ T9] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 123.248451][ T52] bridge_slave_1: left allmulticast mode [ 123.254174][ T52] bridge_slave_1: left promiscuous mode [ 123.260110][ T52] bridge0: port 2(bridge_slave_1) entered disabled state [ 123.270701][ T52] bridge_slave_0: left allmulticast mode [ 123.276565][ T52] bridge_slave_0: left promiscuous mode [ 123.282555][ T52] bridge0: port 1(bridge_slave_0) entered disabled state [ 123.297426][ T5608] rndis_host 3-1:1.0: RNDIS init failed, -71 [ 123.315809][ T5608] rndis_host 3-1:1.0: probe with driver rndis_host failed with error -71 [ 123.330389][ T5608] usb 3-1: USB disconnect, device number 8 [ 123.419058][ T52] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 123.430023][ T9] usb 4-1: config 1 has an invalid descriptor of length 125, skipping remainder of the config [ 123.440851][ T52] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 123.449798][ T9] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 123.459961][ T52] bond0 (unregistering): Released all slaves [ 123.471528][ T9] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 123.480750][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 123.493408][ T9] usb 4-1: SerialNumber: syz [ 123.585154][ T5139] Bluetooth: hci1: command tx timeout [ 123.712382][ T9] usb 4-1: 0:2 : does not exist [ 123.720566][ T9] usb 4-1: unit 48 not found! [ 123.732152][ T9] usb 4-1: USB disconnect, device number 5 [ 123.738320][ T52] hsr_slave_0: left promiscuous mode [ 123.749785][ T52] hsr_slave_1: left promiscuous mode [ 123.759291][ T52] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 123.768699][ T52] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 123.777245][ T52] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 123.784724][ T52] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 123.793443][ T52] veth1_macvtap: left promiscuous mode [ 123.800067][ T52] veth0_macvtap: left promiscuous mode [ 123.805792][ T52] veth1_vlan: left promiscuous mode [ 123.811879][ T52] veth0_vlan: left promiscuous mode [ 124.007868][ T52] team0 (unregistering): Port device team_slave_1 removed [ 124.024773][ T52] team0 (unregistering): Port device team_slave_0 removed [ 124.823231][ T25] hid-generic 0000:0000:FFFFFFFD.0005: unknown main item tag 0x0 [ 124.832172][ T25] hid-generic 0000:0000:FFFFFFFD.0005: unknown main item tag 0x0 [ 124.843872][ T25] hid-generic 0000:0000:FFFFFFFD.0005: unknown main item tag 0x0 [ 124.852400][ T25] hid-generic 0000:0000:FFFFFFFD.0005: unknown main item tag 0x0 [ 124.860454][ T25] hid-generic 0000:0000:FFFFFFFD.0005: unknown main item tag 0x0 [ 124.864240][ T6529] loop1: detected capacity change from 0 to 40427 [ 124.878141][ T6456] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 124.879834][ T25] hid-generic 0000:0000:FFFFFFFD.0005: unknown main item tag 0x0 [ 124.893653][ T25] hid-generic 0000:0000:FFFFFFFD.0005: unknown main item tag 0x0 [ 124.902067][ T25] hid-generic 0000:0000:FFFFFFFD.0005: unknown main item tag 0x0 [ 124.904662][ T6456] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 124.917625][ T25] hid-generic 0000:0000:FFFFFFFD.0005: unknown main item tag 0x0 [ 124.931696][ T25] hid-generic 0000:0000:FFFFFFFD.0005: unknown main item tag 0x0 [ 124.934480][ T6529] F2FS-fs (loop1): Found nat_bits in checkpoint [ 124.940938][ T25] hid-generic 0000:0000:FFFFFFFD.0005: unknown main item tag 0x0 [ 124.954443][ T25] hid-generic 0000:0000:FFFFFFFD.0005: unknown main item tag 0x0 [ 124.976143][ T6540] loop3: detected capacity change from 0 to 2048 [ 124.987653][ T25] hid-generic 0000:0000:FFFFFFFD.0005: unknown main item tag 0x0 [ 124.992801][ T6456] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 125.015481][ T25] hid-generic 0000:0000:FFFFFFFD.0005: unknown main item tag 0x0 [ 125.017699][ T6540] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 125.042193][ T6456] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 125.053616][ T25] hid-generic 0000:0000:FFFFFFFD.0005: unknown main item tag 0x0 [ 125.064497][ T6534] loop2: detected capacity change from 0 to 1024 [ 125.081775][ T25] hid-generic 0000:0000:FFFFFFFD.0005: unknown main item tag 0x0 [ 125.092874][ T6529] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 125.101988][ T25] hid-generic 0000:0000:FFFFFFFD.0005: unknown main item tag 0x0 [ 125.110172][ T6447] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 125.125602][ T25] hid-generic 0000:0000:FFFFFFFD.0005: unknown main item tag 0x0 [ 125.136749][ T6447] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 125.149713][ T25] hid-generic 0000:0000:FFFFFFFD.0005: unknown main item tag 0x0 [ 125.157673][ T25] hid-generic 0000:0000:FFFFFFFD.0005: unknown main item tag 0x0 [ 125.165569][ T29] audit: type=1800 audit(1721111575.973:20): pid=6529 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.421" name="bus" dev="loop1" ino=10 res=0 errno=0 [ 125.181384][ T6447] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 125.185886][ T25] hid-generic 0000:0000:FFFFFFFD.0005: unknown main item tag 0x0 [ 125.193264][ T29] audit: type=1800 audit(1721111575.973:21): pid=6529 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.421" name="bus" dev="loop1" ino=10 res=0 errno=0 [ 125.201956][ T25] hid-generic 0000:0000:FFFFFFFD.0005: unknown main item tag 0x0 [ 125.223574][ T5139] Bluetooth: hci2: command tx timeout [ 125.242225][ T6447] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 125.262296][ T25] hid-generic 0000:0000:FFFFFFFD.0005: unknown main item tag 0x0 [ 125.271460][ T6354] syz-executor: attempt to access beyond end of device [ 125.271460][ T6354] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 125.279221][ T25] hid-generic 0000:0000:FFFFFFFD.0005: unknown main item tag 0x0 [ 125.286100][ T6354] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 125.331361][ T25] hid-generic 0000:0000:FFFFFFFD.0005: unknown main item tag 0x0 [ 125.356586][ T25] hid-generic 0000:0000:FFFFFFFD.0005: unknown main item tag 0x0 [ 125.384832][ T25] hid-generic 0000:0000:FFFFFFFD.0005: unknown main item tag 0x0 [ 125.406551][ T25] hid-generic 0000:0000:FFFFFFFD.0005: unknown main item tag 0x0 [ 125.430205][ T25] hid-generic 0000:0000:FFFFFFFD.0005: unknown main item tag 0x0 [ 125.450126][ T25] hid-generic 0000:0000:FFFFFFFD.0005: unknown main item tag 0x0 [ 125.458729][ T6456] 8021q: adding VLAN 0 to HW filter on device bond0 [ 125.467392][ T25] hid-generic 0000:0000:FFFFFFFD.0005: unknown main item tag 0x0 [ 125.484449][ T25] hid-generic 0000:0000:FFFFFFFD.0005: unknown main item tag 0x0 [ 125.509338][ T6456] 8021q: adding VLAN 0 to HW filter on device team0 [ 125.516257][ T25] hid-generic 0000:0000:FFFFFFFD.0005: unknown main item tag 0x0 [ 125.525521][ T25] hid-generic 0000:0000:FFFFFFFD.0005: unknown main item tag 0x0 [ 125.534140][ T25] hid-generic 0000:0000:FFFFFFFD.0005: unknown main item tag 0x0 [ 125.542142][ T25] hid-generic 0000:0000:FFFFFFFD.0005: unknown main item tag 0x0 [ 125.551474][ T25] hid-generic 0000:0000:FFFFFFFD.0005: unknown main item tag 0x0 [ 125.561497][ T25] hid-generic 0000:0000:FFFFFFFD.0005: unknown main item tag 0x0 [ 125.569835][ T25] hid-generic 0000:0000:FFFFFFFD.0005: unknown main item tag 0x0 [ 125.578145][ T25] hid-generic 0000:0000:FFFFFFFD.0005: unknown main item tag 0x0 [ 125.594415][ T6447] 8021q: adding VLAN 0 to HW filter on device bond0 [ 125.601344][ T25] hid-generic 0000:0000:FFFFFFFD.0005: unknown main item tag 0x0 [ 125.609213][ T25] hid-generic 0000:0000:FFFFFFFD.0005: unknown main item tag 0x0 [ 125.624875][ T25] hid-generic 0000:0000:FFFFFFFD.0005: unknown main item tag 0x0 [ 125.636011][ T5179] bridge0: port 1(bridge_slave_0) entered blocking state [ 125.643203][ T5179] bridge0: port 1(bridge_slave_0) entered forwarding state [ 125.656879][ T5139] Bluetooth: hci1: command tx timeout [ 125.665167][ T25] hid-generic 0000:0000:FFFFFFFD.0005: hidraw0: HID v0.00 Device [syz0] on syz0 [ 125.677014][ T5179] bridge0: port 2(bridge_slave_1) entered blocking state [ 125.684192][ T5179] bridge0: port 2(bridge_slave_1) entered forwarding state [ 125.740904][ T6447] 8021q: adding VLAN 0 to HW filter on device team0 [ 125.790394][ T5174] bridge0: port 1(bridge_slave_0) entered blocking state [ 125.797748][ T5174] bridge0: port 1(bridge_slave_0) entered forwarding state [ 125.843182][ T5174] bridge0: port 2(bridge_slave_1) entered blocking state [ 125.850405][ T5174] bridge0: port 2(bridge_slave_1) entered forwarding state [ 126.125802][ T6456] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 126.192658][ T6550] loop1: detected capacity change from 0 to 32768 [ 126.218263][ T6550] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 126.230306][ T6447] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 126.253029][ T6456] veth0_vlan: entered promiscuous mode [ 126.264769][ T6565] syz.2.428 uses obsolete (PF_INET,SOCK_PACKET) [ 126.292640][ T6456] veth1_vlan: entered promiscuous mode [ 126.359401][ T6550] XFS (loop1): Ending clean mount [ 126.418118][ T29] audit: type=1800 audit(1721111577.233:22): pid=6550 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.426" name="bus" dev="loop1" ino=9289 res=0 errno=0 [ 126.429610][ T6456] veth0_macvtap: entered promiscuous mode [ 126.478535][ T6456] veth1_macvtap: entered promiscuous mode [ 126.503456][ T6578] loop2: detected capacity change from 0 to 512 [ 126.536399][ T6456] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 126.553498][ T6456] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 126.583204][ T6456] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 126.598567][ T6456] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 126.611186][ T6456] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 126.612563][ T6578] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 126.645779][ T6456] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 126.657498][ T6456] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 126.674734][ T6578] ext4 filesystem being mounted at /110/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 126.683858][ T6456] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 126.699428][ T6456] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 126.710293][ T6456] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 126.721224][ T6456] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 126.731553][ T6456] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 126.742428][ T6456] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 126.752757][ T6354] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 126.753719][ T6456] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 126.771924][ T6456] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 126.783150][ T6456] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 126.793286][ T6456] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 126.802557][ T6456] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 127.833766][ T5139] Bluetooth: hci2: command tx timeout [ 127.843804][ T5132] Bluetooth: hci1: command tx timeout [ 127.958293][ T6447] veth0_vlan: entered promiscuous mode [ 127.991844][ T6447] veth1_vlan: entered promiscuous mode [ 128.019043][ T6600] netlink: 40 bytes leftover after parsing attributes in process `syz.1.434'. [ 128.046308][ T5125] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 128.056508][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 128.056527][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 128.081418][ T6447] veth0_macvtap: entered promiscuous mode [ 128.114643][ T6447] veth1_macvtap: entered promiscuous mode [ 128.126876][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 128.134829][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 128.154569][ T6447] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 128.166943][ T6447] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 128.177771][ T6447] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 128.189939][ T6447] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 128.200360][ T6447] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 128.216794][ T6447] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 128.227473][ T6447] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 128.239452][ T6447] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 128.249707][ T5608] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 128.259527][ T6447] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 128.286023][ T6447] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 128.297030][ T6447] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 128.308456][ T6447] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 128.321018][ T6447] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 128.330911][ T6447] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 128.341459][ T6447] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 128.351840][ T6447] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 128.362563][ T5179] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 128.370360][ T6447] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 128.386851][ T6447] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 128.446195][ T5608] usb 4-1: Using ep0 maxpacket: 8 [ 128.490419][ T6607] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 128.493109][ T6447] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 128.505206][ T5608] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 128.543761][ T6447] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 128.554830][ T5608] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 128.565880][ T6447] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 128.569798][ T6607] fuse: Bad value for 'group_id' [ 128.574782][ T6447] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 128.580343][ T5608] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 128.590220][ T5179] usb 2-1: Using ep0 maxpacket: 32 [ 128.597026][ T6607] fuse: Bad value for 'group_id' [ 128.606412][ T5179] usb 2-1: unable to get BOS descriptor or descriptor too short [ 128.608354][ T5608] usb 4-1: config 0 descriptor?? [ 128.618236][ T5179] usb 2-1: New USB device found, idVendor=05ac, idProduct=0254, bcdDevice=ca.76 [ 128.646962][ T5179] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 128.655269][ T5179] usb 2-1: Product: syz [ 128.663747][ T5179] usb 2-1: Manufacturer: syz [ 128.669744][ T5179] usb 2-1: SerialNumber: syz [ 128.696350][ T5179] usb 2-1: config 0 descriptor?? [ 128.730047][ T5179] input: bcm5974 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input11 [ 128.966827][ T5608] iowarrior 4-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 129.031423][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 129.046549][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 129.075144][ T63] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 129.101662][ T63] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 129.229610][ T5179] usb 2-1: USB disconnect, device number 2 [ 129.236720][ T4539] bcm5974 2-1:0.0: could not read from device [ 129.263953][ T25] usb 4-1: USB disconnect, device number 6 [ 129.273685][ T25] iowarrior 4-1:0.0: I/O-Warror #0 now disconnected [ 129.550407][ C0] eth0: bad gso: type: 1, size: 1408 [ 129.991053][ T6630] loop3: detected capacity change from 0 to 128 [ 130.001757][ T6628] netlink: 31 bytes leftover after parsing attributes in process `syz.2.444'. [ 130.013980][ T6630] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 130.029412][ T6630] ext4 filesystem being mounted at /74/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 130.083677][ T6631] netlink: 2 bytes leftover after parsing attributes in process `syz.0.445'. [ 130.095106][ C0] eth0: bad gso: type: 1, size: 1408 [ 130.129492][ T29] audit: type=1326 audit(1721111580.943:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6629 comm="syz.0.445" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3ba8975bd9 code=0x0 [ 130.174678][ T6640] netlink: 24 bytes leftover after parsing attributes in process `syz.4.449'. [ 130.271571][ T6648] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 130.584340][ T6659] loop4: detected capacity change from 0 to 256 [ 130.615832][ T6659] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 130.673224][ T6662] netlink: 428 bytes leftover after parsing attributes in process `syz.4.459'. [ 130.684791][ T6662] netlink: 32 bytes leftover after parsing attributes in process `syz.4.459'. [ 130.695483][ C0] eth0: bad gso: type: 1, size: 1408 [ 130.809714][ T5503] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 130.882390][ T6675] xt_time: invalid argument - start or stop time greater than 23:59:59 [ 130.906218][ T6677] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 130.951063][ T6679] netlink: 'syz.3.462': attribute type 9 has an invalid length. [ 131.264528][ T5174] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 131.733914][ T6695] loop1: detected capacity change from 0 to 256 [ 132.340841][ T5174] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 132.354086][ T5174] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 132.369244][ T6695] exFAT-fs (loop1): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 132.382237][ T5174] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 132.428967][ T5174] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 132.615652][ T6698] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 132.967331][ T6675] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 133.008533][ T6694] fuse: Bad value for 'group_id' [ 133.013546][ T6694] fuse: Bad value for 'group_id' [ 133.069179][ C0] eth0: bad gso: type: 1, size: 1408 [ 133.092854][ T6703] netlink: 428 bytes leftover after parsing attributes in process `syz.0.472'. [ 133.114925][ T6703] netlink: 32 bytes leftover after parsing attributes in process `syz.0.472'. [ 133.254075][ T6715] loop0: detected capacity change from 0 to 512 [ 133.263005][ T1247] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.263059][ T1247] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.316589][ T6715] EXT4-fs: Ignoring removed oldalloc option [ 133.354290][ T6715] EXT4-fs error (device loop0): ext4_xattr_inode_iget:436: comm syz.0.477: Parent and EA inode have the same ino 15 [ 133.378690][ T6715] EXT4-fs error (device loop0): ext4_xattr_inode_iget:436: comm syz.0.477: Parent and EA inode have the same ino 15 [ 133.400736][ T6724] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 133.413260][ T6715] EXT4-fs (loop0): 1 orphan inode deleted [ 133.513966][ T6715] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 133.662455][ T6726] loop4: detected capacity change from 0 to 4096 [ 133.671413][ T6726] ntfs3: loop4: Different NTFS sector size (2048) and media sector size (512). [ 133.700404][ T6726] ntfs3: loop4: Failed to initialize $Extend/$ObjId. [ 134.210117][ T6456] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 134.240288][ T6734] loop0: detected capacity change from 0 to 256 [ 134.260950][ T6734] exFAT-fs (loop0): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 134.288549][ T6731] loop3: detected capacity change from 0 to 4096 [ 134.303578][ T6731] ntfs3: loop3: Different NTFS sector size (1024) and media sector size (512). [ 134.538042][ T6740] loop1: detected capacity change from 0 to 256 [ 134.898543][ T6740] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x39626d3b, utbl_chksum : 0xe619d30d) [ 134.924383][ T6726] ntfs3: Cannot use different iocharset when remounting! [ 134.942191][ T29] audit: type=1800 audit(1721111585.753:24): pid=6738 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.486" name="file1" dev="loop1" ino=1048675 res=0 errno=0 [ 134.966253][ T6741] netlink: 31 bytes leftover after parsing attributes in process `syz.0.487'. [ 134.980598][ T5116] usb 3-1: USB disconnect, device number 9 [ 135.012162][ T6738] syz.1.486: attempt to access beyond end of device [ 135.012162][ T6738] loop1: rw=0, sector=256, nr_sectors = 8 limit=256 [ 135.080337][ T6751] netlink: 428 bytes leftover after parsing attributes in process `syz.3.488'. [ 135.097090][ T6751] netlink: 32 bytes leftover after parsing attributes in process `syz.3.488'. [ 135.264625][ T6760] pim6reg: entered allmulticast mode [ 135.359614][ C0] eth0: bad gso: type: 1, size: 1408 [ 135.366003][ T6762] loop3: detected capacity change from 0 to 2048 [ 135.449977][ T6762] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 135.526211][ T6762] UDF-fs: error (device loop3): udf_verify_fi: directory (ino 1376) has entry at pos 232 with incorrect tag 0 [ 136.015739][ T6752] loop4: detected capacity change from 0 to 32768 [ 136.077950][ T6767] loop2: detected capacity change from 0 to 32768 [ 136.086429][ T6752] XFS (loop4): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 136.169446][ T6767] XFS (loop2): Mounting V5 Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 136.200394][ T6752] XFS (loop4): Ending clean mount [ 136.211787][ T6752] XFS (loop4): Quotacheck needed: Please wait. [ 136.251806][ T6752] XFS (loop4): Quotacheck: Done. [ 136.264542][ T6767] XFS (loop2): Ending clean mount [ 136.279828][ T6752] Process accounting resumed [ 136.282588][ T6772] loop3: detected capacity change from 0 to 40427 [ 136.311231][ T6447] XFS (loop4): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 136.315183][ T6772] F2FS-fs (loop3): Invalid segment count (0) [ 136.328214][ T6772] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 136.375291][ T6772] F2FS-fs (loop3): invalid crc value [ 136.386144][ T5125] XFS (loop2): Unmounting Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 136.417641][ T6772] F2FS-fs (loop3): Found nat_bits in checkpoint [ 136.552624][ T6772] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 136.559808][ T6772] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 136.592507][ T6781] loop0: detected capacity change from 0 to 32768 [ 136.617117][ T6800] loop4: detected capacity change from 0 to 512 [ 136.635049][ T5174] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 136.652573][ T5503] syz-executor: attempt to access beyond end of device [ 136.652573][ T5503] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 136.667863][ T6800] EXT4-fs (loop4): 1 truncate cleaned up [ 136.674526][ T6800] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 136.674769][ T6804] loop2: detected capacity change from 0 to 4096 [ 136.694098][ T5503] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 136.701892][ T6781] XFS (loop0): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 136.747151][ T6781] XFS (loop0): Ending clean mount [ 136.768428][ T6447] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 136.848442][ T5174] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 136.874010][ T5174] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 136.905798][ T5174] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 136.931459][ T6456] XFS (loop0): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 136.931701][ T5174] usb 2-1: config 0 descriptor?? [ 137.019684][ T6826] netlink: 4 bytes leftover after parsing attributes in process `syz.4.510'. [ 137.030110][ T6826] netlink: 8 bytes leftover after parsing attributes in process `syz.4.510'. [ 137.044003][ T6826] netlink: 4 bytes leftover after parsing attributes in process `syz.4.510'. [ 137.063090][ T6826] hsr_slave_0: left promiscuous mode [ 137.068026][ C0] eth0: bad gso: type: 1, size: 1408 [ 137.084858][ T6822] loop2: detected capacity change from 0 to 4096 [ 137.094300][ T6826] hsr_slave_1: left promiscuous mode [ 137.108479][ T6822] ntfs3: loop2: Different NTFS sector size (1024) and media sector size (512). [ 137.471324][ T5174] ath6kl: Unsupported hardware version: 0x0 [ 137.478032][ T5174] ath6kl: Failed to init ath6kl core: -22 [ 137.484249][ T5174] ath6kl_usb 2-1:0.0: probe with driver ath6kl_usb failed with error -22 [ 137.539455][ T6832] loop3: detected capacity change from 0 to 512 [ 137.645996][ T5608] usb 2-1: USB disconnect, device number 3 [ 137.794413][ T6832] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 137.897612][ T6832] ext4 filesystem being mounted at /88/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 137.939131][ T6832] netlink: 84 bytes leftover after parsing attributes in process `syz.3.511'. [ 137.950304][ T6832] netlink: 28 bytes leftover after parsing attributes in process `syz.3.511'. [ 137.955701][ T6831] loop0: detected capacity change from 0 to 32768 [ 137.968975][ T6831] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.507 (6831) [ 137.988487][ T6831] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 138.002116][ T6831] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 138.022592][ T5503] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 138.053123][ T6831] BTRFS info (device loop0): rebuilding free space tree [ 138.066553][ T6859] capability: warning: `syz.3.514' uses 32-bit capabilities (legacy support in use) [ 138.079881][ T6831] BTRFS info (device loop0): disabling free space tree [ 138.087011][ T6831] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 138.096880][ T6831] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 138.105926][ T6859] program syz.3.514 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 138.148894][ T6861] netlink: 31 bytes leftover after parsing attributes in process `syz.3.515'. [ 138.275594][ T6456] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 139.355799][ T6883] loop2: detected capacity change from 0 to 4096 [ 139.375571][ T6883] ntfs3: loop2: Different NTFS sector size (1024) and media sector size (512). [ 139.531839][ T6890] loop1: detected capacity change from 0 to 512 [ 139.552453][ T6890] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 139.781956][ T6890] EXT4-fs (loop1): orphan cleanup on readonly fs [ 139.791215][ T6864] loop3: detected capacity change from 0 to 32768 [ 139.801673][ T6890] Quota error (device loop1): find_tree_dqentry: Cycle in quota tree detected: block 4 index 0 [ 139.834143][ T6901] loop0: detected capacity change from 0 to 2048 [ 139.834873][ T6890] Quota error (device loop1): qtree_read_dquot: Can't read quota structure for id 0 [ 139.851896][ T6864] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 139.853322][ T6890] EXT4-fs error (device loop1): ext4_acquire_dquot:6848: comm syz.1.527: Failed to acquire dquot type 1 [ 139.877789][ T6901] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 139.893390][ T6890] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.527: bg 0: block 40: padding at end of block bitmap is not set [ 139.911962][ T6890] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6551: Corrupt filesystem [ 139.921702][ T6890] EXT4-fs (loop1): 1 truncate cleaned up [ 139.928188][ T6901] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 139.930402][ T6890] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 139.959363][ T6901] Process accounting resumed [ 139.980232][ T6890] EXT4-fs error (device loop1): ext4_get_link:106: inode #16: comm syz.1.527: bad symlink. [ 140.072621][ T6864] XFS (loop3): Ending clean mount [ 140.101579][ T6354] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 140.127219][ T6864] XFS (loop3): Quotacheck needed: Please wait. [ 140.163545][ T6864] XFS (loop3): Quotacheck: Done. [ 140.467316][ T5503] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 140.595111][ T6521] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 140.622933][ T6928] xt_time: invalid argument - start or stop time greater than 23:59:59 [ 140.746350][ T6932] netlink: 4 bytes leftover after parsing attributes in process `syz.0.539'. [ 140.871979][ T6521] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 140.885648][ T6521] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 140.906462][ T6521] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 140.932197][ T6521] usb 2-1: config 0 descriptor?? [ 140.936961][ T5174] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 140.960478][ T25] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 141.156584][ T5174] usb 4-1: Using ep0 maxpacket: 32 [ 141.163785][ T5174] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 141.182656][ T25] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 141.198333][ T5174] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 141.219836][ T25] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 141.236152][ T5174] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 141.247771][ T25] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 141.251346][ T6940] loop2: detected capacity change from 0 to 128 [ 141.259656][ T5174] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 141.272543][ T25] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 141.291259][ T6928] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 141.301167][ T5174] usb 4-1: config 0 descriptor?? [ 141.309468][ T6931] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 141.320037][ T5174] hub 4-1:0.0: USB hub found [ 141.354482][ T6942] input: syz1 as /devices/virtual/input/input12 [ 141.431459][ T6521] ath6kl: Unsupported hardware version: 0x0 [ 141.444500][ T6521] ath6kl: Failed to init ath6kl core: -22 [ 141.466615][ T6521] ath6kl_usb 2-1:0.0: probe with driver ath6kl_usb failed with error -22 [ 141.530183][ T5174] hub 4-1:0.0: 2 ports detected [ 141.655075][ T9] usb 2-1: USB disconnect, device number 4 [ 141.736735][ T5174] hub 4-1:0.0: hub_hub_status failed (err = -71) [ 141.745691][ T5174] hub 4-1:0.0: config failed, can't get hub status (err -71) [ 141.776375][ T5174] usbhid 4-1:0.0: can't add hid device: -71 [ 141.784059][ T5174] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 141.848758][ T5174] usb 4-1: USB disconnect, device number 7 [ 142.078151][ T6949] loop0: detected capacity change from 0 to 32768 [ 142.090878][ T6949] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 142.580855][ T6949] XFS (loop0): Ending clean mount [ 142.589265][ T6949] XFS (loop0): Quotacheck needed: Please wait. [ 142.609583][ T6949] XFS (loop0): Quotacheck: Done. [ 142.670926][ T6456] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 142.820114][ T6964] loop1: detected capacity change from 0 to 4096 [ 142.837491][ T6964] ntfs3: loop1: Different NTFS sector size (1024) and media sector size (512). [ 143.712193][ T5174] usb 5-1: USB disconnect, device number 4 [ 143.738202][ T6973] netlink: 8 bytes leftover after parsing attributes in process `syz.3.552'. [ 144.108182][ T5174] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 144.346255][ T5174] usb 5-1: Using ep0 maxpacket: 16 [ 144.536190][ T5174] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 144.568498][ T5174] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA3, changing to 0x83 [ 144.603644][ T5174] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 144.633804][ T5174] usb 5-1: New USB device found, idVendor=0e20, idProduct=0101, bcdDevice=7a.5a [ 144.635518][ T7009] netlink: 25 bytes leftover after parsing attributes in process `syz.1.561'. [ 144.645835][ T7001] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1601139807 (3202279614 ns) > initial count (1616928864 ns). Using initial count to start timer. [ 144.669999][ T5174] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 144.680623][ T5174] usb 5-1: Product: syz [ 144.685186][ T5174] usb 5-1: Manufacturer: syz [ 144.689947][ T5174] usb 5-1: SerialNumber: syz [ 144.698324][ T5174] usb 5-1: config 0 descriptor?? [ 144.707619][ T5174] input: syz syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input13 [ 144.718597][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 144.726020][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 144.733469][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 144.740799][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 144.748217][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 144.755592][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 144.762933][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 144.770229][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 144.777550][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 144.784940][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 144.792349][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 144.799742][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 144.807123][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 144.814499][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 144.821959][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 144.829294][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 144.836671][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 144.844324][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 144.851710][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 144.859094][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 144.866490][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 144.873891][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 144.881292][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 144.888668][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 144.891782][ T7016] program syz.1.565 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 144.896035][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 144.896240][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 144.919719][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 144.927105][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 144.934574][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 144.941969][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 144.949371][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 144.956727][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 144.964120][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 144.971575][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 144.978935][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 144.986311][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 144.993688][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.001249][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.008719][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.015022][ T4539] usb 5-1: control msg error: -71 [ 145.016049][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.028125][ C1] usb 5-1: pegasus_irq - usb_submit_urb failed with result -1 [ 145.036397][ C0] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.043797][ C0] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.051156][ C0] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.058471][ C0] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.065829][ C0] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.073162][ C0] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.076958][ T4539] usb 5-1: control msg error: -71 [ 145.080476][ C0] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.092571][ C0] usb 5-1: pegasus_irq - usb_submit_urb failed with result -1 [ 145.187188][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.194592][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.201873][ T4539] usb 5-1: control msg error: -71 [ 145.201934][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.207119][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.214391][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.214616][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.214851][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.215080][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.215299][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.215530][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.215758][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.215982][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.223293][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.223517][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.223750][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.223974][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.224188][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.224411][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.224639][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.232060][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.239338][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.246601][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.253854][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.261107][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.261359][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.268576][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.275969][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.276233][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.283572][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.290848][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.291074][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.291301][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.298608][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.298828][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.299044][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.299270][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.306574][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.306787][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.307005][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.307210][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.314416][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.314639][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.314882][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.315094][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.315324][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.315548][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.315773][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.316000][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.323310][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.323529][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.323760][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.323983][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.324210][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.324439][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.324652][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.331908][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.339166][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.346438][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.346700][ T7014] loop3: detected capacity change from 0 to 32768 [ 145.353860][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.631063][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.638441][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.645825][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.646871][ T7014] BTRFS: device fsid c6b85f58-0c7e-41ca-a553-c8d9f94f6663 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.564 (7014) [ 145.653173][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.673051][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.676089][ T7014] BTRFS info (device loop3): first mount of filesystem c6b85f58-0c7e-41ca-a553-c8d9f94f6663 [ 145.680404][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.691074][ T7014] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 145.697566][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.714211][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.721596][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.728979][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.736386][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.743899][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.751275][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.758669][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.766116][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.773501][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.780872][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.780991][ T7014] BTRFS info (device loop3): using free-space-tree [ 145.788203][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.802160][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.809554][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.816930][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.824401][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.831784][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.835778][ T7026] xt_time: invalid argument - start or stop time greater than 23:59:59 [ 145.839139][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.854669][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.862046][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.869417][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.876867][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.884268][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.891842][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.899214][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.906596][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.913931][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.921280][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.928666][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.933085][ T7019] loop1: detected capacity change from 0 to 4096 [ 145.936007][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.943654][ T7019] ntfs3: loop1: Different NTFS sector size (2048) and media sector size (512). [ 145.949543][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.965827][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.973202][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.980603][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.988092][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 145.995586][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.002968][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.010349][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.017744][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.025102][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.032509][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.039878][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.047265][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.054700][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.062189][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.069558][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.077024][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.084403][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.091801][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.099156][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.106564][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.113973][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.121448][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.128845][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.136203][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.137466][ T5177] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 146.143648][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.158491][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.165900][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.166458][ T9] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 146.173292][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.188470][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.195855][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.203215][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.210585][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.217941][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.225254][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.232579][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.239891][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.247179][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.254476][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.261847][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.269216][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.276488][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.283790][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.291073][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.298349][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.305626][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.313255][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.320627][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.327902][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.335194][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.342482][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.349815][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.357258][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.364536][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.371926][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.379227][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.386539][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.394185][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.401488][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.408777][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.416401][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.423671][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.431047][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.438337][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.445669][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.452956][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.460229][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.467761][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.475027][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.482571][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.489947][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.497239][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.504535][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.511840][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.519182][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.526516][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.533830][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.541153][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.548440][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.555722][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.563149][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.570460][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.577754][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.585063][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.592396][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.599700][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.607023][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.614351][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.621907][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.629403][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.636722][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.644022][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.651339][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.658646][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.665080][ T9] usb 1-1: Using ep0 maxpacket: 16 [ 146.666232][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.678885][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.686286][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.693679][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.701052][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.708364][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.715658][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.723196][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.730518][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.737939][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.745243][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.752539][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.759832][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.767117][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.774429][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.781736][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.789630][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.797053][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.804361][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.811760][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.819770][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.827061][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.834325][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.841687][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.849043][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.856370][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.863673][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.870951][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.878225][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.885507][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.892824][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.900193][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.900498][ T5177] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 146.907434][ T5174] usb 5-1: USB disconnect, device number 5 [ 146.907472][ C1] usb 5-1: pegasus_irq - nonzero urb status received: -71 [ 146.931403][ C1] usb 5-1: pegasus_irq - usb_submit_urb failed with result -19 [ 146.953252][ T9] usb 1-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 9.00 [ 146.987779][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 146.997344][ T5177] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 147.000418][ T5503] BTRFS info (device loop3): last unmount of filesystem c6b85f58-0c7e-41ca-a553-c8d9f94f6663 [ 147.021100][ T9] usb 1-1: Product: syz [ 147.124984][ T5177] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 147.137297][ T9] usb 1-1: Manufacturer: syz [ 147.142063][ T9] usb 1-1: SerialNumber: syz [ 147.154324][ T5177] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 147.172679][ T9] usb 1-1: config 0 descriptor?? [ 147.250309][ T9] ftdi_sio 1-1:0.0: FTDI USB Serial Device converter detected [ 147.259293][ T7026] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 147.265480][ T9] usb 1-1: Detected FT232H [ 147.523599][ T7031] loop0: detected capacity change from 0 to 128 [ 147.750902][ T7031] netlink: 4 bytes leftover after parsing attributes in process `syz.0.569'. [ 147.767100][ T7056] netlink: 25 bytes leftover after parsing attributes in process `syz.3.574'. [ 147.783558][ T9] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 147.806777][ T9] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 147.882728][ T9] ftdi_sio 1-1:0.0: GPIO initialisation failed: -71 [ 147.911902][ T9] usb 1-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 147.973040][ T9] usb 1-1: USB disconnect, device number 7 [ 147.994356][ T9] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 148.001318][ T7061] program syz.3.577 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 148.345543][ T9] ftdi_sio 1-1:0.0: device disconnected [ 149.299839][ T7082] pim6reg1: entered promiscuous mode [ 149.314989][ T7082] pim6reg1: entered allmulticast mode [ 149.388600][ T7084] loop4: detected capacity change from 0 to 512 [ 149.413083][ T7084] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 149.427461][ T7084] EXT4-fs (loop4): orphan cleanup on readonly fs [ 149.504857][ T7084] Quota error (device loop4): find_tree_dqentry: Cycle in quota tree detected: block 4 index 0 [ 149.522216][ T6521] usb 3-1: USB disconnect, device number 10 [ 149.584306][ T7084] Quota error (device loop4): qtree_read_dquot: Can't read quota structure for id 0 [ 149.623141][ T7084] EXT4-fs error (device loop4): ext4_acquire_dquot:6848: comm syz.4.585: Failed to acquire dquot type 1 [ 149.636936][ T7084] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.585: bg 0: block 40: padding at end of block bitmap is not set [ 149.653063][ T7084] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6551: Corrupt filesystem [ 149.673273][ T7092] loop2: detected capacity change from 0 to 1024 [ 149.681950][ T7084] EXT4-fs (loop4): 1 truncate cleaned up [ 149.693621][ T7084] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 150.060169][ T7084] EXT4-fs error (device loop4): ext4_get_link:106: inode #16: comm syz.4.585: bad symlink. [ 150.082948][ T7092] EXT4-fs: Ignoring removed orlov option [ 150.090892][ T7092] EXT4-fs (loop2): Test dummy encryption mode enabled [ 150.100676][ T7092] EXT4-fs (loop2): stripe (7) is not aligned with cluster size (16), stripe is disabled [ 150.113025][ T6447] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 150.138629][ T7102] program syz.3.590 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 150.197724][ T7092] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 150.475199][ T5608] usb 5-1: new full-speed USB device number 6 using dummy_hcd [ 150.624605][ T7092] fscrypt: AES-256-CBC-CTS using implementation "cts-cbc-aes-aesni" [ 150.643514][ T7118] netlink: 'syz.0.594': attribute type 1 has an invalid length. [ 150.651806][ T7118] netlink: 148 bytes leftover after parsing attributes in process `syz.0.594'. [ 150.667608][ T5608] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 150.739638][ T5608] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 150.849625][ T5608] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 150.896077][ T7118] netlink: 'syz.0.594': attribute type 2 has an invalid length. [ 150.978763][ T5608] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 150.997168][ T7118] netlink: 60 bytes leftover after parsing attributes in process `syz.0.594'. [ 151.023282][ T5608] usb 5-1: config 0 descriptor?? [ 151.087568][ T7122] loop0: detected capacity change from 0 to 1024 [ 151.154705][ T29] audit: type=1800 audit(1721111601.963:25): pid=7122 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.595" name="bus" dev="loop0" ino=26 res=0 errno=0 [ 151.183654][ T5125] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 151.254673][ T5608] iowarrior 5-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 151.357493][ T7128] loop0: detected capacity change from 0 to 1024 [ 151.365583][ T5608] usb 5-1: USB disconnect, device number 6 [ 151.373400][ T7128] hfsplus: invalid gid specified [ 151.379161][ T5608] iowarrior 5-1:0.0: I/O-Warror #0 now disconnected [ 151.388192][ T7128] hfsplus: unable to parse mount options [ 151.573230][ T7125] loop2: detected capacity change from 0 to 512 [ 151.608713][ T7125] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 151.621439][ T7125] ext4 filesystem being mounted at /147/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 151.774095][ T7143] loop0: detected capacity change from 0 to 256 [ 151.799028][ T7143] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x39626d3b, utbl_chksum : 0xe619d30d) [ 151.925324][ T7143] syz.0.600: attempt to access beyond end of device [ 151.925324][ T7143] loop0: rw=0, sector=256, nr_sectors = 8 limit=256 [ 151.983600][ T29] audit: type=1800 audit(1721111602.693:26): pid=7143 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.600" name="file1" dev="loop0" ino=1048678 res=0 errno=0 [ 152.142971][ T7123] loop1: detected capacity change from 0 to 40427 [ 152.151098][ T7125] netlink: 84 bytes leftover after parsing attributes in process `syz.2.597'. [ 152.182849][ T7125] netlink: 28 bytes leftover after parsing attributes in process `syz.2.597'. [ 152.195127][ T7123] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 152.207792][ T7123] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 152.246504][ T7123] F2FS-fs (loop1): Found nat_bits in checkpoint [ 152.358429][ T7123] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 152.369095][ T7151] loop4: detected capacity change from 0 to 512 [ 152.375159][ T7123] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 152.393362][ T7151] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 152.408529][ T5125] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 152.411733][ T7151] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 152.496475][ T7151] EXT4-fs (loop4): 1 truncate cleaned up [ 152.524120][ T7151] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 152.626762][ T7151] EXT4-fs warning (device loop4): ext4_group_add:1735: No reserved GDT blocks, can't resize [ 152.668810][ T6447] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 152.795803][ T7166] x_tables: ip_tables: icmp.0 match: invalid size 8 (kernel) != (user) 56 [ 152.880985][ T7173] netlink: 'syz.1.605': attribute type 1 has an invalid length. [ 152.893499][ T7173] netlink: 148 bytes leftover after parsing attributes in process `syz.1.605'. [ 152.904681][ T5116] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 152.914049][ T7173] netlink: 'syz.1.605': attribute type 2 has an invalid length. [ 152.922637][ T7173] netlink: 60 bytes leftover after parsing attributes in process `syz.1.605'. [ 153.056203][ T7175] loop1: detected capacity change from 0 to 4096 [ 153.067857][ T7168] loop2: detected capacity change from 0 to 32768 [ 153.098058][ T5116] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 153.118084][ T5116] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 153.127739][ T5116] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 153.138736][ T5116] usb 1-1: config 0 descriptor?? [ 153.166576][ T5608] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 153.365703][ T5608] usb 4-1: Using ep0 maxpacket: 32 [ 153.373549][ T5608] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 153.385010][ T5608] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 153.397184][ T5608] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 153.406610][ T7181] loop2: detected capacity change from 0 to 32768 [ 153.407864][ T7181] BTRFS: device fsid 3d39d0ba-bdae-447e-827b-b091e1a68885 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.614 (7181) [ 153.414742][ T5608] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 153.439203][ T7181] BTRFS info (device loop2): first mount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885 [ 153.446195][ T5608] usb 4-1: config 0 descriptor?? [ 153.451908][ T7181] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 153.455366][ T7172] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 153.463407][ T7181] BTRFS info (device loop2): using free-space-tree [ 153.473268][ T5608] hub 4-1:0.0: USB hub found [ 153.539808][ T5125] BTRFS info (device loop2): last unmount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885 [ 153.552604][ T5116] ath6kl: Unsupported hardware version: 0x0 [ 153.560240][ T5116] ath6kl: Failed to init ath6kl core: -22 [ 153.573131][ T5116] ath6kl_usb 1-1:0.0: probe with driver ath6kl_usb failed with error -22 [ 153.623985][ T7198] loop4: detected capacity change from 0 to 1024 [ 153.645880][ T29] audit: type=1800 audit(1721111604.453:27): pid=7198 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.616" name="bus" dev="loop4" ino=26 res=0 errno=0 [ 153.697149][ T5608] hub 4-1:0.0: 2 ports detected [ 153.771817][ T5116] usb 1-1: USB disconnect, device number 8 [ 153.922351][ T5608] hub 4-1:0.0: hub_hub_status failed (err = -71) [ 153.928994][ T5608] hub 4-1:0.0: config failed, can't get hub status (err -71) [ 153.948314][ T5608] usbhid 4-1:0.0: can't add hid device: -71 [ 153.954411][ T5608] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 154.088041][ T5608] usb 4-1: USB disconnect, device number 8 [ 154.994989][ T7226] loop3: detected capacity change from 0 to 4096 [ 155.018620][ T7229] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 155.041265][ T7226] NILFS error (device loop3): nilfs_dotdot: directory #12 missing '.' [ 155.050633][ T7226] Remounting filesystem read-only [ 155.074598][ T7218] loop1: detected capacity change from 0 to 32768 [ 155.153452][ T7218] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 155.241456][ T7220] loop0: detected capacity change from 0 to 32768 [ 155.246872][ T7247] loop4: detected capacity change from 0 to 1024 [ 155.334590][ T63] hfsplus: b-tree write err: -5, ino 4 [ 155.350221][ T7218] XFS (loop1): Ending clean mount [ 155.368170][ T7218] XFS (loop1): Quotacheck needed: Please wait. [ 155.384239][ T7220] XFS (loop0): DAX unsupported by block device. Turning off DAX. [ 155.413010][ T7218] XFS (loop1): Quotacheck: Done. [ 155.430164][ T7259] netlink: 4 bytes leftover after parsing attributes in process `syz.4.635'. [ 155.439860][ T7220] XFS (loop0): Mounting V5 filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 in no-recovery mode. Filesystem will be inconsistent. [ 155.472758][ T7259] netlink: 8 bytes leftover after parsing attributes in process `syz.4.635'. [ 155.478222][ T7220] XFS (loop0): Quotacheck needed: Please wait. [ 155.485321][ T7259] netlink: 4 bytes leftover after parsing attributes in process `syz.4.635'. [ 155.886013][ T7220] XFS (loop0): Quotacheck: Done. [ 155.892647][ T6354] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 155.946005][ T6456] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 157.111654][ T7277] loop1: detected capacity change from 0 to 128 [ 157.290390][ T29] audit: type=1326 audit(1721111608.073:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7284 comm="syz.3.643" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1388975bd9 code=0x0 [ 157.316188][ C0] eth0: bad gso: type: 1, size: 1408 [ 157.376456][ T7288] 9pnet: Could not find request transport: {‚;‹wà±ï$|á œfd [ 157.402167][ T7288] loop3: detected capacity change from 0 to 256 [ 157.421147][ T7288] vfat: Unknown parameter 'nnonumtail' [ 157.451307][ T9] kernel write not supported for file /admmidi2 (pid: 9 comm: kworker/0:1) [ 157.558586][ T6354] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000074f) [ 157.558601][ T35] Bluetooth: (null): Invalid header checksum [ 157.558766][ T35] Bluetooth: (null): Invalid header checksum [ 157.573254][ T6354] FAT-fs (loop1): Filesystem has been set read-only [ 157.617743][ T6354] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000074f) [ 157.636847][ T35] Bluetooth: (null): Invalid header checksum [ 158.211229][ T2470] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 158.333412][ T2470] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 158.340200][ T7292] loop0: detected capacity change from 0 to 32768 [ 158.370429][ T7292] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 158.371863][ T7307] loop2: detected capacity change from 0 to 512 [ 158.389598][ T7307] EXT4-fs error (device loop2): ext4_get_journal_inode:5740: comm syz.2.651: inode #196608: comm syz.2.651: iget: illegal inode # [ 158.395158][ T7292] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 158.404319][ T7307] EXT4-fs (loop2): no journal found [ 158.437892][ T2470] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 158.478872][ T7292] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 0ms [ 158.490109][ T5608] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 158.498457][ T5608] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 158.506792][ T2470] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 158.543350][ T5608] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 44ms [ 158.574105][ T5608] gfs2: fsid=syz:syz.0: jid=0: Done [ 158.582555][ T7292] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 158.738861][ T5139] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 158.749418][ T2470] bridge_slave_1: left allmulticast mode [ 158.756194][ T5139] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 158.763442][ T2470] bridge_slave_1: left promiscuous mode [ 158.769291][ T5139] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 158.780475][ T5139] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 158.780498][ T2470] bridge0: port 2(bridge_slave_1) entered disabled state [ 158.798268][ T2470] bridge_slave_0: left allmulticast mode [ 158.804049][ T2470] bridge_slave_0: left promiscuous mode [ 158.806790][ T7328] loop3: detected capacity change from 0 to 1024 [ 158.818569][ T7328] EXT4-fs: Ignoring removed orlov option [ 158.825514][ T5139] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 158.827888][ T2470] bridge0: port 1(bridge_slave_0) entered disabled state [ 158.844824][ T5139] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 158.849420][ T7328] EXT4-fs (loop3): Test dummy encryption mode enabled [ 158.871445][ T7328] EXT4-fs (loop3): stripe (7) is not aligned with cluster size (16), stripe is disabled [ 158.926671][ T7328] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 159.100542][ T7316] loop2: detected capacity change from 0 to 40427 [ 159.115357][ T7316] F2FS-fs (loop2): Invalid Fs Meta Ino: node(0) meta(2) root(0) [ 159.126662][ T5503] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 159.139664][ T7316] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 159.150914][ T7316] F2FS-fs (loop2): invalid crc value [ 159.162480][ T7316] F2FS-fs (loop2): Found nat_bits in checkpoint [ 159.189480][ T2470] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 159.197188][ T7338] netlink: 4 bytes leftover after parsing attributes in process `syz.3.660'. [ 159.211970][ T2470] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 159.232388][ T2470] bond0 (unregistering): Released all slaves [ 159.263756][ T7316] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 159.273698][ T7316] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4 [ 159.348698][ T7341] loop4: detected capacity change from 0 to 512 [ 159.362720][ T7334] f2fs_ckpt-7:2: attempt to access beyond end of device [ 159.362720][ T7334] loop2: rw=2049, sector=45096, nr_sectors = 24 limit=40427 [ 159.391747][ T7341] EXT4-fs error (device loop4): ext4_orphan_get:1391: inode #15: comm syz.4.661: casefold flag without casefold feature [ 159.412742][ T7334] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 159.419853][ T7341] EXT4-fs error (device loop4): ext4_orphan_get:1396: comm syz.4.661: couldn't read orphan inode 15 (err -117) [ 159.435912][ T7334] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 159.444573][ T7334] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 159.454795][ T7341] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 159.480892][ T5125] syz-executor: attempt to access beyond end of device [ 159.480892][ T5125] loop2: rw=524288, sector=45064, nr_sectors = 8 limit=40427 [ 159.529900][ T5125] syz-executor: attempt to access beyond end of device [ 159.529900][ T5125] loop2: rw=0, sector=45064, nr_sectors = 8 limit=40427 [ 159.549496][ T7341] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0 [ 159.570055][ T7348] loop3: detected capacity change from 0 to 1024 [ 159.613307][ T7348] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 159.668178][ T6447] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 159.736243][ T7350] xt_socket: unknown flags 0xc [ 159.880955][ T7356] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 160.295147][ T5503] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 160.500465][ T2470] hsr_slave_0: left promiscuous mode [ 160.510447][ T2470] hsr_slave_1: left promiscuous mode [ 160.520756][ T2470] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 160.533107][ T2470] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 160.553331][ T2470] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 160.573598][ T2470] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 160.593996][ T2470] veth1_macvtap: left promiscuous mode [ 160.607783][ T2470] veth0_macvtap: left promiscuous mode [ 160.630627][ T5139] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 160.638058][ T2470] veth1_vlan: left promiscuous mode [ 160.638118][ T5139] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 160.643371][ T2470] veth0_vlan: left promiscuous mode [ 160.656431][ T5139] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 160.667977][ T5139] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 160.687098][ T5139] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 160.694791][ T5139] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 160.921264][ T2470] team0 (unregistering): Port device team_slave_1 removed [ 160.935089][ T5139] Bluetooth: hci0: command tx timeout [ 160.943815][ T2470] team0 (unregistering): Port device team_slave_0 removed [ 161.018169][ T5132] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 161.036408][ T5132] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 161.045109][ T5132] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 161.053029][ T5132] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 161.060771][ T5132] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 161.068116][ T5132] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 161.092956][ T7376] netlink: 'syz.4.673': attribute type 10 has an invalid length. [ 161.173720][ T7383] loop3: detected capacity change from 0 to 512 [ 161.183003][ T7383] ext4: Unknown parameter 'noacl' [ 161.209351][ T7322] chnl_net:caif_netlink_parms(): no params data found [ 161.392269][ T7322] bridge0: port 1(bridge_slave_0) entered blocking state [ 161.527976][ T7322] bridge0: port 1(bridge_slave_0) entered disabled state [ 161.590867][ T7322] bridge_slave_0: entered allmulticast mode [ 161.681183][ T7322] bridge_slave_0: entered promiscuous mode [ 161.777933][ T7322] bridge0: port 2(bridge_slave_1) entered blocking state [ 161.785521][ T7322] bridge0: port 2(bridge_slave_1) entered disabled state [ 161.792812][ T7322] bridge_slave_1: entered allmulticast mode [ 161.803528][ T7322] bridge_slave_1: entered promiscuous mode [ 161.821352][ T7399] loop4: detected capacity change from 0 to 64 [ 161.829077][ T7399] MINIX-fs: file system does not have enough imap blocks allocated. Refusing to mount. [ 161.839768][ T7399] MINIX-fs: bad superblock or unable to read bitmaps [ 161.899663][ T7322] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 161.924032][ T7322] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 162.089215][ T7407] loop4: detected capacity change from 0 to 256 [ 162.167697][ T7407] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x39626d3b, utbl_chksum : 0xe619d30d) [ 162.256785][ T29] audit: type=1800 audit(1721111613.053:29): pid=7407 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.681" name="file1" dev="loop4" ino=1048687 res=0 errno=0 [ 162.315980][ T7407] syz.4.681: attempt to access beyond end of device [ 162.315980][ T7407] loop4: rw=0, sector=256, nr_sectors = 8 limit=256 [ 162.542895][ T7378] chnl_net:caif_netlink_parms(): no params data found [ 162.558846][ T7322] team0: Port device team_slave_0 added [ 162.618968][ T7322] team0: Port device team_slave_1 added [ 162.652084][ T7322] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 162.659252][ T7322] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 162.685311][ T7322] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 162.707258][ T7322] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 163.058315][ T5132] Bluetooth: hci1: command tx timeout [ 163.063880][ T5132] Bluetooth: hci0: command tx timeout [ 163.069654][ T7322] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 163.098167][ T5132] Bluetooth: hci3: command tx timeout [ 163.103732][ T7322] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 163.115803][ T7370] chnl_net:caif_netlink_parms(): no params data found [ 163.130836][ T2470] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 163.228059][ T2470] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 163.230761][ T7418] loop4: detected capacity change from 0 to 1024 [ 163.246272][ T7418] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869) [ 163.262087][ T7378] bridge0: port 1(bridge_slave_0) entered blocking state [ 163.265308][ T7418] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 163.270368][ T7378] bridge0: port 1(bridge_slave_0) entered disabled state [ 163.288117][ T7378] bridge_slave_0: entered allmulticast mode [ 163.290196][ T7418] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a841e11d, mo2=0002] [ 163.295429][ T7378] bridge_slave_0: entered promiscuous mode [ 163.310920][ T7378] bridge0: port 2(bridge_slave_1) entered blocking state [ 163.319066][ T7418] System zones: 0-1, 4-36, 102-102 [ 163.327890][ T7418] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 163.359953][ T7378] bridge0: port 2(bridge_slave_1) entered disabled state [ 163.369406][ T7378] bridge_slave_1: entered allmulticast mode [ 163.376976][ T7378] bridge_slave_1: entered promiscuous mode [ 163.388111][ T7322] hsr_slave_0: entered promiscuous mode [ 163.394575][ T7322] hsr_slave_1: entered promiscuous mode [ 163.463533][ T2470] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 163.568375][ T2470] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 163.580471][ T6447] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 163.592106][ T7378] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 163.638286][ T7370] bridge0: port 1(bridge_slave_0) entered blocking state [ 163.648256][ T7370] bridge0: port 1(bridge_slave_0) entered disabled state [ 163.656142][ T7370] bridge_slave_0: entered allmulticast mode [ 163.663296][ T7370] bridge_slave_0: entered promiscuous mode [ 163.674444][ T7378] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 163.687084][ T7437] syz_tun: tun_net_xmit 1510 [ 163.691865][ T7437] syz_tun: tun_net_xmit 43 [ 163.707821][ T7370] bridge0: port 2(bridge_slave_1) entered blocking state [ 163.715334][ T7370] bridge0: port 2(bridge_slave_1) entered disabled state [ 163.722556][ T7370] bridge_slave_1: entered allmulticast mode [ 163.729864][ T7370] bridge_slave_1: entered promiscuous mode [ 163.829607][ T7378] team0: Port device team_slave_0 added [ 163.838970][ T7378] team0: Port device team_slave_1 added [ 163.865978][ T7370] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 163.991062][ T7370] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 164.005903][ T7378] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 164.025341][ T7378] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 164.083952][ T7378] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 164.120491][ T7439] loop4: detected capacity change from 0 to 32768 [ 164.128948][ T7439] BTRFS: device fsid 3d39d0ba-bdae-447e-827b-b091e1a68885 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.690 (7439) [ 164.136479][ T7441] loop3: detected capacity change from 0 to 32768 [ 164.149243][ T7378] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 164.150446][ T7439] BTRFS info (device loop4): first mount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885 [ 164.159521][ T7378] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 164.167797][ T7439] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [ 164.197892][ T7378] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 164.202886][ T7439] BTRFS info (device loop4): using free-space-tree [ 164.220104][ T2470] bridge_slave_1: left allmulticast mode [ 164.225893][ T2470] bridge_slave_1: left promiscuous mode [ 164.231538][ T2470] bridge0: port 2(bridge_slave_1) entered disabled state [ 164.240082][ T2470] bridge_slave_0: left allmulticast mode [ 164.245888][ T2470] bridge_slave_0: left promiscuous mode [ 164.251543][ T2470] bridge0: port 1(bridge_slave_0) entered disabled state [ 164.261792][ T7441] XFS (loop3): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 164.293318][ T7441] XFS (loop3): Ending clean mount [ 164.302341][ T7441] XFS (loop3): Quotacheck needed: Please wait. [ 164.317370][ T7441] XFS (loop3): Quotacheck: Done. [ 164.409158][ T6447] BTRFS info (device loop4): last unmount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885 [ 164.434821][ T2470] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 164.447966][ T2470] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 164.464624][ T2470] bond0 (unregistering): Released all slaves [ 164.562773][ T7370] team0: Port device team_slave_0 added [ 164.574141][ T7370] team0: Port device team_slave_1 added [ 164.600466][ T7378] hsr_slave_0: entered promiscuous mode [ 164.631232][ T7378] hsr_slave_1: entered promiscuous mode [ 164.641632][ T7378] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 164.654330][ T7378] Cannot create hsr debugfs directory [ 164.669736][ T7468] loop4: detected capacity change from 0 to 512 [ 164.677721][ T7468] UDF-fs: warning (device loop4): udf_load_vrs: No VRS found [ 164.685315][ T7468] UDF-fs: Scanning with blocksize 512 failed [ 164.692100][ T7468] UDF-fs: warning (device loop4): udf_load_vrs: No VRS found [ 164.699776][ T7468] UDF-fs: Scanning with blocksize 1024 failed [ 164.708175][ T7468] UDF-fs: warning (device loop4): udf_load_vrs: No VRS found [ 164.717271][ T7468] UDF-fs: Scanning with blocksize 2048 failed [ 164.729237][ T7468] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256 [ 164.779978][ T7370] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 164.789917][ T7370] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 164.815063][ T7468] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 164.827631][ T7370] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 164.873552][ T7370] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 164.889618][ T7370] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 164.917409][ T7370] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 164.960328][ T7470] loop4: detected capacity change from 0 to 8 [ 164.997658][ T5503] XFS (loop3): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 165.006615][ T7470] SQUASHFS error: Failed to read block 0x6e6: -5 [ 165.026971][ T7470] SQUASHFS error: Unable to read metadata cache entry [6e4] [ 165.034395][ T7470] SQUASHFS error: Unable to read directory block [6e4:0] [ 165.053749][ T2470] hsr_slave_0: left promiscuous mode [ 165.063919][ T2470] hsr_slave_1: left promiscuous mode [ 165.070269][ T2470] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 165.090964][ T2470] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 165.101271][ T5132] Bluetooth: hci0: command tx timeout [ 165.107789][ T5139] Bluetooth: hci1: command tx timeout [ 165.119892][ T2470] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 165.130836][ T2470] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 165.143457][ T7472] nbd: must specify a size in bytes for the device [ 165.153762][ T2470] veth1_macvtap: left promiscuous mode [ 165.162288][ T2470] veth0_macvtap: left promiscuous mode [ 165.168057][ T2470] veth1_vlan: left promiscuous mode [ 165.173541][ T2470] veth0_vlan: left promiscuous mode [ 165.175433][ T5132] Bluetooth: hci3: command tx timeout [ 165.879764][ T2470] team0 (unregistering): Port device team_slave_1 removed [ 165.908836][ T2470] team0 (unregistering): Port device team_slave_0 removed [ 166.154688][ T7370] hsr_slave_0: entered promiscuous mode [ 166.168268][ T7370] hsr_slave_1: entered promiscuous mode [ 166.185683][ T7370] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 166.193286][ T7370] Cannot create hsr debugfs directory [ 166.386672][ T7322] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 166.405925][ T7322] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 166.468144][ T7322] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 166.500967][ T7322] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 166.537626][ T7490] loop4: detected capacity change from 0 to 64 [ 166.557323][ T7490] MINIX-fs: file system does not have enough imap blocks allocated. Refusing to mount. [ 166.569601][ T7490] MINIX-fs: bad superblock or unable to read bitmaps [ 166.578458][ T7378] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 166.640896][ T7494] loop4: detected capacity change from 0 to 1024 [ 167.021130][ T7378] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 167.039916][ T7494] hfsplus: failed to load root directory [ 167.154673][ T7378] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 167.174341][ T7322] 8021q: adding VLAN 0 to HW filter on device bond0 [ 167.175057][ T5139] Bluetooth: hci1: command tx timeout [ 167.184809][ T5132] Bluetooth: hci0: command tx timeout [ 167.203505][ T7322] 8021q: adding VLAN 0 to HW filter on device team0 [ 167.225833][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 167.233125][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 167.247826][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 167.255030][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 167.263098][ T5132] Bluetooth: hci3: command tx timeout [ 167.275649][ T7378] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 167.322951][ T7504] nbd: must specify a size in bytes for the device [ 167.376546][ T7507] loop4: detected capacity change from 0 to 256 [ 167.383426][ T7507] exfat: Deprecated parameter 'utf8' [ 167.391985][ T7507] exfat: Deprecated parameter 'namecase' [ 167.399112][ T7507] exfat: Deprecated parameter 'utf8' [ 167.404455][ T7507] exfat: Deprecated parameter 'namecase' [ 167.419909][ T7507] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xdc42f586, utbl_chksum : 0xe619d30d) [ 167.508897][ T7322] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 167.534158][ T7514] loop4: detected capacity change from 0 to 512 [ 167.561951][ T7514] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 167.578619][ T7514] ext4 filesystem being mounted at /75/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 167.599270][ T7322] veth0_vlan: entered promiscuous mode [ 167.636874][ T7322] veth1_vlan: entered promiscuous mode [ 167.698042][ T7322] veth0_macvtap: entered promiscuous mode [ 167.712671][ T7322] veth1_macvtap: entered promiscuous mode [ 167.731102][ T6447] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 167.775461][ T7370] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 167.805676][ T7370] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 167.817042][ T7322] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 167.830706][ T7322] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 167.847236][ T7322] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 167.860458][ T7322] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 167.873530][ T7322] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 167.886728][ T7322] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 167.908516][ T7322] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 167.933437][ T7370] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 167.957740][ T7322] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 167.973424][ T7322] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 167.984165][ T7322] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 167.997381][ T7322] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 168.008542][ T7322] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 168.021424][ T7322] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 168.050337][ T7322] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 168.072300][ T7370] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 168.091984][ T7378] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 168.116334][ T7378] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 168.141193][ T7322] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 168.150286][ T7322] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 168.160111][ T7322] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 168.170270][ T7322] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 168.208184][ T7378] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 168.243556][ T7378] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 168.433326][ T992] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 168.451798][ T992] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 168.513789][ T2446] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 168.532105][ T2446] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 168.533903][ T7520] loop4: detected capacity change from 0 to 40427 [ 168.562494][ T7520] F2FS-fs (loop4): heap/no_heap options were deprecated [ 168.588139][ T7523] loop3: detected capacity change from 0 to 1024 [ 168.588654][ T7520] F2FS-fs (loop4): invalid crc value [ 168.611122][ T7370] 8021q: adding VLAN 0 to HW filter on device bond0 [ 168.620725][ T7520] F2FS-fs (loop4): Found nat_bits in checkpoint [ 168.631123][ T7378] 8021q: adding VLAN 0 to HW filter on device bond0 [ 168.639065][ T7523] hfsplus: failed to load root directory [ 168.666374][ T7526] loop1: detected capacity change from 0 to 16 [ 168.681503][ T7526] erofs: (device loop1): mounted with root inode @ nid 36. [ 168.683138][ T7370] 8021q: adding VLAN 0 to HW filter on device team0 [ 168.728572][ T7378] 8021q: adding VLAN 0 to HW filter on device team0 [ 168.734096][ T7526] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 168.741408][ T5116] bridge0: port 1(bridge_slave_0) entered blocking state [ 168.750722][ T5116] bridge0: port 1(bridge_slave_0) entered forwarding state [ 168.758957][ T5132] erofs: (device loop1): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 0] out[9000] [ 168.775022][ T7526] erofs: (device loop1): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192] [ 168.786515][ T7520] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 168.788660][ T5608] bridge0: port 1(bridge_slave_0) entered blocking state [ 168.801213][ T5608] bridge0: port 1(bridge_slave_0) entered forwarding state [ 168.811685][ T29] audit: type=1800 audit(1721111619.623:30): pid=7526 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.652" name="file2" dev="loop1" ino=89 res=0 errno=0 [ 168.812548][ T5608] bridge0: port 2(bridge_slave_1) entered blocking state [ 168.838298][ T5608] bridge0: port 2(bridge_slave_1) entered forwarding state [ 168.880499][ T5608] bridge0: port 2(bridge_slave_1) entered blocking state [ 168.887687][ T5608] bridge0: port 2(bridge_slave_1) entered forwarding state [ 168.898755][ T6447] syz-executor: attempt to access beyond end of device [ 168.898755][ T6447] loop4: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 168.913971][ T6447] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 168.925049][ T6447] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 168.993610][ T7378] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 169.008030][ T7378] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 169.471024][ T5132] Bluetooth: hci1: command tx timeout [ 169.480057][ T5132] Bluetooth: hci3: command tx timeout [ 170.168178][ T7554] 9pnet_fd: Insufficient options for proto=fd [ 170.342655][ T7378] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 170.655723][ T7378] veth0_vlan: entered promiscuous mode [ 170.668745][ T7370] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 170.719976][ T7378] veth1_vlan: entered promiscuous mode [ 170.741503][ T7568] loop4: detected capacity change from 0 to 256 [ 170.758048][ T7568] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x53fda505, utbl_chksum : 0xe619d30d) [ 170.773929][ T7568] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 170.793857][ T7378] veth0_macvtap: entered promiscuous mode [ 170.807135][ T7370] veth0_vlan: entered promiscuous mode [ 170.819156][ T7378] veth1_macvtap: entered promiscuous mode [ 170.832499][ T7370] veth1_vlan: entered promiscuous mode [ 170.952009][ T7378] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 170.964363][ T7378] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 170.982795][ T7378] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 170.993488][ T7378] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 170.998178][ T7572] loop3: detected capacity change from 0 to 256 [ 171.003968][ T7378] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 171.015977][ T7572] exfat: Deprecated parameter 'utf8' [ 171.025009][ T7378] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.032142][ T7572] exfat: Deprecated parameter 'namecase' [ 171.038747][ T7378] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 171.041264][ T7572] exfat: Deprecated parameter 'utf8' [ 171.061759][ T7378] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.071977][ T7572] exfat: Deprecated parameter 'namecase' [ 171.083399][ T7378] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 171.152337][ T7572] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xdc42f586, utbl_chksum : 0xe619d30d) [ 171.334774][ T7378] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 171.390388][ T7378] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.400356][ T7378] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 171.410992][ T7378] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.421048][ T7378] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 171.432594][ T7378] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.442469][ T7378] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 171.453093][ T7378] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.464676][ T7378] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 171.492282][ T7378] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 171.506203][ T7378] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 171.515555][ T7378] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 171.524539][ T7378] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 171.567356][ T7370] veth0_macvtap: entered promiscuous mode [ 171.630757][ T7370] veth1_macvtap: entered promiscuous mode [ 171.733017][ T7370] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 171.772494][ T7370] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.802009][ T7370] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 171.832591][ T7370] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.853163][ T7370] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 171.870756][ T7370] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.881866][ T7370] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 171.894747][ T7370] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.905304][ T7370] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 171.918656][ T7370] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.930199][ T7370] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 171.944056][ T7370] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 171.956825][ T7370] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.969344][ T7370] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 171.984972][ T7370] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.996881][ T7370] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 172.008152][ T7370] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 172.020027][ T7370] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 172.030808][ T7370] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 172.043976][ T7370] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 172.054570][ T7370] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 172.072725][ T7370] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 172.097392][ T7370] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 172.109193][ T7370] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 172.118472][ T7370] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 172.135066][ T7370] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 172.153723][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 172.165089][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 172.253187][ T5353] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 172.263641][ T5353] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 172.328618][ T5353] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 172.356922][ T5353] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 172.401498][ T2446] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 172.413974][ T2446] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 172.478263][ T7599] netlink: 8 bytes leftover after parsing attributes in process `syz.4.730'. [ 172.623531][ T7603] loop2: detected capacity change from 0 to 64 [ 172.792291][ T7610] loop3: detected capacity change from 0 to 4096 [ 172.821569][ T7610] ntfs3: loop3: Different NTFS sector size (2048) and media sector size (512). [ 172.843628][ T7613] loop1: detected capacity change from 0 to 512 [ 172.893838][ T7613] EXT4-fs error (device loop1): ext4_orphan_get:1391: inode #15: comm syz.1.734: casefold flag without casefold feature [ 172.907847][ T7610] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 172.922954][ T7613] EXT4-fs error (device loop1): ext4_orphan_get:1396: comm syz.1.734: couldn't read orphan inode 15 (err -117) [ 172.942331][ T7613] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 173.332647][ T7625] kvm: pic: non byte write [ 173.346171][ T7627] loop2: detected capacity change from 0 to 1024 [ 173.351121][ T7613] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0 [ 173.485639][ T7322] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 173.505058][ T2446] hfsplus: b-tree write err: -5, ino 4 [ 173.615775][ T7635] cgroup: Invalid name [ 174.040638][ T7636] loop2: detected capacity change from 0 to 1024 [ 174.125221][ T7636] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 174.513105][ T7645] loop1: detected capacity change from 0 to 1024 [ 174.528493][ T7645] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869) [ 174.544718][ T7645] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 174.585219][ T7645] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a841e11d, mo2=0002] [ 174.594228][ T7645] System zones: 0-1, 4-36, 102-102 [ 174.604335][ T7645] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 174.665011][ T7643] loop4: detected capacity change from 0 to 32768 [ 174.674048][ T7378] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 174.702292][ T7643] ialloc: diAlloc returned -5! [ 175.807953][ T7322] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 175.883702][ T7668] loop1: detected capacity change from 0 to 128 [ 175.929045][ T7671] loop3: detected capacity change from 0 to 1024 [ 175.987066][ T7679] netlink: 'syz.2.756': attribute type 4 has an invalid length. [ 175.994750][ T7679] netlink: 4 bytes leftover after parsing attributes in process `syz.2.756'. [ 176.134188][ T35] hfsplus: b-tree write err: -5, ino 4 [ 176.224065][ T7686] A link change request failed with some changes committed already. Interface xfrm0 may have been left with an inconsistent configuration, please check. [ 176.290496][ T7673] loop4: detected capacity change from 0 to 32768 [ 176.369311][ T7673] MetaData crosses page boundary!! [ 176.383402][ T7673] lblock = 6609ff, size = 24576 [ 176.388509][ T7673] CPU: 1 UID: 0 PID: 7673 Comm: syz.4.753 Not tainted 6.10.0-rc7-next-20240712-syzkaller #0 [ 176.398614][ T7673] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 176.408688][ T7673] Call Trace: [ 176.411962][ T7673] [ 176.414883][ T7673] dump_stack_lvl+0x241/0x360 [ 176.419580][ T7673] ? __pfx_dump_stack_lvl+0x10/0x10 [ 176.424860][ T7673] ? __pfx__printk+0x10/0x10 [ 176.429454][ T7673] __get_metapage+0xa24/0xef0 [ 176.434129][ T7673] dtSearch+0x582/0x2520 [ 176.438405][ T7673] ? get_UCSname+0xe3/0x610 [ 176.442918][ T7673] jfs_lookup+0x17f/0x410 [ 176.447249][ T7673] ? __pfx_jfs_lookup+0x10/0x10 [ 176.452099][ T7673] ? d_alloc_parallel+0x14a8/0x1600 [ 176.457402][ T7673] ? __d_lookup+0x85/0x7e0 [ 176.461985][ T7673] ? __pfx_d_alloc_parallel+0x10/0x10 [ 176.467351][ T7673] ? __d_lookup+0x727/0x7e0 [ 176.471936][ T7673] ? try_to_unlazy+0x35c/0x5b0 [ 176.476695][ T7673] ? __pfx_jfs_lookup+0x10/0x10 [ 176.481537][ T7673] path_openat+0x11cc/0x3470 [ 176.486167][ T7673] ? __pfx_path_openat+0x10/0x10 [ 176.491099][ T7673] ? lock_release+0xbf/0xa30 [ 176.495688][ T7673] do_filp_open+0x235/0x490 [ 176.500187][ T7673] ? __pfx_do_filp_open+0x10/0x10 [ 176.505220][ T7673] ? _raw_spin_unlock+0x28/0x50 [ 176.510063][ T7673] ? alloc_fd+0x5a1/0x640 [ 176.514417][ T7673] do_sys_openat2+0x13e/0x1d0 [ 176.519110][ T7673] ? __pfx_do_sys_openat2+0x10/0x10 [ 176.524307][ T7673] __x64_sys_openat+0x247/0x2a0 [ 176.529151][ T7673] ? __pfx___x64_sys_openat+0x10/0x10 [ 176.534604][ T7673] ? rcu_is_watching+0x15/0xb0 [ 176.539364][ T7673] ? rcu_is_watching+0x15/0xb0 [ 176.544206][ T7673] do_syscall_64+0xf3/0x230 [ 176.548708][ T7673] ? clear_bhb_loop+0x35/0x90 [ 176.553397][ T7673] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 176.559311][ T7673] RIP: 0033:0x7fe672975bd9 [ 176.563767][ T7673] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 176.583992][ T7673] RSP: 002b:00007fe6736ae048 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 176.592403][ T7673] RAX: ffffffffffffffda RBX: 00007fe672b03f60 RCX: 00007fe672975bd9 [ 176.600365][ T7673] RDX: 0000000000000000 RSI: 0000000020000440 RDI: ffffffffffffff9c [ 176.608327][ T7673] RBP: 00007fe6729e4e60 R08: 0000000000000000 R09: 0000000000000000 [ 176.616290][ T7673] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 176.624264][ T7673] R13: 000000000000000b R14: 00007fe672b03f60 R15: 00007ffd1cda08f8 [ 176.632242][ T7673] [ 176.643881][ T7673] bread failed! [ 176.649861][ T7673] jfs_lookup: dtSearch returned -5 [ 177.202579][ T7698] loop3: detected capacity change from 0 to 512 [ 177.223078][ T7698] ext4: Unknown parameter 'noacl' [ 177.274123][ T7704] netlink: 64 bytes leftover after parsing attributes in process `syz.0.767'. [ 177.301302][ T7704] netlink: 80 bytes leftover after parsing attributes in process `syz.0.767'. [ 177.365438][ T29] audit: type=1804 audit(1721111628.173:31): pid=7704 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.767" name="/newroot/6/bus/file0" dev="overlay" ino=57 res=1 errno=0 [ 177.407200][ T29] audit: type=1326 audit(1721111628.223:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7703 comm="syz.0.767" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9148575bd9 code=0x0 [ 177.903404][ T7711] loop1: detected capacity change from 0 to 64 [ 177.919825][ T7708] loop4: detected capacity change from 0 to 4096 [ 177.928467][ T7708] ntfs3: loop4: Different NTFS sector size (4096) and media sector size (512). [ 177.928473][ T7711] netlink: 104 bytes leftover after parsing attributes in process `syz.1.768'. [ 178.018424][ T7716] loop4: detected capacity change from 0 to 1024 [ 178.351587][ T7718] 9pnet_fd: Insufficient options for proto=fd [ 178.531030][ T7726] loop0: detected capacity change from 0 to 1024 [ 178.611179][ T2446] hfsplus: b-tree write err: -5, ino 4 [ 178.639164][ T7733] loop0: detected capacity change from 0 to 16 [ 178.648163][ T7733] erofs: (device loop0): mounted with root inode @ nid 36. [ 178.660571][ T7733] syz.0.777: attempt to access beyond end of device [ 178.660571][ T7733] loop0: rw=0, sector=8, nr_sectors = 16 limit=16 [ 178.713926][ T7738] loop0: detected capacity change from 0 to 256 [ 178.770286][ T2446] kworker/u8:7: attempt to access beyond end of device [ 178.770286][ T2446] loop0: rw=1, sector=256, nr_sectors = 128 limit=256 [ 179.382687][ T5132] Bluetooth: hci0: unexpected event 0x08 length: 78 > 4 [ 180.365118][ T7761] netlink: 'syz.3.786': attribute type 4 has an invalid length. [ 180.472103][ T7761] netlink: 4 bytes leftover after parsing attributes in process `syz.3.786'. [ 180.726830][ T7740] ================================================================== [ 180.734919][ T7740] BUG: KASAN: slab-use-after-free in handle_mm_fault+0x14f0/0x19a0 [ 180.742833][ T7740] Read of size 8 at addr ffff88802b7ab8d8 by task syz.0.780/7740 [ 180.750558][ T7740] [ 180.752894][ T7740] CPU: 0 UID: 0 PID: 7740 Comm: syz.0.780 Not tainted 6.10.0-rc7-next-20240712-syzkaller #0 [ 180.762939][ T7740] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 180.772975][ T7740] Call Trace: [ 180.776240][ T7740] [ 180.779153][ T7740] dump_stack_lvl+0x241/0x360 [ 180.783815][ T7740] ? __pfx_dump_stack_lvl+0x10/0x10 [ 180.788995][ T7740] ? __pfx__printk+0x10/0x10 [ 180.793567][ T7740] ? _printk+0xd5/0x120 [ 180.797706][ T7740] ? __virt_addr_valid+0x183/0x530 [ 180.802794][ T7740] ? __virt_addr_valid+0x183/0x530 [ 180.807880][ T7740] print_report+0x169/0x550 [ 180.812365][ T7740] ? __virt_addr_valid+0x183/0x530 [ 180.817454][ T7740] ? __virt_addr_valid+0x183/0x530 [ 180.822540][ T7740] ? __virt_addr_valid+0x45f/0x530 [ 180.827643][ T7740] ? __phys_addr+0xba/0x170 [ 180.832135][ T7740] ? handle_mm_fault+0x14f0/0x19a0 [ 180.837233][ T7740] kasan_report+0x143/0x180 [ 180.841867][ T7740] ? handle_mm_fault+0x14f0/0x19a0 [ 180.847059][ T7740] handle_mm_fault+0x14f0/0x19a0 [ 180.851989][ T7740] ? __pfx_handle_mm_fault+0x10/0x10 [ 180.857252][ T7740] ? rcu_is_watching+0x15/0xb0 [ 180.861997][ T7740] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 180.868305][ T7740] ? lock_acquire+0xe3/0x550 [ 180.872883][ T7740] ? lock_mm_and_find_vma+0x9c/0x2f0 [ 180.878145][ T7740] exc_page_fault+0x2b9/0x8c0 [ 180.882808][ T7740] asm_exc_page_fault+0x26/0x30 [ 180.887649][ T7740] RIP: 0010:rep_movs_alternative+0x4a/0x70 [ 180.893435][ T7740] Code: 75 f1 c3 cc cc cc cc 66 0f 1f 84 00 00 00 00 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 df 83 f9 08 73 e8 eb c9 a4 c3 cc cc cc cc 48 89 c8 48 c1 e9 03 83 e0 07 f3 48 a5 89 c1 [ 180.913112][ T7740] RSP: 0000:ffffc90004a2fad0 EFLAGS: 00050246 [ 180.919161][ T7740] RAX: ffffffff84b11e01 RBX: 00000000201ac040 RCX: 0000000000000040 [ 180.927115][ T7740] RDX: 0000000000000000 RSI: ffffc90004a2fb60 RDI: 00000000201ac000 [ 180.935070][ T7740] RBP: ffffc90004a2fc10 R08: ffffc90004a2fb9f R09: 1ffff92000945f73 [ 180.943028][ T7740] R10: dffffc0000000000 R11: fffff52000945f74 R12: 0000000000000040 [ 180.951164][ T7740] R13: 0000000000178580 R14: 00000000201ac000 R15: ffffc90004a2fb60 [ 180.959226][ T7740] ? _copy_from_user+0x61/0xe0 [ 180.963984][ T7740] _copy_to_user+0x86/0xb0 [ 180.968386][ T7740] rng_dev_read+0x3be/0x6d0 [ 180.972871][ T7740] ? __pfx_rng_dev_read+0x10/0x10 [ 180.977898][ T7740] ? security_file_permission+0x7f/0xa0 [ 180.983429][ T7740] ? rw_verify_area+0x52a/0x6b0 [ 180.988268][ T7740] vfs_readv+0x6c2/0xa90 [ 180.992498][ T7740] ? __pfx_rng_dev_read+0x10/0x10 [ 180.997623][ T7740] ? __pfx_vfs_readv+0x10/0x10 [ 181.002385][ T7740] ? __pfx_do_futex+0x10/0x10 [ 181.007064][ T7740] __x64_sys_preadv+0x1c7/0x2d0 [ 181.011910][ T7740] ? __pfx___x64_sys_preadv+0x10/0x10 [ 181.017272][ T7740] ? rcu_is_watching+0x15/0xb0 [ 181.022023][ T7740] ? rcu_is_watching+0x15/0xb0 [ 181.026769][ T7740] do_syscall_64+0xf3/0x230 [ 181.031266][ T7740] ? clear_bhb_loop+0x35/0x90 [ 181.035949][ T7740] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 181.041934][ T7740] RIP: 0033:0x7f9148575bd9 [ 181.046342][ T7740] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 181.065950][ T7740] RSP: 002b:00007f91493f8048 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 181.074376][ T7740] RAX: ffffffffffffffda RBX: 00007f9148703f60 RCX: 00007f9148575bd9 [ 181.082335][ T7740] RDX: 0000000000000001 RSI: 0000000020000240 RDI: 0000000000000004 [ 181.090312][ T7740] RBP: 00007f91485e4e60 R08: 0000000000000000 R09: 0000000000000000 [ 181.098270][ T7740] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 181.106224][ T7740] R13: 000000000000000b R14: 00007f9148703f60 R15: 00007ffda8f6f248 [ 181.114237][ T7740] [ 181.117257][ T7740] [ 181.119556][ T7740] Allocated by task 7742: [ 181.123860][ T7740] kasan_save_track+0x3f/0x80 [ 181.128527][ T7740] __kasan_slab_alloc+0x66/0x80 [ 181.133371][ T7740] kmem_cache_alloc_noprof+0x135/0x2a0 [ 181.138828][ T7740] vm_area_alloc+0x24/0x1d0 [ 181.143323][ T7740] mmap_region+0xc3d/0x2090 [ 181.147837][ T7740] do_mmap+0x8f9/0x1010 [ 181.151981][ T7740] vm_mmap_pgoff+0x1dd/0x3d0 [ 181.156556][ T7740] do_syscall_64+0xf3/0x230 [ 181.161058][ T7740] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 181.166947][ T7740] [ 181.169256][ T7740] Freed by task 7766: [ 181.173217][ T7740] kasan_save_track+0x3f/0x80 [ 181.177912][ T7740] kasan_save_free_info+0x40/0x50 [ 181.183093][ T7740] poison_slab_object+0xe0/0x150 [ 181.188017][ T7740] __kasan_slab_free+0x37/0x60 [ 181.192761][ T7740] kmem_cache_free+0x145/0x350 [ 181.197596][ T7740] rcu_core+0xafd/0x1830 [ 181.201828][ T7740] handle_softirqs+0x2c4/0x970 [ 181.206663][ T7740] __irq_exit_rcu+0xf4/0x1c0 [ 181.211235][ T7740] irq_exit_rcu+0x9/0x30 [ 181.215462][ T7740] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 181.221077][ T7740] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 181.227058][ T7740] [ 181.229363][ T7740] Last potentially related work creation: [ 181.235055][ T7740] kasan_save_stack+0x3f/0x60 [ 181.239715][ T7740] __kasan_record_aux_stack+0xac/0xc0 [ 181.245073][ T7740] call_rcu+0x167/0xa70 [ 181.249210][ T7740] do_vmi_align_munmap+0x155c/0x18c0 [ 181.254494][ T7740] do_vmi_munmap+0x261/0x2f0 [ 181.259093][ T7740] mmap_region+0x72f/0x2090 [ 181.263591][ T7740] do_mmap+0x8f9/0x1010 [ 181.267735][ T7740] vm_mmap_pgoff+0x1dd/0x3d0 [ 181.272308][ T7740] ksys_mmap_pgoff+0x544/0x720 [ 181.277161][ T7740] do_syscall_64+0xf3/0x230 [ 181.281667][ T7740] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 181.287541][ T7740] [ 181.289844][ T7740] The buggy address belongs to the object at ffff88802b7ab8b8 [ 181.289844][ T7740] which belongs to the cache vm_area_struct of size 184 [ 181.304135][ T7740] The buggy address is located 32 bytes inside of [ 181.304135][ T7740] freed 184-byte region [ffff88802b7ab8b8, ffff88802b7ab970) [ 181.317830][ T7740] [ 181.320137][ T7740] The buggy address belongs to the physical page: [ 181.326533][ T7740] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2b7ab [ 181.335800][ T7740] memcg:ffff88806d0e5201 [ 181.340019][ T7740] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 181.347170][ T7740] page_type: 0xfdffffff(slab) [ 181.351846][ T7740] raw: 00fff00000000000 ffff888015eefb40 dead000000000122 0000000000000000 [ 181.360508][ T7740] raw: 0000000000000000 0000000000100010 00000001fdffffff ffff88806d0e5201 [ 181.369265][ T7740] page dumped because: kasan: bad access detected [ 181.375688][ T7740] page_owner tracks the page as allocated [ 181.381384][ T7740] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x152cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 7370, tgid 7370 (syz-executor), ts 178803577867, free_ts 178762652148 [ 181.400754][ T7740] post_alloc_hook+0x1f3/0x230 [ 181.405520][ T7740] get_page_from_freelist+0x2ccb/0x2d80 [ 181.411067][ T7740] __alloc_pages_noprof+0x256/0x6c0 [ 181.416338][ T7740] alloc_slab_page+0x5f/0x120 [ 181.420999][ T7740] allocate_slab+0x5a/0x2f0 [ 181.425530][ T7740] ___slab_alloc+0xcd1/0x14b0 [ 181.430193][ T7740] __slab_alloc+0x58/0xa0 [ 181.434507][ T7740] kmem_cache_alloc_noprof+0x1c1/0x2a0 [ 181.439950][ T7740] vm_area_dup+0x27/0x290 [ 181.444264][ T7740] copy_mm+0xc7b/0x1f30 [ 181.448413][ T7740] copy_process+0x186b/0x3d90 [ 181.453093][ T7740] kernel_clone+0x226/0x8f0 [ 181.457591][ T7740] __x64_sys_clone+0x258/0x2a0 [ 181.462362][ T7740] do_syscall_64+0xf3/0x230 [ 181.466851][ T7740] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 181.472818][ T7740] page last free pid 7737 tgid 7737 stack trace: [ 181.479123][ T7740] free_unref_folios+0x103a/0x1b00 [ 181.484221][ T7740] folios_put_refs+0x76e/0x860 [ 181.488968][ T7740] free_pages_and_swap_cache+0x5c8/0x690 [ 181.494599][ T7740] tlb_flush_mmu+0x3a3/0x680 [ 181.499192][ T7740] tlb_finish_mmu+0xd4/0x200 [ 181.503772][ T7740] exit_mmap+0x44f/0xc80 [ 181.508087][ T7740] __mmput+0x115/0x390 [ 181.512141][ T7740] exit_mm+0x220/0x310 [ 181.516191][ T7740] do_exit+0x9b2/0x27f0 [ 181.520325][ T7740] do_group_exit+0x207/0x2c0 [ 181.524896][ T7740] __x64_sys_exit_group+0x3f/0x40 [ 181.529914][ T7740] x64_sys_call+0x26c3/0x26d0 [ 181.534662][ T7740] do_syscall_64+0xf3/0x230 [ 181.539152][ T7740] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 181.545030][ T7740] [ 181.547331][ T7740] Memory state around the buggy address: [ 181.552937][ T7740] ffff88802b7ab780: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 181.560983][ T7740] ffff88802b7ab800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc [ 181.569058][ T7740] >ffff88802b7ab880: fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb fb [ 181.577104][ T7740] ^ [ 181.584016][ T7740] ffff88802b7ab900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc [ 181.592057][ T7740] ffff88802b7ab980: fc fc fc fc fc fc fa fb fb fb fb fb fb fb fb fb [ 181.600183][ T7740] ================================================================== [ 181.611961][ T7740] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 181.619169][ T7740] CPU: 0 UID: 0 PID: 7740 Comm: syz.0.780 Not tainted 6.10.0-rc7-next-20240712-syzkaller #0 [ 181.629220][ T7740] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 181.639347][ T7740] Call Trace: [ 181.642641][ T7740] [ 181.645556][ T7740] dump_stack_lvl+0x241/0x360 [ 181.650237][ T7740] ? __pfx_dump_stack_lvl+0x10/0x10 [ 181.655442][ T7740] ? __pfx__printk+0x10/0x10 [ 181.660017][ T7740] ? rcu_is_watching+0x15/0xb0 [ 181.664791][ T7740] ? lock_release+0xbf/0xa30 [ 181.669377][ T7740] ? vscnprintf+0x5d/0x90 [ 181.673687][ T7740] panic+0x349/0x870 [ 181.677569][ T7740] ? check_panic_on_warn+0x21/0xb0 [ 181.682678][ T7740] ? __pfx_panic+0x10/0x10 [ 181.687078][ T7740] ? trace_irq_enable+0x2c/0x120 [ 181.692023][ T7740] ? _raw_spin_unlock_irqrestore+0xd8/0x140 [ 181.697919][ T7740] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 181.703798][ T7740] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 181.710107][ T7740] ? print_report+0x502/0x550 [ 181.714867][ T7740] check_panic_on_warn+0x86/0xb0 [ 181.719822][ T7740] ? handle_mm_fault+0x14f0/0x19a0 [ 181.724939][ T7740] end_report+0x77/0x160 [ 181.729183][ T7740] kasan_report+0x154/0x180 [ 181.733666][ T7740] ? handle_mm_fault+0x14f0/0x19a0 [ 181.738765][ T7740] handle_mm_fault+0x14f0/0x19a0 [ 181.743695][ T7740] ? __pfx_handle_mm_fault+0x10/0x10 [ 181.748974][ T7740] ? rcu_is_watching+0x15/0xb0 [ 181.753723][ T7740] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 181.760121][ T7740] ? lock_acquire+0xe3/0x550 [ 181.764719][ T7740] ? lock_mm_and_find_vma+0x9c/0x2f0 [ 181.770019][ T7740] exc_page_fault+0x2b9/0x8c0 [ 181.774689][ T7740] asm_exc_page_fault+0x26/0x30 [ 181.779525][ T7740] RIP: 0010:rep_movs_alternative+0x4a/0x70 [ 181.785316][ T7740] Code: 75 f1 c3 cc cc cc cc 66 0f 1f 84 00 00 00 00 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 df 83 f9 08 73 e8 eb c9 a4 c3 cc cc cc cc 48 89 c8 48 c1 e9 03 83 e0 07 f3 48 a5 89 c1 [ 181.805004][ T7740] RSP: 0000:ffffc90004a2fad0 EFLAGS: 00050246 [ 181.811058][ T7740] RAX: ffffffff84b11e01 RBX: 00000000201ac040 RCX: 0000000000000040 [ 181.819019][ T7740] RDX: 0000000000000000 RSI: ffffc90004a2fb60 RDI: 00000000201ac000 [ 181.826974][ T7740] RBP: ffffc90004a2fc10 R08: ffffc90004a2fb9f R09: 1ffff92000945f73 [ 181.834931][ T7740] R10: dffffc0000000000 R11: fffff52000945f74 R12: 0000000000000040 [ 181.842888][ T7740] R13: 0000000000178580 R14: 00000000201ac000 R15: ffffc90004a2fb60 [ 181.850860][ T7740] ? _copy_from_user+0x61/0xe0 [ 181.855651][ T7740] _copy_to_user+0x86/0xb0 [ 181.860077][ T7740] rng_dev_read+0x3be/0x6d0 [ 181.864573][ T7740] ? __pfx_rng_dev_read+0x10/0x10 [ 181.869765][ T7740] ? security_file_permission+0x7f/0xa0 [ 181.875307][ T7740] ? rw_verify_area+0x52a/0x6b0 [ 181.880149][ T7740] vfs_readv+0x6c2/0xa90 [ 181.884391][ T7740] ? __pfx_rng_dev_read+0x10/0x10 [ 181.889395][ T7740] ? __pfx_vfs_readv+0x10/0x10 [ 181.894146][ T7740] ? __pfx_do_futex+0x10/0x10 [ 181.898911][ T7740] __x64_sys_preadv+0x1c7/0x2d0 [ 181.903791][ T7740] ? __pfx___x64_sys_preadv+0x10/0x10 [ 181.909156][ T7740] ? rcu_is_watching+0x15/0xb0 [ 181.913914][ T7740] ? rcu_is_watching+0x15/0xb0 [ 181.918674][ T7740] do_syscall_64+0xf3/0x230 [ 181.923166][ T7740] ? clear_bhb_loop+0x35/0x90 [ 181.927829][ T7740] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 181.933793][ T7740] RIP: 0033:0x7f9148575bd9 [ 181.938194][ T7740] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 181.957804][ T7740] RSP: 002b:00007f91493f8048 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 181.966223][ T7740] RAX: ffffffffffffffda RBX: 00007f9148703f60 RCX: 00007f9148575bd9 [ 181.974206][ T7740] RDX: 0000000000000001 RSI: 0000000020000240 RDI: 0000000000000004 [ 181.982356][ T7740] RBP: 00007f91485e4e60 R08: 0000000000000000 R09: 0000000000000000 [ 181.990326][ T7740] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 181.998278][ T7740] R13: 000000000000000b R14: 00007f9148703f60 R15: 00007ffda8f6f248 [ 182.006261][ T7740] [ 182.009567][ T7740] Kernel Offset: disabled [ 182.014082][ T7740] Rebooting in 86400 seconds..