last executing test programs: 3m48.261691831s ago: executing program 32 (id=122): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x2b, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="4400000010000304000000000000000000007400", @ANYRES32=r2, @ANYBLOB="0000000000000000240012800b000100627269646765000014000280060027000000000005002d"], 0x44}, 0x1, 0x0, 0x0, 0x40800}, 0x0) 3m33.022976075s ago: executing program 1 (id=183): mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x200000e, 0x64833, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) 3m32.082364198s ago: executing program 1 (id=187): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x2000) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000280)={0x0, 0x1, 0x0, 'queue0\x00', 0x1}) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r1, 0x402c5342, &(0x7f00000000c0)={0x0, 0x7a120, 0x7}) 3m31.476599286s ago: executing program 1 (id=190): r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000007, 0x38011, r0, 0x0) r1 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f0000000340)={&(0x7f0000000000)=""/59, 0x304000, 0x800, 0x0, 0x3}, 0x20) 3m30.816198546s ago: executing program 1 (id=193): syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x0, &(0x7f0000000000), 0x1, 0x512, &(0x7f0000000380)="$eJzs3d9rY1kdAPDvvW1mOzNdk1WRdcF1cVc6i07Sbt3dIqLriz4tqOv7WNu0lCZNadJ1Whbt4H8ggoJPPvki+AcIwzz4B8jAgL6ID6KiiM7og6DOlSQ3TidN2rrTNp3m84HTnHPvzf2ec0NO7o/TewMYWy9FxFsRMRERr0ZEMZ+e5in2uqm93IP77y21UxJZ9s5fk0jyab11tcuTEXE1f9tURHztyxHfTA7Gbe7sri/WatWtvFxp1TcrzZ3d62v1xdXqanVjfn7ujYU3F15fmM1yT9TOUi/zky99/vanv/W7G3++9u12tT73kShEXztOUrfphc626Glvo63TCDYCE3l7CqOuCAAAx9Lex/9gRHyis/9fjInO3lyfiVHUDAAAADgp2Rem499JRAYAAABcWGlETEeSlvOxANORppfycwMfjitprdFsfWqlsb2x3J4XUYpCurJWq87mY4VLUUja5bl8jG2v/FpfeT4inouI7xcvd8rlpUZtecTnPgAAAGBcXO07/v9HMe3kjzbg/wQAAACA86s0tAAAAABcFA75AQAA4OLrP/6/PaJ6AAAAAKfiK2+/3U5Z7/nXy+/ubK833r2+XG2ul+vbS+WlxtZmebXRWO3cs69+1PpqjcbmZ2Jj+2alVW22Ks2d3Rv1xvZG68baY4/ABgAAAM7Qcx+/8+skIvY+e7mTIr8PIMBj/jDqCgAnaWLUFQBGxl28YXwVRl0BYOSSI+YbvAMAAE+/mY8evP7fe/6/cwNwsRnrAwDjx/V/GF8FIwBhrKUR8YFu9plhywy9/v/L40bJsoi7xf1TnF8EAICzNd1JSVrOjwOmI03L5YhnI9JSFJKVtVp1Nj8++FWx8Ey7PNd5Z3LkmGEAAAAAAAAAAAAAAAAAAAAAAAAAoCvLksgAAACACy0i/VPSuZt/xEzxlen+8wOXkn8W44954Ufv/ODmYqu1Ndee/rfOs7wuRUTrh/n014Y+PgwAAAA4acne0Fnd4/T8de5MawUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAGHhw/72lXjrLuH/5YkSUBsWfjKnO61QUIuLK35OY3Pe+JCImTiD+3q2IeH5Q/CQeZllWymvRHz+NiMunHL/U2TTD4189gfgwzu60+5+3Bn3/0nip8zr4+zeZpyc1vP9L88jPd/q5Qf3fswfWVh8Y44V7P6sMjX8r4oXJwf1Pr/9NhsR/+cDa/pVl2cEY3/j67u6w+NmPI2YG/v4kj8WqtOqblebO7vW1+uJqdbW6MT8/98bCmwuvL8xWVtZq1fzvwBjf+9jPHx7W/isD4v/2N93+97D2vzJspX3+c+/m/Q91s4VB8a+9PPD3dyqGxE/z375P5vn2/Jlefq+b3+/Fn9598bD2Lw/Z/kd9/teO2f5Xv/rd3x9zUQDgDDR3dtcXa7Xq1iGZqWMs8zRmfjF1Lqrxf2ay73Q/ufNSn/ebae+tPprSa9U5qNi+THZmsSbinDT5f5mRdksAAMApeLTTP+qaAAAAAAAAAAAAAAAAAAAAwPg6i9uJ9cfcG01TAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAO9d8AAAD//ysA4A0=") mount(0x0, &(0x7f0000000480)='./file0\x00', &(0x7f0000000380)='devtmpfs\x00', 0x4000, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x0) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, 0x0, 0x262) 3m28.71067765s ago: executing program 1 (id=202): r0 = landlock_create_ruleset(&(0x7f0000000040)={0x0, 0x3}, 0x10, 0x0) landlock_restrict_self(r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000280)={0xa, 0x4e22, 0x9, @loopback, 0x6}, 0x17) 3m27.730658452s ago: executing program 1 (id=205): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x18) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x84, &(0x7f0000000180)={0x0, @in={{0x2, 0x4e20, @empty}}, 0x7, 0x4002}, 0x90) 3m24.764731757s ago: executing program 33 (id=205): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x18) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x84, &(0x7f0000000180)={0x0, @in={{0x2, 0x4e20, @empty}}, 0x7, 0x4002}, 0x90) 2m30.531548957s ago: executing program 5 (id=487): r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff) write$binfmt_elf64(r0, &(0x7f0000001700)={{0x7f, 0x45, 0x4c, 0x46, 0x56, 0x4, 0x0, 0x9, 0x87fff, 0x2, 0x3e, 0xffffffec, 0x398, 0x40, 0x56, 0x0, 0x0, 0x38, 0x0, 0x0, 0x2}}, 0x40) close(r0) execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x1000) 2m29.885891389s ago: executing program 5 (id=491): syz_mount_image$ext4(&(0x7f00000000c0)='ext2\x00', &(0x7f0000000100)='./file0\x00', 0x804810, &(0x7f0000000000), 0x26, 0x756, &(0x7f00000002c0)="$eJzs3M1rXOUaAPDnnGaafuTeyYUL9+pChBZaKD1Jmk27aty4KxQKbmtITkLISSZkJrUTC7auhdpsFARR1y7dCqX+Ae6koOBeEK1xIW5GzuSjNGam0ybpSPr7wcl53vP1vE/m8GYO5D0BvLReL38kEUMRcTUiqpvb04g42o6ORdzeOG790a2pckmi1br2S1KeFuut6va1ks31yWifEv+PiAeViHPv/z1vvbk6P1kU+fJme6SxsDRSb66en1uYnM1n88Wx8UujF8fHL46OP7WG//VY6+m3Lh2/9+2ba2vffdW4+9rA+SQm2nXHZm09XuaZbPxOKjGxY/viQSTro6TfHQAAoCfl9/wjETHQ/pZajSPtCAAAADhMWoMtAAAA4NBLot89AAAAAA7W1v8BbM3tPah5sJ38/EZEDO+Wf6A9hzjiWFQi4sR68sTMhGTjNNiT23ci4v7Ezvvvi/IOu73Ha4/uaD85R/roHq/Ofrhfjj8Tu40/6fb4E7uMPwNb707Yo87j3+P8RzqMf1d7zPH1p69UOua/E/HqwG75k+38SYf8b/eY/+7aB/c67Wt9HnFm178/yRO5urwfYmJmruj6+oEHf5592K3+E53yJ93rX+qx/nfXf5vvNJaU+c+e6v7575a/vCc+3OxHGhH3Ntdle21HjlML33/Trf7piNbzfP6f9Vj/j18O3uzxUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGhLI2IokjTbjtM0yyJORsR/40Ra1OqNczO1lcXpcl/EcFTSmbkiH42I6kY7Kdtj7fhx+8KO9nhE/OeH4xtJ54o8m6oV0/0uHgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgG0nI2IokjSLiDQifq+maZZFDPRw7uAL6B8AAACwT4b73QEAAADgwHn+BwAAgMPveZ//k33uBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHCoXb1ypVxa649uTZXt6RvNlfnajfPTeX0+W1iZyqZqy0vZbK02W+TZVG3hadcrarWlsUuxcnOkkdcbI/Xm6vWF2spi4/rcwuRsfj2vvJCqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeFZD7SVJs4hI23GaZlnEvyJiOCrJzFyRj0bEvyPiYbUyWLbH+t1pAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9l29uTo/WRT5skAgeGHBexHxD+hGl6DfIxMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP1Qb67OTxZFvlzvd08AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADor/SnJCLK5Uz19NDOvUeTP6rtdUS888m1j25ONhrLY+X2X7e3Nz7e3H6hH/0HAACAl8LlZzl46zl96zkeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgV/Xm6vxkUeTLewsuR3O1lXQ4pt81AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAz+evAAAA//8KQsc4") r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62181) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue0\x00'}) write$sndseq(r0, &(0x7f0000000300)=[{0x84, 0x77, 0x0, 0x0, @tick, {0xfd}, {0x7}, @raw32={[0x2, 0x0, 0x8000000]}}, {0x2, 0x0, 0x5, 0x83, @tick, {0xfd, 0x1}, {}, @note={0x81}}, {0x6, 0x3, 0x9, 0x1, @tick=0x1, {0x10, 0x5}, {0xc, 0x2}, @control={0x3, 0xa, 0x7fff}}], 0x54) 2m28.908358284s ago: executing program 5 (id=495): r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'xfrm0\x00', 0x0}) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000000)=0x3, 0x4) sendto$packet(r0, &(0x7f00000000c0)="3f031c00eee8140006001e0089e9aaa911d7c2290f0086dd1327c9167c643c4a1b7880610cc9", 0x26, 0x0, &(0x7f0000000540)={0xc9, 0x0, r1, 0x1, 0x0, 0x6, @multicast}, 0x14) 2m28.254712501s ago: executing program 5 (id=501): mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount$nfs4(&(0x7f0000000040)='/', &(0x7f0000000280)='./file0\x00', 0x0, 0x97801, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x112) 2m27.413138255s ago: executing program 5 (id=507): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000002300000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f00000000c0)='netlink_extack\x00', r0}, 0x10) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=@newnexthop={0x17, 0x68, 0x1, 0x70bd2d, 0x7ffffffc}, 0x18}, 0x1, 0x0, 0x0, 0x24008000}, 0x4000) 2m26.698867662s ago: executing program 5 (id=510): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000001440)={'\x00', 0x2}) ioctl$TUNSETOFFLOAD(r0, 0x400454c9, 0x9) ioctl$TUNSETLINK(r0, 0x400454cd, 0x6) 2m24.554950974s ago: executing program 34 (id=510): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000001440)={'\x00', 0x2}) ioctl$TUNSETOFFLOAD(r0, 0x400454c9, 0x9) ioctl$TUNSETLINK(r0, 0x400454cd, 0x6) 1m45.16878295s ago: executing program 7 (id=721): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r0, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f0000000000)=[{{0x0, 0x0, 0x0}, 0xffff36bf}], 0x1, 0x0, 0x0) close(0x3) 1m43.631108486s ago: executing program 7 (id=725): r0 = socket$inet6(0xa, 0x3, 0x8000000003c) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) setsockopt$inet6_int(r0, 0x29, 0x3e, &(0x7f0000000200)=0x1ff, 0x4) sendmsg(r0, &(0x7f00000000c0)={0x0, 0x9504, &(0x7f0000000100)=[{&(0x7f0000000000)="2b10", 0xffbd}], 0x1, 0x0, 0x0, 0x2c}, 0x4) 1m42.958982491s ago: executing program 7 (id=727): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_ro(r0, &(0x7f0000000040)='blkio.bfq.sectors\x00', 0x0, 0x0) preadv2(r1, &(0x7f0000000280)=[{&(0x7f00000008c0)=""/211, 0xd3}], 0x1, 0x0, 0x0, 0x0) 1m42.266698772s ago: executing program 7 (id=731): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101097, 0x0) mount$bind(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b100a, 0x0) umount2(&(0x7f00000002c0)='./file0\x00', 0xc) 1m41.613082248s ago: executing program 7 (id=734): r0 = epoll_create1(0x0) r1 = epoll_create1(0x80000) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000200)={0x2000}) 1m41.083347668s ago: executing program 7 (id=738): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000280)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_STATION(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)={0x34, r1, 0x1, 0x70bd2a, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x4}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6, 0x12, 0x79c2}]}, 0x34}, 0x1, 0x0, 0x0, 0x40041}, 0x0) 1m38.988469528s ago: executing program 35 (id=738): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000280)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_STATION(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)={0x34, r1, 0x1, 0x70bd2a, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x4}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6, 0x12, 0x79c2}]}, 0x34}, 0x1, 0x0, 0x0, 0x40041}, 0x0) 1m4.017749097s ago: executing program 2 (id=921): r0 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000240)=@newqdisc={0x80, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x50, 0x2, {{0xfffffffb, 0x3, 0x8, 0x3, 0x0, 0x5}, [@TCA_NETEM_ECN={0x8}, @TCA_NETEM_SLOT={0x2c, 0xc, {0xd, 0x10, 0x0, 0x5, 0x0, 0x8000000000000001}}]}}}]}, 0x80}, 0x1, 0x0, 0x0, 0x800}, 0x0) 1m3.385685733s ago: executing program 2 (id=925): openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000880), 0x81, 0x0) r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) 1m2.269403539s ago: executing program 2 (id=928): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000002304e800000000000000ea850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f00000001c0)='netlink_extack\x00', r0}, 0x10) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000002780)={&(0x7f0000002880)=@newnexthop={0x24, 0x68, 0x1, 0x100003, 0x7ffffffd, {}, [@NHA_GROUP={0xc, 0x2, [{0x2, 0x9}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x4008018}, 0x4040050) 1m1.607964395s ago: executing program 2 (id=933): syz_mount_image$udf(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x4010, &(0x7f0000000200)=ANY=[], 0xfe, 0x4db, &(0x7f0000000640)="$eJzs20tsG9UXx/Hf8Tiu46b/f/ogbVHVRgKJ0NI2j5K2ChL0QQSiL9IGRMVDoXFKaB5VnEJTtbRLYMeiS5ZsWLBghdiiSiwRC1SEukAq3bDxirID3fGMZ+wmsd0ktkO+H0TvzPjYufccz8y9li0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAdfflId481uhcAAKCeTp0d6u7j/g8AwJpyjvU/AADAWmLy9JtMey/l7aS/X5A+MT515erw8cH5n9ZqMiXk+fHu/3RPb9+B5/sPHgrbxZ+/3Lbr9NlzRzqPTU9ensnmctnRzuGp8QvTo9mqX2Gpzy+3209A5+SlK6NjY7nO3n19JQ9fbX+wbn1H+0D/O8dSYezw8cHBs7GYZMtj//VHLDTDT8nTszJ9+N03dkpSQkvPRYX3zkpr9Qex2x/E8PFBfyAT4yNTs+5BSwRRidKcpMIc1aEWS5KQXL8stTxrthZ5+l6mo/vzdlqSF+Zhj//BcFX9aYSkW7pK6tIqqFkTWydP78l0Z3+7zgR59eufkq43unNYccng/J+2vL3uXw/c+eQumyfe6Hx1amw6FmuJ4IxqqvtDzSd567L82Wo1+bUpLU+n/TM+b0Pa1ejuoM5a5WlSptQXH/nzCvnz0v8PHNy563B8hrG1wuu42H3ByVXNPbklmDpYwv23/ONCddLm6Q+ZHv6a9ve7oivqLVtw1SDp9zp1ECvLPE3I9PeNvFnZutSLre+LmureX7PWFe5/a/rY9OW5mfGLH8zO+3gmfeT93OzMyIX5Hy6sXb34kUrr2HKJ2pZkGSus+D79OF98XrAG2FDYi3rz1fXovdBV1obi759qtqtexdYwj3J9MvN0X6axd7cV7jPK1JybtcDVf1CmXP4nCysd1D9Z2IvV/4Uof2krbYv82v6v8LlWOJfYfn7LQsdXov6uT67+b8l09K9twWcahfp7ZbEurkOmt2/vCOISKReXDIdTeMWx8Ylst4v9R6ZNP4ax8mMzQezmKLbHxeZk+uxOaez6IHZLFNvrYu/KdO+X+WOfiGL7XOycq9e9zjA242J3BrEdUey+C9MTowulM0ybq3+vTG/efMXCMS9Y/9j5f6usLXqk5otvL1f922PHbgV1PR/UP1mh/p/LNPfnjnDcfu7D/Gz0/43q7+bK394ujQ0XlJui2J5qh9Vorv4bZXrw4t3imIOxBbtRheL1fzJZ2hbzupT6JxfpaIX6b4wdaw/6lXqMfKw1ublrl0YmJrIzbJRtfL1BaoJusFH7xpnm6Mbq3mj0lQn14O7/Q+6u3u9ZOI8J7v9thb1oxvTwk+j+PyC9FLSlGjT/2xQ7NhDMWlqSUnp28nLLVimdm7u2d3xy5GL2Ynaq70B/d+/hA919h1pS4eQu2qolfaueq/8emW788HNxHVM6/5t//p8pa4saVP/N8TGVzGuqTsWa5OrfJlP//bvF9eZi8/9w/d/1VGlbPP8aVP8tsWPtQb/aaswFAAAAAAAAAAAAAAAAAKwmGfP0tExXh56z8DdE1Xz/b7SsLSr5ntdrwWss6ftfhR8mV/j+V0fs2GidftdQfZYBAAAAAAAAAADqJyFPX8r0jPJ20x1ok07GW/yn/RsAAP//ywhE8A==") syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000180)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@verity_on}]}) openat$dir(0xffffffffffffff9c, &(0x7f0000000400)='./file0/file2\x00', 0x0, 0x0) 1m0.326552579s ago: executing program 2 (id=949): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="3400000011000100000000000000000007000000", @ANYRES32=r2, @ANYBLOB="000000002000000014001a80100003"], 0x34}}, 0x0) 58.845689882s ago: executing program 2 (id=945): syz_mount_image$minix(&(0x7f0000000040), &(0x7f0000000240)='./file0\x00', 0x0, &(0x7f0000000400)=ANY=[], 0xfe, 0x228, &(0x7f00000004c0)="$eJzs28tOE2EUAODTUmliTNy7cSGJLpQW1AgrJcH7/fICBCohFm+4EGKibHwPnkyWblj4Aoxhqta2TC9SOhK+L2nmz5z/zH+mmTMzXTSA46sUUYhCzEdEkiSfP04k5bxLAkYj6WfS+OGtv5sM6trAGUCWsb023M67CmD0dubS/o/tiPj249Pi7898n8/vnbliuv3Sln+z3/zNQro9U2rNvxURt3tmF3aTrUb++bb17wy4/sm2/Lt95zfO/8K51vx7EXE/Ih5ExMOIeBQRjyPiSUQ83Wf9pbb1X7Stk5zusyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB/VIjJzp3fk7/j+0xoKsbLlXqtmhk/kcanMqJbp8bT+HRmfiN+OTNeTuOTi2/qS0m5W6FAh2JL/xc74r36f6xH/5e69j+Qp7X1jVcL9Xrt/QEHe7eOYRznYhz0ONeHUUbH4F1EdJ2zOawvcyIihly8wZ9BeYjX/GCDG92vn/9ukPedCThslQ+rbytr6xuXVlYXlmvLtddTs9PVKzMzs9WrlfTNvpL5fu/nNhxxzYd+c9/XX9uzeRUFAAAAAAAAAAzkWUQ8z7sIAABgJEbxd6K8zxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAo+9nAAAA//9zGM9s") munmap(&(0x7f0000001000/0x3000)=nil, 0x3000) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x101000, 0x108) getdents64(r0, &(0x7f0000000f80)=""/4096, 0x1000) 57.650225945s ago: executing program 36 (id=945): syz_mount_image$minix(&(0x7f0000000040), &(0x7f0000000240)='./file0\x00', 0x0, &(0x7f0000000400)=ANY=[], 0xfe, 0x228, &(0x7f00000004c0)="$eJzs28tOE2EUAODTUmliTNy7cSGJLpQW1AgrJcH7/fICBCohFm+4EGKibHwPnkyWblj4Aoxhqta2TC9SOhK+L2nmz5z/zH+mmTMzXTSA46sUUYhCzEdEkiSfP04k5bxLAkYj6WfS+OGtv5sM6trAGUCWsb023M67CmD0dubS/o/tiPj249Pi7898n8/vnbliuv3Sln+z3/zNQro9U2rNvxURt3tmF3aTrUb++bb17wy4/sm2/Lt95zfO/8K51vx7EXE/Ih5ExMOIeBQRjyPiSUQ83Wf9pbb1X7Stk5zusyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB/VIjJzp3fk7/j+0xoKsbLlXqtmhk/kcanMqJbp8bT+HRmfiN+OTNeTuOTi2/qS0m5W6FAh2JL/xc74r36f6xH/5e69j+Qp7X1jVcL9Xrt/QEHe7eOYRznYhz0ONeHUUbH4F1EdJ2zOawvcyIihly8wZ9BeYjX/GCDG92vn/9ukPedCThslQ+rbytr6xuXVlYXlmvLtddTs9PVKzMzs9WrlfTNvpL5fu/nNhxxzYd+c9/XX9uzeRUFAAAAAAAAAAzkWUQ8z7sIAABgJEbxd6K8zxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAo+9nAAAA//9zGM9s") munmap(&(0x7f0000001000/0x3000)=nil, 0x3000) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x101000, 0x108) getdents64(r0, &(0x7f0000000f80)=""/4096, 0x1000) 52.398474024s ago: executing program 4 (id=976): r0 = syz_mount_image$nilfs2(&(0x7f0000000000), &(0x7f0000000e00)='./file0\x00', 0x10000, &(0x7f0000000940)=ANY=[], 0x0, 0xdab, &(0x7f0000000e80)="$eJzs3ctvXNX9APBzx544L36x8wuNm6ZJSkigj9iQumklNkaii1KE1CVLmgaa1gmP0AUoi5RFV0i1hPgDipDIpuqi6oJNFbGiG1Sp+wqx6iaVkLJAUcCV7XPG429mdGcc2+PxfD7SnTP3fs+955x53LlzXycBI6ux8jg3N12l9N5H7z7zr7O/+NvylJOtHKdWHsfz2HxKqdmaL6XJsLz5idX0qy+uX2xPv85plc6nKlWt6en52615D6SUbqRT6VaaTE+9cOfeh4vPPrc4debm0Xc+vbs1rV9TbXUBAACwA3z58w9e+8djP70+dfcvJ+bTRGt62T6fz+MH83b/fN5QLtvL5X9A1ZZWHban94R843lohHxjHfK1l9MM+ca7lL8nLLfZJd9ETfljbdM6tRuG2dr/+Koxs2680ZiZWf1PvuyzsT3VzNXLCy9dG1BFgU1352TexWcwGEZuWDo06DUQwKp43PA+Nzb3SF1raeO9lX/76Ubn+WETbPfnX/nDVf4Hv7fGYfPs1k9TaVf5Hh3M4/E4wniYr9/vf1lePB7R7LGe3Y4jDMvxhW71HNvmemxUt/rHz8Vu9e2cltfhRIi3f3/iezos7zHQ2Zf2/xsMIzssDXoFBOxY8by5pazE43l9MT5RE99bE99XE99fEz9QE4dR9tc3/pgWq7X/+fE/fb/7w8p+tody+n991ifuj+y3/Hjeb78etPx4PjHsZL8898mf7/zu1j/j+f9fh/P/T+ff0sm8gij7C+N+9da5/+HC4EaXfIdDfR7qkH/l+ZH1+aoja8tJbeuZ++oxvX6+Q93yHV+fbzLk25+3RfaG+sbtk/1hvrL9Udar5fUaD+1thnbsCfUo78xUTveG9kx1a1fYkb0n5Gvm4f9Du46Edj0c5vtGaFc1vb5dcf95qc/RMD0eJyn5wtt23+9SfC/idRmP5PTtnL6f049z+nmHckdR+Tx2O/+/fD6nU7N66fLCpSfyePmcfjLWnFie/uQ21xt4cL1e/zOd1l//c7A1vdloXy8cWpteta8XJsP0812m/zCPl9+zX4/tW5k+c/GVhV9tduNhxF17863fvriwcOl1TzzxxJPWk0GvmYCtNvvGlVdnr7351rnLV158+dLLl65e+MmPzj8x9+MLF2ZXNutn2zfugV1l7Ud/0DUBAAAAAAAAAAAAelbt6zw5p3X3ty3Xk5fr0+P18QyH8r6VT0O5j0G5/rPbfV3K9ZtT21BHNt92XE406DYCnf3X/X8NhpEdlpbcxR/YGQbd/1+572FJr/79Z3uXh5Lt9tPr15fx/oXwIHZ6/3PK3139/7X6v+p5/Rd6zJrcWLlX7j16s63YdKzX8mP7y31gj/RX/tVcfmnN2dRb+Ut/CuXHG5X26JVQ/v4ey7+v/cc3Vv6rufzysj1+utfyV2tcNdbXI+43LvcBjPuNi9dC+8u9/fpu/wY7ans9lw+jbFj6mezXsPT/2U1ZblkP5tVz6zhduf927O+g3/qX+36X34GHw/Krmt83/X8Ot7r+P8vnb1b/n7DrfOb4n8EwssPS0tJAuz4Z1X5XdopBv/6D3oYcdPmDfv3rxP4/4/+l2P9njMf+P2M89v8Z47F/rRiP/X/G1zP2/xnjR8NyY/+g0zXxb9bEj9XEv1UTP14Tj//fYvxUTfxETfxkTfxwTfyRmvjpmvijNfEzNfHHauKP18R3u+/kdFTbD6Ms9hvp+w+joxz/6fb9P1ITB4ZX7Nc5fr/P1sSB4VXO8/D9hhFUdb5jR9zfXvbjvp3T93P6cU4/37IKsh2+m9Pv5fT7Of1BTs/ldCansznVNeRw+8N/jp1YrNbO8zsU4r2eTxqvB4j3iXmyx/rE43P9ns96tMdytqr8DV4OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA0GiuPc3PTVUrvffTuM/8+95vDy1NOtnKcWnkcz2PzKaVmSqnK4+NheTcmVtOvvrh+sVNapfMrj2U8PX+7Ne+B5fnTqXQrTaanXrhz78PFZ59bnDpz8+g7n97dmtavqba6AAAAABig/wUAAP//vrPsgA==") r1 = openat(r0, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) setuid(0xee01) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r1, 0x40106e8c, 0x0) 50.892313567s ago: executing program 4 (id=982): syz_mount_image$ext4(&(0x7f0000000bc0)='ext4\x00', &(0x7f0000000040)='./bus\x00', 0x10000, &(0x7f00000002c0), 0x2, 0xbd1, &(0x7f0000001340)="$eJzs3M1rHOcZAPBnRquVbKtduZRS91KVUmwoXUsuMrUp1C4uvfRQaK8Fq/LKCK0/kFRcyTqskn8gX+dALoEkJiGH+OxLQnLNJbGvCTkETFCsBEJIFGY/pI2lleR4V6PIvx+8mvedd7TP8+ywO/PC7gbwxBrJ/qQRxyLiYhJRau5PI6JY7w1G1BrHra4sTX65sjSZxNravz5LIomIBytLk63HSprbI83BYES8/9ckfvb05rhzC4szE9VqZbY5Pjl/5frJuYXFP0xfmbhcuVy5Onb6T+Onxk+PnhnvWq1ffXTu9he/+fsnta9f/ebW58+/nMS5GGrOtdfRLSMxsv6ctCtExES3g+Wkr1lPe51JYYd/SnucFAAAHaVt93C/iFL0xcbNWyne/iDX5AAAAICuWOuLWAMAAAAOuMT6HwAAAA641ucAHqwsTbZavp9I2Fv3z0fEcKP+1WZrzBSiVt8ORn9EHH6QRPvXWpPGvz22kYj4+N6ZN7IWPfoe8nZqyxHxy63Of1Kvf7j+Le7N9acRMdqF+CMPjX9M9Z/rQvy86wfgyXTnfONCtvn6l67f/8QW17/CFteuHyLv61/r/m910/3fRv19He7//rnLGDdfefFGp7ms/j/f/tvrrZbFz7aPVdQjuL8c8avCVvUn6/UnHeq/uMsYpW9vVDrN5V3/2ksRx2Pr+luS7X+f6OTUdLUy2vi7ZYzl98Zf6xQ/7/qz83+4Q/2t33/qdP6v7zLGfy5ceHPTznsb3e3rTz8tJv+u94rNPf+fmJ+fHYsoJv/YvP/U9rm0jmk9Rlb/id9u//rfqv7sPaHWfB6ytcByc5uNn3oo5l9u3XyrUz6t9V+e5/9Sh/PfXv+7hc3n/5ldxvjdO8+d6DTXvv7NWha/tRYGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgJY0IoYiScvr/TQtlyOORMTP43BavTY3//upa/+7eimbixiO/nRquloZjYhSY5xk47F6f2N86qHxHyPiaES8UDpUH5cnr1Uv5V08AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA645ExFAkaTki0ohYLaVpuZx3VgAAAEDXDeedAAAAANBz1v8AAABw8Fn/AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0GNHf33nbhIRtbOH6i1TbM7155oZ0Gtp3gkAuenLOwEgN4W8EwBy84hrfLcLcAAlO8wPdpwZ6HouAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOxfx4/duZtERO3soXrLFJtz/blmBvRa2tZPcswD2Ht9200W9i4PYO95icOTyxof2GntP7hxTO37MwM9ywkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/Weo3pK0HBHF5r5yOeInETEc/cnUdLUyGhE/jYgPS/0D2Xgs55wBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADovrmFxZmJarUym3XSaHbW9/Sg09eM3MMQvekkjbxr+yWfg90ZeHanY/4bjxmiGPui0n3ayfNdCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAvMwtLM5MVKuV2bm8MwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADyNrewODNRrVZme9jJu0YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPLzXQAAAP//jAsGRw==") r0 = socket$nl_netfilter(0x10, 0x3, 0xc) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000000040)=0xc) quotactl$Q_QUOTAOFF(0xffffffff80000700, &(0x7f0000000180)=@loop={'/dev/loop', 0x0}, r1, 0x8cffffff00000000) 48.931094907s ago: executing program 4 (id=991): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000e00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r0}, 0xf) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x1204001, &(0x7f00000011c0)={[{@lowerdir={'lowerdir', 0x3d, '.'}, 0x3a}], [], 0x2f}) 48.082904831s ago: executing program 4 (id=994): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000500)='./bus\x00', 0x1000c40, &(0x7f00000002c0), 0x5, 0x51c, &(0x7f0000000700)="$eJzs3cFvI1cZAPBvZjebNE2bFCoVENClFBa0WjvxtlHVU7mAUFUJUXHikIbEG0Vx4ih2ShNWavI/IFGJA4ITZyQQHCr1xBHBDW69lANSgRWoQeJgNONx1t3YG3c3awv795NGM29mMt97Y8178RfHL4CJdTUijiLiSkS8ERHzxf6kWOKV9pKd99Gd22snd26vJdFqvf6PJD+e7Yuun8k8XlxzJiK++62IHyRn4zYODrdWa7XqXlEuN7d3y42Dwxub26sb1Y3qTqWyvLS8+NLNFysDtWNmgHOe3f7Vh9/cfPV77/7uCx/86ejrP8qqNVcc627HRWo3feo0TuZyRLz6KIKNwKWiPVdGXREeSBoRn4qI5/Lnfz4u5a/mYHo81gDA/4FWaz5a891lAGDcpXkOLElLRS5gLtK0VGrn8J6O2bRWbzSv36rv76y3c2ULMZXe2qxVF4tc4UJMJVl56e1s+265Eh8v34yIpyLix9OP5eXS2uB5BgDgYj1+z/j/7+n2+A8AjLmeH57pfn++Mry6AADDMciHZwGA8WL8B4DJc3f8nx1pPQCA4fH+HwAmj/EfACbN+53x/9KoawIADMV3XnstW1onxfdfr795sL9Vf/PGerWxVdreXyut1fd2Sxv1+katWlqrb593vVq9vrv0Quy/VW5WG81y4+BwZbu+v9Ncyb/Xe6U6NZRWAQD389Sz7/0liYijlx/Ll+iay8FYDeMtHXUFgJGR84fJ5Vu4YXJ5jw+T69fFf/yeN5dn348Iv/MAQVtvP8APARft2mfl/2FSyf/D5JL/h8kl/w+Tq9VK+s35n56eAgCMlU+Y4/cnARhDQ/37PwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIyJuXxZ6CqnaakU8URELMRUcmuzVl2MiCcj4s/TU9NZeWmkNQYAHl76t6SY/+va/PNz9x69kvxnOl9HxA9/+vpP3lptNveWsv3/PN3ffKfYXxlF/QGA83TG6c443vHRndtrnWWY9fnwG+3JRbO4J8XSPnI5LmerP87kkw7P/itplwvZ7yuXLiD+0XFEfKZX+5M8N7JQzHx6b/ws9hNDjZ9+LH6aH2uvs3vx6TNXnu4b87y5XmFSvJf1P6/0ev7SuJqvZ3pOfjyT91APr9P/nZzp/zrP+0ze1/Tq/64OGuOF33+777HjiM9d7hU/OY2f9In//IDx3//8F5/rd6z184hr0Tt+d6xyc3u33Dg4vJHd+OpGdadSWV5aXnzp5ouVcp6jLncy1d3aI8TfX77+ZN/2//K3RUd5Nv7MOe3/yn1b3TrtgH/x3ze+/6V+8Y8jvvbl3q//0/eJn42JXy22+/f0bauzv+k7fXcWf719/48/6et//Zy4HR/89XB9wFMBgCFoHBxurdZq1b0L3ZiKC75g10byiOpsYwQbMcRY2a/JD3udZ4qU2Wrn+ek+5w8/e/eZbN/I7+qFbIyuTwKG4+5DP+qaAAAAAAAAAAAAAAAA/TzyfydKR91CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAxtn/AgAA//8LKMVX") mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x1204001, &(0x7f00000011c0)={[{@lowerdir={'lowerdir', 0x3d, '.'}, 0x3a}], [], 0x2f}) chdir(&(0x7f00000001c0)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0xec3294b766e88361, 0x0) 46.949699205s ago: executing program 4 (id=1000): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000003900000008000300", @ANYRES32=r2, @ANYBLOB="24005a80200001800500040003"], 0x40}}, 0x0) 45.511242133s ago: executing program 4 (id=1005): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000001c0)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000440)='1', 0x1}], 0x1, 0x0, 0x0, 0x40044}}], 0x1, 0x20000001) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r0, 0x0, r2, 0x0, 0x39000, 0x0) 43.582532563s ago: executing program 37 (id=1005): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000001c0)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000440)='1', 0x1}], 0x1, 0x0, 0x0, 0x40044}}], 0x1, 0x20000001) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r0, 0x0, r2, 0x0, 0x39000, 0x0) 4.570530633s ago: executing program 9 (id=1140): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r0, &(0x7f00000007c0)={0x1f, 0x0, @any, 0x4}, 0xe) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x32, 0xffffffffffffffff, 0x2f35000) setsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0x7, &(0x7f0000000280)=0x1, 0x4) 4.26092631s ago: executing program 0 (id=1142): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) sendmsg$NFT_MSG_GETSETELEM(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)={0x30, 0xd, 0xa, 0x801, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x4}]}, 0x30}}, 0x8000) 4.246429117s ago: executing program 3 (id=1143): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r0}, 0x10) rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8) epoll_pwait(0xffffffffffffffff, 0x0, 0x0, 0x7, &(0x7f0000000200)={[0x2000007]}, 0x8) 4.171105145s ago: executing program 6 (id=1144): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=@framed={{}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000480)='kfree\x00', r1}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x2, 0x1, 0x19}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80) 4.080221776s ago: executing program 9 (id=1145): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x6, 0xe, &(0x7f00000008c0)=ANY=[@ANYBLOB="b7020000000f0000bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000006f6400000000000045040400010000001704000001000a00b7040000ff0100006a0a00fe0000000085000000be000000b70000000000000095000000000000009e17f199a68b06d83298a8cdc21ce784909b849d5550ad857d0454d8877a6db61d69f2ffcaa10350e11cb97c8adf1bc9a0c4eeceb9971e43405d621ffbc9ce000000d8ca56b50d0c010d631f6dde53a9a53608c10556e5734eb84049761451ce540c772e2d9f8004e26f7fcc059c062234d5595f6fbaa187b81d1106000000000fd60000fd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7e43c5cbd80450f859ce8122a79c3e40000b59b0fc46d6cec3c0802882add4e3179bd4a44f231b6d753a7be428ba953df4aece69311687f4122073a236c3a32efa04137d4524847d2638da3261c8162bb7c7824be6195a66d2e17e122040e1100000000928612a29fc691e4f1f7bd053abb885f39381f1759410b1059f05684261f332d606834669b49ec99320ca7712d7e79bd5bf5ed818ecc7640917f6a559a47db608fcf9f6c131b84e41c354c66838f72b9e12d36e996f316f0812ca83efb30c7f6c6d57c4a64590401eec22523dd712c680013e87f649a1ede7142ca9d5d8a8c9f9b440fe4331ad5532c74d9a31a5d737537f7a2caa30581253d14dd3e92af7dc836686365ae01bdec561c0402b67801267a8df97d2f85426a5963d4fa3e26cc05972c162f223f000000d999e80de00fcbcc02d0aed7bb8f7ba337d59c14f39dcd4aad4139ef6425a9367f1bd1467fc6b95a4df7669839771ce9d5788029901e5a79d8b9990ace8f74087f25ad50c46088000000008000"/686], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x3a, 0x10, &(0x7f0000000340), 0xd58495bc, 0x0, 0xffffffffffffffff, 0xffffffffffffff5b}, 0x42) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000c80)={r1, 0x2000012, 0x100e, 0x2, &(0x7f0000000c40)="63eced8e46dc3f2ddf33c9e9b986", 0x0, 0x7ffe, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 3.826252505s ago: executing program 8 (id=1146): madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r0 = syz_open_procfs$pagemap(0x0, &(0x7f0000000600)) mremap(&(0x7f000017a000/0x4000)=nil, 0x4000, 0x2000, 0x3, &(0x7f0000239000/0x2000)=nil) ioctl$PAGEMAP_SCAN(r0, 0xc0606610, &(0x7f0000000000)={0x60, 0x0, &(0x7f000007c000/0x4000)=nil, &(0x7f0000839000/0x1000)=nil, 0x0, 0x0, 0x0, 0xc, 0x4b, 0x0, 0x0, 0x2e}) 3.610838597s ago: executing program 0 (id=1147): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x8, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESDEC=0x0]) mount(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000280)='autofs\x00', 0x201000c, &(0x7f0000000040)) openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0/file1\x00', 0x20400, 0x20) 3.575659932s ago: executing program 3 (id=1148): syz_open_dev$usbmon(&(0x7f00000005c0), 0x0, 0x2) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0) pselect6(0x40, &(0x7f0000000100)={0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xfffffffffffffffd, 0xffffffffffffffff, 0x0, 0xfffffffffffffffd}, 0x0, &(0x7f00000001c0)={0x1f, 0x0, 0x0, 0x0, 0x4, 0x1, 0x1}, 0x0, 0x0) write$P9_RSTATu(r0, &(0x7f00000004c0)=ANY=[@ANYBLOB="930200007d00000005f0000000000000000000000000000000000000000000000000000000000000000000000000000000001f00206e6f6465767b6376666f7892ffffff8102000000000031ffcebc920000003800704a86cec602007dfa673effeb09b5351f5bde05f7"], 0x232) 3.524868176s ago: executing program 6 (id=1149): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'netdevsim0\x00', 0x0}) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x1, 0x3, 0x261, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', r1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000000)={r2, 0x0, 0x0}, 0x20) 2.920079546s ago: executing program 6 (id=1150): r0 = socket(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000d00)=@newqdisc={0x3b4, 0x24, 0x3fe3aa0262d8c783, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0xa}, {0xffff, 0xffff}, {0xfff1}}, [@qdisc_kind_options=@q_choke={{0xa}, {0x384, 0x2, [@TCA_CHOKE_PARMS={0x14, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}}, @TCA_CHOKE_STAB={0x104, 0x2, "547d9ed0effe82c024750032ea49f09c72384049bcc87e42ca7e2c78d6a85178e447e32b5f4e4fabff6fb16a40901dc4221e42eb745b6332c476d0c3aefed8dc95af179570cf8cc43bc29eb93c6e78f5e1153d3d7c1542f77dc4b29877e2002685e850f2969cf2164fbf8db7e1713786899d2a8ab03ca5accb2e9b50e1fb7a4e3681b35f0f68461daa4f4e1583b9a02195dee35ae7c8bca085399157d5f30c2ec691c39267b2655c782b363a11645a0c78a39fab8c0ce69f11f2db45ee16e2975a80664f687d01bd7444244a25bdb9ec5b0fa8b1afc0254ddbca2e22ca1b189502b74d7ec4665c23804df713183d428f50a0d64e31e110c707eb3fe69f437992"}, @TCA_CHOKE_PARMS={0x47}, @TCA_CHOKE_PARMS={0x14}, @TCA_CHOKE_MAX_P={0x8}, @TCA_CHOKE_STAB={0x3d, 0x2, "dc542b4e237011fb38ddb228806571a8633206e26df63a43bbc516382325dedd79c1cf0a26379dfaf72cb5ab9ab7efe16f312ee9ab598d1ac0d7903ac69c51f1b6842ebecf00dec5deff737b59f0c1f0b57cc6c2b7b8c5b2c527aafa57222f4bd2355ccab39fa20d4033b6b687491532080101805feb9c6fa8a56a77186efcb394ce1a1cd7f2130835e3bf9e3ac25d0a102a808be13beb51f37da6d10046f131834545ee5013f43e41e91eb18a12c28540ab4106286e0f7568f6a9cd0c0da51df08e42848096b25d455ebec9adfd6e493d8c9725bc2d49bbbae0a5375b359f91d9dad20ed109ffbc52469cffd2cf5df7773f7a4c72ae167485315c326281efc4"}, @TCA_CHOKE_MAX_P={0x8}, @TCA_CHOKE_PARMS={0x14, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, 0x10}}, @TCA_CHOKE_PARMS={0x14}, @TCA_CHOKE_STAB={0x104, 0x2, "554b956aa3fcfbc4a187baf0437163b5d33108db016465f92a93480d2c246d90f03741da6ee916f7c9917dbd81da67d6150151679559af8402b932745d19fbfbd679c133c4714565f91cd05790d990818bac85598b6a844cb2c2d277aaca9a88ee0e6a834ba02b4e549f11fb13e9fe33730c55997f2d3b7e6469210db81587fc522295f49a78f4e08ddfb01172b12a19b303a0c47fa3500cdc3e6725a79dcd3731c37083c3bbe73c43e7e2ea82c72986a1499c677c565ea1cfc874e7e978e4ebe8d338f0b37807d40333ee570133982998623ec809826f1009856a9d9d8e839c65d3ead78c6b3cb8f7beee8e59f19de93d06628a2cdfa4333d96882b96c36cc3"}]}}]}, 0x3b4}}, 0x0) 2.756444401s ago: executing program 8 (id=1151): r0 = socket$inet(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0xfffffffffffffdc6, &(0x7f0000000780)={&(0x7f00000001c0)=@newqdisc={0xa4, 0x24, 0xf0b, 0x70bd2b, 0x0, {0x0, 0x0, 0x12, r1, {}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x74, 0x2, [@TCA_TAPRIO_ATTR_FLAGS={0x8, 0xa, 0x2}, @TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0x0, [0x8, 0x4, 0x2, 0x0, 0x8, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x8]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x10}]}}]}, 0xa4}}, 0x0) 2.56464437s ago: executing program 0 (id=1152): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x30, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8, 0x35, 0x5}]}, 0x30}}, 0x0) 2.448764635s ago: executing program 9 (id=1153): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_DEL(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)={0x14, r1, 0x1, 0x0, 0x0, {0x54}}, 0x14}}, 0x0) close(r0) 2.220825208s ago: executing program 6 (id=1154): syz_mount_image$hfsplus(&(0x7f0000000180), &(0x7f0000001480)='./file1\x00', 0xc00a, &(0x7f0000000040)=ANY=[], 0x11, 0x6ae, &(0x7f0000000400)="$eJzs3c1vHHcZB/DvrF83lRy3TdOAKtU0UkFENHGsFMIlASEUpApV4cDZIk5jZZMGx0VpD8QFJK4c+APKIVzgBEJISEiRyhluFTeLUyUkLj2lPTBoZmfttbtrb5Im69DPJ5qdZ+Y385tnnnnZl8iaAJ9bF05k8m7auXDitVvV9Oadpc7mnaVr3bjVSTKTpJVMdkcprifF+8n5dId8oZrZdFcM286vV89e/OCjzQ+7U5PZ7q96aQ9PcHKUvdhohiwkmWjGD2FHfz96sP5mtsNiqzJVwY73CgfjNpWk3OHHR7dbBikn+iaGXu/Ak6Povm/26V7/88mhJLO9N7SNbmPr8We4r/u6F208ujwAAADgwDh873ZyK3PjzgMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACeJM3z/4tmaPXihRS95/9P9z1jf3rM6Q63d2azveBu63EkAwAAAAAAAACP1ov38ruLZTnXmy6L+v/8X6onjtSvT+Wt3MxK1vJKbmU561nPWhaTzPd1NH1reX19bbG35idlWQ5Z8/T2/773rXl6xITbD7/PAAAAAAAAAPB/5Fwz/lkuZG7MuQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwA5FMtEd1cORXjyf1mSS2STT1XIbyT968ZPs7rgTAAAAgMfg8L3cy63M9abLov7Of7T+3j+bt3I961nNejpZyaX6t4Dut/7W5p2lzuadpWvV8Ol+v/Wf7fiPc/umUfeY7m8Pg7d8rF6inctZbZZK3kwnl9Kq16wc6+UzOK93q5yKc11lmZlRCnSpGVd7/qtmfDDM1xWZqitS1ehUk1tVjaf3rkT/0XmALS2mtfXLz5H7qPm5PbdS/Lcsu9Gh3pzkqe/tX/Op+9qZh7K7Eqf7zr6je1ci+fKffv/DK53rV68UGycOzmk0yIuDZ8/8q3eEepXo2shKlvoq8XxTgeo63bsSl28e8EqMqJXntuIL+W5+kBNZyOtZy2p+kuWsZyUL+U4dLTfnc/U6v/c5c37H1Ov7ZTHdHJeJXTl96XB3vFdOL9XrzmU138+buZSVvFr/O53FfD1nciZn+47wcyNc9a0BV/2fhyd//CtN0E7yy2Z8MFR1fbqvrv333Pm6rX9OK2XzzvLMZ3Zv3DL5xSaojsTP+67B8duqxGy23iV62T3bq8DUwEr8pr6t3Oxcv7p2ZfnGrn6LjcHbezk7d//g3Eiq8+WZ6mDVUzvPjqrt2YFti3Xbka221u6237a32va7Uqebz3Cf7ul03fb8wLaluu1YX1v1eWs2yUo+Kcuy+3kLgAPv0FcPTbf/3f57+732L9pX2q/NfnvmGzMvTGfqb1PfnDw18XLrheIPeS8/zf7f0AEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgH3dfPudq8udzsrarqAsy9tDmh5JkMlkx5y//qUJmqe81Q8DGr3DaunzraSeM5kmuL/Ebj/Y7rz7oEX4Z3NMHkvBP5Ngduj5szv4uCzLg5HzKEHZOCj5jCMY3z0JeDxOrl+7cfLm2+98bfVa642VN1aunz1z5uyps2deXTp5ebUzO+70gEeofq+vP+eMOxMAAAAAAAAAAABgVKP9cU7xcH/bAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPAQLpzI5N0UWTz1yqlqevPOUqcaevH2kh8naSUpFpLi/eR8ukPm+7orhm1nI7n4wUebH3anJpuhXr6113qj2WiGLCSZaMYDzCY5tHtmeXtYf0Xdz43h/Y2o2NrDqmDHe4WDcftfAAAA//8p+RGB") syz_emit_ethernet(0x3e, &(0x7f0000000000)=ANY=[@ANYBLOB="fbbbbbbbbb"], 0x0) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) 2.12801186s ago: executing program 8 (id=1155): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = syz_open_dev$evdev(&(0x7f0000000000), 0x1, 0x8000) ioctl$EVIOCREVOKE(r1, 0x40044591, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 1.99320646s ago: executing program 3 (id=1156): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000002304e800000000000000ea850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f00000001c0)='netlink_extack\x00', r1}, 0x10) sendmsg$netlink(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000040)={0x18, 0x78, 0x601, 0x0, 0x0, "", [@typed={0x7, 0x0, 0x0, 0x0, @str='\a\x00\x00'}]}, 0x18}], 0x1}, 0x0) 1.98446644s ago: executing program 0 (id=1157): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000140)={'batadv0\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=@newtfilter={0x24, 0x11, 0x1, 0x691522eb, 0x0, {0x0, 0x0, 0x74, r1, {0x10, 0x4}, {}, {0x5}}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x0) 1.725304438s ago: executing program 9 (id=1158): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=@ipv4_newaddr={0x20, 0x14, 0x509, 0x0, 0x25dfdbfd, {0x2, 0x1f, 0x0, 0xcb, r2}, [@IFA_LOCAL={0x8, 0x2, @empty}]}, 0x20}, 0x1, 0x0, 0x0, 0x20004000}, 0x0) 1.564036088s ago: executing program 8 (id=1159): r0 = fsopen(&(0x7f0000000040)='configfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) fchownat(r1, &(0x7f0000000080)='.\x00', 0xffffffffffffffff, 0x0, 0x0) 1.299599317s ago: executing program 3 (id=1160): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=@newqdisc={0x44, 0x24, 0xf0b, 0x3, 0x25dfdc00, {0x60, 0x0, 0x0, 0x0, {0xfff3, 0xfff2}, {0x2, 0xfffc}, {0xfff3, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x14, 0x2, [@TCA_CAKE_WASH={0x8, 0xd, 0x1}, @TCA_CAKE_RAW={0x8, 0xc, 0x1}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x44045}, 0xc090) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e"], 0x50}}, 0x0) r0 = socket(0x10, 0x3, 0x0) sendmmsg(r0, &(0x7f0000000000), 0x400000000000235, 0x0) 1.150647294s ago: executing program 6 (id=1161): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_IRQCHIP(r1, 0xae64, 0x0) 1.078470106s ago: executing program 0 (id=1162): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000001afc180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b703000000090000850000000400000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) r2 = gettid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000440)={r2, r1, 0x0, 0xfffffffffffffe18, &(0x7f0000000500)='GPL\x00\xf3B\x94\xf8sf\xb8\x85n\x89\b\xd9\xcc\x82\xcf\x86\xc1\xf9fC\xfa \xee\xc1xP\x92>\xd4\xc4\xfdk\x93o\x8a?\xf4\xea\xeazA\xae\xdf\xe7'}, 0x30) 880.7082ms ago: executing program 9 (id=1163): r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000001980), 0x200) fcntl$setstatus(r0, 0x4, 0x2800) ioctl$BTRFS_IOC_BALANCE_PROGRESS(r0, 0x5452, &(0x7f000001f900)={0x0, 0x0, {0x0, @struct}, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @struct}}) fcntl$setstatus(r0, 0x4, 0x42000) 828.200946ms ago: executing program 8 (id=1164): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x3d70000000, &(0x7f0000ffe000/0x2000)=nil}) ioctl$KVM_CLEAR_DIRTY_LOG(r1, 0xc018aec0, &(0x7f0000000140)={0x0, 0x240, 0x380, 0x0}) 559.100524ms ago: executing program 3 (id=1165): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000540)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000000)={0x2c, r0, 0x801, 0x0, 0x3, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_KEY={0x10, 0x50, 0x0, 0x1, [@NL80211_KEY_IDX={0x5}, @NL80211_KEY_SEQ={0x4}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) 259.03988ms ago: executing program 0 (id=1166): syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000140)='./file1\x00', 0x160c400, &(0x7f0000000080)=ANY=[], 0x85, 0x6a4, &(0x7f0000001240)="$eJzs3c1vHGcZAPBn1uu1N5TETZM2QZViNRIgrCb+kAvm0oAQ8qFCVTkgjlbiJFY2abBd5FYIzEfh2kP+gHLwjQNC4h5RLlzg1quPlRBceqk5DZqPXY/Xu/5IHK+d/n7VeN6Zd973febZ+drdRhvAl9b8RNQfRxLzE2+tZcubGzOtzY2Z++1yRIxERC2iXswi+SJN008ibkQxxeVsZdldsrP3h+fapUdLc+98+vnmZ8VSvZzy7Wu72x3WejnFeEQMlfOq9Cn6u9mjvx1G9+su6exhlrCr7cTBoA1nJ0fuP4+KNT/7xwudmopmr9b7HvnAKZAU981dxiLOlCd69hxQ3BWLe/aptj7oAAAAAOAYnNuKrViLs4OOAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAE6T8vf/k3KqtcvjkbR//79RrouyfLJcOdzmj59VHAAAAAAAAABwjK5sxVasxdn2cprk3/m/li9cyP9+Jd6LlViM5bgWa7EQq7EayzEVEWOVjhprC6ury1Odlu3/M2B3y+meLaf3CXSknDePYq8BAAAAAAAA4LT5Ik3TPTf4Tcxvf/8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnQRIxVMzy6UK7PBa1ekSMRkQj22494l/t8ml1+fWIx4MOAgAAAJ5CesDtzm3FVqzF2U67JH/P/3L+vn803osHsRpLsRqtWIxb+WcBxbv+2ubGTGtzY+Z+Nu3u93v/PVS4eY9RfPbQe+RL+RbNuB1L+ZprcTPejSS5FbW8ZeZSO57ecf06iyl5szB8wMhulfNszz8q593qh9rXvg75YcpYnpHhTkYmy9iybLy4dyYO+ep0jzQVtU6wF7pG6tqJHTl/84DjnSnn2f78vk/OB6M7E9OVo+/lvXMe8Y2//uknd1sP7t29vTJxcnbpYIbKeXFdae7OxEwlE688z5nYZTLPxMXO8nz8MH4cEzEeb8dyLMXPYyFWYzHG4wd5aaE8npPKKV/JVK3S9Y0dA729XySN8ggtXqydMcU+Mb2Wtz0bS/GjeDduxWK8kf83HVPx7ZiN2ZirvMIXD3ClrfU569Ov9gz+6jfLQjMi/lDOc3eO6Pr6xLK8vljJa/WaO5bXVddsZ+n8Ie5H7Sz9ee9Q6l8rC9kYv42dh8tgdWdiqpKJl/bOxB/zy8pK68G95bsLD7Py/rfn8x+Vhew8+vBE3SWy4+V857lg59GR1b1U1OXPINV8NcpvXIp2tV11Fzt1xZm63vdMbZTPcLt7ms7rXulZN5PXXarUdT9vtTrPQ6f9yx+A59aHjYgz3zrTaP67+c/mx83fNe823xr9/sh3Rl5txPDfh79bnxz6eu3V5C/xcfxy+/0/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAADw5Fbe/+DeQqu1uNxVSNP0V32qjryQRBI71rSDO/qxhp5Zz30Ll1+IOK6xuguNiDj2QXsW/pemafvlPgnx7F1IMyORPmHzv0VE321+Wj386hHRq58rg0/CHhcNPwAFz4Xrq/cfXl95/4PXl+4v3Fm8s/hgbnZ2bnJu9o2Z67eXWouTxd9BRwk8C9s3/UFHAgAAAAAAAAAAABzUcfxzgv6jjx7nrgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACn1PxE1B9HElOT1yaz5c2NmVY2tcvbW9YjohYRyS8ikk8ibkQxxVilu6TfOI+W5t759PPNz7b7qre3r+3V7mDWyynGI2KonB9Vfzefur+ks4dZwq62EweD9v8AAAD//6ZbBYc=") setxattr$incfs_metadata(0x0, 0x0, 0x0, 0x0, 0x0) getxattr(0x0, 0x0, 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file3\x00', 0x0, 0x118) 255.342635ms ago: executing program 9 (id=1167): r0 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082) r1 = epoll_create(0x1) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000000c0)) epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, &(0x7f00000001c0)={0xa0000004}) 90.981513ms ago: executing program 8 (id=1168): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000040)=0xb0000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@hyper, 0x1}) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r0, 0x7a8, &(0x7f0000000540)={{@hyper, 0x2}, @hyper, 0x0, 0x0, 0x5e}) 28.82444ms ago: executing program 6 (id=1169): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0xc}]}, 0x24}}, 0x0) 0s ago: executing program 3 (id=1170): pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000040), 0x0, &(0x7f00000000c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}}) splice(r2, 0x0, r1, 0x0, 0xffffffffffff8000, 0x0) kernel console output (not intermixed with test programs): 4.93: Directory hole found for htree index block 0 [ 246.740731][ T5804] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 246.760933][ T6210] EXT4-fs (loop4): Remounting filesystem read-only [ 246.789621][ T6210] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -117 [ 246.835033][ T6210] EXT4-fs (loop4): Cannot turn on journaled quota: type 1: error -117 [ 246.846406][ T6210] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 246.893145][ T5819] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 247.227447][ T6210] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000. [ 247.429452][ T5805] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 247.453124][ T2231] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 247.651653][ T2231] usb 2-1: Using ep0 maxpacket: 8 [ 247.756475][ T2231] usb 2-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 247.765979][ T2231] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 247.774518][ T2231] usb 2-1: Product: syz [ 247.778909][ T2231] usb 2-1: Manufacturer: syz [ 247.784091][ T2231] usb 2-1: SerialNumber: syz [ 247.919678][ T2231] usb 2-1: config 0 descriptor?? [ 247.929775][ T6223] netlink: 'syz.0.98': attribute type 4 has an invalid length. [ 247.940277][ T6221] netlink: 8 bytes leftover after parsing attributes in process `syz.2.99'. [ 247.981386][ T2231] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 247.990459][ T2231] usb 2-1: setting power ON [ 247.995480][ T2231] dvb-usb: bulk message failed: -22 (2/0) [ 248.056808][ T2231] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 248.111008][ T6225] loop3: detected capacity change from 0 to 512 [ 248.179612][ T6214] dvb-usb: bulk message failed: -22 (3/0) [ 248.194523][ T2231] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 248.203487][ T2231] usb 2-1: media controller created [ 248.260215][ T6225] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 248.270687][ T6225] EXT4-fs (loop3): couldn't mount as ext2 due to feature incompatibilities [ 248.350749][ T2231] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 248.854462][ T6229] loop4: detected capacity change from 0 to 256 [ 248.858870][ T2231] usb 2-1: selecting invalid altsetting 6 [ 248.869057][ T2231] usb 2-1: digital interface selection failed (-22) [ 248.884217][ T2231] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 249.020032][ T2231] usb 2-1: setting power OFF [ 249.032496][ T2231] dvb-usb: bulk message failed: -22 (2/0) [ 249.038624][ T2231] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 249.048425][ T2231] (NULL device *): no alternate interface [ 249.368483][ T6237] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 249.382002][ T6237] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 249.390440][ T6229] FAT-fs (loop4): Directory bread(block 64) failed [ 249.399684][ T6229] FAT-fs (loop4): Directory bread(block 65) failed [ 249.407175][ T6229] FAT-fs (loop4): Directory bread(block 66) failed [ 249.414440][ T6229] FAT-fs (loop4): Directory bread(block 67) failed [ 249.421358][ T6229] FAT-fs (loop4): Directory bread(block 68) failed [ 249.428457][ T6229] FAT-fs (loop4): Directory bread(block 69) failed [ 249.436067][ T6229] FAT-fs (loop4): Directory bread(block 70) failed [ 249.442917][ T6229] FAT-fs (loop4): Directory bread(block 71) failed [ 249.449261][ T6239] loop1: detected capacity change from 0 to 256 [ 249.450359][ T6229] FAT-fs (loop4): Directory bread(block 72) failed [ 249.463053][ T6229] FAT-fs (loop4): Directory bread(block 73) failed [ 249.680801][ T2231] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 249.716753][ T6229] syz.4.103: attempt to access beyond end of device [ 249.716753][ T6229] loop4: rw=524288, sector=1256, nr_sectors = 4 limit=256 [ 249.731568][ T6229] syz.4.103: attempt to access beyond end of device [ 249.731568][ T6229] loop4: rw=0, sector=1256, nr_sectors = 4 limit=256 [ 249.773544][ T30] audit: type=1800 audit(1756387810.868:2): pid=6229 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.103" name="file0" dev="loop4" ino=1048600 res=0 errno=0 [ 249.835795][ T2231] usb 2-1: USB disconnect, device number 4 [ 250.437814][ T6248] loop1: detected capacity change from 0 to 128 [ 250.458443][ T5860] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 250.527394][ T6248] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 250.630794][ T6248] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 250.702486][ T5860] usb 1-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 250.715807][ T5860] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 250.800894][ T5860] usb 1-1: config 0 descriptor?? [ 250.850445][ T6248] UDF-fs: error (device loop1): udf_bitmap_new_block: bitmap for partition 0 corrupted (block 264 marked as free, partition length is 40) [ 251.098877][ T5860] udl 1-1:0.0: [drm] Unrecognized vendor firmware descriptor [ 251.284037][ T5867] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 251.363128][ T6256] loop3: detected capacity change from 0 to 16 [ 251.379188][ T5860] [drm:udl_init] *ERROR* Selecting channel failed [ 251.437209][ T6256] erofs (device loop3): mounted with root inode @ nid 36. [ 251.482725][ T5860] [drm] Initialized udl 0.0.1 for 1-1:0.0 on minor 2 [ 251.491752][ T5860] [drm] Initialized udl on minor 2 [ 251.504867][ T5867] usb 3-1: Using ep0 maxpacket: 16 [ 251.579726][ T5867] usb 3-1: config 0 has an invalid interface number: 8 but max is 0 [ 251.584463][ T5860] udl 1-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 251.588361][ T5867] usb 3-1: config 0 has no interface number 0 [ 251.597722][ T5860] udl 1-1:0.0: [drm] Cannot find any crtc or sizes [ 251.602353][ T5867] usb 3-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 251.616955][ T32] udl 1-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 251.621430][ T5867] usb 3-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 251.673569][ T32] udl 1-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 251.682481][ T32] udl 1-1:0.0: [drm] Cannot find any crtc or sizes [ 251.794464][ T5860] usb 1-1: USB disconnect, device number 3 [ 251.925681][ T5867] usb 3-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 251.935559][ T5867] usb 3-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 251.949128][ T5867] usb 3-1: Product: syz [ 251.956382][ T5867] usb 3-1: SerialNumber: syz [ 252.086547][ T5867] usb 3-1: config 0 descriptor?? [ 252.105431][ T5867] cm109 3-1:0.8: invalid payload size 0, expected 4 [ 252.116578][ T5867] input: CM109 USB driver as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.8/input/input6 [ 252.638523][ C0] cm109 3-1:0.8: cm109_urb_ctl_callback: usb_submit_urb (urb_irq) failed -90 [ 252.665554][ T5819] bridge0: port 3(syz_tun) entered disabled state [ 252.739194][ T5819] syz_tun (unregistering): left allmulticast mode [ 252.746252][ T5819] syz_tun (unregistering): left promiscuous mode [ 252.753054][ T5819] bridge0: port 3(syz_tun) entered disabled state [ 252.890276][ C1] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 252.898600][ C1] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 252.911176][ C1] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 252.919937][ C1] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 252.927554][ C1] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 252.936480][ C1] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 252.945841][ C1] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 252.954393][ C1] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 252.962671][ C1] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 252.974673][ C1] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 253.015878][ T5860] usb 3-1: USB disconnect, device number 4 [ 253.023517][ C1] cm109 3-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 253.041983][ T5860] cm109 3-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 253.243989][ T3604] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 253.464938][ T3604] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 253.710529][ T3604] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 253.763134][ T6270] loop1: detected capacity change from 0 to 64 [ 254.040294][ T3604] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 254.710501][ T3604] bridge_slave_1: left allmulticast mode [ 254.716685][ T3604] bridge_slave_1: left promiscuous mode [ 254.723672][ T3604] bridge0: port 2(bridge_slave_1) entered disabled state [ 254.852979][ T3604] bridge_slave_0: left allmulticast mode [ 254.859068][ T3604] bridge_slave_0: left promiscuous mode [ 254.865920][ T3604] bridge0: port 1(bridge_slave_0) entered disabled state [ 256.450859][ T3604] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 256.535860][ T3604] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 256.586438][ T3604] bond0 (unregistering): Released all slaves [ 257.378252][ T3604] hsr_slave_0: left promiscuous mode [ 257.446108][ T3604] hsr_slave_1: left promiscuous mode [ 257.454771][ T3604] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 257.462362][ T3604] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 257.565608][ T6280] netlink: 4 bytes leftover after parsing attributes in process `syz.0.126'. [ 257.591781][ T3604] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 257.600080][ T3604] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 257.736150][ T3604] veth1_macvtap: left promiscuous mode [ 257.742373][ T3604] veth0_macvtap: left promiscuous mode [ 257.748774][ T3604] veth1_vlan: left promiscuous mode [ 257.754490][ T3604] veth0_vlan: left promiscuous mode [ 258.823446][ T5815] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 258.851444][ T5815] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 258.875860][ T5815] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 258.901378][ T5815] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 258.927932][ T5815] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 258.944012][ T6298] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 259.229027][ T3604] team0 (unregistering): Port device team_slave_1 removed [ 259.279801][ T3604] team0 (unregistering): Port device team_slave_0 removed [ 259.631676][ T6286] hsr0: entered promiscuous mode [ 259.684168][ T6286] hsr0: left promiscuous mode [ 260.405896][ T6307] netlink: 60 bytes leftover after parsing attributes in process `syz.1.134'. [ 260.415619][ T6307] netlink: 28 bytes leftover after parsing attributes in process `syz.1.134'. [ 260.767040][ T30] audit: type=1800 audit(1756387821.828:3): pid=6313 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.136" name=20019C1437B3CFFCC3A25729EB7393A7C721518FF6ECA56673F56C7B548772D22972A7D6084F9A98F5323A22F412C0542BCD9F767C8DD5B24476638E93D8D6A0C536D278E3633A dev="mqueue" ino=9732 res=0 errno=0 [ 261.074222][ T5812] Bluetooth: hci4: command tx timeout [ 261.577458][ T6295] chnl_net:caif_netlink_parms(): no params data found [ 262.698798][ T6340] loop2: detected capacity change from 0 to 1024 [ 262.967091][ T6340] EXT4-fs (loop2): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 262.980043][ T6340] ext4 filesystem being mounted at /28/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 263.133965][ T30] audit: type=1800 audit(1756387824.228:4): pid=6340 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.145" name="file2" dev="loop2" ino=16 res=0 errno=0 [ 263.166657][ T5812] Bluetooth: hci4: command tx timeout [ 263.679376][ T5804] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 263.714525][ T6350] loop0: detected capacity change from 0 to 4096 [ 263.768160][ T6295] bridge0: port 1(bridge_slave_0) entered blocking state [ 263.778486][ T6295] bridge0: port 1(bridge_slave_0) entered disabled state [ 263.787032][ T6295] bridge_slave_0: entered allmulticast mode [ 263.797299][ T6295] bridge_slave_0: entered promiscuous mode [ 263.914209][ T6350] NILFS (loop0): invalid segment: Checksum error in segment payload [ 263.930320][ T6350] NILFS (loop0): trying rollback from an earlier position [ 263.986518][ T6295] bridge0: port 2(bridge_slave_1) entered blocking state [ 263.994587][ T6295] bridge0: port 2(bridge_slave_1) entered disabled state [ 264.002450][ T6295] bridge_slave_1: entered allmulticast mode [ 264.012665][ T6295] bridge_slave_1: entered promiscuous mode [ 264.144038][ T6350] NILFS (loop0): recovery complete [ 264.214416][ T6359] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 264.773481][ T6295] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 264.874492][ T6295] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 265.169455][ T6295] team0: Port device team_slave_0 added [ 265.235243][ T5812] Bluetooth: hci4: command tx timeout [ 265.246490][ T6295] team0: Port device team_slave_1 added [ 265.829176][ T6295] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 265.836691][ T6295] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 265.864555][ T6295] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 266.064707][ T6295] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 266.078539][ T6295] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 266.108132][ T6295] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 266.244782][ T6386] loop1: detected capacity change from 0 to 512 [ 266.305983][ T6386] EXT4-fs: Ignoring removed nomblk_io_submit option [ 266.372455][ T6386] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 266.387132][ T6386] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=842c01c, mo2=0002] [ 266.414671][ T6386] EXT4-fs (loop1): couldn't mount RDWR because of unsupported optional features (80) [ 266.427110][ T6386] EXT4-fs (loop1): Skipping orphan cleanup due to unknown ROCOMPAT features [ 266.438760][ T6386] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 266.615074][ T5860] kernel read not supported for file /dsp (pid: 5860 comm: kworker/1:3) [ 266.795340][ T6393] EXT4-fs warning (device loop1): dx_probe:861: inode #2: comm syz.1.158: dx entry: limit 65535 != root limit 120 [ 266.807917][ T6393] EXT4-fs warning (device loop1): dx_probe:934: inode #2: comm syz.1.158: Corrupt directory, running e2fsck is recommended [ 266.913897][ T6393] EXT4-fs error (device loop1): ext4_readdir:264: inode #2: block 3: comm syz.1.158: path /33/file0: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=4294967295, rec_len=17, size=1024 fake=0 [ 266.936644][ T6295] hsr_slave_0: entered promiscuous mode [ 266.949751][ T6295] hsr_slave_1: entered promiscuous mode [ 266.959050][ T6295] debugfs: 'hsr0' already exists in 'hsr' [ 266.965463][ T6295] Cannot create hsr debugfs directory [ 267.315360][ T5812] Bluetooth: hci4: command tx timeout [ 267.482179][ T6402] loop2: detected capacity change from 0 to 64 [ 267.492131][ T6401] warning: `syz.0.162' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 267.602822][ T5806] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 267.995108][ T6402] hfs: request for non-existent node 131072 in B*Tree [ 268.002334][ T6402] hfs: request for non-existent node 131072 in B*Tree [ 269.009743][ T6295] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 269.042924][ T6295] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 269.078664][ T6295] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 269.131837][ T6295] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 269.224503][ T6416] loop0: detected capacity change from 0 to 128 [ 269.785143][ T6424] binder: 6423:6424 ioctl 40046205 0 returned -22 [ 270.570820][ T6295] 8021q: adding VLAN 0 to HW filter on device bond0 [ 270.821592][ T6295] 8021q: adding VLAN 0 to HW filter on device team0 [ 270.977974][ T4135] bridge0: port 1(bridge_slave_0) entered blocking state [ 270.985849][ T4135] bridge0: port 1(bridge_slave_0) entered forwarding state [ 271.097330][ T4135] bridge0: port 2(bridge_slave_1) entered blocking state [ 271.105053][ T4135] bridge0: port 2(bridge_slave_1) entered forwarding state [ 272.354583][ T6458] loop0: detected capacity change from 0 to 512 [ 272.554778][ T6460] input: syz1 as /devices/virtual/input/input7 [ 272.648178][ T6458] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 272.664402][ T6458] ext4 filesystem being mounted at /35/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 273.400037][ T6477] Zero length message leads to an empty skb [ 273.498756][ T6295] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 273.535733][ T5816] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 275.196655][ T6504] loop1: detected capacity change from 0 to 512 [ 275.466883][ T6504] EXT4-fs error (device loop1): ext4_do_update_inode:5653: inode #16: comm syz.1.193: corrupted inode contents [ 275.524314][ T6513] netlink: 20 bytes leftover after parsing attributes in process `syz.0.195'. [ 275.534882][ T6504] EXT4-fs error (device loop1): ext4_dirty_inode:6538: inode #16: comm syz.1.193: mark_inode_dirty error [ 275.591334][ T6504] EXT4-fs error (device loop1): ext4_do_update_inode:5653: inode #16: comm syz.1.193: corrupted inode contents [ 275.705800][ T6504] EXT4-fs error (device loop1): __ext4_ext_dirty:206: inode #16: comm syz.1.193: mark_inode_dirty error [ 275.750650][ T6504] EXT4-fs error (device loop1): ext4_do_update_inode:5653: inode #16: comm syz.1.193: corrupted inode contents [ 275.783461][ T6504] EXT4-fs error (device loop1) in ext4_orphan_del:305: Corrupt filesystem [ 275.845181][ T6504] EXT4-fs error (device loop1): ext4_do_update_inode:5653: inode #16: comm syz.1.193: corrupted inode contents [ 275.926347][ T6517] netlink: 36 bytes leftover after parsing attributes in process `syz.2.196'. [ 275.936005][ T6517] netlink: 36 bytes leftover after parsing attributes in process `syz.2.196'. [ 275.946102][ T6504] EXT4-fs error (device loop1): ext4_truncate:4666: inode #16: comm syz.1.193: mark_inode_dirty error [ 276.004864][ T6504] EXT4-fs error (device loop1) in ext4_process_orphan:347: Corrupt filesystem [ 276.042364][ T6504] EXT4-fs (loop1): 1 truncate cleaned up [ 276.050883][ T6504] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 276.065070][ T6504] ext4 filesystem being mounted at /41/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 276.068667][ T4028] Quota error (device loop1): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 276.086502][ T4028] EXT4-fs error (device loop1): ext4_release_dquot:6973: comm kworker/u8:15: Failed to release dquot type 1 [ 276.476317][ T6295] veth0_vlan: entered promiscuous mode [ 276.651405][ T6295] veth1_vlan: entered promiscuous mode [ 276.894023][ T6527] loop4: detected capacity change from 0 to 256 [ 277.042739][ T6295] veth0_macvtap: entered promiscuous mode [ 277.275869][ T6295] veth1_macvtap: entered promiscuous mode [ 277.405006][ T36] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 277.551405][ T36] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 277.576580][ T5806] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 277.841887][ T36] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 277.972282][ T6295] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 278.050736][ T36] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 278.136129][ T6295] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 278.282820][ T3971] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 278.371963][ T3971] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 278.424051][ T3971] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 278.441665][ T3971] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 278.604280][ T36] bridge_slave_1: left allmulticast mode [ 278.610314][ T36] bridge_slave_1: left promiscuous mode [ 278.617465][ T36] bridge0: port 2(bridge_slave_1) entered disabled state [ 278.728033][ T36] bridge_slave_0: left allmulticast mode [ 278.734381][ T36] bridge_slave_0: left promiscuous mode [ 278.741096][ T36] bridge0: port 1(bridge_slave_0) entered disabled state [ 279.406000][ T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 279.446186][ T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 279.475137][ T36] bond0 (unregistering): Released all slaves [ 280.143909][ T36] hsr_slave_0: left promiscuous mode [ 280.152477][ T36] hsr_slave_1: left promiscuous mode [ 280.164956][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 280.172555][ T36] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 280.222302][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 280.230030][ T36] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 280.315441][ T36] veth1_macvtap: left promiscuous mode [ 280.321300][ T36] veth0_macvtap: left promiscuous mode [ 280.329257][ T36] veth1_vlan: left promiscuous mode [ 280.334972][ T36] veth0_vlan: left promiscuous mode [ 281.585921][ T36] team0 (unregistering): Port device team_slave_1 removed [ 281.662297][ T36] team0 (unregistering): Port device team_slave_0 removed [ 282.267882][ T6573] loop0: detected capacity change from 0 to 16 [ 282.316066][ T6572] netlink: 4 bytes leftover after parsing attributes in process `syz.4.211'. [ 282.407999][ T5815] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 282.432128][ T5815] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 282.442229][ T6572] netlink: 4 bytes leftover after parsing attributes in process `syz.4.211'. [ 282.459278][ T5815] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 282.469251][ T6573] erofs (device loop0): mounted with root inode @ nid 36. [ 282.501797][ T36] IPVS: stop unused estimator thread 0... [ 282.514045][ T5815] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 282.528283][ T5815] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 282.713914][ T6573] erofs (device loop0): bogus lookback distance 1388 @ lcn 42 of nid 36 [ 282.759090][ T6581] loop2: detected capacity change from 0 to 128 [ 282.858865][ T6573] erofs (device loop0): failed to decompress -23 in[64, 4032] out[1851] [ 282.870135][ T6573] erofs (device loop0): read error -117 @ 43 of nid 36 [ 283.402928][ T6582] syz.0.212 (6582): drop_caches: 2 [ 283.934294][ T6595] netlink: 32 bytes leftover after parsing attributes in process `syz.4.216'. [ 284.395041][ T6574] chnl_net:caif_netlink_parms(): no params data found [ 284.597039][ T5815] Bluetooth: hci2: command tx timeout [ 285.495362][ T1738] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 285.695069][ T1738] usb 5-1: Using ep0 maxpacket: 16 [ 285.735718][ T1738] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 285.747372][ T1738] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 285.763557][ T1738] usb 5-1: New USB device found, idVendor=054c, idProduct=05c4, bcdDevice= 0.00 [ 285.772962][ T1738] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 285.875599][ T1738] usb 5-1: config 0 descriptor?? [ 286.002094][ T6574] bridge0: port 1(bridge_slave_0) entered blocking state [ 286.010595][ T6574] bridge0: port 1(bridge_slave_0) entered disabled state [ 286.018958][ T6574] bridge_slave_0: entered allmulticast mode [ 286.031444][ T6574] bridge_slave_0: entered promiscuous mode [ 286.158586][ T6574] bridge0: port 2(bridge_slave_1) entered blocking state [ 286.166864][ T6574] bridge0: port 2(bridge_slave_1) entered disabled state [ 286.175254][ T6574] bridge_slave_1: entered allmulticast mode [ 286.187377][ T6574] bridge_slave_1: entered promiscuous mode [ 286.424206][ T1738] playstation 0003:054C:05C4.0001: hidraw0: USB HID v0.00 Device [HID 054c:05c4] on usb-dummy_hcd.4-1/input0 [ 286.573841][ T1738] playstation 0003:054C:05C4.0001: Invalid reportID received, expected 18 got 0 [ 286.583419][ T1738] playstation 0003:054C:05C4.0001: Failed to retrieve DualShock4 pairing info: -22 [ 286.593081][ T1738] playstation 0003:054C:05C4.0001: Failed to get MAC address from DualShock4 [ 286.602417][ T1738] playstation 0003:054C:05C4.0001: Failed to create dualshock4. [ 286.622505][ T1738] playstation 0003:054C:05C4.0001: probe with driver playstation failed with error -22 [ 286.663968][ T6574] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 286.683454][ T5815] Bluetooth: hci2: command tx timeout [ 286.695013][ T6574] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 286.836406][ T1738] usb 5-1: USB disconnect, device number 2 [ 286.842405][ T6574] team0: Port device team_slave_0 added [ 286.894378][ T6574] team0: Port device team_slave_1 added [ 287.136045][ T6574] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 287.146656][ T6574] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 287.176200][ T6574] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 287.241887][ T6574] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 287.249627][ T6574] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 287.278420][ T6574] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 287.797748][ T6574] hsr_slave_0: entered promiscuous mode [ 287.810752][ T6574] hsr_slave_1: entered promiscuous mode [ 287.827011][ T6647] netlink: 4 bytes leftover after parsing attributes in process `syz.0.232'. [ 288.081275][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 288.091244][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 288.414969][ T57] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 288.423072][ T57] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 288.758411][ T5815] Bluetooth: hci2: command tx timeout [ 289.091833][ T6658] loop5: detected capacity change from 0 to 2048 [ 289.290077][ T6574] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 289.324659][ T1738] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 289.365933][ T6574] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 289.440055][ T6574] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 289.535805][ T6574] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 289.545118][ T1738] usb 5-1: config index 0 descriptor too short (expected 65248, got 72) [ 289.587511][ T1738] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 289.597299][ T1738] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 289.606163][ T1738] usb 5-1: Product: syz [ 289.610550][ T1738] usb 5-1: Manufacturer: syz [ 289.615511][ T1738] usb 5-1: SerialNumber: syz [ 289.696501][ T1738] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 289.967879][ T5860] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 290.835266][ T1738] usb 5-1: USB disconnect, device number 3 [ 290.896845][ T5815] Bluetooth: hci2: command tx timeout [ 291.185198][ T30] audit: type=1326 audit(1756387852.298:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6679 comm="syz.0.244" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd5539 code=0x7ffc0000 [ 291.207883][ T30] audit: type=1326 audit(1756387852.308:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6679 comm="syz.0.244" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd5539 code=0x7ffc0000 [ 291.230738][ T30] audit: type=1326 audit(1756387852.328:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6679 comm="syz.0.244" exe="/root/syz-executor" sig=0 arch=40000003 syscall=224 compat=1 ip=0xf7fd5539 code=0x7ffc0000 [ 291.253355][ T30] audit: type=1326 audit(1756387852.328:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6679 comm="syz.0.244" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd5539 code=0x7ffc0000 [ 291.279131][ T30] audit: type=1326 audit(1756387852.328:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6679 comm="syz.0.244" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd5539 code=0x7ffc0000 [ 291.303551][ T30] audit: type=1326 audit(1756387852.328:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6679 comm="syz.0.244" exe="/root/syz-executor" sig=0 arch=40000003 syscall=177 compat=1 ip=0xf7fd5539 code=0x7ffc0000 [ 291.362287][ T6574] 8021q: adding VLAN 0 to HW filter on device bond0 [ 291.423475][ T5860] usb 5-1: Service connection timeout for: 256 [ 291.430075][ T5860] ath9k_htc 5-1:1.0: ath9k_htc: Unable to initialize HTC services [ 291.440822][ T5860] ath9k_htc: Failed to initialize the device [ 291.461638][ T6574] 8021q: adding VLAN 0 to HW filter on device team0 [ 291.575724][ T4028] bridge0: port 1(bridge_slave_0) entered blocking state [ 291.583441][ T4028] bridge0: port 1(bridge_slave_0) entered forwarding state [ 291.586564][ T1738] usb 5-1: ath9k_htc: USB layer deinitialized [ 291.728964][ T4028] bridge0: port 2(bridge_slave_1) entered blocking state [ 291.733686][ T30] audit: type=1326 audit(1756387852.538:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6679 comm="syz.0.244" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd5539 code=0x7ffc0000 [ 291.736626][ T4028] bridge0: port 2(bridge_slave_1) entered forwarding state [ 291.758472][ T30] audit: type=1326 audit(1756387852.538:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6679 comm="syz.0.244" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd5539 code=0x7ffc0000 [ 292.019552][ T6574] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 292.031526][ T6574] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 292.191031][ T6693] process 'syz.0.249' launched './file1' with NULL argv: empty string added [ 292.357868][ T6694] netlink: 12 bytes leftover after parsing attributes in process `syz.5.250'. [ 292.443731][ T6691] loop4: detected capacity change from 0 to 2048 [ 292.574200][ T6691] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 294.172118][ T6574] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 294.346023][ T5860] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 294.563742][ T5860] usb 5-1: Using ep0 maxpacket: 8 [ 294.658590][ T5860] usb 5-1: New USB device found, idVendor=0c45, idProduct=614a, bcdDevice=c4.6d [ 294.668228][ T5860] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 294.677851][ T5860] usb 5-1: Product: syz [ 294.682356][ T5860] usb 5-1: Manufacturer: syz [ 294.687459][ T5860] usb 5-1: SerialNumber: syz [ 294.786866][ T5860] usb 5-1: config 0 descriptor?? [ 294.811930][ T5860] gspca_main: sonixj-2.14.0 probing 0c45:614a [ 295.669399][ T5860] gspca_sonixj: reg_r err -71 [ 295.674814][ T5860] sonixj 5-1:0.0: probe with driver sonixj failed with error -71 [ 295.741142][ T5860] usb 5-1: USB disconnect, device number 4 [ 296.096239][ T6748] loop5: detected capacity change from 0 to 8 [ 296.249436][ T6748] SQUASHFS error: Failed to read block 0x636: -5 [ 296.249532][ T6748] SQUASHFS error: Unable to read metadata cache entry [634] [ 296.249621][ T6748] SQUASHFS error: Unable to read metadata cache entry [634] [ 296.249701][ T6748] SQUASHFS error: Unable to read directory block [634:0] [ 296.378599][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 296.378888][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 297.181769][ T6574] veth0_vlan: entered promiscuous mode [ 297.316115][ T6574] veth1_vlan: entered promiscuous mode [ 297.746840][ T6574] veth0_macvtap: entered promiscuous mode [ 297.835159][ T6574] veth1_macvtap: entered promiscuous mode [ 297.936460][ T6772] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 298.081525][ T6574] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 298.201235][ T6574] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 298.435850][ T4135] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 298.484634][ T4135] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 298.548316][ T4135] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 298.621404][ T4135] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 298.795978][ T6784] netlink: 12 bytes leftover after parsing attributes in process `syz.0.279'. [ 299.231711][ T6788] capability: warning: `syz.4.280' uses 32-bit capabilities (legacy support in use) [ 300.759589][ T6815] loop0: detected capacity change from 0 to 128 [ 300.914607][ T6815] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 301.008996][ T6815] ext4 filesystem being mounted at /68/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 301.487471][ T5816] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 303.832751][ T6869] loop2: detected capacity change from 0 to 256 [ 304.336844][ T6877] netlink: 'syz.5.305': attribute type 1 has an invalid length. [ 305.267342][ T4028] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 305.276518][ T4028] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 305.660172][ T4135] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 305.668908][ T4135] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 306.406159][ T6910] loop0: detected capacity change from 0 to 8 [ 306.469782][ T6910] SQUASHFS error: Unable to read inode 0x11f [ 307.559664][ T6923] netlink: 16 bytes leftover after parsing attributes in process `syz.2.322'. [ 308.063958][ T5867] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 308.254862][ T5867] usb 1-1: Using ep0 maxpacket: 16 [ 308.291435][ T5867] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 308.300999][ T5867] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 308.313422][ T5867] usb 1-1: config 0 has no interface number 0 [ 308.349396][ T6939] loop5: detected capacity change from 0 to 512 [ 308.382871][ T5867] usb 1-1: New USB device found, idVendor=1a86, idProduct=752d, bcdDevice=2d.4d [ 308.392765][ T5867] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 308.401573][ T5867] usb 1-1: Product: syz [ 308.406316][ T5867] usb 1-1: Manufacturer: syz [ 308.409062][ T6941] netlink: 4 bytes leftover after parsing attributes in process `syz.6.329'. [ 308.411104][ T5867] usb 1-1: SerialNumber: syz [ 308.462314][ T6939] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 308.500337][ T5867] usb 1-1: config 0 descriptor?? [ 308.600048][ T5867] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 308.622386][ T6939] EXT4-fs error (device loop5): ext4_read_block_bitmap_nowait:483: comm syz.5.328: Invalid block bitmap block 0 in block_group 0 [ 308.653911][ T5867] snd-usb-audio 1-1:0.1: probe with driver snd-usb-audio failed with error -2 [ 308.702426][ T6939] EXT4-fs error (device loop5) in ext4_mb_clear_bb:6657: Corrupt filesystem [ 308.715769][ T6939] EXT4-fs error (device loop5): ext4_clear_blocks:876: inode #11: comm syz.5.328: attempt to clear invalid blocks 983261 len 1 [ 308.781217][ T5867] usb 1-1: USB disconnect, device number 4 [ 308.814926][ T6939] EXT4-fs error (device loop5): __ext4_get_inode_loc:4861: comm syz.5.328: Invalid inode table block 0 in block_group 0 [ 308.911662][ T6939] EXT4-fs error (device loop5) in ext4_reserve_inode_write:6334: Corrupt filesystem [ 308.951554][ T6939] EXT4-fs error (device loop5) in ext4_orphan_del:305: Corrupt filesystem [ 308.992521][ T6939] EXT4-fs error (device loop5): __ext4_get_inode_loc:4861: comm syz.5.328: Invalid inode table block 0 in block_group 0 [ 309.028845][ T6939] EXT4-fs error (device loop5) in ext4_reserve_inode_write:6334: Corrupt filesystem [ 309.104897][ T6939] EXT4-fs error (device loop5): ext4_truncate:4666: inode #11: comm syz.5.328: mark_inode_dirty error [ 309.155763][ T6939] EXT4-fs error (device loop5) in ext4_process_orphan:347: Corrupt filesystem [ 309.202878][ T6939] EXT4-fs error (device loop5): __ext4_get_inode_loc:4861: comm syz.5.328: Invalid inode table block 0 in block_group 0 [ 309.244077][ T6939] EXT4-fs (loop5): 1 truncate cleaned up [ 309.252573][ T6939] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 309.634651][ T6939] EXT4-fs (loop5): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 309.839735][ T6960] loop4: detected capacity change from 0 to 128 [ 310.031308][ T6295] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 310.847917][ T6980] capability: warning: `syz.2.341' uses deprecated v2 capabilities in a way that may be insecure [ 311.795043][ T6996] IPv6: NLM_F_CREATE should be specified when creating new route [ 312.912289][ T7012] loop4: detected capacity change from 0 to 1024 [ 313.035706][ T7012] EXT4-fs: Ignoring removed i_version option [ 313.133667][ T7016] sctp: [Deprecated]: syz.0.355 (pid 7016) Use of struct sctp_assoc_value in delayed_ack socket option. [ 313.133667][ T7016] Use struct sctp_sack_info instead [ 313.258007][ T7012] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 313.454873][ T7012] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 1305 free clusters [ 313.558431][ T7012] EXT4-fs warning (device loop4): ext4_expand_extra_isize_ea:2848: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 313.678886][ T7012] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 313.697576][ T7012] EXT4-fs (loop4): This should not happen!! Data will be lost [ 313.697576][ T7012] [ 313.712211][ T7012] EXT4-fs (loop4): Total free blocks count 0 [ 313.718561][ T7012] EXT4-fs (loop4): Free/Dirty block details [ 313.724892][ T7012] EXT4-fs (loop4): free_blocks=20480 [ 313.730473][ T7012] EXT4-fs (loop4): dirty_blocks=16 [ 313.738992][ T7012] EXT4-fs (loop4): Block reservation details [ 313.745391][ T7012] EXT4-fs (loop4): i_reserved_data_blocks=1 [ 314.168208][ T5805] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 316.329092][ T7069] netlink: 4 bytes leftover after parsing attributes in process `syz.5.376'. [ 318.316782][ T7101] block nbd2: not configured, cannot reconfigure [ 319.901564][ T7126] loop0: detected capacity change from 0 to 8 [ 320.013565][ T1738] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 320.145694][ T7132] netlink: 12 bytes leftover after parsing attributes in process `syz.2.405'. [ 320.203740][ T1738] usb 7-1: Using ep0 maxpacket: 32 [ 320.225361][ T11] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 320.266610][ T1738] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 32 [ 320.333108][ T1738] usb 7-1: New USB device found, idVendor=0499, idProduct=1010, bcdDevice= 5.f5 [ 320.347328][ T1738] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 320.357755][ T1738] usb 7-1: Product: syz [ 320.362167][ T1738] usb 7-1: Manufacturer: syz [ 320.367218][ T1738] usb 7-1: SerialNumber: syz [ 320.449454][ T1738] usb 7-1: config 0 descriptor?? [ 320.459688][ T7124] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 320.494456][ T1738] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 320.520040][ T11] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 320.532745][ T11] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 320.541378][ T11] usb 5-1: Product: syz [ 320.548847][ T11] usb 5-1: Manufacturer: syz [ 320.558046][ T11] usb 5-1: SerialNumber: syz [ 320.690048][ T11] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 320.783590][ T7124] loop6: detected capacity change from 0 to 8 [ 320.816478][ T5867] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 320.880133][ T7124] SQUASHFS error: lzo decompression failed, data probably corrupt [ 320.889319][ T7124] SQUASHFS error: Failed to read block 0x91: -5 [ 320.896403][ T7124] SQUASHFS error: Unable to read metadata cache entry [8f] [ 320.903992][ T7124] SQUASHFS error: Unable to read inode 0x11f [ 321.089662][ T1738] usb 7-1: USB disconnect, device number 2 [ 321.564615][ T7141] netlink: 27 bytes leftover after parsing attributes in process `syz.5.408'. [ 321.901982][ T11] usb 5-1: USB disconnect, device number 5 [ 322.041006][ T7145] loop2: detected capacity change from 0 to 256 [ 322.139841][ T7145] exfat: Deprecated parameter 'namecase' [ 322.147479][ T7145] exfat: Deprecated parameter 'utf8' [ 322.281039][ T7145] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d) [ 322.433502][ T5867] usb 5-1: Service connection timeout for: 257 [ 322.440326][ T5867] ath9k_htc 5-1:1.0: ath9k_htc: Unable to initialize HTC services [ 322.451412][ T5867] ath9k_htc: Failed to initialize the device [ 322.611357][ T11] usb 5-1: ath9k_htc: USB layer deinitialized [ 323.407153][ T7164] loop0: detected capacity change from 0 to 256 [ 323.466964][ T7164] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 323.478948][ T7164] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 323.690840][ T7164] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe5674ec2, utbl_chksum : 0xe619d30d) [ 324.040699][ T5815] Bluetooth: hci1: command 0x0406 tx timeout [ 324.044507][ T5810] Bluetooth: hci3: command 0x0406 tx timeout [ 324.404371][ T5867] usb 6-1: new full-speed USB device number 2 using dummy_hcd [ 324.623567][ T5867] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 324.636824][ T5867] usb 6-1: New USB device found, idVendor=057e, idProduct=200e, bcdDevice= 0.00 [ 324.651129][ T5867] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 324.684523][ T5867] usb 6-1: config 0 descriptor?? [ 325.301108][ T5867] nintendo 0003:057E:200E.0002: hidraw0: USB HID v80.00 Device [HID 057e:200e] on usb-dummy_hcd.5-1/input0 [ 325.377937][ T5867] nintendo 0003:057E:200E.0002: Failed charging grip handshake [ 325.388732][ T5867] nintendo 0003:057E:200E.0002: Failed to initialize controller; ret=-110 [ 325.427723][ T5867] nintendo 0003:057E:200E.0002: probe - fail = -110 [ 325.435997][ T5867] nintendo 0003:057E:200E.0002: probe with driver nintendo failed with error -110 [ 325.525007][ T5867] usb 6-1: USB disconnect, device number 2 [ 325.787458][ T7200] netlink: 132 bytes leftover after parsing attributes in process `syz.4.435'. [ 326.198147][ T7208] loop0: detected capacity change from 0 to 1024 [ 326.262287][ T7208] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 326.262415][ T7208] EXT4-fs (loop0): group descriptors corrupted! [ 326.627777][ T7214] loop5: detected capacity change from 0 to 128 [ 326.721909][ T7214] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 326.738499][ T7214] ext4 filesystem being mounted at /42/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 327.489848][ T6295] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 327.520668][ T7226] netlink: 16 bytes leftover after parsing attributes in process `syz.6.445'. [ 328.049836][ T7237] netlink: 4 bytes leftover after parsing attributes in process `syz.2.449'. [ 328.856024][ T7249] loop2: detected capacity change from 0 to 2048 [ 328.934448][ T5867] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 328.935087][ T7249] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024) [ 328.957619][ T7249] NILFS (loop2): mounting unchecked fs [ 329.172828][ T5867] usb 1-1: Using ep0 maxpacket: 8 [ 329.230862][ T7249] NILFS (loop2): recovery complete [ 329.274680][ T7255] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 329.277092][ T5867] usb 1-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 329.299090][ T5867] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 329.503436][ T30] audit: type=1800 audit(1756387890.608:13): pid=7249 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.454" name="file1" dev="loop2" ino=15 res=0 errno=0 [ 329.517615][ T5867] pvrusb2: Hardware description: Terratec Grabster AV400 [ 329.531432][ T5867] pvrusb2: ********** [ 329.538809][ T5867] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 329.549391][ T5867] pvrusb2: Important functionality might not be entirely working. [ 329.557715][ T5867] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 329.578715][ T5867] pvrusb2: ********** [ 329.902327][ T7257] loop4: detected capacity change from 0 to 128 [ 329.904709][ T2332] pvrusb2: Invalid write control endpoint [ 330.132555][ T7257] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 330.187271][ T1738] usb 1-1: USB disconnect, device number 5 [ 330.218137][ T7257] ext4 filesystem being mounted at /100/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 330.451514][ T7257] fscrypt (loop4, inode 12): Mutually exclusive encryption flags (0x17) [ 330.650747][ T2332] pvrusb2: Invalid write control endpoint [ 330.661838][ T2332] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 330.671554][ T2332] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 330.679507][ T2332] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 330.698535][ T2332] pvrusb2: Device being rendered inoperable [ 330.706631][ T2332] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 330.716865][ T2332] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 330.726146][ T2332] pvrusb2: Attached sub-driver cx25840 [ 330.731802][ T2332] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 330.742394][ T2332] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 330.958515][ T7264] netlink: 8 bytes leftover after parsing attributes in process `syz.2.460'. [ 330.970925][ T7264] gretap0: entered promiscuous mode [ 331.072162][ T5805] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 331.768185][ T7248] syz.6.455 (7248): drop_caches: 2 [ 332.521436][ T7274] loop2: detected capacity change from 0 to 8192 [ 332.553875][ T7284] loop4: detected capacity change from 0 to 128 [ 332.617070][ T7274] Dev loop2: RDB in block 1 has bad checksum [ 332.624160][ T7274] Dev loop2: unable to read RDB block 8 [ 332.635829][ T7274] loop2: unable to read partition table [ 332.652160][ T7284] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 332.671971][ T7285] mmap: syz.6.469 (7285) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 332.704615][ T7274] loop_reread_partitions: partition scan of loop2 () failed (rc=-5) [ 332.729191][ T7284] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 333.384207][ T36] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 333.735085][ T7297] loop2: detected capacity change from 0 to 128 [ 334.392697][ T7310] loop4: detected capacity change from 0 to 512 [ 334.467377][ T7310] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 334.637022][ T7310] EXT4-fs (loop4): 1 truncate cleaned up [ 334.646090][ T7310] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 334.874147][ T5867] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 334.909987][ T7320] loop2: detected capacity change from 0 to 64 [ 334.944669][ T30] audit: type=1800 audit(1756387896.048:14): pid=7310 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.482" name="file1" dev="loop4" ino=15 res=0 errno=0 [ 335.096661][ T5867] usb 7-1: Using ep0 maxpacket: 16 [ 335.136416][ T5867] usb 7-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice=10.00 [ 335.148900][ T5867] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 335.158232][ T5867] usb 7-1: Product: syz [ 335.162610][ T5867] usb 7-1: Manufacturer: syz [ 335.167657][ T5867] usb 7-1: SerialNumber: syz [ 335.265927][ T5867] usb 7-1: config 0 descriptor?? [ 335.267687][ T5805] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 335.306154][ T5867] ftdi_sio 7-1:0.0: FTDI USB Serial Device converter detected [ 335.318804][ T5867] usb 7-1: Detected FT-X [ 335.566956][ T5867] ftdi_sio ttyUSB0: Unable to read latency timer: -32 [ 336.040380][ T5867] ftdi_sio 7-1:0.0: GPIO initialisation failed: -71 [ 336.060677][ T5867] usb 7-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 336.084146][ T7331] loop5: detected capacity change from 0 to 2048 [ 336.127863][ T5867] usb 7-1: USB disconnect, device number 3 [ 336.150700][ T7331] EXT4-fs (loop5): couldn't mount as ext2 due to feature incompatibilities [ 336.189644][ T5867] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 336.204390][ T5867] ftdi_sio 7-1:0.0: device disconnected [ 336.994967][ T7344] program syz.0.497 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 337.482666][ T7353] loop6: detected capacity change from 0 to 128 [ 338.261388][ T7362] netlink: 16 bytes leftover after parsing attributes in process `syz.2.506'. [ 338.337108][ T7362] netlink: 4 bytes leftover after parsing attributes in process `syz.2.506'. [ 338.741591][ T4135] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 338.902554][ T4135] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 339.112224][ T4135] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 339.223112][ T7370] netlink: 'syz.6.511': attribute type 1 has an invalid length. [ 339.231203][ T7370] netlink: 'syz.6.511': attribute type 2 has an invalid length. [ 339.291893][ T4135] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 339.674169][ T4135] bridge_slave_1: left allmulticast mode [ 339.680052][ T4135] bridge_slave_1: left promiscuous mode [ 339.686952][ T4135] bridge0: port 2(bridge_slave_1) entered disabled state [ 339.712424][ T4135] bridge_slave_0: left allmulticast mode [ 339.718697][ T4135] bridge_slave_0: left promiscuous mode [ 339.725513][ T4135] bridge0: port 1(bridge_slave_0) entered disabled state [ 340.228543][ T4135] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 340.272447][ T4135] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 340.328295][ T4135] bond0 (unregistering): Released all slaves [ 340.910943][ T4135] hsr_slave_0: left promiscuous mode [ 340.942199][ T4135] hsr_slave_1: left promiscuous mode [ 340.954129][ T4135] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 340.961733][ T4135] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 340.991952][ T4135] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 340.999771][ T4135] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 341.077189][ T4135] veth1_macvtap: left promiscuous mode [ 341.082950][ T4135] veth0_macvtap: left promiscuous mode [ 341.089201][ T4135] veth1_vlan: left promiscuous mode [ 341.097912][ T4135] veth0_vlan: left promiscuous mode [ 341.355054][ T7381] netlink: 8 bytes leftover after parsing attributes in process `syz.4.517'. [ 341.904799][ T7386] program syz.0.518 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 341.962706][ T7385] loop2: detected capacity change from 0 to 1024 [ 342.154177][ T7385] hfsplus: extend alloc file! (8192,512,17039360) [ 342.224780][ T5812] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 342.299639][ T5812] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 342.405820][ T5812] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 342.420378][ T5812] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 342.442508][ T5812] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 342.535099][ T4135] team0 (unregistering): Port device team_slave_1 removed [ 342.566148][ T4135] team0 (unregistering): Port device team_slave_0 removed [ 343.499261][ T7401] af_packet: tpacket_rcv: packet too big, clamped from 102 to 4294967286. macoff=82 [ 344.116333][ T7390] chnl_net:caif_netlink_parms(): no params data found [ 344.515197][ T5812] Bluetooth: hci4: command tx timeout [ 345.696970][ T7390] bridge0: port 1(bridge_slave_0) entered blocking state [ 345.707171][ T7390] bridge0: port 1(bridge_slave_0) entered disabled state [ 345.716360][ T7390] bridge_slave_0: entered allmulticast mode [ 345.726515][ T7390] bridge_slave_0: entered promiscuous mode [ 345.948686][ T7390] bridge0: port 2(bridge_slave_1) entered blocking state [ 345.956872][ T7390] bridge0: port 2(bridge_slave_1) entered disabled state [ 345.965001][ T7390] bridge_slave_1: entered allmulticast mode [ 345.975550][ T7390] bridge_slave_1: entered promiscuous mode [ 346.125078][ T7442] netlink: 4 bytes leftover after parsing attributes in process `syz.6.539'. [ 346.160958][ T7444] loop4: detected capacity change from 0 to 256 [ 346.325920][ T7444] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x421408f7, utbl_chksum : 0xe619d30d) [ 346.340083][ T7444] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 346.417938][ T7390] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 346.522715][ T7390] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 346.594668][ T7448] block nbd0: shutting down sockets [ 346.600680][ T5812] Bluetooth: hci4: command tx timeout [ 346.732471][ T7390] team0: Port device team_slave_0 added [ 346.784536][ T7390] team0: Port device team_slave_1 added [ 346.959133][ T7390] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 346.969660][ T7390] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 346.997180][ T7390] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 347.197395][ T7390] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 347.204965][ T7390] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 347.235681][ T7390] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 347.848271][ T7390] hsr_slave_0: entered promiscuous mode [ 347.861767][ T7390] hsr_slave_1: entered promiscuous mode [ 347.871226][ T7390] debugfs: 'hsr0' already exists in 'hsr' [ 347.877329][ T7390] Cannot create hsr debugfs directory [ 348.705244][ T5812] Bluetooth: hci4: command tx timeout [ 349.182981][ T7390] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 349.241464][ T7390] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 349.342813][ T7390] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 349.406595][ T7390] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 350.676661][ T7493] nbd0: detected capacity change from 0 to 127 [ 350.688176][ T5812] block nbd0: Receive control failed (result -32) [ 350.728856][ T7390] 8021q: adding VLAN 0 to HW filter on device bond0 [ 350.759935][ T5812] Bluetooth: hci4: command tx timeout [ 350.827835][ T7390] 8021q: adding VLAN 0 to HW filter on device team0 [ 350.915142][ T3604] bridge0: port 1(bridge_slave_0) entered blocking state [ 350.922900][ T3604] bridge0: port 1(bridge_slave_0) entered forwarding state [ 351.031970][ T3604] bridge0: port 2(bridge_slave_1) entered blocking state [ 351.039866][ T3604] bridge0: port 2(bridge_slave_1) entered forwarding state [ 351.119912][ T7499] futex_wake_op: syz.0.566 tries to shift op by -1; fix this program [ 353.169235][ T7390] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 353.374137][ T1738] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 353.583583][ T1738] usb 5-1: Using ep0 maxpacket: 16 [ 353.611526][ T1738] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 353.622321][ T1738] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 353.761623][ T1738] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 353.771256][ T1738] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 353.779771][ T1738] usb 5-1: Product: syz [ 353.784355][ T1738] usb 5-1: Manufacturer: syz [ 353.789190][ T1738] usb 5-1: SerialNumber: syz [ 354.122567][ T1738] usb 5-1: 0:2 : does not exist [ 354.197338][ T1738] usb 5-1: 5:0: failed to get current value for ch 0 (-22) [ 354.346745][ T1738] usb 5-1: USB disconnect, device number 6 [ 354.353613][ T11] kernel read not supported for file /dsp1 (pid: 11 comm: kworker/0:1) [ 354.557790][ T7543] netlink: 4 bytes leftover after parsing attributes in process `syz.6.582'. [ 354.722731][ T7540] syz.2.581 (7540) used greatest stack depth: 2344 bytes left [ 355.463054][ T7554] loop0: detected capacity change from 0 to 512 [ 355.552586][ T7554] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem [ 355.652054][ T7554] EXT4-fs (loop0): invalid journal inode [ 355.658856][ T7554] EXT4-fs (loop0): can't get journal size [ 355.732788][ T7390] veth0_vlan: entered promiscuous mode [ 355.759902][ T7554] EXT4-fs (loop0): 1 truncate cleaned up [ 355.771688][ T7390] veth1_vlan: entered promiscuous mode [ 355.772359][ T7554] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 356.044099][ T7390] veth0_macvtap: entered promiscuous mode [ 356.125117][ T7390] veth1_macvtap: entered promiscuous mode [ 356.230481][ T5816] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 356.402851][ T7390] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 356.568353][ T7390] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 356.707281][ T4055] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 356.720624][ T4055] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 356.772788][ T4055] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 356.822586][ T4055] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 357.007179][ T7566] loop4: detected capacity change from 0 to 2048 [ 357.067067][ T7573] loop2: detected capacity change from 0 to 128 [ 357.212008][ T7576] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 357.347481][ T30] audit: type=1804 audit(1756387919.463:15): pid=7573 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.593" name="/newroot/134/file0/bus" dev="loop2" ino=1048622 res=1 errno=0 [ 357.374106][ T30] audit: type=1800 audit(1756387919.463:16): pid=7573 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.593" name="bus" dev="loop2" ino=1048622 res=0 errno=0 [ 357.828326][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 357.835185][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 358.151520][ T7589] loop2: detected capacity change from 0 to 128 [ 358.280455][ T30] audit: type=1800 audit(1756387920.393:17): pid=7589 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.598" name="file2" dev="loop2" ino=1048623 res=0 errno=0 [ 358.368454][ T7589] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100) [ 358.376805][ T7589] FAT-fs (loop2): Filesystem has been set read-only [ 358.384088][ T7589] syz.2.598: attempt to access beyond end of device [ 358.384088][ T7589] loop2: rw=524288, sector=2065, nr_sectors = 8 limit=128 [ 358.401825][ T7589] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100) [ 358.410182][ T7589] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100) [ 358.428741][ T7589] syz.2.598: attempt to access beyond end of device [ 358.428741][ T7589] loop2: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 358.474978][ T7589] syz.2.598: attempt to access beyond end of device [ 358.474978][ T7589] loop2: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 358.476640][ T7587] loop4: detected capacity change from 0 to 2048 [ 358.507177][ T7589] syz.2.598: attempt to access beyond end of device [ 358.507177][ T7589] loop2: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 358.554359][ T7589] syz.2.598: attempt to access beyond end of device [ 358.554359][ T7589] loop2: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 358.623535][ T7589] syz.2.598: attempt to access beyond end of device [ 358.623535][ T7589] loop2: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 358.674973][ T7587] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 358.690393][ T7589] syz.2.598: attempt to access beyond end of device [ 358.690393][ T7589] loop2: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 358.717839][ T7589] syz.2.598: attempt to access beyond end of device [ 358.717839][ T7589] loop2: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 358.777798][ T7589] syz.2.598: attempt to access beyond end of device [ 358.777798][ T7589] loop2: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 358.861429][ T7589] syz.2.598: attempt to access beyond end of device [ 358.861429][ T7589] loop2: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 359.064630][ T5805] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 359.085109][ T1738] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 359.293495][ T1738] usb 1-1: Using ep0 maxpacket: 8 [ 359.328005][ T1738] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 359.337662][ T1738] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 359.348544][ T1738] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 359.361182][ T1738] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 359.372578][ T1738] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 359.386292][ T1738] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 359.395850][ T1738] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 359.923941][ T1738] usb 1-1: GET_CAPABILITIES returned f8 [ 359.929980][ T1738] usbtmc 1-1:16.0: can't read capabilities [ 360.150761][ T7611] loop4: detected capacity change from 0 to 256 [ 360.171638][ T7611] exfat: Deprecated parameter 'utf8' [ 360.182392][ T7611] exfat: Deprecated parameter 'namecase' [ 360.197342][ T1738] usb 1-1: USB disconnect, device number 6 [ 360.297023][ T7611] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d) [ 360.746567][ T7619] netlink: 4 bytes leftover after parsing attributes in process `syz.6.608'. [ 360.812379][ T7619] netlink: 173 bytes leftover after parsing attributes in process `syz.6.608'. [ 360.865334][ T7621] netlink: 8 bytes leftover after parsing attributes in process `syz.2.609'. [ 361.351607][ T7626] loop0: detected capacity change from 0 to 1024 [ 361.532113][ T7626] EXT4-fs (loop0): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 361.545554][ T7626] ext4 filesystem being mounted at /136/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 362.152945][ T5816] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 362.311499][ T7641] loop6: detected capacity change from 0 to 2048 [ 362.413048][ T7641] UDF-fs: warning (device loop6): udf_load_logicalvol: Damaged or missing LVID, forcing readonly mount [ 362.744760][ T7641] loop6: detected capacity change from 0 to 1024 [ 362.905847][ T7641] hfsplus: request for non-existent node 211 in B*Tree [ 362.919801][ T7641] hfsplus: request for non-existent node 211 in B*Tree [ 363.614077][ T4135] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 363.622245][ T4135] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 363.781317][ T4135] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 363.781353][ T7664] tipc: Started in network mode [ 363.781421][ T4135] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 363.790683][ T7664] tipc: Node identity ac14140f, cluster identity 4711 [ 363.791747][ T7664] tipc: New replicast peer: 255.255.255.255 [ 363.822632][ T7664] tipc: Enabled bearer , priority 10 [ 363.896684][ T7669] netlink: 12 bytes leftover after parsing attributes in process `syz.6.624'. [ 364.418759][ T7675] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input9 [ 364.935611][ T1738] tipc: Node number set to 2886997007 [ 365.147093][ T7680] loop7: detected capacity change from 0 to 4096 [ 365.996620][ T7698] loop2: detected capacity change from 0 to 256 [ 366.058049][ T7698] exFAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 366.069593][ T7698] exFAT-fs (loop2): Medium has reported failures. Some data may be lost. [ 366.210916][ T7698] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000ff98, chksum : 0xc64c1d22, utbl_chksum : 0xe619d30d) [ 366.438953][ T7702] loop4: detected capacity change from 0 to 512 [ 366.568351][ T7702] EXT4-fs error (device loop4): ext4_orphan_get:1392: inode #15: comm syz.4.640: casefold flag without casefold feature [ 366.650181][ T7702] EXT4-fs error (device loop4): ext4_orphan_get:1397: comm syz.4.640: couldn't read orphan inode 15 (err -117) [ 366.727143][ T7702] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 366.923641][ T1738] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 367.135957][ T1738] usb 1-1: Using ep0 maxpacket: 8 [ 367.167973][ T1738] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 367.180487][ T1738] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 367.190930][ T1738] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 367.204598][ T1738] usb 1-1: New USB device found, idVendor=046d, idProduct=c293, bcdDevice= 0.00 [ 367.214414][ T1738] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 367.280883][ T1738] usb 1-1: config 0 descriptor?? [ 367.336790][ T5805] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 367.753426][ T1738] logitech 0003:046D:C293.0003: nested delimiters [ 367.760106][ T1738] logitech 0003:046D:C293.0003: item 0 4 2 10 parsing failed [ 367.826459][ T1738] logitech 0003:046D:C293.0003: parse failed [ 367.833919][ T1738] logitech 0003:046D:C293.0003: probe with driver logitech failed with error -22 [ 367.975087][ T1738] usb 1-1: USB disconnect, device number 7 [ 368.132710][ T7727] loop4: detected capacity change from 0 to 128 [ 368.262030][ T30] audit: type=1800 audit(1756387930.373:18): pid=7727 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.651" name="bus" dev="loop4" ino=1048631 res=0 errno=0 [ 368.410957][ T7732] netlink: 48 bytes leftover after parsing attributes in process `syz.2.652'. [ 368.458730][ T7733] hsr0: entered promiscuous mode [ 369.627655][ T7751] loop0: detected capacity change from 0 to 64 [ 369.678277][ T7751] hfs: unable to locate alternate MDB [ 369.684312][ T7751] hfs: continuing without an alternate MDB [ 370.089992][ T7754] loop6: detected capacity change from 0 to 512 [ 370.262778][ T7754] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 370.280284][ T7754] ext4 filesystem being mounted at /79/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 370.403794][ T30] audit: type=1800 audit(1756387932.503:19): pid=7762 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.667" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0 [ 370.587279][ T7768] netlink: 4 bytes leftover after parsing attributes in process `syz.7.670'. [ 370.691514][ T6574] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 371.757213][ T7781] netlink: 4 bytes leftover after parsing attributes in process `syz.0.677'. [ 371.865469][ T7783] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only [ 371.879094][ T7783] overlayfs: fs on '.' does not support file handles, falling back to index=off,nfs_export=off. [ 371.890375][ T7783] overlayfs: failed to get uuid (81/file0, err=-13); falling back to uuid=null. [ 372.150504][ T7786] netlink: 4 bytes leftover after parsing attributes in process `syz.4.679'. [ 372.199924][ T7788] netlink: 104 bytes leftover after parsing attributes in process `syz.4.679'. [ 372.209999][ T7788] netlink: 104 bytes leftover after parsing attributes in process `syz.4.679'. [ 372.271174][ T7787] loop2: detected capacity change from 0 to 512 [ 372.500825][ T7787] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 372.518466][ T7787] ext4 filesystem being mounted at /155/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 372.727702][ T7787] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 372.992608][ T5804] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 373.259278][ T30] audit: type=1326 audit(1756387935.373:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7806 comm="syz.4.687" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f87539 code=0x7ffc0000 [ 373.358621][ T30] audit: type=1326 audit(1756387935.403:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7806 comm="syz.4.687" exe="/root/syz-executor" sig=0 arch=40000003 syscall=122 compat=1 ip=0xf7f87539 code=0x7ffc0000 [ 373.381176][ T30] audit: type=1326 audit(1756387935.403:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7806 comm="syz.4.687" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f87539 code=0x7ffc0000 [ 373.888588][ T7810] loop0: detected capacity change from 0 to 2048 [ 374.028730][ T7819] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 374.174862][ T7819] NILFS (loop0): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3) [ 374.188256][ T7819] NILFS error (device loop0): nilfs_bmap_propagate: broken bmap (inode number=4) [ 374.238560][ T7819] Remounting filesystem read-only [ 374.479910][ T7824] netlink: 144 bytes leftover after parsing attributes in process `syz.7.694'. [ 374.482474][ T11] kernel write not supported for file /binder/state (pid: 11 comm: kworker/0:1) [ 374.721332][ T5816] NILFS (loop0): disposed unprocessed dirty file(s) when stopping log writer [ 375.543002][ T7833] netlink: 64 bytes leftover after parsing attributes in process `syz.2.698'. [ 375.554238][ T7833] netlink: 64 bytes leftover after parsing attributes in process `syz.2.698'. [ 375.605583][ T7825] loop4: detected capacity change from 0 to 8192 [ 376.713945][ T5867] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 376.905512][ T5867] usb 8-1: Using ep0 maxpacket: 32 [ 376.983492][ T5867] usb 8-1: New USB device found, idVendor=0c72, idProduct=000d, bcdDevice=27.9b [ 376.993088][ T5867] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 377.007392][ T5867] usb 8-1: Product: syz [ 377.011943][ T5867] usb 8-1: Manufacturer: syz [ 377.017031][ T5867] usb 8-1: SerialNumber: syz [ 377.031852][ T5867] usb 8-1: config 0 descriptor?? [ 377.336296][ T5812] Bluetooth: hci1: unexpected event for opcode 0x1009 [ 377.798490][ T5867] peak_usb 8-1:0.0: PEAK-System PCAN-USB Pro hwrev 0 serial 00000000.00000000 (2 channels) [ 377.809491][ T5867] peak_usb 8-1:0.0 can0: sending command failure: -22 [ 377.820790][ T5867] peak_usb 8-1:0.0 can0: sending command failure: -22 [ 378.128052][ T5867] peak_usb 8-1:0.0: probe with driver peak_usb failed with error -22 [ 378.243574][ T5867] usb 8-1: USB disconnect, device number 2 [ 378.461035][ T7852] loop4: detected capacity change from 0 to 40427 [ 378.475329][ T7852] F2FS-fs (loop4): build fault injection rate: 771 [ 378.486675][ T7852] F2FS-fs (loop4): invalid crc value [ 378.758007][ T7861] netlink: 'syz.2.710': attribute type 9 has an invalid length. [ 378.768262][ T7861] netlink: 8 bytes leftover after parsing attributes in process `syz.2.710'. [ 378.799782][ T7861] hsr0: entered promiscuous mode [ 378.808652][ T7861] macvlan2: entered promiscuous mode [ 378.821685][ T7861] macvlan2: entered allmulticast mode [ 378.827785][ T7861] hsr0: entered allmulticast mode [ 378.837207][ T7861] hsr_slave_0: entered allmulticast mode [ 378.846972][ T7861] hsr_slave_1: entered allmulticast mode [ 378.873325][ T7852] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 378.900092][ T7852] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 380.021833][ T7877] netlink: 4 bytes leftover after parsing attributes in process `syz.0.718'. [ 380.072538][ T7877] netlink: 4 bytes leftover after parsing attributes in process `syz.0.718'. [ 381.457574][ T5812] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 381.466492][ T5812] Bluetooth: hci1: Injecting HCI hardware error event [ 381.481874][ T5812] Bluetooth: hci1: hardware error 0x00 [ 382.290309][ T7891] loop0: detected capacity change from 0 to 4096 [ 382.450039][ T7891] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 382.579957][ T7898] nbd1: detected capacity change from 0 to 127 [ 382.592706][ T5810] block nbd1: Receive control failed (result -32) [ 382.742102][ T7891] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #15: comm syz.0.723: corrupted inode contents [ 382.745247][ T30] audit: type=1800 audit(1756387944.853:23): pid=7891 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.723" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 382.791202][ T7891] EXT4-fs error (device loop0): ext4_dirty_inode:6538: inode #15: comm syz.0.723: mark_inode_dirty error [ 382.852461][ T7891] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #15: comm syz.0.723: corrupted inode contents [ 382.945628][ T7891] EXT4-fs error (device loop0): __ext4_ext_dirty:206: inode #15: comm syz.0.723: mark_inode_dirty error [ 383.062031][ T7891] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #15: comm syz.0.723: corrupted inode contents [ 383.135196][ T7910] netlink: 'syz.2.729': attribute type 1 has an invalid length. [ 383.136736][ T7891] EXT4-fs error (device loop0): __ext4_ext_dirty:206: inode #15: comm syz.0.723: mark_inode_dirty error [ 383.143547][ T7910] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 383.197976][ T7903] loop6: detected capacity change from 0 to 4096 [ 383.244031][ T7891] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #15: comm syz.0.723: corrupted inode contents [ 383.267546][ T7891] EXT4-fs error (device loop0): ext4_truncate:4666: inode #15: comm syz.0.723: mark_inode_dirty error [ 383.297148][ T7891] EXT4-fs error (device loop0) in ext4_setattr:6071: Corrupt filesystem [ 383.356178][ T7906] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #15: comm syz.0.723: corrupted inode contents [ 383.564433][ T5812] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 383.820424][ T5816] EXT4-fs warning (device loop0): ext4_evict_inode:257: couldn't mark inode dirty (err -117) [ 383.911120][ T5816] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 384.538533][ T7925] loop2: detected capacity change from 0 to 64 [ 385.340680][ T3971] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 385.482136][ T3971] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 385.579252][ T3971] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 385.724338][ T3971] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 385.991335][ T3971] bridge_slave_1: left allmulticast mode [ 385.998071][ T3971] bridge_slave_1: left promiscuous mode [ 386.004979][ T3971] bridge0: port 2(bridge_slave_1) entered disabled state [ 386.028423][ T3971] bridge_slave_0: left allmulticast mode [ 386.034953][ T3971] bridge_slave_0: left promiscuous mode [ 386.041579][ T3971] bridge0: port 1(bridge_slave_0) entered disabled state [ 386.655651][ T3971] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 386.768907][ T3971] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 386.837768][ T3971] bond0 (unregistering): Released all slaves [ 386.871727][ T7936] input: syz1 as /devices/virtual/input/input10 [ 387.773745][ T7945] loop0: detected capacity change from 0 to 512 [ 387.789794][ T3971] hsr_slave_0: left promiscuous mode [ 387.801672][ T3971] hsr_slave_1: left promiscuous mode [ 387.810588][ T3971] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 387.818558][ T3971] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 387.885167][ T3971] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 387.897832][ T3971] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 387.925376][ T5810] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 387.938940][ T5810] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 387.949099][ T5810] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 387.988517][ T3971] veth1_macvtap: left promiscuous mode [ 387.994759][ T3971] veth0_macvtap: left promiscuous mode [ 388.000837][ T3971] veth1_vlan: left promiscuous mode [ 388.006910][ T3971] veth0_vlan: left promiscuous mode [ 388.049806][ T7945] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 388.063518][ T7945] ext4 filesystem being mounted at /161/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 388.161192][ T5810] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 388.228320][ T5810] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 388.855503][ T3971] team0 (unregistering): Port device team_slave_1 removed [ 388.905967][ T3971] team0 (unregistering): Port device team_slave_0 removed [ 389.093029][ T5816] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 390.439051][ T5812] Bluetooth: hci4: command tx timeout [ 390.464277][ T7948] chnl_net:caif_netlink_parms(): no params data found [ 391.646901][ T7989] netlink: 132 bytes leftover after parsing attributes in process `syz.0.762'. [ 391.764309][ T5860] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 392.063944][ T5860] usb 7-1: Using ep0 maxpacket: 32 [ 392.123669][ T5860] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 9 [ 392.166899][ T5860] usb 7-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c [ 392.176580][ T5860] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 392.189540][ T5860] usb 7-1: Product: syz [ 392.195198][ T5860] usb 7-1: Manufacturer: syz [ 392.200036][ T5860] usb 7-1: SerialNumber: syz [ 392.294424][ T5860] usb 7-1: config 0 descriptor?? [ 392.302589][ T7986] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 392.373513][ T5860] input: syz syz as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/input/input11 [ 392.411619][ T7948] bridge0: port 1(bridge_slave_0) entered blocking state [ 392.419481][ T7948] bridge0: port 1(bridge_slave_0) entered disabled state [ 392.427859][ T7948] bridge_slave_0: entered allmulticast mode [ 392.441503][ T7948] bridge_slave_0: entered promiscuous mode [ 392.542416][ T5812] Bluetooth: hci4: command tx timeout [ 392.560882][ T7999] loop2: detected capacity change from 0 to 128 [ 392.595795][ T7948] bridge0: port 2(bridge_slave_1) entered blocking state [ 392.605416][ T7948] bridge0: port 2(bridge_slave_1) entered disabled state [ 392.616154][ T7948] bridge_slave_1: entered allmulticast mode [ 392.637273][ T7948] bridge_slave_1: entered promiscuous mode [ 392.758865][ T30] audit: type=1800 audit(1756387954.863:24): pid=7999 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.766" name="file1" dev="loop2" ino=1048632 res=0 errno=0 [ 392.974503][ T2231] usb 7-1: USB disconnect, device number 4 [ 392.974580][ C1] usbtouchscreen 7-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19 [ 393.006912][ T7948] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 393.045623][ T7948] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 393.299338][ T7948] team0: Port device team_slave_0 added [ 393.368435][ T7948] team0: Port device team_slave_1 added [ 393.539150][ T7948] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 393.547307][ T7948] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 393.578254][ T7948] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 393.744343][ T7948] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 393.752637][ T7948] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 393.784153][ T7948] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 394.184732][ T8011] syzkaller0: tun_chr_ioctl cmd 1074025677 [ 394.191403][ T8011] syzkaller0: linktype set to 773 [ 394.220659][ T7948] hsr_slave_0: entered promiscuous mode [ 394.231888][ T7948] hsr_slave_1: entered promiscuous mode [ 394.241895][ T7948] debugfs: 'hsr0' already exists in 'hsr' [ 394.248368][ T7948] Cannot create hsr debugfs directory [ 394.601909][ T5812] Bluetooth: hci4: command tx timeout [ 395.389473][ T7948] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 395.441585][ T7948] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 395.526367][ T7948] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 395.585679][ T7948] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 396.620261][ T8044] loop4: detected capacity change from 0 to 1024 [ 396.673716][ T5812] Bluetooth: hci4: command tx timeout [ 396.773048][ T8042] loop0: detected capacity change from 0 to 4096 [ 396.819998][ T7948] 8021q: adding VLAN 0 to HW filter on device bond0 [ 396.842691][ T8044] EXT4-fs (loop4): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 396.858583][ T8044] ext4 filesystem being mounted at /173/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 396.986241][ T7948] 8021q: adding VLAN 0 to HW filter on device team0 [ 397.066542][ T8052] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 397.101629][ T8044] EXT4-fs error (device loop4): ext4_free_blocks:6696: comm syz.4.787: Freeing blocks not in datazone - block = 0, count = 16 [ 397.115699][ T4028] bridge0: port 1(bridge_slave_0) entered blocking state [ 397.123567][ T4028] bridge0: port 1(bridge_slave_0) entered forwarding state [ 397.240478][ T4028] bridge0: port 2(bridge_slave_1) entered blocking state [ 397.248185][ T4028] bridge0: port 2(bridge_slave_1) entered forwarding state [ 397.584525][ T5805] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 397.727269][ T8055] netlink: 28 bytes leftover after parsing attributes in process `syz.6.790'. [ 398.780437][ T8071] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3) [ 398.787634][ T8071] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 398.802419][ T8071] vhci_hcd vhci_hcd.0: Device attached [ 398.875557][ T5860] usb 3-1: new full-speed USB device number 5 using dummy_hcd [ 398.900982][ T8075] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 399.023518][ T8071] vhci_hcd vhci_hcd.0: pdev(0) rhport(2) sockfd(7) [ 399.030318][ T8071] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 399.041755][ T8071] vhci_hcd vhci_hcd.0: Device attached [ 399.066846][ T5866] usb 33-1: new low-speed USB device number 2 using vhci_hcd [ 399.075904][ T8075] vhci_hcd vhci_hcd.0: pdev(0) rhport(3) sockfd(10) [ 399.082791][ T8075] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 399.093658][ T8075] vhci_hcd vhci_hcd.0: Device attached [ 399.183980][ T5860] usb 3-1: unable to get BOS descriptor or descriptor too short [ 399.234614][ T8079] vhci_hcd: connection closed [ 399.236496][ T4055] vhci_hcd: stop threads [ 399.246959][ T4055] vhci_hcd: release socket [ 399.250452][ T5860] usb 3-1: no configurations [ 399.251779][ T4055] vhci_hcd: disconnect device [ 399.256706][ T5860] usb 3-1: can't read configurations, error -22 [ 399.271479][ T8072] vhci_hcd: connection reset by peer [ 399.308455][ T8076] vhci_hcd: connection closed [ 399.365645][ T4055] vhci_hcd: stop threads [ 399.375287][ T4055] vhci_hcd: release socket [ 399.380086][ T4055] vhci_hcd: disconnect device [ 399.415703][ T4055] vhci_hcd: stop threads [ 399.420268][ T4055] vhci_hcd: release socket [ 399.426681][ T4055] vhci_hcd: disconnect device [ 399.441713][ T7948] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 400.311884][ T8092] loop4: detected capacity change from 0 to 64 [ 400.330021][ T8095] loop6: detected capacity change from 0 to 1024 [ 400.443887][ T8095] EXT4-fs (loop6): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 400.457631][ T8095] ext4 filesystem being mounted at /107/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 401.055932][ T36] EXT4-fs error (device loop6): ext4_map_blocks:814: inode #15: comm kworker/u8:2: lblock 0 mapped to illegal pblock 0 (length 1) [ 401.103522][ T36] EXT4-fs (loop6): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 117 [ 401.116921][ T36] EXT4-fs (loop6): This should not happen!! Data will be lost [ 401.116921][ T36] [ 401.188752][ T6574] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 401.320570][ T8108] netlink: 24 bytes leftover after parsing attributes in process `syz.4.806'. [ 401.926524][ T7948] veth0_vlan: entered promiscuous mode [ 402.095137][ T7948] veth1_vlan: entered promiscuous mode [ 402.224868][ T8122] input: syz1 as /devices/virtual/input/input12 [ 402.511156][ T7948] veth0_macvtap: entered promiscuous mode [ 402.585352][ T7948] veth1_macvtap: entered promiscuous mode [ 402.837279][ T7948] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 402.936210][ T7948] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 403.079869][ T4135] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 403.155328][ T57] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 403.203722][ T57] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 403.241999][ T57] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 404.206691][ T5866] vhci_hcd: vhci_device speed not set [ 405.779592][ T30] audit: type=1326 audit(1756387967.893:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8168 comm="syz.2.829" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff4539 code=0x7ffc0000 [ 405.865161][ T30] audit: type=1326 audit(1756387967.953:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8168 comm="syz.2.829" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7ff4539 code=0x7ffc0000 [ 405.891057][ T30] audit: type=1326 audit(1756387967.973:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8168 comm="syz.2.829" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff4539 code=0x7ffc0000 [ 406.004928][ T5810] Bluetooth: hci2: command 0x0406 tx timeout [ 406.286596][ T30] audit: type=1326 audit(1756387968.043:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8168 comm="syz.2.829" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7ff4539 code=0x7ffc0000 [ 406.309366][ T30] audit: type=1326 audit(1756387968.043:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8168 comm="syz.2.829" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff4539 code=0x7ffc0000 [ 406.332084][ T30] audit: type=1326 audit(1756387968.053:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8168 comm="syz.2.829" exe="/root/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf7ff4539 code=0x7ffc0000 [ 406.355746][ T30] audit: type=1326 audit(1756387968.053:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8168 comm="syz.2.829" exe="/root/syz-executor" sig=0 arch=40000003 syscall=173 compat=1 ip=0xf7ff4567 code=0x7ffc0000 [ 406.381993][ T30] audit: type=1326 audit(1756387968.053:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8168 comm="syz.2.829" exe="/root/syz-executor" sig=0 arch=40000003 syscall=237 compat=1 ip=0xf7ff4539 code=0x7ffc0000 [ 406.405732][ T30] audit: type=1326 audit(1756387968.063:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8168 comm="syz.2.829" exe="/root/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf7ff4539 code=0x7ffc0000 [ 406.428083][ T30] audit: type=1326 audit(1756387968.063:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8168 comm="syz.2.829" exe="/root/syz-executor" sig=0 arch=40000003 syscall=173 compat=1 ip=0xf7ff4567 code=0x7ffc0000 [ 406.555819][ T5866] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 406.565642][ T0] NOHZ tick-stop error: local softirq work is pending, handler #242!!! [ 406.684788][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 406.794871][ T5866] usb 1-1: Using ep0 maxpacket: 32 [ 406.855991][ T5866] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 406.867416][ T5866] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 406.882064][ T5866] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 406.892634][ T5866] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 407.017073][ T5866] usb 1-1: config 0 descriptor?? [ 407.314571][ T8184] loop6: detected capacity change from 0 to 164 [ 407.517754][ T5866] savu 0003:1E7D:2D5A.0004: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.0-1/input0 [ 407.789418][ T2231] usb 1-1: USB disconnect, device number 8 [ 408.176378][ T8195] netlink: 'syz.4.838': attribute type 2 has an invalid length. [ 409.304897][ T8213] netlink: 4 bytes leftover after parsing attributes in process `syz.2.845'. [ 410.127459][ T8226] netlink: 4 bytes leftover after parsing attributes in process `syz.4.850'. [ 411.006637][ T4226] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 411.015738][ T4226] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 411.318581][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 411.326874][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 411.506717][ T24] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 411.713676][ T24] usb 5-1: Using ep0 maxpacket: 32 [ 411.755894][ T24] usb 5-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 411.765811][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 411.819947][ T24] usb 5-1: config 0 descriptor?? [ 412.126853][ T24] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 412.175138][ T24] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 412.214204][ T24] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 412.221788][ T24] usb 5-1: media controller created [ 412.311071][ T24] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 412.331913][ T8255] netlink: 'syz.2.862': attribute type 1 has an invalid length. [ 412.627149][ T24] az6027: usb out operation failed. (-71) [ 412.650692][ T24] az6027: usb out operation failed. (-71) [ 412.656989][ T24] stb0899_attach: Driver disabled by Kconfig [ 412.664499][ T24] az6027: no front-end attached [ 412.664499][ T24] [ 412.706710][ T24] az6027: usb out operation failed. (-71) [ 412.719110][ T24] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 412.729286][ T24] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb5/5-1/input/input13 [ 412.795812][ T24] dvb-usb: schedule remote query interval to 400 msecs. [ 412.803090][ T24] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 412.928858][ T8261] mkiss: ax0: crc mode is auto. [ 412.952759][ T24] usb 5-1: USB disconnect, device number 7 [ 413.345042][ T24] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 413.464004][ T5860] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 413.632709][ T8273] loop4: detected capacity change from 0 to 256 [ 413.665320][ T5860] usb 7-1: config 0 has an invalid interface number: 1 but max is 0 [ 413.673880][ T5860] usb 7-1: config 0 has no interface number 0 [ 413.723395][ T5860] usb 7-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 413.735703][ T5860] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 413.744986][ T5860] usb 7-1: Product: syz [ 413.749901][ T5860] usb 7-1: Manufacturer: syz [ 413.754961][ T5860] usb 7-1: SerialNumber: syz [ 413.786156][ T5860] usb 7-1: config 0 descriptor?? [ 414.043566][ T5860] usb 7-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state [ 414.085049][ T5860] usb 7-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 414.097143][ T5860] dvbdev: DVB: registering new adapter (E3C EC168 reference design) [ 414.105823][ T5860] usb 7-1: media controller created [ 414.214154][ T5860] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 415.357699][ T5860] i2c i2c-1: ec100: i2c rd failed=-71 reg=33 [ 415.578819][ T8290] netlink: 28 bytes leftover after parsing attributes in process `syz.4.878'. [ 415.825776][ T5860] usb 7-1: USB disconnect, device number 5 [ 416.686459][ T8312] netlink: 'syz.0.886': attribute type 21 has an invalid length. [ 418.408257][ T8338] netlink: 8 bytes leftover after parsing attributes in process `syz.2.895'. [ 418.417850][ T8338] sch_tbf: burst 6 is lower than device team_slave_0 mtu (1514) ! [ 419.004187][ T2231] kernel write not supported for file /sg0 (pid: 2231 comm: kworker/0:2) [ 419.273980][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 419.280857][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 419.446163][ T8355] loop4: detected capacity change from 0 to 256 [ 419.511751][ T8355] exFAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 419.523335][ T8355] exFAT-fs (loop4): Medium has reported failures. Some data may be lost. [ 419.662206][ T8355] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 420.918355][ T8383] loop2: detected capacity change from 0 to 256 [ 420.934354][ T8383] exfat: Deprecated parameter 'utf8' [ 421.036130][ T8383] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d) [ 421.073567][ T8386] mac80211_hwsim hwsim10 wlan0: entered promiscuous mode [ 421.081095][ T8386] macsec1: entered allmulticast mode [ 421.087072][ T8386] mac80211_hwsim hwsim10 wlan0: entered allmulticast mode [ 421.167629][ T8386] mac80211_hwsim hwsim10 wlan0: left allmulticast mode [ 421.175117][ T8386] mac80211_hwsim hwsim10 wlan0: left promiscuous mode [ 422.799429][ T8402] sctp: [Deprecated]: syz.0.923 (pid 8402) Use of int in maxseg socket option. [ 422.799429][ T8402] Use struct sctp_assoc_value instead [ 424.110355][ T8422] loop2: detected capacity change from 0 to 128 [ 424.159941][ T8422] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256 [ 424.286097][ T8422] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 424.477960][ T8422] UDF-fs: error (device loop2): udf_bitmap_new_block: bitmap for partition 0 corrupted (block 48 marked as free, partition length is 40) [ 424.498326][ T8422] overlayfs: failed to create directory ./bus/work (errno: 5); mounting read-only [ 424.515227][ T8422] overlayfs: failed to get uuid (/file0, err=-95); falling back to uuid=null. [ 425.041762][ T5804] UDF-fs: error (device loop2): udf_read_inode: (ino 89) failed !bh [ 425.076824][ T5804] UDF-fs: error (device loop2): udf_read_inode: (ino 89) failed !bh [ 425.745102][ T8441] netlink: 36 bytes leftover after parsing attributes in process `syz.6.942'. [ 428.120225][ T8456] loop6: detected capacity change from 0 to 128 [ 428.212084][ T8456] EXT4-fs (loop6): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 428.311818][ T8456] ext4 filesystem being mounted at /138/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 428.737723][ T5810] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 428.747977][ T5810] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 428.759471][ T5810] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 428.790278][ T5810] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 428.807446][ T5810] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 429.308560][ T6574] EXT4-fs (loop6): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 430.344651][ T8463] chnl_net:caif_netlink_parms(): no params data found [ 430.457533][ T8484] loop0: detected capacity change from 0 to 764 [ 430.914699][ T5810] Bluetooth: hci1: command tx timeout [ 432.320089][ T8463] bridge0: port 1(bridge_slave_0) entered blocking state [ 432.330733][ T8463] bridge0: port 1(bridge_slave_0) entered disabled state [ 432.338931][ T8463] bridge_slave_0: entered allmulticast mode [ 432.348985][ T8463] bridge_slave_0: entered promiscuous mode [ 432.442001][ T8463] bridge0: port 2(bridge_slave_1) entered blocking state [ 432.450387][ T8463] bridge0: port 2(bridge_slave_1) entered disabled state [ 432.458432][ T8463] bridge_slave_1: entered allmulticast mode [ 432.468536][ T8463] bridge_slave_1: entered promiscuous mode [ 432.964834][ T8463] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 432.993626][ T5810] Bluetooth: hci1: command tx timeout [ 433.071602][ T8463] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 433.374905][ T8463] team0: Port device team_slave_0 added [ 433.407428][ T8463] team0: Port device team_slave_1 added [ 433.654633][ T8463] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 433.661800][ T8463] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 433.692344][ T8463] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 433.851367][ T8519] loop4: detected capacity change from 0 to 4096 [ 433.881674][ T8463] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 433.889162][ T8463] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 433.923448][ T8463] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 434.018230][ T8522] loop8: detected capacity change from 0 to 4096 [ 434.026046][ T8527] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 434.077506][ T8522] ntfs3(loop8): Different NTFS sector size (4096) and media sector size (512). [ 434.386570][ T8463] hsr_slave_0: entered promiscuous mode [ 434.397394][ T8463] hsr_slave_1: entered promiscuous mode [ 434.406498][ T8463] debugfs: 'hsr0' already exists in 'hsr' [ 434.412566][ T8463] Cannot create hsr debugfs directory [ 434.524213][ T8522] ntfs3(loop8): Mark volume as dirty due to NTFS errors [ 434.611396][ T8522] ntfs3(loop8): ino=1e, mi_enum_attr [ 434.617352][ T8522] ntfs3(loop8): ino=1e, mi_enum_attr [ 435.082264][ T5810] Bluetooth: hci1: command tx timeout [ 435.826256][ T8538] loop4: detected capacity change from 0 to 4096 [ 436.021424][ T8538] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 436.341717][ T8463] netdevsim netdevsim9 netdevsim0: renamed from eth0 [ 436.422487][ T8463] netdevsim netdevsim9 netdevsim1: renamed from eth1 [ 436.528644][ T8463] netdevsim netdevsim9 netdevsim2: renamed from eth2 [ 436.569892][ T5805] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 436.734909][ T8463] netdevsim netdevsim9 netdevsim3: renamed from eth3 [ 436.807692][ T8553] loop6: detected capacity change from 0 to 512 [ 436.846640][ T8553] FAT-fs (loop6): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 436.946634][ T8557] overlayfs: overlapping lowerdir path [ 437.163350][ T5810] Bluetooth: hci1: command tx timeout [ 437.734785][ T8562] loop4: detected capacity change from 0 to 512 [ 437.874598][ T8562] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 437.890943][ T8562] ext4 filesystem being mounted at /219/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 438.140455][ T8463] 8021q: adding VLAN 0 to HW filter on device bond0 [ 438.378105][ T8463] 8021q: adding VLAN 0 to HW filter on device team0 [ 438.481671][ T5805] EXT4-fs error (device loop4): ext4_ext_check_inode:523: inode #11: comm syz-executor: pblk 0 bad header/extent: invalid magic - magic 0, entries 0, max 0(0), depth 0(0) [ 438.549605][ T5805] EXT4-fs error (device loop4): ext4_ext_check_inode:523: inode #11: comm syz-executor: pblk 0 bad header/extent: invalid magic - magic 0, entries 0, max 0(0), depth 0(0) [ 438.640174][ T4226] bridge0: port 1(bridge_slave_0) entered blocking state [ 438.648471][ T4226] bridge0: port 1(bridge_slave_0) entered forwarding state [ 438.665966][ T4226] bridge0: port 2(bridge_slave_1) entered blocking state [ 438.673652][ T4226] bridge0: port 2(bridge_slave_1) entered forwarding state [ 439.740141][ T8508] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 440.547344][ T8463] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 441.960482][ T8463] veth0_vlan: entered promiscuous mode [ 442.093403][ T8463] veth1_vlan: entered promiscuous mode [ 442.444859][ T8463] veth0_macvtap: entered promiscuous mode [ 442.551323][ T8463] veth1_macvtap: entered promiscuous mode [ 442.780531][ T8463] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 442.808811][ T5816] cgroup: fork rejected by pids controller in /syz0 [ 442.885133][ T8463] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 443.023746][ T3604] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 443.080075][ T4135] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 443.157062][ T4135] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 443.197630][ T4135] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 443.320804][ T5812] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 443.334761][ T5812] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 443.348992][ T5812] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 443.363374][ T5812] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 443.375452][ T5812] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 443.817121][ T8615] netlink: 16 bytes leftover after parsing attributes in process `syz.6.1014'. [ 444.331828][ T3604] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 444.543793][ T3604] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 444.727542][ T24] kernel write not supported for file /sequencer (pid: 24 comm: kworker/1:0) [ 444.788146][ T3604] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 445.044562][ T3604] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 445.494684][ T5812] Bluetooth: hci0: command tx timeout [ 445.711991][ T8608] chnl_net:caif_netlink_parms(): no params data found [ 445.844068][ T3604] bridge_slave_1: left allmulticast mode [ 445.850068][ T3604] bridge_slave_1: left promiscuous mode [ 445.857790][ T3604] bridge0: port 2(bridge_slave_1) entered disabled state [ 445.934230][ T3604] bridge_slave_0: left allmulticast mode [ 445.940200][ T3604] bridge_slave_0: left promiscuous mode [ 445.947470][ T3604] bridge0: port 1(bridge_slave_0) entered disabled state [ 446.540011][ T3604] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 446.592645][ T3604] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 446.618637][ T3604] bond0 (unregistering): Released all slaves [ 447.369263][ T8637] netlink: 12 bytes leftover after parsing attributes in process `syz.8.1020'. [ 447.433362][ T3604] hsr_slave_0: left promiscuous mode [ 447.495190][ T3604] hsr_slave_1: left promiscuous mode [ 447.503717][ T3604] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 447.511393][ T3604] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 447.561172][ T5812] Bluetooth: hci0: command tx timeout [ 447.582497][ T3604] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 447.590671][ T3604] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 447.680617][ T3604] veth1_macvtap: left promiscuous mode [ 447.686747][ T3604] veth0_macvtap: left promiscuous mode [ 447.692841][ T3604] veth1_vlan: left promiscuous mode [ 447.703829][ T3604] veth0_vlan: left promiscuous mode [ 448.202895][ T5810] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 448.212964][ T5810] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 448.233828][ T5810] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 448.270327][ T5810] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 448.282821][ T5810] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 448.568615][ T3604] team0 (unregistering): Port device team_slave_1 removed [ 448.611949][ T3604] team0 (unregistering): Port device team_slave_0 removed [ 449.650969][ T5810] Bluetooth: hci0: command tx timeout [ 449.762911][ T8608] bridge0: port 1(bridge_slave_0) entered blocking state [ 449.770927][ T8608] bridge0: port 1(bridge_slave_0) entered disabled state [ 449.784026][ T8608] bridge_slave_0: entered allmulticast mode [ 449.797826][ T8608] bridge_slave_0: entered promiscuous mode [ 449.937274][ T8608] bridge0: port 2(bridge_slave_1) entered blocking state [ 449.946024][ T8608] bridge0: port 2(bridge_slave_1) entered disabled state [ 449.959616][ T8608] bridge_slave_1: entered allmulticast mode [ 449.973541][ T8608] bridge_slave_1: entered promiscuous mode [ 450.364320][ T5810] Bluetooth: hci3: command tx timeout [ 450.580911][ T8608] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 450.662418][ T8608] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 450.674680][ T24] usb 9-1: new high-speed USB device number 2 using dummy_hcd [ 450.859157][ T24] usb 9-1: Using ep0 maxpacket: 32 [ 450.883960][ T24] usb 9-1: config 0 has an invalid interface number: 20 but max is 0 [ 450.892768][ T24] usb 9-1: config 0 has no interface number 0 [ 450.899449][ T24] usb 9-1: config 0 interface 20 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023 [ 450.912793][ T24] usb 9-1: config 0 interface 20 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 450.924841][ T24] usb 9-1: config 0 interface 20 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 450.947026][ T8640] chnl_net:caif_netlink_parms(): no params data found [ 450.967354][ T24] usb 9-1: New USB device found, idVendor=04e6, idProduct=000b, bcdDevice= 1.00 [ 450.977332][ T24] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 450.986696][ T24] usb 9-1: Product: syz [ 450.991361][ T24] usb 9-1: Manufacturer: syz [ 450.996615][ T24] usb 9-1: SerialNumber: syz [ 451.022930][ T8608] team0: Port device team_slave_0 added [ 451.077439][ T8608] team0: Port device team_slave_1 added [ 451.093015][ T24] usb 9-1: config 0 descriptor?? [ 451.102219][ T8656] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22 [ 451.128842][ T24] usb-storage 9-1:0.20: USB Mass Storage device detected [ 451.159580][ T24] usb-storage 9-1:0.20: Quirks match for vid 04e6 pid 000b: 4 [ 451.363864][ T24] scsi host1: usb-storage 9-1:0.20 [ 451.433937][ T24] usb 9-1: USB disconnect, device number 2 [ 451.505712][ T8608] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 451.512888][ T8608] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 451.546091][ T8608] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 451.730693][ T5810] Bluetooth: hci0: command tx timeout [ 451.780167][ T8608] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 451.792084][ T8608] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 451.819958][ T8608] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 452.282629][ T8608] hsr_slave_0: entered promiscuous mode [ 452.296449][ T8608] hsr_slave_1: entered promiscuous mode [ 452.306048][ T8608] debugfs: 'hsr0' already exists in 'hsr' [ 452.312517][ T8608] Cannot create hsr debugfs directory [ 452.443538][ T5810] Bluetooth: hci3: command tx timeout [ 452.634846][ T4055] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 452.644853][ T4055] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 452.992372][ T3589] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 453.001120][ T3589] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 453.337568][ T8640] bridge0: port 1(bridge_slave_0) entered blocking state [ 453.348695][ T8640] bridge0: port 1(bridge_slave_0) entered disabled state [ 453.357252][ T8640] bridge_slave_0: entered allmulticast mode [ 453.370472][ T8640] bridge_slave_0: entered promiscuous mode [ 453.562410][ T8640] bridge0: port 2(bridge_slave_1) entered blocking state [ 453.575386][ T8640] bridge0: port 2(bridge_slave_1) entered disabled state [ 453.583734][ T8640] bridge_slave_1: entered allmulticast mode [ 453.596117][ T8640] bridge_slave_1: entered promiscuous mode [ 453.876593][ T8640] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 453.959683][ T8640] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 454.435301][ T8640] team0: Port device team_slave_0 added [ 454.514326][ T5810] Bluetooth: hci3: command tx timeout [ 454.598728][ T8640] team0: Port device team_slave_1 added [ 454.865308][ T8640] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 454.872835][ T8640] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 454.902464][ T8640] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 455.030925][ T8640] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 455.038530][ T8640] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 455.065372][ T8640] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 455.568376][ T8640] hsr_slave_0: entered promiscuous mode [ 455.582215][ T8640] hsr_slave_1: entered promiscuous mode [ 455.592048][ T8640] debugfs: 'hsr0' already exists in 'hsr' [ 455.598102][ T8640] Cannot create hsr debugfs directory [ 455.622200][ T8608] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 455.867251][ T8608] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 455.950032][ T8608] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 455.986763][ T8703] netlink: 8 bytes leftover after parsing attributes in process `syz.9.1040'. [ 456.118525][ T8608] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 456.594379][ T5810] Bluetooth: hci3: command tx timeout [ 457.737267][ T8640] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 457.789076][ T8608] 8021q: adding VLAN 0 to HW filter on device bond0 [ 457.837563][ T8640] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 457.938017][ T8608] 8021q: adding VLAN 0 to HW filter on device team0 [ 457.952050][ T8640] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 458.032947][ T3604] bridge0: port 1(bridge_slave_0) entered blocking state [ 458.040686][ T3604] bridge0: port 1(bridge_slave_0) entered forwarding state [ 458.061148][ T8640] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 458.201425][ T4028] bridge0: port 2(bridge_slave_1) entered blocking state [ 458.209222][ T4028] bridge0: port 2(bridge_slave_1) entered forwarding state [ 459.497928][ T8640] 8021q: adding VLAN 0 to HW filter on device bond0 [ 459.821708][ T8640] 8021q: adding VLAN 0 to HW filter on device team0 [ 459.969383][ T3589] bridge0: port 1(bridge_slave_0) entered blocking state [ 459.977765][ T3589] bridge0: port 1(bridge_slave_0) entered forwarding state [ 460.170320][ T3589] bridge0: port 2(bridge_slave_1) entered blocking state [ 460.178260][ T3589] bridge0: port 2(bridge_slave_1) entered forwarding state [ 461.129709][ T8608] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 461.722345][ T8608] veth0_vlan: entered promiscuous mode [ 461.852667][ T8608] veth1_vlan: entered promiscuous mode [ 462.291488][ T8608] veth0_macvtap: entered promiscuous mode [ 462.398446][ T8608] veth1_macvtap: entered promiscuous mode [ 462.626242][ T8608] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 462.731947][ T8608] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 462.903434][ T4028] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 463.023780][ T4028] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 463.100640][ T57] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 463.144357][ T57] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 463.178952][ T8640] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 463.210181][ T8763] sctp: failed to load transform for md5: -2 [ 463.998677][ T8640] veth0_vlan: entered promiscuous mode [ 464.187731][ T8640] veth1_vlan: entered promiscuous mode [ 464.255708][ T8780] ALSA: mixer_oss: invalid OSS volume '49' [ 464.261790][ T8780] ALSA: mixer_oss: invalid OSS volume 'Invalid' [ 464.630935][ T8640] veth0_macvtap: entered promiscuous mode [ 464.765632][ T8640] veth1_macvtap: entered promiscuous mode [ 465.036599][ T8640] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 465.148429][ T8640] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 465.355610][ T3604] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 465.424040][ T3604] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 465.465492][ T3604] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 465.549867][ T3604] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 468.794007][ T2231] usb 10-1: new high-speed USB device number 2 using dummy_hcd [ 469.008092][ T2231] usb 10-1: Using ep0 maxpacket: 8 [ 469.074869][ T2231] usb 10-1: config 0 has an invalid descriptor of length 102, skipping remainder of the config [ 469.089380][ T2231] usb 10-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E [ 469.102231][ T2231] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 102, changing to 10 [ 469.115002][ T8840] loop6: detected capacity change from 0 to 4096 [ 469.123613][ T2231] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid maxpacket 24624, setting to 1024 [ 469.134113][ T8840] ntfs3(loop6): Different NTFS sector size (1024) and media sector size (512). [ 469.137628][ T2231] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 469.386779][ T2231] usb 10-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46 [ 469.397400][ T2231] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35 [ 469.408899][ T2231] usb 10-1: Product: syz [ 469.413737][ T2231] usb 10-1: Manufacturer: syz [ 469.418727][ T2231] usb 10-1: SerialNumber: syz [ 469.484495][ T2231] usb 10-1: config 0 descriptor?? [ 469.731496][ T2231] radio-si470x 10-1:0.0: si470x_get_report: usb_control_msg returned -32 [ 469.741859][ T2231] radio-si470x 10-1:0.0: probe with driver radio-si470x failed with error -5 [ 470.514852][ T2231] usb 10-1: USB disconnect, device number 2 [ 471.416547][ T4168] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 471.425887][ T4168] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 471.592089][ T4028] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 471.600581][ T4028] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 472.908834][ T8882] loop3: detected capacity change from 0 to 128 [ 472.977352][ T8882] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 473.089224][ T8882] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 473.548203][ T4028] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 473.558871][ T4028] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 473.680468][ T3971] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 473.690291][ T3971] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 474.166805][ T8895] tap0: tun_chr_ioctl cmd 1074025692 [ 474.233268][ T8900] Bluetooth: MGMT ver 1.23 [ 474.698915][ T8905] netlink: 8 bytes leftover after parsing attributes in process `syz.9.1105'. [ 474.711504][ T8905] netlink: 'syz.9.1105': attribute type 30 has an invalid length. [ 474.802970][ T8642] netdevsim netdevsim9 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 474.850036][ T8642] netdevsim netdevsim9 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 474.949343][ T8642] netdevsim netdevsim9 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 475.059584][ T8642] netdevsim netdevsim9 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 475.936488][ T8927] netlink: 4 bytes leftover after parsing attributes in process `syz.9.1114'. [ 477.661165][ T2231] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 477.780219][ T8953] bond0: option arp_interval: invalid value (18446744071578845184) [ 477.788737][ T8953] bond0: option arp_interval: allowed values 0 - 2147483647 [ 477.880126][ T2231] usb 1-1: Using ep0 maxpacket: 16 [ 477.900151][ T2231] usb 1-1: config 0 has an invalid interface number: 251 but max is 0 [ 477.909381][ T2231] usb 1-1: config 0 has no interface number 0 [ 477.915890][ T2231] usb 1-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16 [ 477.931006][ T2231] usb 1-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64 [ 477.978716][ T8955] netlink: 8 bytes leftover after parsing attributes in process `syz.8.1127'. [ 478.116757][ T2231] usb 1-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4 [ 478.131272][ T2231] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 478.141506][ T2231] usb 1-1: Product: syz [ 478.147915][ T2231] usb 1-1: Manufacturer: syz [ 478.152747][ T2231] usb 1-1: SerialNumber: syz [ 478.295999][ T2231] usb 1-1: config 0 descriptor?? [ 478.316227][ T8950] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 478.398452][ T8950] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 478.829081][ T8950] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 478.878081][ T8950] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 479.203586][ T11] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 479.352524][ T2231] asix 1-1:0.251 (unnamed net_device) (uninitialized): Interface mode not supported by driver [ 479.368314][ T2231] asix 1-1:0.251: probe with driver asix failed with error -524 [ 479.483374][ T11] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 479.504142][ T11] usb 7-1: New USB device found, idVendor=18b1, idProduct=0037, bcdDevice= 0.00 [ 479.514909][ T11] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 479.605292][ T11] usb 7-1: config 0 descriptor?? [ 479.623859][ T24] usb 1-1: USB disconnect, device number 9 [ 480.108149][ T11] petalynx 0003:18B1:0037.0005: unknown main item tag 0x0 [ 480.121630][ T11] petalynx 0003:18B1:0037.0005: unknown main item tag 0x0 [ 480.133652][ T11] petalynx 0003:18B1:0037.0005: unknown main item tag 0x0 [ 480.209975][ T11] petalynx 0003:18B1:0037.0005: hidraw0: USB HID v0.00 Device [HID 18b1:0037] on usb-dummy_hcd.6-1/input0 [ 480.385003][ T11] usb 7-1: USB disconnect, device number 6 [ 480.690698][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 480.697785][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 482.888032][ T9010] netlink: 544 bytes leftover after parsing attributes in process `syz.6.1150'. [ 483.738242][ T9024] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1157'. [ 483.748018][ T9024] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 483.755794][ T9024] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 483.771634][ T9019] loop6: detected capacity change from 0 to 1024 [ 483.780633][ T9024] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 483.788645][ T9024] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 484.468758][ T9030] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1160'. [ 484.478358][ T9030] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1160'. [ 484.489202][ T9030] netlink: 'syz.3.1160': attribute type 13 has an invalid length. [ 484.502096][ T9030] netlink: 'syz.3.1160': attribute type 12 has an invalid length. [ 485.512772][ T9045] loop0: detected capacity change from 0 to 1024 [ 485.677836][ T9045] ===================================================== [ 485.685341][ T9045] BUG: KMSAN: uninit-value in hfsplus_lookup+0x674/0xf70 [ 485.692594][ T9045] hfsplus_lookup+0x674/0xf70 [ 485.697796][ T9045] path_openat+0x298a/0x6760 [ 485.702602][ T9045] do_filp_open+0x280/0x660 [ 485.710545][ T9045] do_sys_openat2+0x1bb/0x2f0 [ 485.715961][ T9045] __ia32_compat_sys_openat+0x238/0x300 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 485.724120][ T9045] ia32_sys_call+0x3210/0x4310 [ 485.729191][ T9045] __do_fast_syscall_32+0xb0/0x150 [ 485.738284][ T9045] do_fast_syscall_32+0x38/0x80 [ 485.748073][ T9045] do_SYSENTER_32+0x1f/0x30 [ 485.752927][ T9045] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 485.761030][ T9045] [ 485.766667][ T9045] Uninit was created at: [ 485.771288][ T9045] __alloc_frozen_pages_noprof+0x689/0xf00 [ 485.777615][ T9045] alloc_pages_mpol+0x328/0x860 [ 485.782698][ T9045] alloc_frozen_pages_noprof+0xf7/0x200 [ 485.788845][ T9045] allocate_slab+0x24d/0x1220 [ 485.806736][ T9045] ___slab_alloc+0x1024/0x34e0 [ 485.811741][ T9045] kmem_cache_alloc_lru_noprof+0x922/0xed0 [ 485.819492][ T9045] hfsplus_alloc_inode+0x5a/0xd0 [ 485.826855][ T9045] alloc_inode+0x8a/0x4a0 [ 485.831428][ T9045] iget_locked+0x239/0x12d0 [ 485.839876][ T9045] hfsplus_iget+0x5c/0xb80 [ 485.848678][ T9045] hfsplus_btree_open+0x128/0x1cf0 [ 485.855450][ T9045] hfsplus_fill_super+0x1161/0x2730 [ 485.860956][ T9045] get_tree_bdev_flags+0x6e3/0x920 [ 485.869543][ T9045] get_tree_bdev+0x38/0x50 [ 485.874703][ T9045] hfsplus_get_tree+0x35/0x40 [ 485.879693][ T9045] vfs_get_tree+0xb0/0x5c0 [ 485.884682][ T9045] do_new_mount+0x733/0x1420 [ 485.889506][ T9045] path_mount+0x6db/0x1e90 [ 485.897274][ T9045] __se_sys_mount+0x6eb/0x7d0 [ 485.902325][ T9045] __ia32_sys_mount+0xe2/0x150 [ 485.907770][ T9045] ia32_sys_call+0x2c16/0x4310 [ 485.912912][ T9045] __do_fast_syscall_32+0xb0/0x150 [ 485.918576][ T9045] do_fast_syscall_32+0x38/0x80 [ 485.929299][ T9045] do_SYSENTER_32+0x1f/0x30 [ 485.934804][ T9045] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 485.941386][ T9045] [ 485.944205][ T9045] CPU: 0 UID: 0 PID: 9045 Comm: syz.0.1166 Not tainted syzkaller #0 PREEMPT(none) [ 485.961930][ T9045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 485.973671][ T9045] ===================================================== [ 485.980826][ T9045] Disabling lock debugging due to kernel taint [ 485.991759][ T9045] Kernel panic - not syncing: kmsan.panic set ... [ 485.998485][ T9045] CPU: 0 UID: 0 PID: 9045 Comm: syz.0.1166 Tainted: G B syzkaller #0 PREEMPT(none) [ 486.009858][ T9045] Tainted: [B]=BAD_PAGE [ 486.014360][ T9045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 486.024942][ T9045] Call Trace: [ 486.028366][ T9045] [ 486.032218][ T9045] __dump_stack+0x26/0x30 [ 486.037758][ T9045] dump_stack_lvl+0x53/0x270 [ 486.043219][ T9045] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 486.049488][ T9045] dump_stack+0x1e/0x25 [ 486.053887][ T9045] vpanic+0x361/0xc50 [ 486.058113][ T9045] panic+0x15d/0x160 [ 486.062296][ T9045] kmsan_report+0x31c/0x320 [ 486.067037][ T9045] ? __msan_warning+0x1b/0x30 [ 486.071944][ T9045] ? hfsplus_lookup+0x674/0xf70 [ 486.077385][ T9045] ? path_openat+0x298a/0x6760 [ 486.082472][ T9045] ? do_filp_open+0x280/0x660 [ 486.087547][ T9045] ? do_sys_openat2+0x1bb/0x2f0 [ 486.092699][ T9045] ? __ia32_compat_sys_openat+0x238/0x300 [ 486.098655][ T9045] ? ia32_sys_call+0x3210/0x4310 [ 486.104496][ T9045] ? __do_fast_syscall_32+0xb0/0x150 [ 486.110054][ T9045] ? do_fast_syscall_32+0x38/0x80 [ 486.115349][ T9045] ? do_SYSENTER_32+0x1f/0x30 [ 486.120504][ T9045] ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 486.127299][ T9045] ? kmsan_get_metadata+0xfb/0x160 [ 486.132735][ T9045] ? kmsan_internal_memmove_metadata+0x91/0x230 [ 486.139683][ T9045] ? __msan_memcpy+0x108/0x1c0 [ 486.144722][ T9045] ? hfsplus_bnode_read+0x6f8/0x990 [ 486.150275][ T9045] ? kmsan_get_metadata+0xfb/0x160 [ 486.155720][ T9045] ? kmsan_get_metadata+0xfb/0x160 [ 486.161082][ T9045] __msan_warning+0x1b/0x30 [ 486.165798][ T9045] hfsplus_lookup+0x674/0xf70 [ 486.170920][ T9045] ? __d_lookup_rcu_op_compare+0x656/0x6a0 [ 486.177779][ T9045] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 486.185145][ T9045] ? kmsan_get_metadata+0xfb/0x160 [ 486.191034][ T9045] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 486.197060][ T9045] ? __pfx_hfsplus_lookup+0x10/0x10 [ 486.202481][ T9045] path_openat+0x298a/0x6760 [ 486.207368][ T9045] do_filp_open+0x280/0x660 [ 486.212114][ T9045] do_sys_openat2+0x1bb/0x2f0 [ 486.217422][ T9045] __ia32_compat_sys_openat+0x238/0x300 [ 486.223209][ T9045] ia32_sys_call+0x3210/0x4310 [ 486.228160][ T9045] __do_fast_syscall_32+0xb0/0x150 [ 486.233765][ T9045] ? irqentry_exit_to_user_mode+0x82/0xa0 [ 486.239895][ T9045] do_fast_syscall_32+0x38/0x80 [ 486.245144][ T9045] do_SYSENTER_32+0x1f/0x30 [ 486.249879][ T9045] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 486.256510][ T9045] RIP: 0023:0xf709e539 [ 486.260735][ T9045] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 486.280985][ T9045] RSP: 002b:00000000f548e55c EFLAGS: 00000206 ORIG_RAX: 0000000000000127 [ 486.290188][ T9045] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000080000080 [ 486.298319][ T9045] RDX: 0000000000000000 RSI: 0000000000000118 RDI: 0000000000000000 [ 486.306516][ T9045] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 486.314636][ T9045] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 486.323343][ T9045] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 486.331567][ T9045] [ 486.335126][ T9045] Kernel Offset: disabled [ 486.339643][ T9045] Rebooting in 86400 seconds..