last executing test programs: 22.459680321s ago: executing program 2 (id=369): r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000001340)) ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000180)=0x6f) write$dsp(r0, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000) syz_usb_connect$hid(0x2, 0x36, 0x0, 0x0) 20.043825348s ago: executing program 2 (id=376): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000007d000000850000000f00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r0}, 0x10) syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x800700, &(0x7f0000000340)={[{@grpjquota}, {@discard}, {@norecovery}, {@noinit_itable}, {@test_dummy_encryption}, {@minixdf}, {@usrjquota}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5c}}, {@jqfmt_vfsold}, {@dioread_lock}, {@noblock_validity}, {@nouid32}]}, 0x3, 0x465, &(0x7f0000000f00)="$eJzs3M9vFFUcAPDvzLYgP1sRf4CoVWJs/NHSgsrBi0YTDxhN9IDH2hZCWKihNRFCpBqDFxND1LPxaOJf4M2LUU8mXvVuSIhyAT3VzOwM7C67pYXtLnQ/n2SX92Ze+963b97Mm3m7BNC3RrK3JGJrRPwREUO1bGOBkdo/Vy+fnf738tnpJJaW3v47yctduXx2uixa/tyWIjOaRqSfJkUljeZPnzk+Va3Oniry4wsn3h+fP33muWMnpo7OHp09OXnw4IH9Ey++MPn8Mq3fuOI4s7iu7P5obs+u19+98Mb04Qvv/fJ91t6txf76ODplJAv8n6Vc3eYvs7cnO11Zj22rSycDPWwIq1KJiKy7BvPxPxSVuN55Q/HaJz1tHLCmsmvTMlfRxSVgHUtihcViZQWBu0V5oc/uf8tXl6Yed4RLL9dugLK4rxav2p6BSIsyg033t500EhGHF//7JnvFGj2HAACo9/n014fi2VbzvzQeqCu3vVhDGY6IeyNiR0TcFxE7I+L+iLzsgxHxUNuaNrTc2rw0dOP8J714y8GtQDb/e6lY22qc/5Wzv8pwpchty+MfTI4cq87uK/4mozG4MctPLFPHj6/+/kW7ffXzv+yV1V/OBYt2XBxoekA3M7UwlU9KO+DSxxG7B1rFn1xbCchu/XdFxO7V/ertZeLY09/taVfo5vEvowPrTEvfRjxV6//FaIq/lCy/Pjl+T1Rn942XR8WNfv3t/Fvt6r+t+Dsg6//Njcd/c5HhpH69dn71dZz/87O29zS3evxvSN7J+6U8q3w4tbBwaiJiQ3Iozzdsn7z+s2W+LJ/FP7q39fjfUUtsyt4ejojsIH4kIh6NiMeKtj8eEU9ExN5l4v/5lfb77oT+n2l5/rt2/Df1/+oTleM//dCu/pX1/4E8NVpsyc9/N7HSBt7O3w4AAADuFmn+GfgkHbuWTtOxsdpn+HfG5rQ6N7/wzJG5D07O1D4rPxyDafmka6jueehEslj8xlp+snhWXO7fXzw3/qqyKc+PTc9VZ3ocO/S7LW3Gf+avSq9bB6y5Vutoky3Xaxu+yAasA83jP23Mnnuzm40Busr3taF/3WT8p91qB9B9rv/Qv1qN/3NNeWsBsD65/kP/Mv6hfxn/0L+Mf+hLt/O9/n5OZKfMO6AZ1aGiH7tfe6S9jl1iLRKt/58mAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAu9X/AQAA//9l+OT1") chdir(&(0x7f0000000400)='./file0\x00') rename(&(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') 19.27195902s ago: executing program 2 (id=384): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000003400), 0x80000, 0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) r2 = dup(r1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r2, 0x0) ioctl$BLKROGET(r0, 0x125e, &(0x7f0000003440)) 18.297254795s ago: executing program 2 (id=391): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000004850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount$cgroup2(0x0, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x800010, 0x0) mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0) 18.178104497s ago: executing program 2 (id=392): syz_mount_image$ext4(&(0x7f0000000740)='ext4\x00', &(0x7f0000000780)='./file0\x00', 0x0, &(0x7f0000000000)={[{@nouid32}, {@mblk_io_submit}, {@i_version}]}, 0x1, 0x746, &(0x7f0000000f40)="$eJzs3c9rHGUfAPDvbJOmb9vXpODBimCgBwulG5vWUkGkogcpVop689Bud7ehZLdbspvShIpWFMGTSPHsj5M3/wFRBL15FDx7kkKRUi+CsDLb2bjt7jabNJtV9/OBCc8zM5tnvjszz/Mkz8NMAGNrNv2Ri9gfER8lEdPZ+iQiJlupiYiTd/e7c/taMV2SaDZf/y1p7ZPmo+MzqT1Z5rGI+O79iEO57nLrK6uLhUqlvJTl5xrVy3P1ldXDF6uFhfJC+dL88WePzp+Yf+bE/JbF+sd7r54/9dVLX9x498dfXnvr1JNJnIy92bbOOLbKbMxm38lk+hXe48WtLmzEklEfAJuS3po77t7lsT+mY0crBQD8l70dEU0AYMwk2n8AGDPt/wO0x/aGMQ72T3brhYjY1Sv+iWzMbldrHHT3neSekZEkIma2oPzZiLj65gdfp0sMaRwSoJd3rkfEuZnZ7vov6ZqzsFFPD7DP7H159R9sn2/T/s+JXv2f3Fr/J3r0f6Z63Lubsf79n7u5BcX0lfb/nuvZ/12btDazI8v9v9Xnm0wuXKyU07rtkYg4GJNTaf7IA8o49vHzP/Tb1tn/S5e0/HZfMDuOmxNT936mVGgUHibmTreuRzw+0Sv+ZO38J336v2cGLKPx/ROf99u2fvzD1fws4qme5//vGW1Jx/zEqeianzjXuh7m2ldFt/yH0/v6lT/q+NPzv/vB8c8knfM16xsv46dP/ny537bNXv87kzda6Z3ZuquFRmPpSMTO5JXu9R1TSNv59v5p/AcPPLj+63X9p38Tnhsw/sVPvzy/+fiHK42/tKHzv/HEgZ+/6R1PM5ttvO75P9ZKHczWDFL/DXqAD/PdAQAAAAAAAAAAAAAAAAAAAAAAAMCgchGxN5Jcfi2dy+Xzd9/h/WjszlVq9cahC7XlS6VovSt7JiZz7SddTnc8D/VI9jz8dn7+vvzRiNgXETem/tfK54u1SmnUwQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAZk+f9/+nfp0a9dEBAEOza9QHAABsO+0/AIwf7T8AjB/tPwCMH+0/AIwf7T8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABDdub06XRp/n77WjHNl66sLC/WrhwuleuL+epyMV+sLV3OL9RqC5Vyvlirrvf7KrXa5fnjsXx1rlGuN+bqK6tnq7XlS42zF6uFhfLZ8uS2RAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG1NfWV0sVCrlJQkJCYm1xKhrJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB/h78CAAD//6LRHug=") socket(0x28, 0x5, 0x0) r0 = socket(0x28, 0x5, 0x0) connect$vsock_stream(r0, &(0x7f0000000080), 0x10) sendmsg$nl_route_sched(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000006c0)=@newtfilter={0x24, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0x9}, {0x0, 0x1}, {0x1c, 0xfff1}}}, 0x24}}, 0x0) 17.607630726s ago: executing program 2 (id=397): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x275a, 0x0) write$cgroup_subtree(r0, &(0x7f0000000100)=ANY=[], 0x32600) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r0, 0x0) r1 = syz_init_net_socket$ax25(0x3, 0x2, 0x0) connect$ax25(r1, &(0x7f0000000100)={{0x3, @bcast, 0x4}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}]}, 0x48) 17.136684783s ago: executing program 32 (id=397): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x275a, 0x0) write$cgroup_subtree(r0, &(0x7f0000000100)=ANY=[], 0x32600) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r0, 0x0) r1 = syz_init_net_socket$ax25(0x3, 0x2, 0x0) connect$ax25(r1, &(0x7f0000000100)={{0x3, @bcast, 0x4}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}]}, 0x48) 3.973651528s ago: executing program 1 (id=453): syz_clone(0x164000, 0x0, 0x0, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r1, &(0x7f00000001c0), 0x12) 3.358725208s ago: executing program 1 (id=457): r0 = syz_open_procfs(0x0, &(0x7f0000000700)='mounts\x00') read$FUSE(r0, &(0x7f0000000980)={0x2020, 0x0, 0x0, 0x0}, 0x2020) setresuid(r1, r1, 0x0) setfsuid(0x0) setfsuid(0x0) 3.181442601s ago: executing program 1 (id=459): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'syz_tun\x00', 0x0}) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x2, 0x0, 0x0, 0xffffffdb, 0x0, 0x0, 0x0, 0x7ff}, [@call={0x85, 0x0, 0x0, 0x36}]}, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000001c0)={r2, r1, 0x25, 0x0, @val=@netkit}, 0x1c) syz_emit_ethernet(0xfdef, &(0x7f0000000340)=ANY=[], 0x0) 2.949600624s ago: executing program 1 (id=461): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000640)=ANY=[@ANYBLOB="1c000000020301040000000000000000000000100800010001"], 0x1c}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000020301040000000000000000000040200800010001"], 0x1c}}, 0x0) close(0x4) 2.644339078s ago: executing program 1 (id=466): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000060000000000000000850000000700000045000000a000020095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x0, &(0x7f0000000000)={[{@nodiscard}, {@noinit_itable}, {@barrier_val={'barrier', 0x3d, 0x40}}, {@grpjquota}, {@errors_remount}, {@init_itable}]}, 0x1, 0x4c5, &(0x7f0000000540)="$eJzs3d1rW+cZAPBHUuzYjrd8bIwkgyWQQfZBLH8wYm+DsattF4GxwG42yDxbcVPLlrHkNDa5cNq7XPSitLRQetH7/gW9aa4aCqXXLb0tvSgpbepCWyio6Ehy/CE5aupIjc/vByd6z3sUPe8r8bw+es85OgGk1tnaP5mI4Yh4LyKO1le3P+Fs/WHj/s2Z2pKJavXyZ5nkebX15lOb/+9IRKxHxEBE/OtvEf/P7I5bXl2bny4WC8uN9XxlYSlfXl27cG1heq4wV1gcm7w4NTU5OjE+tW99vf3807cvvfmP/je+eu7e3RfefqvWrOHGtq392E/1rvfF8S11hyLiz48jWA/kGv0Z7HVDeCS1z+9nEXEuyf+jkUs+TSANqtVq9dvq4Xab16vAgZVN9oEz2ZGIqJez2ZGR+j78z2MoWyyVK7+/WlpZnK3vKx+LvuzVa8XCaOO7wrHoy9TWx5Lyg/XxHesTEck+8Iu5wWR9ZKZUnO3uUAfscGRH/n+Zq+c/kBK+8kN6yX9IL/kP6SX/Ib3kP6SX/If0kv+QXvIf0kv+Q3rJf0ivvfK/v4vtALrqn5cu1ZZq8/r32eurK/Ol6xdmC+X5kYWVmZGZ0vLSyFypNJdcs7PwsNcrlkpLY3+IlRv5SqFcyZdX164slFYWK1eS6/qvFPq60iugE8fP3PkgExHrfxxMltjyJ1+uwsFWrWai19cgA72R6/UABPSMqX9Ir+/xHb/tj4QBT7YWP9G7zUDr6r/E0uNoDdAN2V43AOiZ86cc/4O0Mv8P6WX+H9LLPj7wiPP/Yf4fnlzm/yG9htvc/+snW+7dNRoRP42I93N9h5v3+gIOguwnmcb+//mjvx7eubU/83VyiKA/Ip559fLLN6YrleWxWv3nm/WVVxr1471oP9CpZp428xgASK+N+zdnmks343761/pJCLvjH2rMTQ4kxyiHNjLbzlXI7NO5C+u3IuJkq/iZxv3O60c+hjZyu+KfaDxm6i+RtPdQct/07sQ/tSX+r7bEP/2D3xVIhzu18We0Vf5lk5yOzfzbPv4M79O5E+3Hv+zm+JdrM/6d6TDGU689+3Hb+LciTreM34w3kMTaGb/WtvMdxr/333//ot226uv112kVv6lWylcWlvLl1bULye/IzRUWxyYvTk1Njk6MT+WTOep8c6Z6tz+dfPfuXv0fahO/3t8PW/a/VvfbDvv/zS/f+c/ZPeL/5lzrz/9E8tj6/R+MiN91GP+L8Y/+125bLf5sm/5n94hfq5voMH75pb+7dhgAfkTKq2vz08ViYVlBQUFhs/CwkWO9OwMU8Ng8SPpetwQAAAAAAAAAAADoVDdOJ+51HwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADoLvAgAA//+tldf6") symlink(&(0x7f0000000540)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000800)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') renameat2(0xffffffffffffff9c, &(0x7f0000000100)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xffffffffffffff9c, &(0x7f0000000480)='./file1\x00', 0x2) 2.406405133s ago: executing program 4 (id=467): r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000380), 0x109000, 0x0) r1 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x180300, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r1, 0x4601, &(0x7f0000000040)={0x191, 0x258, 0x1e0, 0x3f, 0x32, 0x1, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4}) ioctl$FBIO_WAITFORVSYNC(r0, 0x40044620, 0x0) 2.019086929s ago: executing program 1 (id=469): bind$can_j1939(0xffffffffffffffff, &(0x7f0000000040)={0x1d, 0x0, 0x8000000000000003, {0x0, 0xf0, 0x3}}, 0x18) r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f00020000000905050200de7e001009058b1e20"], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000000080)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$FS_IOC_GETVERSION(r1, 0xc0145b0d, &(0x7f0000000040)) 1.825728952s ago: executing program 4 (id=472): r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f00000001c0), 0x2) r1 = memfd_create(&(0x7f00000003c0)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\xea7\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\x0f<\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00\xd5\xf3\\\x00\xbe]Et\xad*\xecj\x02\xc8\xc4\f\x04\x99\xf6\xfc', 0x3) ftruncate(r1, 0xffff) fcntl$addseals(r1, 0x409, 0x7) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f00000009c0)=ANY=[@ANYBLOB="0020000002000000", @ANYRES32=r1, @ANYBLOB="0000000000000000000000000080000000000000", @ANYRES8]) 1.619297335s ago: executing program 0 (id=473): write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000000c0)={'syz0\x00', {0xfff7, 0xc, 0x100, 0x81}, 0x1d, [0x7b, 0xb7e2, 0x3, 0x9, 0x100, 0x3, 0x1, 0x7, 0x9, 0x2, 0x7, 0xa, 0x3, 0x0, 0x7f, 0xd, 0x7fff, 0x6, 0x6, 0x5, 0x6, 0x6, 0x7, 0x6, 0xff, 0x2, 0xa5f2b87a, 0x409, 0x0, 0xfc75, 0x8, 0x9, 0x4, 0x2, 0xffffffff, 0x81, 0xfffff765, 0x2, 0x3, 0x6, 0xa, 0x2, 0x5, 0x0, 0x3ff, 0x6, 0x7, 0x8000, 0xfffffffd, 0x80, 0x8, 0x8, 0x9, 0x7, 0x101, 0xc3c, 0x1733, 0x7fff, 0x7ffc, 0x1, 0x6, 0x5, 0x1, 0x4], [0x8, 0x3, 0x8, 0x8, 0x0, 0x8, 0x4, 0x0, 0x25, 0x10, 0x6, 0x7, 0x8, 0xe62, 0xffffff73, 0x1000, 0x6, 0x13e5, 0x3, 0x3, 0x1000, 0x7, 0x1, 0x3b40, 0x4, 0x1000, 0x5, 0x7fff, 0x8, 0x5a, 0xffff2503, 0x7fffffff, 0x6995, 0x1, 0x80000000, 0x8, 0xdab, 0x5, 0x2, 0x76c4, 0xfffffffd, 0x5, 0x4, 0x10000, 0xd, 0x2, 0x9, 0x10, 0x4000e, 0x9, 0x7, 0xa, 0x9, 0x3, 0x8, 0x3, 0x2, 0x3a6, 0x0, 0xc0d, 0xfffffffd, 0x9, 0xc, 0xfffffffb], [0x3, 0x6, 0x6, 0x9, 0x1000, 0x0, 0x80000000, 0x5, 0x7f, 0xa, 0x100, 0x1000, 0xf1, 0x6, 0xc, 0x10000, 0x72, 0xc, 0x633, 0xd, 0x7, 0x6, 0x80000000, 0x6, 0x0, 0x7, 0x8, 0x2ef3adcb, 0x10, 0x2, 0x8, 0x8, 0x74, 0x4, 0x7, 0x7ff, 0xfffffff2, 0x63, 0x7, 0x2, 0x3, 0x3, 0x20a7fd9e, 0xfffffffd, 0x2, 0xa1, 0x0, 0x9d, 0x7, 0xa8a, 0x2, 0x6, 0x77, 0x8, 0x1ff, 0x7, 0x7, 0x2, 0x0, 0x2, 0x8, 0x2, 0x3, 0x5], [0x4, 0x4, 0x5, 0x8000, 0x493e, 0x3, 0x35ff4447, 0x7, 0x5, 0x5, 0x5d3a, 0x5, 0x5, 0x3ff, 0xb88f, 0xffff0000, 0x9, 0xf7df, 0x2, 0x10, 0x8, 0x2, 0xff, 0x6, 0x4, 0x4, 0x200, 0x0, 0x7, 0x4e6, 0x8, 0x40000000, 0x5ef, 0x8000, 0xc, 0x41, 0x400, 0x1, 0x5, 0x0, 0x9a8, 0x99f, 0x231, 0x3ff, 0x8, 0x1, 0xffff0001, 0x1, 0x1, 0x10, 0x8, 0x5396, 0x6161, 0x9, 0x101, 0x202, 0x8, 0x431, 0x6, 0x5, 0x4, 0x7b, 0x7fc, 0x9]}, 0x45c) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='net_prio.prioidx\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000180), 0xfefc) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000004, 0x10012, r0, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000140)={&(0x7f0000002000/0x3000)=nil, &(0x7f0000000000/0xe000)=nil, &(0x7f000000a000/0x2000)=nil, &(0x7f0000008000/0x2000)=nil, &(0x7f0000002000/0x3000)=nil, &(0x7f0000008000/0x3000)=nil, &(0x7f0000000000/0x4000)=nil, &(0x7f0000002000/0x1000)=nil, &(0x7f0000000000/0x2000)=nil, &(0x7f0000008000/0x1000)=nil, &(0x7f00002bf000/0x3000)=nil, 0x0, 0x0, r0}, 0x68) 1.613946765s ago: executing program 3 (id=474): r0 = creat(&(0x7f00000002c0)='./file0\x00', 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000001d00), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=r0]) close(r1) chown(&(0x7f0000000000)='./file0\x00', 0xffffffffffffffff, 0xee00) 1.509178446s ago: executing program 4 (id=475): r0 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$sock_linger(r0, 0x1, 0x3c, &(0x7f0000000180)={0x200000000000001}, 0x8) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e27, 0xffffffff, @mcast2, 0x5}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000080)=0x500, 0x4) 1.367123439s ago: executing program 3 (id=476): bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x3, 0x18, &(0x7f00000000c0)=ANY=[@ANYBLOB="18"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000180)={r0, &(0x7f00000000c0), &(0x7f0000000000)=""/10, 0x2}, 0x20) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000200)={r0, &(0x7f0000000080), &(0x7f0000000000)=""/10, 0x2}, 0x20) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000b40)={r0, &(0x7f0000000a80), 0x0}, 0x20) 1.358426129s ago: executing program 0 (id=477): r0 = syz_create_resource$binfmt(&(0x7f0000000000)='./file1\x00') openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) r1 = openat$binfmt(0xffffffffffffff9c, r0, 0x41, 0x1ff) write$binfmt_script(r1, &(0x7f0000000040)={'#! ', './file1'}, 0xb) openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff) 1.101413943s ago: executing program 4 (id=478): syz_mount_image$vfat(&(0x7f0000000540), &(0x7f0000000000)='./file0\x00', 0xa18c14, &(0x7f0000000240)={[{@iocharset={'iocharset', 0x3d, 'cp860'}}, {@fat=@nfs}, {@fat=@codepage={'codepage', 0x3d, '775'}}, {@uni_xlate}, {@numtail}, {@shortname_win95}, {@uni_xlate}, {@numtail}, {@uni_xlateno}, {@numtail}, {@rodir}, {@numtail}, {@shortname_mixed}]}, 0x83, 0x29b, &(0x7f0000000580)="$eJzs3T1rc2UYAOD7pPlUIRmcRPCADg4S3vf9BQ1SoZhJyaCLFtuCJKHQQsAPjJ3cBSfBn+B/8Ae4OLo5OApudhCPJCffTdNW0lb6Xtdy7p7nvs/zkaftdJ58/Gq/e3hydnz+5W9RrSZR2I3duEiiEYWY+joAgMfkIsvizyy3MbEyDbJ6fi0W7nxwAMCduPH/fwDg0Xj/gw/fbbXbe++laTWi/82gk7yVX/P21nF8Gr04iidRj78jspk8fmm/vffDH/PnDWrRieh/9PPk59aobVT/NOrRWK0vT7LSsXijPxx0Rj2PrqV4IYloZUme8izq8XJEVorJQ/LLO/vtvWfp5frolOPN17+fjP+fo2hGPX75JE6iF4fjR8zrv3qapm9n3/31RT6DTkQyHHQq47y5bOfuPw0AAAAAAAAAAAAAAAAAAAAAAJ4XzXSmsXh+zvQ0wGZzffuV5wNNTvgZLpyv8yRN0+kxPoNOKfL6YrxSjOLDzRwAAAAAAAAAAAAAAAAAAAD+P84++7x70OsdnS4FP2WjoLYxZzUoLtyZvtZ/fdX6oPtjxO2rbhLEzmRoveRSF8m0aQt9VW6TXFvXaRSuWsNiL/LBf3v7gb22rQluDKa7q3uQxDXJ1fWbZGHX5dvw12s37XKQrVm6nSuryluae/nF/1peW7tQoy1Zmi3mclV19Eku3Clt+TdlRbLlvzwAAAAAAAAAAAAAAAAAAMCq+Uu/8XtEZbnx/KFGBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD3a/79/7MgGqt3VoPhpHh8p7A5uXJ6tqbbxj1PEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgEfu3wAAAP//td9W7g==") syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x80a053, 0x0, 0xfc, 0x0, &(0x7f00000000c0)) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) 1.084618833s ago: executing program 3 (id=479): r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setreuid(0x0, r1) r2 = socket(0x10, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000000180)={'ip6_vti0\x00', 0x0}) 982.750885ms ago: executing program 0 (id=480): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000008000000060000000010"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xd, &(0x7f0000000780)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="6c00000010001fff000000000000040000060000", @ANYRES32=0x0, @ANYBLOB="81ffffff00000000440012800b000100697036746e6c00003400028005000900290000001400020000000000000000000000ffffac1414bb04001300080007000600000008000100", @ANYRES32, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0x6c}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) 861.253777ms ago: executing program 3 (id=481): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x80042, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x3) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000100), 0x109001, 0x0) ioctl$PPPIOCATTCHAN(r1, 0x40047438, &(0x7f0000000040)=0x1) ioctl$PPPIOCGFLAGS1(r1, 0x8004745a, &(0x7f0000000080)) 593.611131ms ago: executing program 3 (id=482): r0 = socket(0x2, 0x3, 0xff) setsockopt$inet_int(r0, 0x0, 0x3, 0x0, 0x0) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0x2, 0x4e23, @empty}, 0x10) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000040)=0xa, 0x4) recvfrom$inet(r0, 0x0, 0x0, 0x10042, 0x0, 0x0) 576.074811ms ago: executing program 4 (id=483): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x20400, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x8, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="85000000190000007b000000000000009500000000000000ef0285b73eae795b05ad"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb}, 0x94) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f0000000240)=ANY=[@ANYBLOB="0100000000000000010000"]) 403.904164ms ago: executing program 0 (id=484): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_int(r0, 0x29, 0x19, &(0x7f0000000040)=0x3, 0x4) recvmmsg(r0, &(0x7f0000002780)=[{{0x0, 0xfffffffffffffde1, 0x0}}], 0x1, 0x2140, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000140)={0x14, 0x0, 0x4, 0x33615a07b4c0deb5, 0x70bd29, 0x25dfdbfc, {0x2, 0x0, 0x3}}, 0x14}, 0x1, 0x0, 0x0, 0x4048000}, 0x0) 276.172815ms ago: executing program 3 (id=485): syz_mount_image$udf(&(0x7f0000000c40), &(0x7f0000000140)='./file1\x00', 0x0, &(0x7f0000000600)=ANY=[], 0x47, 0xc23, &(0x7f0000000c80)="$eJzs3V1sXOlZB/DnnWPHY29pvd0220K3jFTURi6J8tXEVVDldF1DpTRb1XHFXtXjj6SjdcaR7dBsgWJABYmbir1B3CCLsgKpF1yxXOLSRWqFkFDVi3KBZIl2tRdc+KISEmhrdGbesceJE083m9je/H6r2f+ZM8+ZvB+TM8dSXp8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACI++7nLp8+kg24FAPA4XZ380ulzvv8B4Ilyzc//AAAAAAAAAAAAAABw2KUo4nikGHptM023nrdVrzSat+9MjU/sfdhgihSVKFr15aN65uy585+6cHG0kw8+/p324Xhh8trl2vOLN28tzS8vz8/VppqN2cW5+Z7f4WGPv9tIawBqN1+6PXcsIs6eOrfr5TvDbww8dXz40sWTF0Y7tVPjExOTXTV9/W/7T7/H/VZ4HIsi6pHireE3Uz0iKvHwY7HPZ+dRG2x1YqTVianxiVZHFhr15kr5YqrkqkpEreugsc4YPYa5eChjEatl88sGj5Tdm7xVX6rPLMzXvlhfWmmsNBabqdJubdmfWlRiNEWsRcTGwL1v1x9FfDRSvHJ6M81ERNEZh0+2Fgbv357KI+hjD8p21voj1ipHYM4OsYEo4mqk+NnrJ2K2HLP8iI9HfKHM1yJeLfMzEan8YJyP+OkenyOOpr4o4t8ixWLaTHOt80HnvHLly7XPN68vdtV2zitH/vvhcTrk56ZqFDHTOuNvprd/sQMAAAAAAAAAAAAAAADAO20wivh2pPjj536nta44WuvS33dp9D0v/mb3mvFn93mfsvZURKxWeluT25+XDqdK+d8j6Bg9qUYR38jr//7woBsDAAAAAAAAAAAAAAAAAADwRCvixUjxlZMn0lp031O80bxRu1afWWjfFbZz79/OPdO3tra2aqmdYzmnc67mXMu5nnMjZ1Ty8TnHck7nXM25lnM950bOKPLxOcdyTudcLfMPtrbW8vP1nBs5oy8fn3Ms53TO1ZxrOddzbuSMQ3LvXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAd5NKFPHzSPGtr22mSBExFjEd7VwfOOjWAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAClairiVKRYf7Haer5WibgWET/f2trqPCJis8yHddB9BQAAAAAAAAAAAAAAAAAAgEMrFfGxSPHM/26mWkTcGX5j4Knjw5cunrwwWkQRqSzprn9h8trl2vOLN28tzS8vz8/VppqN2cW5+V7/uOqVRvP2nanxiUfSmX0NPuL2D1afX7z18lLjxldX9nx9qHp5ZnllqT6798sxGJWI6e49I60GT41PtBq90Kg3W4emyn0aWIkY67UzAAAAAAAAAAAAAAAAAAAAHBpDqYjPRYqf/Of51Fk33tde8/9L7WfFdu2rv7fzuwAW7sqO7t8f0Mt26rWhI62F97Wp8YmJya7dff33lpZtSqmIZyPFJ175UGs9fIqhPdfGl3XvLetuns91w79S1q3uqqqOTI1P1K4uNk9eXlhYnK2v1GcW5muTt+qzPf/iAAAAAAAAAAAAAAAAAAAAAHiAoVTEjyLFf//dv6fOfefz+v++9rOu9f+/0VpC31JNu3Nba23/e1tr+9vb77s0OvTR5+63/1Gs/y/blFIR34wU5370odb99Dvr/6fvqi3r/jRSvPncR3Jd5VhZV+90p/2O1xsL86fL2r+KFL/6Vqc2WrU3cu0zO7VnytrBSPEXm7trv5prP7BTe7asPREpvvdfe9d+cKf2XFn7k0jxj39b69QOlbW/m2uP79Seml1cmNtvWMv5/06k+Jurv5U6fb7v/Hf9/ofVu3LbPXP+4O13av6Hu/at5nn9kzz/9X3m/0Kk+E71I7muPfYz+fWnW//fmf9PRIr/+Nfdtddz7ft3as/02q2DVs7/tyPFd//yx9t9zvOfR3Znhrrn/5f7duf2p+SA5v/prn3DuV2zv+BYPImWX/76S/WFhfmlQ7rx1uFoho2H28iXDW9ExKFoj419Nw76zMTjUH7//1mk+L/jRepcx+Tv//e0n+1c//3PN3a+/y/dldsO6Pv//V37LuWrlv6+iOrKzVv9z0ZUl1/++snGzfqN+RvzzbNnTn/60xfOnD5zof9Y5+JuZ6vnsXs3KOf/B5Hih3//w+2fY3Zf/+19/T90V247oPl/prtPu65reh6KJ1I5/38dKZ7+7I+3f9580PV/5+f/Ex/bndt//w5o/j/QtW84t6vxC44FAAAAAAAAAADAUTKUivjzSPHbf/TrqbOGqJd//zd3V247oH//dbxr39xjWtfQ8yADABwi5fXfByPFP219f3st9+7rv/i1Tm339d/9HIb7/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwFGXoojfjxRDr22m9YHyeVv1SqN5+87U+MTehw2mSFGJolVfPqpnzp47/6kLF0c7+eDj32kfjhcmr12uPb9489bS/PLy/FxtqtmYXZyb7/kdHvb4u420BqB286Xbc9evL9fOnjq36+U7w28MPHV8+NLFkxdGO7VT4xMTk101ff1v+0+/R7rP/mNRxPcjxVvDb6bvDkRU4uHHYp/PzqM22OrESKsTU+MTrY4sNOrNlfLFVMlVlYha10FjnTF6DHPxUMYiVsvmlw0eKbs3eau+VJ9ZmK99sb600lhpLDZTpd3asj+1qMRoiliLiI2Be9+uP4r4ZqR45fRm+ueBiKIzDp+8Ovml0+f2b0/lEfSxB2U7a/0Ra5UjMGeH2EAU8Q+R4mevn4jvDUT0RfsRH4/4QpmvRbxa5mciUvnBOB/x0z0+RxxNfVHE+UixmDbT6wPl+aBzXrny5drnm9cXu2o755Uj//3wOB3yc1M1ivhB64y/mf7F32sAAAAAAAAAAAAAAACAQ6SItUjxlZMnUmt98Paa4kbzRu1afWahvayvs/avs2Z6a2trq5baOZZzOudqzrWc6zk3ckYlH59zLOd0ztWcaznXc27kjCIfn3Ms53TO1ZxrOddzbuSMvnx8zrGc0zlXc67lXM+5kTMOydo9AAAAAAAAAAAAAAAAAADg3aUSResu7t/62mbaGmjfX3o62rnufqDvev8fAAD//5YXb/E=") creat(&(0x7f0000000340)='./bus\x00', 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r0 = creat(&(0x7f0000000340)='./bus\x00', 0x0) ioctl$BLKFLSBUF(r0, 0x1261, 0x0) 184.430578ms ago: executing program 0 (id=486): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000002c0)={0x1c, r0, 0x1, 0x70bd27, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4040001}, 0x4000000) 48.989639ms ago: executing program 4 (id=487): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x7, 0x2, 0x4, 0x5}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r0, 0xffffffffffffffff}, &(0x7f0000000b00), &(0x7f0000000300)}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x61}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r2}, 0x10) setreuid(0xee00, 0x0) 0s ago: executing program 0 (id=488): syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x1000040, &(0x7f0000000100), 0x1, 0x599, &(0x7f0000000540)="$eJzs3T9sG2UbAPDnznHTP/m+9JO+T/pAHSpAKlJVJ+kfKEztiqhUqQMSC0SOG1Vx4ipOoIkike4VogMC1KVsMDCCGBgQCyMrC4gZqaIRSE0HMHJ8TtPULk6I4xL/ftLZ73t39vO+d35e+053cgB962j9IY14KiIuJhHDG5YNRLbwaGO91ZWl4v2VpWIStdqlX5JIIuLeylKxuX6SPR+KiOWI+H9EfJOPOJ6uv+W+ZqG6sDg1Xi6XZrP6yNz01ZHqwuKJK9Pjk6XJ0sypF186c/b0mbGTYxube7+2sZbfWl9v/Hjz3RvfvXL75qefHVkuvj+exLkYypZt7MdOamyTfJzbNP90N4L1UNLrBrAtuSzP66n0vxiOXJb1rdQ2Dg6Du9I8oItqgxE1oE8l8h/6VPN3QP34tznt5u+PO+cbByD1uKsrS8V3ohl/oHFuIvavHZsc/DV56Mikfrx5eDcbyp60fD0iRgcGHv38J9nnb/tGd6KBdNXX5xs76tH9n66PP9Fi/Blqnjv9m5rj32o2/q22iJ9rM/5d7DDG76//9FHb+NcH4+mW8ZP1+EmL+GlEvNlh/FuvfXm23bLaxxHHonX8puTx54dHLl8pl0Ybjy1jfHXsyMvt+x9xsE38xjnb/WtfMxv7vy9rU9ph/7/49vNnlh8T//lnH7//W23/AxHxXofx/3Pvk1fbLbtzPblb/xWw1f2fRD5udxj/hXNHf8iKzhoCAAAAAAAAAMAOSteuZUvSwno5TQuFxj28/42DablSnTt+uTI/M9G45u1w5NPmlVbDjXpSr49l1+M26yc31U/lsoC5A2v1QrFSnuhx3wEAAAAAAAAAAAAAAAAAAOBJcWjT/f+/5dbu/9/8d9XAXtX+L7+BvU7+Q/96OP+TnrUD2H2+/6Fv1eQ/9C/5D/1L/kP/kv/Qv+Q/9C/5D/1L/gMAAAAAAAAAAAAAAAAAAAAAAAAAQFdcvHChPtXurywV6/WJgYX5qcpbJyZK1anC9HyxUKzMXi1MViqT5VKhWJn+q/dLKpWrozEzf21krlSdG6kuLL4xXZmfaf6naCnf9R4BAAAAAAAAAAAAAAAAAADAP8/Q2pSkhYh8o56mhULEvyLicBLJ5Svl0mhE/Dsivs/lB+v1sV43GgAAAAAAAAAAAAAAAAAAAPaY6sLi1Hi5XJrtXmEgC9XFEJ0XBrayckQs72wz6u+45Vflsw3Y4023Nwq5J+Nz+OQXejgoAQAAAAAAAAAAAAAAAABAn3pw02+nr/ijuw0CAAAAAAAAAAAAAAAAAACAvpT+nEREfTo2/NzQ5qX7ktXc2nNEvH3r0gfXxufmZsfq8++uz5/7MJt/shftBzrVzNM0Iup5DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADxQXVicGi+XS7PbLAx2sE6v+wgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwHX8GAAD//xLkz18=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x91) pwrite64(r0, &(0x7f0000000140)='2', 0xfdef, 0xe7c) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x0) read(r1, &(0x7f0000001400)=""/4096, 0x1000) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.206' (ED25519) to the list of known hosts. [ 77.221399][ T5775] cgroup: Unknown subsys name 'net' [ 77.359062][ T5775] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 79.045391][ T5775] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 81.510917][ T5796] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 81.522666][ T5797] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 81.525140][ T5798] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 81.530293][ T5796] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 81.540418][ T5798] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 81.551821][ T5797] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 81.553132][ T5798] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 81.559450][ T5797] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 81.568086][ T5798] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 81.573790][ T5796] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 81.582225][ T5798] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 81.596467][ T5801] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 81.596766][ T5797] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 81.604453][ T5801] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 81.613153][ T5797] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 81.618313][ T5801] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 81.625629][ T5797] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 81.631953][ T5802] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 81.640162][ T5797] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 81.646185][ T5801] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 81.653477][ T5797] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 81.674208][ T5802] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 81.689915][ T5802] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 81.698490][ T5797] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 82.225331][ T5785] chnl_net:caif_netlink_parms(): no params data found [ 82.355079][ T5787] chnl_net:caif_netlink_parms(): no params data found [ 82.374340][ T5784] chnl_net:caif_netlink_parms(): no params data found [ 82.403589][ T5786] chnl_net:caif_netlink_parms(): no params data found [ 82.469191][ T5785] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.477806][ T5785] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.485447][ T5785] bridge_slave_0: entered allmulticast mode [ 82.493246][ T5785] bridge_slave_0: entered promiscuous mode [ 82.540412][ T5785] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.547574][ T5785] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.555195][ T5785] bridge_slave_1: entered allmulticast mode [ 82.563236][ T5785] bridge_slave_1: entered promiscuous mode [ 82.627692][ T5785] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 82.669057][ T5785] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 82.716278][ T5787] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.723658][ T5787] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.731058][ T5787] bridge_slave_0: entered allmulticast mode [ 82.738120][ T5787] bridge_slave_0: entered promiscuous mode [ 82.783595][ T5784] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.790937][ T5784] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.798131][ T5784] bridge_slave_0: entered allmulticast mode [ 82.806364][ T5784] bridge_slave_0: entered promiscuous mode [ 82.814419][ T5787] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.821947][ T5787] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.829140][ T5787] bridge_slave_1: entered allmulticast mode [ 82.836383][ T5787] bridge_slave_1: entered promiscuous mode [ 82.846417][ T5785] team0: Port device team_slave_0 added [ 82.856997][ T5785] team0: Port device team_slave_1 added [ 82.863312][ T5786] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.870581][ T5786] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.877761][ T5786] bridge_slave_0: entered allmulticast mode [ 82.885024][ T5786] bridge_slave_0: entered promiscuous mode [ 82.893879][ T5786] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.901361][ T5786] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.908567][ T5786] bridge_slave_1: entered allmulticast mode [ 82.915950][ T5786] bridge_slave_1: entered promiscuous mode [ 82.923710][ T5784] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.931071][ T5784] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.938230][ T5784] bridge_slave_1: entered allmulticast mode [ 82.945443][ T5784] bridge_slave_1: entered promiscuous mode [ 83.056621][ T5786] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 83.070552][ T5784] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 83.085681][ T5787] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 83.096307][ T5785] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 83.103774][ T5785] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 83.130106][ T5785] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 83.144112][ T5785] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 83.151490][ T5785] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 83.178224][ T5785] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 83.191987][ T5786] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 83.220451][ T5784] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 83.232055][ T5787] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 83.276403][ T5786] team0: Port device team_slave_0 added [ 83.314675][ T5786] team0: Port device team_slave_1 added [ 83.337365][ T5787] team0: Port device team_slave_0 added [ 83.360939][ T5784] team0: Port device team_slave_0 added [ 83.369009][ T5787] team0: Port device team_slave_1 added [ 83.420351][ T5784] team0: Port device team_slave_1 added [ 83.451988][ T5786] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 83.458991][ T5786] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 83.485899][ T5786] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 83.523645][ T5787] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 83.531347][ T5787] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 83.557966][ T5787] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 83.576471][ T5785] hsr_slave_0: entered promiscuous mode [ 83.583239][ T5785] hsr_slave_1: entered promiscuous mode [ 83.605975][ T5786] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 83.613052][ T5786] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 83.639282][ T5786] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 83.657174][ T5784] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 83.664274][ T5784] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 83.690354][ T5784] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 83.703366][ T5787] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 83.710909][ T5793] Bluetooth: hci2: command tx timeout [ 83.711023][ T5101] Bluetooth: hci1: command tx timeout [ 83.716759][ T5793] Bluetooth: hci3: command tx timeout [ 83.722557][ T5797] Bluetooth: hci0: command tx timeout [ 83.733572][ T5787] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 83.760726][ T5787] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 83.810842][ T5784] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 83.817848][ T5784] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 83.844010][ T5784] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 83.952617][ T5786] hsr_slave_0: entered promiscuous mode [ 83.959066][ T5786] hsr_slave_1: entered promiscuous mode [ 83.965914][ T5786] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 83.974030][ T5786] Cannot create hsr debugfs directory [ 83.997651][ T5787] hsr_slave_0: entered promiscuous mode [ 84.004423][ T5787] hsr_slave_1: entered promiscuous mode [ 84.011375][ T5787] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 84.018975][ T5787] Cannot create hsr debugfs directory [ 84.029177][ T5784] hsr_slave_0: entered promiscuous mode [ 84.035900][ T5784] hsr_slave_1: entered promiscuous mode [ 84.042368][ T5784] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 84.050371][ T5784] Cannot create hsr debugfs directory [ 84.398651][ T5785] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 84.415642][ T5785] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 84.467677][ T5785] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 84.494956][ T5785] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 84.571496][ T5787] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 84.587031][ T5787] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 84.597808][ T5787] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 84.608302][ T5787] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 84.709668][ T5786] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 84.726796][ T5786] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 84.739869][ T5786] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 84.771972][ T5786] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 84.834888][ T5784] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 84.847755][ T5784] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 84.858296][ T5784] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 84.876957][ T5784] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 84.939553][ T5785] 8021q: adding VLAN 0 to HW filter on device bond0 [ 85.027764][ T5785] 8021q: adding VLAN 0 to HW filter on device team0 [ 85.048054][ T5787] 8021q: adding VLAN 0 to HW filter on device bond0 [ 85.087824][ T1131] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.095243][ T1131] bridge0: port 1(bridge_slave_0) entered forwarding state [ 85.111570][ T58] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.118740][ T58] bridge0: port 2(bridge_slave_1) entered forwarding state [ 85.164309][ T5787] 8021q: adding VLAN 0 to HW filter on device team0 [ 85.199784][ T1131] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.206986][ T1131] bridge0: port 1(bridge_slave_0) entered forwarding state [ 85.244231][ T134] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.251457][ T134] bridge0: port 2(bridge_slave_1) entered forwarding state [ 85.274695][ T5786] 8021q: adding VLAN 0 to HW filter on device bond0 [ 85.302327][ T5784] 8021q: adding VLAN 0 to HW filter on device bond0 [ 85.348476][ T5784] 8021q: adding VLAN 0 to HW filter on device team0 [ 85.382791][ T5786] 8021q: adding VLAN 0 to HW filter on device team0 [ 85.408919][ T1131] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.416138][ T1131] bridge0: port 1(bridge_slave_0) entered forwarding state [ 85.464825][ T1131] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.472071][ T1131] bridge0: port 1(bridge_slave_0) entered forwarding state [ 85.486415][ T1131] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.493708][ T1131] bridge0: port 2(bridge_slave_1) entered forwarding state [ 85.543163][ T134] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.550460][ T134] bridge0: port 2(bridge_slave_1) entered forwarding state [ 85.608662][ T5787] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 85.755878][ T5785] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 85.793141][ T5797] Bluetooth: hci0: command tx timeout [ 85.793164][ T5802] Bluetooth: hci1: command tx timeout [ 85.798591][ T5797] Bluetooth: hci2: command tx timeout [ 85.804541][ T5793] Bluetooth: hci3: command tx timeout [ 85.932833][ T5785] veth0_vlan: entered promiscuous mode [ 85.973851][ T5785] veth1_vlan: entered promiscuous mode [ 86.083553][ T5785] veth0_macvtap: entered promiscuous mode [ 86.113712][ T5785] veth1_macvtap: entered promiscuous mode [ 86.178061][ T5787] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 86.222693][ T5785] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 86.235760][ T5785] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 86.261157][ T5785] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.273208][ T5785] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.283011][ T5785] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.294333][ T5785] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.322921][ T5786] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 86.335557][ T5784] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 86.518219][ T5787] veth0_vlan: entered promiscuous mode [ 86.538538][ T48] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.551482][ T48] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.583173][ T5784] veth0_vlan: entered promiscuous mode [ 86.592153][ T5787] veth1_vlan: entered promiscuous mode [ 86.627020][ T5786] veth0_vlan: entered promiscuous mode [ 86.648718][ T34] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.658865][ T5784] veth1_vlan: entered promiscuous mode [ 86.669578][ T5786] veth1_vlan: entered promiscuous mode [ 86.678080][ T34] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.778344][ T5786] veth0_macvtap: entered promiscuous mode [ 86.822607][ T5784] veth0_macvtap: entered promiscuous mode [ 86.853919][ T5787] veth0_macvtap: entered promiscuous mode [ 86.870640][ T5787] veth1_macvtap: entered promiscuous mode [ 86.885855][ T5786] veth1_macvtap: entered promiscuous mode [ 86.913102][ T5784] veth1_macvtap: entered promiscuous mode [ 86.945698][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 86.957696][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.971978][ T5786] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 86.983049][ T5876] syz.1.2[5876]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 86.997412][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 87.004549][ T5876] loop1: detected capacity change from 0 to 512 [ 87.018745][ T5876] EXT4-fs: Ignoring removed mblk_io_submit option [ 87.026811][ T5876] ext4: Unknown parameter 'seclabel' [ 87.032389][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.050483][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 87.099369][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.123192][ T5787] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 87.205375][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 87.233618][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.261466][ T5787] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 87.297912][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 87.322710][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.340226][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 87.360105][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.381857][ T5786] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 87.414276][ T5787] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.439110][ T5882] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 87.456168][ T5787] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.479918][ T5787] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.488710][ T5787] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.527304][ T5784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 87.540775][ T5784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.553015][ T5784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 87.564518][ T5784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.574830][ T5784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 87.586157][ T5784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.611083][ T5784] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 87.645514][ T5784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 87.665238][ T5784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.676163][ T5784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 87.687120][ T5784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.697445][ T5784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 87.722912][ T5784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.758540][ T5784] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 87.783560][ T5786] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.794074][ T5786] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.806117][ T5786] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.815284][ T5786] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.854146][ T5784] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.866349][ T5784] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.876503][ T5793] Bluetooth: hci2: command tx timeout [ 87.876524][ T5797] Bluetooth: hci3: command tx timeout [ 87.882106][ T5793] Bluetooth: hci1: command tx timeout [ 87.887532][ T5101] Bluetooth: hci0: command tx timeout [ 87.931234][ T5784] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.957706][ T5784] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.315983][ T134] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.332092][ T134] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.385757][ T134] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.400595][ T134] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.450485][ T34] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.465558][ T34] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.500206][ T134] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.508165][ T134] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.563750][ T48] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.582835][ T48] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.628933][ T1131] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.643161][ T1131] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.823925][ T5902] syz.0.1 uses obsolete (PF_INET,SOCK_PACKET) [ 89.148862][ T28] audit: type=1326 audit(1752878841.099:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5909 comm="syz.0.11" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fcb4d58e9a9 code=0x0 [ 89.270130][ T5171] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 89.349354][ T5913] loop1: detected capacity change from 0 to 1024 [ 89.363911][ T5913] EXT4-fs: Ignoring removed nomblk_io_submit option [ 89.416435][ T5906] loop2: detected capacity change from 0 to 32768 [ 89.420894][ T5913] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 89.439552][ T5906] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 scanned by syz.2.3 (5906) [ 89.466007][ T5171] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 89.481534][ T5171] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 89.496609][ T5171] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 89.510635][ T5171] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 89.519922][ T5171] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 89.534119][ T5171] usb 4-1: config 0 descriptor?? [ 89.615997][ T5906] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 89.635674][ T5906] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 89.646819][ T5906] BTRFS info (device loop2): force clearing of disk cache [ 89.665860][ T5906] BTRFS info (device loop2): turning on flush-on-commit [ 89.673343][ T5906] BTRFS info (device loop2): enabling ssd optimizations [ 89.680713][ T5906] BTRFS info (device loop2): using spread ssd allocation scheme [ 89.690177][ T5906] BTRFS info (device loop2): enabling auto defrag [ 89.696960][ T5906] BTRFS info (device loop2): max_inline at 0 [ 89.704682][ T5906] BTRFS info (device loop2): enabling disk space caching [ 89.735944][ T5906] BTRFS info (device loop2): disk space caching is enabled [ 89.847162][ T5785] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 89.860460][ T5906] BTRFS info (device loop2): auto enabling async discard [ 89.888590][ T5906] BTRFS info (device loop2): rebuilding free space tree [ 89.945452][ T5906] BTRFS info (device loop2): disabling free space tree [ 89.953433][ T5797] Bluetooth: hci3: command tx timeout [ 89.958915][ T5101] Bluetooth: hci0: command tx timeout [ 89.961425][ T5793] Bluetooth: hci1: command tx timeout [ 89.964599][ T5101] Bluetooth: hci2: command tx timeout [ 89.980234][ T5906] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 89.993774][ T5906] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 90.047031][ T5171] plantronics 0003:047F:FFFF.0001: No inputs registered, leaving [ 90.156956][ T5936] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 90.171556][ T5171] plantronics 0003:047F:FFFF.0001: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 90.185259][ T28] audit: type=1800 audit(1752878842.139:3): pid=5906 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.3" name="file0" dev="loop2" ino=258 res=0 errno=0 [ 90.481152][ T5808] usb 4-1: USB disconnect, device number 2 [ 90.527354][ T5940] fido_id[5940]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/4-1/report_descriptor': No such file or directory [ 90.548792][ T5784] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 90.822695][ T5800] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 12 /dev/loop2 scanned by udevd (5800) [ 91.308897][ T5952] loop1: detected capacity change from 0 to 8192 [ 91.355552][ T5952] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 91.375703][ T5958] loop0: detected capacity change from 0 to 256 [ 91.435130][ T5952] REISERFS (device loop1): found reiserfs format "3.5" with non-standard journal [ 91.473993][ T5952] REISERFS (device loop1): using ordered data mode [ 91.482731][ T5952] reiserfs: using flush barriers [ 91.533962][ T5952] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 91.549951][ T5808] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 91.622331][ T5952] REISERFS (device loop1): checking transaction log (loop1) [ 91.704102][ T5952] REISERFS (device loop1): Using r5 hash to sort names [ 91.747202][ T5952] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage. [ 91.809816][ T5808] usb 3-1: Using ep0 maxpacket: 32 [ 91.832659][ T5808] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 91.889805][ T5808] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 91.903507][ T28] audit: type=1800 audit(1752878843.859:4): pid=5952 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.19" name="file1" dev="loop1" ino=2 res=0 errno=0 [ 91.929889][ T5808] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 91.970460][ T5808] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 92.021589][ T5808] usb 3-1: config 0 descriptor?? [ 92.038908][ T5808] hub 3-1:0.0: USB hub found [ 92.211480][ T9] cfg80211: failed to load regulatory.db [ 92.253249][ T5967] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci0/hci0:200/input7 [ 92.275228][ T5808] hub 3-1:0.0: 1 port detected [ 92.656776][ T5963] loop3: detected capacity change from 0 to 40427 [ 92.691446][ T5963] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 92.705977][ T5808] usb 3-1: USB disconnect, device number 2 [ 92.735405][ T5963] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 92.861516][ T5963] F2FS-fs (loop3): Found nat_bits in checkpoint [ 92.959397][ T5981] ======================================================= [ 92.959397][ T5981] WARNING: The mand mount option has been deprecated and [ 92.959397][ T5981] and is ignored by this kernel. Remove the mand [ 92.959397][ T5981] option from the mount to silence this warning. [ 92.959397][ T5981] ======================================================= [ 93.013524][ T5963] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 93.029463][ T5963] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 93.564842][ T5994] loop0: detected capacity change from 0 to 1024 [ 93.656218][ T5994] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 93.784521][ T5787] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 94.084458][ T5998] loop0: detected capacity change from 0 to 4096 [ 94.289505][ T5999] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 94.326738][ T5990] loop2: detected capacity change from 0 to 32768 [ 94.479447][ T5990] ocfs2: Mounting device (7,2) on (node local, slot 0) with writeback data mode. [ 94.671412][ T5998] NILFS error (device loop0): nilfs_lookup: deleted inode referenced: 12 [ 94.722372][ T5998] Remounting filesystem read-only [ 94.860497][ T5787] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 94.872315][ T5988] loop1: detected capacity change from 0 to 65536 [ 94.879959][ T5787] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 94.886997][ T5787] NILFS (loop0): discard dirty block: blocknr=14, size=4096 [ 94.922113][ T5990] syz.2.34 (5990) used greatest stack depth: 20560 bytes left [ 94.935637][ T5787] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 94.959935][ T5787] NILFS (loop0): discard dirty block: blocknr=23, size=4096 [ 94.967326][ T5787] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 94.975458][ T5787] NILFS (loop0): discard dirty block: blocknr=24, size=4096 [ 94.983230][ T5787] NILFS (loop0): discard dirty page: offset=8192, ino=6 [ 94.990603][ T5787] NILFS (loop0): discard dirty block: blocknr=25, size=4096 [ 95.001221][ T5988] XFS (loop1): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 95.004743][ T5787] NILFS (loop0): discard dirty page: offset=0, ino=3 [ 95.018681][ T5787] NILFS (loop0): discard dirty block: blocknr=28, size=4096 [ 95.026573][ T5787] NILFS (loop0): discard dirty page: offset=4096, ino=3 [ 95.034799][ T5787] NILFS (loop0): discard dirty block: blocknr=29, size=4096 [ 95.051756][ T5787] NILFS (loop0): discard dirty page: offset=532480, ino=3 [ 95.059002][ T5787] NILFS (loop0): discard dirty block: blocknr=33, size=4096 [ 95.202890][ T5988] XFS (loop1): Ending clean mount [ 95.271010][ T5784] (syz-executor,5784,1):ocfs2_inode_is_valid_to_delete:872 ERROR: Skipping delete of system file 76 [ 95.344191][ T28] audit: type=1804 audit(1752878847.299:5): pid=5988 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.33" name="/newroot/14/file0/file1" dev="loop1" ino=38 res=1 errno=0 [ 95.401985][ T5895] XFS (loop1): Metadata CRC error detected at xfs_agf_read_verify+0x191/0x250, xfs_agf block 0x1 [ 95.402293][ T5784] ocfs2: Unmounting device (7,2) on (node local) [ 95.435931][ T5895] XFS (loop1): Unmount and run xfs_repair [ 95.462369][ T5895] XFS (loop1): First 128 bytes of corrupted metadata buffer: [ 95.488325][ T5895] 00000000: 58 41 47 46 00 00 00 01 00 00 00 00 00 00 40 00 XAGF..........@. [ 95.527983][ T5785] XFS (loop1): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 95.540224][ T5895] 00000010: 00 00 00 02 00 00 00 03 00 00 00 00 00 00 00 01 ................ [ 95.561442][ T5895] 00000020: 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 04 ................ [ 95.579839][ T5895] 00000030: 00 00 00 04 00 00 3f ca 00 00 3f c7 00 00 00 00 ......?...?..... [ 95.588765][ T5895] 00000040: 9b 73 48 e5 2f a0 41 a5 95 26 c5 3a 67 8b 01 f3 .sH./.A..&.:g... [ 95.638093][ T5895] 00000050: 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 ................ [ 95.670971][ T5895] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 95.690046][ T5895] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 95.720211][ T5808] XFS (loop1): metadata I/O error in "xfs_read_agf+0x27e/0x590" at daddr 0x1 len 1 error 74 [ 95.741016][ T5808] XFS (loop1): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0x182e/0x1e00 (fs/xfs/libxfs/xfs_defer.c:598). Shutting down filesystem. [ 95.759412][ T6004] loop3: detected capacity change from 0 to 32768 [ 95.781005][ T5808] XFS (loop1): Please unmount the filesystem and rectify the problem(s) [ 95.858972][ T6004] XFS (loop3): Mounting V5 Filesystem ca7e2101-b8f1-4838-8e2d-7637b90620e6 [ 96.030935][ T6004] XFS (loop3): Ending clean mount [ 96.156852][ T6004] XFS (loop3): Quotacheck needed: Please wait. [ 96.182476][ T6033] sp0: Synchronizing with TNC [ 96.299098][ T6004] XFS (loop3): Quotacheck: Done. [ 96.311675][ T6004] XFS (loop3): Unmounting Filesystem ca7e2101-b8f1-4838-8e2d-7637b90620e6 [ 96.361001][ T6034] loop2: detected capacity change from 0 to 4096 [ 96.385006][ T6034] ntfs: (device loop2): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 96.436724][ T6034] ntfs: (device loop2): parse_options(): Invalid mft_zone_multiplier. Using default value, i.e. 1. [ 96.568339][ T6034] ntfs: (device loop2): check_mft_mirror(): $MFT and $MFTMirr (record 1) do not match. Run ntfsfix or chkdsk. [ 96.600682][ T6034] ntfs: (device loop2): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 96.679889][ T6034] ntfs: (device loop2): ntfs_read_locked_inode(): First extent of $DATA attribute has non zero lowest_vcn. [ 96.711010][ T6037] netlink: 56 bytes leftover after parsing attributes in process `syz.0.47'. [ 96.731685][ T6034] ntfs: (device loop2): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xa as bad. Run chkdsk. [ 96.783777][ T6034] ntfs: (device loop2): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 96.823701][ T6034] ntfs: volume version 3.1. [ 96.868349][ T6034] ntfs: (device loop2): ntfs_check_logfile(): Did not find any restart pages in $LogFile and it was not empty. [ 96.956321][ T6034] ntfs: (device loop2): load_system_files(): Failed to load $LogFile. Will not be able to remount read-write. Mount in Windows. [ 99.193613][ T6072] loop2: detected capacity change from 0 to 40427 [ 99.225952][ T6072] F2FS-fs (loop2): heap/no_heap options were deprecated [ 99.237362][ T6101] netlink: 4 bytes leftover after parsing attributes in process `syz.0.65'. [ 99.278213][ T6102] netlink: 28 bytes leftover after parsing attributes in process `syz.3.66'. [ 99.315103][ T5800] I/O error, dev loop2, sector 40192 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 99.330032][ T6102] netlink: 28 bytes leftover after parsing attributes in process `syz.3.66'. [ 99.360206][ T6102] Zero length message leads to an empty skb [ 99.428183][ T6086] loop1: detected capacity change from 0 to 32768 [ 99.538088][ T6086] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 99.969653][ T6086] XFS (loop1): Ending clean mount [ 100.030935][ T6086] XFS (loop1): Quotacheck needed: Please wait. [ 100.133431][ T6086] XFS (loop1): Quotacheck: Done. [ 100.585837][ T5785] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 100.831644][ T6132] loop2: detected capacity change from 0 to 2048 [ 100.897304][ T6132] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 100.947941][ T6134] netlink: 'syz.0.76': attribute type 2 has an invalid length. [ 101.619988][ T6150] loop1: detected capacity change from 0 to 1024 [ 101.669165][ T6150] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 101.883293][ T6160] @: renamed from vlan0 (while UP) [ 101.915011][ T28] kauditd_printk_skb: 7 callbacks suppressed [ 101.915028][ T28] audit: type=1800 audit(1752878853.869:6): pid=6150 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.83" name="file1" dev="overlay" ino=15 res=0 errno=0 [ 102.251505][ T5785] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 102.519946][ T6167] syz.3.89 (6167) used greatest stack depth: 17968 bytes left [ 102.591063][ T6173] netlink: 68 bytes leftover after parsing attributes in process `syz.2.92'. [ 102.959553][ T6183] Illegal XDP return value 4294967274 on prog (id 11) dev syz_tun, expect packet loss! [ 103.097635][ T6163] loop0: detected capacity change from 0 to 40427 [ 103.170939][ T6163] F2FS-fs (loop0): invalid crc value [ 103.196556][ T6163] F2FS-fs (loop0): Found nat_bits in checkpoint [ 103.310673][ T6163] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 103.440675][ T5808] usb 2-1: new full-speed USB device number 2 using dummy_hcd [ 103.599370][ T5787] syz-executor: attempt to access beyond end of device [ 103.599370][ T5787] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 103.630251][ T5787] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 103.669957][ T5808] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 103.697727][ T5808] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 103.724949][ T5808] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 103.740280][ T5808] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5 [ 103.776045][ T5808] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 103.799802][ T5808] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 103.807888][ T5808] usb 2-1: Manufacturer: syz [ 103.819607][ T5808] usb 2-1: config 0 descriptor?? [ 103.844118][ T6199] sch_tbf: burst 32854 is lower than device lo mtu (65550) ! [ 104.006358][ T6201] loop2: detected capacity change from 0 to 256 [ 104.090221][ T6201] exFAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 104.110324][ T6201] exFAT-fs (loop2): Medium has reported failures. Some data may be lost. [ 104.136641][ T6201] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xb94faefa, utbl_chksum : 0xe619d30d) [ 104.202542][ T5808] rc_core: IR keymap rc-hauppauge not found [ 104.208525][ T5808] Registered IR keymap rc-empty [ 104.230680][ T5808] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 104.287856][ T5808] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 104.344670][ T5808] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0 [ 104.411821][ T5808] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input8 [ 104.484312][ T5808] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 104.547744][ T6207] netlink: 'syz.0.100': attribute type 39 has an invalid length. [ 104.559980][ T5808] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 104.597298][ T5808] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 104.639053][ T6211] loop2: detected capacity change from 0 to 2048 [ 104.649993][ T5808] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 104.685227][ T5808] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 104.695237][ T6211] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 104.745085][ T5808] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 104.781512][ T5808] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 104.850272][ T5808] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 104.910010][ T5808] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 104.949111][ T5808] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 104.992096][ T5808] mceusb 2-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 105.006322][ T5808] mceusb 2-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 105.042405][ T5808] usb 2-1: USB disconnect, device number 2 [ 106.600866][ T6239] loop0: detected capacity change from 0 to 512 [ 106.614910][ T6239] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 106.631554][ T6239] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 106.671148][ T6239] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2867: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 106.693308][ T6239] EXT4-fs (loop0): 1 truncate cleaned up [ 106.725574][ T6239] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 106.988863][ T5787] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 107.511999][ T9] kernel write not supported for file /75/clear_refs (pid: 9 comm: kworker/0:1) [ 107.696579][ T6262] Bluetooth: MGMT ver 1.22 [ 108.089247][ T6245] loop2: detected capacity change from 0 to 32768 [ 108.159406][ T6245] XFS (loop2): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 108.299814][ T6245] XFS (loop2): Ending clean mount [ 108.335811][ T6245] XFS (loop2): Quotacheck needed: Please wait. [ 108.426677][ T6245] XFS (loop2): Quotacheck: Done. [ 108.757647][ T5784] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 109.056231][ T9] IPVS: starting estimator thread 0... [ 109.080781][ T6286] tipc: Started in network mode [ 109.086121][ T6286] tipc: Node identity ac1414aa, cluster identity 4711 [ 109.111687][ T6286] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 109.119181][ T6286] tipc: Enabled bearer , priority 10 [ 109.172930][ T6291] loop1: detected capacity change from 0 to 164 [ 109.180068][ T6289] IPVS: using max 21 ests per chain, 50400 per kthread [ 109.251876][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 109.389952][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 109.529909][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 109.659245][ T6301] process 'syz.2.141' launched './file1' with NULL argv: empty string added [ 109.669907][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 109.809963][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 109.950005][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 110.046450][ T6310] loop2: detected capacity change from 0 to 512 [ 110.089953][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 110.123638][ T6310] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 110.212754][ T6310] ext4 filesystem being mounted at /29/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 110.231896][ T5808] tipc: Node number set to 2886997162 [ 110.369962][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 110.420880][ T6310] EXT4-fs error (device loop2): ext4_empty_dir:3136: inode #12: comm syz.2.144: invalid size [ 110.601992][ T6303] loop1: detected capacity change from 0 to 32768 [ 110.639924][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 110.727935][ T6298] 9pnet_fd: Insufficient options for proto=fd [ 110.994494][ T6323] batadv_slave_1: entered promiscuous mode [ 111.019048][ T6325] loop1: detected capacity change from 0 to 256 [ 111.034651][ T6322] batadv_slave_1: left promiscuous mode [ 111.051094][ T6325] exfat: Deprecated parameter 'namecase' [ 111.085256][ T5784] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 111.109857][ T9] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 111.112830][ T6325] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x36bd6320, utbl_chksum : 0xe619d30d) [ 111.299869][ T9] usb 1-1: Using ep0 maxpacket: 16 [ 111.311678][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 111.344187][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 111.395291][ T9] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 111.431298][ T9] usb 1-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 111.462366][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 111.515930][ T9] usb 1-1: config 0 descriptor?? [ 111.692521][ T6335] loop2: detected capacity change from 0 to 8192 [ 111.709537][ T6335] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 111.731313][ T6335] REISERFS (device loop2): found reiserfs format "3.5" with non-standard journal [ 111.741919][ T6335] REISERFS (device loop2): using ordered data mode [ 111.748499][ T6335] reiserfs: using flush barriers [ 111.760927][ T6335] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 111.778041][ T6335] REISERFS (device loop2): checking transaction log (loop2) [ 111.779976][ T5808] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 111.788111][ T6335] REISERFS (device loop2): Using rupasov hash to sort names [ 111.801072][ T6335] REISERFS (device loop2): using 3.5.x disk format [ 111.809234][ T6335] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP [ 111.821318][ T6335] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP [ 111.832917][ T6335] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP [ 111.844450][ T6335] REISERFS warning (device loop2): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 UNKNOWN] (nlink == 1) not found (pos 2) [ 111.858906][ T6335] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage. [ 111.891641][ T6335] netlink: 16 bytes leftover after parsing attributes in process `syz.2.155'. [ 111.969075][ T9] shield 0003:0955:7214.0002: unknown main item tag 0x0 [ 112.010945][ T9] shield 0003:0955:7214.0002: unknown main item tag 0x0 [ 112.020907][ T9] shield 0003:0955:7214.0002: unknown main item tag 0x0 [ 112.027947][ T9] shield 0003:0955:7214.0002: unknown main item tag 0x0 [ 112.037621][ T9] shield 0003:0955:7214.0002: unknown main item tag 0x0 [ 112.056130][ T5808] usb 4-1: config 0 interface 0 altsetting 253 endpoint 0x81 has an invalid bInterval 36, changing to 9 [ 112.068445][ T9] input: HID 0955:7214 Haptics as /devices/virtual/input/input9 [ 112.079812][ T5808] usb 4-1: config 0 interface 0 altsetting 253 endpoint 0x81 has invalid wMaxPacketSize 0 [ 112.109686][ T5808] usb 4-1: config 0 interface 0 has no altsetting 0 [ 112.129205][ T5808] usb 4-1: New USB device found, idVendor=172f, idProduct=0501, bcdDevice= 0.00 [ 112.168479][ T6321] netlink: 'syz.0.148': attribute type 2 has an invalid length. [ 112.185481][ T5808] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 112.195336][ T6321] netlink: 244 bytes leftover after parsing attributes in process `syz.0.148'. [ 112.210590][ T9] shield 0003:0955:7214.0002: Registered Thunderstrike controller [ 112.235789][ T9] shield 0003:0955:7214.0002: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.0-1/input0 [ 112.251766][ T5808] usb 4-1: config 0 descriptor?? [ 112.355062][ T5895] shield 0003:0955:7214.0002: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 112.381101][ T5895] shield 0003:0955:7214.0002: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 112.393734][ T9] usb 1-1: USB disconnect, device number 2 [ 112.425648][ T5895] shield 0003:0955:7214.0002: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 112.468910][ T5895] shield 0003:0955:7214.0002: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 112.705154][ T5808] waltop 0003:172F:0501.0003: collection stack underflow [ 112.722627][ T5808] waltop 0003:172F:0501.0003: item 0 1 0 12 parsing failed [ 112.746326][ T5808] waltop: probe of 0003:172F:0501.0003 failed with error -22 [ 112.970686][ T5792] usb 4-1: USB disconnect, device number 3 [ 113.034821][ T6354] loop0: detected capacity change from 0 to 256 [ 113.100669][ T6354] exFAT-fs (loop0): failed to load upcase table (idx : 0x0001e4a3, chksum : 0xe1cea053, utbl_chksum : 0x7319d30d) [ 113.129507][ T6346] loop2: detected capacity change from 0 to 32768 [ 113.423901][ T6352] loop1: detected capacity change from 0 to 32768 [ 113.486743][ T6352] XFS (loop1): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 113.635244][ T6352] XFS (loop1): Ending clean mount [ 113.681803][ T6352] XFS (loop1): Quotacheck needed: Please wait. [ 113.824840][ T6352] XFS (loop1): Quotacheck: Done. [ 114.092933][ T5785] XFS (loop1): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 114.270004][ C0] net_ratelimit: 3 callbacks suppressed [ 114.270021][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 114.345711][ T28] audit: type=1326 audit(1752878866.299:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6375 comm="syz.2.161" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff61318e9a9 code=0x7ffc0000 [ 114.428024][ T28] audit: type=1326 audit(1752878866.299:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6375 comm="syz.2.161" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff61318e9a9 code=0x7ffc0000 [ 114.519826][ T28] audit: type=1326 audit(1752878866.349:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6375 comm="syz.2.161" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff61318e9a9 code=0x7ffc0000 [ 114.630603][ T28] audit: type=1326 audit(1752878866.349:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6375 comm="syz.2.161" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff61318e9a9 code=0x7ffc0000 [ 114.713987][ T28] audit: type=1326 audit(1752878866.349:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6375 comm="syz.2.161" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff61318e9a9 code=0x7ffc0000 [ 114.790369][ T28] audit: type=1326 audit(1752878866.349:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6375 comm="syz.2.161" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff61318e9a9 code=0x7ffc0000 [ 114.851745][ T28] audit: type=1326 audit(1752878866.349:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6375 comm="syz.2.161" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff61318e9a9 code=0x7ffc0000 [ 114.918420][ T28] audit: type=1326 audit(1752878866.349:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6375 comm="syz.2.161" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff61318e9a9 code=0x7ffc0000 [ 114.986913][ T28] audit: type=1326 audit(1752878866.349:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6375 comm="syz.2.161" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff61318e9a9 code=0x7ffc0000 [ 115.022507][ T28] audit: type=1326 audit(1752878866.349:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6375 comm="syz.2.161" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff61318e9a9 code=0x7ffc0000 [ 115.139941][ T6372] loop0: detected capacity change from 0 to 32768 [ 115.197462][ T6372] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 115.272415][ T6372] XFS (loop0): Ending clean mount [ 115.309922][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 115.500786][ T5787] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 116.349901][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 116.649846][ T27] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 116.774974][ T6424] netlink: 'syz.1.185': attribute type 1 has an invalid length. [ 116.790497][ T6424] netlink: 16150 bytes leftover after parsing attributes in process `syz.1.185'. [ 116.876964][ T27] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 116.919890][ T27] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 116.949468][ T27] usb 3-1: config 1 interface 1 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 116.994867][ T27] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 117.009967][ T27] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 117.018043][ T27] usb 3-1: Product: syz [ 117.033099][ T6426] warning: `syz.1.187' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 117.059903][ T27] usb 3-1: Manufacturer: syz [ 117.064601][ T27] usb 3-1: SerialNumber: syz [ 117.389911][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 117.468376][ T6437] input: syz0 as /devices/virtual/input/input10 [ 117.719933][ T9] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 117.913852][ T9] usb 2-1: Using ep0 maxpacket: 32 [ 117.921387][ T9] usb 2-1: New USB device found, idVendor=041e, idProduct=403c, bcdDevice=cc.d7 [ 117.931398][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 117.943894][ T9] usb 2-1: config 0 descriptor?? [ 117.971653][ T9] gspca_main: sq930x-2.14.0 probing 041e:403c [ 118.121740][ T27] cdc_ncm 3-1:1.0: bind() failure [ 118.133092][ T27] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found [ 118.140220][ T27] cdc_ncm 3-1:1.1: bind() failure [ 118.157901][ T27] usb 3-1: USB disconnect, device number 3 [ 118.441622][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 118.844700][ T6446] loop0: detected capacity change from 0 to 32768 [ 118.876843][ T6446] XFS (loop0): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 118.940058][ T6446] XFS (loop0): Ending clean mount [ 118.962647][ T27] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 118.995399][ T9] gspca_sq930x: ucbus_write failed -71 [ 119.004949][ T9] sq930x: probe of 2-1:0.0 failed with error -71 [ 119.032878][ T9] usb 2-1: USB disconnect, device number 3 [ 119.040120][ T6446] XFS (loop0): Quotacheck needed: Please wait. [ 119.138272][ T6446] XFS (loop0): Quotacheck: Done. [ 119.189944][ T27] usb 4-1: config 0 interface 0 altsetting 128 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 119.214206][ T27] usb 4-1: config 0 interface 0 altsetting 128 endpoint 0x81 has invalid wMaxPacketSize 0 [ 119.249249][ T27] usb 4-1: config 0 interface 0 has no altsetting 0 [ 119.258446][ T27] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 119.272577][ T27] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 119.289597][ T27] usb 4-1: config 0 descriptor?? [ 119.323583][ T5787] XFS (loop0): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 119.469895][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 119.478237][ T6471] loop2: detected capacity change from 0 to 256 [ 119.528525][ T6471] exFAT-fs (loop2): failed to load upcase table (idx : 0x0001e4a3, chksum : 0xe1cea053, utbl_chksum : 0x7319d30d) [ 119.797805][ T6475] loop1: detected capacity change from 0 to 4096 [ 119.934463][ T27] usb 4-1: string descriptor 0 read error: -22 [ 120.136994][ T27] input: HID 256c:006d as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:256C:006D.0004/input/input11 [ 120.218695][ T27] input: HID 256c:006d as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:256C:006D.0004/input/input12 [ 120.288500][ T27] input: HID 256c:006d Touch Strip as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:256C:006D.0004/input/input13 [ 120.378435][ T27] input: HID 256c:006d Dial as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:256C:006D.0004/input/input14 [ 120.509993][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 120.615739][ T27] uclogic 0003:256C:006D.0004: input,hidraw0: USB HID v0.00 Keypad [HID 256c:006d] on usb-dummy_hcd.3-1/input0 [ 120.720029][ T27] usb 4-1: USB disconnect, device number 4 [ 120.941328][ T6502] netlink: 'syz.1.211': attribute type 2 has an invalid length. [ 120.956660][ T6498] fido_id[6498]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/4-1/report_descriptor': No such file or directory [ 121.259947][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 121.549935][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 121.610175][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 122.065588][ T6529] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 122.351313][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 122.589921][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 122.733845][ T6539] loop1: detected capacity change from 0 to 512 [ 122.859822][ T6539] EXT4-fs error (device loop1): ext4_orphan_get:1399: inode #17: comm syz.1.234: iget: bogus i_mode (0) [ 122.887234][ T6546] loop0: detected capacity change from 0 to 1024 [ 122.964568][ T6539] EXT4-fs error (device loop1): ext4_orphan_get:1404: comm syz.1.234: couldn't read orphan inode 17 (err -117) [ 123.018281][ T6539] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 123.073442][ T6548] syzkaller1: entered promiscuous mode [ 123.078989][ T6548] syzkaller1: entered allmulticast mode [ 123.238033][ T58] hfsplus: b-tree write err: -5, ino 4 [ 123.252149][ T5785] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 123.429528][ T6534] loop2: detected capacity change from 0 to 32768 [ 123.504190][ T6534] JBD2: Ignoring recovery information on journal [ 123.624703][ T6534] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 123.629934][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 123.973262][ T5784] ocfs2: Unmounting device (7,2) on (node local) [ 124.669919][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 124.730594][ T6580] support for the xor transformation has been removed. [ 125.709885][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 125.985474][ T6587] loop0: detected capacity change from 0 to 32768 [ 126.012117][ T6587] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 scanned by syz.0.242 (6587) [ 126.069395][ T6587] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 126.080533][ T6587] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 126.101171][ T6587] BTRFS info (device loop0): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 126.120453][ T27] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 126.125181][ T6587] BTRFS info (device loop0): use zstd compression, level 3 [ 126.154313][ T6587] BTRFS info (device loop0): using free space tree [ 126.313729][ T27] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 126.363604][ T27] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 126.384084][ T6587] BTRFS info (device loop0): enabling ssd optimizations [ 126.409962][ T6587] BTRFS info (device loop0): auto enabling async discard [ 126.424060][ T27] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 126.469963][ T27] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 126.496780][ T27] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 126.538139][ T27] usb 3-1: config 0 descriptor?? [ 126.749887][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 127.040349][ T27] plantronics 0003:047F:FFFF.0005: No inputs registered, leaving [ 127.083374][ T5787] BTRFS info (device loop0): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 127.089165][ T27] plantronics 0003:047F:FFFF.0005: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 127.412826][ T5792] usb 3-1: USB disconnect, device number 4 [ 127.796501][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 128.107734][ T6654] loop7: detected capacity change from 0 to 7 [ 128.118662][ T6654] Dev loop7: unable to read RDB block 7 [ 128.118832][ T6654] loop7: unable to read partition table [ 128.119080][ T6654] loop7: partition table beyond EOD, truncated [ 128.119128][ T6654] loop_reread_partitions: partition scan of loop7 (þ被xü—ŸÑà– ) failed (rc=-5) [ 128.338671][ T6656] loop2: detected capacity change from 0 to 128 [ 128.381637][ T6656] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 128.401961][ T6656] ext4 filesystem being mounted at /57/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 128.727404][ T5784] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 128.829896][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 128.967004][ T6671] loop2: detected capacity change from 0 to 512 [ 129.082154][ T6671] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2244: inode #15: comm syz.2.267: corrupted in-inode xattr: invalid ea_ino [ 129.098274][ T6671] EXT4-fs error (device loop2): ext4_orphan_get:1404: comm syz.2.267: couldn't read orphan inode 15 (err -117) [ 129.157278][ T6671] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 129.245820][ T6679] netlink: 96 bytes leftover after parsing attributes in process `syz.0.269'. [ 129.396276][ T5784] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 129.738178][ T5171] kernel write not supported for file /media2 (pid: 5171 comm: kworker/1:2) [ 129.747892][ T27] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 129.870093][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 129.905417][ T6695] netlink: 84 bytes leftover after parsing attributes in process `syz.1.275'. [ 129.949817][ T27] usb 4-1: Using ep0 maxpacket: 16 [ 129.957678][ T27] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 129.972039][ T27] usb 4-1: config 0 interface 0 has no altsetting 0 [ 129.978796][ T27] usb 4-1: New USB device found, idVendor=060b, idProduct=500a, bcdDevice= 0.00 [ 129.988063][ T27] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 129.998831][ T27] usb 4-1: config 0 descriptor?? [ 130.430511][ T27] hid (null): report_id 67708416 is invalid [ 130.503262][ T27] cougar 0003:060B:500A.0006: usage count exceeds max: fixing up report descriptor [ 130.523900][ T27] cougar 0003:060B:500A.0006: unexpected long global item [ 130.537209][ T27] cougar 0003:060B:500A.0006: parse failed [ 130.545191][ T27] cougar: probe of 0003:060B:500A.0006 failed with error -22 [ 130.572082][ T6700] loop0: detected capacity change from 0 to 32768 [ 130.663316][ T9] usb 4-1: USB disconnect, device number 5 [ 130.773485][ T6704] netlink: 96 bytes leftover after parsing attributes in process `syz.1.280'. [ 130.809989][ T5895] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 130.844457][ T6706] gretap0: entered promiscuous mode [ 130.853983][ T6706] gretap0: left promiscuous mode [ 130.909934][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 130.964585][ T6708] loop1: detected capacity change from 0 to 2048 [ 130.980835][ T6708] EXT4-fs: Ignoring removed nobh option [ 131.019057][ T5895] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 131.040988][ T5895] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 131.043603][ T6708] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 131.060385][ T5895] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 131.077683][ T5895] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 131.088905][ T5895] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 131.101649][ T5895] usb 3-1: config 0 descriptor?? [ 131.147601][ T28] kauditd_printk_skb: 3 callbacks suppressed [ 131.147617][ T28] audit: type=1800 audit(1752878883.099:20): pid=6708 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.282" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 131.174254][ C1] vkms_vblank_simulate: vblank timer overrun [ 131.266627][ T6712] input: syz0 as /devices/virtual/input/input15 [ 131.276149][ T5785] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 131.595313][ T5895] plantronics 0003:047F:FFFF.0007: No inputs registered, leaving [ 131.626816][ T5895] plantronics 0003:047F:FFFF.0007: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 131.781206][ T6725] syz.0.289 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 131.949910][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 131.966643][ T27] usb 3-1: USB disconnect, device number 5 [ 132.612164][ T6741] syzkaller1: entered promiscuous mode [ 132.617947][ T6741] syzkaller1: entered allmulticast mode [ 132.856607][ T6743] loop2: detected capacity change from 0 to 8192 [ 132.899157][ T6743] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 132.990017][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 132.998350][ T6743] REISERFS (device loop2): found reiserfs format "3.6" with non-standard journal [ 133.044341][ T6743] REISERFS (device loop2): using ordered data mode [ 133.099866][ T6743] reiserfs: using flush barriers [ 133.144526][ T6743] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 133.167758][ T1280] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.175142][ T1280] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.230398][ T6743] REISERFS (device loop2): checking transaction log (loop2) [ 133.253827][ T6743] REISERFS (device loop2): Using r5 hash to sort names [ 133.282053][ T6743] REISERFS warning (device loop2): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 133.346617][ T6743] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage. [ 133.487500][ T6743] REISERFS warning (device loop2): sh-2029: %s: bitmap block (#%u) reading failed reiserfs_read_bitmap_block: reiserfs_read_bitmap_block [ 133.515084][ T6743] REISERFS warning (device loop2): sh-2029: %s: bitmap block (#%u) reading failed reiserfs_read_bitmap_block: reiserfs_read_bitmap_block [ 133.530982][ T6743] REISERFS warning (device loop2): sh-2029: %s: bitmap block (#%u) reading failed reiserfs_read_bitmap_block: reiserfs_read_bitmap_block [ 133.573590][ T6755] capability: warning: `syz.2.295' uses deprecated v2 capabilities in a way that may be insecure [ 134.029913][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 135.003389][ T6787] loop2: detected capacity change from 0 to 2048 [ 135.059809][ T6787] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 135.070031][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 135.165336][ T6793] binder: 6792:6793 ioctl c0306201 2000000003c0 returned -14 [ 135.214193][ T28] audit: type=1800 audit(1752878887.159:21): pid=6787 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.317" name="file1" dev="loop2" ino=1415 res=0 errno=0 [ 135.396459][ T6799] IPVS: length: 91 != 24 [ 135.799644][ T6816] loop0: detected capacity change from 0 to 64 [ 135.823332][ T6816] BFS-fs: bfs_fill_super(): loop0 is unclean, continuing [ 136.109866][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 136.347474][ T6830] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 136.399945][ T5808] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 136.595865][ T5808] usb 2-1: Using ep0 maxpacket: 8 [ 136.603999][ T5808] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 136.615574][ T5808] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 136.625188][ T5808] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 136.656428][ T5808] usb 2-1: config 0 descriptor?? [ 136.927060][ T5808] iowarrior 2-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 137.149913][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 137.397337][ T5808] usb 2-1: USB disconnect, device number 4 [ 137.489802][ T5171] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 137.699918][ T5171] usb 4-1: Using ep0 maxpacket: 8 [ 137.714675][ T5171] usb 4-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2 [ 137.724218][ T5171] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 137.732855][ T5171] usb 4-1: Product: syz [ 137.737185][ T5171] usb 4-1: Manufacturer: syz [ 137.741938][ T5171] usb 4-1: SerialNumber: syz [ 137.749343][ T5171] usb 4-1: config 0 descriptor?? [ 137.819864][ T9] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 137.899943][ T23] usb 1-1: new full-speed USB device number 3 using dummy_hcd [ 137.996426][ T5171] usb 4-1: dvb_usb_v2: found a 'Terratec H7' in warm state [ 138.009869][ T9] usb 3-1: Using ep0 maxpacket: 16 [ 138.023742][ T9] usb 3-1: config 1 has an invalid interface number: 105 but max is 0 [ 138.032569][ T9] usb 3-1: config 1 has no interface number 0 [ 138.038907][ T9] usb 3-1: config 1 interface 105 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 138.059362][ T9] usb 3-1: config 1 interface 105 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 138.069609][ T9] usb 3-1: config 1 interface 105 has no altsetting 0 [ 138.082378][ T9] usb 3-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d [ 138.092051][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 138.100217][ T9] usb 3-1: Product: syz [ 138.104506][ T9] usb 3-1: Manufacturer: syz [ 138.109132][ T9] usb 3-1: SerialNumber: syz [ 138.122049][ T6860] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 138.125596][ T23] usb 1-1: config 9 has an invalid interface number: 19 but max is 0 [ 138.149207][ T23] usb 1-1: config 9 has no interface number 0 [ 138.156065][ T23] usb 1-1: config 9 interface 19 altsetting 0 endpoint 0x7 has invalid maxpacket 1023, setting to 64 [ 138.158113][ T6860] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 138.167860][ T23] usb 1-1: config 9 interface 19 altsetting 0 endpoint 0x4 has invalid maxpacket 512, setting to 64 [ 138.189966][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 138.197794][ T23] usb 1-1: New USB device found, idVendor=093a, idProduct=2623, bcdDevice=16.3f [ 138.217949][ T23] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 138.228545][ T23] usb 1-1: Product: syz [ 138.235227][ T23] usb 1-1: Manufacturer: syz [ 138.240737][ T23] usb 1-1: SerialNumber: syz [ 138.253529][ T23] gspca_main: gspca_pac7302-2.14.0 probing 093a:2623 [ 138.679216][ T6860] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 138.691692][ T6860] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 138.827414][ T6870] loop1: detected capacity change from 0 to 32768 [ 138.838364][ T6870] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 scanned by syz.1.354 (6870) [ 138.859539][ T6870] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 138.869947][ T6870] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 138.879428][ T6870] BTRFS info (device loop1): using free space tree [ 138.925282][ T6870] BTRFS info (device loop1): enabling ssd optimizations [ 138.932459][ T6870] BTRFS info (device loop1): auto enabling async discard [ 139.009266][ T28] audit: type=1800 audit(1752878890.959:22): pid=6870 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.354" name="file1" dev="loop1" ino=260 res=0 errno=0 [ 139.093538][ T23] input: gspca_pac7302 as /devices/platform/dummy_hcd.0/usb1/1-1/input/input16 [ 139.102735][ T5171] usb write operation failed. (-71) [ 139.143225][ T5171] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 139.172871][ T5171] dvbdev: DVB: registering new adapter (Terratec H7) [ 139.184767][ T5171] usb 4-1: media controller created [ 139.192262][ T5171] usb read operation failed. (-71) [ 139.199302][ T5171] usb write operation failed. (-71) [ 139.219551][ T5785] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 139.230006][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 139.241786][ T5171] dvb_usb_az6007: probe of 4-1:0.0 failed with error -5 [ 139.305082][ T5171] usb 4-1: USB disconnect, device number 6 [ 139.322706][ T9] aqc111 3-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -71 [ 139.382598][ T9] aqc111 3-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -71 [ 139.465904][ T8] usb 1-1: USB disconnect, device number 3 [ 139.532595][ T9] aqc111 3-1:1.105 eth1: register 'aqc111' at usb-dummy_hcd.2-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter, 20:fc:94:45:3a:41 [ 139.576005][ T9] usb 3-1: USB disconnect, device number 6 [ 139.588790][ T9] aqc111 3-1:1.105 eth1: unregister 'aqc111' usb-dummy_hcd.2-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter [ 139.810712][ T9] aqc111 3-1:1.105 eth1 (unregistered): Failed to write(0x1) reg index 0x0002: -19 [ 139.845050][ T9] aqc111 3-1:1.105 eth1 (unregistered): Failed to write(0x1) reg index 0x0002: -19 [ 139.865422][ T9] aqc111 3-1:1.105 eth1 (unregistered): Failed to write(0x61) reg index 0x0000: -19 [ 140.269876][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 140.422754][ T28] audit: type=1326 audit(1752878892.379:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6902 comm="syz.0.361" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fcb4d58e9a9 code=0x0 [ 140.433202][ T6909] loop2: detected capacity change from 0 to 256 [ 140.594761][ T6909] FAT-fs (loop2): Directory bread(block 64) failed [ 140.622203][ T6909] FAT-fs (loop2): Directory bread(block 65) failed [ 140.650373][ T6909] FAT-fs (loop2): Directory bread(block 66) failed [ 140.668646][ T6909] FAT-fs (loop2): Directory bread(block 67) failed [ 140.699244][ T6909] FAT-fs (loop2): Directory bread(block 68) failed [ 140.729960][ T6909] FAT-fs (loop2): Directory bread(block 69) failed [ 140.743668][ T6909] FAT-fs (loop2): Directory bread(block 70) failed [ 140.760913][ T6909] FAT-fs (loop2): Directory bread(block 71) failed [ 140.776968][ T6909] FAT-fs (loop2): Directory bread(block 72) failed [ 140.787107][ T6909] FAT-fs (loop2): Directory bread(block 73) failed [ 141.181633][ T6918] loop1: detected capacity change from 0 to 32768 [ 141.210036][ T6918] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop1 scanned by syz.1.367 (6918) [ 141.231436][ T1131] kworker/u4:7: attempt to access beyond end of device [ 141.231436][ T1131] loop2: rw=1, sector=1224, nr_sectors = 12 limit=256 [ 141.232757][ T6918] BTRFS info (device loop1): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 141.255514][ T6918] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [ 141.265102][ T6918] BTRFS info (device loop1): using free space tree [ 141.309881][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 141.345585][ T6918] BTRFS info (device loop1): enabling ssd optimizations [ 141.352809][ T6918] BTRFS info (device loop1): auto enabling async discard [ 141.528343][ T6918] BTRFS info (device loop1): setting incompat feature flag for COMPRESS_LZO (0x8) [ 141.589957][ T8] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 141.626844][ T5785] BTRFS info (device loop1): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 141.803044][ T8] usb 1-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 141.831793][ T9] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 141.843331][ T8] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 141.871917][ T8] usb 1-1: config 0 descriptor?? [ 142.046123][ T9] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 142.058386][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 142.070523][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 142.081229][ T9] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 142.097174][ T9] usb 4-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 142.123822][ T9] usb 4-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 142.133698][ T9] usb 4-1: Manufacturer: syz [ 142.144299][ T9] usb 4-1: config 0 descriptor?? [ 142.271252][ T23] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 142.350950][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 142.467047][ T23] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 142.478073][ T23] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 142.488236][ T23] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 142.501398][ T23] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 142.510755][ T23] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 142.521477][ T23] usb 2-1: config 0 descriptor?? [ 142.576142][ T9] appleir 0003:05AC:8243.0008: unknown main item tag 0x0 [ 142.586225][ T9] appleir 0003:05AC:8243.0008: No inputs registered, leaving [ 142.608655][ T9] appleir 0003:05AC:8243.0008: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.3-1/input0 [ 142.887392][ T5171] usb 4-1: USB disconnect, device number 7 [ 142.932599][ T8] usb 1-1: Cannot set autoneg [ 142.938302][ T8] MOSCHIP usb-ethernet driver: probe of 1-1:0.0 failed with error -71 [ 142.953026][ T8] usb 1-1: USB disconnect, device number 4 [ 142.975598][ T23] plantronics 0003:047F:FFFF.0009: No inputs registered, leaving [ 142.998836][ T23] plantronics 0003:047F:FFFF.0009: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 143.252621][ T5171] usb 2-1: USB disconnect, device number 5 [ 143.392178][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 143.802162][ T6955] loop2: detected capacity change from 0 to 512 [ 144.100465][ T6955] EXT4-fs (loop2): Test dummy encryption mode enabled [ 144.141219][ T6955] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2244: inode #15: comm syz.2.376: corrupted in-inode xattr: invalid ea_ino [ 144.164358][ T6955] EXT4-fs error (device loop2): ext4_orphan_get:1404: comm syz.2.376: couldn't read orphan inode 15 (err -117) [ 144.193928][ T6955] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 144.427434][ T5784] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 144.429889][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 144.730208][ T5171] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 144.932534][ T5171] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 144.970139][ T5171] usb 2-1: config 1 has no interface number 0 [ 144.976379][ T5171] usb 2-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 145.022200][ T5171] usb 2-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping [ 145.047803][ T5171] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid maxpacket 20300, setting to 1024 [ 145.066620][ T5171] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 1024 [ 145.080714][ T5171] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 145.091907][ T5171] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 145.111338][ T5171] usb 2-1: Product: syz [ 145.115581][ T5171] usb 2-1: Manufacturer: syz [ 145.139814][ T5171] usb 2-1: SerialNumber: syz [ 145.379036][ T6979] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 145.470043][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 146.032447][ T6979] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 146.068286][ T5171] cdc_ncm 2-1:1.1: bind() failure [ 146.157504][ T6996] loop0: detected capacity change from 0 to 32768 [ 146.163061][ T134] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 146.340023][ T23] usb 2-1: USB disconnect, device number 6 [ 146.355472][ T134] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 146.499432][ T134] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 146.510019][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 146.645046][ T7011] loop0: detected capacity change from 0 to 512 [ 146.659510][ T134] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 146.751493][ T7011] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 146.774480][ T7011] ext4 filesystem being mounted at /110/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 146.827709][ T7011] EXT4-fs warning (device loop0): ext4_group_add:1722: Can't resize non-sparse filesystem further [ 146.887643][ T5787] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 147.330387][ T7023] netlink: 'syz.3.403': attribute type 34 has an invalid length. [ 147.549874][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 147.696288][ T5797] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 147.708803][ T5797] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 147.719320][ T5797] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 147.731928][ T5797] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 147.763764][ T5797] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 147.772911][ T5797] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 148.589898][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 149.629916][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 149.959965][ T5101] Bluetooth: hci2: command tx timeout [ 149.992364][ T7032] chnl_net:caif_netlink_parms(): no params data found [ 150.364210][ T7063] loop1: detected capacity change from 0 to 32768 [ 150.431573][ T5895] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 150.455963][ T7063] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 150.602830][ T134] hsr_slave_0: left promiscuous mode [ 150.622088][ T5895] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 150.649800][ T5895] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 150.653193][ T7063] XFS (loop1): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 150.669983][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 150.688128][ T5895] usb 4-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32 [ 150.691460][ T134] hsr_slave_1: left promiscuous mode [ 150.702568][ T5895] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 150.718962][ T5895] usb 4-1: Product: syz [ 150.734238][ T7095] loop0: detected capacity change from 0 to 512 [ 150.745642][ T5895] usb 4-1: Manufacturer: syz [ 150.763992][ T134] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 150.764813][ T5895] usb 4-1: SerialNumber: syz [ 150.802235][ T134] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 150.813876][ T7063] XFS (loop1): Starting recovery (logdev: internal) [ 150.827315][ T5895] usb 4-1: config 0 descriptor?? [ 150.837759][ T134] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 150.840897][ T7073] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 150.855087][ T7095] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 150.873287][ T7073] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 150.876740][ T134] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 150.888377][ T7095] ext4 filesystem being mounted at /115/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 150.904185][ T134] bridge_slave_1: left allmulticast mode [ 150.911504][ T134] bridge_slave_1: left promiscuous mode [ 150.919832][ T134] bridge0: port 2(bridge_slave_1) entered disabled state [ 150.955012][ T134] bridge_slave_0: left allmulticast mode [ 150.961265][ T7063] XFS (loop1): Ending recovery (logdev: internal) [ 150.971519][ T134] bridge_slave_0: left promiscuous mode [ 150.977371][ T134] bridge0: port 1(bridge_slave_0) entered disabled state [ 151.133877][ T7073] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 151.159999][ T7073] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 151.213177][ T134] veth1_macvtap: left promiscuous mode [ 151.219336][ T134] veth0_macvtap: left promiscuous mode [ 151.231562][ T5787] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 151.241516][ T134] veth1_vlan: left promiscuous mode [ 151.248173][ T5785] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 151.257952][ T134] veth0_vlan: left promiscuous mode [ 151.711409][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 152.014084][ T5895] dm9601 4-1:0.0 (unnamed net_device) (uninitialized): MDIO read error: -71 [ 152.029951][ T5101] Bluetooth: hci2: command tx timeout [ 152.434153][ T134] team0 (unregistering): Port device team_slave_1 removed [ 152.485271][ T134] team0 (unregistering): Port device team_slave_0 removed [ 152.537983][ T134] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 152.656953][ T134] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 152.749903][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 153.323488][ T7123] ALSA: mixer_oss: invalid OSS volume '' [ 153.691913][ T7130] loop1: detected capacity change from 0 to 256 [ 153.700377][ T7130] exfat: Deprecated parameter 'utf8' [ 153.713566][ T134] bond0 (unregistering): Released all slaves [ 153.732026][ T7130] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xd9b3646f, utbl_chksum : 0xe619d30d) [ 153.789861][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 153.888443][ T7032] bridge0: port 1(bridge_slave_0) entered blocking state [ 153.920133][ T7032] bridge0: port 1(bridge_slave_0) entered disabled state [ 153.930230][ T7032] bridge_slave_0: entered allmulticast mode [ 153.937862][ T7032] bridge_slave_0: entered promiscuous mode [ 153.966853][ T7032] bridge0: port 2(bridge_slave_1) entered blocking state [ 154.000415][ T7032] bridge0: port 2(bridge_slave_1) entered disabled state [ 154.007701][ T7032] bridge_slave_1: entered allmulticast mode [ 154.041645][ T7032] bridge_slave_1: entered promiscuous mode [ 154.098307][ T5895] dm9601 4-1:0.0 eth5: register 'dm9601' at usb-dummy_hcd.3-1, Davicom DM96xx USB 10/100 Ethernet, 6e:00:00:00:00:00 [ 154.106409][ T7116] bridge0: port 3(macsec1) entered blocking state [ 154.118494][ T7116] bridge0: port 3(macsec1) entered disabled state [ 154.119499][ T5101] Bluetooth: hci2: command tx timeout [ 154.140101][ T5895] usb 4-1: USB disconnect, device number 8 [ 154.146703][ T7116] macsec1: entered allmulticast mode [ 154.147669][ T5895] dm9601 4-1:0.0 eth5: unregister 'dm9601' usb-dummy_hcd.3-1, Davicom DM96xx USB 10/100 Ethernet [ 154.166508][ T7116] macsec1: entered promiscuous mode [ 154.387049][ T7032] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 154.441564][ T7032] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 154.589612][ T7032] team0: Port device team_slave_0 added [ 154.641200][ T7032] team0: Port device team_slave_1 added [ 154.753904][ T7032] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 154.769793][ T7032] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 154.829891][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 154.837570][ T7032] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 154.875000][ T7032] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 154.901280][ T7032] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 154.990321][ T7032] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 155.210795][ T7032] hsr_slave_0: entered promiscuous mode [ 155.220523][ T7032] hsr_slave_1: entered promiscuous mode [ 155.240572][ T7032] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 155.261898][ T7032] Cannot create hsr debugfs directory [ 155.399925][ T5895] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 155.610507][ T5895] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 155.645432][ T5895] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 155.689911][ T5895] usb 1-1: New USB device found, idVendor=054c, idProduct=024b, bcdDevice= 0.00 [ 155.730046][ T5895] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 155.748594][ T7147] loop1: detected capacity change from 0 to 32768 [ 155.761408][ T5895] usb 1-1: config 0 descriptor?? [ 155.854528][ T7032] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 155.869882][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 155.870252][ T7147] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 155.903821][ T7032] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 155.966567][ T7032] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 156.021288][ T7032] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 156.191359][ T5101] Bluetooth: hci2: command tx timeout [ 156.198802][ T7152] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 156.210785][ T7152] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 156.233403][ T5895] sony 0003:054C:024B.000A: unknown main item tag 0x0 [ 156.284130][ T5895] sony 0003:054C:024B.000A: unexpected long global item [ 156.316734][ T5895] sony 0003:054C:024B.000A: parse failed [ 156.339911][ T5895] sony: probe of 0003:054C:024B.000A failed with error -22 [ 156.446578][ T7032] 8021q: adding VLAN 0 to HW filter on device bond0 [ 156.474243][ T5895] usb 1-1: USB disconnect, device number 5 [ 156.540050][ T7032] 8021q: adding VLAN 0 to HW filter on device team0 [ 156.594385][ T134] bridge0: port 1(bridge_slave_0) entered blocking state [ 156.601696][ T134] bridge0: port 1(bridge_slave_0) entered forwarding state [ 156.617376][ T134] bridge0: port 2(bridge_slave_1) entered blocking state [ 156.624625][ T134] bridge0: port 2(bridge_slave_1) entered forwarding state [ 156.625402][ T7139] syz.3.433 (7139): drop_caches: 2 [ 156.658819][ T5785] (syz-executor,5785,0):ocfs2_inode_is_valid_to_delete:872 ERROR: Skipping delete of system file 72 [ 156.687129][ T5785] ocfs2: Unmounting device (7,1) on (node local) [ 156.909901][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 157.011387][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 157.110144][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 157.121207][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 157.600880][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 157.653738][ T7197] loop1: detected capacity change from 0 to 64 [ 157.677091][ T7032] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 157.792016][ T7197] UBIFS error (pid: 7197): cannot open "./file0", error -22 [ 157.949926][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 158.310097][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 158.536758][ T7214] netlink: 'syz.0.445': attribute type 1 has an invalid length. [ 158.555467][ T7214] netlink: 224 bytes leftover after parsing attributes in process `syz.0.445'. [ 158.559634][ T7215] loop1: detected capacity change from 0 to 2048 [ 158.571497][ T7214] netlink: 'syz.0.445': attribute type 2 has an invalid length. [ 158.656419][ T7215] loop1: p1 < > p4 [ 158.690727][ T7215] loop1: p4 size 8388608 extends beyond EOD, truncated [ 158.937742][ T7032] veth0_vlan: entered promiscuous mode [ 158.989910][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 159.000197][ T7032] veth1_vlan: entered promiscuous mode [ 159.110175][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 159.150251][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 159.161545][ T7032] veth0_macvtap: entered promiscuous mode [ 159.214166][ T7032] veth1_macvtap: entered promiscuous mode [ 159.308815][ T7032] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 159.330057][ T6488] udevd[6488]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory [ 159.360650][ T7032] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 159.362346][ T6496] udevd[6496]: inotify_add_watch(7, /dev/loop1p4, 10) failed: No such file or directory [ 159.386894][ T7032] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 159.444733][ T7032] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 159.469915][ T7032] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 159.494735][ T7032] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 159.543241][ T7032] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 159.615164][ T7032] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 159.666659][ T7032] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 159.714559][ T7032] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 159.749073][ T7032] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 159.779912][ T7032] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 159.819802][ T7032] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 159.856511][ T7032] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 159.903726][ T7032] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 159.938927][ T7032] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 159.961007][ T7032] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 159.985201][ T7032] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 160.029956][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 160.281074][ T1131] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 160.309350][ T1131] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 160.416325][ T3433] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 160.428690][ T3433] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 161.069937][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 161.221459][ T7282] loop1: detected capacity change from 0 to 512 [ 161.245740][ T7282] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 161.366066][ T7282] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 161.400914][ T7282] ext4 filesystem being mounted at /123/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 161.705977][ T5785] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 162.109951][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 162.300131][ T8] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 162.504926][ T8] usb 2-1: Using ep0 maxpacket: 8 [ 162.528290][ T8] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 162.558187][ T8] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 162.585520][ T8] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 162.610080][ T8] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 162.660040][ T8] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 162.679062][ T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 162.744576][ T7327] loop4: detected capacity change from 0 to 256 [ 162.904648][ T7330] ip6tnl1: entered promiscuous mode [ 162.920614][ T7330] ip6tnl1: entered allmulticast mode [ 162.999594][ T8] usb 2-1: GET_CAPABILITIES returned 0 [ 163.022870][ T8] usbtmc 2-1:16.0: can't read capabilities [ 163.150030][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 163.283881][ T8] usb 2-1: USB disconnect, device number 7 [ 163.745544][ T7347] ================================================================== [ 163.753686][ T7347] BUG: KASAN: slab-use-after-free in __lock_acquire+0xff/0x7c80 [ 163.761375][ T7347] Read of size 8 at addr ffff88807a42e0e0 by task syz.3.485/7347 [ 163.769110][ T7347] [ 163.771461][ T7347] CPU: 1 PID: 7347 Comm: syz.3.485 Not tainted 6.6.99-syzkaller #0 [ 163.779475][ T7347] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 163.789569][ T7347] Call Trace: [ 163.792871][ T7347] [ 163.795912][ T7347] dump_stack_lvl+0x16c/0x230 [ 163.800617][ T7347] ? __lock_acquire+0x7c80/0x7c80 [ 163.805664][ T7347] ? show_regs_print_info+0x20/0x20 [ 163.810884][ T7347] ? load_image+0x3b0/0x3b0 [ 163.815433][ T7347] ? __virt_addr_valid+0x469/0x540 [ 163.820567][ T7347] print_report+0xac/0x200 [ 163.824998][ T7347] ? __lock_acquire+0xff/0x7c80 [ 163.829866][ T7347] kasan_report+0x117/0x150 [ 163.834396][ T7347] ? __lock_acquire+0xff/0x7c80 [ 163.839262][ T7347] __lock_acquire+0xff/0x7c80 [ 163.843955][ T7347] ? is_bpf_text_address+0x26/0x2a0 [ 163.849170][ T7347] ? arch_stack_walk+0x160/0x190 [ 163.854126][ T7347] ? verify_lock_unused+0x140/0x140 [ 163.859422][ T7347] ? stack_trace_save+0x9c/0xe0 [ 163.864293][ T7347] ? stack_trace_snprint+0xf0/0xf0 [ 163.869421][ T7347] ? __stack_depot_save+0x1f/0x630 [ 163.874545][ T7347] ? do_syscall_64+0x55/0xb0 [ 163.879148][ T7347] ? entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 163.885242][ T7347] lock_acquire+0x197/0x410 [ 163.889764][ T7347] ? super_lock+0x167/0x360 [ 163.894454][ T7347] ? __might_sleep+0xe0/0xe0 [ 163.899057][ T7347] ? __mutex_trylock_common+0x153/0x250 [ 163.904619][ T7347] ? read_lock_is_recursive+0x20/0x20 [ 163.910003][ T7347] ? trace_raw_output_contention_end+0xd0/0xd0 [ 163.916182][ T7347] down_read+0x46/0x2e0 [ 163.920355][ T7347] ? super_lock+0x167/0x360 [ 163.924884][ T7347] super_lock+0x167/0x360 [ 163.929232][ T7347] ? user_get_super+0x180/0x180 [ 163.934110][ T7347] ? mutex_lock_nested+0x20/0x20 [ 163.939113][ T7347] fs_bdev_sync+0xa4/0x170 [ 163.943549][ T7347] ? fs_bdev_mark_dead+0x1f0/0x1f0 [ 163.948667][ T7347] blkdev_common_ioctl+0x880/0x23d0 [ 163.953894][ T7347] ? tomoyo_path_number_perm+0x4dc/0x590 [ 163.959545][ T7347] ? blkdev_bszset+0x1f0/0x1f0 [ 163.964412][ T7347] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 163.969999][ T7347] blkdev_ioctl+0x4eb/0x6f0 [ 163.974525][ T7347] ? blkdev_compat_ptr_ioctl+0xd0/0xd0 [ 163.980001][ T7347] ? bpf_lsm_file_ioctl+0x9/0x10 [ 163.985043][ T7347] ? security_file_ioctl+0x80/0xa0 [ 163.990177][ T7347] ? blkdev_compat_ptr_ioctl+0xd0/0xd0 [ 163.995676][ T7347] __se_sys_ioctl+0xfd/0x170 [ 164.000307][ T7347] do_syscall_64+0x55/0xb0 [ 164.004768][ T7347] ? clear_bhb_loop+0x40/0x90 [ 164.009468][ T7347] ? clear_bhb_loop+0x40/0x90 [ 164.014160][ T7347] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 164.020081][ T7347] RIP: 0033:0x7f542078e9a9 [ 164.024522][ T7347] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 164.044153][ T7347] RSP: 002b:00007f542166b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 164.052586][ T7347] RAX: ffffffffffffffda RBX: 00007f54209b5fa0 RCX: 00007f542078e9a9 [ 164.060575][ T7347] RDX: 0000000000000000 RSI: 0000000000001261 RDI: 0000000000000004 [ 164.068555][ T7347] RBP: 00007f5420810d69 R08: 0000000000000000 R09: 0000000000000000 [ 164.076539][ T7347] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 164.084614][ T7347] R13: 0000000000000000 R14: 00007f54209b5fa0 R15: 00007ffc87be7f98 [ 164.092606][ T7347] [ 164.095638][ T7347] [ 164.097984][ T7347] Allocated by task 1131: [ 164.102332][ T7347] kasan_set_track+0x4e/0x70 [ 164.106938][ T7347] __kasan_kmalloc+0x8f/0xa0 [ 164.111538][ T7347] __kmalloc_node_track_caller+0xb2/0x230 [ 164.117290][ T7347] kmalloc_reserve+0x117/0x260 [ 164.122087][ T7347] __alloc_skb+0x138/0x2c0 [ 164.126538][ T7347] nsim_dev_trap_report_work+0x293/0xb00 [ 164.132201][ T7347] process_scheduled_works+0xa45/0x15b0 [ 164.137765][ T7347] worker_thread+0xa55/0xfc0 [ 164.142372][ T7347] kthread+0x2fa/0x390 [ 164.146463][ T7347] ret_from_fork+0x48/0x80 [ 164.150897][ T7347] ret_from_fork_asm+0x11/0x20 [ 164.155675][ T7347] [ 164.158000][ T7347] Freed by task 1131: [ 164.161989][ T7347] kasan_set_track+0x4e/0x70 [ 164.166593][ T7347] kasan_save_free_info+0x2e/0x50 [ 164.171630][ T7347] ____kasan_slab_free+0x126/0x1e0 [ 164.176756][ T7347] slab_free_freelist_hook+0x130/0x1b0 [ 164.182224][ T7347] __kmem_cache_free+0xba/0x1f0 [ 164.187113][ T7347] skb_release_data+0x634/0x800 [ 164.190007][ C0] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 164.191980][ T7347] consume_skb+0xb2/0x110 [ 164.203289][ T7347] nsim_dev_trap_report_work+0x76f/0xb00 [ 164.208940][ T7347] process_scheduled_works+0xa45/0x15b0 [ 164.214599][ T7347] worker_thread+0xa55/0xfc0 [ 164.219203][ T7347] kthread+0x2fa/0x390 [ 164.223299][ T7347] ret_from_fork+0x48/0x80 [ 164.227728][ T7347] ret_from_fork_asm+0x11/0x20 [ 164.232515][ T7347] [ 164.234854][ T7347] Last potentially related work creation: [ 164.240573][ T7347] kasan_save_stack+0x3e/0x60 [ 164.245267][ T7347] __kasan_record_aux_stack+0xaf/0xc0 [ 164.250743][ T7347] insert_work+0x3d/0x310 [ 164.255129][ T7347] __queue_work+0xc39/0x1020 [ 164.259735][ T7347] queue_work_on+0x121/0x1e0 [ 164.264341][ T7347] rcu_core+0xcc4/0x1720 [ 164.268694][ T7347] handle_softirqs+0x280/0x820 [ 164.273484][ T7347] run_ksoftirqd+0x9c/0xf0 [ 164.277948][ T7347] smpboot_thread_fn+0x635/0xa00 [ 164.282935][ T7347] kthread+0x2fa/0x390 [ 164.287055][ T7347] ret_from_fork+0x48/0x80 [ 164.291491][ T7347] ret_from_fork_asm+0x11/0x20 [ 164.296307][ T7347] [ 164.298656][ T7347] Second to last potentially related work creation: [ 164.305249][ T7347] kasan_save_stack+0x3e/0x60 [ 164.309977][ T7347] __kasan_record_aux_stack+0xaf/0xc0 [ 164.315375][ T7347] call_rcu+0x158/0x930 [ 164.319547][ T7347] deactivate_locked_super+0xd3/0x100 [ 164.324942][ T7347] cleanup_mnt+0x429/0x4c0 [ 164.329375][ T7347] task_work_run+0x1ce/0x250 [ 164.333999][ T7347] exit_to_user_mode_loop+0xe6/0x110 [ 164.339323][ T7347] exit_to_user_mode_prepare+0xb1/0x140 [ 164.344905][ T7347] syscall_exit_to_user_mode+0x1a/0x50 [ 164.350400][ T7347] do_syscall_64+0x61/0xb0 [ 164.354876][ T7347] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 164.360830][ T7347] [ 164.363254][ T7347] The buggy address belongs to the object at ffff88807a42e000 [ 164.363254][ T7347] which belongs to the cache kmalloc-4k of size 4096 [ 164.377354][ T7347] The buggy address is located 224 bytes inside of [ 164.377354][ T7347] freed 4096-byte region [ffff88807a42e000, ffff88807a42f000) [ 164.391530][ T7347] [ 164.394038][ T7347] The buggy address belongs to the physical page: [ 164.400460][ T7347] page:ffffea0001e90a00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7a428 [ 164.410620][ T7347] head:ffffea0001e90a00 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 164.419655][ T7347] flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 164.427663][ T7347] page_type: 0xffffffff() [ 164.432006][ T7347] raw: 00fff00000000840 ffff888017842140 ffffea0001788c00 dead000000000002 [ 164.440635][ T7347] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000 [ 164.449332][ T7347] page dumped because: kasan: bad access detected [ 164.455798][ T7347] page_owner tracks the page as allocated [ 164.461518][ T7347] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5506, tgid 5506 (dhcpcd-run-hook), ts 54924599571, free_ts 54847221477 [ 164.482372][ T7347] post_alloc_hook+0x1cd/0x210 [ 164.487188][ T7347] get_page_from_freelist+0x195c/0x19f0 [ 164.492846][ T7347] __alloc_pages+0x1e3/0x460 [ 164.497591][ T7347] alloc_slab_page+0x5d/0x170 [ 164.502340][ T7347] new_slab+0x87/0x2e0 [ 164.506435][ T7347] ___slab_alloc+0xc6d/0x12f0 [ 164.511166][ T7347] __kmem_cache_alloc_node+0x1a2/0x260 [ 164.516647][ T7347] __kmalloc+0xa4/0x240 [ 164.520826][ T7347] tomoyo_realpath_from_path+0xe3/0x5d0 [ 164.526416][ T7347] tomoyo_check_open_permission+0x1c3/0x3c0 [ 164.532345][ T7347] security_file_open+0x62/0xa0 [ 164.537217][ T7347] do_dentry_open+0x380/0x1500 [ 164.542020][ T7347] path_openat+0x274b/0x3190 [ 164.546637][ T7347] do_filp_open+0x1c5/0x3d0 [ 164.551164][ T7347] do_sys_openat2+0x12c/0x1c0 [ 164.555859][ T7347] __x64_sys_openat+0x139/0x160 [ 164.560723][ T7347] page last free stack trace: [ 164.565399][ T7347] free_unref_page_prepare+0x7ce/0x8e0 [ 164.570879][ T7347] free_unref_page+0x32/0x2e0 [ 164.575574][ T7347] __slab_free+0x35e/0x410 [ 164.580009][ T7347] qlist_free_all+0x75/0xe0 [ 164.584532][ T7347] kasan_quarantine_reduce+0x143/0x160 [ 164.590012][ T7347] __kasan_slab_alloc+0x22/0x80 [ 164.594895][ T7347] slab_post_alloc_hook+0x6e/0x4d0 [ 164.600030][ T7347] __kmem_cache_alloc_node+0x13e/0x260 [ 164.605509][ T7347] __kmalloc+0xa4/0x240 [ 164.609679][ T7347] load_elf_binary+0x2cd/0x2700 [ 164.614565][ T7347] bprm_execve+0xaeb/0x16f0 [ 164.619173][ T7347] do_execveat_common+0x51b/0x6c0 [ 164.624217][ T7347] __x64_sys_execve+0x92/0xa0 [ 164.628916][ T7347] do_syscall_64+0x55/0xb0 [ 164.633355][ T7347] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 164.639265][ T7347] [ 164.641597][ T7347] Memory state around the buggy address: [ 164.647356][ T7347] ffff88807a42df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 164.655465][ T7347] ffff88807a42e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 164.663540][ T7347] >ffff88807a42e080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 164.671614][ T7347] ^ [ 164.678816][ T7347] ffff88807a42e100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 164.686898][ T7347] ffff88807a42e180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 164.694968][ T7347] ================================================================== [ 164.703068][ T7347] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 164.710440][ T7347] CPU: 1 PID: 7347 Comm: syz.3.485 Not tainted 6.6.99-syzkaller #0 [ 164.718340][ T7347] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 164.728930][ T7347] Call Trace: [ 164.732238][ T7347] [ 164.735186][ T7347] dump_stack_lvl+0x16c/0x230 [ 164.739921][ T7347] ? show_regs_print_info+0x20/0x20 [ 164.745205][ T7347] ? load_image+0x3b0/0x3b0 [ 164.750027][ T7347] panic+0x2c0/0x710 [ 164.753974][ T7347] ? bpf_jit_dump+0xd0/0xd0 [ 164.758523][ T7347] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 164.764466][ T7347] ? _raw_spin_unlock+0x40/0x40 [ 164.769358][ T7347] ? print_memory_metadata+0x314/0x400 [ 164.774856][ T7347] ? __lock_acquire+0xff/0x7c80 [ 164.779753][ T7347] check_panic_on_warn+0x84/0xa0 [ 164.784734][ T7347] ? __lock_acquire+0xff/0x7c80 [ 164.789724][ T7347] end_report+0x6f/0x140 [ 164.794024][ T7347] kasan_report+0x128/0x150 [ 164.798553][ T7347] ? __lock_acquire+0xff/0x7c80 [ 164.803437][ T7347] __lock_acquire+0xff/0x7c80 [ 164.808151][ T7347] ? is_bpf_text_address+0x26/0x2a0 [ 164.813379][ T7347] ? arch_stack_walk+0x160/0x190 [ 164.818334][ T7347] ? verify_lock_unused+0x140/0x140 [ 164.823556][ T7347] ? stack_trace_save+0x9c/0xe0 [ 164.828431][ T7347] ? stack_trace_snprint+0xf0/0xf0 [ 164.833563][ T7347] ? __stack_depot_save+0x1f/0x630 [ 164.838686][ T7347] ? do_syscall_64+0x55/0xb0 [ 164.843334][ T7347] ? entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 164.849447][ T7347] lock_acquire+0x197/0x410 [ 164.854070][ T7347] ? super_lock+0x167/0x360 [ 164.858805][ T7347] ? __might_sleep+0xe0/0xe0 [ 164.863505][ T7347] ? __mutex_trylock_common+0x153/0x250 [ 164.869166][ T7347] ? read_lock_is_recursive+0x20/0x20 [ 164.874570][ T7347] ? trace_raw_output_contention_end+0xd0/0xd0 [ 164.880754][ T7347] down_read+0x46/0x2e0 [ 164.884928][ T7347] ? super_lock+0x167/0x360 [ 164.889555][ T7347] super_lock+0x167/0x360 [ 164.893923][ T7347] ? user_get_super+0x180/0x180 [ 164.898788][ T7347] ? mutex_lock_nested+0x20/0x20 [ 164.903760][ T7347] fs_bdev_sync+0xa4/0x170 [ 164.908187][ T7347] ? fs_bdev_mark_dead+0x1f0/0x1f0 [ 164.913331][ T7347] blkdev_common_ioctl+0x880/0x23d0 [ 164.918552][ T7347] ? tomoyo_path_number_perm+0x4dc/0x590 [ 164.924240][ T7347] ? blkdev_bszset+0x1f0/0x1f0 [ 164.929056][ T7347] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 164.934736][ T7347] blkdev_ioctl+0x4eb/0x6f0 [ 164.939257][ T7347] ? blkdev_compat_ptr_ioctl+0xd0/0xd0 [ 164.944783][ T7347] ? bpf_lsm_file_ioctl+0x9/0x10 [ 164.949737][ T7347] ? security_file_ioctl+0x80/0xa0 [ 164.954882][ T7347] ? blkdev_compat_ptr_ioctl+0xd0/0xd0 [ 164.960410][ T7347] __se_sys_ioctl+0xfd/0x170 [ 164.965314][ T7347] do_syscall_64+0x55/0xb0 [ 164.969808][ T7347] ? clear_bhb_loop+0x40/0x90 [ 164.974533][ T7347] ? clear_bhb_loop+0x40/0x90 [ 164.979235][ T7347] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 164.985164][ T7347] RIP: 0033:0x7f542078e9a9 [ 164.989597][ T7347] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 165.009312][ T7347] RSP: 002b:00007f542166b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 165.017744][ T7347] RAX: ffffffffffffffda RBX: 00007f54209b5fa0 RCX: 00007f542078e9a9 [ 165.025728][ T7347] RDX: 0000000000000000 RSI: 0000000000001261 RDI: 0000000000000004 [ 165.033709][ T7347] RBP: 00007f5420810d69 R08: 0000000000000000 R09: 0000000000000000 [ 165.041880][ T7347] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 165.049949][ T7347] R13: 0000000000000000 R14: 00007f54209b5fa0 R15: 00007ffc87be7f98 [ 165.057959][ T7347] [ 165.061380][ T7347] Kernel Offset: disabled [ 165.065719][ T7347] Rebooting in 86400 seconds..