last executing test programs: 3.399059711s ago: executing program 4 (id=601): syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000000)=ANY=[], 0x1, 0x357, &(0x7f0000000180)="$eJzs3c9rI2UYwPEnaTa/lm1yEEVB+qAXvQxt9KwG2QUx4NLdiLuCMLudaMiYlJlQiYitJ6/izX9AcNljbwX1H+jFW7148dZLQdAi4shMZtr8mCRNmpLWfj9Q8kze95mZNzOE5w3M28MPvvm0UXONmtmWZFYlISJyLFKUpEQS4WsyiNPSa0devfnHwYv3Hjx8t1yp3F5XvVO+/1pJVZdXfvzsi1zYbS8j+8WPDo9Kv+8/u//84b/3P6m7Wne12WqrqY9av7XNR7alG3W3YajetS3TtbTedC2n297qttfs1uZmR83mxq38pmO5rprNjjasjrZb2nY6an5s1ptqGIbeysv1kh3Y9hKTc6pP1tfN8owHfDxjHubtb8/zxjQ7TtlcEjFyQy3VJxd6XgAA4FIaqP+/i2qEoiRPCspE31xguP6P4qD+96vO0/r/6Us/t2++v7sc1v976bj6//Vfu/l99b9/9LnX/z8MbA9XRFfe9jSdz1X/43JYSQ+91T/18+v/fDh/D3z14dPVIKD+BwAAAAAAAAAAAAAAAAAAAADgKjj2vILneYXoNfo7fYQg3I62xj1ojCtn1PXPhCsKnNwP+F+69+ChZIMH91LLIvbXW9Wtavc1bI86rkpB/gnuh1B3wYmdoFF9RfnJ3g7zt7eqS0FLWUTFFkvWpCDFvvwgvvNO5faadvXnJ1J5P78m9SC/JAV5Jj6/FJufllde7sk3pCC/PJaW2LIRfo9F+V+uqb79XmUgPxf0i/PmxV8WAAAAAADmylDNhtPn2Pm7YajGtftzeemdnw//PnAyv16NnZ+nCi+kFjt2AAAAAACuCzf9ecO0bctxOyODnEzqkwn3Nn4/8UFqms5+cBAEN8b1WeoZ4Vn3nA7/g8YUJy/TjdS07T8zEvthRku49jVlz/GpmnY0/jN0zk57CRw3Of3YLcdd8c9HZxpOTxD9bDSqj9yddc+jgmjl3Emdn/v2+79mO0QiXLW3t+mN3eyEkQZBYuCdnQk37ZHnTTyfGxf5nQMAAABgMaKiP+dG77y12BMCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAamusyaSOCRY8RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuCz+CwAA//+9m/li") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_aout(r0, &(0x7f00000002c0)=ANY=[], 0xc1) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3000005, 0x13, r0, 0x0) socket$inet_dccp(0x2, 0x6, 0x0) getsockopt$inet_int(0xffffffffffffffff, 0x10d, 0xe3, 0x0, &(0x7f00000000c0)) 3.259754097s ago: executing program 4 (id=604): syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f0000000040)='./bus\x00', 0x1208002, &(0x7f0000000100)={[{@grpquota}, {@delalloc}, {@resuid}, {@debug}, {@dioread_nolock}, {}, {@nomblk_io_submit}, {@noauto_da_alloc}]}, 0x1, 0x5d8, &(0x7f00000005c0)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=") bind$inet(0xffffffffffffffff, &(0x7f0000000800)={0x2, 0x0, @dev}, 0x10) setsockopt$inet_udp_int(0xffffffffffffffff, 0x11, 0x67, &(0x7f0000000000)=0x507, 0x4) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000600)=[{{&(0x7f0000000c00)={0x2, 0x4e20, @multicast1}, 0x10, 0x0}}], 0x1, 0x2000c044) r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x7800007, 0x12, r0, 0x0) r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ftruncate(r1, 0x81fd) sendto$inet(0xffffffffffffffff, &(0x7f00000000c0)="8689d46205a34100bf2bbe11a5ce7839edaf02afe39ead95913e9c4f8cf31440006769ebdf12cfacae8e8c03f5db079da7d9ecda75e2a7d49d5cbcb370c4d789390a328ba42c9c60cf2154d1b659aa709e8980a522cfb72f23ad87fb7019706ccae98cfe7c4fd23e8297b8cabc46ede1ac3da78f1b488c6357e7edfcd417df6660af20a54ecdcb02f689ae15ee655d4b7b1ea733e88ee9f53669388dff487c1c49953f3bc142112bd4b582b29b35d43962ed245c2cd5d5df40a3e0ed6beaf3b641e84b0f0dfa121a9efe05269f9f4a0e9bcbf43c7a90a711f453668c730c3badedca687b71a9c27bab9e724cc4a4918713031596ea6fd01124f973f257ccd9665aee7df4a9d64f079d176abc00000000d7af3e2dd4396f72373fb0a787a6129ca41181f5087fb843212550b58e3707d5a0399de36c2503836cbe2133de4f574e9e05c96788b0de1bd13e390445433d96737b964fa8af2ac4b2f0f9390ca93d8d3d810044d024359e067c4553230ab748947d33f8fc115ce9a49e6571c45a05d786cbd49342c236537dbbeec666b07baab917252113a5b9a77283189b518f356debe42d80cf2d0687b9c64d0253a6a09286fded6e4f8557b8fb4f25ca4fb138af8945c74bbc98748eaaa030be5317646f195e6e085ac6ddb29542e3581961259987241f7e7061526a7afec8962e74215fea43703a4e543ee9d1a3c3f5f2a41977ece8fdadcf89ce331ce59bebae5f53513d0e10485d7ddbda60513bf339602510b3a23ea29a0d5d03a61e34d12942ea4a847c884b27b5344a456d02a55f8929cc567e7c792c01fab7a7b32780a14c361000609b817dd91507b04d875279527946fdb8fb92a512485e234d092c28f1d0a0498731ccc0eb10515d510e8945839307b46512ceca6f495fdd2c6ae5eb2ef3b2a40ebdc7edf0048e3fb5e3d97a9ea5113a6b70d20ad5c43f0df95d88c0f121a1884da21a21f0ba47420f8391a97921cc51871dbb272e43710fe71d5e342c3afd10608a8b02f00e8fbd8d570b6faace86c494ecea8913233391e7b7cec3d571bb3032181ed58e1b513e511f79ee562c8cde9b3b74c2e95dcde7fadb5a666bdc0c1684794620ce8cf0c0aee8e90b3ef6e7160d3f055cb4d1ced32e4edc15e7d102952d3237e6c02c591a95a182bf190c0124abc7f1225332ff1c5e1b94e4e9bf02c1a18bd7bfce20707f7298da322560bc1a4cf298d46f5bf8ff41da21e25aa17f65f9ee43ca890b5ef6a3ccf3efedf3ca60a9acef1352ad0c43e6cf375108cf0974ce89a99adba7e6a3f8949dc573440fafe0e3abdd0066057a2d868e8386080f18a421568d8e7a89536a4173861bd55245c8fcf7dcba18edce36d2e85b9630fbc218db9ebd16abb11ac06fdbf2bc3e6394d4c6e7ae71813d30772d487743a2856348fee09989ce03331e7848770fc91e62191c20fe5f4a73c5dae467dd612bdb63b1e50921d38271305d7412103d5a6214d6d534d1d530b9169f882b6926bbd338f0282a8bd9a44603934e5249e83f1d0947b39f82a7843d2b6f796d8abf7ff3e66cfd4519324d71cebbf6580dffc10d555e479e9acaa12c3c59e3732c181aa4223d0fcdac514e9d7c7963c2634964520286b028f60a4ae612b8e6049315139e884cbffd6836253094ad023329183496cf663366ad4d7f7f5f1bd2db9b0d33f106c041fba4494c7da404d45d8955e5459ca4a62862721ec1fa534fd95e262c5814426816e60000000000000000001aa4fb6f40ec24f42f6949cc28d2a0d4eb61cb1664627582d962523586539445b81e9759321652280ecb", 0xffe3, 0x0, 0x0, 0x0) 3.14895147s ago: executing program 1 (id=606): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x8, 0x3, &(0x7f0000001200)=ANY=[@ANYBLOB="850000006100000054000000000000009500000000000000ef0285b72eae795b11ad261777db75186baf0b2792ade1f10772662181fe046096c5df696334e2d8363970c8c3b029c88880576b08935b03795560230500ef286f21c974d520c247fd200851f90b2dd5e5f6b23909a23ee27007dae2a0fdf92809a931196df3be84781f7ecafa0a4bcf7e01a23999fdfb4b490f6cfe5edf3850576acb265f2ee288a85dfe7c79e969b738dbc61171dfd8f5e33fbf1ee05bc5bdeb164dc2458455e3ba438c9109dd001ad93df3fc235bed50ffce5ea79cfc8cf7d53a031691362ba21394bd614ec41f636ec0e299e370f5631acfab5a6519a36f963679457241bc05a307f8be0c828a43ed21ecdd1ee2b9b7ae315e5b515c71c39bf4b45f5e3f7cd3f6404fc93cf55949f0c3a7b87f86120153725784e98975c7617ffc7e8cc497f437853d9c04b195fa52848dd1555796b3cdf2527d7929631cca05e27c28566d2c47699bc6c3f5f76680c1db20c3089a3bdc5b44d224a0b3c2ca8087486aead1d034d94d32ad677b28b10ed58f8de2d5a8d25c7cae49ba35be16888ea8da622daf5f0f02d9c08752113ab1ec2bde50940e9bf33f91a6c5056aabc04eedfeb6535540e5c027ff4df6589cb47171bfbb564a2350564f4bdbcf4e048f2b34570d5ef2bb7939256325574c3bf96f022efde18e9274d5d40af19b0afe0c774b56ff010000bf8be42828b4cb3d6cf6930f5c4c71563e4eb0d341dc742bdb802b498fef8490b52ad16e131d8e3142ef3ffba81085ce4a028c7af46774b391e2124fcd93ff05c21ad0da384ff0017957481ee790b301e3e817c3b651bb99090189eed2862f89e6b5ca8e62a5f5ff0dc6ed83392fd551d0eedc491b3df83509d2fa1023eb77b8a13de09e22a7f19088bcbd8f47ad5a964ab6bbb94784d31b397229ae3fb66ffe0e9913d32301c844e58f000094f5766dc1ca5e8cfee332a28809591c14098f71a7bdcb88186bcd36a2ecce33a3048f6f97e14dac56e84a1fdfdee2bcd21132632905c060b3aca1d4446f456e2088e7257d575e8465d7ed767e415a616d1458a32e904a1ffaf090c2884d4a56958ab143cdb95b6c39e04010b888bd95b09d50d7e6c5c084aa8cdc21890b8ff3072ca215dde339bef126b07eb835d28f977ab43670412afe8361b60bf361aa4d351214801c57dad50ad6179a7507011e3060badbe396b3fb928c7e8b"], &(0x7f0000281ffc)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x185}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x81, 0x1a0ffffffff, &(0x7f0000000200)="5c71f905cac413551b2ac06c0800", 0x0, 0x4000}, 0x28) 2.983518747s ago: executing program 0 (id=609): openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) dup(r0) r1 = epoll_create1(0x0) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) openat$vim2m(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x0) r2 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r2, 0x40045532, &(0x7f0000000100)) r3 = openat$audio(0xffffffffffffff9c, &(0x7f00000000c0), 0x88602, 0x0) ioctl$SNDCTL_DSP_GETODELAY(r3, 0x80045017, 0x0) r4 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65) write$snddsp(r4, &(0x7f0000000200), 0x0) pselect6(0x40, &(0x7f0000000100), 0x0, &(0x7f00000000c0)={0x3ff2}, 0x0, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) 2.939702362s ago: executing program 4 (id=610): r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0xdc, 0x3f, 0x6e, 0x40, 0x813, 0x1, 0x3a08, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x9d, 0x26, 0x9b}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f00000008c0)={0x44, &(0x7f00000002c0), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000240)={0x24, &(0x7f0000000480)={0x0, 0x0, 0x2, "0176"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 2.813610083s ago: executing program 1 (id=612): syz_mount_image$ext4(&(0x7f00000002c0)='ext4\x00', &(0x7f0000000300)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x10, &(0x7f0000000680), 0xfe, 0x244, &(0x7f0000000400)="$eJzs3T9oJFUcB/DvzO565m6RUxtB/AMiooFwdoJNbBQCEoKIoEJExEZJhJhgl1jZWGitksomiJ3RUtIEG0WwipoiNoIGC4OFFiu7k0hMVqNu3Dkynw9MZibz3vzesPN9u83sBmisq0mmk7SSTCbpJCmON7i7Wq4e7q5PbM8nvd4TPxWDdtV+5ajflSRrSR5KslUWeamdrGw+s/fLzmP3vbncuff9zacnxnqRh/b3dh8/eG/2jY9mHlz54qsfZotMp/un6zp/xZD/tYvklv+j2HWiaNc9Av6Judc+/Lqf+1uT3DPIfydlqhfvraUbtjp54N2/6vv2j1/ePs6xAuev1+v03wPXekDjlEm6KcqpJNV2WU5NVZ/hv2ldLl9eXHp18sXF5YUX6p6pgPPSTXYf/eTSx1dO5P/7VpV/4OLq5//JuY1v+9sHrbpHA4zFHdWqn//J51bvj/xD48g/NJf8Q3PJPzSX/ENzyT80l/zDBdb5+8PyD80l/9Bc8g/NdTz/AECz9C7V/QQyUJe65x8AAAAAAAAAAAAAAAAAAOC09Ynt+aNlXDU/eyfZfyRJe1j91uD3iJMbB38v/1z0m/2hqLqN5Nm7RjzBiD6o+enrm76rt/7nd9Zbf3UhWXs9ybV2+/T9Vxzef//dzWcc7zw/YoF/qTix//BT461/0m8b9daf2Uk+7c8/14bNP2VuG6yHzz/ds79i+Uyv/DriCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABib3wMAAP//+kBtTA==") mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0) openat$nullb(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f00000000c0), 0xfea7) ioctl$FS_IOC_RESVSP(r1, 0x40305839, &(0x7f0000000000)={0x0, 0x0, 0xefff, 0xfa64}) ioctl$BTRFS_IOC_SEND(0xffffffffffffffff, 0xc0c89425, 0x0) 2.423781058s ago: executing program 3 (id=617): r0 = socket$inet6(0xa, 0x800, 0x10) ioctl$VIDIOC_S_EXT_CTRLS(0xffffffffffffffff, 0xc0205648, &(0x7f0000000180)={0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000140)={0x0, 0x0, '\x00', @ptr=0x2}}) r1 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000002e80), 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r1, 0xc100565c, &(0x7f0000000080)={0x0, 0x9c7, 0x4, {0xa, @sliced={0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}}}) r2 = socket$kcm(0x10, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x20, 0x4, &(0x7f0000000140)=ANY=[@ANYBLOB="18000000010000000000000000000000791204000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000200)="1c0000001d008104e00f80ecdb4cb9f207c804a01000000088080efb", 0x1c}], 0x1, 0x0, 0x0, 0x5865}, 0x0) r3 = epoll_create(0x208000) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r1, &(0x7f0000000580)={0xd}) connect$inet6(r0, &(0x7f0000000340)={0xa, 0x0, 0x0, @loopback}, 0x1c) ioprio_set$pid(0x3, 0x0, 0x0) r4 = open(&(0x7f0000000040)='./cgroup.cpu/cpuset.cpus\x00', 0x0, 0x0) r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000280), r4) sendmsg$ETHTOOL_MSG_DEBUG_GET(r4, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="8c000000", @ANYRES16=r5, @ANYBLOB="04002bbd7000fcdbdf2507000000600001801400020076657468315f6d616376746170000000080003000100000008000300030000001400020076657468305f746f5f687372000000001400020008000300000003e69866f73ca33a0d45f24e3793000008000300020000001800018014000200706900"/134], 0x8c}, 0x1, 0x0, 0x0, 0x400c890}, 0x4000000) acct(&(0x7f0000000040)='\xe9\x1fq\x89Y\x1e\x923aK\x00') acct(0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000100)=0x4120, 0x4) r6 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r6, &(0x7f0000000440)={0x28, 0x0, 0x0, @local}, 0x10) listen(r6, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) r7 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r8}, 0x10) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, 0x0, 0x0) clock_gettime(0x0, &(0x7f0000000040)) ppoll(&(0x7f0000000180)=[{r7}, {r6}], 0x2, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) 2.386871576s ago: executing program 1 (id=618): r0 = gettid() sigaltstack(&(0x7f0000000080)={0x0, 0x80000002}, 0x0) rt_sigqueueinfo(r0, 0x21, &(0x7f0000000000)) 2.268963765s ago: executing program 0 (id=619): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000340)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_DEL_KEY(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)={0x20, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_KEY={0x4}]}, 0x20}}, 0x0) 2.175824363s ago: executing program 1 (id=621): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWSET={0x28, 0x9, 0xa, 0x0, 0x0, 0x0, {}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x10}}, 0x50}}, 0x0) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x2c, 0x4, 0x0, 0x2, 0xb0, 0x67, 0x0, 0x0, 0x0, 0x0, @broadcast, @remote, {[@timestamp={0x44, 0x18, 0x0, 0x0, 0x9, [0x401, 0x5, 0x0, 0x5, 0x4]}, @timestamp_prespec={0x44, 0x44, 0xc0, 0x3, 0x1, [{@private=0xa010102}, {@multicast1}, {@remote, 0x8000}, {@dev={0xac, 0x14, 0x14, 0x32}, 0x65c}, {@broadcast}, {@empty}, {@multicast1, 0xffd200}, {@private=0xa010100, 0x7}]}, @timestamp_prespec={0x44, 0x3c, 0x0, 0x3, 0x8, [{@dev={0xac, 0x14, 0x14, 0xf}}, {@remote}, {@multicast2, 0x7}, {@private=0xa010100}, {@rand_addr=0x64010101}, {@broadcast, 0x52b1}, {@multicast2}]}, @noop, @noop, @noop, @end]}}}}}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000240), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r2, 0x0) r3 = dup(r1) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000}) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_RUN(r4, 0xae80, 0x0) syz_usb_connect(0x0, 0xae, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0xca, 0x1b, 0xae, 0x10, 0x1f4d, 0x3100, 0x90a2, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x9c, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x62, 0xf3, 0x2, 0x0, [], [{{0x9, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [@generic={0x81, 0x0, "ce02d9d8c5e4de9509c71f8a6fe7bb3fb019a63eb33461e149b853b771865e56c2962a5f624b7f4b419defeeb9c48c14581c11be89f4b0a3336926d5f9bbc73ec8c2eece54d2f61a3b485b29d0656e49c8857e738a9e9391468c80a532f93911ad04d4e3988fdea848a1bf84a539971748b11cb6aee42e51215b2e7b38406f"}]}}]}}]}}]}}, 0x0) 2.090150309s ago: executing program 0 (id=622): close(0xffffffffffffffff) openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x1c, &(0x7f0000000140)=[@in6={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}, 0x3}]}, 0x0) unshare(0x4040600) poll(&(0x7f0000000100)=[{}], 0xe9, 0x0) 1.929978308s ago: executing program 0 (id=623): socket$nl_route(0x10, 0x3, 0x0) futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$6lowpan_control(0xffffff9c, &(0x7f0000000040), 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$6lowpan_control(r0, &(0x7f0000000440)='connect aa:aa:aa:aa:aa:10 2', 0x1b) socket$packet(0x11, 0x0, 0x300) socket$nl_route(0x10, 0x3, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$binfmt_script(r1, 0x0, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x12, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, 0x0, 0x0) 1.763816546s ago: executing program 0 (id=624): r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x0) bind$ax25(r0, &(0x7f0000000100)={{0x3, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x1}, [@null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null]}, 0x48) connect$ax25(r0, &(0x7f0000000000)={{0x3, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default]}, 0x48) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000400)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(0xffffffffffffffff, &(0x7f0000003700)={0x0, 0x7000004, &(0x7f0000000080)={&(0x7f0000000440)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000008100000008000300", @ANYRES32=r2, @ANYBLOB="0a000600080211000001000006006600c78800001c0033"], 0x4c}}, 0x0) syz_usb_connect$cdc_ecm(0x2, 0x56, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x10, 0x525, 0xa4a1, 0x40, 0x0, 0x0, 0xffffffffffff8001, 0x1, [{{0x9, 0x2, 0x44, 0x1, 0x1, 0x0, 0x0, 0xb, [{{0x9, 0x4, 0x0, 0x0, 0x16, 0x2, 0x2, 0x0, 0x0, {{0x5}, {0x5}, {0xd}}, {[{{0x9, 0x5, 0x81, 0x3, 0x40}}], {{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x240}}}}}]}}]}}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) ioctl$EXT4_IOC_MIGRATE(0xffffffffffffffff, 0x6609) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000480)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) r3 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) mknodat$loop(r3, &(0x7f0000001600)='./file1\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./bus\x00') linkat(r3, &(0x7f0000000380)='./file1\x00', r3, &(0x7f0000000200)='./file0\x00', 0x0) syz_usb_connect(0x0, 0x2d, &(0x7f0000000240)=ANY=[@ANYBLOB="120100009c003110c21542002f850102030109021b00010000400009045a00007874be000a2401000000020102"], 0x0) open(&(0x7f00000001c0)='./file2\x00', 0x24d40, 0x0) unlink(&(0x7f0000000280)='./file1\x00') 1.5140514s ago: executing program 3 (id=625): syz_mount_image$ext4(&(0x7f00000000c0)='ext2\x00', &(0x7f0000000100)='./file0\x00', 0x2000000, &(0x7f0000000180), 0x1, 0x520, &(0x7f00000010c0)="$eJzs3d1rLGcZAPBnNtmer+iu2otaaHuwlZyiZzdpbBu8aCuIdwWl3h9Dsgkhm2zIbupJKJqD9woi2tteeSMI3grS/0BRCnovKkrRUwV7oY7M7OTkZLub5JD9oMnvB2/mnZmdeZ53kn3n85wJ4NK6GRGvRcRURDwfEZVieqkocdAt2ec+uP/WclaSSNM3/p5EUkzLPpYUJXOjWOxqd5D7d3o8bntvf2Op2WzsFOP1zuZ2vb23f3t9c2mtsdbYWliYf2nx5cUXF+eG0s6sXa989S8//sFPv/bKr7747T/e+dut72T5zhTzD9sxbN1tUs62xQPTEbEzimATMFW0pzzpRAAAOJPsGP/TEfG5/Pi/ElP50dzZJCPNDAAAABiW9NWZ+E8SkQIAAAAXVil/BjYp1YpnAWaiVKrVus/wPh7XS81Wu/OF1dbu1kr3WdlqlEur683GXPFMbTXKSTY+n9ePxl94MJ4cPHy94UeVa/n82nKruTK5yx4AAABwqdzoOf//V6V7/n+Ce2NLDgAAABie6lE1rUwyEQAAAGBkqh+Z8s5E8gAAAABG56Pn/wAAAMAF8vXXX89Kmr//uhqx8ube7kbrzdsrjfZGbXN3ubbc2tmurbVaa830SsTmaetrtlrbX4qt3bv1TqPdqbf39u9stna3OnfWj70CGwAAABijTz3z7h+SiDj48rW8ZB7LfkwNWMCzAnBhlB7lw38eXR7A+A3azQMX3/SkEwAmptwdJJPOA5ic0zqAgQ/v/Gb4uQAAAKMx+9n+9/+nj64NABfUI93/By4U9//h8nL/Hy6vsiMAuPRGf/8/TU9dFwAAMFIzeUlKteJe4EyUPky7ohrlZHW92ZiLiE9GxO8r5SvZ+Hy+ZOIfDQAAAAAAAAAAAAAAAAAAAAAAAADAGaVpEikAAABwoUWU/poU7/+arTw303t94LHkw0o+zN8O8MZP7i51Ojvz2fR/FNMjOm8X0194lCsP3jwOAAAAo3J4nn54Hg8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAw/TB/beWD8vxOaWRxn3/KxFR7Rd/Oq7mw6tRjojr/0xi+nChZyKSiJgaQvyDexHxRL/4SZZWVIssjsUvtsq1PIuRx38qTdPv9ot/49zR4XJ7N+t/Xuv3/SvFzXzY//s/XZTzGtz/lR70f1N94mc9zyfOsP4rEfHkez+vD54b8eR0//7nMH4yIP6z/VbZZ6N865v7+4PyS9+JmD3a/3z/eISjWr2zuV1v7+3fXt9cWmusNbYWFuZfWnx58cXFufrqerNR/Owb44dP/fJ/g+K/fy/iet/9X7f/faj9S73tfy6rlAet+ch/37t7/zN5rZL2rCKPf+vZ/r//J47HP7Zps7+Jzxf7gWz+7GH9oFt/2NM/++3TJ7V/ZUD7T/v93+pZ16D98fPf+N6fTtxAAMBYtff2N5aazcbOyCtvp2k6plj5gci42nXuyuMfn1Tbe7/4Xbfyau+smye0Ir0y7j82lXNXenuKX4+/cwIAAIbq6KB/0pkAAAAAAAAAAAAAAAAAAADA5TWO/06sN+bBZJoKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHCi/wcAAP//rgHbtw==") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0) write$binfmt_script(r0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x60001c, 0x9) 1.137776495s ago: executing program 3 (id=626): r0 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0) fcntl$setlease(r0, 0x400, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x0, &(0x7f0000000040)}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0) truncate(&(0x7f0000000040)='./file0\x00', 0x0) fcntl$setlease(r0, 0x400, 0x2) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r3, 0x0) 792.086564ms ago: executing program 3 (id=627): syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000000)=ANY=[], 0x1, 0x357, &(0x7f0000000180)="$eJzs3c9rI2UYwPEnaTa/lm1yEEVB+qAXvQxt9KwG2QUx4NLdiLuCMLudaMiYlJlQiYitJ6/izX9AcNljbwX1H+jFW7148dZLQdAi4shMZtr8mCRNmpLWfj9Q8kze95mZNzOE5w3M28MPvvm0UXONmtmWZFYlISJyLFKUpEQS4WsyiNPSa0devfnHwYv3Hjx8t1yp3F5XvVO+/1pJVZdXfvzsi1zYbS8j+8WPDo9Kv+8/u//84b/3P6m7Wne12WqrqY9av7XNR7alG3W3YajetS3TtbTedC2n297qttfs1uZmR83mxq38pmO5rprNjjasjrZb2nY6an5s1ptqGIbeysv1kh3Y9hKTc6pP1tfN8owHfDxjHubtb8/zxjQ7TtlcEjFyQy3VJxd6XgAA4FIaqP+/i2qEoiRPCspE31xguP6P4qD+96vO0/r/6Us/t2++v7sc1v976bj6//Vfu/l99b9/9LnX/z8MbA9XRFfe9jSdz1X/43JYSQ+91T/18+v/fDh/D3z14dPVIKD+BwAAAAAAAAAAAAAAAAAAAADgKjj2vILneYXoNfo7fYQg3I62xj1ojCtn1PXPhCsKnNwP+F+69+ChZIMH91LLIvbXW9Wtavc1bI86rkpB/gnuh1B3wYmdoFF9RfnJ3g7zt7eqS0FLWUTFFkvWpCDFvvwgvvNO5faadvXnJ1J5P78m9SC/JAV5Jj6/FJufllde7sk3pCC/PJaW2LIRfo9F+V+uqb79XmUgPxf0i/PmxV8WAAAAAADmylDNhtPn2Pm7YajGtftzeemdnw//PnAyv16NnZ+nCi+kFjt2AAAAAACuCzf9ecO0bctxOyODnEzqkwn3Nn4/8UFqms5+cBAEN8b1WeoZ4Vn3nA7/g8YUJy/TjdS07T8zEvthRku49jVlz/GpmnY0/jN0zk57CRw3Of3YLcdd8c9HZxpOTxD9bDSqj9yddc+jgmjl3Emdn/v2+79mO0QiXLW3t+mN3eyEkQZBYuCdnQk37ZHnTTyfGxf5nQMAAABgMaKiP+dG77y12BMCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAamusyaSOCRY8RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuCz+CwAA//+9m/li") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_aout(r0, &(0x7f00000002c0)=ANY=[], 0xc1) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3000005, 0x13, r0, 0x0) socket$inet_dccp(0x2, 0x6, 0x0) getsockopt$inet_int(0xffffffffffffffff, 0x10d, 0xe3, 0x0, &(0x7f00000000c0)) 754.815054ms ago: executing program 4 (id=628): syz_mount_image$ext4(&(0x7f00000002c0)='ext4\x00', &(0x7f0000000300)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x10, &(0x7f0000000680), 0xfe, 0x244, &(0x7f0000000400)="$eJzs3T9oJFUcB/DvzO565m6RUxtB/AMiooFwdoJNbBQCEoKIoEJExEZJhJhgl1jZWGitksomiJ3RUtIEG0WwipoiNoIGC4OFFiu7k0hMVqNu3Dkynw9MZibz3vzesPN9u83sBmisq0mmk7SSTCbpJCmON7i7Wq4e7q5PbM8nvd4TPxWDdtV+5ajflSRrSR5KslUWeamdrGw+s/fLzmP3vbncuff9zacnxnqRh/b3dh8/eG/2jY9mHlz54qsfZotMp/un6zp/xZD/tYvklv+j2HWiaNc9Av6Judc+/Lqf+1uT3DPIfydlqhfvraUbtjp54N2/6vv2j1/ePs6xAuev1+v03wPXekDjlEm6KcqpJNV2WU5NVZ/hv2ldLl9eXHp18sXF5YUX6p6pgPPSTXYf/eTSx1dO5P/7VpV/4OLq5//JuY1v+9sHrbpHA4zFHdWqn//J51bvj/xD48g/NJf8Q3PJPzSX/ENzyT80l/zDBdb5+8PyD80l/9Bc8g/NdTz/AECz9C7V/QQyUJe65x8AAAAAAAAAAAAAAAAAAOC09Ynt+aNlXDU/eyfZfyRJe1j91uD3iJMbB38v/1z0m/2hqLqN5Nm7RjzBiD6o+enrm76rt/7nd9Zbf3UhWXs9ybV2+/T9Vxzef//dzWcc7zw/YoF/qTix//BT461/0m8b9daf2Uk+7c8/14bNP2VuG6yHzz/ds79i+Uyv/DriCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABib3wMAAP//+kBtTA==") mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0) openat$nullb(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f00000000c0), 0xfea7) ioctl$FS_IOC_RESVSP(r1, 0x40305839, &(0x7f0000000000)={0x0, 0x0, 0xefff, 0xfa64}) ioctl$BTRFS_IOC_SEND(0xffffffffffffffff, 0xc0c89425, 0x0) 751.815802ms ago: executing program 3 (id=629): openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) dup(r0) r1 = epoll_create1(0x0) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) openat$vim2m(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x0) r2 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r2, 0x40045532, &(0x7f0000000100)) r3 = openat$audio(0xffffffffffffff9c, &(0x7f00000000c0), 0x88602, 0x0) ioctl$SNDCTL_DSP_GETODELAY(r3, 0x80045017, 0x0) r4 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65) write$snddsp(r4, &(0x7f0000000200)="a3", 0x1) pselect6(0x40, &(0x7f0000000100), 0x0, &(0x7f00000000c0)={0x3ff2}, 0x0, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) 618.782817ms ago: executing program 2 (id=630): syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000000)=ANY=[], 0x1, 0x357, &(0x7f0000000180)="$eJzs3c9rI2UYwPEnaTa/lm1yEEVB+qAXvQxt9KwG2QUx4NLdiLuCMLudaMiYlJlQiYitJ6/izX9AcNljbwX1H+jFW7148dZLQdAi4shMZtr8mCRNmpLWfj9Q8kze95mZNzOE5w3M28MPvvm0UXONmtmWZFYlISJyLFKUpEQS4WsyiNPSa0devfnHwYv3Hjx8t1yp3F5XvVO+/1pJVZdXfvzsi1zYbS8j+8WPDo9Kv+8/u//84b/3P6m7Wne12WqrqY9av7XNR7alG3W3YajetS3TtbTedC2n297qttfs1uZmR83mxq38pmO5rprNjjasjrZb2nY6an5s1ptqGIbeysv1kh3Y9hKTc6pP1tfN8owHfDxjHubtb8/zxjQ7TtlcEjFyQy3VJxd6XgAA4FIaqP+/i2qEoiRPCspE31xguP6P4qD+96vO0/r/6Us/t2++v7sc1v976bj6//Vfu/l99b9/9LnX/z8MbA9XRFfe9jSdz1X/43JYSQ+91T/18+v/fDh/D3z14dPVIKD+BwAAAAAAAAAAAAAAAAAAAADgKjj2vILneYXoNfo7fYQg3I62xj1ojCtn1PXPhCsKnNwP+F+69+ChZIMH91LLIvbXW9Wtavc1bI86rkpB/gnuh1B3wYmdoFF9RfnJ3g7zt7eqS0FLWUTFFkvWpCDFvvwgvvNO5faadvXnJ1J5P78m9SC/JAV5Jj6/FJufllde7sk3pCC/PJaW2LIRfo9F+V+uqb79XmUgPxf0i/PmxV8WAAAAAADmylDNhtPn2Pm7YajGtftzeemdnw//PnAyv16NnZ+nCi+kFjt2AAAAAACuCzf9ecO0bctxOyODnEzqkwn3Nn4/8UFqms5+cBAEN8b1WeoZ4Vn3nA7/g8YUJy/TjdS07T8zEvthRku49jVlz/GpmnY0/jN0zk57CRw3Of3YLcdd8c9HZxpOTxD9bDSqj9yddc+jgmjl3Emdn/v2+79mO0QiXLW3t+mN3eyEkQZBYuCdnQk37ZHnTTyfGxf5nQMAAABgMaKiP+dG77y12BMCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAamusyaSOCRY8RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuCz+CwAA//+9m/li") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_aout(r0, &(0x7f00000002c0)=ANY=[], 0xc1) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3000005, 0x10, r0, 0x0) r1 = socket$inet_dccp(0x2, 0x6, 0x0) getsockopt$inet_int(r1, 0x10d, 0xe0, 0x0, &(0x7f00000000c0)) 459.98298ms ago: executing program 2 (id=631): r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) fstat(r0, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, 0x0}) setuid(r1) r2 = socket(0x10, 0x3, 0x4) sendmsg$nl_route_sched(r2, 0x0, 0x0) 442.61111ms ago: executing program 2 (id=632): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000000000)) openat$ptp0(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x20082, 0x0) syz_io_uring_setup(0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x0, 0x0, 0x0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) write$sequencer(r1, &(0x7f0000000080)=[@t={0x81, 0x1, 0x0, 0x0, @generic=0x40005}], 0x8) prlimit64(0x0, 0x0, 0x0, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NFC_CMD_DEACTIVATE_TARGET(0xffffffffffffffff, 0x0, 0x0) ioctl$IMDELTIMER(0xffffffffffffffff, 0x80044941, 0xfffffffffffffffe) sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, 0x0, 0x0) ioctl$SNDCTL_SEQ_SYNC(r1, 0x5101) ioctl$SNDCTL_SEQ_PANIC(r1, 0x5111) 398.10022ms ago: executing program 4 (id=633): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000340), 0xffffffffffffffff) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f0000000000)={'wpan3\x00', 0x0}) sendmsg$NL802154_CMD_SET_BACKOFF_EXPONENT(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000480)={0x1c, r1, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r3}]}, 0x1c}}, 0x0) 310.104713ms ago: executing program 2 (id=634): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003580)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c710016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa73d897e3896d863081b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbd744e517e65ddab19e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f200004304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188541c300f5c1bf56705ba12d198e897186b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710f7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47cbb0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9ea410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be0a33c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06a6597155ae47846892bb423c024d8cb"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0xffff}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @xfrm={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_XFRM_IF_ID={0x8, 0x2, 0xea}]}}}, @IFLA_IFNAME={0x14, 0x3, 'xfrm0\x00'}]}, 0x50}}, 0x0) 296.815328ms ago: executing program 1 (id=635): creat(&(0x7f0000000300)='./bus\x00', 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) socket$netlink(0x10, 0x3, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) inotify_init() socket(0x15, 0x5, 0x0) epoll_create1(0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1f, 0x0, 0x0, 0x8000}, 0x48) socket$packet(0x11, 0x3, 0x300) socket$inet_smc(0x2b, 0x1, 0x0) socket(0x40000000015, 0x5, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000100)) r0 = socket(0x1, 0x803, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@newlink={0x3c, 0x10, 0x403, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r1}]}, 0x3c}}, 0x0) 177.336971ms ago: executing program 2 (id=636): r0 = syz_open_dev$usbfs(&(0x7f0000000080), 0x76, 0x101301) ioctl$USBDEVFS_CLAIM_PORT(r0, 0x80045518, &(0x7f0000000000)=0x1) ioctl$USBDEVFS_CLAIM_PORT(r0, 0x80045518, &(0x7f0000000040)) 160.685359ms ago: executing program 1 (id=637): sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000aa877e10702750909711000000010902120001000000000904"], 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000980)={0x44, &(0x7f0000000780)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, 0x0) 66.476949ms ago: executing program 4 (id=638): r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0xdc, 0x3f, 0x6e, 0x40, 0x813, 0x1, 0x3a08, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x9d, 0x26, 0x9b}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f00000008c0)={0x44, &(0x7f00000002c0), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000240)={0x24, &(0x7f0000000480)={0x0, 0x0, 0x2, "0176"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 65.743921ms ago: executing program 0 (id=639): syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000000)=ANY=[], 0x1, 0x357, &(0x7f0000000180)="$eJzs3c9rI2UYwPEnaTa/lm1yEEVB+qAXvQxt9KwG2QUx4NLdiLuCMLudaMiYlJlQiYitJ6/izX9AcNljbwX1H+jFW7148dZLQdAi4shMZtr8mCRNmpLWfj9Q8kze95mZNzOE5w3M28MPvvm0UXONmtmWZFYlISJyLFKUpEQS4WsyiNPSa0devfnHwYv3Hjx8t1yp3F5XvVO+/1pJVZdXfvzsi1zYbS8j+8WPDo9Kv+8/u//84b/3P6m7Wne12WqrqY9av7XNR7alG3W3YajetS3TtbTedC2n297qttfs1uZmR83mxq38pmO5rprNjjasjrZb2nY6an5s1ptqGIbeysv1kh3Y9hKTc6pP1tfN8owHfDxjHubtb8/zxjQ7TtlcEjFyQy3VJxd6XgAA4FIaqP+/i2qEoiRPCspE31xguP6P4qD+96vO0/r/6Us/t2++v7sc1v976bj6//Vfu/l99b9/9LnX/z8MbA9XRFfe9jSdz1X/43JYSQ+91T/18+v/fDh/D3z14dPVIKD+BwAAAAAAAAAAAAAAAAAAAADgKjj2vILneYXoNfo7fYQg3I62xj1ojCtn1PXPhCsKnNwP+F+69+ChZIMH91LLIvbXW9Wtavc1bI86rkpB/gnuh1B3wYmdoFF9RfnJ3g7zt7eqS0FLWUTFFkvWpCDFvvwgvvNO5faadvXnJ1J5P78m9SC/JAV5Jj6/FJufllde7sk3pCC/PJaW2LIRfo9F+V+uqb79XmUgPxf0i/PmxV8WAAAAAADmylDNhtPn2Pm7YajGtftzeemdnw//PnAyv16NnZ+nCi+kFjt2AAAAAACuCzf9ecO0bctxOyODnEzqkwn3Nn4/8UFqms5+cBAEN8b1WeoZ4Vn3nA7/g8YUJy/TjdS07T8zEvthRku49jVlz/GpmnY0/jN0zk57CRw3Of3YLcdd8c9HZxpOTxD9bDSqj9yddc+jgmjl3Emdn/v2+79mO0QiXLW3t+mN3eyEkQZBYuCdnQk37ZHnTTyfGxf5nQMAAABgMaKiP+dG77y12BMCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAamusyaSOCRY8RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuCz+CwAA//+9m/li") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_aout(r0, &(0x7f00000002c0)=ANY=[], 0xc1) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3000005, 0x13, r0, 0x0) r1 = socket$inet_dccp(0x2, 0x6, 0x0) getsockopt$inet_int(r1, 0x10d, 0x0, 0x0, &(0x7f00000000c0)) 48.532893ms ago: executing program 3 (id=640): openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x8}, 0x48) socket$nl_route(0x10, 0x3, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8}, 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) close_range(r0, r3, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r4}, &(0x7f0000000240), &(0x7f00000003c0)=r6}, 0x20) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r5, r2, 0x25, 0x2, @val=@tcx}, 0x40) syz_emit_ethernet(0x22, &(0x7f00000005c0)=ANY=[@ANYBLOB], 0x0) 0s ago: executing program 2 (id=641): write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) r0 = socket$igmp(0x2, 0x3, 0x2) socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'bridge0\x00', 0x0}) setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f00000001c0)={0x3, 0x8, 0x0, 0x0, @vifc_lcl_ifindex=r1, @rand_addr=0x64010100}, 0x10) kernel console output (not intermixed with test programs): 105794][ T5500] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 106.129774][ T5500] ext4 filesystem being mounted at /19/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 106.168774][ T5505] netlink: 32 bytes leftover after parsing attributes in process `syz.0.105'. [ 106.212661][ T46] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0 [ 106.231001][ T29] audit: type=1800 audit(1720002170.102:12): pid=5500 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.104" name="bus" dev="loop1" ino=18 res=0 errno=0 [ 106.282773][ T46] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 0 [ 106.291443][ T29] audit: type=1800 audit(1720002170.132:13): pid=5500 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.104" name="bus" dev="loop1" ino=18 res=0 errno=0 [ 106.337400][ T46] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 106.379606][ T46] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 0 [ 106.439830][ T5102] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 106.449883][ T46] usb 4-1: New USB device found, idVendor=0bb4, idProduct=0a04, bcdDevice=a3.91 [ 106.461007][ T46] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 106.469159][ T46] usb 4-1: Product: syz [ 106.525826][ T46] usb 4-1: Manufacturer: syz [ 106.532423][ T46] usb 4-1: SerialNumber: syz [ 106.564914][ T46] usb 4-1: config 0 descriptor?? [ 106.601041][ T46] ipaq 4-1:0.0: PocketPC PDA converter detected [ 106.607784][ T46] usb 4-1: active config #0 != 1 ?? [ 110.544883][ T5113] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 110.553746][ T5113] Bluetooth: hci0: Injecting HCI hardware error event [ 110.562958][ T5113] Bluetooth: hci0: hardware error 0x00 [ 110.595888][ T9] usb 4-1: USB disconnect, device number 4 [ 110.815379][ T5519] netlink: 8 bytes leftover after parsing attributes in process `syz.4.109'. [ 110.853135][ T5520] vxcan1: tx address claim with dlc 1 [ 111.351502][ T5534] loop1: detected capacity change from 0 to 512 [ 111.410382][ T5537] loop0: detected capacity change from 0 to 2048 [ 111.487191][ T5534] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 111.500835][ T5534] ext4 filesystem being mounted at /23/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 111.530911][ T5537] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 111.555216][ T29] audit: type=1800 audit(1720002175.432:14): pid=5534 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.116" name="bus" dev="loop1" ino=18 res=0 errno=0 [ 111.640918][ T5195] udevd[5195]: incorrect nilfs2 checksum on /dev/loop0 [ 111.650822][ T5102] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 111.660562][ T29] audit: type=1800 audit(1720002175.432:15): pid=5534 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.116" name="bus" dev="loop1" ino=18 res=0 errno=0 [ 111.682134][ T5541] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 111.725238][ T5535] loop3: detected capacity change from 0 to 4096 [ 111.751789][ T5535] ntfs3: loop3: Different NTFS sector size (4096) and media sector size (512). [ 111.929026][ T5537] NILFS (loop0): DAT doesn't have a block to manage vblocknr = 3044605952 [ 111.983085][ T5537] NILFS error (device loop0): nilfs_bmap_truncate: broken bmap (inode number=15) [ 112.072199][ T5537] Remounting filesystem read-only [ 112.077365][ T5537] NILFS (loop0): error -5 truncating bmap (ino=15) [ 112.147711][ T5537] syz.0.117 (5537) used greatest stack depth: 18160 bytes left [ 112.326896][ T5095] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 112.354345][ T5095] NILFS (loop0): discard dirty block: blocknr=0, size=1024 [ 112.420577][ T5095] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 112.452764][ T5095] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 112.470942][ T5095] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 112.508312][ T5095] NILFS (loop0): discard dirty page: offset=0, ino=3 [ 112.536578][ T5095] NILFS (loop0): discard dirty block: blocknr=42, size=1024 [ 112.567944][ T5095] NILFS (loop0): discard dirty block: blocknr=43, size=1024 [ 112.601432][ T5095] NILFS (loop0): discard dirty block: blocknr=44, size=1024 [ 112.648358][ T5095] NILFS (loop0): discard dirty block: blocknr=0, size=1024 [ 112.661534][ T5095] NILFS (loop0): discard dirty page: offset=196608, ino=3 [ 112.669295][ T5095] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 112.679191][ T5095] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 112.691934][ T5095] NILFS (loop0): discard dirty block: blocknr=49, size=1024 [ 112.701157][ T5095] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 112.765820][ T5095] NILFS (loop0): discard dirty page: offset=229376, ino=3 [ 112.798728][ T5095] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 112.832287][ T5095] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 112.859712][ T5113] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 112.867334][ T5095] NILFS (loop0): discard dirty block: blocknr=50, size=1024 [ 112.896610][ T5095] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 113.036568][ T5565] vxcan1: tx address claim with dlc 1 [ 113.163969][ T5146] usb 4-1: new low-speed USB device number 5 using dummy_hcd [ 113.343177][ T46] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 113.383021][ T5146] usb 4-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config [ 113.427311][ T5146] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 113.443153][ T5543] loop1: detected capacity change from 0 to 32768 [ 113.487683][ T5543] XFS: ikeep mount option is deprecated. [ 113.494095][ T5146] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 113.515157][ T5146] usb 4-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 113.558284][ T5146] usb 4-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config [ 113.619716][ T5543] XFS (loop1): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 113.651579][ T46] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0 [ 113.668770][ T5146] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 113.707949][ T46] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 0 [ 113.716690][ T5584] netlink: 24 bytes leftover after parsing attributes in process `syz.0.129'. [ 113.729721][ T5146] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 113.787228][ T5584] tipc: Started in network mode [ 113.808153][ T46] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 113.831078][ T5584] tipc: Node identity 1, cluster identity 4711 [ 113.839686][ T5146] usb 4-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 113.848106][ T5543] XFS (loop1): Ending clean mount [ 113.874617][ T46] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 0 [ 113.890127][ T5584] tipc: Node number set to 1 [ 113.893127][ T5146] usb 4-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config [ 113.923062][ T5146] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 113.951135][ T46] usb 5-1: New USB device found, idVendor=0bb4, idProduct=0a04, bcdDevice=a3.91 [ 113.970295][ T5146] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 113.992979][ T46] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 114.002502][ T5146] usb 4-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 114.011445][ T5543] XFS (loop1): Quotacheck needed: Please wait. [ 114.016339][ T46] usb 5-1: Product: syz [ 114.028050][ T46] usb 5-1: Manufacturer: syz [ 114.034765][ T5572] xt_ipvs: protocol family 7 not supported [ 114.044171][ T46] usb 5-1: SerialNumber: syz [ 114.052761][ T5146] usb 4-1: string descriptor 0 read error: -22 [ 114.060827][ T5146] usb 4-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 114.074520][ T5146] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 114.095185][ T46] usb 5-1: config 0 descriptor?? [ 114.121265][ T5146] adutux 4-1:168.0: interrupt endpoints not found [ 114.136076][ T46] ipaq 5-1:0.0: PocketPC PDA converter detected [ 114.155668][ T46] usb 5-1: active config #0 != 1 ?? [ 114.251430][ T5543] XFS (loop1): Quotacheck: Done. [ 114.435565][ T46] usb 4-1: USB disconnect, device number 5 [ 114.551655][ T5102] XFS (loop1): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 118.402452][ T9] usb 5-1: USB disconnect, device number 4 [ 118.850367][ T5602] loop3: detected capacity change from 0 to 2048 [ 118.901981][ T5602] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024) [ 118.962491][ T5610] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 119.053404][ T5614] vxcan1: tx address claim with dlc 1 [ 119.096723][ T5602] NILFS (loop3): DAT doesn't have a block to manage vblocknr = 3044605952 [ 119.137963][ T5602] NILFS error (device loop3): nilfs_bmap_truncate: broken bmap (inode number=15) [ 119.176716][ T5602] Remounting filesystem read-only [ 119.194755][ T5602] NILFS (loop3): error -5 truncating bmap (ino=15) [ 119.216428][ T5618] loop1: detected capacity change from 0 to 64 [ 119.282675][ T5100] NILFS (loop3): discard dirty page: offset=0, ino=6 [ 119.309674][ T5100] NILFS (loop3): discard dirty block: blocknr=0, size=1024 [ 119.336502][ T5100] NILFS (loop3): discard dirty block: blocknr=36, size=1024 [ 119.358591][ T5100] NILFS (loop3): discard dirty block: blocknr=37, size=1024 [ 119.367278][ T5100] NILFS (loop3): discard dirty block: blocknr=38, size=1024 [ 119.380691][ T5100] NILFS (loop3): discard dirty page: offset=0, ino=3 [ 119.394494][ T5100] NILFS (loop3): discard dirty block: blocknr=42, size=1024 [ 119.406225][ T5100] NILFS (loop3): discard dirty block: blocknr=43, size=1024 [ 119.415994][ T5100] NILFS (loop3): discard dirty block: blocknr=44, size=1024 [ 119.480782][ T5100] NILFS (loop3): discard dirty block: blocknr=0, size=1024 [ 119.505556][ T5100] NILFS (loop3): discard dirty page: offset=196608, ino=3 [ 119.532028][ T5100] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 119.545147][ T5100] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 119.557179][ T5100] NILFS (loop3): discard dirty block: blocknr=49, size=1024 [ 119.587496][ T5100] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 119.612813][ T5100] NILFS (loop3): discard dirty page: offset=229376, ino=3 [ 119.623012][ T5100] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 119.637359][ T5100] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 119.655567][ T5100] NILFS (loop3): discard dirty block: blocknr=50, size=1024 [ 119.665722][ T5100] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 120.316881][ T5638] xt_ipvs: protocol family 7 not supported [ 120.419515][ T5146] usb 3-1: new full-speed USB device number 5 using dummy_hcd [ 120.579661][ T5652] vxcan1: tx address claim with dlc 1 [ 120.637088][ T5146] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 120.655710][ T5146] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 120.667449][ T5146] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 576, setting to 64 [ 120.687285][ T5146] usb 3-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22 [ 120.692933][ T5653] loop1: detected capacity change from 0 to 2048 [ 120.742283][ T5653] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) [ 120.752471][ T5146] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 120.785149][ T5146] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 120.806949][ T5654] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 120.817733][ T5146] usb 3-1: SerialNumber: syz [ 120.831796][ T5641] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 120.850302][ T5641] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 120.869926][ T5146] cdc_acm 3-1:1.0: Control and data interfaces are not separated! [ 120.906034][ T5656] loop0: detected capacity change from 0 to 64 [ 120.961414][ T5653] NILFS (loop1): DAT doesn't have a block to manage vblocknr = 3044605952 [ 120.981124][ T5653] NILFS error (device loop1): nilfs_bmap_truncate: broken bmap (inode number=15) [ 121.016671][ T5653] Remounting filesystem read-only [ 121.029117][ T5653] NILFS (loop1): error -5 truncating bmap (ino=15) [ 121.104852][ T5102] NILFS (loop1): discard dirty page: offset=0, ino=6 [ 121.120931][ T5641] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 121.122139][ T5102] NILFS (loop1): discard dirty block: blocknr=0, size=1024 [ 121.158825][ T5641] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 121.159263][ T5102] NILFS (loop1): discard dirty block: blocknr=36, size=1024 [ 121.186592][ T29] audit: type=1800 audit(1720002185.062:16): pid=5641 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.147" name="file2" dev="overlay" ino=201 res=0 errno=0 [ 121.199567][ T5102] NILFS (loop1): discard dirty block: blocknr=37, size=1024 [ 121.235349][ T5102] NILFS (loop1): discard dirty block: blocknr=38, size=1024 [ 121.247116][ T5146] cdc_acm 3-1:1.0: ttyACM0: USB ACM device [ 121.263841][ T5146] usb 3-1: USB disconnect, device number 5 [ 121.286458][ T5102] NILFS (loop1): discard dirty page: offset=0, ino=3 [ 121.319776][ T5102] NILFS (loop1): discard dirty block: blocknr=42, size=1024 [ 121.339951][ T9] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 121.366583][ T5102] NILFS (loop1): discard dirty block: blocknr=43, size=1024 [ 121.384887][ T5102] NILFS (loop1): discard dirty block: blocknr=44, size=1024 [ 121.392866][ T5102] NILFS (loop1): discard dirty block: blocknr=0, size=1024 [ 121.405440][ T5102] NILFS (loop1): discard dirty page: offset=196608, ino=3 [ 121.414683][ T5102] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 121.430862][ T5102] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 121.447673][ T5102] NILFS (loop1): discard dirty block: blocknr=49, size=1024 [ 121.456601][ T5102] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 121.472813][ T5102] NILFS (loop1): discard dirty page: offset=229376, ino=3 [ 121.485375][ T5102] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 121.525635][ T5102] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 121.547174][ T5102] NILFS (loop1): discard dirty block: blocknr=50, size=1024 [ 121.562666][ T5102] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 121.573989][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0 [ 121.587632][ T9] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 0 [ 121.610246][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 121.631098][ T9] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 0 [ 121.664336][ T9] usb 5-1: New USB device found, idVendor=0bb4, idProduct=0a04, bcdDevice=a3.91 [ 121.690881][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 121.705731][ T9] usb 5-1: Product: syz [ 121.726516][ T9] usb 5-1: Manufacturer: syz [ 121.735820][ T9] usb 5-1: SerialNumber: syz [ 121.757107][ T9] usb 5-1: config 0 descriptor?? [ 121.783212][ T9] ipaq 5-1:0.0: PocketPC PDA converter detected [ 121.808006][ T9] usb 5-1: active config #0 != 1 ?? [ 121.982301][ T5676] loop1: detected capacity change from 0 to 512 [ 122.032709][ T5676] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 125.801716][ T9] usb 5-1: USB disconnect, device number 5 [ 125.805995][ T5676] ext4 filesystem being mounted at /30/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 125.810547][ T5683] vxcan1: tx address claim with dlc 1 [ 125.973020][ T5686] loop3: detected capacity change from 0 to 1024 [ 126.008707][ T5102] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 126.069045][ T5686] EXT4-fs: Ignoring removed nomblk_io_submit option [ 126.241842][ T5686] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003] [ 126.267833][ T5686] System zones: 0-1, 3-36 [ 126.278777][ T5697] loop1: detected capacity change from 0 to 64 [ 126.286836][ T5686] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 126.448650][ T5100] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 126.460912][ T5154] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 126.625855][ T5698] xt_ipvs: protocol family 7 not supported [ 126.662307][ T5154] usb 3-1: Using ep0 maxpacket: 32 [ 126.689107][ T5154] usb 3-1: New USB device found, idVendor=06a2, idProduct=0003, bcdDevice=a6.59 [ 126.715704][ T5709] loop1: detected capacity change from 0 to 64 [ 126.725301][ T5154] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 126.744843][ T5154] usb 3-1: Product: syz [ 126.756506][ T5154] usb 3-1: Manufacturer: syz [ 126.776655][ T5154] usb 3-1: SerialNumber: syz [ 126.806736][ T5154] usb 3-1: config 0 descriptor?? [ 126.827628][ T5154] gspca_main: gspca_topro-2.14.0 probing 06a2:0003 [ 127.021080][ T5154] gspca_topro: reg_w err -71 [ 127.092601][ T5154] gspca_topro: Sensor soi763a [ 127.128269][ T5154] usb 3-1: USB disconnect, device number 6 [ 127.274770][ T5720] loop4: detected capacity change from 0 to 512 [ 127.322345][ T5715] loop0: detected capacity change from 0 to 4096 [ 127.323650][ T5720] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 127.358717][ T5720] ext4 filesystem being mounted at /29/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 127.374100][ T5715] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 127.422222][ T46] usb 2-1: new full-speed USB device number 3 using dummy_hcd [ 127.554607][ T29] audit: type=1800 audit(1720002191.432:17): pid=5720 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.174" name="bus" dev="loop4" ino=18 res=0 errno=0 [ 127.598995][ T29] audit: type=1800 audit(1720002191.452:18): pid=5720 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.174" name="bus" dev="loop4" ino=18 res=0 errno=0 [ 127.711551][ T46] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 127.729332][ T46] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 127.760953][ T5099] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 127.779489][ T46] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 576, setting to 64 [ 127.822528][ T46] usb 2-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22 [ 127.857607][ T5728] loop0: detected capacity change from 0 to 64 [ 127.875599][ T46] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 127.929607][ T46] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 127.943524][ T46] usb 2-1: SerialNumber: syz [ 127.962619][ T5713] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 127.978553][ T5713] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 128.012920][ T46] cdc_acm 2-1:1.0: Control and data interfaces are not separated! [ 128.227246][ T5738] loop2: detected capacity change from 0 to 64 [ 128.248607][ T5713] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 128.259655][ T5713] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 128.279671][ T29] audit: type=1800 audit(1720002192.152:19): pid=5713 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.171" name="file2" dev="overlay" ino=214 res=0 errno=0 [ 128.339370][ T46] cdc_acm 2-1:1.0: ttyACM0: USB ACM device [ 128.370188][ T46] usb 2-1: USB disconnect, device number 3 [ 128.558181][ T5752] overlayfs: failed to resolve './file0': -2 [ 128.761946][ T5758] loop2: detected capacity change from 0 to 64 [ 128.899889][ T5154] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 129.006020][ T5763] loop1: detected capacity change from 0 to 128 [ 129.119627][ T5154] usb 5-1: Using ep0 maxpacket: 32 [ 129.161406][ T5154] usb 5-1: New USB device found, idVendor=06a2, idProduct=0003, bcdDevice=a6.59 [ 129.183406][ T5154] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 129.198095][ T5154] usb 5-1: Product: syz [ 129.202912][ T5154] usb 5-1: Manufacturer: syz [ 129.207948][ T5154] usb 5-1: SerialNumber: syz [ 129.214176][ T5766] warning: `syz.0.192' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 129.230198][ T5154] usb 5-1: config 0 descriptor?? [ 129.238493][ T5767] loop1: detected capacity change from 0 to 64 [ 129.243873][ T5154] gspca_main: gspca_topro-2.14.0 probing 06a2:0003 [ 129.438223][ T5154] gspca_topro: reg_w err -71 [ 129.499642][ T5154] gspca_topro: Sensor soi763a [ 129.524223][ T5154] usb 5-1: USB disconnect, device number 6 [ 129.674298][ T5779] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3) [ 129.681092][ T5779] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 129.712860][ T5779] vhci_hcd vhci_hcd.0: Device attached [ 129.747841][ T5783] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 129.769594][ T5783] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 130.009744][ T928] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 130.029927][ T5146] usb 16-1: SetAddress Request (2) to port 0 [ 130.042778][ T5146] usb 16-1: new SuperSpeed USB device number 2 using vhci_hcd [ 130.060811][ T5154] usb 3-1: new full-speed USB device number 7 using dummy_hcd [ 130.159684][ T928] usb 4-1: device descriptor read/64, error -71 [ 130.265317][ T5154] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 130.279108][ T5154] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 130.298183][ T5154] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 576, setting to 64 [ 130.346772][ T5154] usb 3-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22 [ 130.363177][ T5154] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 130.379255][ T5154] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 130.402058][ T5797] loop0: detected capacity change from 0 to 256 [ 130.408437][ T5154] usb 3-1: SerialNumber: syz [ 130.417966][ T5785] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 130.429361][ T5785] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 130.430213][ T928] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 130.462361][ T5154] cdc_acm 3-1:1.0: Control and data interfaces are not separated! [ 130.487953][ T29] audit: type=1800 audit(1720002194.352:20): pid=5797 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.205" name="bus" dev="loop0" ino=1048596 res=0 errno=0 [ 130.679676][ T928] usb 4-1: device descriptor read/64, error -71 [ 130.736584][ T5800] loop4: detected capacity change from 0 to 64 [ 130.774984][ T5785] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 130.787342][ T5785] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 130.804052][ T928] usb usb4-port1: attempt power cycle [ 130.830081][ T5154] cdc_acm 3-1:1.0: ttyACM0: USB ACM device [ 130.831848][ T29] audit: type=1800 audit(1720002194.682:21): pid=5785 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.201" name="file2" dev="overlay" ino=277 res=0 errno=0 [ 130.862628][ T5154] usb 3-1: USB disconnect, device number 7 [ 131.291240][ T928] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 131.330385][ T928] usb 4-1: device descriptor read/8, error -71 [ 131.509674][ T5154] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 131.620817][ T928] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 131.671520][ T928] usb 4-1: device descriptor read/8, error -71 [ 131.719603][ T5154] usb 1-1: New USB device found, idVendor=0e41, idProduct=534d, bcdDevice=7b.a3 [ 131.760141][ T5154] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 131.783902][ T5154] usb 1-1: Product: syz [ 131.796345][ T5154] usb 1-1: Manufacturer: syz [ 131.820339][ T928] usb usb4-port1: unable to enumerate USB device [ 131.822600][ T5154] usb 1-1: SerialNumber: syz [ 131.867372][ T5154] usb 1-1: config 0 descriptor?? [ 131.888557][ T5154] snd_usb_variax 1-1:0.0: Line 6 Variax Workbench found [ 131.911228][ T5105] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 131.917825][ T5154] usb 1-1: selecting invalid altsetting 1 [ 131.926954][ T5105] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 131.928666][ T5154] snd_usb_variax 1-1:0.0: set_interface failed [ 131.945506][ T5105] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 131.946461][ T5154] snd_usb_variax 1-1:0.0: Line 6 Variax Workbench now disconnected [ 131.967563][ T5105] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 131.970503][ T5154] snd_usb_variax 1-1:0.0: probe with driver snd_usb_variax failed with error -22 [ 131.988958][ T5105] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 132.002980][ T5105] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 132.242351][ T5825] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 132.245970][ T4512] usb 1-1: USB disconnect, device number 5 [ 132.292545][ T5825] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 132.387569][ T5820] chnl_net:caif_netlink_parms(): no params data found [ 132.480549][ T5820] bridge0: port 1(bridge_slave_0) entered blocking state [ 132.487882][ T5820] bridge0: port 1(bridge_slave_0) entered disabled state [ 132.501630][ T5820] bridge_slave_0: entered allmulticast mode [ 132.508964][ T5820] bridge_slave_0: entered promiscuous mode [ 132.518069][ T5820] bridge0: port 2(bridge_slave_1) entered blocking state [ 132.525578][ T5820] bridge0: port 2(bridge_slave_1) entered disabled state [ 132.534275][ T5820] bridge_slave_1: entered allmulticast mode [ 132.541721][ T5820] bridge_slave_1: entered promiscuous mode [ 132.585595][ T5820] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 132.601982][ T5820] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 132.647281][ T5820] team0: Port device team_slave_0 added [ 132.656305][ T5820] team0: Port device team_slave_1 added [ 132.688575][ T5780] vhci_hcd: connection reset by peer [ 132.709175][ T987] vhci_hcd: stop threads [ 132.718544][ T987] vhci_hcd: release socket [ 132.737211][ T5820] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 132.744741][ T987] vhci_hcd: disconnect device [ 132.749715][ T5820] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 132.784767][ T5820] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 132.799269][ T5820] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 132.809304][ T5820] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 132.851850][ T5820] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 133.008244][ T5820] hsr_slave_0: entered promiscuous mode [ 133.038531][ T5820] hsr_slave_1: entered promiscuous mode [ 133.056565][ T5820] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 133.071626][ T5820] Cannot create hsr debugfs directory [ 133.284324][ T1246] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.291742][ T1246] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.655828][ T5820] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 133.765502][ T5863] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 133.799052][ T5820] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 133.836497][ T5863] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 133.925519][ T5820] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 134.059655][ T5113] Bluetooth: hci2: command tx timeout [ 134.082054][ T5820] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 134.364330][ T5877] bridge0: entered allmulticast mode [ 134.381617][ T5877] lo: entered allmulticast mode [ 134.412746][ T5820] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 134.455150][ T5820] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 134.484913][ T5820] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 134.508814][ T5884] loop4: detected capacity change from 0 to 512 [ 134.510567][ T5820] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 134.520662][ T5884] EXT4-fs: Ignoring removed i_version option [ 134.539234][ T5884] EXT4-fs: Ignoring removed nobh option [ 134.561192][ T5884] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 134.585242][ T5884] EXT4-fs (loop4): 1 truncate cleaned up [ 134.601611][ T46] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 134.611992][ T5884] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 134.689003][ T5099] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 134.738931][ T5820] 8021q: adding VLAN 0 to HW filter on device bond0 [ 134.801761][ T46] usb 4-1: New USB device found, idVendor=0e41, idProduct=534d, bcdDevice=7b.a3 [ 134.811822][ T5820] 8021q: adding VLAN 0 to HW filter on device team0 [ 134.827478][ T46] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 134.852366][ T5892] netlink: 1752 bytes leftover after parsing attributes in process `syz.2.239'. [ 134.862752][ T4512] bridge0: port 1(bridge_slave_0) entered blocking state [ 134.870123][ T4512] bridge0: port 1(bridge_slave_0) entered forwarding state [ 134.881072][ T46] usb 4-1: Product: syz [ 134.885303][ T46] usb 4-1: Manufacturer: syz [ 134.895134][ T4512] bridge0: port 2(bridge_slave_1) entered blocking state [ 134.902473][ T4512] bridge0: port 2(bridge_slave_1) entered forwarding state [ 134.915899][ T46] usb 4-1: SerialNumber: syz [ 134.927475][ T46] usb 4-1: config 0 descriptor?? [ 134.978901][ T46] snd_usb_variax 4-1:0.0: Line 6 Variax Workbench found [ 135.000327][ T46] usb 4-1: selecting invalid altsetting 1 [ 135.020193][ T46] snd_usb_variax 4-1:0.0: set_interface failed [ 135.034820][ T46] snd_usb_variax 4-1:0.0: Line 6 Variax Workbench now disconnected [ 135.066016][ T46] snd_usb_variax 4-1:0.0: probe with driver snd_usb_variax failed with error -22 [ 135.101283][ T5146] usb 16-1: device descriptor read/8, error -110 [ 135.341918][ T5907] netlink: 'syz.0.243': attribute type 10 has an invalid length. [ 135.415676][ T25] usb 4-1: USB disconnect, device number 10 [ 135.462119][ T5907] team0: Port device geneve1 added [ 135.532985][ T5146] usb usb16-port1: attempt power cycle [ 135.655150][ T5912] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 135.694348][ T5820] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 135.722192][ T5912] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 135.830738][ T5820] veth0_vlan: entered promiscuous mode [ 135.858126][ T5820] veth1_vlan: entered promiscuous mode [ 135.959208][ T5820] veth0_macvtap: entered promiscuous mode [ 136.001130][ T5820] veth1_macvtap: entered promiscuous mode [ 136.051700][ T5820] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 136.089697][ T5820] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 136.107492][ T5820] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 136.118531][ T5820] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 136.133468][ T5820] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 136.140883][ T5113] Bluetooth: hci2: command tx timeout [ 136.170436][ T5820] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 136.192302][ T5146] usb usb16-port1: unable to enumerate USB device [ 136.194805][ T5820] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 136.230486][ T5820] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 136.266193][ T5820] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 136.307925][ T5820] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 136.344974][ T5820] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 136.416315][ T5820] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 136.448542][ T5820] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 136.486964][ T5820] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 136.494091][ T5932] loop3: detected capacity change from 0 to 128 [ 136.519996][ T5820] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 136.542337][ T5820] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 136.561114][ T5820] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 136.577505][ T5820] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 136.595834][ T5820] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 136.613819][ T5820] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 136.627917][ T5820] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 136.650590][ T5820] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 136.662183][ T5934] netlink: 'syz.0.254': attribute type 10 has an invalid length. [ 136.755313][ T5820] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 136.778781][ T5820] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 136.815928][ T5820] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 136.852534][ T5820] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 137.310718][ T5947] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 137.327154][ T2810] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 137.413576][ T2810] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 137.709568][ T5146] usb 1-1: new full-speed USB device number 6 using dummy_hcd [ 137.768418][ T987] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 137.806194][ T987] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 137.945342][ T5146] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 137.976774][ T5146] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 137.994113][ T5146] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 576, setting to 64 [ 138.038559][ T5146] usb 1-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22 [ 138.102138][ T5146] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 138.124448][ T5146] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 138.164963][ T5146] usb 1-1: SerialNumber: syz [ 138.203772][ T5952] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 138.219015][ T5971] netlink: 'syz.2.267': attribute type 10 has an invalid length. [ 138.219132][ T5952] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 138.240788][ T5113] Bluetooth: hci2: command tx timeout [ 138.281897][ T5146] cdc_acm 1-1:1.0: Control and data interfaces are not separated! [ 138.360892][ T5971] team0: Port device geneve1 added [ 138.531817][ T5952] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 138.556523][ T5952] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 138.592194][ T29] audit: type=1800 audit(1720002202.462:22): pid=5952 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.261" name="file2" dev="overlay" ino=380 res=0 errno=0 [ 138.643504][ T5146] cdc_acm 1-1:1.0: ttyACM0: USB ACM device [ 138.689757][ T5146] usb 1-1: USB disconnect, device number 6 [ 139.195816][ T5997] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 140.313476][ T5113] Bluetooth: hci2: command tx timeout [ 142.108772][ T6036] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 142.425370][ T6042] netlink: 1752 bytes leftover after parsing attributes in process `syz.1.295'. [ 142.798230][ T6053] netlink: 12 bytes leftover after parsing attributes in process `syz.4.300'. [ 143.244717][ T6070] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 143.625151][ T6085] loop0: detected capacity change from 0 to 512 [ 143.695893][ T6085] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 143.723179][ T6085] ext4 filesystem being mounted at /71/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 143.841237][ T6094] loop4: detected capacity change from 0 to 1024 [ 144.165754][ T5095] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 145.149694][ T6124] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3) [ 145.156291][ T6124] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 145.199634][ T6124] vhci_hcd vhci_hcd.0: Device attached [ 145.559760][ T8] usb 10-1: SetAddress Request (2) to port 0 [ 145.565896][ T8] usb 10-1: new SuperSpeed USB device number 2 using vhci_hcd [ 145.574584][ T5191] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 145.782434][ T5191] usb 1-1: Using ep0 maxpacket: 16 [ 145.808859][ T5191] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 145.856117][ T5191] usb 1-1: config 0 has no interfaces? [ 145.872866][ T5191] usb 1-1: New USB device found, idVendor=077d, idProduct=0410, bcdDevice=ec.c1 [ 145.890775][ T5191] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 145.917133][ T5191] usb 1-1: Product: syz [ 145.922304][ T5191] usb 1-1: Manufacturer: syz [ 145.926974][ T5191] usb 1-1: SerialNumber: syz [ 145.941165][ T5191] usb 1-1: config 0 descriptor?? [ 145.976388][ T6153] loop1: detected capacity change from 0 to 128 [ 146.016226][ T6153] FAT-fs (loop1): Unrecognized mount option "00000000000000000000003ÿÿÿÿÿÿÿÿ0xffffffffffffffff0xffffffffffffffff" or missing value [ 146.091929][ T6152] loop2: detected capacity change from 0 to 4096 [ 146.117627][ T6152] ntfs3: loop2: Different NTFS sector size (4096) and media sector size (512). [ 146.166752][ T9] usb 1-1: USB disconnect, device number 7 [ 146.175660][ T6126] vhci_hcd: connection reset by peer [ 146.190854][ T2847] vhci_hcd: stop threads [ 146.197626][ T2847] vhci_hcd: release socket [ 146.210037][ T2847] vhci_hcd: disconnect device [ 146.258789][ T6120] loop4: detected capacity change from 0 to 40427 [ 146.275144][ T6120] F2FS-fs (loop4): invalid crc value [ 146.322625][ T6120] F2FS-fs (loop4): Found nat_bits in checkpoint [ 146.536488][ T6120] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4 [ 146.669033][ T6171] netlink: 24 bytes leftover after parsing attributes in process `syz.3.344'. [ 146.688944][ T6171] tipc: Started in network mode [ 146.694245][ T6171] tipc: Node identity 1, cluster identity 4711 [ 146.750001][ T6171] tipc: Node number set to 1 [ 146.848137][ T29] audit: type=1804 audit(1720002210.722:23): pid=6174 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.325" name="/newroot/64/file0/file1" dev="loop4" ino=10 res=1 errno=0 [ 147.011404][ T5099] syz-executor: attempt to access beyond end of device [ 147.011404][ T5099] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 147.067566][ T5099] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 147.846168][ T6189] loop2: detected capacity change from 0 to 512 [ 147.947338][ T6187] loop1: detected capacity change from 0 to 4096 [ 147.981974][ T6189] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 148.008286][ T6198] loop4: detected capacity change from 0 to 128 [ 148.009974][ T6187] ntfs3: loop1: Different NTFS sector size (4096) and media sector size (512). [ 148.055441][ T6189] ext4 filesystem being mounted at /81/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 148.158996][ T5104] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 148.218181][ T6202] loop0: detected capacity change from 0 to 2048 [ 148.279071][ T6202] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 148.307128][ T6214] netlink: 24 bytes leftover after parsing attributes in process `syz.4.359'. [ 148.317002][ T6214] tipc: Started in network mode [ 148.322878][ T6214] tipc: Node identity 1, cluster identity 4711 [ 148.330055][ T6214] tipc: Node number set to 1 [ 148.408886][ T5095] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 148.498751][ T6219] Driver unsupported XDP return value 0 on prog (id 73) dev N/A, expect packet loss! [ 148.755216][ T25] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 148.949593][ T25] usb 4-1: Using ep0 maxpacket: 16 [ 148.957169][ T25] usb 4-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 148.980410][ T25] usb 4-1: New USB device found, idVendor=1f4d, idProduct=3100, bcdDevice=90.a2 [ 148.999542][ T25] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 149.007609][ T25] usb 4-1: Product: syz [ 149.039701][ T25] usb 4-1: Manufacturer: syz [ 149.044384][ T25] usb 4-1: SerialNumber: syz [ 149.068899][ T25] usb 4-1: config 0 descriptor?? [ 149.079910][ T25] dvb-usb: found a 'X3M TV SPC1400HD PCI' in warm state. [ 149.099655][ T25] dw2102: su3000_power_ctrl: 1, initialized 0 [ 149.106205][ T25] dvb-usb: bulk message failed: -22 (2/0) [ 149.129092][ T25] dvb-usb: X3M TV SPC1400HD PCI error while loading driver (-22) [ 149.172746][ T6233] wireguard: wg2: Could not create IPv4 socket [ 149.191229][ T6235] loop1: detected capacity change from 0 to 128 [ 149.257594][ T6237] loop2: detected capacity change from 0 to 512 [ 149.274738][ T6223] loop0: detected capacity change from 0 to 32768 [ 149.292225][ T5154] usb 4-1: USB disconnect, device number 11 [ 149.364647][ T6237] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 149.391667][ T6239] loop4: detected capacity change from 0 to 2048 [ 149.398209][ T6237] ext4 filesystem being mounted at /83/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 149.455432][ T6239] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 149.505219][ T5104] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 149.585440][ T6243] loop1: detected capacity change from 0 to 4096 [ 149.605826][ T5099] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 149.615889][ T6243] ntfs3: loop1: Different NTFS sector size (4096) and media sector size (512). [ 150.064985][ T6267] loop3: detected capacity change from 0 to 128 [ 150.094369][ T6269] netlink: 24 bytes leftover after parsing attributes in process `syz.0.380'. [ 150.176833][ T6273] loop3: detected capacity change from 0 to 512 [ 150.190655][ T5191] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 150.232189][ T6273] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 150.245610][ T6273] ext4 filesystem being mounted at /73/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 150.292213][ T5100] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 150.339542][ T928] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 150.401103][ T5191] usb 2-1: Using ep0 maxpacket: 8 [ 150.430924][ T5191] usb 2-1: New USB device found, idVendor=04bb, idProduct=0901, bcdDevice=56.a0 [ 150.449473][ T5191] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 150.459688][ T5191] usb 2-1: Product: syz [ 150.463913][ T5191] usb 2-1: Manufacturer: syz [ 150.479516][ T5191] usb 2-1: SerialNumber: syz [ 150.500570][ T5191] usb 2-1: config 0 descriptor?? [ 150.529192][ T6279] loop3: detected capacity change from 0 to 4096 [ 150.544768][ T6279] ntfs3: loop3: Different NTFS sector size (4096) and media sector size (512). [ 150.559688][ T928] usb 5-1: Using ep0 maxpacket: 8 [ 150.567528][ T928] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 150.579664][ T928] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 150.611052][ T928] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 0, changing to 7 [ 150.627439][ T928] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0xFF has invalid maxpacket 59391, setting to 1024 [ 150.641726][ T928] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 150.650038][ T928] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 150.662196][ T928] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 0, changing to 7 [ 150.678430][ T928] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0xFF has invalid maxpacket 59391, setting to 1024 [ 150.692081][ T928] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 150.705254][ T8] usb 10-1: device descriptor read/8, error -110 [ 150.731143][ T5191] kaweth 2-1:0.0: Firmware present in device. [ 150.737776][ T928] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 150.769584][ T928] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 0, changing to 7 [ 150.795519][ T928] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0xFF has invalid maxpacket 59391, setting to 1024 [ 150.845911][ T928] usb 5-1: string descriptor 0 read error: -22 [ 150.852745][ T928] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 150.880847][ T928] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 150.917473][ T928] adutux 5-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 150.929961][ T5191] kaweth 2-1:0.0: Error reading configuration (-32), no net device created [ 150.951910][ T5191] kaweth 2-1:0.0: probe with driver kaweth failed with error -5 [ 150.968166][ T6283] wireguard: wg2: Could not create IPv4 socket [ 151.141173][ T8] usb usb10-port1: attempt power cycle [ 151.143936][ T5154] usb 5-1: USB disconnect, device number 7 [ 151.828571][ T8] usb usb10-port1: unable to enumerate USB device [ 152.442070][ T6305] loop2: detected capacity change from 0 to 512 [ 152.500557][ T6307] loop0: detected capacity change from 0 to 512 [ 152.527958][ T6307] EXT4-fs error (device loop0): ext4_orphan_get:1394: inode #15: comm syz.0.398: casefold flag without casefold feature [ 152.530159][ T6305] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 152.585541][ T6307] EXT4-fs error (device loop0): ext4_orphan_get:1399: comm syz.0.398: couldn't read orphan inode 15 (err -117) [ 152.715537][ T6305] ext4 filesystem being mounted at /89/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 152.730728][ T6307] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 152.818200][ T5104] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 152.912697][ T6316] netlink: 24 bytes leftover after parsing attributes in process `syz.4.399'. [ 152.959061][ T25] usb 2-1: USB disconnect, device number 4 [ 153.018734][ T5095] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 153.540604][ T8] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 153.743505][ T5191] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 153.779817][ T8] usb 3-1: Using ep0 maxpacket: 8 [ 153.787340][ T8] usb 3-1: config index 0 descriptor too short (expected 301, got 45) [ 153.805621][ T8] usb 3-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 153.818519][ T8] usb 3-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 153.838937][ T8] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 153.851299][ T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 153.904614][ T8] usbtmc 3-1:16.0: bulk endpoints not found [ 153.939821][ T5191] usb 1-1: Using ep0 maxpacket: 8 [ 153.949068][ T5191] usb 1-1: config 168 descriptor has 1 excess byte, ignoring [ 153.960198][ T5191] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 153.978081][ T5191] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 0, changing to 7 [ 153.997713][ T5191] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0xFF has invalid maxpacket 59391, setting to 1024 [ 154.018685][ T5191] usb 1-1: config 168 descriptor has 1 excess byte, ignoring [ 154.054359][ T5191] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 154.077965][ T5191] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 0, changing to 7 [ 154.106667][ T5191] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0xFF has invalid maxpacket 59391, setting to 1024 [ 154.139027][ T5191] usb 1-1: config 168 descriptor has 1 excess byte, ignoring [ 154.148257][ T5191] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 154.168835][ T5191] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 0, changing to 7 [ 154.199173][ T5191] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0xFF has invalid maxpacket 59391, setting to 1024 [ 154.257258][ T5191] usb 1-1: string descriptor 0 read error: -22 [ 154.265018][ T5191] usb 1-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 154.282626][ T5191] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 154.318520][ T5191] adutux 1-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 154.509212][ T6348] loop4: detected capacity change from 0 to 512 [ 154.557637][ T25] usb 1-1: USB disconnect, device number 8 [ 154.627506][ T6348] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 154.654872][ T6348] ext4 filesystem being mounted at /76/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 154.748588][ T5099] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 154.810229][ T6356] loop1: detected capacity change from 0 to 1024 [ 154.823713][ T6356] EXT4-fs: Ignoring removed nomblk_io_submit option [ 154.851345][ T6356] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003] [ 154.872796][ T6356] System zones: 0-1, 3-36 [ 154.887260][ T6356] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 154.936967][ T6360] loop4: detected capacity change from 0 to 512 [ 154.990463][ T6360] EXT4-fs error (device loop4): ext4_orphan_get:1394: inode #15: comm syz.4.412: casefold flag without casefold feature [ 155.017008][ T6360] EXT4-fs error (device loop4): ext4_orphan_get:1399: comm syz.4.412: couldn't read orphan inode 15 (err -117) [ 155.035333][ T6360] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 155.043947][ T5820] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 155.157481][ T6363] loop1: detected capacity change from 0 to 128 [ 155.195183][ T5099] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 155.533584][ T6376] netlink: 24 bytes leftover after parsing attributes in process `syz.1.416'. [ 155.579717][ T6376] tipc: Started in network mode [ 155.587068][ T6376] tipc: Node identity 1, cluster identity 4711 [ 155.602908][ T6376] tipc: Node number set to 1 [ 156.019970][ T9] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 156.229809][ T9] usb 1-1: Using ep0 maxpacket: 16 [ 156.249023][ T5146] usb 3-1: USB disconnect, device number 8 [ 156.262645][ T9] usb 1-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 156.318017][ T9] usb 1-1: New USB device found, idVendor=1f4d, idProduct=3100, bcdDevice=90.a2 [ 156.340754][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 156.379189][ T6388] loop2: detected capacity change from 0 to 512 [ 156.411092][ T9] usb 1-1: Product: syz [ 156.415337][ T9] usb 1-1: Manufacturer: syz [ 156.438586][ T9] usb 1-1: SerialNumber: syz [ 156.466869][ T9] usb 1-1: config 0 descriptor?? [ 156.492491][ T9] dvb-usb: found a 'X3M TV SPC1400HD PCI' in warm state. [ 156.500043][ T9] dw2102: su3000_power_ctrl: 1, initialized 0 [ 156.506171][ T9] dvb-usb: bulk message failed: -22 (2/0) [ 156.531710][ T6388] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 156.549271][ T6388] ext4 filesystem being mounted at /92/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 156.581073][ T9] dvb-usb: X3M TV SPC1400HD PCI error while loading driver (-22) [ 156.713288][ T6397] loop3: detected capacity change from 0 to 128 [ 156.743687][ T5104] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 156.755482][ T9] usb 1-1: USB disconnect, device number 9 [ 157.169603][ T8] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 157.390152][ T8] usb 3-1: Using ep0 maxpacket: 8 [ 157.410736][ T8] usb 3-1: config 168 descriptor has 1 excess byte, ignoring [ 157.412688][ T6415] netlink: 24 bytes leftover after parsing attributes in process `syz.3.431'. [ 157.418290][ T8] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 157.458745][ T6418] netlink: 32 bytes leftover after parsing attributes in process `syz.1.434'. [ 157.467970][ T8] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 0, changing to 7 [ 157.494478][ T8] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0xFF has invalid maxpacket 59391, setting to 1024 [ 157.520865][ T8] usb 3-1: config 168 descriptor has 1 excess byte, ignoring [ 157.536317][ T8] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 157.549626][ T8] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 0, changing to 7 [ 157.564213][ T8] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0xFF has invalid maxpacket 59391, setting to 1024 [ 157.599308][ T8] usb 3-1: config 168 descriptor has 1 excess byte, ignoring [ 157.608143][ T8] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 157.629477][ T8] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 0, changing to 7 [ 157.653037][ T6425] loop1: detected capacity change from 0 to 512 [ 157.657087][ T8] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0xFF has invalid maxpacket 59391, setting to 1024 [ 157.698864][ T6425] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2234: inode #15: comm syz.1.437: corrupted in-inode xattr: invalid ea_ino [ 157.700445][ T8] usb 3-1: string descriptor 0 read error: -22 [ 157.722154][ T6425] EXT4-fs error (device loop1): ext4_orphan_get:1399: comm syz.1.437: couldn't read orphan inode 15 (err -117) [ 157.730588][ T8] usb 3-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 157.751887][ T6425] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 157.772533][ T8] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 157.808873][ T8] adutux 3-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 158.134397][ T5820] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 158.240512][ T5154] usb 3-1: USB disconnect, device number 9 [ 158.267237][ T6445] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 158.287872][ T6448] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3) [ 158.294499][ T6448] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 158.323546][ T6448] vhci_hcd vhci_hcd.0: Device attached [ 158.330919][ T6452] netlink: 32 bytes leftover after parsing attributes in process `syz.1.448'. [ 158.554589][ T6462] ax25_connect(): syz.4.452 uses autobind, please contact jreuter@yaina.de [ 158.590047][ T6459] loop1: detected capacity change from 0 to 8 [ 158.619709][ T5154] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 158.635197][ T6459] SQUASHFS error: Failed to read block 0x4e8: -5 [ 158.651337][ T29] audit: type=1800 audit(1720002222.532:24): pid=6459 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.451" name="file1" dev="loop1" ino=5 res=0 errno=0 [ 158.679599][ T9] usb 10-1: SetAddress Request (6) to port 0 [ 158.685713][ T9] usb 10-1: new SuperSpeed USB device number 6 using vhci_hcd [ 158.809667][ T5154] usb 1-1: Using ep0 maxpacket: 16 [ 158.842399][ T4512] usb 5-1: new full-speed USB device number 8 using dummy_hcd [ 158.850824][ T5154] usb 1-1: config 0 has too many interfaces: 129, using maximum allowed: 32 [ 158.869755][ T5154] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 129 [ 158.889579][ T5154] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 158.922707][ T5154] usb 1-1: New USB device found, idVendor=077d, idProduct=0410, bcdDevice=ec.c1 [ 158.935261][ T5154] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 158.941582][ T6469] Zero length message leads to an empty skb [ 158.948628][ T5154] usb 1-1: Product: syz [ 158.972870][ T5154] usb 1-1: Manufacturer: syz [ 159.017177][ T5154] usb 1-1: SerialNumber: syz [ 159.031119][ T5154] usb 1-1: config 0 descriptor?? [ 159.049846][ T5154] powermate 1-1:0.0: probe with driver powermate failed with error -22 [ 159.055707][ T6475] netlink: 24 bytes leftover after parsing attributes in process `syz.2.454'. [ 159.063109][ T4512] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 159.086709][ T4512] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 159.105683][ T6475] tipc: Started in network mode [ 159.112488][ T4512] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 576, setting to 64 [ 159.129979][ T6475] tipc: Node identity 1, cluster identity 4711 [ 159.136977][ T6475] tipc: Node number set to 1 [ 159.147509][ T4512] usb 5-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22 [ 159.188735][ T4512] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 159.207323][ T4512] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 159.215670][ T4512] usb 5-1: SerialNumber: syz [ 159.226676][ T6462] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 159.234323][ T6462] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 159.254140][ T6480] netlink: 32 bytes leftover after parsing attributes in process `syz.1.459'. [ 159.254608][ T4512] cdc_acm 5-1:1.0: Control and data interfaces are not separated! [ 159.314499][ T5154] usb 1-1: USB disconnect, device number 10 [ 159.331956][ T6449] vhci_hcd: connection reset by peer [ 159.346200][ T2810] vhci_hcd: stop threads [ 159.355841][ T2810] vhci_hcd: release socket [ 159.388777][ T2810] vhci_hcd: disconnect device [ 159.524897][ T6462] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 159.553471][ T6462] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 159.585858][ T29] audit: type=1800 audit(1720002223.462:25): pid=6462 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.452" name="file2" dev="overlay" ino=464 res=0 errno=0 [ 159.608561][ T4512] cdc_acm 5-1:1.0: ttyACM0: USB ACM device [ 159.626990][ T4512] usb 5-1: USB disconnect, device number 8 [ 160.091205][ T6493] loop0: detected capacity change from 0 to 8 [ 160.155671][ T6498] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 160.178121][ T6493] SQUASHFS error: Failed to read block 0x4e8: -5 [ 160.203939][ T29] audit: type=1800 audit(1720002224.082:26): pid=6493 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.465" name="file1" dev="loop0" ino=5 res=0 errno=0 [ 160.239820][ T4512] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 160.289294][ T6501] loop4: detected capacity change from 0 to 512 [ 160.352086][ T6501] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 160.379037][ T6501] ext4 filesystem being mounted at /84/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 160.439790][ T4512] usb 3-1: Using ep0 maxpacket: 8 [ 160.446695][ T29] audit: type=1800 audit(1720002224.322:27): pid=6501 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.467" name="bus" dev="loop4" ino=18 res=0 errno=0 [ 160.463410][ T4512] usb 3-1: config 168 descriptor has 1 excess byte, ignoring [ 160.514785][ T4512] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 160.529690][ T29] audit: type=1800 audit(1720002224.342:28): pid=6501 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.467" name="bus" dev="loop4" ino=18 res=0 errno=0 [ 160.547067][ T4512] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 0, changing to 7 [ 160.584561][ T4512] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0xFF has invalid maxpacket 59391, setting to 1024 [ 160.616802][ T4512] usb 3-1: config 168 descriptor has 1 excess byte, ignoring [ 160.632068][ T4512] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 160.635152][ T5099] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 160.664122][ T4512] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 0, changing to 7 [ 160.695918][ T4512] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0xFF has invalid maxpacket 59391, setting to 1024 [ 160.721963][ T4512] usb 3-1: config 168 descriptor has 1 excess byte, ignoring [ 160.729765][ T4512] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 160.741649][ T4512] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 0, changing to 7 [ 160.753330][ T4512] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0xFF has invalid maxpacket 59391, setting to 1024 [ 160.771525][ T4512] usb 3-1: string descriptor 0 read error: -22 [ 160.777981][ T4512] usb 3-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 160.789073][ T4512] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 160.812913][ T4512] adutux 3-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 160.878722][ T6520] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3) [ 160.885560][ T6520] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 160.897142][ T6520] vhci_hcd vhci_hcd.0: Device attached [ 160.976704][ T6524] netlink: 24 bytes leftover after parsing attributes in process `syz.4.473'. [ 161.138731][ T6512] loop1: detected capacity change from 0 to 32768 [ 161.146769][ T6512] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.471 (6512) [ 161.172080][ T6512] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 161.182919][ T25] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 161.190711][ T6512] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 161.199358][ T6512] BTRFS info (device loop1): using free-space-tree [ 161.206841][ T4512] usb 16-1: SetAddress Request (6) to port 0 [ 161.214244][ T4512] usb 16-1: new SuperSpeed USB device number 6 using vhci_hcd [ 161.225121][ T928] usb 3-1: USB disconnect, device number 10 [ 161.276166][ T6512] BTRFS info (device loop1): rebuilding free space tree [ 161.390711][ T25] usb 4-1: Using ep0 maxpacket: 16 [ 161.401099][ T25] usb 4-1: config 0 has too many interfaces: 129, using maximum allowed: 32 [ 161.430660][ T25] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 129 [ 161.441351][ T25] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 161.457950][ T25] usb 4-1: New USB device found, idVendor=077d, idProduct=0410, bcdDevice=ec.c1 [ 161.467795][ T25] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 161.479357][ T25] usb 4-1: Product: syz [ 161.484176][ T25] usb 4-1: Manufacturer: syz [ 161.494769][ T25] usb 4-1: SerialNumber: syz [ 161.505048][ T25] usb 4-1: config 0 descriptor?? [ 161.514942][ T5113] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 161.522935][ T25] powermate 4-1:0.0: probe with driver powermate failed with error -22 [ 161.526779][ T5113] Bluetooth: hci2: Injecting HCI hardware error event [ 161.542556][ T5105] Bluetooth: hci2: hardware error 0x00 [ 161.554119][ T5820] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 161.768098][ T5154] usb 4-1: USB disconnect, device number 12 [ 161.789497][ T6521] vhci_hcd: connection reset by peer [ 161.816635][ T35] vhci_hcd: stop threads [ 161.824645][ T35] vhci_hcd: release socket [ 161.847286][ T35] vhci_hcd: disconnect device [ 162.482683][ T5109] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 162.493905][ T5109] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 162.507842][ T5109] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 162.518896][ T5109] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 162.529186][ T5109] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 162.544849][ T5109] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 162.798879][ T987] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 162.949130][ T6563] loop4: detected capacity change from 0 to 512 [ 162.994739][ T6565] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 163.044944][ T6563] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 163.058046][ T6563] ext4 filesystem being mounted at /87/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 163.064802][ T987] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 163.109245][ T29] audit: type=1800 audit(1720002226.982:29): pid=6563 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.483" name="bus" dev="loop4" ino=18 res=0 errno=0 [ 163.150544][ T29] audit: type=1800 audit(1720002227.012:30): pid=6563 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.483" name="bus" dev="loop4" ino=18 res=0 errno=0 [ 163.256703][ T987] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 163.277749][ T5099] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 163.467074][ T987] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 163.517961][ T6575] netlink: 24 bytes leftover after parsing attributes in process `syz.2.487'. [ 163.659740][ T5105] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 163.703599][ T6570] loop1: detected capacity change from 0 to 32768 [ 163.718590][ T6570] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.486 (6570) [ 163.745316][ T6570] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 163.757161][ T6570] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 163.766762][ T6570] BTRFS info (device loop1): using free-space-tree [ 163.819821][ T9] usb 10-1: device descriptor read/8, error -110 [ 163.876932][ T6570] BTRFS info (device loop1): rebuilding free space tree [ 163.916092][ T987] bridge_slave_1: left allmulticast mode [ 163.923153][ T987] bridge_slave_1: left promiscuous mode [ 163.931589][ T987] bridge0: port 2(bridge_slave_1) entered disabled state [ 163.994402][ T987] bridge_slave_0: left allmulticast mode [ 164.009541][ T987] bridge_slave_0: left promiscuous mode [ 164.020413][ T987] bridge0: port 1(bridge_slave_0) entered disabled state [ 164.052511][ T6605] loop3: detected capacity change from 0 to 128 [ 164.258351][ T5820] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 164.285789][ T9] usb usb10-port1: attempt power cycle [ 164.620099][ T5105] Bluetooth: hci0: command tx timeout [ 164.816731][ T987] team0: Port device geneve1 removed [ 164.836549][ T6616] ieee802154 phy0 wpan0: encryption failed: -22 [ 164.883528][ T987] bridge0 (unregistering): left allmulticast mode [ 164.951865][ T9] usb usb10-port1: unable to enumerate USB device [ 165.126671][ T6618] loop2: detected capacity change from 0 to 512 [ 165.244422][ T6618] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 165.308486][ T6618] ext4 filesystem being mounted at /101/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 165.396156][ T6625] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 165.441586][ T29] audit: type=1800 audit(1720002229.322:31): pid=6618 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.497" name="bus" dev="loop2" ino=18 res=0 errno=0 [ 165.466496][ T29] audit: type=1800 audit(1720002229.322:32): pid=6618 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.497" name="bus" dev="loop2" ino=18 res=0 errno=0 [ 165.515908][ T987] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 165.546712][ T987] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 165.582482][ T987] bond0 (unregistering): Released all slaves [ 165.608815][ T5104] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 165.645362][ T6550] chnl_net:caif_netlink_parms(): no params data found [ 165.902780][ T987] tipc: Left network mode [ 166.123543][ T6642] loop3: detected capacity change from 0 to 128 [ 166.268933][ T6639] netlink: 24 bytes leftover after parsing attributes in process `syz.1.502'. [ 166.300989][ T4512] usb 16-1: device descriptor read/8, error -110 [ 166.360749][ T6550] bridge0: port 1(bridge_slave_0) entered blocking state [ 166.368063][ T6550] bridge0: port 1(bridge_slave_0) entered disabled state [ 166.385987][ T6550] bridge_slave_0: entered allmulticast mode [ 166.413913][ T6550] bridge_slave_0: entered promiscuous mode [ 166.507955][ T6550] bridge0: port 2(bridge_slave_1) entered blocking state [ 166.524104][ T6550] bridge0: port 2(bridge_slave_1) entered disabled state [ 166.573655][ T6550] bridge_slave_1: entered allmulticast mode [ 166.615267][ T6550] bridge_slave_1: entered promiscuous mode [ 166.700596][ T5105] Bluetooth: hci0: command tx timeout [ 166.732375][ T987] hsr_slave_0: left promiscuous mode [ 166.771113][ T4512] usb usb16-port1: attempt power cycle [ 166.786253][ T987] hsr_slave_1: left promiscuous mode [ 166.852883][ T987] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 166.874399][ T987] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 166.902937][ T987] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 166.927631][ T987] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 167.006371][ T987] veth1_macvtap: left promiscuous mode [ 167.027291][ T987] veth0_macvtap: left promiscuous mode [ 167.046552][ T987] veth1_vlan: left promiscuous mode [ 167.088294][ T987] veth0_vlan: left promiscuous mode [ 167.145411][ T6657] loop1: detected capacity change from 0 to 512 [ 167.222097][ T6657] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 167.249355][ T6657] ext4 filesystem being mounted at /57/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 167.319583][ T29] audit: type=1800 audit(1720002231.182:33): pid=6657 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.509" name="bus" dev="loop1" ino=18 res=0 errno=0 [ 167.365947][ T29] audit: type=1800 audit(1720002231.182:34): pid=6657 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.509" name="bus" dev="loop1" ino=18 res=0 errno=0 [ 167.471272][ T4512] usb usb16-port1: unable to enumerate USB device [ 167.480050][ T5820] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 167.656668][ T6666] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 168.106739][ T6664] loop2: detected capacity change from 0 to 32768 [ 168.145687][ T6664] BTRFS: device fsid 92aec1fe-fee8-4e05-92dc-790b47b871d9 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.511 (6664) [ 168.163678][ T6664] BTRFS info (device loop2): first mount of filesystem 92aec1fe-fee8-4e05-92dc-790b47b871d9 [ 168.174231][ T6664] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 168.189942][ T6664] BTRFS info (device loop2): using free-space-tree [ 168.357543][ T6685] loop1: detected capacity change from 0 to 128 [ 168.562230][ T987] team0 (unregistering): Port device team_slave_1 removed [ 168.618986][ T987] team0 (unregistering): Port device team_slave_0 removed [ 168.718150][ T5104] BTRFS info (device loop2): last unmount of filesystem 92aec1fe-fee8-4e05-92dc-790b47b871d9 [ 168.780687][ T5105] Bluetooth: hci0: command tx timeout [ 169.426439][ T987] lo (unregistering): left allmulticast mode [ 169.474496][ T6550] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 169.499744][ T6692] netlink: 'syz.1.517': attribute type 10 has an invalid length. [ 169.584776][ T6692] team0: Port device geneve1 added [ 169.603853][ T6550] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 169.622436][ T6702] loop3: detected capacity change from 0 to 512 [ 169.688899][ T6702] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 169.721581][ T6702] ext4 filesystem being mounted at /108/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 169.780444][ T6550] team0: Port device team_slave_0 added [ 169.803334][ T6550] team0: Port device team_slave_1 added [ 169.832939][ T29] audit: type=1800 audit(1720002233.712:35): pid=6702 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.521" name="bus" dev="loop3" ino=18 res=0 errno=0 [ 169.864330][ T29] audit: type=1800 audit(1720002233.742:36): pid=6702 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.521" name="bus" dev="loop3" ino=18 res=0 errno=0 [ 169.955753][ T6550] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 169.964948][ T6550] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 170.050642][ T6550] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 170.085275][ T5100] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 170.138877][ T6550] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 170.169952][ T6550] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 170.237186][ T6711] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 170.269515][ T6550] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 170.335419][ T6717] loop4: detected capacity change from 0 to 512 [ 170.360891][ T6717] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem [ 170.398251][ T6718] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 170.426671][ T6717] EXT4-fs error (device loop4): ext4_orphan_get:1394: inode #15: comm syz.4.526: iget: bad i_size value: -67835469387268086 [ 170.455860][ T6550] hsr_slave_0: entered promiscuous mode [ 170.471348][ T6717] EXT4-fs error (device loop4): ext4_orphan_get:1399: comm syz.4.526: couldn't read orphan inode 15 (err -117) [ 170.485664][ T6550] hsr_slave_1: entered promiscuous mode [ 170.494150][ T6550] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 170.506186][ T6717] EXT4-fs (loop4): mounted filesystem f7ff0000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 170.521364][ T6550] Cannot create hsr debugfs directory [ 170.539346][ T6717] ext2 filesystem being mounted at /97/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 170.819245][ T5099] EXT4-fs (loop4): unmounting filesystem f7ff0000-0000-0000-0000-000000000000. [ 170.870016][ T5105] Bluetooth: hci0: command tx timeout [ 171.178468][ T6743] loop4: detected capacity change from 0 to 512 [ 171.231781][ T6743] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 171.313588][ T6743] ext4 filesystem being mounted at /101/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 171.383203][ T6550] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 171.414676][ T6550] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 171.445576][ T6550] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 171.499205][ T6550] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 171.680793][ T5099] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 171.869163][ T6753] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 172.000506][ T6760] loop2: detected capacity change from 0 to 512 [ 172.004733][ T6550] 8021q: adding VLAN 0 to HW filter on device bond0 [ 172.015421][ T6760] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem [ 172.044243][ T6760] EXT4-fs error (device loop2): ext4_orphan_get:1394: inode #15: comm syz.2.539: iget: bad i_size value: -67835469387268086 [ 172.064749][ T6760] EXT4-fs error (device loop2): ext4_orphan_get:1399: comm syz.2.539: couldn't read orphan inode 15 (err -117) [ 172.103716][ T5154] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 172.134779][ T6760] EXT4-fs (loop2): mounted filesystem f7ff0000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 172.160713][ T6550] 8021q: adding VLAN 0 to HW filter on device team0 [ 172.170946][ T6760] ext2 filesystem being mounted at /110/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 172.241298][ T928] bridge0: port 1(bridge_slave_0) entered blocking state [ 172.248468][ T928] bridge0: port 1(bridge_slave_0) entered forwarding state [ 172.276507][ T5104] EXT4-fs (loop2): unmounting filesystem f7ff0000-0000-0000-0000-000000000000. [ 172.294128][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 172.301458][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 172.322190][ T5154] usb 5-1: Using ep0 maxpacket: 32 [ 172.370419][ T5154] usb 5-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be [ 172.417157][ T5154] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 172.466079][ T5154] usb 5-1: config 0 descriptor?? [ 172.475380][ T6770] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 172.492240][ T5154] gspca_main: vc032x-2.14.0 probing 0ac8:0321 [ 172.555371][ T6772] netlink: 'syz.2.543': attribute type 10 has an invalid length. [ 172.713141][ T5154] gspca_vc032x: reg_r err -32 [ 172.717912][ T5154] gspca_vc032x: I2c Bus Busy Wait 00 [ 172.734301][ T5154] gspca_vc032x: I2c Bus Busy Wait 00 [ 172.752525][ T5154] gspca_vc032x: I2c Bus Busy Wait 00 [ 172.757976][ T5154] gspca_vc032x: I2c Bus Busy Wait 00 [ 172.796242][ T5154] gspca_vc032x: I2c Bus Busy Wait 00 [ 172.809697][ T5154] gspca_vc032x: I2c Bus Busy Wait 00 [ 172.821499][ T5154] gspca_vc032x: I2c Bus Busy Wait 00 [ 172.835077][ T5154] gspca_vc032x: I2c Bus Busy Wait 00 [ 172.868002][ T5154] gspca_vc032x: I2c Bus Busy Wait 00 [ 172.887677][ T5154] gspca_vc032x: I2c Bus Busy Wait 00 [ 172.893685][ T5154] gspca_vc032x: I2c Bus Busy Wait 00 [ 172.909835][ T5154] gspca_vc032x: I2c Bus Busy Wait 00 [ 172.915185][ T5154] gspca_vc032x: I2c Bus Busy Wait 00 [ 172.929784][ T58] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 172.941116][ T5154] gspca_vc032x: I2c Bus Busy Wait 00 [ 172.956112][ T5154] gspca_vc032x: I2c Bus Busy Wait 00 [ 172.962827][ T5154] gspca_vc032x: I2c Bus Busy Wait 00 [ 172.971802][ T5154] gspca_vc032x: I2c Bus Busy Wait 00 [ 172.977247][ T5154] gspca_vc032x: I2c Bus Busy Wait 00 [ 172.983093][ T5154] gspca_vc032x: Unknown sensor... [ 172.995216][ T5154] vc032x 5-1:0.0: probe with driver vc032x failed with error -22 [ 173.018606][ T6550] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 173.129564][ T58] usb 2-1: Using ep0 maxpacket: 16 [ 173.180623][ T6550] veth0_vlan: entered promiscuous mode [ 173.188977][ T58] usb 2-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 173.204837][ T6784] loop3: detected capacity change from 0 to 512 [ 173.230660][ T6550] veth1_vlan: entered promiscuous mode [ 173.249268][ T58] usb 2-1: New USB device found, idVendor=1f4d, idProduct=3100, bcdDevice=90.a2 [ 173.280023][ T58] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 173.288176][ T58] usb 2-1: Product: syz [ 173.321639][ T58] usb 2-1: Manufacturer: syz [ 173.326338][ T58] usb 2-1: SerialNumber: syz [ 173.330633][ T6784] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 173.354855][ T6550] veth0_macvtap: entered promiscuous mode [ 173.371310][ T58] usb 2-1: config 0 descriptor?? [ 173.382216][ T6784] ext4 filesystem being mounted at /113/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 173.392599][ T58] dvb-usb: found a 'X3M TV SPC1400HD PCI' in warm state. [ 173.397100][ T6550] veth1_macvtap: entered promiscuous mode [ 173.410656][ T58] dw2102: su3000_power_ctrl: 1, initialized 0 [ 173.416819][ T58] dvb-usb: bulk message failed: -22 (2/0) [ 173.443563][ T58] dvb-usb: X3M TV SPC1400HD PCI error while loading driver (-22) [ 173.514373][ T29] audit: type=1800 audit(1720002237.382:37): pid=6784 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.546" name="bus" dev="loop3" ino=18 res=0 errno=0 [ 173.569615][ T29] audit: type=1800 audit(1720002237.412:38): pid=6784 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.546" name="bus" dev="loop3" ino=18 res=0 errno=0 [ 173.591313][ T6550] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 173.610774][ T6550] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 173.621015][ T6550] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 173.631952][ T6550] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 173.644521][ T6550] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 173.655464][ T6550] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 173.671334][ T6550] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 173.688934][ T6550] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 173.699321][ T6550] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 173.711251][ T6550] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 173.735510][ T6550] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 173.813078][ T6550] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 173.836931][ T5100] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 173.846032][ T6550] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 173.870012][ T6550] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 173.888459][ T6550] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 173.906571][ T6550] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 173.930614][ T6550] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 173.945167][ T6550] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 173.968993][ T6550] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 174.002237][ T6550] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 174.037830][ T6550] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 174.060035][ T6796] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 174.085297][ T6550] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 174.155513][ T6550] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 174.176985][ T6550] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 174.188644][ T6550] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 174.201838][ T6550] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 174.474299][ T987] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 174.499015][ T6803] loop3: detected capacity change from 0 to 128 [ 174.515345][ T987] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 174.604823][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 174.630392][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 174.926770][ T928] usb 5-1: USB disconnect, device number 9 [ 175.313767][ T29] audit: type=1326 audit(1720002239.192:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6816 comm="syz.4.554" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6503d75b99 code=0x7ffc0000 [ 175.344352][ T928] usb 2-1: USB disconnect, device number 5 [ 175.355104][ T29] audit: type=1326 audit(1720002239.192:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6816 comm="syz.4.554" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6503d75b99 code=0x7ffc0000 [ 175.396651][ T29] audit: type=1326 audit(1720002239.192:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6816 comm="syz.4.554" exe="/root/syz-executor" sig=0 arch=c000003e syscall=59 compat=0 ip=0x7f6503d75b99 code=0x7ffc0000 [ 175.431174][ T5154] usb 1-1: new full-speed USB device number 11 using dummy_hcd [ 175.465190][ T29] audit: type=1326 audit(1720002239.192:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6816 comm="syz.4.554" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6503d75b99 code=0x7ffc0000 [ 175.488838][ T29] audit: type=1326 audit(1720002239.192:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6816 comm="syz.4.554" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6503d75b99 code=0x7ffc0000 [ 175.586843][ T6820] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 175.715354][ T5154] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 175.738346][ T5154] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 175.756983][ T5154] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 576, setting to 64 [ 175.767895][ T5154] usb 1-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22 [ 175.816284][ T5154] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 175.827051][ T5154] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 175.838770][ T5154] usb 1-1: SerialNumber: syz [ 175.886738][ T6815] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 175.924733][ T6815] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 175.942500][ T5154] cdc_acm 1-1:1.0: Control and data interfaces are not separated! [ 176.055206][ T6827] loop4: detected capacity change from 0 to 512 [ 176.086413][ T6828] loop2: detected capacity change from 0 to 512 [ 176.128335][ T6827] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 176.159058][ T6827] ext4 filesystem being mounted at /104/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 176.178143][ T6828] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 176.206928][ T6814] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 176.210340][ T6828] ext4 filesystem being mounted at /119/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 176.239718][ T6814] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 176.287064][ T29] audit: type=1800 audit(1720002240.162:44): pid=6828 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.558" name="bus" dev="loop2" ino=18 res=0 errno=0 [ 176.339060][ T5154] cdc_acm 1-1:1.0: ttyACM0: USB ACM device [ 176.344031][ T29] audit: type=1800 audit(1720002240.162:45): pid=6814 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.477" name="file2" dev="overlay" ino=26 res=0 errno=0 [ 176.363176][ T5154] usb 1-1: USB disconnect, device number 11 [ 176.369011][ T29] audit: type=1800 audit(1720002240.182:46): pid=6828 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.558" name="bus" dev="loop2" ino=18 res=0 errno=0 [ 176.434949][ T5099] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 176.474783][ T5104] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 176.595999][ T6836] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 176.928808][ T6841] loop4: detected capacity change from 0 to 512 [ 177.004000][ T6841] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 177.162904][ T6841] ext4 filesystem being mounted at /106/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 177.282246][ T5099] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 177.744796][ T6862] loop0: detected capacity change from 0 to 128 [ 177.772494][ T6862] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 177.788188][ T6862] ext4 filesystem being mounted at /4/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 177.902346][ T6865] loop2: detected capacity change from 0 to 512 [ 177.945446][ T6865] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 177.969847][ T6865] ext4 filesystem being mounted at /122/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 178.059331][ T5104] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 178.217612][ T6871] loop2: detected capacity change from 0 to 512 [ 178.298047][ T6550] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 178.302640][ T6871] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 178.309585][ T5186] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 178.321166][ T6871] ext4 filesystem being mounted at /123/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 178.556889][ T5104] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 178.569863][ T6877] futex_wake_op: syz.0.572 tries to shift op by 32; fix this program [ 178.820581][ T5186] usb 5-1: Using ep0 maxpacket: 16 [ 178.828982][ T5186] usb 5-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 178.844346][ T5186] usb 5-1: New USB device found, idVendor=1f4d, idProduct=3100, bcdDevice=90.a2 [ 178.853709][ T5186] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 178.862133][ T5186] usb 5-1: Product: syz [ 178.866502][ T5186] usb 5-1: Manufacturer: syz [ 178.871355][ T5186] usb 5-1: SerialNumber: syz [ 178.884991][ T5186] usb 5-1: config 0 descriptor?? [ 178.929180][ T5186] dvb-usb: found a 'X3M TV SPC1400HD PCI' in warm state. [ 178.938525][ T5186] dw2102: su3000_power_ctrl: 1, initialized 0 [ 179.030398][ T6881] loop0: detected capacity change from 0 to 256 [ 179.060782][ T5186] dvb-usb: bulk message failed: -22 (2/0) [ 179.588461][ T5186] dvb-usb: X3M TV SPC1400HD PCI error while loading driver (-22) [ 179.624395][ T5186] usb 5-1: USB disconnect, device number 10 [ 179.673584][ T6884] loop2: detected capacity change from 0 to 512 [ 179.749236][ T6884] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem [ 179.839763][ T6884] EXT4-fs error (device loop2): ext4_orphan_get:1394: inode #15: comm syz.2.574: iget: bad i_size value: -67835469387268086 [ 179.868116][ T6884] EXT4-fs error (device loop2): ext4_orphan_get:1399: comm syz.2.574: couldn't read orphan inode 15 (err -117) [ 179.902308][ T6884] EXT4-fs (loop2): mounted filesystem f7ff0000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 179.918269][ T6884] ext2 filesystem being mounted at /125/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 180.064215][ T5104] EXT4-fs (loop2): unmounting filesystem f7ff0000-0000-0000-0000-000000000000. [ 180.944541][ C0] DEBUG: holding rtnl_mutex for 588 jiffies. [ 180.951204][ C0] task:syz.3.553 state:R running task stack:24464 pid:6810 tgid:6810 ppid:5100 flags:0x0000400e [ 180.963044][ C0] Call Trace: [ 180.966335][ C0] [ 180.969190][ C0] sched_show_task+0x506/0x6d0 [ 180.974043][ C0] ? report_rtnl_holders+0x29e/0x3f0 [ 180.979620][ C0] ? __pfx__printk+0x10/0x10 [ 180.984514][ C0] ? __pfx_sched_show_task+0x10/0x10 [ 180.989845][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 180.995783][ C0] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 181.002181][ C0] report_rtnl_holders+0x320/0x3f0 [ 181.007341][ C0] call_timer_fn+0x18e/0x650 [ 181.011971][ C0] ? call_timer_fn+0xc0/0x650 [ 181.016653][ C0] ? __pfx_report_rtnl_holders+0x10/0x10 [ 181.022381][ C0] ? __pfx_call_timer_fn+0x10/0x10 [ 181.027555][ C0] ? __pfx_report_rtnl_holders+0x10/0x10 [ 181.033302][ C0] ? __pfx_report_rtnl_holders+0x10/0x10 [ 181.039066][ C0] ? __pfx_report_rtnl_holders+0x10/0x10 [ 181.044989][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 181.050294][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 181.055598][ C0] ? __pfx_report_rtnl_holders+0x10/0x10 [ 181.061328][ C0] __run_timer_base+0x66a/0x8e0 [ 181.066260][ C0] ? __pfx___run_timer_base+0x10/0x10 [ 181.071725][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 181.078099][ C0] run_timer_softirq+0xb7/0x170 [ 181.083016][ C0] handle_softirqs+0x2c4/0x970 [ 181.087825][ C0] ? __irq_exit_rcu+0xf4/0x1c0 [ 181.092658][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 181.097990][ C0] ? irqtime_account_irq+0xd4/0x1e0 [ 181.103263][ C0] __irq_exit_rcu+0xf4/0x1c0 [ 181.107920][ C0] ? __pfx___irq_exit_rcu+0x10/0x10 [ 181.113213][ C0] irq_exit_rcu+0x9/0x30 [ 181.117475][ C0] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 181.123192][ C0] [ 181.126142][ C0] [ 181.129833][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 181.135861][ C0] RIP: 0010:preempt_schedule_irq+0xf6/0x1c0 [ 181.141832][ C0] Code: 89 f5 49 c1 ed 03 eb 0d 48 f7 03 08 00 00 00 0f 84 8b 00 00 00 bf 01 00 00 00 e8 15 24 c8 f5 e8 10 c3 00 f6 fb bf 01 00 00 00 55 ad ff ff 43 80 7c 3d 00 00 74 08 4c 89 f7 e8 45 de 5f f6 48 [ 181.161751][ C0] RSP: 0018:ffffc900092176a0 EFLAGS: 00000286 [ 181.167896][ C0] RAX: 2a7168357ac65700 RBX: 1ffff92001242edc RCX: ffffffff816fddda [ 181.175949][ C0] RDX: dffffc0000000000 RSI: ffffffff8bcac900 RDI: 0000000000000001 [ 181.184107][ C0] RBP: ffffc90009217760 R08: ffffffff9301078f R09: 1ffffffff26020f1 [ 181.192188][ C0] R10: dffffc0000000000 R11: fffffbfff26020f2 R12: 1ffff92001242ed4 [ 181.200267][ C0] R13: 1ffff92001242ed8 R14: ffffc900092176c0 R15: dffffc0000000000 [ 181.208328][ C0] ? mark_lock+0x9a/0x360 [ 181.212864][ C0] ? __pfx_preempt_schedule_irq+0x10/0x10 [ 181.218642][ C0] ? __pfx_pfifo_fast_destroy+0x10/0x10 [ 181.224343][ C0] irqentry_exit+0x5e/0x90 [ 181.228822][ C0] asm_sysvec_reschedule_ipi+0x1a/0x20 [ 181.234383][ C0] RIP: 0010:lockdep_unregister_key+0x56d/0x610 [ 181.240644][ C0] Code: ff 92 48 c7 c6 10 bc 6f 81 e8 8f 04 0a 00 e8 fa 18 0a 00 e9 e5 fb ff ff e8 c0 62 21 0a 41 f7 c7 00 02 00 00 74 d0 fb 45 84 f6 <75> cf eb e0 90 0f 0b 90 45 31 f6 e9 62 ff ff ff 90 0f 0b 90 e9 a1 [ 181.260363][ C0] RSP: 0018:ffffc90009217820 EFLAGS: 00000246 [ 181.266582][ C0] RAX: dffffc0000000000 RBX: 1ffff92001242f0c RCX: ffffffff947f4803 [ 181.274767][ C0] RDX: 0000000000000001 RSI: ffffffff8bcad5e0 RDI: ffffffff8c207f20 [ 181.282841][ C0] RBP: ffffc900092178f8 R08: ffffffff93006097 R09: 1ffffffff2600c12 [ 181.290913][ C0] R10: dffffc0000000000 R11: fffffbfff2600c13 R12: ffffc90009217860 [ 181.298970][ C0] R13: 1ffff92001242f08 R14: 0000000000000000 R15: 0000000000000a07 [ 181.307073][ C0] ? __pfx_lockdep_unregister_key+0x10/0x10 [ 181.313589][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 181.318861][ C0] ? __qdisc_destroy+0x150/0x410 [ 181.323906][ C0] ? kfree+0x149/0x360 [ 181.328140][ C0] ? __pfx_pfifo_fast_destroy+0x10/0x10 [ 181.333799][ C0] __qdisc_destroy+0x165/0x410 [ 181.338657][ C0] dev_shutdown+0x9b/0x440 [ 181.343216][ C0] unregister_netdevice_many_notify+0x9c7/0x1d20 [ 181.349741][ C0] ? __lock_acquire+0x1359/0x2000 [ 181.354860][ C0] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 181.361774][ C0] ? __asan_memset+0x23/0x50 [ 181.366465][ C0] ? skb_queue_purge_reason+0x2de/0x500 [ 181.372176][ C0] ? __asan_memset+0x23/0x50 [ 181.376947][ C0] ? skb_queue_purge_reason+0x2de/0x500 [ 181.382654][ C0] ? do_raw_spin_unlock+0x13c/0x8b0 [ 181.387940][ C0] unregister_netdevice_queue+0x303/0x370 [ 181.393910][ C0] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 181.400290][ C0] __tun_detach+0x6b6/0x1600 [ 181.404980][ C0] tun_chr_close+0x108/0x1b0 [ 181.409888][ C0] ? __pfx_tun_chr_close+0x10/0x10 [ 181.415058][ C0] __fput+0x24a/0x8a0 [ 181.419286][ C0] task_work_run+0x24f/0x310 [ 181.424241][ C0] ? __pfx_task_work_run+0x10/0x10 [ 181.429480][ C0] ? syscall_exit_to_user_mode+0xa3/0x370 [ 181.435271][ C0] syscall_exit_to_user_mode+0x168/0x370 [ 181.441034][ C0] do_syscall_64+0x100/0x230 [ 181.445669][ C0] ? clear_bhb_loop+0x35/0x90 [ 181.450471][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 181.456428][ C0] RIP: 0033:0x7f4922d75b99 [ 181.461068][ C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 181.480851][ C0] RSP: 002b:00007ffd53764538 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 181.489491][ C0] RAX: 0000000000000000 RBX: 00007f4922f05a60 RCX: 00007f4922d75b99 [ 181.497519][ C0] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 181.505584][ C0] RBP: 00007f4922f05a60 R08: 00007f4922401000 R09: 0000000b5376486f [ 181.513719][ C0] R10: 00000000003ffd24 R11: 0000000000000246 R12: 000000000002adb5 [ 181.521984][ C0] R13: 0000000000000032 R14: 00007f4922f05a60 R15: 00007f4922f04038 [ 181.530067][ C0] [ 181.533183][ C0] DEBUG: waiting rtnl_mutex for 627 jiffies. [ 181.539217][ C0] task:kworker/u8:8 state:D stack:20536 pid:2810 tgid:2810 ppid:2 flags:0x00004000 [ 181.549502][ C0] Workqueue: ipv6_addrconf addrconf_dad_work [ 181.555557][ C0] Call Trace: [ 181.558911][ C0] [ 181.561965][ C0] __schedule+0x1800/0x4a60 [ 181.566550][ C0] ? __pfx___schedule+0x10/0x10 [ 181.571518][ C0] ? __pfx_lock_release+0x10/0x10 [ 181.576698][ C0] ? __mutex_trylock_common+0x92/0x2e0 [ 181.582292][ C0] ? kthread_data+0x52/0xd0 [ 181.586866][ C0] ? schedule+0x90/0x320 [ 181.591238][ C0] ? wq_worker_sleeping+0x66/0x240 [ 181.596423][ C0] ? schedule+0x90/0x320 [ 181.600820][ C0] schedule+0x14b/0x320 [ 181.605219][ C0] schedule_preempt_disabled+0x13/0x30 [ 181.610805][ C0] __mutex_lock+0x6a4/0xd70 [ 181.615378][ C0] ? mark_lock+0x9a/0x360 [ 181.619829][ C0] ? __mutex_lock+0x527/0xd70 [ 181.624665][ C0] ? addrconf_dad_work+0xd0/0x16f0 [ 181.629890][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 181.635000][ C0] ? get_rtnl_holder+0x144/0x190 [ 181.640073][ C0] addrconf_dad_work+0xd0/0x16f0 [ 181.645086][ C0] ? __pfx_addrconf_dad_work+0x10/0x10 [ 181.650679][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 181.657174][ C0] ? process_scheduled_works+0x945/0x1830 [ 181.663027][ C0] process_scheduled_works+0xa2c/0x1830 [ 181.668700][ C0] ? __pfx_process_scheduled_works+0x10/0x10 [ 181.675049][ C0] ? assign_work+0x364/0x3d0 [ 181.679753][ C0] worker_thread+0x86d/0xd40 [ 181.684418][ C0] ? __kthread_parkme+0x169/0x1d0 [ 181.689645][ C0] ? __pfx_worker_thread+0x10/0x10 [ 181.694949][ C0] kthread+0x2f0/0x390 [ 181.699133][ C0] ? __pfx_worker_thread+0x10/0x10 [ 181.704583][ C0] ? __pfx_kthread+0x10/0x10 [ 181.709330][ C0] ret_from_fork+0x4b/0x80 [ 181.713891][ C0] ? __pfx_kthread+0x10/0x10 [ 181.718543][ C0] ret_from_fork_asm+0x1a/0x30 [ 181.723452][ C0] [ 181.726535][ C0] DEBUG: waiting rtnl_mutex for 611 jiffies. [ 181.732583][ C0] task:syz.1.555 state:D stack:25984 pid:6820 tgid:6819 ppid:5820 flags:0x00004004 [ 181.742858][ C0] Call Trace: [ 181.746178][ C0] [ 181.749153][ C0] __schedule+0x1800/0x4a60 [ 181.753816][ C0] ? __pfx___schedule+0x10/0x10 [ 181.758760][ C0] ? __pfx_lock_release+0x10/0x10 [ 181.763920][ C0] ? __mutex_trylock_common+0x92/0x2e0 [ 181.769526][ C0] ? schedule+0x90/0x320 [ 181.773841][ C0] schedule+0x14b/0x320 [ 181.778073][ C0] schedule_preempt_disabled+0x13/0x30 [ 181.783678][ C0] __mutex_lock+0x6a4/0xd70 [ 181.788334][ C0] ? __mutex_lock+0x527/0xd70 [ 181.793161][ C0] ? nl802154_pre_doit+0xb5/0xac0 [ 181.798361][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 181.803538][ C0] ? get_rtnl_holder+0x144/0x190 [ 181.808538][ C0] nl802154_pre_doit+0xb5/0xac0 [ 181.813719][ C0] ? __nla_parse+0x40/0x60 [ 181.818215][ C0] ? __pfx_nl802154_pre_doit+0x10/0x10 [ 181.824152][ C0] ? genl_family_rcv_msg_attrs_parse+0x1d1/0x290 [ 181.830651][ C0] genl_rcv_msg+0xaaa/0xec0 [ 181.835224][ C0] ? mark_lock+0x9a/0x360 [ 181.839670][ C0] ? __pfx_genl_rcv_msg+0x10/0x10 [ 181.844790][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 181.850032][ C0] ? __pfx_nl802154_pre_doit+0x10/0x10 [ 181.855547][ C0] ? __pfx_nl802154_wpan_phy_netns+0x10/0x10 [ 181.861886][ C0] ? __pfx_nl802154_post_doit+0x10/0x10 [ 181.867593][ C0] ? __pfx___might_resched+0x10/0x10 [ 181.873016][ C0] netlink_rcv_skb+0x1e3/0x430 [ 181.877852][ C0] ? __pfx_genl_rcv_msg+0x10/0x10 [ 181.883044][ C0] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 181.888445][ C0] genl_rcv+0x28/0x40 [ 181.892566][ C0] netlink_unicast+0x7f0/0x990 [ 181.897420][ C0] ? __pfx_netlink_unicast+0x10/0x10 [ 181.902823][ C0] ? __virt_addr_valid+0x183/0x530 [ 181.908015][ C0] ? __check_object_size+0x49c/0x900 [ 181.913621][ C0] ? bpf_lsm_netlink_send+0x9/0x10 [ 181.918799][ C0] netlink_sendmsg+0x8e4/0xcb0 [ 181.923688][ C0] ? __pfx_netlink_sendmsg+0x10/0x10 [ 181.929046][ C0] ? __import_iovec+0x536/0x820 [ 181.934043][ C0] ? aa_sock_msg_perm+0x91/0x160 [ 181.939056][ C0] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 181.944468][ C0] ? security_socket_sendmsg+0x87/0xb0 [ 181.950069][ C0] ? __pfx_netlink_sendmsg+0x10/0x10 [ 181.955506][ C0] __sock_sendmsg+0x221/0x270 [ 181.960336][ C0] ____sys_sendmsg+0x525/0x7d0 [ 181.965223][ C0] ? __pfx_____sys_sendmsg+0x10/0x10 [ 181.970611][ C0] __sys_sendmsg+0x2b0/0x3a0 [ 181.975274][ C0] ? __pfx___sys_sendmsg+0x10/0x10 [ 181.980552][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 181.986945][ C0] ? do_syscall_64+0x100/0x230 [ 181.991897][ C0] ? do_syscall_64+0xb6/0x230 [ 181.996639][ C0] do_syscall_64+0xf3/0x230 [ 182.001256][ C0] ? clear_bhb_loop+0x35/0x90 [ 182.005991][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 182.011999][ C0] RIP: 0033:0x7f95fef75b99 [ 182.016467][ C0] RSP: 002b:00007f95ffd6d048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 182.024995][ C0] RAX: ffffffffffffffda RBX: 00007f95ff103f60 RCX: 00007f95fef75b99 [ 182.033342][ C0] RDX: 0000000020000080 RSI: 0000000020000780 RDI: 0000000000000007 [ 182.041448][ C0] RBP: 00007f95fefe4a7a R08: 0000000000000000 R09: 0000000000000000 [ 182.049513][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 182.057543][ C0] R13: 000000000000000b R14: 00007f95ff103f60 R15: 00007ffd5ea45e28 [ 182.065661][ C0] [ 182.068727][ C0] [ 182.068727][ C0] Showing all locks held in the system: [ 182.076584][ C0] 2 locks held by kworker/u8:5/987: [ 182.082359][ C0] 4 locks held by kworker/u8:7/2798: [ 182.087686][ C0] #0: ffff88801b2cc948 ((wq_completion)writeback){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 182.099065][ C0] #1: ffffc900094cfd00 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 182.111673][ C0] #2: ffff88802cc4e0e0 (&type->s_umount_key#32){++++}-{3:3}, at: super_trylock_shared+0x22/0xf0 [ 182.122358][ C0] #3: ffff88802cc50b98 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: ext4_writepages+0x1bf/0x3c0 [ 182.133270][ C0] 3 locks held by kworker/u8:8/2810: [ 182.138594][ C0] #0: ffff88802ab21948 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 182.150320][ C0] #1: ffffc9000971fd00 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 182.163343][ C0] #2: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_dad_work+0xd0/0x16f0 [ 182.172930][ C0] 2 locks held by getty/4853: [ 182.177664][ C0] #0: ffff88802b5340a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 182.187604][ C0] #1: ffffc90002efe2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b5/0x1e10 [ 182.197850][ C0] 3 locks held by syz.3.553/6810: [ 182.203069][ C0] #0: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3e/0x1b0 [ 182.212162][ C0] #1: ffffc90000007c00 (net/core/rtnetlink.c:83){+.-.}-{0:0}, at: call_timer_fn+0xc0/0x650 [ 182.222425][ C0] #2: ffffffff8e335860 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 [ 182.232390][ C0] 3 locks held by syz.1.555/6820: [ 182.237454][ C0] #0: ffffffff8f668fb0 (cb_lock){++++}-{3:3}, at: genl_rcv+0x19/0x40 [ 182.245898][ C0] #1: ffffffff8f668e68 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x121/0xec0 [ 182.255010][ C0] #2: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: nl802154_pre_doit+0xb5/0xac0 [ 182.264524][ C0] 1 lock held by syz.4.577/6900: [ 182.269547][ C0] 1 lock held by syz.0.579/6904: [ 182.274544][ C0] #0: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: __tun_chr_ioctl+0x48f/0x2400 [ 182.284049][ C0] 1 lock held by syz.0.579/6905: [ 182.289036][ C0] #0: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3e/0x1b0 [ 182.298182][ C0] [ 182.300590][ C0] ============================================= [ 182.300590][ C0] [ 182.324870][ T6907] loop2: detected capacity change from 0 to 1024 [ 182.333165][ T6907] EXT4-fs: Ignoring removed nomblk_io_submit option [ 182.408744][ T6907] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003] [ 182.418448][ T6907] System zones: 0-1, 3-36 [ 182.447619][ T6907] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 182.561536][ T5104] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 182.723766][ T6910] loop2: detected capacity change from 0 to 128 [ 182.778822][ T6910] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 182.807465][ T6910] ext4 filesystem being mounted at /128/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 182.841089][ T6915] loop1: detected capacity change from 0 to 512 [ 182.930833][ T6915] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 182.999821][ T6915] ext4 filesystem being mounted at /69/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 183.060241][ T29] kauditd_printk_skb: 14 callbacks suppressed [ 183.060261][ T29] audit: type=1800 audit(1720002246.942:61): pid=6915 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.583" name="bus" dev="loop1" ino=18 res=0 errno=0 [ 183.095621][ T29] audit: type=1800 audit(1720002246.962:62): pid=6915 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.583" name="bus" dev="loop1" ino=18 res=0 errno=0 [ 183.213050][ T5104] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 183.291971][ T5820] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 183.558045][ T6938] loop3: detected capacity change from 0 to 1024 [ 183.591201][ T6938] EXT4-fs: Ignoring removed nomblk_io_submit option [ 183.633182][ T6938] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003] [ 183.657504][ T6938] System zones: 0-1, 3-36 [ 183.704302][ T6938] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 183.789703][ T6947] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 183.941823][ T5100] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 184.019586][ T5154] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 184.219839][ T5154] usb 3-1: Using ep0 maxpacket: 16 [ 184.242469][ T5154] usb 3-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 184.270866][ T5154] usb 3-1: New USB device found, idVendor=1f4d, idProduct=3100, bcdDevice=90.a2 [ 184.284205][ T5154] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 184.299632][ T5154] usb 3-1: Product: syz [ 184.311717][ T5154] usb 3-1: Manufacturer: syz [ 184.326329][ T5154] usb 3-1: SerialNumber: syz [ 184.340732][ T5154] usb 3-1: config 0 descriptor?? [ 184.354143][ T5154] dvb-usb: found a 'X3M TV SPC1400HD PCI' in warm state. [ 184.361765][ T5154] dw2102: su3000_power_ctrl: 1, initialized 0 [ 184.367909][ T5154] dvb-usb: bulk message failed: -22 (2/0) [ 184.421091][ T5154] dvb-usb: X3M TV SPC1400HD PCI error while loading driver (-22) [ 184.446496][ T6958] loop0: detected capacity change from 0 to 128 [ 184.533788][ T6958] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 184.564520][ T6965] loop3: detected capacity change from 0 to 512 [ 184.564828][ T5191] usb 3-1: USB disconnect, device number 11 [ 184.578287][ T6958] ext4 filesystem being mounted at /13/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 184.623413][ T6961] pim6reg1: entered promiscuous mode [ 184.629059][ T6961] pim6reg1: entered allmulticast mode [ 184.662825][ T6965] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 184.696976][ T6965] ext4 filesystem being mounted at /122/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 184.801388][ T29] audit: type=1800 audit(1720002248.672:63): pid=6965 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.600" name="bus" dev="loop3" ino=18 res=0 errno=0 [ 184.807463][ T6973] loop4: detected capacity change from 0 to 128 [ 184.870882][ T29] audit: type=1800 audit(1720002248.682:64): pid=6965 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.600" name="bus" dev="loop3" ino=18 res=0 errno=0 [ 184.897346][ T6550] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 184.917032][ T6975] loop1: detected capacity change from 0 to 128 [ 184.966815][ T5100] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 185.068729][ T6979] loop4: detected capacity change from 0 to 1024 [ 185.092501][ T6979] EXT4-fs: Ignoring removed nomblk_io_submit option [ 185.124398][ T6979] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003] [ 185.163970][ T6979] System zones: 0-1, 3-36 [ 185.185487][ T6979] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 185.206953][ T6987] loop3: detected capacity change from 0 to 512 [ 185.236389][ T6987] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 185.293832][ T6987] EXT4-fs error (device loop3): ext4_orphan_get:1394: inode #15: comm syz.3.607: iget: bad i_size value: -67835469387268086 [ 185.324676][ T6987] EXT4-fs error (device loop3): ext4_orphan_get:1399: comm syz.3.607: couldn't read orphan inode 15 (err -117) [ 185.351563][ T5099] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 185.366444][ T6993] netlink: 'syz.2.611': attribute type 11 has an invalid length. [ 185.375879][ T6993] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.611'. [ 185.403282][ T6987] EXT4-fs (loop3): mounted filesystem f7ff0000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 185.455592][ T6997] loop1: detected capacity change from 0 to 128 [ 185.457657][ T6987] ext2 filesystem being mounted at /124/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 185.515890][ T5100] EXT4-fs (loop3): unmounting filesystem f7ff0000-0000-0000-0000-000000000000. [ 185.532638][ T6997] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 185.550320][ T6997] ext4 filesystem being mounted at /74/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 185.607441][ T7003] pim6reg1: entered promiscuous mode [ 185.613345][ T7003] pim6reg1: entered allmulticast mode [ 185.676919][ T7005] loop3: detected capacity change from 0 to 128 [ 185.780672][ T5154] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 185.834206][ T7009] loop2: detected capacity change from 0 to 128 [ 185.853518][ T5820] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 185.993774][ T5154] usb 5-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08 [ 186.030243][ T5154] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 186.071818][ T5154] usb 5-1: config 0 descriptor?? [ 186.081178][ T5154] gspca_main: cpia1-2.14.0 probing 0813:0001 [ 186.138040][ T7023] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3) [ 186.144677][ T7023] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 186.160137][ T7023] vhci_hcd vhci_hcd.0: Device attached [ 186.440224][ T9] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 186.469859][ T928] usb 14-1: SetAddress Request (2) to port 0 [ 186.488195][ T928] usb 14-1: new SuperSpeed USB device number 2 using vhci_hcd [ 186.506814][ T5154] cpia1 5-1:0.0: unexpected state after lo power cmd: 00 [ 186.649514][ T5191] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 186.675837][ T9] usb 3-1: Using ep0 maxpacket: 16 [ 186.698719][ T9] usb 3-1: config 0 has too many interfaces: 129, using maximum allowed: 32 [ 186.708946][ T9] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 129 [ 186.721155][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xDF has an invalid bInterval 0, changing to 7 [ 186.733980][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xDF has invalid wMaxPacketSize 0 [ 186.751595][ T9] usb 3-1: New USB device found, idVendor=077d, idProduct=0410, bcdDevice=ec.c1 [ 186.760953][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 186.772646][ T9] usb 3-1: Product: syz [ 186.777146][ T9] usb 3-1: Manufacturer: syz [ 186.783615][ T9] usb 3-1: SerialNumber: syz [ 186.793337][ T9] usb 3-1: config 0 descriptor?? [ 186.806555][ T7035] loop3: detected capacity change from 0 to 512 [ 186.817835][ T7035] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 186.831335][ T7035] EXT4-fs error (device loop3): ext4_orphan_get:1394: inode #15: comm syz.3.625: iget: bad i_size value: -67835469387268086 [ 186.849660][ T5191] usb 2-1: Using ep0 maxpacket: 16 [ 186.851208][ T7035] EXT4-fs error (device loop3): ext4_orphan_get:1399: comm syz.3.625: couldn't read orphan inode 15 (err -117) [ 186.854988][ T5150] usb 1-1: new full-speed USB device number 12 using dummy_hcd [ 186.878003][ T7035] EXT4-fs (loop3): mounted filesystem f7ff0000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 186.891588][ T5191] usb 2-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 186.892923][ T7035] ext2 filesystem being mounted at /127/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 186.917254][ T5154] gspca_cpia1: usb_control_msg 02, error -71 [ 186.924023][ T5191] usb 2-1: New USB device found, idVendor=1f4d, idProduct=3100, bcdDevice=90.a2 [ 186.924629][ T5154] gspca_cpia1: usb_control_msg 05, error -71 [ 186.939551][ T5191] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 186.939588][ T5191] usb 2-1: Product: syz [ 186.939637][ T5191] usb 2-1: Manufacturer: syz [ 186.939657][ T5191] usb 2-1: SerialNumber: syz [ 186.943114][ T5191] usb 2-1: config 0 descriptor?? [ 186.969904][ T5154] cpia1 5-1:0.0: unexpected systemstate: 00 [ 186.988612][ T5191] dvb-usb: found a 'X3M TV SPC1400HD PCI' in warm state. [ 186.992576][ T5154] usb 5-1: USB disconnect, device number 11 [ 186.997202][ T5191] dw2102: su3000_power_ctrl: 1, initialized 0 [ 187.008509][ T9] powermate: Expected payload of 3--6 bytes, found 0 bytes! [ 187.013071][ T7024] vhci_hcd: connection reset by peer [ 187.016172][ T9] powermate 3-1:0.0: probe with driver powermate failed with error -5 [ 187.032128][ T5191] dvb-usb: bulk message failed: -22 (2/0) [ 187.046891][ T5191] dvb-usb: X3M TV SPC1400HD PCI error while loading driver (-22) [ 187.060298][ T52] vhci_hcd: stop threads [ 187.065285][ T9] usb 3-1: USB disconnect, device number 12 [ 187.071546][ T52] vhci_hcd: release socket [ 187.087200][ T52] vhci_hcd: disconnect device [ 187.094786][ T5150] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 187.109855][ T5100] EXT4-fs (loop3): unmounting filesystem f7ff0000-0000-0000-0000-000000000000. [ 187.112668][ T5150] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 187.138247][ T5150] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 576, setting to 64 [ 187.149469][ T5150] usb 1-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22 [ 187.170862][ T5150] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 187.183950][ T5150] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 187.200035][ T5150] usb 1-1: SerialNumber: syz [ 187.208800][ T5191] usb 2-1: USB disconnect, device number 6 [ 187.231167][ T7033] raw-gadget.3 gadget.0: fail, usb_ep_enable returned -22 [ 187.246487][ T7033] raw-gadget.3 gadget.0: fail, usb_ep_enable returned -22 [ 187.255939][ T5150] cdc_acm 1-1:1.0: Control and data interfaces are not separated! [ 187.418198][ T7042] loop3: detected capacity change from 0 to 128 [ 187.481573][ T7033] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 187.503683][ T7033] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 187.525193][ T7044] loop4: detected capacity change from 0 to 128 [ 187.529524][ T29] audit: type=1800 audit(1720002251.402:65): pid=7033 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.624" name="file2" dev="overlay" ino=146 res=0 errno=0 [ 187.574670][ T7044] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 187.605966][ T5150] cdc_acm 1-1:1.0: ttyACM0: USB ACM device [ 187.627966][ T7044] ext4 filesystem being mounted at /119/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 187.637989][ T7049] loop2: detected capacity change from 0 to 128 [ 187.669808][ T5150] usb 1-1: USB disconnect, device number 12 [ 187.838014][ T5099] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 188.247623][ T7077] loop0: detected capacity change from 0 to 128 [ 188.267244][ T7075] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000007: 0000 [#1] PREEMPT SMP KASAN PTI [ 188.267275][ T7075] KASAN: null-ptr-deref in range [0x0000000000000038-0x000000000000003f] [ 188.267300][ T7075] CPU: 1 UID: 0 PID: 7075 Comm: syz.3.640 Not tainted 6.10.0-rc6-next-20240703-syzkaller #0 [ 188.267333][ T7075] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 188.267347][ T7075] RIP: 0010:dev_map_redirect+0x65/0x6a0 [ 188.267378][ T7075] Code: 48 c1 e8 03 80 3c 28 00 74 08 48 89 df e8 83 b3 3d 00 4c 8b 2b 4d 8d 7d 38 4c 89 fb 48 c1 eb 03 48 b8 00 00 00 00 00 fc ff df <0f> b6 04 03 84 c0 0f 85 6e 04 00 00 41 8b 2f 89 ee 83 e6 02 31 ff [ 188.267397][ T7075] RSP: 0018:ffffc900134af088 EFLAGS: 00010202 [ 188.267417][ T7075] RAX: dffffc0000000000 RBX: 0000000000000007 RCX: 0000000000040000 [ 188.267433][ T7075] RDX: ffffc90009d93000 RSI: 00000000000004b7 RDI: 00000000000004b8 [ 188.267450][ T7075] RBP: dffffc0000000000 R08: 0000000000000007 R09: ffffffff81b5ee2f [ 188.267467][ T7075] R10: 0000000000000004 R11: ffff88802b5b1e00 R12: 00000000134af0d8 [ 188.267483][ T7075] R13: 0000000000000000 R14: 0000000000000008 R15: 0000000000000038 [ 188.267498][ T7075] FS: 00007f4923b7b6c0(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 [ 188.267518][ T7075] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 188.267533][ T7075] CR2: 000000110c3b2c0b CR3: 00000000603b0000 CR4: 00000000003506f0 [ 188.267553][ T7075] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 188.267567][ T7075] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 188.267582][ T7075] Call Trace: [ 188.267590][ T7075] [ 188.267599][ T7075] ? __die_body+0x88/0xe0 [ 188.267636][ T7075] ? die_addr+0x108/0x140 [ 188.267671][ T7075] ? exc_general_protection+0x3dd/0x5d0 [ 188.267713][ T7075] ? asm_exc_general_protection+0x26/0x30 [ 188.267743][ T7075] ? bpf_ringbuf_query+0x4f/0x150 [ 188.267773][ T7075] ? dev_map_redirect+0x65/0x6a0 [ 188.267799][ T7075] ? dev_map_redirect+0x28/0x6a0 [ 188.267826][ T7075] bpf_prog_ec9efaa32d58ce69+0x56/0x5a [ 188.267847][ T7075] bpf_prog_run_generic_xdp+0x679/0x14c0 [ 188.267896][ T7075] do_xdp_generic+0x673/0xb90 [ 188.267925][ T7075] ? __pfx_validate_chain+0x10/0x10 [ 188.267963][ T7075] ? __pfx_do_xdp_generic+0x10/0x10 [ 188.268002][ T7075] __netif_receive_skb_core+0x1be6/0x4570 [ 188.268036][ T7075] ? mark_lock+0x9a/0x360 [ 188.268080][ T7075] ? __pfx___netif_receive_skb_core+0x10/0x10 [ 188.268116][ T7075] ? mark_lock+0x9a/0x360 [ 188.268149][ T7075] ? __lock_acquire+0x1359/0x2000 [ 188.268193][ T7075] __netif_receive_skb+0x12f/0x650 [ 188.268225][ T7075] ? __pfx_lock_acquire+0x10/0x10 [ 188.268252][ T7075] ? seqcount_lockdep_reader_access+0x1d7/0x220 [ 188.268282][ T7075] ? __pfx___netif_receive_skb+0x10/0x10 [ 188.268312][ T7075] ? __kasan_slab_alloc+0x66/0x80 [ 188.268346][ T7075] ? read_tsc+0x9/0x20 [ 188.268372][ T7075] ? timekeeping_get_ns+0x2c0/0x420 [ 188.268405][ T7075] ? netif_receive_skb+0x131/0x890 [ 188.268435][ T7075] ? netif_receive_skb+0x131/0x890 [ 188.268465][ T7075] netif_receive_skb+0x1e8/0x890 [ 188.268497][ T7075] ? tun_rx_batched+0x160/0x8f0 [ 188.268520][ T7075] ? __pfx_netif_receive_skb+0x10/0x10 [ 188.268557][ T7075] ? tun_rx_batched+0x160/0x8f0 [ 188.268579][ T7075] tun_rx_batched+0x1b7/0x8f0 [ 188.268602][ T7075] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 188.268634][ T7075] ? __pfx_lock_acquire+0x10/0x10 [ 188.268663][ T7075] ? __pfx_tun_rx_batched+0x10/0x10 [ 188.268700][ T7075] tun_get_user+0x2f3b/0x4560 [ 188.268724][ T7075] ? tun_get_user+0x2a35/0x4560 [ 188.268756][ T7075] ? __pfx_tun_get_user+0x10/0x10 [ 188.268782][ T7075] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 188.268806][ T7075] ? tun_get+0x1e/0x2f0 [ 188.268837][ T7075] ? tun_get+0x1e/0x2f0 [ 188.268857][ T7075] ? tun_get+0x27d/0x2f0 [ 188.268879][ T7075] tun_chr_write_iter+0x113/0x1f0 [ 188.268904][ T7075] vfs_write+0xa72/0xc90 [ 188.268928][ T7075] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 188.268952][ T7075] ? __pfx_vfs_write+0x10/0x10 [ 188.268970][ T7075] ? do_futex+0x392/0x560 [ 188.269011][ T7075] ksys_write+0x1a0/0x2c0 [ 188.269036][ T7075] ? __pfx_ksys_write+0x10/0x10 [ 188.269057][ T7075] ? do_syscall_64+0x100/0x230 [ 188.269079][ T7075] ? do_syscall_64+0xb6/0x230 [ 188.269102][ T7075] do_syscall_64+0xf3/0x230 [ 188.269122][ T7075] ? clear_bhb_loop+0x35/0x90 [ 188.269152][ T7075] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 188.269179][ T7075] RIP: 0033:0x7f4922d7471f [ 188.269197][ T7075] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 29 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 7c 8c 02 00 48 [ 188.269217][ T7075] RSP: 002b:00007f4923b7b010 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 188.269241][ T7075] RAX: ffffffffffffffda RBX: 00007f4922f03f60 RCX: 00007f4922d7471f [ 188.269257][ T7075] RDX: 0000000000000022 RSI: 00000000200005c0 RDI: 00000000000000c8 [ 188.269272][ T7075] RBP: 00007f4922de4a7a R08: 0000000000000000 R09: 0000000000000000 [ 188.269286][ T7075] R10: 0000000000000022 R11: 0000000000000293 R12: 0000000000000000 [ 188.269300][ T7075] R13: 000000000000000b R14: 00007f4922f03f60 R15: 00007ffd53764458 [ 188.269335][ T7075] [ 188.269342][ T7075] Modules linked in: [ 188.269358][ T7075] ---[ end trace 0000000000000000 ]--- [ 188.765850][ T7084] loop2: detected capacity change from 0 to 32768 [ 188.772432][ T7075] RIP: 0010:dev_map_redirect+0x65/0x6a0 [ 188.772472][ T7075] Code: 48 c1 e8 03 80 3c 28 00 74 08 48 89 df e8 83 b3 3d 00 4c 8b 2b 4d 8d 7d 38 4c 89 fb 48 c1 eb 03 48 b8 00 00 00 00 00 fc ff df <0f> b6 04 03 84 c0 0f 85 6e 04 00 00 41 8b 2f 89 ee 83 e6 02 31 ff [ 188.772494][ T7075] RSP: 0018:ffffc900134af088 EFLAGS: 00010202 [ 188.777189][ T7084] BTRFS: device fsid 92aec1fe-fee8-4e05-92dc-790b47b871d9 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.645 (7084) [ 188.779649][ T7075] [ 188.838464][ T7075] RAX: dffffc0000000000 RBX: 0000000000000007 RCX: 0000000000040000 [ 188.846604][ T7075] RDX: ffffc90009d93000 RSI: 00000000000004b7 RDI: 00000000000004b8 [ 188.854643][ T7075] RBP: dffffc0000000000 R08: 0000000000000007 R09: ffffffff81b5ee2f [ 188.862696][ T7075] R10: 0000000000000004 R11: ffff88802b5b1e00 R12: 00000000134af0d8 [ 188.870888][ T7075] R13: 0000000000000000 R14: 0000000000000008 R15: 0000000000000038 [ 188.878924][ T7075] FS: 00007f4923b7b6c0(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 [ 188.887944][ T7075] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 188.894958][ T7075] CR2: 000000110c3b2c0b CR3: 00000000603b0000 CR4: 00000000003506f0 [ 188.903048][ T7075] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 188.911107][ T7075] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 188.919114][ T7075] Kernel panic - not syncing: Fatal exception in interrupt [ 188.926776][ T7075] Kernel Offset: disabled [ 188.931123][ T7075] Rebooting in 86400 seconds..