last executing test programs: 5m15.665558263s ago: executing program 2 (id=1995): r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x109842, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000000)={0x10000000}) 5m15.357658169s ago: executing program 2 (id=1999): capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200002, 0x2, 0x0, 0x1, 0x4}) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0x4, 0x1}, 0x6) 5m15.113037108s ago: executing program 2 (id=2002): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x80) sendmsg$NFT_MSG_GETFLOWTABLE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000b80)={0x14, 0x17, 0xa, 0x301, 0x0, 0x0, {0x0, 0x0, 0x6}}, 0x14}, 0x1, 0x0, 0x0, 0x20000005}, 0x4000000) 5m14.924828103s ago: executing program 2 (id=2005): syz_mount_image$erofs(&(0x7f0000000280), &(0x7f0000000140)='./file0\x00', 0x1000801, &(0x7f0000000200)=ANY=[@ANYRES16=0x0, @ANYBLOB="fcdf5883c81a6c1f703ca4d658f2464326cfe486a0970f633f6977"], 0x1, 0x1ca, &(0x7f00000008c0)="$eJzsmb+uEkEUxr+Z3QvcG2NiY2GjiTfxmlyW3UUNjQU+gQn4r5PIStAFDGwBJBbExsbH8BUsqCzs7Gy1UBMTCymt18xw2B35J8QQSTy/hNlvZs7MnDnAVwAYhvlv+frl5+dXt0rVUwBncIwsjX+30hhpxH/Kkfj4+l377PPx/H4CQBxvfr4N4G3ZQkT9OP599TE9q5CJvgOJq6TvQcAh/RASd0kHEHhA+omhO4ckwsB51Anrj5th4KrGU42vmuJ8fpORQB1AjvITxnxvMHxaC8OgOy8O4tk5C1Pbij/Uz56UJW4a9VPv1/2XL0aqP6uNa9TPg4RHugiBCukSsnAcJy2Jcf8Ldrq/tcn990Gcy6+LOd2DDFn8AyGMkUMl1Bc6GTk/Gb9fXPVtl4ld2u2VQZ69MPXh6O92zpAJLI1J/VNZ7hXDn2zYiX8UotazQm8wzDdbtUbQCNq+X7zhXnPd635BG9G0XeN/Oe1PR8b+BytiMyKDfi2Kul4fiLpe0venreG4lTedH3qN1P4ncXJ5uof6qOhrZ5efIegl9VOpE2tl8gzDMAzDMAzDMAzDMAzDMFtxEUL/Ckp/VMUr8G/r6F8BAAD///ckZMc=") mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) listxattr(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) 5m14.690854422s ago: executing program 2 (id=2007): sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="8800000010000d040400fdf20000000000000000", @ANYRES32=0x0, @ANYBLOB="0010000019500000540012800c0001006d6163766c616e0044000280080009000800000008000700d1ae0000080001000200000008000300020000000800010002000000080007000600000008000700060000000600020001000000140035006d6163766c616e30"], 0x88}, 0x1, 0x0, 0x0, 0x8084}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x9}, 0x0) 5m6.358564748s ago: executing program 2 (id=2054): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = socket$nl_generic(0x10, 0x3, 0x10) fcntl$getflags(r0, 0x401) 5m5.423636934s ago: executing program 32 (id=2054): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = socket$nl_generic(0x10, 0x3, 0x10) fcntl$getflags(r0, 0x401) 4m19.421579003s ago: executing program 4 (id=2444): syz_mount_image$exfat(&(0x7f0000001500), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000080)=ANY=[], 0x5, 0x150d, &(0x7f0000001540)="$eJzs3Au4TdX6MPD3HWNMbZJWkiTjHe9kJZdBkuSSJJckSY4cyS0hJEkSEpvckpDkfktyD8ktJPf7LfckOZIkCQlJxvfs0lPndP5/5/uf8z/O9+339zzj2ePdc42x3rnftdacYz57rq/bDahYu1K5mswM/xT85UcqAKQAQG8AuBoAIgAolrVY1rTtGTWm/nNPIv61Hp5yuTMQl5PUP32T+qdvUv/0Teqfvkn90zepf/om9U/fpP5CpGdbpt5wjbT02y51/b/LP/pCkuv//w+S43+6NOjXjtQ/fZP6/38o4++Dsvq/e6jUP32T+qdvUv/0Teqfvkn90zepvxDp2f/gmnGFR/4Drlv/G5sCgMudw/9au9yvPyGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQ6cPZ8BsDAL/2L3deQgghhBBCCCGE+NcJV1zuDIQQQgghhBBCCPG/D0GBBgMRZIArIAUyQia4EjLDVZAFroYEXANZ4VrIBteV/XVETrgRcoEFAgcMMeSGPJCEmyAv3Az5ID8UgILgoRAUhlugCNwKReE2KAa3Q3G4A0pASSgFpeFOKAN3QVm4G8rBPVAeKkBFqAT3QmW4D6rA/VAVHoBq8CBUh4egBvwJasLDUAv+DLXhEagDj0JdqAf1oQE0/B+NfwE6wYvQGbpAKnSFbvASdIce0BN6QW94GfrAK9AXXoV+0B8GwGswEF6HQfAGDIYhMBSGwXAYASNhFIyGMTAW3oRx8BaMh7dhAkyESTAZpsBUmAbvwHSYATPhXZgF78FsmANzYR7Mh/dhASyERfABLIYPYQkshWWwHFbASlgFq2ENrIV1sB42wEbYBJthC3wEW2EbbIcdsBN2wW74GPbAJ7AXPoV98Nn/5fgzfzO+PQICKlRo0GAGzIApmIKZMBNmxsyYBQMCJDArZsVsmA2zY3bMgTkwJ+bEXJgLCQkZGXNjbkxiEvNiXsyH+bAAFkCPHgtjYSyCt2JRLIrFsBgWx+JYAktiSSyNpbEMlsGyWBbLYTksj+WxIlbEe/FevA+rYBWsilWxGlbD6lgda2ANrIk1sRbWwtpYG+tgHayLdbE+1seG2BAbYSNsjI2xKTbFZtgMW2ALbIktsRW2wubYGttgG2yLbbEdtsP22AE74Av4Ar6IL2IXLK+6Yjfsht2xO/bEXtgLX8Y++Aq+gq9iP+yPA/A1fA1fx0F4GgfjEByKQ7GMGoEjcRSyGoNjcSyOw3E4HsfjBJyIE3EyTsGpOA2n4XScgTPwXZyF7+F7OAfn4Dycj/NxAS7ERbhIp735luBSXIbLcQWuxBW4GtfgalyH63EdbsSNuBk340f4EQ7DbbgDd+Au3IUf48f4CX6C/XAf7sP9uB8P4AE8iAfxEB7Cw3gYj+ARPIpH8Rgew+N4Ak/iCTyFp/A0nsGzeBbP4Tk8j8/l/LLWrvxr+4FKY5RRGVQGlaJSVCaVSWVWmVUWlUUlVEJlVVlVNpVNZVfZVQ6VQ+VUOVUulUuRIsUqVrlVbpVUSZVXpVz8hCigvPKqsCqsiqgiqqgqqoqp21VxdYcqoUqqJr60Kq3KqKa+rLpblVPlVHlVQVVUlRAgVVVWVVQVVVVVVdVUNVVdPaRqqK7YEx9WaZWprfpjHTUA66p6qr5qoF7Hx1QjNQgbqyaqqXpCDcHB2EI18i3VU6qVGomt1TNqFD6r2qox2E49r9qrDqqjekF1Uo19Z9VFTcCuqpuajN1VD9VT9VLTsYJKq1hF9arqp/qrAeo1NQ9fV4PUG2qwGqKGqmFquBqhRqpRarQao8aqN9U49ZYar95WE9RENUlNVlPUVDVNvaOmqxllZ6p31Sz1npqt5qi5ap6ar95XC9RCtUh9oBarD9UStVQtU8vVCrVSrVKr1Rq1Vq1T69UGtVFtUpvVFvWR2qq2qe1qh9qpdqnd6mO1R32i9qpP1T71mdqv/qIOqM/VQfWFOqS+VIfVV+qI+lodVd+oY+pbdVydUCfVd+qU+l6dVmfUWfWDOqd+VOfVT+qCCgo0aqW1NjrSGfQVOkVn1Jn0lTqzvkpn0VfrhL5GZ9XX6mz6Op1dX69z6Bt0Tn2jBvVLpVnHOrfOo5P6Jp1X36zz6fy6gC6ovS6kC+tbdBF9qy6qb9PF9O26uL5Dl9AldSldWt+py+i7dFl9ty6n79HldQVdUVfS9+rK+j5dRd+vq+oHdDX9oK6uH9I19J90Tf2wrqUbJAEe0XX0o7qurqfr6wa6oX5MN9KP68a6iW6qn9DNdHPdQj+pW+qndCv9tG6tn9Ft9LO6rX5Ot9PP6/a6g+6of9IXdNCddRedqrvqbvol3V330D11L91bv6z76Fd0X/2q7qf76wH6NT1Qv64H6Tf0YD1ED9XD9HA9Qo/Uo/RoPUaP1W/qcfotPV6/rSfoiXqSnqyn6Km658WZZv4D49/6O+P7/vzsm/UW/ZHeqrfp7XqH3ql36d16t96j9+i9eq/ep/fp/Xq/PqAP6IP6oD6kD+nD+rA+oo/oo/qoPqaP6eP6hP5Bf6dP6e/1aX1Gn9E/6HP6nD5/8W8ABo0y2hgTmQzmCpNiMppM5kqT2VxlspirTcJcY7Kaa002c53Jbq43OcwNJqe50eQy1pBxhk1scps8JmluMnnNzSafyW8KmILGm0KmsLnlnx5/qfwamoamkWlkGpvGpqlpapqZZqaFaWFampamlWllWpvWpo1pY9qatqadaWfam/amo+loOplOprPpbFJNqulmXjLdTQ/T0/Qyvc3Lpo/pY/qavqaf6WcGmAFmoBloBplBZrAZbIaaoWa4GW5GmpFmtBltxpqxZpwZZ8ab8WaCmWAmmUlmiplipplpZrqZbmaamWaWmWVmp71ZzFwz38w3C8wCs8gsMovNYrPELDVLzXKz3Kw0K81qs9qsNWvNerPebDQbzRKzxWwxW81Ws91sNzvNTrPb7DZ7zB6z1+w1+8w+s9/sNwfMAXPQHDSH0j5+zWFzxBwxR81Rc8wcM8fNcXPSnDSnzClz2pw2Z81Zc86cM+fNeXPBXEg77YtUpCITmShDlCFKiVKiTFGmKHOUOcoSZYkSUSLKGmWNskXXRdmj66Mc0Q1RzujGKFdkI4pcxFEc5Y7yRMnopihvdHOUL8ofFYgKRj4qFBWObomKRLdGRaPbomLR7VHx6I6oRFQyKhWVju6MykR3RWWju6NUuCcqH1WIKkaVonujytF9UZXo/qhq9EBULXowqh49FNWI/hTVjB6OakXm4vHl0ahuVC+qHzWIGl5y/nLRPz5/CKevf9x3tl1squ1qu9mXbHfbw/a0vWxv+7LtY1+xfe2rtp/tbwfY1+xA+7odZN+wg+0QO9QOs8PtCDvSjrKj7Rg71r5px9m37Hj7tp1gJ9pJdrKdYqfaafYdO93OsDPtu3aWfc/OtnPsXDvPZgCABXahXWQ/sIvth3aJXWqX2eV2hV1pV9nVdo1da9fZ9XaD3Wg32c12i/3IbrXb7Ha7w+60u+xu+7HdYz+xe+2ndp/9zO63f7EH7Of2oP3CHrJf2sP2K3vEfm2P2m/sMfutPW5P2JP2O3vKfm9P2zP2rP3BnrM/2vP2J3vBhrST+7TDOxkylIEyUAqlUCbKRJkpM2WhLJSgBGWlrJSNslF2yk45KAflpJyUi3JRGiam3JSbkpSkvJSX8lE+KkAFyJOnwlSYilARKkpFqRgVo+JUnEpQCSpFpehOupPuorvobrqb7qF7qAJVoEpUiSpTZapCVagqVaVqVI2qU3WqQTWoJtWkWlSLalNtqkN1qC7VpfpUnxpSQ2pEjagxNaam1JSaUTNqQS2oJbWkVtSKWlNrakNtqC21pXbUjtpTe+pIHakTdaLO1JlSKZW6UTfqTt2pJ/Wk3tSb+lAf6kt9qR/1owE0gAbSQBpEg2gwDaGhNIyG0wgaSaNoNI2hsTSWxtE4Gk/jaQJNoEk0iabQFJpG02g6TaeZNJNm0SyaTbNpLs2l+TSfFtACWkSLaDEtpiW0hJbRMlpBK2gVraI1tIbW0TraQBtoE22iLbSFttJW2k7baSftpN20OwVoD+2lvbSP9tF+2k8H6AAdpIN0iA7RYTpMR+gIHaWjdIyO0XE6TifpJJ2iU3SaTtNZOkvn6Ec6Tz/RBQqU4jK6TO5Kl9ld5bK4q93fxjncDS6nu9HlctZld9f/VUzOuXwuvyvgCjrvCrnC7pY/xCVcSVfKlXZ3ujLuLlf2D3Fld5+r4u53Vd0DrpK796/iau5BV73sI66Ge9TVdPVcLdfA1XaPuDruUVfX1XP1XQPXzDV3LdyTrqV7yrVyT/8hXuAWIri1bp1b7/a4T9xZ94M74r5259yPrrPr4nq7l10f94rr6151/Vz/P8RD3TA33I1wI90oN9qN+UM8yU12U9xUN82946a7GX+I57v33Sy3yM12c9xcN+/neIFb6Ba5D9xi96Fb4pa6ZW65W+FWulVutVtzMdflbqPb5Da73e5jt9Vtc9vdDrfT7fo5TtuPve5Tt8995g67r9wB97k76I66Q+7Ln+O0/TvqvnHH3LfuuDvhTrrv3Cn3vTvtzvy8/2n7/p37yV1wwQEjK9ZsOOIMfAWncEbOxFdyZr6Ks/DVnOBrOCtfy9n4Os7O13MOvoFz8o2ciy0TO2aOOTfn4STfxHn5Zs7H+bkAF2TPhbgw38JF+FYuyrdxMb6di/MdXIJLcikuzXdyGb6Ly/LdXI7v4fJcgStyJb6XK/N9XIXv56r8AFfjB7k6P8Q1+E9ckx/mWvxnrs2PcB1+lOtyPa7PDbghP8aN+HFuzE24KT/Bzbg5t+AnuSU/xa34aW7NzzCk/nI0acfPc3vuwB35Be7EL3Jn7sKpnMrd+CXuzj24J/fi3vwy9+FXuC+/yv24Pw/g13ggv86D+A0ezEN4KA/j4TyCR/IoHs1jeCy/yeP4LR7Pb/MEnsiTeDJP4ak8jd/h6TyDZ/K7PIvf49k8h+fyPJ7P7/MCXsiL+ANezB/yEl7Ky3g5r+CVvIpX8xpey+t4PW/gjbyJN/MW/oi38jbezjt4J+/i3fwx7+FPeC9/yvv4M97Pf+ED/Dkf5C/4EH/Jh/krPsJf81H+ho/xt3ycT/BJ/o5P8fd8ms/wWf6Bz/GPfJ5/4gscGGKMVaxjE0dxhviKOCXOGGfavyzOHF8VZ4mvjhPxNXHW+No4W3xdnD2+Ps4R3xDnjG+Mc8U2ptjFHMdx7jhPnIxvivPGN8f54vxxgbhg7ONCceH4lrhIfGtcNL4tLhbfHheP74hLxCXjRx4oHd8Zl4nvisvGd8fl4nvi8nGFuGJcKb43rhzfF1eJ74+rxg/EReMH4+rxQ3GN+E9xzfjhuFb857h2/EhcJ340rhvXi+vHDeKG8WNxo/jxuHHcJG4aPxE3i5vHLeIn45bxU3Gr+OlLbk+Nu8bd4pfil+IQ7tdzk/OS85PvJxckFyYzXjwHWZJcmlyWXJ5ckVyZXJVcnVyTXJtcl1yf3JDcmNyU3JwModIV4NErr73xkc/gr/ApPqPP5K/0mf1VPou/2if8NT6rv9Zn89f57P56n8Pf4HP6G30ubz1559nHPrfP45P+Jp/X3+zz+fy+gC/ovS/kC/sGvqFv6Bv5x31j38Q39U/4J3xz39w/6Z/0T/lW/mnf2j/j2/hnfVv/nH/OP+/b+w6+o3/Bd/Iv+s6+i0/1F2/36dLd9/Q9fW/f2/fxfXxf39f38/38AD/AD/QD/SA/yA/2g/1QP9QP98P9SD/Sj/aj/Vg/1o/z4/x4P95P8BP8JD/JT/FT/DQ/zU/30/1MP9PPyjfLz/az/Vw/18/38/0Cv8Av8ov8Yr/YL/FL/DK/zK/wK/wqv8qv8Wv8Or/Ob/Ab/Ca/yW/xW/xWv9Vv99v9Tr/T7/a7/R6/x+/1e/0+v8/v9/v9AX/AH/Rf+EP+S3/Yf+WP+K/9Uf+NP+a/9cf9CX/Sf+dP+e/9aX/Gn/U/+HP+R3/e/+Qv+ODHJt5MjEu8lRifeDsxITExMSkxOTElMTUxLfFOYnpiRmJm4t3ErMR7idmJOYm5iXmJ+Yn3EwsSCxOLEh8kFic+TCxJLE0sSyxPrEisTIRw49Y45A55QjLcFPKGm0O+kD8UCAWDD4VC4XBLKBJuDUXDbaFYuD0UD3eEEqFkKBUeDXVDvVA/NAgNw2OhUXg8NA5NQtPwRGgWmocW4cnQMjwVWoWnQ+vwTGgTng1tw3OhXXg+tA8dQsfwQugUXgydQ5eQGrqGbuGl0D30CD1Dr9A7vBz6hFdC3/Bq6Bf6hwHhtTAwvB4GhTfC4DAkDA3DwvAwIowMo8LoMCaMDW+GceGtMD68HSaEiWFSmBymhKlhWngnTA8zwszwbpgV3guzw5wwN8wL88P7YUFYGBaFD8Li8GFYEpaGZWF5WBFWhlVhdVgT8OJ7ZWPYFDaHLeGjsDVsC9vDjrAz7Aq7w8dhT/gk7A2fhn3hs7A//CUcCJ+Hg+GLcCh8GQ6Hr8KR8HU4Gr4Jx8K34Xg4EU6G78Kp8H04Hc6Es+GHcC78GM6Hn8IFuWdNCCGEEOIfMu4S27v+nd+piy1NNwC4atsNh36/XQPAhuy/9HuonM0SAPBUl3YP/9rKl09Nvbj0hiUaojxzACABGX4d//P3DyR+6S+FptAcWkITKPJ38+uhOpzjS8yfvB0g0+/GpMBvcejy6/y3/hfzj5h1yfnnwF/dRZG2QsyX52/zL/pfzH99o0vMn/HzsQCNfzcmM/wW/zZ/YXgcnoaWf/VIIYQQQgghhBDiFz1UqTaXWt+mrc9zmt/GpC12f42XAv6363MhhBBCCCGEEEJcfs926PjkYy1bNmmTLjtd/zPS+M/v6Isvl99tKlAc4PIn9u/onLn4T/L/Kfn8ezqX+YNJCCGEEEII8S/320n/5c5ECCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYRIv/4dXyd2ufdRCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEuNz+TwAAAP//AZIqhQ==") r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x90) getdents64(r0, &(0x7f0000000f80)=""/4096, 0x1000) 4m18.854556119s ago: executing program 4 (id=2447): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nfc(&(0x7f0000000080), r0) sendmsg$NFC_CMD_LLC_SET_PARAMS(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002cbd7000ffdbdf251000000005000f000400000008000100", @ANYRES32=0x0, @ANYBLOB="050010"], 0x2c}, 0x1, 0x0, 0x0, 0x48854}, 0x24000040) 4m18.783309985s ago: executing program 4 (id=2448): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x11) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0x3) 4m18.48097298s ago: executing program 4 (id=2449): syz_mount_image$vfat(&(0x7f0000000200), &(0x7f0000000140)='./file0\x00', 0x81c00a, &(0x7f00000003c0)=ANY=[@ANYBLOB="73686f72746e616d653d6d697865642c696f636861727365743d69736f383835392d312c666d61736b3d30303030303030303030303030303030303030303036362c6e6f6e756d7461696c3d302c756e695f786c6174653d302c666d61736b3d30303030303030303030303030303030303030303030332c73686f72746e616d653d6c6f7765722c756e695f786c6174653d302c757466383d312c636865636b3d7374726963742c757466383d302c756e695f786c6174653d312c756e695f786c6174653d302c666c7573682c757466383d302c726f6469722c747a3d5554432c00e696e27e745267d0e7f7d60cf64c4d116172285e0a94b37c3f04b4e454913b1615b6c103a4be033c3f79c81a7a0dc9f3282eb2b984b8df829f11f7b15ceaa2ddb341548691e92d41d923144fa5f6aa8b37c7698e74a04d87cb16f3c338160646d1719f9aa1097cb78032fa4c9c60c14840662537510c0ac9f95a646f5231c0c9eb096b898803099b3050797137354ed2fb2a3dd97ad790f0758b4561eb7180b4b366c9ac840ca3d57727827ab961af0bb24ac6b14796d3bedfa4addb1c2f59217a563ca0a3729d45669905a6f0f3dbf3fd22ab36dfe7cf80913ecb4656ca"], 0x6, 0x2cf, &(0x7f0000002080)="$eJzs3T9rJGUYAPBnNrN//AO7hZUIDmhhdVyutdlD7kBM5bGFWmjw7kCyi3AHAUUcrxI7v4CfQBD8DrY2dpaCH8DyhIORmZ3ZP8nsJpFsxMvv1+TJvO8z7zMzL8mkyLOfvDY7up/Fwydf/RGDQRKdcYzjaRKj6ETjm1gz/j4AgP+zp0URfxVzLcO/f7chL4mIwY5rAwB244zf/7V0Gf58JWUBADt074MP37t9cHDn/SwbxN3Zt8eT8i/78ut8/PbD+Cym8SBuxjCeRVQvCt2o3hbK8G5RFHmalUbx5iw/npSZs49/rc//y8t1sB/DGFXR4m2jyn/34M5+NreSn5d1vFivPy7XvxXDeGWRvJZ/qyU/Jr14642V+m/EMH77ND6Padyviljmf72fZe+UrzgfleWV+Ul+POlX85aKvWbx/AqfDwAAAAAAAAAAAAAAAAAAAAAAz6cbde+cflT9e8pDdf+dvWflN93IGqP1/jzz/KQ50Wp/oKIo8iJ+aPrr3MyyrKgnLvPTeDVdbSwIAAAAAAAAAAAAAAAAAAAA19fjL748OpxOHzy6lKDpBpBGxN/3Iv7tecYrR16P7ZP79ZqH02mnDtfnpKtHYq+Zk0RsLSPSRTODS7s/G4IXTtVcBz/+1JbVW39waazMGZy9aLd9rcsMmt11dJhE65z+oubBfJNUjSCWc3pxzrV6m4aKuMj267UODbdllXv99HleqoJ8w50vg0i2Ffb2n/M7Vx9JTl5Fr7qrrendOoi2wqq90f4sTgQxmKef/lmR6NYBAAAAAAAAAAAAAAAAAAA7tfzv35bBJ1tTO0V/Z2UBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJVafv7/BYK8Tj7H5F48evwfXyIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADXwD8BAAD//2T0YAU=") mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000480)='./file0/../file0/../file0\x00', &(0x7f0000000240)='debugfs\x00', 0x0, 0x0) 4m18.204149832s ago: executing program 4 (id=2452): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x6, 0x17, &(0x7f00000005c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0x17}}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x3}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x324}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r1, 0xfca804a0, 0x10, 0x38, &(0x7f00000002c0)="b800000500000000", &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) 4m17.640979808s ago: executing program 4 (id=2457): r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, 0x0) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f00000000c0)={'8255\x00', [0x4f27, 0x5, 0x2, 0x403, 0x2, 0xcc7, 0xfff, 0x5c952399, 0x5, 0x3ff, 0x802, 0x1600, 0x1, 0x1, 0x9, 0x9, 0x6, 0x4, 0x0, 0x395, 0x80000089, 0xfffffffd, 0x30, 0xfffffff5, 0xffffeadb, 0xffffffff, 0x3c, 0x8, 0x4, 0x8020000, 0xdffffffa]}) 4m17.033589027s ago: executing program 33 (id=2457): r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, 0x0) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f00000000c0)={'8255\x00', [0x4f27, 0x5, 0x2, 0x403, 0x2, 0xcc7, 0xfff, 0x5c952399, 0x5, 0x3ff, 0x802, 0x1600, 0x1, 0x1, 0x9, 0x9, 0x6, 0x4, 0x0, 0x395, 0x80000089, 0xfffffffd, 0x30, 0xfffffff5, 0xffffeadb, 0xffffffff, 0x3c, 0x8, 0x4, 0x8020000, 0xdffffffa]}) 1m51.143005535s ago: executing program 0 (id=3704): r0 = syz_io_uring_setup(0x5c23, &(0x7f0000000240)={0x0, 0x0, 0x13290}, &(0x7f0000000440)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000140)=@IORING_OP_RENAMEAT={0x23, 0x6, 0x0, 0xffffffffffffffff, &(0x7f0000000000)='./file0/../file0\x00', &(0x7f0000000400)='./file0/../file0\x00'}) io_uring_enter(r0, 0x1, 0x0, 0x1, 0x0, 0x1000000) 1m50.758577336s ago: executing program 0 (id=3708): socket$inet_udplite(0x2, 0x2, 0x88) setrlimit(0x7, &(0x7f0000000180)={0x4, 0x80}) landlock_create_ruleset(&(0x7f00000002c0)={0x2001}, 0x18, 0x0) 1m50.641974116s ago: executing program 0 (id=3710): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, &(0x7f0000000040)={'wlan0\x00', 0xffffffff}) ioctl(r0, 0x8b23, &(0x7f0000000040)) 1m50.453367761s ago: executing program 0 (id=3712): r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x77, 0x29, 0x4, 0x20, 0x424, 0x9901, 0xc257, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x43, 0x0, 0x2, 0x31, 0x7d, 0x55, 0x0, [], [{{0x9, 0x5, 0x2, 0x2, 0x200, 0x2}}, {{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000240)={0x44, &(0x7f0000000100)={0x0, 0x1, 0x4, "ddb2b3d8"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 1m48.462561122s ago: executing program 0 (id=3725): r0 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000001c0)=0x10) setxattr$system_posix_acl(&(0x7f0000002a00)='.\x00', &(0x7f0000002a40)='system.posix_acl_default\x00', 0x0, 0x0, 0x0) 1m48.2465205s ago: executing program 0 (id=3729): r0 = add_key$keyring(&(0x7f0000000040), &(0x7f0000000240)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) r1 = add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f0000000280)={'fscrypt:', @desc2}, &(0x7f00000000c0)={0x0, "f1a1173fb9462d3589e67197f90be6e423ceb0ab4912f9f6a31854ec98e950cfed21fcad7ff0fbcb566a0982f8938caa52dd8d39af14c31ed56ad59300"}, 0x48, 0xffffffffffffffff) keyctl$search(0xa, r0, &(0x7f0000000500)='keyring\x00', &(0x7f0000000380)={'syz', 0x1}, r1) 1m32.869220837s ago: executing program 34 (id=3729): r0 = add_key$keyring(&(0x7f0000000040), &(0x7f0000000240)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) r1 = add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f0000000280)={'fscrypt:', @desc2}, &(0x7f00000000c0)={0x0, "f1a1173fb9462d3589e67197f90be6e423ceb0ab4912f9f6a31854ec98e950cfed21fcad7ff0fbcb566a0982f8938caa52dd8d39af14c31ed56ad59300"}, 0x48, 0xffffffffffffffff) keyctl$search(0xa, r0, &(0x7f0000000500)='keyring\x00', &(0x7f0000000380)={'syz', 0x1}, r1) 7.646697303s ago: executing program 3 (id=4310): r0 = socket(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)=@newqdisc={0x48, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0x6879ce3c39314ddc}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x18, 0x2, [@TCA_CAKE_NAT={0x8}, @TCA_CAKE_BASE_RATE64={0xc, 0x2, 0x40}]}}]}, 0x48}}, 0x0) 7.495377035s ago: executing program 3 (id=4311): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_SET_MSRS(r2, 0xc008ae88, &(0x7f00000005c0)=ANY=[@ANYBLOB="0100000000000000014d564b"]) 4.20404398s ago: executing program 3 (id=4323): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2) ioctl$VIDIOC_G_EXT_CTRLS(r0, 0xc0205647, &(0x7f0000000180)={0xf000000, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x98f90f, 0xffffbfff, '\x00', @p_u32=&(0x7f0000000140)}}) 4.070246641s ago: executing program 3 (id=4325): syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000c80)='./bus\x00', 0x210000, &(0x7f0000000480)={[{@jqfmt_vfsv1}, {@resgid}, {@nodioread_nolock}, {@norecovery}, {@noauto_da_alloc}, {@resgid}, {@data_err_ignore}, {@grpid}, {@orlov}]}, 0xfc, 0x572, &(0x7f0000003780)="$eJzs3d9rW1UcAPDvTdPup66DMdQHGezByVy6tv6YIDgfRYcDfZ+hvSuj6TKadKx14PbgXnyRIYg4EP8A330c/gP+FQMdDBlFH0So3PSmy9qkv5aZbPl84Lbn5N7bc78593t7Tm5CAhhYx7IfhYiXI+KbJOJQy7pi5CuPrW63/PD6VLYksbLy6Z9JJPljze2T/PeBvPJSRPz6VcTJwsZ2a4tLs+VKJZ3P62P1uStjtcWlU5fmyjPpTHp5YnLyzFuTE+++83bXYn39/N/ff3L3wzNfH1/+7uf7h28ncTYO5uta43gCN1orx8r/5qXhOLtuw/EuNNZPkl4fALsylOf5cGTXgEMxlGc98Pz7MiJWgAGVyH8YUM1xQHNu36V58DPjwQerE6BG7COt8RdXXxuJvY250f7l5LGZUTbfHe1C+1kbv/xx53a2xOavQ+zbog6wIzduRsTpYnHj9T/Jr3+7d7rx4vHm1rcxaP9/oJfuZuOfN9qN/wpr459oM/450CZ3d2Pr/C/c70IzHWXjv/fajn/XLl2jQ3nthcaYbzi5eKmSno6IFyPiRAzvyeqb3c85s3xvpdO61vFftmTtN8eC+XHcL+55fJ/pcr0cESNPEnfTg5sRrxTbxZ+s9X/Spv+z5+P8Nts4mt55tdO6reN/ulZ+initbf8/uqOVbH5/cqxxPow1z4qN/rp19LdO7fc6/qz/928e/2jSer+2tvM2ftz7T9pp3W7P/5Hks0a5mQTXyvX6/HjESPLxxscnHu3brDe3z+I/cXzz61+78z+bfH2+zfhvHbnVcdN+6P/pHfX/zgv3Pvrih07tb6//32yUTuSP5Ne/9vJzZbsH+KTPHwAAAAAAAPSTQkQcjKRQWisXCqXS6vs7jsT+QqVaq5+8WF24PB2Nz8qOxnCheaf7UMv7Icbz98M26xPr6pMRcTgivh3a16iXpqqV6V4HDwAAAAAAAAAAAAAAAAAAAH3iQIfP/2d+H+r10QFPXeOLDfb0+iiAXtjyK/+78U1PQF/aMv+B55b8h8El/2FwyX8YXPIfBpf8h8El/2FwyX8AAAAAAAAAAAAAAAAAAAAAAAAAAADoqvPnzmXLyvLD61NZffrq4sJs9eqp6bQ2W5pbmCpNVeevlGaq1ZlKWpqqzm319yrV6pXxiVi4NlZPa/Wx2uLShbnqwuX6hUtz5Zn0Qjr8v0QFAAAAAAAAAAAAAAAAAAAAz5ba4tJsuVJJ5xU6Ft6PvjiMpxngql3tXuyXKBQ6FG7m3buzvXp4UQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAdf4LAAD//++4Mnc=") r0 = syz_open_dev$dmmidi(&(0x7f0000000300), 0x2, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_PVERSION(r0, 0x40045702, &(0x7f0000000000)) ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r0, 0xc0305710, &(0x7f0000000040)={0x0, 0x1ff, 0x54, 0x1}) 3.812625442s ago: executing program 3 (id=4327): socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_attach_bpf(r0, 0x1, 0x4c, &(0x7f0000000000), 0x4) sendmmsg$unix(r0, &(0x7f0000001b40)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000800}}], 0x1, 0x84) connect$unix(r0, &(0x7f0000000280)=@file={0x1, './file0/file0\x00'}, 0x6e) 3.308147133s ago: executing program 3 (id=4332): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_SET_MSRS(r2, 0xc008ae88, &(0x7f00000003c0)=ANY=[@ANYBLOB="0100000000fffffff3000040"]) 2.964166681s ago: executing program 6 (id=4334): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)={0x28, r0, 0x1, 0x70bd27, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MESH_CONFIG={0xc, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_PATH_REFRESH_TIME={0x8, 0x9, 0x5}]}]}, 0x28}}, 0x0) 2.890415137s ago: executing program 6 (id=4335): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000140)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_GET_DAT_CACHE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x1c, r1, 0x303, 0x0, 0x0, {0x6}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x8000) 2.753698798s ago: executing program 6 (id=4336): unshare(0x6020400) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) getsockopt(r0, 0x400000000000003a, 0x1, 0x0, 0x0) 2.618014859s ago: executing program 6 (id=4338): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x1, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) signalfd4(0xffffffffffffffff, &(0x7f00000003c0)={[0x1fffffffff]}, 0x8, 0x0) 1.566249063s ago: executing program 6 (id=4345): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_IBSS(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000180)={0x54, r1, 0x101, 0x70bd2a, 0xfffffffe, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_PRIVACY={0x4}, @NL80211_ATTR_SSID={0x5, 0x34, @random="c4"}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_KEYS={0x24, 0x51, 0x0, 0x1, [{0x20, 0x0, 0x0, 0x1, [@NL80211_KEY_DATA_WEP40={0x9}, @NL80211_KEY_IDX={0x5, 0x2, 0x2}, @NL80211_KEY_DEFAULT_TYPES={0x4}, @NL80211_KEY_DEFAULT={0x4}]}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x4044014}, 0x48000) 1.447205363s ago: executing program 5 (id=4346): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000003c0)='GPL\x00'}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='contention_end\x00', r0}, 0x10) r1 = openat$mixer(0xffffffffffffff9c, &(0x7f0000001640), 0x121040, 0x0) ioctl$FS_IOC_GETFLAGS(r1, 0x80086601, &(0x7f0000001680)) 1.397590567s ago: executing program 1 (id=4347): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_IBSS(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000740)={0x44, r1, 0x101, 0x70bd26, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_PRIVACY={0x4}, @NL80211_ATTR_SSID={0x5, 0x34, @random="c4"}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_KEYS={0x14, 0x51, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NL80211_KEY_DATA_WEP40={0x9, 0x1, "b168fa3167"}]}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x200000d0}, 0x0) 1.317806364s ago: executing program 6 (id=4348): bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000400)=@bpf_lsm={0x1d, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x1e00, 0x44, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f00000003c0)=[{0x1, 0x4, 0x2, 0x3}], 0x10, 0x6}, 0x94) r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x1c1842, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7902}) write$cgroup_devices(r0, &(0x7f00000003c0)=ANY=[@ANYBLOB="1e03"], 0xffdd) 1.170002966s ago: executing program 5 (id=4349): pipe2(&(0x7f0000000040), 0x0) r0 = io_uring_setup(0x54a0, &(0x7f0000000000)={0x0, 0x70e6, 0x2, 0x2, 0xf2}) io_uring_register$IORING_UNREGISTER_IOWQ_AFF(r0, 0x12, 0x0, 0x0) io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(r0, 0x13, &(0x7f0000000400)=[0xe758, 0x8], 0x2) 1.089968942s ago: executing program 5 (id=4350): openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) io_setup(0x8, &(0x7f0000004200)=0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') io_submit(r0, 0x1, &(0x7f0000004540)=[&(0x7f0000004280)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}]) 993.95551ms ago: executing program 1 (id=4351): syz_mount_image$ext4(&(0x7f0000001140)='ext4\x00', &(0x7f00000007c0)='./file1\x00', 0x410884, &(0x7f00000001c0)={[{@nouid32}, {@acl}]}, 0x1, 0x77c, &(0x7f0000001900)="$eJzs3ctrXFUYAPDvTpKmTWsTQdC6CggaKJ2YGlsFFxUXIlgo6Np2mExDzSRTMpPShIAWEVwoqLgQdNO1j7pz62Or/4ULsVRNixVBidzJ3HbaTNIknWSi8/vBTc65jznnm/s4Z+Ye7gTQtYbTP7mIQxHxfhIx2JifRERfPdUbcWJlvZtLi8V0SmJ5+ZXfkvo6N5YWi9G0TWp/I/NIRHz3dsTh3Opyq/MLU4VyuTTbyI/Wps+PVucXjpybLkyWJkszx8bGx48ef/r4sfbF+sePCweufvDiE1+e+Outh6+8930SJ+JAY1lzHO0yHMON96QvfQvv8EK7C+uwpNMVYEvSU7Nn5SyPQzEYPfUUAPB/9kZELAMAXSbR/gNAl8m+B7ixtFjMps5+I7Gzrj0fEXtX4s/ub64s6W3cs9tbvw86cCO5485IEhFDbSh/OCI+/fq1z9Mptuk+JEArb16KiDNDw6uv/8mqMQub9eQ6y/Y0/g/fNd/1D3bON2n/55lW/b/crf5PtOj/9Lc4d7finuf/vjYUso60//dc09i2m03xNwz1NHIP1Pt8fcnZc+VSem07GBEj0def5sfWKWPk+j/X756XvXq9//f3Sv/v9w9f/ywtP/3ftOYvvf13bjtRqBXuN+7MtUsRj/a2ij+5tf+TNfq/pzZYxkvPvvPJWsvS+NN4s2l1/NEYnbQ9li9HPN5y/98e0ZasOz5xtH44jGYHRQtf/fTxwFrlN/f/0yktP/sssBPS/T+wfvxDSfN4zermy/jh8uC3ay27d/ytj/89yav1dNaPuFio1WbHIvYkL6+ef/T2tlk+Wz+Nf+Sx1uf/esd/+pnwzAbj77366xfvHtxq/NsrjX9iU/t/84krN6d61ip/Y/t/vJ4aaczZyPVvoxW8n/cOAAAAAAAAAAAAAAAAAAAAAAAAADYqFxEHIsnlb6VzuXx+5Te8H4qBXLlSrR0+W5mbmYj6b2UPRV8ue9TlYNPzUMcaz8PP8kfvyj8VEQ9GxEf9+5LsOYoTHY4dAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADL71/j9/9TP/Z2uHQCwbfZ2ugIAwI7T/gNA99H+A0D30f4DQPfR/gNA99H+AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsM1OnTyZTst/Li0W0/zEhfm5qcqFIxOl6lR+eq6YL1Zmz+cnK5XJcilfrEzf6/XKlcr58ZiZuzhaK1Vro9X5hdPTlbmZ2ulz04XJ0ulS345EBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACbU51fmCqUy6VZiS0klu9r82SXRNGGRE/jcNot9dnRRLI7qtHmRIcvTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/Ef8GAAD//+GAI2c=") r0 = open(&(0x7f00000000c0)='./file1\x00', 0x14927e, 0x6) fallocate(r0, 0x0, 0x0, 0x1001f0) fallocate(r0, 0x8, 0x0, 0x10000) 814.705285ms ago: executing program 1 (id=4352): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f00000000c0)={[{@noinit_itable}, {@dax_inode}, {@nolazytime}, {@abort}, {@dax_inode}, {@lazytime}, {@noload}, {}, {@noauto_da_alloc}]}, 0xfe, 0x558, &(0x7f0000000c00)="$eJzs3U1rG0cfAPD/ynbenOeJAyG0PRRDDk1JI8d2X1LoIT2WNjTQ3lNhb0ywHAVLDrEbaHJoLr2UUCilgdIP0HuPoV+gnyLQBkIJpj30orLyylFsyZZtpVaq3w82mdldaXY0+x/PaCQUwMAaz/4pRLwcEV8nEcdajg1HfnB87bzVJ7dmsi2Jev2TP5JI8n3N85P8/9E881JE/PJlxJnC5nKryyvzpXI5XczzE7WF6xPV5ZWzVxdKc+lcem1qevr8W9NT777zds/q+vqlv777+MEH5786tfrtT4+O30viQhzNj7XWYw9ut2bGYzx/TUbiwoYTJ3tQWD9J9vsC2JWhPM5HIusDjsVQHvXAf98XEVEHBlQi/mFANccBzbl9j+bBL4zH769NgDbXf3jtvZE41JgbHVlNnpkZZfPdsR6Un5Xx8+/372Vb9O59CIBt3b4TEeeGhzf3f0ne/+3euS7O2VjGDvu/+g4vCWjxIBv/vNFu/FNYH/9Em/HPaJvY3Y3t47/wqAfFdJSN/95rO/5dX7QaG8pz/2uM+UaSK1fLada3/T8iTsfIwSy/1XrO+dWHHfup1vFftmXlN8eC+XU8Gj747GNmS7XSXurc6vGdiFfajn+T9fZP2rR/9npc6rKMk+n9Vzsd277+z1f9x4jX2rb/0xWtZOv1yYnG/TDRvCs2+/PuyV87lb/f9c/a/8jW9R9LWtdrqzsv44dDf6edju32/j+QfNpIH8j33SzVaouTEQeSjzbvn3r62Ga+eX5W/9Ontu7/2t3/hyPisy7rf/fE3Y6n9kP7z+6o/XeeePjh5993Kr+79n+zkTqd7+mm/+v2Avfy2gEAAAAAAEC/KUTE0UgKxfV0oVAsrn2+40QcKZQr1dqZK5Wla7PR+K7sWIwUmivdoy2fh5jMPw/bzE9tyE9HxPGI+GbocCNfnKmUZ/e78gAAAAAAAAAAAAAAAAAAANAnRjt8/z/z29B+Xx3w3PnJbxhc28Z/L37pCehL/v7D4BL/MLjEPwwu8Q+DS/zD4BL/MLjEPwwu8Q8AAAAAAAAAAAAAAAAAAAAAAAAAAAA9denixWyrrz65NZPlZ28sL81XbpydTavzxYWlmeJMZfF6ca5SmSunxZnKwnbPV65Urk9OxdLNiVparU1Ul1cuL1SWrtUuX10ozaWX05F/pVYAAAAAAAAAAAAAAAAAAADwYqkur8yXyuV0UUJiV4nh/rgMibVEM7D3/IT72y8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQKt/AgAA//+jgjYy") r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r0, 0xc080661a, 0x0) 730.412911ms ago: executing program 5 (id=4353): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r0, 0x0) syz_emit_ethernet(0x52, &(0x7f0000000440)={@local, @local, @void, {@ipv4={0x800, @tcp={{0xc, 0x4, 0x0, 0x0, 0x44, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local, {[@timestamp_addr={0x44, 0x1c, 0xa, 0x1, 0x0, [{}, {@dev}, {@dev}]}]}}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0xc2}}}}}}, 0x0) 696.998644ms ago: executing program 5 (id=4354): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x4e60, 0x0, @mcast2, 0xd}, 0x1c) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1, 0x41071, 0xffffffffffffffff, 0x0) write(r0, &(0x7f0000000440)="7d79b2fe", 0x4) 613.881011ms ago: executing program 5 (id=4355): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000000000008f04"]) 315.297915ms ago: executing program 1 (id=4356): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0xc}]}, 0x24}}, 0x0) 58.199465ms ago: executing program 1 (id=4357): syz_mount_image$minix(&(0x7f0000000140), &(0x7f0000000040)='./file0\x00', 0x804008, &(0x7f0000000100)=ANY=[], 0x5a, 0x212, &(0x7f0000000440)="$eJzs3D1v00Acx/Gf40BIQTyKBzFVQkIsJNBWqrLRhY03gMRQtaGqcKE0LI2QoG+CnZWJl8A7YWVoBzYmDp19AcdJ8cUhcYS/H6mNY9/P/3Pbs32NEgGorEfx90Bn3HNjzLtlSU+fSKqV2jUAM2bc408DoHpChj5QUScbYXz9/xJIX7+/3Tp2X+c87x9ONpJJgp0/HKfyzdMCzzL5oyB+vF0fzi9JOj8Sro/ev3xM8ncz9S/49t/VX8rkG9755Pjv3RnOX5R0SdJlSVckXZV0TYp3e11uQ6r+dqb+rWTzkWc3AAAAAAD4Kzv7bA2e+E76s/mWT8sHY9fa2fPz3ag7fquHWpJ/6NV49ADPuvorBcsP8quZPuVyL7g2XL619SraLtgHoKhaevznGxlA/uNfY/+dFU45/utx/kPBNFBtvcP+i80o6h7MbUGaNGUvlcWLNgcL33Ibf7IL+pG8MjL7n8bgZGrXLPukAtd4br8v5bd5n9OmqYOe8djP3BdeP07u3mZQwl6U0mv60+4wyI7T+tAg+pz6Q4oiE/b2/8Fx2R2a8PeJIizj7ARgltpv9vbbvcP+/d29zZ3uTvfl2nqns762utJpx7fl7akm5wAW2Z+Lftk9AQAAAAAAAAAAAAAARd2QdHPy2Kkf7wEAAABgcU3+xqDGxG8nKvsYAQAAAAAAAAAAAAD43/0KAAD//3hpPUA=") r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) getdents(r0, 0x0, 0x0) 0s ago: executing program 1 (id=4358): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=ANY=[@ANYBLOB="fc00000019000100000000000000000000000000000000000000000000000000fe8000000000000000000000000000bb00000000000000000200000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000007000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000001000000000000004400050020010000000000000000000000000000000000022b0000000a000000fc0118000000000000000000000000000000000004"], 0xfc}, 0x1, 0x0, 0x0, 0x20008000}, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000001ac0)=ANY=[@ANYBLOB="b702000006000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2a24a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112b0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01ac69398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9877399537f5dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e48455b5a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ef6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a8449f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b6214912a517810200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d2943e6f5f828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000056c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137000059aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033ec14bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734837ff47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d65a6d072034cecc457776c5fa1f33b0203c072083c9cda0b7480e0b17854ffcc76176ce266bc698f7921b8afe798a7a5ed33ab0374455ee368fda99a0e681bf9426831b193395cb01a7332a50aac841cb7d48a1768a7640a9820631ba775a00000000000000000000d550c9f15fbb2324a3f37dc4ba"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r1, 0x18000000000002a0, 0xe2c, 0x60000000, &(0x7f0000000100)="b9ff03076844268cb89e14f008004be0ffff00124000632f77fbac141416ac141416830807034d2f87e5890c6aab845013f2325f1a39019403178da1880b251812a59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126f4000000000000000000", 0x0, 0xfe, 0x60000000, 0x0, 0xfffffffffffffcb6, &(0x7f0000000000), &(0x7f0000000880)="4310aace1ca3595b44f06133bfeefc8b6978626f96e29bb86a1efec7626ba161a6a29948171839999d52464bcac4b62831eb064bbc97bf42d0e88588558101dcbf98e4140395b2017d35b9b4ab3eaee60a7ab23800cde2d1b9bf1d88924dec6e19d834bc3093a34bd87af0a2d089f0b30c50059d87178d3e92af192125dd14b79e66135c5cec80638f5b8d1de406b8ff8171f004aa1bbb42e23f72fac3f61df5f4d9d8e314137d6f7839daa635a8d5e5c586d884d71df30b3a75ce94f8ffffffff0000000065e20882cefc31752404bbca85078189ffd2febf0d7fe1250f0d58769527ffafcafcf6244dfd580f5b2c5b22f3e57def50929a14590b585702dcb2bb404025b6850c22c064ac27a249c8f21199253881fc5cd8cfed8a64232df0a54a41cae8edea76f4d7298c0ea8e9559e81e19fd57d80b1705b0a62adc7fc86a806c1cbc16e6695e3c6695106ee28a3f24959e5efa4", 0x6}, 0x2c) kernel console output (not intermixed with test programs): 000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 488.525405][T14270] do_dccp_getsockopt: sockopt(PACKET_SIZE) is deprecated: fix your app [ 488.599121][ T27] usb 1-1: new high-speed USB device number 27 using dummy_hcd [ 488.801726][ T27] usb 1-1: Using ep0 maxpacket: 16 [ 488.820799][ T27] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 488.845774][ T27] usb 1-1: New USB device found, idVendor=05ac, idProduct=029f, bcdDevice= 0.00 [ 488.874971][ T27] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 488.895788][ T27] usb 1-1: config 0 descriptor?? [ 489.306164][T14287] loop1: detected capacity change from 0 to 512 [ 489.346832][ T27] apple 0003:05AC:029F.0040: unknown main item tag 0x0 [ 489.370300][ T27] apple 0003:05AC:029F.0040: unknown main item tag 0x0 [ 489.377377][ T27] apple 0003:05AC:029F.0040: unknown main item tag 0x0 [ 489.395755][T14275] loop5: detected capacity change from 0 to 32768 [ 489.408655][ T27] apple 0003:05AC:029F.0040: unknown main item tag 0x0 [ 489.415615][ T27] apple 0003:05AC:029F.0040: unknown main item tag 0x0 [ 489.423235][T14275] [ 489.423235][T14275] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 489.423235][T14275] [ 489.447441][ T27] apple 0003:05AC:029F.0040: hidraw0: USB HID v0.fe Device [HID 05ac:029f] on usb-dummy_hcd.0-1/input0 [ 489.502854][T14275] [ 489.502854][T14275] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 489.502854][T14275] [ 489.536536][T14275] [ 489.536536][T14275] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 489.536536][T14275] [ 489.555162][ T55] usb 1-1: USB disconnect, device number 27 [ 489.598466][T14275] [ 489.598466][T14275] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 489.598466][T14275] [ 489.631088][T14275] [ 489.631088][T14275] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 489.631088][T14275] [ 489.653208][ T113] [ 489.653208][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 489.653208][ T113] [ 489.677051][T14288] fido_id[14288]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 489.682269][T14291] [ 489.682269][T14291] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 489.682269][T14291] [ 489.718801][T14291] [ 489.718801][T14291] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 489.718801][T14291] [ 489.782830][T12058] [ 489.782830][T12058] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 489.782830][T12058] [ 489.793854][T12058] [ 489.793854][T12058] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 489.793854][T12058] [ 490.187253][T14290] loop1: detected capacity change from 0 to 32768 [ 490.282867][T14290] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 490.318309][T14307] loop5: detected capacity change from 0 to 128 [ 490.440743][T14313] netlink: 208 bytes leftover after parsing attributes in process `syz.0.3360'. [ 490.474624][T14290] XFS (loop1): Ending clean mount [ 490.517970][T14290] XFS (loop1): Quotacheck needed: Please wait. [ 490.654087][T14290] XFS (loop1): Quotacheck: Done. [ 490.874137][ T5786] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 490.966454][T14321] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3364'. [ 491.107766][ T28] audit: type=1326 audit(1756407224.357:170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14324 comm="syz.0.3367" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f5df998ebe9 code=0x0 [ 491.434856][T14332] loop1: detected capacity change from 0 to 128 [ 492.396043][T14338] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3371'. [ 492.452099][T14340] loop5: detected capacity change from 0 to 128 [ 492.827117][T14348] loop5: detected capacity change from 0 to 2048 [ 492.877351][T14348] UDF-fs: error (device loop5): udf_process_sequence: Primary Volume Descriptor not found! [ 492.916755][T14348] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 492.974661][T14348] UDF-fs: error (device loop5): udf_verify_fi: directory (ino 1376) has entry at pos 0 with unaligned length of impUse field [ 493.082911][T14360] loop1: detected capacity change from 0 to 128 [ 493.171578][T14360] ufs: ufs_fill_super(): fragment size 2066844866 is not a power of 2 [ 493.612008][T14375] loop0: detected capacity change from 0 to 512 [ 493.613444][T14372] loop3: detected capacity change from 0 to 512 [ 493.644052][T14375] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 493.658097][T14372] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 493.684051][T14375] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c018, mo2=00c2] [ 493.707810][T14375] System zones: 0-2, 18-18, 34-34 [ 493.723202][T14375] EXT4-fs (loop0): orphan cleanup on readonly fs [ 493.757332][T14372] EXT4-fs (loop3): 1 truncate cleaned up [ 493.764955][T14375] EXT4-fs error (device loop0): ext4_quota_enable:7131: inode #15: comm syz.0.3390: iget: bad i_size value: 360287970189639690 [ 493.791184][T14372] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 493.819629][T14375] EXT4-fs error (device loop0): ext4_quota_enable:7134: comm syz.0.3390: Bad quota inode: 15, type: 2 [ 493.857650][ T5861] usb 2-1: new high-speed USB device number 28 using dummy_hcd [ 493.881491][T14372] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2244: inode #15: comm syz.3.3389: corrupted in-inode xattr: overlapping e_value [ 493.903929][T14375] EXT4-fs warning (device loop0): ext4_enable_quotas:7175: Failed to enable quota tracking (type=2, err=-117, ino=15). Please run e2fsck to fix. [ 493.945853][T14375] EXT4-fs (loop0): Cannot turn on quotas: error -117 [ 493.953511][T14372] EXT4-fs (loop3): Remounting filesystem read-only [ 493.962945][T14375] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 493.977918][T14372] EXT4-fs warning (device loop3): ext4_xattr_set_entry:1781: inode #15: comm syz.3.3389: unable to update i_inline_off [ 494.059646][ T5861] usb 2-1: config 0 interface 0 altsetting 1 endpoint 0x81 has invalid wMaxPacketSize 0 [ 494.078649][ T5861] usb 2-1: config 0 interface 0 has no altsetting 0 [ 494.085441][ T5861] usb 2-1: New USB device found, idVendor=056a, idProduct=00ba, bcdDevice= 0.00 [ 494.096719][ T5796] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 494.100584][ T5800] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 494.106756][ T5861] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 494.160189][ T5861] usb 2-1: config 0 descriptor?? [ 494.281516][T14383] netlink: 104 bytes leftover after parsing attributes in process `syz.0.3393'. [ 494.383764][T14369] loop5: detected capacity change from 0 to 32768 [ 494.421542][T14369] BTRFS error: device /dev/loop5 already registered with a higher generation, found 8 expect 9 [ 494.609026][ T5946] BTRFS error: device /dev/loop5 already registered with a higher generation, found 8 expect 9 [ 494.680321][ T5861] wacom 0003:056A:00BA.0041: unbalanced collection at end of report description [ 494.711385][ T5861] wacom 0003:056A:00BA.0041: parse failed [ 494.725049][T14394] overlayfs: missing 'lowerdir' [ 494.725330][ T5861] wacom: probe of 0003:056A:00BA.0041 failed with error -22 [ 494.872769][ T27] usb 2-1: USB disconnect, device number 28 [ 495.384945][T14400] loop0: detected capacity change from 0 to 32768 [ 495.537739][ T5788] usb 4-1: new high-speed USB device number 31 using dummy_hcd [ 495.622926][T14412] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3406'. [ 495.762106][ T5788] usb 4-1: config 0 interface 0 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 495.776629][ T5788] usb 4-1: config 0 interface 0 has no altsetting 0 [ 495.787730][ T5788] usb 4-1: New USB device found, idVendor=046d, idProduct=c29c, bcdDevice= 0.00 [ 495.823933][ T5788] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 495.846525][ T5788] usb 4-1: config 0 descriptor?? [ 495.947867][ T55] usb 6-1: new high-speed USB device number 14 using dummy_hcd [ 496.148803][ T55] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 496.167823][ T55] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 496.187702][ T55] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 496.203320][ T55] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 496.241003][T14414] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22 [ 496.254058][ T55] usb 6-1: Quirk or no altest; falling back to MIDI 1.0 [ 496.295193][ T5788] logitech 0003:046D:C29C.0042: hidraw0: USB HID v1.01 Device [HID 046d:c29c] on usb-dummy_hcd.3-1/input0 [ 496.369747][T14430] loop1: detected capacity change from 0 to 256 [ 496.406414][ T28] audit: type=1800 audit(1756407229.657:171): pid=14430 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.3413" name="file1" dev="loop1" ino=1048916 res=0 errno=0 [ 496.414746][T14430] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 196) [ 496.445054][T14430] FAT-fs (loop1): Filesystem has been set read-only [ 496.478958][ T5788] logitech 0003:046D:C29C.0042: no inputs found [ 496.563020][ T5841] usb 6-1: USB disconnect, device number 14 [ 496.579712][ T5788] usb 4-1: USB disconnect, device number 31 [ 496.804087][T14437] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3416'. [ 496.884537][T14439] loop1: detected capacity change from 0 to 512 [ 496.914826][T14439] FAT-fs (loop1): error, invalid access to FAT (entry 0x0fff0000) [ 497.735083][T14441] loop0: detected capacity change from 0 to 32768 [ 497.752751][T14441] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz.0.3418 (14441) [ 497.772581][T14441] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 497.785719][T14441] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 497.803746][T14441] BTRFS info (device loop0): using free space tree [ 497.927338][T14441] BTRFS info (device loop0): enabling ssd optimizations [ 497.947756][T14441] BTRFS info (device loop0): auto enabling async discard [ 498.076198][ T5796] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 498.189704][T14484] loop5: detected capacity change from 0 to 2048 [ 498.267909][T14484] UDF-fs: error (device loop5): udf_read_tagged: tag checksum failed, block 129: 0x32 != 0x7d [ 498.324764][T14484] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 498.724592][T14473] loop1: detected capacity change from 0 to 32768 [ 498.854654][T14473] ocfs2: Mounting device (7,1) on (node local, slot 0) with writeback data mode. [ 498.904752][T14497] loop0: detected capacity change from 0 to 512 [ 498.921403][T14497] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 498.967875][T14497] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 499.054820][T14497] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #11: comm syz.0.3436: invalid indirect mapped block 4294967295 (level 1) [ 499.178061][T14497] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #11: comm syz.0.3436: invalid indirect mapped block 4294967295 (level 1) [ 499.186514][ T5786] ocfs2: Unmounting device (7,1) on (node local) [ 499.235083][T14497] EXT4-fs (loop0): 2 truncates cleaned up [ 499.276366][T14497] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 499.484820][T14491] loop3: detected capacity change from 0 to 32768 [ 499.555523][T14491] jfs_lookup: iget failed on inum 4 [ 499.598222][T14491] jfs_lookup: iget failed on inum 4 [ 499.616057][ T5796] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 500.056927][ T28] audit: type=1326 audit(1756407233.307:172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14512 comm="syz.5.3443" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f06ef18ebe9 code=0x0 [ 500.173434][T14518] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3445'. [ 500.258004][T14520] loop3: detected capacity change from 0 to 512 [ 500.311939][T14520] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 500.457135][T14503] loop1: detected capacity change from 0 to 32768 [ 500.522607][ T5800] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 500.544995][T14503] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 500.765072][T14503] XFS (loop1): Ending clean mount [ 500.791861][T14503] XFS (loop1): Quotacheck needed: Please wait. [ 500.832318][T14537] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 500.878295][T14503] XFS (loop1): Quotacheck: Done. [ 501.034705][ T5786] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 501.432241][ T23] usb 6-1: new high-speed USB device number 15 using dummy_hcd [ 501.536907][T14557] loop3: detected capacity change from 0 to 1024 [ 501.627941][ T23] usb 6-1: Using ep0 maxpacket: 16 [ 501.635716][ T23] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 501.667109][ T23] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 501.682799][ T23] usb 6-1: New USB device found, idVendor=05ac, idProduct=0324, bcdDevice= 0.00 [ 501.692462][ T23] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 501.733247][ T23] usb 6-1: config 0 descriptor?? [ 501.894945][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.901539][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 501.995403][T14564] loop0: detected capacity change from 0 to 1024 [ 502.038520][T14564] hfsplus: bad catalog entry type [ 502.106278][ T59] hfsplus: b-tree write err: -5, ino 4 [ 502.197680][ T23] magicmouse 0003:05AC:0324.0043: hidraw0: USB HID v0.00 Device [HID 05ac:0324] on usb-dummy_hcd.5-1/input0 [ 502.389704][ T23] usb 6-1: USB disconnect, device number 15 [ 502.488657][T14568] fido_id[14568]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory [ 502.847705][ T27] usb 1-1: new high-speed USB device number 28 using dummy_hcd [ 502.884048][T14586] netlink: 'syz.3.3473': attribute type 11 has an invalid length. [ 502.898720][T14586] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3473'. [ 503.038113][ T27] usb 1-1: Using ep0 maxpacket: 32 [ 503.046296][ T27] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 503.067396][ T27] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 503.085654][ T27] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 503.120170][ T27] usb 1-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22 [ 503.132510][ T27] usb 1-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131 [ 503.141641][ T27] usb 1-1: Product: syz [ 503.145880][ T27] usb 1-1: Manufacturer: syz [ 503.151859][ T27] usb 1-1: SerialNumber: syz [ 503.178599][ T27] input: appletouch as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/input/input25 [ 503.429852][ T27] usb 1-1: USB disconnect, device number 28 [ 503.539199][ T27] appletouch 1-1:1.0: input: appletouch disconnected [ 503.787727][ T5788] usb 6-1: new high-speed USB device number 16 using dummy_hcd [ 503.967811][ T5788] usb 6-1: Using ep0 maxpacket: 8 [ 503.987172][ T5788] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9 [ 503.999137][ T5788] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 504.013303][ T5788] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 504.023308][ T5788] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12592, setting to 1024 [ 504.035134][ T5788] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 504.045793][ T5788] usb 6-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 504.055252][ T5788] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 504.066421][ T5788] usb 6-1: config 0 descriptor?? [ 504.073087][T14604] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 504.291967][T14604] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 504.301356][T14604] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 504.314878][ T50] Bluetooth: hci4: unexpected event 0x12 length: 1 < 8 [ 504.322728][ T50] Bluetooth: hci4: Malformed Event: 0x02 [ 504.331480][ T50] Bluetooth: hci4: unexpected event 0x04 length: 15 > 10 [ 504.331663][ T50] Bluetooth: hci4: connection err: -111 [ 504.517177][ T5788] usb 6-1: USB disconnect, device number 16 [ 504.520075][ T5795] Bluetooth: hci4: Opcode 0x0c03 failed: -71 [ 506.484202][T14620] loop1: detected capacity change from 0 to 32768 [ 506.588126][T14620] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 506.638550][T14618] loop3: detected capacity change from 0 to 40427 [ 506.686396][T14618] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 506.730765][T14618] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 506.798132][T14620] XFS (loop1): Ending clean mount [ 506.877621][T14618] F2FS-fs (loop3): Found nat_bits in checkpoint [ 506.966014][T14657] loop5: detected capacity change from 0 to 256 [ 507.023691][T14618] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 507.031423][T14618] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 507.054974][T14657] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0xb5fb52fc, utbl_chksum : 0xe619d30d) [ 507.116092][ T5786] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 507.500464][T14661] netlink: 68 bytes leftover after parsing attributes in process `syz.5.3506'. [ 507.825869][T14648] loop0: detected capacity change from 0 to 40427 [ 507.882467][T14648] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 507.917625][T14648] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 507.969562][T14648] F2FS-fs (loop0): invalid crc value [ 508.021233][T14648] F2FS-fs (loop0): Found nat_bits in checkpoint [ 508.180968][T14648] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 508.207875][T14648] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 508.516794][T14686] netlink: 24 bytes leftover after parsing attributes in process `syz.5.3514'. [ 508.779458][T14692] loop5: detected capacity change from 0 to 1024 [ 508.913396][T14692] hfsplus: bad catalog entry type [ 509.026975][ T1142] hfsplus: b-tree write err: -5, ino 4 [ 509.097705][ T23] usb 4-1: new high-speed USB device number 32 using dummy_hcd [ 509.318009][ T23] usb 4-1: Using ep0 maxpacket: 32 [ 509.325580][ T23] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 509.362710][ T23] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 509.385149][ T23] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 509.395167][ T23] usb 4-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 509.415036][ T23] usb 4-1: Product: syz [ 509.423150][ T23] usb 4-1: Manufacturer: syz [ 509.443750][ T23] hub 4-1:4.0: USB hub found [ 509.461258][T14707] loop1: detected capacity change from 0 to 4096 [ 509.507768][T14707] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 509.657000][ T5786] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 509.674859][T14715] mac80211_hwsim hwsim2 wlan0: entered promiscuous mode [ 509.690594][ T23] hub 4-1:4.0: 9 ports detected [ 509.702550][ T23] hub 4-1:4.0: insufficient power available to use all downstream ports [ 509.729935][T14715] mac80211_hwsim hwsim2 wlan0: left promiscuous mode [ 509.899813][ T23] hub 4-1:4.0: hub_hub_status failed (err = -71) [ 509.907370][ T23] hub 4-1:4.0: config failed, can't get hub status (err -71) [ 509.979470][ T23] usb 4-1: USB disconnect, device number 32 [ 510.027813][ T27] usb 6-1: new high-speed USB device number 17 using dummy_hcd [ 510.260104][ T27] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 510.270210][ T27] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 510.290086][ T27] usb 6-1: Product: syz [ 510.308004][ T27] usb 6-1: Manufacturer: syz [ 510.313087][ T27] usb 6-1: SerialNumber: syz [ 510.334752][ T27] usb 6-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 510.364985][ T1189] usb 6-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 510.822665][ T5788] usb 6-1: USB disconnect, device number 17 [ 511.466605][T14762] loop5: detected capacity change from 0 to 8 [ 511.606476][T14766] bridge0: entered promiscuous mode [ 511.727894][ T1189] usb 6-1: Service connection timeout for: 256 [ 511.734180][ T1189] ath9k_htc 6-1:1.0: ath9k_htc: Unable to initialize HTC services [ 511.797183][ T1189] ath9k_htc: Failed to initialize the device [ 511.824526][ T5788] usb 6-1: ath9k_htc: USB layer deinitialized [ 512.102702][T14777] loop5: detected capacity change from 0 to 4096 [ 512.127268][T14777] ntfs3: loop5: Different NTFS sector size (4096) and media sector size (512). [ 512.131612][T14742] loop3: detected capacity change from 0 to 65536 [ 512.267065][T14742] XFS (loop3): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 512.307887][T14777] ntfs3: loop5: Mark volume as dirty due to NTFS errors [ 512.365890][T14777] ntfs3: loop5: Failed to initialize $Extend/$ObjId. [ 512.385392][T14742] XFS (loop3): Ending clean mount [ 512.483045][ T27] XFS (loop3): Metadata CRC error detected at xfs_agf_read_verify+0x191/0x250, xfs_agf block 0x8001 [ 512.483212][ T27] XFS (loop3): Unmount and run xfs_repair [ 512.483228][ T27] XFS (loop3): First 128 bytes of corrupted metadata buffer: [ 512.483247][ T27] 00000000: 58 41 47 46 00 00 00 01 00 00 00 01 00 00 40 00 XAGF..........@. [ 512.483264][ T27] 00000010: 00 00 00 02 00 00 00 03 00 00 00 00 00 00 00 01 ................ [ 512.483280][ T27] 00000020: 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 04 ................ [ 512.483296][ T27] 00000030: 00 00 00 04 00 00 3b 5f 00 00 3b 5c 00 00 00 00 ......;_..;\.... [ 512.483312][ T27] 00000040: 9b 73 48 e5 2f a0 41 a5 95 26 c5 3a 67 8b 01 f3 .sH./.A..&.:g... [ 512.483328][ T27] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 512.483343][ T27] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 512.483360][ T27] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 512.486660][T14792] XFS (loop3): metadata I/O error in "xfs_read_agf+0x27e/0x590" at daddr 0x8001 len 1 error 74 [ 512.618244][ T5800] XFS (loop3): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 512.665031][T14776] loop0: detected capacity change from 0 to 32768 [ 512.739859][T14776] ocfs2: Mounting device (7,0) on (node local, slot 0) with writeback data mode. [ 512.746332][T14796] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3560'. [ 513.112064][ T5796] ocfs2: Unmounting device (7,0) on (node local) [ 513.357640][ T5834] usb 6-1: new high-speed USB device number 18 using dummy_hcd [ 513.577761][ T5834] usb 6-1: Using ep0 maxpacket: 32 [ 513.588939][ T5834] usb 6-1: config 0 has an invalid interface number: 1 but max is 0 [ 513.597144][ T5834] usb 6-1: config 0 has no interface number 0 [ 513.630075][ T5834] usb 6-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8 [ 513.654549][ T5834] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 513.684172][T14809] loop3: detected capacity change from 0 to 4096 [ 513.704726][ T5834] usb 6-1: Product: syz [ 513.720575][T14809] ntfs3: loop3: Different NTFS sector size (2048) and media sector size (512). [ 513.724063][ T5834] usb 6-1: Manufacturer: syz [ 513.757605][ T5834] usb 6-1: SerialNumber: syz [ 513.775917][ T5834] usb 6-1: config 0 descriptor?? [ 513.799549][ T5834] usb 6-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state [ 513.818833][ T5834] usb 6-1: selecting invalid altsetting 1 [ 513.824924][ T5834] usb 6-1: dvb_usb_ce6230: usb_set_interface() failed=-22 [ 513.866429][ T5834] usb 6-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 513.894345][ T5834] dvbdev: DVB: registering new adapter (Intel CE9500 reference design) [ 513.932310][ T5834] usb 6-1: media controller created [ 514.035327][ T5834] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 514.079703][T14823] loop3: detected capacity change from 0 to 16 [ 514.099067][T14823] erofs: (device loop3): mounted with root inode @ nid 36. [ 514.153317][ T28] audit: type=1800 audit(1756407247.397:173): pid=14823 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.3573" name="file1" dev="loop3" ino=86 res=0 errno=0 [ 514.186269][ T5834] usb 6-1: dvb_usb_ce6230: usb_control_msg() failed=-71 [ 514.218094][ T5834] zl10353_read_register: readreg error (reg=127, ret==-71) [ 514.235880][ T5834] usb 6-1: dvb_usb_ce6230: usb_set_interface() failed=-71 [ 514.360454][ T5834] usb 6-1: USB disconnect, device number 18 [ 514.509090][T14833] loop1: detected capacity change from 0 to 64 [ 514.511437][T14831] loop0: detected capacity change from 0 to 1024 [ 514.563147][T14831] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 514.599108][T14831] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 514.639747][T14831] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 514.658793][T14831] EXT4-fs (loop0): orphan cleanup on readonly fs [ 514.731536][T14831] EXT4-fs error (device loop0): ext4_map_blocks:718: inode #3: block 3: comm syz.0.3577: lblock 3 mapped to illegal pblock 3 (length 1) [ 514.829297][T14831] Quota error (device loop0): write_blk: dquota write failed [ 514.836854][T14831] Quota error (device loop0): find_free_dqentry: Can't write quota data block 3 [ 514.873464][T14831] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 514.915188][T14831] EXT4-fs error (device loop0): ext4_acquire_dquot:6940: comm syz.0.3577: Failed to acquire dquot type 0 [ 514.954263][T14831] EXT4-fs error (device loop0): ext4_map_blocks:608: inode #3: block 3: comm syz.0.3577: lblock 3 mapped to illegal pblock 3 (length 1) [ 514.975882][T14831] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 514.992261][T14831] EXT4-fs error (device loop0): ext4_acquire_dquot:6940: comm syz.0.3577: Failed to acquire dquot type 0 [ 515.004484][T14831] EXT4-fs error (device loop0): ext4_free_blocks:6676: comm syz.0.3577: Freeing blocks not in datazone - block = 0, count = 4096 [ 515.040351][T14831] EXT4-fs error (device loop0): ext4_map_blocks:608: inode #3: block 3: comm syz.0.3577: lblock 3 mapped to illegal pblock 3 (length 1) [ 515.077777][T14831] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 515.096641][T14831] EXT4-fs error (device loop0): ext4_acquire_dquot:6940: comm syz.0.3577: Failed to acquire dquot type 0 [ 515.106029][T14831] EXT4-fs (loop0): 1 orphan inode deleted [ 515.145192][T14831] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 515.260414][ T5796] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 515.803647][T14863] loop1: detected capacity change from 0 to 256 [ 515.991051][T14862] loop5: detected capacity change from 0 to 4096 [ 516.056313][T14862] ntfs3: loop5: ino=3, Correct links count -> 2. [ 516.106431][T14845] loop3: detected capacity change from 0 to 40427 [ 516.132197][T14845] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 516.149906][T14845] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 516.179000][T14845] F2FS-fs (loop3): invalid crc value [ 516.237646][T14845] F2FS-fs (loop3): Found nat_bits in checkpoint [ 516.266396][T14862] ntfs3: loop5: Mark volume as dirty due to NTFS errors [ 516.477965][T14845] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 516.498324][T14845] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 516.986460][T14892] loop0: detected capacity change from 0 to 512 [ 517.011931][T14892] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (57259!=33349) [ 517.046703][T14892] EXT4-fs (loop0): orphan cleanup on readonly fs [ 517.065574][T14892] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:512: comm syz.0.3603: Block bitmap for bg 0 marked uninitialized [ 517.147055][T14892] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6637: Corrupt filesystem [ 517.203468][T14892] EXT4-fs (loop0): 1 orphan inode deleted [ 517.235000][T14892] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 517.385615][T14892] EXT4-fs: Ignoring sb option on remount [ 517.424138][T14892] EXT4-fs: Ignoring removed orlov option [ 517.445372][T14892] EXT4-fs: Ignoring removed nomblk_io_submit option [ 517.467774][T14892] EXT4-fs: Remounting fs w/o journal so ignoring data_err option [ 517.512590][T14892] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [ 517.587733][T14892] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 r/w. [ 517.742268][ T5796] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 518.234593][T14916] netlink: 312 bytes leftover after parsing attributes in process `syz.5.3614'. [ 518.510329][ T5841] usb 2-1: new high-speed USB device number 29 using dummy_hcd [ 518.739635][ T5841] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 518.760919][ T5841] usb 2-1: New USB device found, idVendor=0079, idProduct=1846, bcdDevice= 0.00 [ 518.781191][ T5841] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 518.805026][ T5841] usb 2-1: config 0 descriptor?? [ 519.200840][T14945] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3630'. [ 519.243161][ T5841] hid_mf 0003:0079:1846.0044: hidraw0: USB HID v0.00 Device [HID 0079:1846] on usb-dummy_hcd.1-1/input0 [ 519.267976][ T5841] hid_mf 0003:0079:1846.0044: Force feedback for HJZ Mayflash game controller adapters by Marcel Hasler [ 519.444117][ T5841] usb 2-1: USB disconnect, device number 29 [ 519.466558][T14950] fido_id[14950]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/2-1/report_descriptor': No such file or directory [ 519.868006][T14962] netlink: 60 bytes leftover after parsing attributes in process `syz.5.3636'. [ 519.877445][T14962] netlink: 60 bytes leftover after parsing attributes in process `syz.5.3636'. [ 519.897948][T14961] netlink: 60 bytes leftover after parsing attributes in process `syz.5.3636'. [ 519.924138][T14949] loop3: detected capacity change from 0 to 40427 [ 519.933379][T14949] F2FS-fs (loop3): build fault injection attr: rate: 771, type: 0x7ffff [ 519.995161][T14949] F2FS-fs (loop3): invalid crc value [ 520.038094][T14949] F2FS-fs (loop3): Found nat_bits in checkpoint [ 520.163917][T14970] loop1: detected capacity change from 0 to 256 [ 520.228949][T14949] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 520.478943][ T5800] syz-executor: attempt to access beyond end of device [ 520.478943][ T5800] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 520.536771][ T5800] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 520.555768][T14980] comedi comedi3: 8255: I/O port conflict (0x5,4) [ 520.584080][T14980] comedi comedi3: 8255: I/O port conflict (0x2,4) [ 520.588272][T14982] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3644'. [ 520.626910][T14980] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 520.638377][T14980] comedi comedi3: 8255: I/O port conflict (0x8,4) [ 520.645789][T14980] comedi comedi3: 8255: I/O port conflict (0x5,4) [ 520.698866][T14980] comedi comedi3: 8255: I/O port conflict (0x3ff,4) [ 520.705742][T14980] comedi comedi3: 8255: I/O port conflict (0x5,4) [ 520.762492][T14980] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 520.773199][T14986] usb usb8: usbfs: process 14986 (syz.5.3647) did not claim interface 0 before use [ 520.773973][T14980] comedi comedi3: 8255: I/O port conflict (0x9,4) [ 520.791918][T14980] comedi comedi3: 8255: I/O port conflict (0x6,4) [ 520.799067][T14980] comedi comedi3: 8255: I/O port conflict (0x4,4) [ 520.805981][T14980] comedi comedi3: 8255: I/O port conflict (0x3,4) [ 520.813430][T14980] comedi comedi3: 8255: I/O port conflict (0xffffffff80000089,4) [ 520.847896][T14980] comedi comedi3: 8255: I/O port conflict (0xfffffffffffffffd,4) [ 520.856494][T14980] comedi comedi3: 8255: I/O port conflict (0xb,4) [ 520.887696][T14980] comedi comedi3: 8255: I/O port conflict (0x3,4) [ 520.913268][T14980] comedi comedi3: 8255: I/O port conflict (0xffffffffffffeadb,4) [ 520.949573][T14980] comedi comedi3: 8255: I/O port conflict (0x3,4) [ 520.956310][T14980] comedi comedi3: 8255: I/O port conflict (0x8,4) [ 520.988781][T14980] comedi comedi3: 8255: I/O port conflict (0x4,4) [ 520.995348][T14980] comedi comedi3: 8255: I/O port conflict (0x8000000,4) [ 521.023628][T14980] comedi comedi3: 8255: I/O port conflict (0xffffffffdffffffa,4) [ 521.073907][T14990] loop5: detected capacity change from 0 to 512 [ 521.579544][T15004] loop0: detected capacity change from 0 to 256 [ 521.635102][T15006] loop3: detected capacity change from 0 to 512 [ 521.705567][T15006] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 521.755215][T15004] FAT-fs (loop0): Directory bread(block 64) failed [ 521.764715][T15006] ext4 filesystem being mounted at /913/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 521.788157][T15004] FAT-fs (loop0): Directory bread(block 65) failed [ 521.821747][T15004] FAT-fs (loop0): Directory bread(block 66) failed [ 521.858712][T15004] FAT-fs (loop0): Directory bread(block 67) failed [ 521.876534][T15012] loop1: detected capacity change from 0 to 2048 [ 521.886463][T15004] FAT-fs (loop0): Directory bread(block 68) failed [ 521.894238][T15004] FAT-fs (loop0): Directory bread(block 69) failed [ 521.911708][T15004] FAT-fs (loop0): Directory bread(block 70) failed [ 521.920000][T15012] UDF-fs: error (device loop1): udf_process_sequence: Primary Volume Descriptor not found! [ 521.942608][T15004] FAT-fs (loop0): Directory bread(block 71) failed [ 521.955772][ T5800] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 521.963749][T15012] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 521.977028][T15004] FAT-fs (loop0): Directory bread(block 72) failed [ 521.991948][T15004] FAT-fs (loop0): Directory bread(block 73) failed [ 522.525313][T15029] loop5: detected capacity change from 0 to 512 [ 522.555212][T15029] EXT4-fs: Ignoring removed nobh option [ 522.591118][T15029] EXT4-fs (loop5): orphan cleanup on readonly fs [ 522.623709][T15029] EXT4-fs error (device loop5): ext4_do_update_inode:5230: inode #3: comm syz.5.3666: corrupted inode contents [ 522.699839][T15029] EXT4-fs error (device loop5): ext4_dirty_inode:6106: inode #3: comm syz.5.3666: mark_inode_dirty error [ 522.746618][T15029] EXT4-fs error (device loop5): ext4_do_update_inode:5230: inode #3: comm syz.5.3666: corrupted inode contents [ 522.827799][T15029] EXT4-fs error (device loop5): __ext4_ext_dirty:202: inode #3: comm syz.5.3666: mark_inode_dirty error [ 522.861518][T15021] loop1: detected capacity change from 0 to 32768 [ 522.879966][T15029] Quota error (device loop5): write_blk: dquota write failed [ 522.894509][T15029] Quota error (device loop5): qtree_write_dquot: Error -117 occurred while creating quota [ 522.909000][T15029] EXT4-fs error (device loop5): ext4_acquire_dquot:6940: comm syz.5.3666: Failed to acquire dquot type 0 [ 522.949556][T15021] find_entry called with index = 0 [ 522.956897][T15021] read_mapping_page failed! [ 522.972422][T15029] EXT4-fs error (device loop5): ext4_do_update_inode:5230: inode #16: comm syz.5.3666: corrupted inode contents [ 522.984569][T15021] ERROR: (device loop1): txCommit: [ 522.984569][T15021] [ 523.011027][T15029] EXT4-fs error (device loop5): ext4_dirty_inode:6106: inode #16: comm syz.5.3666: mark_inode_dirty error [ 523.048219][T15029] EXT4-fs error (device loop5): ext4_do_update_inode:5230: inode #16: comm syz.5.3666: corrupted inode contents [ 523.095795][T15029] EXT4-fs error (device loop5): __ext4_ext_dirty:202: inode #16: comm syz.5.3666: mark_inode_dirty error [ 523.167233][T15029] EXT4-fs error (device loop5): ext4_do_update_inode:5230: inode #16: comm syz.5.3666: corrupted inode contents [ 523.188260][T15029] EXT4-fs error (device loop5) in ext4_orphan_del:305: Corrupt filesystem [ 523.221739][T15029] EXT4-fs error (device loop5): ext4_do_update_inode:5230: inode #16: comm syz.5.3666: corrupted inode contents [ 523.259216][T15029] EXT4-fs error (device loop5): ext4_truncate:4288: inode #16: comm syz.5.3666: mark_inode_dirty error [ 523.302628][T15029] EXT4-fs error (device loop5) in ext4_process_orphan:347: Corrupt filesystem [ 523.330937][T15029] EXT4-fs (loop5): 1 truncate cleaned up [ 523.354866][T15029] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 523.394799][T15026] loop0: detected capacity change from 0 to 32768 [ 523.452119][T15029] EXT4-fs (loop5): warning: mounting fs with errors, running e2fsck is recommended [ 523.584140][T15026] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 523.593273][T15029] EXT4-fs (loop5): re-mounted 00000000-0000-0000-0000-000000000000 r/w. [ 523.810318][T12058] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 523.930409][T15026] XFS (loop0): Ending clean mount [ 523.963550][T15026] XFS (loop0): Quotacheck needed: Please wait. [ 524.105331][T15026] XFS (loop0): Quotacheck: Done. [ 524.169988][ T5796] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 524.603074][T15070] loop1: detected capacity change from 0 to 32768 [ 524.817910][ T23] usb 4-1: new high-speed USB device number 33 using dummy_hcd [ 524.953103][T15084] loop1: detected capacity change from 0 to 256 [ 524.984139][T15084] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xb89b369d, utbl_chksum : 0xe619d30d) [ 524.997802][ T23] usb 4-1: Using ep0 maxpacket: 32 [ 525.008544][ T23] usb 4-1: config index 0 descriptor too short (expected 156, got 27) [ 525.018084][ T23] usb 4-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 525.048792][ T23] usb 4-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 525.074297][ T23] usb 4-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 525.118151][ T23] usb 4-1: config 0 interface 0 has no altsetting 0 [ 525.139895][ T23] usb 4-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 525.157596][ T23] usb 4-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 525.174838][ T23] usb 4-1: Product: syz [ 525.196878][ T23] usb 4-1: Manufacturer: syz [ 525.203497][ T23] usb 4-1: SerialNumber: syz [ 525.229107][ T23] usb 4-1: config 0 descriptor?? [ 525.242289][ T23] ldusb 4-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 525.281407][ T23] ldusb 4-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 525.533988][ T23] usb 4-1: USB disconnect, device number 33 [ 525.558870][ T23] ldusb 4-1:0.0: LD USB Device #0 now disconnected [ 525.640981][T15097] loop1: detected capacity change from 0 to 1024 [ 525.785581][T15100] loop0: detected capacity change from 0 to 1024 [ 525.847823][ T27] usb 6-1: new high-speed USB device number 19 using dummy_hcd [ 526.043950][T15106] netlink: 48 bytes leftover after parsing attributes in process `syz.0.3697'. [ 526.047724][ T27] usb 6-1: Using ep0 maxpacket: 16 [ 526.082339][ T27] usb 6-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config [ 526.097649][ T27] usb 6-1: config 7 interface 0 altsetting 5 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 526.117594][ T27] usb 6-1: config 7 interface 0 altsetting 5 endpoint 0x81 has invalid wMaxPacketSize 0 [ 526.135184][T15108] netlink: 'syz.1.3698': attribute type 2 has an invalid length. [ 526.143221][ T27] usb 6-1: config 7 interface 0 altsetting 5 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 526.197779][ T27] usb 6-1: config 7 interface 0 has no altsetting 0 [ 526.204519][ T27] usb 6-1: New USB device found, idVendor=0458, idProduct=5010, bcdDevice= 0.00 [ 526.249891][ T27] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 526.731749][T15122] loop3: detected capacity change from 0 to 128 [ 526.766348][ T27] input: HID 0458:5010 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:7.0/0003:0458:5010.0045/input/input26 [ 526.793796][T15122] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x00067272 (sector = 1) [ 526.930922][ T27] kye 0003:0458:5010.0045: input,hiddev0,hidraw0: USB HID v2.00 Device [HID 0458:5010] on usb-dummy_hcd.5-1/input0 [ 527.038165][ T27] usb 6-1: USB disconnect, device number 19 [ 527.314642][T15133] fido_id[15133]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory [ 527.637635][ T1189] usb 1-1: new high-speed USB device number 29 using dummy_hcd [ 527.837638][ T1189] usb 1-1: Using ep0 maxpacket: 32 [ 527.864786][ T1189] usb 1-1: config 0 has an invalid interface number: 67 but max is 0 [ 527.877908][ T1189] usb 1-1: config 0 has no interface number 0 [ 527.886581][T15152] loop3: detected capacity change from 0 to 512 [ 527.897906][ T1189] usb 1-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 527.907432][ T1189] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 527.912180][T15152] EXT4-fs: Ignoring removed nomblk_io_submit option [ 527.919902][T15134] loop1: detected capacity change from 0 to 32768 [ 527.929233][ T27] usb 6-1: new high-speed USB device number 20 using dummy_hcd [ 527.938775][ T1189] usb 1-1: Product: syz [ 527.943042][ T1189] usb 1-1: Manufacturer: syz [ 527.948693][T15152] EXT4-fs (loop3): Test dummy encryption mode enabled [ 527.949522][T15134] XFS: ikeep mount option is deprecated. [ 527.968121][ T1189] usb 1-1: SerialNumber: syz [ 527.976308][T15134] XFS: noikeep mount option is deprecated. [ 527.983665][ T1189] usb 1-1: config 0 descriptor?? [ 527.993087][T15152] EXT4-fs (loop3): 1 truncate cleaned up [ 528.001777][T15152] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 528.022411][ T1189] smsc95xx v2.0.0 [ 528.029201][T15134] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 528.120884][ T27] usb 6-1: config 0 has too many interfaces: 129, using maximum allowed: 32 [ 528.138875][ T27] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 129 [ 528.153046][T15134] XFS (loop1): Ending clean mount [ 528.173141][ T27] usb 6-1: New USB device found, idVendor=0856, idProduct=ac31, bcdDevice=93.1e [ 528.184334][ T27] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 528.192745][ T27] usb 6-1: Product: syz [ 528.197089][ T27] usb 6-1: Manufacturer: syz [ 528.204079][ T27] usb 6-1: SerialNumber: syz [ 528.218911][ T27] usb 6-1: config 0 descriptor?? [ 528.300255][ T5786] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 528.337415][ T5834] usb 4-1: new high-speed USB device number 34 using dummy_hcd [ 528.446517][ T27] mos7840 6-1:0.0: required endpoints missing [ 528.549891][ T5834] usb 4-1: config index 0 descriptor too short (expected 3133, got 61) [ 528.559020][ T5834] usb 4-1: config 0 has an invalid interface number: 156 but max is 1 [ 528.567259][ T5834] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 528.577895][ T5834] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 528.586900][ T5834] usb 4-1: config 0 has no interface number 0 [ 528.593717][ T5834] usb 4-1: config 0 interface 156 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 528.606073][ T5834] usb 4-1: config 0 interface 156 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 528.616426][ T5834] usb 4-1: config 0 interface 156 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 528.629869][ T5834] usb 4-1: New USB device found, idVendor=abcd, idProduct=cdee, bcdDevice= 5.b9 [ 528.654054][ T55] usb 6-1: USB disconnect, device number 20 [ 528.656710][ T1189] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -71 [ 528.678160][ T5834] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 528.689862][ T1189] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 528.710326][ T5834] usb 4-1: config 0 descriptor?? [ 528.733157][ T5834] gspca_main: spca561-2.14.0 probing abcd:cdee [ 528.737073][ T1189] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71 [ 528.753068][ T1189] smsc95xx: probe of 1-1:0.67 failed with error -71 [ 528.768719][ T1189] usb 1-1: USB disconnect, device number 29 [ 528.941268][ T5834] spca561: probe of 4-1:0.156 failed with error -22 [ 528.952130][ T5834] usb 4-1: Quirk or no altest; falling back to MIDI 1.0 [ 528.959451][ T5834] usb 4-1: MIDIStreaming interface descriptor not found [ 529.084150][ T5834] usb 4-1: USB disconnect, device number 34 [ 529.492051][T15182] netlink: 'syz.1.3728': attribute type 2 has an invalid length. [ 529.531047][ T5800] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 529.540696][T15183] netlink: 20 bytes leftover after parsing attributes in process `syz.5.3727'. [ 530.017757][ T5834] usb 4-1: new high-speed USB device number 35 using dummy_hcd [ 530.187910][ T55] usb 6-1: new full-speed USB device number 21 using dummy_hcd [ 530.207853][ T5834] usb 4-1: Using ep0 maxpacket: 32 [ 530.215405][ T5834] usb 4-1: config 0 interface 0 altsetting 128 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 530.248724][ T5834] usb 4-1: config 0 interface 0 has no altsetting 0 [ 530.265252][ T5834] usb 4-1: New USB device found, idVendor=1b1c, idProduct=1c09, bcdDevice= 0.00 [ 530.288010][ T5834] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 530.309566][ T5834] usb 4-1: config 0 descriptor?? [ 530.371356][ T55] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 530.407593][ T55] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1024, setting to 64 [ 530.447733][ T55] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 530.472336][ T55] usb 6-1: New USB device found, idVendor=5543, idProduct=0004, bcdDevice= 0.00 [ 530.486647][ T55] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 530.501405][ T55] usb 6-1: config 0 descriptor?? [ 530.507388][T15192] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22 [ 530.749274][ T5834] corsair-psu 0003:1B1C:1C09.0046: hidraw0: USB HID v4.08 Device [HID 1b1c:1c09] on usb-dummy_hcd.3-1/input0 [ 530.857867][ T5834] corsair-psu 0003:1B1C:1C09.0046: unable to initialize device (-38) [ 530.894405][ T5834] corsair-psu: probe of 0003:1B1C:1C09.0046 failed with error -38 [ 530.939797][ T5834] usb 4-1: USB disconnect, device number 35 [ 530.968768][ T55] uclogic 0003:5543:0004.0047: No inputs registered, leaving [ 530.982987][T15206] fido_id[15206]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/4-1/report_descriptor': No such file or directory [ 530.993282][ T55] uclogic 0003:5543:0004.0047: hidraw0: USB HID v0.01 Device [HID 5543:0004] on usb-dummy_hcd.5-1/input0 [ 531.179745][ T27] usb 6-1: USB disconnect, device number 21 [ 531.340000][T15213] loop1: detected capacity change from 0 to 64 [ 531.603992][T15217] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3745'. [ 531.940648][T15223] loop1: detected capacity change from 0 to 4096 [ 531.981379][T15223] ntfs3: Bad value for 'umask' [ 532.625275][T15241] netlink: 209836 bytes leftover after parsing attributes in process `syz.5.3757'. [ 532.667051][T15241] netlink: del zone limit has 8 unknown bytes [ 533.193835][T15255] loop1: detected capacity change from 0 to 4096 [ 533.224963][T15255] ntfs: (device loop1): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 533.286739][T15255] ntfs: (device loop1): read_ntfs_boot_sector(): Primary boot sector is invalid. [ 533.324033][T15261] loop3: detected capacity change from 0 to 64 [ 533.333095][T15255] ntfs: (device loop1): read_ntfs_boot_sector(): Hot-fix: Recovering invalid primary boot sector from backup copy. [ 533.419465][T15255] ntfs: (device loop1): ntfs_mapping_pairs_decompress(): Corrupt attribute. [ 533.467800][T15255] ntfs: (device loop1): ntfs_read_block(): Failed to read from inode 0xa, attribute type 0x80, vcn 0x0, offset 0x0 because its location on disk could not be determined even after retrying (error code -5). [ 533.526546][T15255] ntfs: (device loop1): ntfs_mapping_pairs_decompress(): Corrupt attribute. [ 533.541743][T15264] loop3: detected capacity change from 0 to 256 [ 533.568121][T15255] ntfs: (device loop1): ntfs_read_block(): Failed to read from inode 0xa, attribute type 0x80, vcn 0x0, offset 0x200 because its location on disk could not be determined even after retrying (error code -5). [ 533.619199][T15255] ntfs: (device loop1): ntfs_mapping_pairs_decompress(): Corrupt attribute. [ 533.642418][T15264] FAT-fs (loop3): Directory bread(block 64) failed [ 533.663536][T15264] FAT-fs (loop3): Directory bread(block 65) failed [ 533.689908][T15264] FAT-fs (loop3): Directory bread(block 66) failed [ 533.697052][T15264] FAT-fs (loop3): Directory bread(block 67) failed [ 533.697878][T15255] ntfs: (device loop1): ntfs_read_block(): Failed to read from inode 0xa, attribute type 0x80, vcn 0x1, offset 0x0 because its location on disk could not be determined even after retrying (error code -5). [ 533.737796][T15264] FAT-fs (loop3): Directory bread(block 68) failed [ 533.744407][T15264] FAT-fs (loop3): Directory bread(block 69) failed [ 533.780943][T15264] FAT-fs (loop3): Directory bread(block 70) failed [ 533.798085][T15255] ntfs: (device loop1): ntfs_mapping_pairs_decompress(): Corrupt attribute. [ 533.802289][T15264] FAT-fs (loop3): Directory bread(block 71) failed [ 533.816835][T15255] ntfs: volume version 3.1. [ 533.839507][T15264] FAT-fs (loop3): Directory bread(block 72) failed [ 533.870264][T15264] FAT-fs (loop3): Directory bread(block 73) failed [ 534.477817][ T55] usb 2-1: new high-speed USB device number 30 using dummy_hcd [ 534.685669][ T55] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 534.704284][ T55] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 534.736542][ T55] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 534.767408][ T55] usb 2-1: config 1 has no interface number 1 [ 534.783310][ T55] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 534.817730][ T55] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x6 has invalid wMaxPacketSize 0 [ 534.840740][ T55] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 534.857612][ T55] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 534.875353][ T55] usb 2-1: Product: syz [ 534.894438][ T55] usb 2-1: Manufacturer: syz [ 534.908883][ T55] usb 2-1: SerialNumber: syz [ 535.156451][ T55] usb 2-1: Failed to set altset [ 535.173528][ T55] usb 2-1: 0:2: cannot create sequencer device [ 535.197722][ T55] usb 2-1: Failed to set altset [ 535.240069][ T55] snd-usb-audio: probe of 2-1:1.2 failed with error -71 [ 535.272040][ T55] usb 2-1: USB disconnect, device number 30 [ 535.529196][T15283] loop3: detected capacity change from 0 to 32768 [ 535.612398][T15283] XFS (loop3): Mounting V5 Filesystem 6b3d8c96-b8b2-4f73-8344-2893082bca0b [ 535.819882][T15283] XFS (loop3): Ending clean mount [ 535.958349][ T5800] XFS (loop3): Unmounting Filesystem 6b3d8c96-b8b2-4f73-8344-2893082bca0b [ 536.102398][T15285] loop5: detected capacity change from 0 to 40427 [ 536.155900][T15285] F2FS-fs (loop5): invalid crc value [ 536.255047][T15285] F2FS-fs (loop5): Found nat_bits in checkpoint [ 536.349950][ C1] vkms_vblank_simulate: vblank timer overrun [ 536.476341][T15285] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 536.758976][T12058] syz-executor: attempt to access beyond end of device [ 536.758976][T12058] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 536.795820][T12058] F2FS-fs (loop5): Stopped filesystem due to reason: 3 [ 537.205115][T15297] loop1: detected capacity change from 0 to 32768 [ 537.255496][T15297] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 537.421283][T15297] XFS (loop1): Ending clean mount [ 537.609174][ T5786] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 537.753026][T15308] loop3: detected capacity change from 0 to 32768 [ 537.893920][T15308] [ 537.893920][T15308] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 537.893920][T15308] [ 537.983812][T15308] find_entry called with index = 0 [ 538.044996][T15308] read_mapping_page failed! [ 538.064019][T15308] ERROR: (device loop3): txCommit: [ 538.064019][T15308] [ 538.162853][T15323] jfs_unlink: dtDelete returned -116 [ 538.208932][T15323] jfs_unlink: dtDelete returned -116 [ 538.308930][T15327] netlink: 24 bytes leftover after parsing attributes in process `syz.5.3789'. [ 538.358409][ T12] ERROR: (device loop3): diWrite: ixpxd invalid [ 538.358409][ T12] [ 538.387881][ T12] ERROR: (device loop3): txCommit: [ 538.387881][ T12] [ 538.407665][ T12] jfs_write_inode: jfs_commit_inode failed! [ 538.424189][ T5800] [ 538.424189][ T5800] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 538.424189][ T5800] [ 538.465394][ T5800] [ 538.465394][ T5800] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 538.465394][ T5800] [ 539.304997][T15344] netlink: 'syz.3.3797': attribute type 30 has an invalid length. [ 539.367470][T15331] loop5: detected capacity change from 0 to 32768 [ 540.494200][T15372] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3811'. [ 540.910997][T15381] loop1: detected capacity change from 0 to 4096 [ 541.047442][T15381] __ntfs_error: 22 callbacks suppressed [ 541.047462][T15381] ntfs: (device loop1): parse_options(): NLS character set maccenteuroAdmask=0000000000004000 not found. Using previous one default. [ 541.107642][T15381] ntfs: (device loop1): ntfs_mapping_pairs_decompress(): Corrupt attribute. deltaxcn = 0x1, max_cluster = 0x0 [ 541.161525][T15381] ntfs: (device loop1): ntfs_mapping_pairs_decompress(): Corrupt mapping pairs array in non-resident attribute. [ 541.217714][T15381] ntfs: (device loop1): ntfs_read_block(): Failed to read from inode 0x1, attribute type 0x80, vcn 0x0, offset 0x0 because its location on disk could not be determined even after retrying (error code -5). [ 541.299830][T15381] ntfs: (device loop1): ntfs_mapping_pairs_decompress(): Corrupt attribute. deltaxcn = 0x1, max_cluster = 0x0 [ 541.339223][T15381] ntfs: (device loop1): ntfs_mapping_pairs_decompress(): Corrupt mapping pairs array in non-resident attribute. [ 541.384318][T15381] ntfs: (device loop1): ntfs_read_block(): Failed to read from inode 0x1, attribute type 0x80, vcn 0x0, offset 0x800 because its location on disk could not be determined even after retrying (error code -5). [ 541.450546][T15381] ntfs: (device loop1): check_mft_mirror(): Failed to read $MFTMirr. [ 541.467711][T15381] ntfs: (device loop1): load_system_files(): $MFTMirr does not match $MFT. Will not be able to remount read-write. Run ntfsfix and/or chkdsk. [ 541.530174][T15381] ntfs: (device loop1): ntfs_mapping_pairs_decompress(): Corrupt attribute. [ 541.571015][T15381] ntfs: volume version 3.1. [ 542.254845][T15394] loop5: detected capacity change from 0 to 32768 [ 542.283730][T15409] sp0: Synchronizing with TNC [ 542.707257][T15417] loop5: detected capacity change from 0 to 1024 [ 542.775490][T15417] EXT4-fs (loop5): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 542.788524][T15417] ext4 filesystem being mounted at /291/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 542.818447][T15419] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3832'. [ 542.871772][T15419] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3832'. [ 542.921653][T15419] netlink: 'syz.3.3832': attribute type 11 has an invalid length. [ 542.934936][T12058] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 543.637708][ T1189] usb 4-1: new high-speed USB device number 36 using dummy_hcd [ 543.652544][T15411] loop1: detected capacity change from 0 to 32768 [ 543.713271][T15411] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 543.827865][ T1189] usb 4-1: Using ep0 maxpacket: 8 [ 543.849490][ T1189] usb 4-1: config 0 interface 0 altsetting 42 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 543.907344][ T1189] usb 4-1: config 0 interface 0 has no altsetting 0 [ 543.935407][ T1189] usb 4-1: New USB device found, idVendor=056a, idProduct=00d6, bcdDevice= 0.00 [ 543.962168][T15411] XFS (loop1): Ending clean mount [ 543.968074][ T1189] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 543.988745][ T1189] usb 4-1: config 0 descriptor?? [ 544.009604][T15411] XFS (loop1): Quotacheck needed: Please wait. [ 544.142997][T15411] XFS (loop1): Quotacheck: Done. [ 544.240081][T15411] overlayfs: failed to resolve './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/../file0': -40 [ 544.268547][ C1] vkms_vblank_simulate: vblank timer overrun [ 544.375874][ T5786] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 544.415810][ T1189] wacom 0003:056A:00D6.0048: Unknown device_type for 'HID 056a:00d6'. Assuming pen. [ 544.429482][ T1189] wacom 0003:056A:00D6.0048: hidraw0: USB HID v0.07 Device [HID 056a:00d6] on usb-dummy_hcd.3-1/input0 [ 544.443430][ T1189] input: Wacom BambooPT 2FG 4x5 Pen as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:056A:00D6.0048/input/input28 [ 544.527936][ T5841] usb 6-1: new high-speed USB device number 22 using dummy_hcd [ 544.655326][ T1189] usb 4-1: USB disconnect, device number 36 [ 544.729816][ T5841] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 544.764270][ T5841] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 544.786889][ T5841] usb 6-1: New USB device found, idVendor=1e7d, idProduct=2ced, bcdDevice= 0.00 [ 544.800636][ T5841] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 544.836271][ T5841] usb 6-1: config 0 descriptor?? [ 545.298746][ T5841] kone 0003:1E7D:2CED.0049: hidraw0: USB HID v0.00 Device [HID 1e7d:2ced] on usb-dummy_hcd.5-1/input0 [ 545.476825][ T55] usb 6-1: USB disconnect, device number 22 [ 545.526909][T15453] fido_id[15453]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/6-1/report_descriptor': No such file or directory [ 545.650418][ T50] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 545.658153][ T50] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 545.661046][ T50] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 545.663982][ T50] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 545.673622][ T50] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 545.676892][ T50] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 545.725145][ T5795] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 545.733535][ T5795] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 545.746165][ T5795] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 545.775708][ T5795] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 545.798917][ T5795] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 545.838088][ T5795] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 545.964701][T15460] loop1: detected capacity change from 0 to 256 [ 545.997207][ T59] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 546.022787][T15460] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3842'. [ 546.229992][T15463] loop1: detected capacity change from 0 to 256 [ 546.239423][ T59] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 546.272231][ T28] kauditd_printk_skb: 15 callbacks suppressed [ 546.272249][ T28] audit: type=1800 audit(1756407279.527:191): pid=15463 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.3846" name="file1" dev="loop1" ino=1048962 res=0 errno=0 [ 546.372682][ T59] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 546.431265][T15464] loop5: detected capacity change from 0 to 8192 [ 546.447233][T15464] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 546.447264][T15464] REISERFS (device loop5): found reiserfs format "3.6" with non-standard journal [ 546.448877][T15464] REISERFS (device loop5): using ordered data mode [ 546.448893][T15464] reiserfs: using flush barriers [ 546.493317][T15464] REISERFS (device loop5): journal params: device loop5, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 546.493925][T15464] REISERFS (device loop5): checking transaction log (loop5) [ 546.495211][T15464] REISERFS (device loop5): Using r5 hash to sort names [ 546.495701][T15464] REISERFS warning (device loop5): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 546.495782][T15464] REISERFS (device loop5): Created .reiserfs_priv - reserved for xattr storage. [ 546.522036][ T59] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 546.550538][T15464] REISERFS warning (device loop5): sh-2029: %s: bitmap block (#%u) reading failed reiserfs_read_bitmap_block: reiserfs_read_bitmap_block [ 546.666979][T15464] REISERFS warning (device loop5): sh-2029: %s: bitmap block (#%u) reading failed reiserfs_read_bitmap_block: reiserfs_read_bitmap_block [ 546.693736][T15464] REISERFS warning (device loop5): sh-2029: %s: bitmap block (#%u) reading failed reiserfs_read_bitmap_block: reiserfs_read_bitmap_block [ 546.954157][T15473] loop1: detected capacity change from 0 to 4096 [ 547.145849][T15456] chnl_net:caif_netlink_parms(): no params data found [ 547.176634][T15473] ntfs3: loop1: failed to convert "0000" to iso8859-2 [ 547.503047][T15489] loop5: detected capacity change from 0 to 512 [ 547.522794][T15489] EXT4-fs (loop5): can't mount with data=, fs mounted w/o journal [ 547.638273][T15483] loop1: detected capacity change from 0 to 2048 [ 547.695503][T15483] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 547.754620][T15456] bridge0: port 1(bridge_slave_0) entered blocking state [ 547.777678][T15456] bridge0: port 1(bridge_slave_0) entered disabled state [ 547.784987][T15456] bridge_slave_0: entered allmulticast mode [ 547.830152][T15456] bridge_slave_0: entered promiscuous mode [ 547.860219][T15456] bridge0: port 2(bridge_slave_1) entered blocking state [ 547.867445][T15456] bridge0: port 2(bridge_slave_1) entered disabled state [ 547.884147][ C1] vkms_vblank_simulate: vblank timer overrun [ 547.885503][T15456] bridge_slave_1: entered allmulticast mode [ 547.897341][ T50] Bluetooth: hci2: command tx timeout [ 547.913279][T15456] bridge_slave_1: entered promiscuous mode [ 547.961366][ T59] tipc: Disabling bearer [ 548.014473][ T59] tipc: Left network mode [ 548.062410][T15456] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 548.096344][T15456] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 548.266096][T15499] loop5: detected capacity change from 0 to 256 [ 548.305560][T15491] loop3: detected capacity change from 0 to 32768 [ 548.314215][T15499] FAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 548.520904][T15501] loop1: detected capacity change from 0 to 1764 [ 548.684134][T15456] team0: Port device team_slave_0 added [ 548.711137][T15456] team0: Port device team_slave_1 added [ 548.939200][T15509] program syz.5.3868 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 548.958289][T15456] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 548.967125][T15456] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 549.042968][T15456] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 549.198787][T15456] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 549.206111][T15456] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 549.232356][ C1] vkms_vblank_simulate: vblank timer overrun [ 549.245982][T15515] loop1: detected capacity change from 0 to 512 [ 549.271038][T15515] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 549.287218][T15456] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 549.379063][T15515] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #16: comm syz.1.3870: invalid indirect mapped block 4294967295 (level 0) [ 549.418643][T15515] EXT4-fs (loop1): Remounting filesystem read-only [ 549.425813][T15515] EXT4-fs (loop1): 1 orphan inode deleted [ 549.473706][T15515] EXT4-fs (loop1): 1 truncate cleaned up [ 549.511932][T15515] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 549.691134][ T5786] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 549.707930][T15456] hsr_slave_0: entered promiscuous mode [ 549.731105][T15456] hsr_slave_1: entered promiscuous mode [ 549.738562][T15456] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 549.746282][T15456] Cannot create hsr debugfs directory [ 549.965934][T15521] loop3: detected capacity change from 0 to 32768 [ 549.972729][ T50] Bluetooth: hci2: command tx timeout [ 550.033049][T15521] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 550.221058][T15521] XFS (loop3): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 550.322443][T15521] XFS (loop3): Starting recovery (logdev: internal) [ 550.409643][T15521] XFS (loop3): Ending recovery (logdev: internal) [ 550.461446][T15521] XFS (loop3): Quotacheck needed: Please wait. [ 550.549703][T15521] XFS (loop3): Quotacheck: Done. [ 550.791165][ T5800] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 550.976264][ T59] hsr_slave_0: left promiscuous mode [ 551.005686][ T59] hsr_slave_1: left promiscuous mode [ 551.035904][ T59] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 551.057797][ T59] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 551.082548][ T59] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 551.117706][ T59] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 551.170818][ T59] bridge_slave_1: left allmulticast mode [ 551.176637][ T59] bridge_slave_1: left promiscuous mode [ 551.205806][ T59] bridge0: port 2(bridge_slave_1) entered disabled state [ 551.298906][ T59] bridge_slave_0: left allmulticast mode [ 551.325771][ T59] bridge_slave_0: left promiscuous mode [ 551.338804][ T59] bridge0: port 1(bridge_slave_0) entered disabled state [ 551.565386][ T59] bridge0: left promiscuous mode [ 551.575479][ T59] veth1_macvtap: left promiscuous mode [ 551.582023][ T59] veth0_macvtap: left promiscuous mode [ 551.588068][ T59] veth1_vlan: left promiscuous mode [ 551.593638][ T59] veth0_vlan: left promiscuous mode [ 552.047909][ T50] Bluetooth: hci2: command tx timeout [ 552.789594][ T59] team0 (unregistering): Port device team_slave_1 removed [ 552.882660][ T59] team0 (unregistering): Port device team_slave_0 removed [ 552.961065][ T59] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 553.050544][ T59] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 553.992267][ T59] bond0 (unregistering): Released all slaves [ 554.129151][ T50] Bluetooth: hci2: command tx timeout [ 554.436758][T15456] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 554.486965][T15456] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 554.554245][T15456] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 554.581753][T15456] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 554.737630][ T5834] usb 4-1: new high-speed USB device number 37 using dummy_hcd [ 554.868775][ T59] IPVS: stop unused estimator thread 0... [ 554.915606][T15456] 8021q: adding VLAN 0 to HW filter on device bond0 [ 554.928166][ T5834] usb 4-1: Using ep0 maxpacket: 32 [ 554.943834][ T5834] usb 4-1: too many configurations: 17, using maximum allowed: 8 [ 554.957389][T15456] 8021q: adding VLAN 0 to HW filter on device team0 [ 554.973469][ T144] bridge0: port 1(bridge_slave_0) entered blocking state [ 554.980822][ T144] bridge0: port 1(bridge_slave_0) entered forwarding state [ 554.990831][ T5834] usb 4-1: config 0 has an invalid interface number: 2 but max is 0 [ 554.999281][ T5834] usb 4-1: config 0 has no interface number 0 [ 555.009212][ T5834] usb 4-1: config 0 has an invalid interface number: 2 but max is 0 [ 555.020531][ T5834] usb 4-1: config 0 has no interface number 0 [ 555.030132][ T2900] bridge0: port 2(bridge_slave_1) entered blocking state [ 555.037652][ T2900] bridge0: port 2(bridge_slave_1) entered forwarding state [ 555.050018][ T5834] usb 4-1: config 0 has an invalid interface number: 2 but max is 0 [ 555.061325][ T5834] usb 4-1: config 0 has no interface number 0 [ 555.071906][ T5834] usb 4-1: config 0 has an invalid interface number: 2 but max is 0 [ 555.080728][ T5834] usb 4-1: config 0 has no interface number 0 [ 555.094137][ T5834] usb 4-1: config 0 has an invalid interface number: 2 but max is 0 [ 555.103989][ T5834] usb 4-1: config 0 has no interface number 0 [ 555.120748][ T5834] usb 4-1: config 0 has an invalid interface number: 2 but max is 0 [ 555.135026][ T5834] usb 4-1: config 0 has no interface number 0 [ 555.146551][ T5834] usb 4-1: config 0 has an invalid interface number: 2 but max is 0 [ 555.164830][ T5834] usb 4-1: config 0 has no interface number 0 [ 555.173879][ T5834] usb 4-1: config 0 has an invalid interface number: 2 but max is 0 [ 555.186014][ T5834] usb 4-1: config 0 has no interface number 0 [ 555.189328][T15585] loop1: detected capacity change from 0 to 32768 [ 555.201987][ T5834] usb 4-1: New USB device found, idVendor=108c, idProduct=0168, bcdDevice=84.b2 [ 555.217734][ T5834] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 555.236160][ T5834] usb 4-1: Product: syz [ 555.245345][ T5834] usb 4-1: Manufacturer: syz [ 555.247408][T15585] ocfs2: Mounting device (7,1) on (node local, slot 0) with writeback data mode. [ 555.257729][ T5834] usb 4-1: SerialNumber: syz [ 555.278691][ T5834] usb 4-1: config 0 descriptor?? [ 555.286235][ T5834] etas_es58x 4-1:0.2: Starting syz syz (Serial Number syz) [ 555.414487][ T5786] ocfs2: Unmounting device (7,1) on (node local) [ 555.547850][ T5834] etas_es58x 4-1:0.2: could not parse product info: '' [ 555.641416][T15456] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 555.694294][T15601] loop5: detected capacity change from 0 to 1024 [ 555.768859][T15601] EXT4-fs (loop5): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 555.781325][T15601] ext4 filesystem being mounted at /321/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 555.800485][ T28] audit: type=1800 audit(1756407289.057:192): pid=15601 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.3900" name="file2" dev="loop5" ino=16 res=0 errno=0 [ 555.852813][T12058] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 556.469061][T15456] veth0_vlan: entered promiscuous mode [ 556.472445][T15624] loop5: detected capacity change from 0 to 8192 [ 556.496730][T15456] veth1_vlan: entered promiscuous mode [ 556.503137][T15624] FAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 556.566441][T15624] FAT-fs (loop5): error, fat_free_clusters: deleting FAT entry beyond EOF [ 556.569765][T15456] veth0_macvtap: entered promiscuous mode [ 556.589148][T15624] FAT-fs (loop5): Filesystem has been set read-only [ 556.596072][T15456] veth1_macvtap: entered promiscuous mode [ 556.663606][T15456] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 556.682233][T15456] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 556.694426][T15456] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 556.706092][T15456] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 556.716493][T15456] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 556.727975][T15456] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 556.749816][T15456] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 556.779666][T15456] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 556.804002][T15456] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 556.823212][T15456] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 556.836824][T15456] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 556.852344][T15627] loop5: detected capacity change from 0 to 256 [ 556.865857][T15456] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 556.878635][T15627] exfat: Deprecated parameter 'namecase' [ 556.884874][T15456] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 556.900246][T15456] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 556.939165][T15627] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0x2eabf3fa, utbl_chksum : 0xe619d30d) [ 556.958872][T15456] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 556.988782][T15456] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 557.000834][T15456] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 557.010102][T15456] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 557.223305][ T2890] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 557.239488][ T2890] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 557.327117][ T1142] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 557.354553][ T1142] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 557.533799][ T23] usb 4-1: USB disconnect, device number 37 [ 557.549108][ T23] etas_es58x 4-1:0.2: Disconnecting syz syz [ 557.598615][T15639] loop6: detected capacity change from 0 to 256 [ 557.659634][T15641] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3912'. [ 557.685200][T15639] exFAT-fs (loop6): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x89cb6648, utbl_chksum : 0xe619d30d) [ 557.917928][T15645] loop5: detected capacity change from 0 to 512 [ 558.007100][T15645] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 558.147305][T12058] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 558.162310][T15650] can0: slcan on ttyS3. [ 558.267871][ T5834] usb 2-1: new high-speed USB device number 31 using dummy_hcd [ 558.281322][T15649] can0 (unregistered): slcan off ttyS3. [ 558.483082][ T5834] usb 2-1: config 0 has an invalid interface number: 20 but max is 0 [ 558.507837][ T5834] usb 2-1: config 0 has no interface number 0 [ 558.522638][ T5834] usb 2-1: config 0 interface 20 altsetting 1 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 558.547247][ T5834] usb 2-1: config 0 interface 20 altsetting 1 endpoint 0x81 has invalid wMaxPacketSize 0 [ 558.562481][ T5834] usb 2-1: config 0 interface 20 has no altsetting 0 [ 558.588595][ T5834] usb 2-1: New USB device found, idVendor=046d, idProduct=c534, bcdDevice= 0.00 [ 558.632123][ T5834] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 558.663104][ T5834] usb 2-1: config 0 descriptor?? [ 559.130444][ T5834] logitech-djreceiver 0003:046D:C534.004A: unknown main item tag 0x0 [ 559.158192][ T5834] logitech-djreceiver 0003:046D:C534.004A: unknown main item tag 0x0 [ 559.166474][ T5834] logitech-djreceiver 0003:046D:C534.004A: unknown main item tag 0x0 [ 559.218103][ T5834] logitech-djreceiver 0003:046D:C534.004A: hidraw0: USB HID v0.00 Device [HID 046d:c534] on usb-dummy_hcd.1-1/input20 [ 559.310227][T15690] loop5: detected capacity change from 0 to 128 [ 559.351628][ T5861] usb 2-1: USB disconnect, device number 31 [ 559.762402][T15703] usb usb1: usbfs: process 15703 (syz.5.3940) did not claim interface 0 before use [ 559.836677][T15700] loop6: detected capacity change from 0 to 4096 [ 559.906752][T15706] loop5: detected capacity change from 0 to 16 [ 559.943839][T15706] erofs: (device loop5): mounted with root inode @ nid 36. [ 559.995581][ T28] audit: type=1800 audit(1756407293.247:193): pid=15706 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.3942" name="file1" dev="loop5" ino=86 res=0 errno=0 [ 560.016546][ C1] vkms_vblank_simulate: vblank timer overrun [ 560.793871][T15733] netlink: 'syz.1.3955': attribute type 3 has an invalid length. [ 561.277873][ T27] usb 4-1: new full-speed USB device number 38 using dummy_hcd [ 561.327091][T15753] hugetlbfs: Bad value 'O' for mount option 'nr_inodes' [ 561.327091][T15753] [ 561.507190][T15757] loop6: detected capacity change from 0 to 1024 [ 561.518813][ T27] usb 4-1: config 0 has an invalid interface number: 41 but max is 0 [ 561.527063][ T27] usb 4-1: config 0 has no interface number 0 [ 561.541032][T15757] EXT4-fs: inline encryption not supported [ 561.551766][ T27] usb 4-1: config 0 interface 41 has no altsetting 0 [ 561.583798][T15757] EXT4-fs: Ignoring removed i_version option [ 561.593868][ T27] usb 4-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a [ 561.603847][T15757] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 561.616765][ T27] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 561.637210][ T27] usb 4-1: Product: syz [ 561.643079][ T27] usb 4-1: Manufacturer: syz [ 561.649677][ T27] usb 4-1: SerialNumber: syz [ 561.664382][ T27] usb 4-1: config 0 descriptor?? [ 561.673091][T15757] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 561.846112][T15456] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 562.108873][T15767] loop6: detected capacity change from 0 to 764 [ 562.146281][T15767] rock: directory entry would overflow storage [ 562.168628][T15767] rock: sig=0x4654, size=5, remaining=4 [ 562.318657][ T27] CoreChips: probe of 4-1:0.41 failed with error -71 [ 562.369166][ T27] usb 4-1: USB disconnect, device number 38 [ 562.823530][T15780] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 562.832119][T15780] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 562.840141][T15780] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 562.848117][T15780] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 562.856165][T15780] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 562.864166][T15780] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 562.872174][T15780] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 562.880167][T15780] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 562.888270][T15780] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 562.896202][T15780] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 563.032297][T15772] loop5: detected capacity change from 0 to 32768 [ 563.066004][T15772] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop5 scanned by syz.5.3973 (15772) [ 563.362381][T15782] loop3: detected capacity change from 0 to 32768 [ 563.370005][T15782] XFS: noikeep mount option is deprecated. [ 563.378849][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.385335][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.444037][T15782] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 563.447949][T15772] BTRFS info (device loop5): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 563.488531][T15776] loop6: detected capacity change from 0 to 40427 [ 563.497006][T15772] BTRFS info (device loop5): using sha256 (sha256-avx2) checksum algorithm [ 563.507178][T15772] BTRFS info (device loop5): setting nodatacow, compression disabled [ 563.515912][T15776] F2FS-fs (loop6): build fault injection attr: rate: 690, type: 0x7ffff [ 563.526137][T15772] BTRFS info (device loop5): setting datacow [ 563.532600][T15772] BTRFS info (device loop5): doing ref verification [ 563.539666][T15772] BTRFS info (device loop5): force clearing of disk cache [ 563.547309][T15772] BTRFS info (device loop5): turning off barriers [ 563.554072][T15776] F2FS-fs (loop6): invalid crc value [ 563.560187][T15772] BTRFS info (device loop5): enabling ssd optimizations [ 563.567413][T15772] BTRFS info (device loop5): using spread ssd allocation scheme [ 563.589206][T15776] F2FS-fs (loop6): Found nat_bits in checkpoint [ 563.615228][T15772] BTRFS info (device loop5): using free space tree [ 563.691934][T15782] XFS (loop3): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 563.752179][T15782] XFS (loop3): Starting recovery (logdev: internal) [ 563.766487][T15776] F2FS-fs (loop6): Start checkpoint disabled! [ 563.785565][T15782] XFS (loop3): Ending recovery (logdev: internal) [ 563.806246][T15776] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e6 [ 563.832849][T15776] F2FS-fs (loop6): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_page+0x1d7/0x910 [ 563.916357][T15772] BTRFS info (device loop5): rebuilding free space tree [ 563.961733][ T5800] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 564.258993][ T59] kworker/u4:4: attempt to access beyond end of device [ 564.258993][ T59] loop6: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 564.355568][T12058] BTRFS info (device loop5): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 564.358514][ T59] F2FS-fs (loop6): Stopped filesystem due to reason: 3 [ 564.392721][ T59] F2FS-fs (loop6): Stopped filesystem due to reason: 3 [ 564.997953][T15827] program syz.3.3988 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 565.621950][T15840] loop6: detected capacity change from 0 to 2048 [ 565.635574][T15843] loop5: detected capacity change from 0 to 512 [ 565.669957][T15840] EXT4-fs: Ignoring removed bh option [ 565.749162][T15840] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 565.764656][T15843] EXT4-fs (loop5): revision level too high, forcing read-only mode [ 565.806093][T15843] EXT4-fs (loop5): orphan cleanup on readonly fs [ 565.816979][T15843] Quota error (device loop5): v2_read_file_info: Block with free entry 1 out of range (1, 6). [ 565.897882][T15843] EXT4-fs warning (device loop5): ext4_enable_quotas:7175: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 565.918351][T15840] EXT4-fs error (device loop6): ext4_mb_generate_buddy:1215: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 565.958290][T15840] EXT4-fs (loop6): Delayed block allocation failed for inode 15 at logical offset 10 with max blocks 22 with error 28 [ 565.976286][T15825] loop1: detected capacity change from 0 to 32768 [ 566.001589][T15843] EXT4-fs (loop5): Cannot turn on quotas: error -117 [ 566.001848][T15840] EXT4-fs (loop6): This should not happen!! Data will be lost [ 566.001848][T15840] [ 566.021109][T15840] EXT4-fs (loop6): Total free blocks count 0 [ 566.030790][T15840] EXT4-fs (loop6): Free/Dirty block details [ 566.041228][T15843] EXT4-fs error (device loop5): ext4_validate_block_bitmap:439: comm syz.5.3995: bg 0: block 40: padding at end of block bitmap is not set [ 566.042139][T15840] EXT4-fs (loop6): free_blocks=2415919104 [ 566.079653][T15840] EXT4-fs (loop6): dirty_blocks=32 [ 566.091369][T15840] EXT4-fs (loop6): Block reservation details [ 566.094738][T15843] EXT4-fs error (device loop5) in ext4_mb_clear_bb:6637: Corrupt filesystem [ 566.108097][T15840] EXT4-fs (loop6): i_reserved_data_blocks=2 [ 566.158101][T15843] EXT4-fs (loop5): 1 truncate cleaned up [ 566.165365][T15843] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 566.293808][ T1142] EXT4-fs (loop6): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 566.322905][T15854] loop3: detected capacity change from 0 to 512 [ 566.349689][T15854] EXT4-fs: Ignoring removed nobh option [ 566.404083][T12058] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 566.454106][T15854] fscrypt (loop3, inode 2): Error -61 getting encryption context [ 566.548444][T15854] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -61 [ 566.614473][T15854] EXT4-fs error (device loop3): ext4_orphan_get:1399: inode #13: comm syz.3.3998: casefold flag without casefold feature [ 566.687863][T15854] EXT4-fs (loop3): Remounting filesystem read-only [ 566.706716][T15854] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 566.843245][T15861] loop6: detected capacity change from 0 to 4096 [ 566.859156][ T5800] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 566.896867][T15861] NILFS (loop6): invalid segment: Checksum error in segment payload [ 566.905456][T15861] NILFS (loop6): trying rollback from an earlier position [ 566.935469][T15861] NILFS (loop6): recovery complete [ 566.965494][T15864] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 567.125232][T15868] tipc: Invalid UDP bearer configuration [ 567.125291][T15868] tipc: Enabling of bearer rejected, failed to enable media [ 567.545527][T15878] loop5: detected capacity change from 0 to 128 [ 567.586297][T15878] VFS: Found a Xenix FS (block size = 512) on device loop5 [ 567.660933][T15878] sysv_free_block: trying to free block not in datazone [ 567.683299][T15856] loop1: detected capacity change from 0 to 32768 [ 567.757040][T15856] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 567.874441][T12058] sysv_free_inode: inode 0,1,2 or nonexistent inode [ 568.021460][T15856] XFS (loop1): Ending clean mount [ 568.043518][T15856] XFS (loop1): Quotacheck needed: Please wait. [ 568.275784][T15856] XFS (loop1): Quotacheck: Done. [ 568.363515][T15856] XFS (loop1): syz.1.3999 should use fallocate; XFS_IOC_{ALLOC,FREE}SP ioctl unsupported [ 568.572246][ T5786] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 568.936375][T15880] loop6: detected capacity change from 0 to 32768 [ 569.021972][T15880] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop6 scanned by syz.6.4010 (15880) [ 569.187917][T15880] BTRFS info (device loop6): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6 [ 569.270554][T15880] BTRFS info (device loop6): using blake2b (blake2b-256-generic) checksum algorithm [ 569.372031][T15880] BTRFS info (device loop6): using free space tree [ 569.847926][T15880] BTRFS info (device loop6): enabling ssd optimizations [ 569.854972][T15880] BTRFS info (device loop6): auto enabling async discard [ 570.625347][T15456] BTRFS info (device loop6): last unmount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6 [ 570.886073][T15897] loop3: detected capacity change from 0 to 40427 [ 570.941027][T15897] F2FS-fs (loop3): build fault injection attr: rate: 690, type: 0x7ffff [ 571.010255][T15897] F2FS-fs (loop3): Image doesn't support compression [ 571.058189][T15897] F2FS-fs (loop3): Image doesn't support compression [ 571.101249][T15897] F2FS-fs (loop3): invalid crc value [ 571.186644][T15897] F2FS-fs (loop3): Found nat_bits in checkpoint [ 571.209888][ T5794] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 10 /dev/loop6 scanned by udevd (5794) [ 571.428645][T15897] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 572.478070][T15936] netlink: 'syz.5.4023': attribute type 1 has an invalid length. [ 573.530268][ T28] audit: type=1326 audit(1756407306.777:194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15943 comm="syz.6.4027" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2ccd8ebe9 code=0x7ffc0000 [ 573.552652][ C1] vkms_vblank_simulate: vblank timer overrun [ 573.585228][T15948] netlink: 332 bytes leftover after parsing attributes in process `syz.5.4028'. [ 573.617444][T15948] netlink: 'syz.5.4028': attribute type 9 has an invalid length. [ 573.660660][T15948] netlink: 108 bytes leftover after parsing attributes in process `syz.5.4028'. [ 573.675033][ T28] audit: type=1326 audit(1756407306.777:195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15943 comm="syz.6.4027" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2ccd8ebe9 code=0x7ffc0000 [ 573.697544][ C1] vkms_vblank_simulate: vblank timer overrun [ 573.728155][T15948] netlink: 32 bytes leftover after parsing attributes in process `syz.5.4028'. [ 573.829646][ T28] audit: type=1326 audit(1756407306.827:196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15943 comm="syz.6.4027" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fe2ccd8d550 code=0x7ffc0000 [ 573.852199][ C1] vkms_vblank_simulate: vblank timer overrun [ 573.952822][ T28] audit: type=1326 audit(1756407306.827:197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15943 comm="syz.6.4027" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fe2ccd8d550 code=0x7ffc0000 [ 574.181643][ T28] audit: type=1326 audit(1756407306.827:198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15943 comm="syz.6.4027" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2ccd8ebe9 code=0x7ffc0000 [ 574.282237][ T28] audit: type=1326 audit(1756407306.827:199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15943 comm="syz.6.4027" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2ccd8ebe9 code=0x7ffc0000 [ 574.371057][ T28] audit: type=1326 audit(1756407306.837:200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15943 comm="syz.6.4027" exe="/root/syz-executor" sig=0 arch=c000003e syscall=78 compat=0 ip=0x7fe2ccd8ebe9 code=0x7ffc0000 [ 574.443125][ T28] audit: type=1326 audit(1756407306.837:201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15943 comm="syz.6.4027" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2ccd8ebe9 code=0x7ffc0000 [ 574.755950][T15958] loop3: detected capacity change from 0 to 8192 [ 574.925495][T15958] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 575.019628][T15958] REISERFS (device loop3): found reiserfs format "3.5" with non-standard journal [ 575.053781][T15958] REISERFS (device loop3): using ordered data mode [ 575.128231][T15958] reiserfs: using flush barriers [ 575.141676][T15958] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 575.205273][T15958] REISERFS (device loop3): checking transaction log (loop3) [ 575.361189][T15972] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4040'. [ 575.375088][T15958] REISERFS (device loop3): Using rupasov hash to sort names [ 575.395595][T15958] REISERFS (device loop3): using 3.5.x disk format [ 575.427276][T15958] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP [ 575.524078][T15958] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP [ 575.596755][T15958] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP [ 575.676028][T15958] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage. [ 576.176254][T15980] netlink: 32 bytes leftover after parsing attributes in process `syz.1.4044'. [ 576.257667][ T27] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 576.469637][ T27] usb 7-1: Using ep0 maxpacket: 16 [ 576.512723][ T27] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 576.565208][T15982] syz.1.4046 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 576.586071][ T27] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 576.625297][ T27] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 576.673048][ T27] usb 7-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 576.718506][ T27] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 576.791424][ T27] usb 7-1: config 0 descriptor?? [ 577.277792][ T27] microsoft 0003:045E:07DA.004B: ignoring exceeding usage max [ 577.351854][ T27] microsoft 0003:045E:07DA.004B: ignoring exceeding usage max [ 577.396715][ T27] microsoft 0003:045E:07DA.004B: usage index exceeded [ 577.442583][ T27] microsoft 0003:045E:07DA.004B: item 0 0 2 2 parsing failed [ 577.465903][ T27] microsoft 0003:045E:07DA.004B: parse failed [ 577.495444][ T27] microsoft: probe of 0003:045E:07DA.004B failed with error -22 [ 577.556652][ T27] usb 7-1: USB disconnect, device number 2 [ 577.684783][T15996] netlink: 104 bytes leftover after parsing attributes in process `syz.3.4051'. [ 577.702230][T15989] loop5: detected capacity change from 0 to 4096 [ 577.734326][T15989] EXT4-fs: Ignoring removed nobh option [ 577.801344][T15989] EXT4-fs (loop5): Test dummy encryption mode enabled [ 577.847998][T15989] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 578.239596][T12058] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 578.338335][ T50] Bluetooth: hci2: unexpected cc 0x2003 length: 1 < 9 [ 579.316464][T16015] team_slave_0: entered promiscuous mode [ 579.322276][T16015] team_slave_1: entered promiscuous mode [ 579.400497][T16015] 8021q: adding VLAN 0 to HW filter on device macvlan3 [ 579.648571][T16019] netlink: 'syz.5.4062': attribute type 29 has an invalid length. [ 580.667685][ T23] usb 4-1: new high-speed USB device number 39 using dummy_hcd [ 580.705519][T16034] loop5: detected capacity change from 0 to 1764 [ 580.758679][ T27] usb 2-1: new high-speed USB device number 32 using dummy_hcd [ 580.889243][ T23] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 580.942160][ T23] usb 4-1: config 27 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 580.997558][ T27] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 581.013451][ T23] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 581.032956][ T27] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 581.047543][ T23] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 581.077718][ T27] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 581.117334][ T23] usb 4-1: Quirk or no altest; falling back to MIDI 1.0 [ 581.134002][ T27] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=67 [ 581.165584][ T23] usb 4-1: invalid MIDI out EP 0 [ 581.183284][ T27] usb 2-1: SerialNumber: syz [ 581.205949][T16040] loop5: detected capacity change from 0 to 512 [ 581.310491][T16040] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 581.505206][ T23] snd-usb-audio: probe of 4-1:27.0 failed with error -22 [ 581.516852][ T6294] udevd[6294]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 581.537877][ T27] usb 2-1: 0:2 : does not exist [ 581.594404][T16040] EXT4-fs (loop5): 1 truncate cleaned up [ 581.618185][ T23] usb 4-1: USB disconnect, device number 39 [ 581.659084][T16040] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 581.742294][ T27] usb 2-1: USB disconnect, device number 32 [ 581.919011][ T5946] udevd[5946]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 582.105419][T12058] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 582.372969][ T50] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 582.384418][ T50] Bluetooth: hci2: Injecting HCI hardware error event [ 582.396052][ T5795] Bluetooth: hci2: hardware error 0x00 [ 583.314319][T16038] loop6: detected capacity change from 0 to 32768 [ 583.418972][T16038] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop6 scanned by syz.6.4071 (16038) [ 583.474621][T16061] x_tables: ip_tables: osf match: only valid for protocol 6 [ 583.542728][T16038] BTRFS info (device loop6): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 583.633069][T16038] BTRFS info (device loop6): using sha256 (sha256-avx2) checksum algorithm [ 583.714493][T16038] BTRFS info (device loop6): using free space tree [ 584.034630][T16038] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR [ 584.432878][T16038] BTRFS error (device loop6): open_ctree failed: -12 [ 584.532029][T16088] loop5: detected capacity change from 0 to 128 [ 584.607807][ T5795] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 584.658297][T16088] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4087'. [ 584.955253][T16093] loop1: detected capacity change from 0 to 1024 [ 585.166101][T16093] hfsplus: inconsistency in B*Tree (0,1,255,1,0) [ 585.202432][T16093] hfsplus: xattr search failed [ 585.384031][ T5794] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop6 scanned by udevd (5794) [ 586.090461][T16103] MTD: Couldn't look up 'memory.events': -15 [ 586.486679][T16108] loop1: detected capacity change from 0 to 1024 [ 586.999337][ T144] hfsplus: b-tree write err: -5, ino 4 [ 587.412707][T16122] netlink: 16 bytes leftover after parsing attributes in process `syz.1.4101'. [ 588.733091][T16138] loop3: detected capacity change from 0 to 128 [ 588.841000][T16138] autofs4:pid:16138:autofs_fill_super: called with bogus options [ 589.261455][T16140] loop6: detected capacity change from 0 to 4096 [ 589.371546][T16140] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 589.459890][T15456] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 589.631775][ C1] vkms_vblank_simulate: vblank timer overrun [ 590.923114][T16163] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 591.693229][T16169] loop3: detected capacity change from 0 to 4096 [ 591.732241][T16181] loop6: detected capacity change from 0 to 1024 [ 591.762576][T16181] EXT4-fs: Ignoring removed nomblk_io_submit option [ 591.783806][T16169] ntfs3: loop3: Different NTFS sector size (1024) and media sector size (512). [ 591.838058][T16181] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 591.928549][T16181] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 591.953710][T16169] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 591.966509][T16184] netlink: 12 bytes leftover after parsing attributes in process `syz.5.4129'. [ 592.008532][T16181] EXT4-fs (loop6): Test dummy encryption mode enabled [ 592.125574][T16181] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 592.154898][T16169] ntfs3: loop3: ino=1e, "file1" ntfs_sync_inode failed, -22. [ 592.512958][T15456] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 593.804467][T16214] loop3: detected capacity change from 0 to 1024 [ 593.987114][T16216] [U]  [ 594.023755][T16216] [U] K{ [ 594.027106][T16216] [U] T 1ŠFFˊ`GJǘGO/MC [ 594.113273][ T144] hfsplus: b-tree write err: -5, ino 4 [ 594.129199][T16216] [U] Tؖ/,~ĜJ}8'O1"7-΂JQKWQ5C%"H12YX`ȼ`+(¿!(Z'TXLNIGJݭP~7!"ب (5OBܤ̓J [ 594.228982][T16216] [U] K\&}66XHX Ե.`A$40|϶9ި U4ĮVBZ}WMTQΦR 4 [ 594.272151][T16216] [U] ".H6"KÇ[J4IN[Z(C|T]Z{3C=XԞ˅4W)\TXJSH{Q;̹T+G߮D.˂>YWUHFNHL]S2\G%O&Z)К'PUL_< ذҮ`ұTޜ;_"(U{7J2X /'CIHCճV=AI%WES RJΜGR͡HIA6-DV I"Nƨ ASC~48C*OO5/ߜJ~WVK+3Y)MVYQƽDTROTPEM%FEJA5T_-X~^AAۂҘQ [ 594.308023][ C1] vkms_vblank_simulate: vblank timer overrun [ 594.482711][T16216] [U] +WG?]'A: )' B>TF/<'U'HI.+]E.-ɿ߿%>2`^U8F.63+A«G3P6:^0TV'ETYCNRϩNPJ ;Zۑ8!\مAʖ2$е­WI.#/BAI`4JDY@ZGW5˿B ٜNY"VI2 [ 594.584872][T16216] [U] T_K5TYJ9C$BRLNUL 9W|G"ʃ%ڶC؝Q 3QN^HP*$ .7Yӱ2 [ 594.678054][ T27] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 594.722356][T16225] netlink: 36 bytes leftover after parsing attributes in process `syz.5.4148'. [ 594.741079][T16226] loop3: detected capacity change from 0 to 512 [ 594.768363][T16216] [U] ? H*3͝7ɍ^#Q"0~ (OX LB,'V=CSGS0ւ`ه=1(ξP#2DO*Ƀ [ 594.832294][T16216] [U] SGGUD-{|&ѐ2LC_!`OZ֥B%>RѶWχݎSSH"YA4O.YďRTԶB[+/< [ 637.845502][T16762] dump_stack_lvl+0x16c/0x230 [ 637.850265][T16762] ? __lock_acquire+0x7c80/0x7c80 [ 637.855324][T16762] ? show_regs_print_info+0x20/0x20 [ 637.860563][T16762] ? load_image+0x3b0/0x3b0 [ 637.865117][T16762] ? __virt_addr_valid+0x469/0x540 [ 637.870277][T16762] print_report+0xac/0x220 [ 637.874819][T16762] ? xfrm_state_find+0x2635/0x4510 [ 637.880148][T16762] kasan_report+0x117/0x150 [ 637.884697][T16762] ? xfrm_state_find+0x2635/0x4510 [ 637.889864][T16762] xfrm_state_find+0x2635/0x4510 [ 637.894851][T16762] ? verify_lock_unused+0x140/0x140 [ 637.900093][T16762] ? xfrm_state_find+0x321/0x4510 [ 637.905168][T16762] ? xfrm_sad_getinfo+0x170/0x170 [ 637.910249][T16762] xfrm_resolve_and_create_bundle+0x727/0x2c20 [ 637.916455][T16762] ? xfrm_policy_lookup_bytype+0x133/0x1070 [ 637.922439][T16762] ? xfrm_expand_policies+0x690/0x690 [ 637.928060][T16762] ? xfrm_policy_find_inexact_candidates+0x650/0x680 [ 637.934885][T16762] ? xfrm_policy_lookup_bytype+0x1013/0x1070 [ 637.940913][T16762] ? lockdep_hardirqs_on+0x98/0x150 [ 637.946188][T16762] ? xfrm_policy_lookup_bytype+0x133/0x1070 [ 637.952135][T16762] ? ip_route_output_key_hash+0x12f/0x340 [ 637.957997][T16762] ? xfrm_expand_policies+0x41a/0x690 [ 637.963597][T16762] xfrm_lookup_with_ifid+0x556/0x19c0 [ 637.969023][T16762] ? __xfrm_sk_clone_policy+0x850/0x850 [ 637.974611][T16762] ? ip_route_input_rcu+0x3010/0x3010 [ 637.980034][T16762] xfrm_lookup_route+0x3c/0x1b0 [ 637.984931][T16762] vti_tunnel_xmit+0x424/0x1770 [ 637.990015][T16762] ? vti_tunnel_init+0x110/0x110 [ 637.995010][T16762] dev_hard_start_xmit+0x246/0x740 [ 638.000169][T16762] __dev_queue_xmit+0x1a64/0x35a0 [ 638.005238][T16762] ? __dev_queue_xmit+0x245/0x35a0 [ 638.010387][T16762] ? __kmem_cache_alloc_node+0x13e/0x260 [ 638.016161][T16762] ? netdev_core_pick_tx+0x340/0x340 [ 638.021590][T16762] ? skb_release_data+0x1cf/0x800 [ 638.026670][T16762] ? pskb_expand_head+0xbfe/0x1230 [ 638.031920][T16762] ? __bpf_redirect+0x533/0xe60 [ 638.036817][T16762] __bpf_tx_skb+0x189/0x250 [ 638.041368][T16762] bpf_clone_redirect+0x270/0x3d0 [ 638.046451][T16762] bpf_prog_c9d58f5b8698340d+0x5e/0x63 [ 638.052128][T16762] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 638.058162][T16762] ? lock_chain_count+0x20/0x20 [ 638.063100][T16762] ? seqcount_lockdep_reader_access+0x124/0x1c0 [ 638.069395][T16762] ? lockdep_softirqs_on+0x570/0x570 [ 638.074820][T16762] ? ktime_get+0x7f/0x280 [ 638.079190][T16762] ? seqcount_lockdep_reader_access+0x176/0x1c0 [ 638.085478][T16762] ? ktime_get_real_ts64+0x420/0x420 [ 638.090804][T16762] ? bpf_prog_test_run+0x321/0x390 [ 638.095965][T16762] ? __local_bh_disable_ip+0xf2/0x190 [ 638.101574][T16762] ? __cant_sleep+0x210/0x210 [ 638.106314][T16762] ? read_tsc+0x9/0x20 [ 638.110433][T16762] ? ktime_get+0x24b/0x280 [ 638.114913][T16762] ? bpf_test_run+0x15c/0x810 [ 638.119661][T16762] bpf_test_run+0x2c7/0x810 [ 638.124236][T16762] ? bpf_test_run+0x15c/0x810 [ 638.129058][T16762] ? convert___skb_to_skb+0x590/0x590 [ 638.134504][T16762] ? eth_get_headlen+0x200/0x200 [ 638.139493][T16762] ? slab_build_skb+0x25f/0x3f0 [ 638.144392][T16762] ? convert___skb_to_skb+0x3d/0x590 [ 638.150077][T16762] bpf_prog_test_run_skb+0xa67/0x11c0 [ 638.155522][T16762] ? cpu_online+0x60/0x60 [ 638.159927][T16762] bpf_prog_test_run+0x321/0x390 [ 638.164912][T16762] __sys_bpf+0x440/0x800 [ 638.169197][T16762] ? bpf_link_show_fdinfo+0x350/0x350 [ 638.174610][T16762] ? lock_chain_count+0x20/0x20 [ 638.179594][T16762] __x64_sys_bpf+0x7c/0x90 [ 638.184046][T16762] do_syscall_64+0x55/0xb0 [ 638.188502][T16762] ? clear_bhb_loop+0x40/0x90 [ 638.193442][T16762] ? clear_bhb_loop+0x40/0x90 [ 638.202154][T16762] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 638.208203][T16762] RIP: 0033:0x7f70ca18ebe9 [ 638.212670][T16762] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 638.232500][T16762] RSP: 002b:00007f70cafd5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 638.240965][T16762] RAX: ffffffffffffffda RBX: 00007f70ca3b5fa0 RCX: 00007f70ca18ebe9 [ 638.248985][T16762] RDX: 000000000000002c RSI: 0000200000000080 RDI: 000000000000000a [ 638.257034][T16762] RBP: 00007f70ca211e19 R08: 0000000000000000 R09: 0000000000000000 [ 638.265154][T16762] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 638.273167][T16762] R13: 00007f70ca3b6038 R14: 00007f70ca3b5fa0 R15: 00007ffd798cf018 [ 638.281196][T16762] [ 638.284249][T16762] [ 638.286610][T16762] Allocated by task 14457: [ 638.291076][T16762] kasan_set_track+0x4e/0x70 [ 638.295805][T16762] __kasan_slab_alloc+0x6c/0x80 [ 638.300688][T16762] slab_post_alloc_hook+0x6e/0x4d0 [ 638.305859][T16762] kmem_cache_alloc+0x11e/0x2e0 [ 638.310760][T16762] xfrm_state_alloc+0x22/0x2a0 [ 638.315586][T16762] __find_acq_core+0x7d8/0x19d0 [ 638.320574][T16762] xfrm_find_acq+0x6a/0x90 [ 638.325125][T16762] xfrm_alloc_userspi+0x57a/0xa90 [ 638.330184][T16762] xfrm_user_rcv_msg+0x596/0x870 [ 638.335248][T16762] netlink_rcv_skb+0x216/0x480 [ 638.340071][T16762] xfrm_netlink_rcv+0x79/0x90 [ 638.344809][T16762] netlink_unicast+0x751/0x8d0 [ 638.349612][T16762] netlink_sendmsg+0x8c1/0xbe0 [ 638.354514][T16762] ____sys_sendmsg+0x5bf/0x950 [ 638.359341][T16762] ___sys_sendmsg+0x220/0x290 [ 638.364076][T16762] __se_sys_sendmsg+0x1a5/0x270 [ 638.368981][T16762] do_syscall_64+0x55/0xb0 [ 638.373442][T16762] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 638.379388][T16762] [ 638.381738][T16762] The buggy address belongs to the object at ffff88802d4b1000 [ 638.381738][T16762] which belongs to the cache xfrm_state of size 848 [ 638.395832][T16762] The buggy address is located 760 bytes inside of [ 638.395832][T16762] freed 848-byte region [ffff88802d4b1000, ffff88802d4b1350) [ 638.409672][T16762] [ 638.412028][T16762] The buggy address belongs to the physical page: [ 638.418481][T16762] page:ffffea0000b52c00 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88802d4b0800 pfn:0x2d4b0 [ 638.430077][T16762] head:ffffea0000b52c00 order:2 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 638.439082][T16762] flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 638.447106][T16762] page_type: 0xffffffff() [ 638.451468][T16762] raw: 00fff00000000840 ffff888141a56dc0 dead000000000122 0000000000000000 [ 638.460356][T16762] raw: ffff88802d4b0800 000000008010000c 00000001ffffffff 0000000000000000 [ 638.468988][T16762] page dumped because: kasan: bad access detected [ 638.475435][T16762] page_owner tracks the page as allocated [ 638.481350][T16762] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x152820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 10232, tgid 10231 (syz.3.1754), ts 293669492800, free_ts 293520530189 [ 638.502250][T16762] post_alloc_hook+0x1cd/0x210 [ 638.507072][T16762] get_page_from_freelist+0x195c/0x19f0 [ 638.512757][T16762] __alloc_pages+0x1e3/0x460 [ 638.517415][T16762] alloc_slab_page+0x5d/0x170 [ 638.522141][T16762] new_slab+0x87/0x2e0 [ 638.526256][T16762] ___slab_alloc+0xc6d/0x12f0 [ 638.530990][T16762] kmem_cache_alloc+0x1b7/0x2e0 [ 638.535931][T16762] xfrm_state_alloc+0x22/0x2a0 [ 638.540736][T16762] xfrm_add_sa+0xfe5/0x30a0 [ 638.545277][T16762] xfrm_user_rcv_msg+0x596/0x870 [ 638.550246][T16762] netlink_rcv_skb+0x216/0x480 [ 638.555046][T16762] xfrm_netlink_rcv+0x79/0x90 [ 638.559782][T16762] netlink_unicast+0x751/0x8d0 [ 638.564756][T16762] netlink_sendmsg+0x8c1/0xbe0 [ 638.569559][T16762] ____sys_sendmsg+0x5bf/0x950 [ 638.574370][T16762] ___sys_sendmsg+0x220/0x290 [ 638.579100][T16762] page last free stack trace: [ 638.583813][T16762] free_unref_page_prepare+0x7ce/0x8e0 [ 638.589326][T16762] free_unref_page+0x32/0x2e0 [ 638.594139][T16762] free_large_kmalloc+0x101/0x1a0 [ 638.599216][T16762] bpf_check+0x62c6/0xe970 [ 638.603669][T16762] bpf_prog_load+0x11cb/0x16d0 [ 638.608471][T16762] __sys_bpf+0x55a/0x800 [ 638.612752][T16762] __x64_sys_bpf+0x7c/0x90 [ 638.617209][T16762] do_syscall_64+0x55/0xb0 [ 638.621661][T16762] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 638.627605][T16762] [ 638.629952][T16762] Memory state around the buggy address: [ 638.635695][T16762] ffff88802d4b1180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 638.643804][T16762] ffff88802d4b1200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 638.651897][T16762] >ffff88802d4b1280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 638.659996][T16762] ^ [ 638.668014][T16762] ffff88802d4b1300: fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc [ 638.676107][T16762] ffff88802d4b1380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 638.684195][T16762] ================================================================== [ 638.692571][ C1] vkms_vblank_simulate: vblank timer overrun [ 638.698655][T16762] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 638.705885][T16762] CPU: 1 PID: 16762 Comm: syz.1.4358 Not tainted syzkaller #0 [ 638.713389][T16762] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 638.723483][T16762] Call Trace: [ 638.726799][T16762] [ 638.729763][T16762] dump_stack_lvl+0x16c/0x230 [ 638.734497][T16762] ? show_regs_print_info+0x20/0x20 [ 638.739738][T16762] ? load_image+0x3b0/0x3b0 [ 638.744287][T16762] panic+0x2c0/0x710 [ 638.748242][T16762] ? bpf_jit_dump+0xd0/0xd0 [ 638.752805][T16762] ? _raw_spin_unlock_irqrestore+0xa9/0x110 [ 638.758745][T16762] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 638.764699][T16762] ? _raw_spin_unlock+0x40/0x40 [ 638.769610][T16762] ? print_memory_metadata+0x314/0x400 [ 638.775135][T16762] ? xfrm_state_find+0x2635/0x4510 [ 638.780330][T16762] check_panic_on_warn+0x84/0xa0 [ 638.785322][T16762] ? xfrm_state_find+0x2635/0x4510 [ 638.790476][T16762] end_report+0x6f/0x140 [ 638.794852][T16762] kasan_report+0x128/0x150 [ 638.799446][T16762] ? xfrm_state_find+0x2635/0x4510 [ 638.804604][T16762] xfrm_state_find+0x2635/0x4510 [ 638.809682][T16762] ? verify_lock_unused+0x140/0x140 [ 638.814918][T16762] ? xfrm_state_find+0x321/0x4510 [ 638.819980][T16762] ? xfrm_sad_getinfo+0x170/0x170 [ 638.825057][T16762] xfrm_resolve_and_create_bundle+0x727/0x2c20 [ 638.831261][T16762] ? xfrm_policy_lookup_bytype+0x133/0x1070 [ 638.837223][T16762] ? xfrm_expand_policies+0x690/0x690 [ 638.842649][T16762] ? xfrm_policy_find_inexact_candidates+0x650/0x680 [ 638.849379][T16762] ? xfrm_policy_lookup_bytype+0x1013/0x1070 [ 638.855428][T16762] ? lockdep_hardirqs_on+0x98/0x150 [ 638.860725][T16762] ? xfrm_policy_lookup_bytype+0x133/0x1070 [ 638.866677][T16762] ? ip_route_output_key_hash+0x12f/0x340 [ 638.872450][T16762] ? xfrm_expand_policies+0x41a/0x690 [ 638.877880][T16762] xfrm_lookup_with_ifid+0x556/0x19c0 [ 638.883297][T16762] ? __xfrm_sk_clone_policy+0x850/0x850 [ 638.888880][T16762] ? ip_route_input_rcu+0x3010/0x3010 [ 638.894317][T16762] xfrm_lookup_route+0x3c/0x1b0 [ 638.899321][T16762] vti_tunnel_xmit+0x424/0x1770 [ 638.904240][T16762] ? vti_tunnel_init+0x110/0x110 [ 638.909241][T16762] dev_hard_start_xmit+0x246/0x740 [ 638.914406][T16762] __dev_queue_xmit+0x1a64/0x35a0 [ 638.919496][T16762] ? __dev_queue_xmit+0x245/0x35a0 [ 638.924742][T16762] ? __kmem_cache_alloc_node+0x13e/0x260 [ 638.930422][T16762] ? netdev_core_pick_tx+0x340/0x340 [ 638.935763][T16762] ? skb_release_data+0x1cf/0x800 [ 638.940837][T16762] ? pskb_expand_head+0xbfe/0x1230 [ 638.945997][T16762] ? __bpf_redirect+0x533/0xe60 [ 638.950888][T16762] __bpf_tx_skb+0x189/0x250 [ 638.955527][T16762] bpf_clone_redirect+0x270/0x3d0 [ 638.960695][T16762] bpf_prog_c9d58f5b8698340d+0x5e/0x63 [ 638.966195][T16762] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 638.972212][T16762] ? lock_chain_count+0x20/0x20 [ 638.977101][T16762] ? seqcount_lockdep_reader_access+0x124/0x1c0 [ 638.983472][T16762] ? lockdep_softirqs_on+0x570/0x570 [ 638.988808][T16762] ? ktime_get+0x7f/0x280 [ 638.993176][T16762] ? seqcount_lockdep_reader_access+0x176/0x1c0 [ 638.999463][T16762] ? ktime_get_real_ts64+0x420/0x420 [ 639.004890][T16762] ? bpf_prog_test_run+0x321/0x390 [ 639.010042][T16762] ? __local_bh_disable_ip+0xf2/0x190 [ 639.015462][T16762] ? __cant_sleep+0x210/0x210 [ 639.020180][T16762] ? read_tsc+0x9/0x20 [ 639.024286][T16762] ? ktime_get+0x24b/0x280 [ 639.028752][T16762] ? bpf_test_run+0x15c/0x810 [ 639.033476][T16762] bpf_test_run+0x2c7/0x810 [ 639.038031][T16762] ? bpf_test_run+0x15c/0x810 [ 639.042754][T16762] ? convert___skb_to_skb+0x590/0x590 [ 639.048171][T16762] ? eth_get_headlen+0x200/0x200 [ 639.053159][T16762] ? slab_build_skb+0x25f/0x3f0 [ 639.058066][T16762] ? convert___skb_to_skb+0x3d/0x590 [ 639.063400][T16762] bpf_prog_test_run_skb+0xa67/0x11c0 [ 639.068849][T16762] ? cpu_online+0x60/0x60 [ 639.073218][T16762] bpf_prog_test_run+0x321/0x390 [ 639.078197][T16762] __sys_bpf+0x440/0x800 [ 639.082478][T16762] ? bpf_link_show_fdinfo+0x350/0x350 [ 639.087902][T16762] ? lock_chain_count+0x20/0x20 [ 639.092798][T16762] __x64_sys_bpf+0x7c/0x90 [ 639.097249][T16762] do_syscall_64+0x55/0xb0 [ 639.101703][T16762] ? clear_bhb_loop+0x40/0x90 [ 639.106413][T16762] ? clear_bhb_loop+0x40/0x90 [ 639.111229][T16762] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 639.117172][T16762] RIP: 0033:0x7f70ca18ebe9 [ 639.121628][T16762] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 639.141540][T16762] RSP: 002b:00007f70cafd5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 639.150095][T16762] RAX: ffffffffffffffda RBX: 00007f70ca3b5fa0 RCX: 00007f70ca18ebe9 [ 639.158110][T16762] RDX: 000000000000002c RSI: 0000200000000080 RDI: 000000000000000a [ 639.166216][T16762] RBP: 00007f70ca211e19 R08: 0000000000000000 R09: 0000000000000000 [ 639.174230][T16762] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 639.182274][T16762] R13: 00007f70ca3b6038 R14: 00007f70ca3b5fa0 R15: 00007ffd798cf018 [ 639.190295][T16762] [ 639.193688][T16762] Kernel Offset: disabled [ 639.198038][T16762] Rebooting in 86400 seconds..