last executing test programs: 5.827542743s ago: executing program 3 (id=6927): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000440), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000700)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0), 0x2}}, 0x20) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000100), 0x111}}, 0x20) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000080), 0x62}, {&(0x7f0000000100)="06010000246837f73199aee6fdb9291b3091ec1a2d41d227975ad8ec030f5919f397867997f9c0efa9c9092a31cdbb98ea272787afda0af59a320709c3a59ef05c6f40ceafec53f48d6186e7d8409e35306221caf67b370d875eff3191932728e5ab6c9a3acf6ccee3e352c898f5744abaedfb53f92c37acb126bd143f3e9cdfcf25a8d6129fcc3a141c3f5ab6db772f87c787817a9b699dd60732d952716b103bc1e91ac5b1ed92f35389580994bb0df9bce07e7a80921888f984139f488d256a67fec0cbb5c4e93d5c151d97f676ab93b1efbd46f600dc964231e3257bf358448fddf894c0cdfa9115adbe5b19bc912fcbc8aac7719b649b1ff1267491da", 0x682c}, {&(0x7f0000001480)="d1ffacd516de50ac9d15bc75316da4defa1e72f65a65cdd26dcc389aacf7856da9aecf3765d4c032e1960faf25bad906b7d3440b6e71a82f1d8f8b8db35b6091f3af94c6b46b9ab10fe3923f268771078d2668be7bd3eb941d4bb5baa8547e36283a065ce5766cbff3a8fc37fc4507643d3786bbf231d3ed88cb8b01eab14e4372cf4f89bd1b853caa5d9f07f523b9dfa8cc09053ff36fde08e96fb6b3acc196b1bd1e2d3a6c65f585df7e2b8b17439a7ab29a7dfe642c2f0ac7a81eca8073b559663f2daf7a0832b2b09557794a21bf114831f8e6db3922d0cd169e5a8b4adc95d7322ee75944de15f57780b88fef7f3d9b256705ccfa2125b43ce8e3aacaead963cdd7f792f14c9b24493f9f830f6de8da93bbd4357095631adec14224dd9bb049e826f3a49624393e6a031103faff0902ba88ae30af4a61caa77ff956214196fcf3c5536d823284306f367afcb46fb43231911cc53091671e7d853ebf015241b18e9fb6ac6d9a7a1b05dfd6d9e56a51567cd8837dd045abf6b85550f0dd8dded43147ab9bfadc18b9984699d5d875cb21a95a7f584d8c466d033df75193f9ae58b85cfacc54f6c6e12a0debe40ee361a839563bc2cb64271672a55370c2b035b482074ce2487ef8a3bc1c68856e6e09539276d961a0c647f1ee3237496fc99623e8fd33faf7797d86a88dcee152d15e10739bcbbd6077b76867e291f350d999024c12faf81f83792f48f7f6dd66aa6854e460ef7f8c755f3a6dd76509ea0d2db39057a5129185b2fb11546cd5d6cc59f640e9028ae6c7075fba5e5b5593d7f79ec387833f465d09bde464112821eaec5e6e8f2aee8d7358f9c14afe2018856f610848706c71cda62493aef2e39efb71b4a8e804847eda66b2b5b1d75b478f19208ee1ac43afb2dbbba5dd0f29f6946022e09fb853cb176ca3474ba2fa67cb245fe85ec61a095d6fd9ac2ac5685920201617342fe56072427b9bd3626a1a371e67041fcda781be0c234d6feb5ad500e8bc7074381fd0d04983a4a6cdb6c8e03d59dc50925e9e4b24e6f8e455f02818959f2927f0a2d9ff62ec3c5c399077048f7d3dad0830b2e6563693f2f9d48eca8c34804a7626282a4a214d13786993c011a88194dbf7b23e25f592e62186c9fb565fac7632de356153c89a6be0b6b26ba48c2427424769fcbd7ee072ed4bd4d0731d06c8537d616b1145a6c70edb13fb4dba3565221b3a2897a23861cd0e8e0060021cdd7de002d5e785e5d6d3d07f4e445ada9c8d9ba8b819d0b5c7b5d15a5192d3a83c125c8e117c823a9e33316b8c9154e7330d3a865048dbd9c14757691bfe56f10423f6ab717bec5eebeac6ba9ad1aeb6cde09d7fda8e475a71ac48d46b8d9a40879c9dec2db5c4799e5fc8e8b3d419031c1033fce88ae2c93d7ca62c9302e6b45ca8dfebe5b92724f035e8e9d7704efb23f445999fe08cfa28404874d8acc8d37870d394d9fcc8dbe763bc85c37f0f3bcc2cbea420cd073db598e7d89c14a31e5bf57cbefa301427c93091505f1f3e5cdf712958b2e8fc56684d3388107c1728f0e5a3be2164246071653e256ed3bf3000c17301da9a5a3d9ca475867c4f311a24e5ae909a62047a9e6bb71cbcb4f159c2ef0f66b4d0f9da51aba99cd9448443dd277362af18d32f111c48a952ef555b2c7c58b997ce61e74cc7551b57eaffe411219baddf490926d8e260dcd87c069e617195c352950f9b51ce88c12c4f7997ba515f77e68d44f831cdf4d7ee8b1b7cedcb4c4fc7e85ba288c8555d49d5b4b9bb70dc4b688bd12e6b38e37150f3ea457a76b23d5abe6551ea598e090aed87822b0954b8db1a7c605c925b7f9240b0e7a020f292a1fd4a37c74139bc6e7ff08373ebfc8feea371ae0b6c61c715f6f1f4b0b994c7e2e129f87db959aae6ff48664d824b29ba9f255890f9c537178db9c5302097891557f8175a46f308b1a2530aa726ea9d4cfce76db50637369724d0c5f51c97edb58ff5eb9b2434b3721b61688ba12471b97c6a65ba085e15406568ac852590701f2ef8451c5cf1191d70f51eaea9ddc4cbdd7428f627db5069111f65062d5cc34581826af3e670613dda99e31c42736aabd87be56e214ed606862a152455f91891b7430bae03284569c234588f495a5ecc4a23fad6ba34e2ee9ebde8c7f5f62c9344659375c2a1fe6fa6e4ef68712223b9471c513bb11429dbb8a45463c8882f462275ee0da567c60c2d8038843e0c20486676e9978f2aec9187820c94a6e7e519d06daf2ab198f5cafcab4d9c90a479800906192d66a3301a34fa6c5a931cea0a479a4d98d86d9de3e061323504b57186dd33df7a16ccb688c0de203666cb0a6b543a9d069dded44a3b432cbb71da921dcab6be1c2d7494d3b07841d9b4f9d659b5d3d3b2ed916f91588d589128e4b2d4448e6aab5a8160eddca0f6e022abb85e251a11cd6bae57a09b2c434ab5bdf6264afb20d5ab022d152e345bd32ba9283aa5b3cd9118bd271a8ac9083c98b8a83064e65428f7ad7b35bf1d60d4e703f22d2d316fc12bd68bcced82cf0962a3d5769c6a3d75d59f7a7b76454661fd3574b8c8e26d20c372407854505ea6c2406fbd8a1ba7bb017c565228aa6d03d18ed309a308ffb1ecec73c246413e7c70f25070eafed9e70d22e9e8b44125c44eceff37e65bf073bc6fad1ea2b72675af4bf70586a8f7e0f35700de94c802522897576ed115fa21b3d23a367844520b33f5b9aedc0245096765f4cb3b2ff4e54f39bd7346c2347875d75a931b17c6c424ddb4767e0e63cc7725a8fc4b1dbe7929b2f909cc5be8b09e63330341e6471dcac0f8b44693d01805a1467b71612260e2a273861b3697440a5f75497796bffcf79d62a4a50a6ed5ef2efe8c83374f2ecd08d8d628aa03b01a11caeb2bdecc0ab2abcecfa15627979d7c3f9dec5389fc6625e957f8075e23e636dd5514596189d568e14d33ae518e6e9978c6a36a74b49fdbd1260095c9abe447e618878039b75e305b1d2c9ddeb9e5cedb11802e0833739d8595d57d749c890c9290cca4aa96e6718747543796a187e54a66c2f71beefddf911a7a74b59c48ba642d5ecd4d415f48dfbde5baac8a4ba063c1b985d9f9f3180e8a1c8b2cf6a25c2ff17688cc858ac8b9c67960f09a1ca5f28f8e877159e00fe7fb10cca73b391508895e7e52c22f9b38d73dabd6ff7c55ebf4e1611daee8d52b4ceee49a6df7daeb81bf9d1c943a74c03d3dda52c5b99f3225c1b87074f5cef6187878bc5b665ec0561adcc9781280dd1c6592555d327afea78b21beeeb66a0af3eab3249245f41cdbca309d3fba5d4b345319dd0a26134c0c896f2c8d32fda28600013f6a4c95b4038faba70d6c480b360c55bdc0595f7ca636e85521ba505d894f9c5f0a90719bc9944f386ad7491422ff12f34a3c048708d51305a8cc5b2a502ac1575a14c75e9fb7219ede2f6d9c1b362230b6189e0d8cd8ccd11fd0325182c6e46c9977bf63aa02f7024aeb4389f989f5733a198b45e4329c4c1a538a009f216ad3ac09cac39547b4fd21a5d7146ea307ad9b9339f39d5161d17b59860a0aed38cd89d1b68c6438346d51a3a283074e34ee01d2eca527b1b3836ccdf7e807007152c79d14324e3d887c9551a9447527db4434810f5b0b73d855f32a0c89aa784e43f4c1657d408dd33f88aeae1e5186bbcc2a348b708e3cec9080e12ee3676beb5ee86a9b5cc4a3496c242b95a248906ed62f984b22373bdfd97515441f34e01006d8d1244aa88403f207cd8820ffe07634fc86d00f871c1e4c9e8fc1a00d295e36d98119599b62379cda10ada85efe7b50c5f38d8d010a2cd53db900939db1ffce14feffb7940d12842f4f2b507e1fa49e526752d1e3d80a0c2a75e870d85f77fd91fc46ac1b1288dd33338cdad154d6b80b5a925431868d62a3fb0036f28fe259a3f555f767526a9ea230c33843efc49ac3182a357845ea122d606ab22c9f937b2b905e02dd1cb07d380e3486be6167f00b6e6d90a3c1d6aee15da439a55542ce177e498998ba8ac69a848e63e4c7564e4dc04aad595fa1ab81275edafa0d352029c304200d2f2c5881cbf5a26b2141bdb117879cc11e7c13bd62f221ae1ac04dca3d8d58a13c130557ecf5f36184c7366d3852d0cbd6ca42f2a971d87c0bb204097af1a3abdab7b95d07fcdbf5f42607695dedcd26e30b8fc5cfd7b333a95f3ee69d5ba7911dadb1394285c437a0f26fc027737ba5ee7d63333f80acb59f1a7faf2ec3031c6533107502bffc92d8726a48ce00cdb5f1258d85ff8eb72bfb162e122022f1f3e8a72b41d2689d5228b1130fbc946384401f3bbe726314bb09d430333ad78de07b3cec5c18a4f4abb69507b6451ca4e610b8fc988c983426e0cc3b9d15393026eb75d3d08634b8a7495cef69aab83d27ea1b5b41f40b996dd10023d81f77d61192930ffc25cae1e149412322fcb0aa47bee3afc44ec3dda96c9294854e2cbaebfea6f9a90f0b3797d5f505824b4de964151569f881f87f9dd9d30a2a2f9ed01059a909cba157902903c77f2f3d056231e7c7483a3f35e04360e084f0d3f94a92c92c77b3f06479fbc417366d7fe87ddfcdfd86274f87a5f817b0f947924cbe2329f16f6b00c8a0ab96164f7b35fed38a388380af05c3600abc37a944c9e75a691728c26896ac3615297766f406aeb0f2fd147d68fad3fb3b032880280ebb4bf89252a36b0d9eb393daae72829b8da870b886676244897d5322b32703fcf138b66eedeb3024666a88fd99d8962f696ab7b34e19ced1bd27488aa2ffe5bfa11f8f9289bd8c052d4e88316cc33b0255ef1bfca4c17067d7f78175c56db481fe8dc6f73b1cbdf9d5823f115c9e03f2dfd07bc1ad88564d48b18cd9a30d83cbd5e6a3eedcb0ee86e5dd47f32820cb74dcf730b2052b31297b529e5e24f042335d13915e4048132fe1a101841e919c7870bb680eddead9a6111394bc12e274fbd88abaf2d254721c42e82abf4d1e319a631794ed6ce319ddd844ac5e9b1fc96dd9aaad42f2e087abe1b85430c4a00631970e3e74a6ed923f49e0df75685e044fae3fcea0af4dbfeebe0a9c2e73e8a89b89603a75f585e3ebba5453ae595da1469ea90ea3c9fb6a22411c56c58dfbf504caa629dbfc73ebbedc91669f2babf8b8215c525edf8feb366f104ffa9eb2bb79232660aece4730ef1ae8585c629ffe1390356a58e900da145b83ad177c7bb2d125e59d7ff4d3a8562efc620b4cf9b33c2305bbf1957e0f8b06f0fbe9c80db73b08fdd0be4a1ea4f91f52af47160040424aed8ac3c10251fb0b5d9be08247edf3dda5d1750d0597d60c8a0d9418a4e0c9325bb90f0886f9e5dda9e88ac1942ec1e53da0cf5ccad66b9cdfc2fdca784dd06a73713ef73785706d024873ddca5ccfcf0b91748a2c1fbd8c241934b5b473007b29d76aec5addf7b945a5f7abd6ddeccc8d0ccb26d69d4793b7224c27ba7bf45aac8a2be56086ab8c65ea69fdd593a01a29e2912378002d824bd98e6ed1c5dd5f33be529e640997f5f1bbde051fb2a669145966db4889bf32aa13777ac6c077c51bb8b2523954cea3adc307cfe53b8cbb00edf0c04c456392aea6613e8078a309dc538a6a24f80fc1b7f9fce3e3291ca6dab8090a634fcdb24e7a9de8aecd595b988f597cd623d148a8841b0a5203953166ea2e85316928f28dd2604d37c9ec80a49c0d91cbfe6d584b9b6a321b97bf99ae1d67985fd441976a828c97456003a7892c7c7f4a51bb49e3d3ea1e95ec29c89a2676", 0x1001}], 0x3) 5.525641114s ago: executing program 3 (id=6928): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f00000003c0)={'batadv_slave_1\x00', 0x0}) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000400)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_SET_HARDIF(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000440)={0x34, r1, 0x1, 0x0, 0x0, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r2}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r3}, @BATADV_ATTR_HOP_PENALTY={0x5}, @BATADV_ATTR_ELP_INTERVAL={0x8}]}, 0x34}}, 0x0) 5.238656888s ago: executing program 0 (id=6929): syz_mount_image$nilfs2(&(0x7f0000000080), &(0x7f0000000300)='./file0\x00', 0x0, &(0x7f0000000100)=ANY=[], 0x1, 0xaca, &(0x7f0000000e00)="$eJzs3U2MW0cBAOB53vUmm6TEKQld0tAmFNry002zWcJPBEmVCImoqRCXShWXKE1LRAgSRQKqSiQ5caNVFSRO/IhTL1VBSPSCop64VKKRKqSeCgcOREFU4gCBxFXsGa89sfvs/bHX6++TxuN5855n3vPz8/udCcDEqjReFxfnihAuv/7y8X88+PfZ20OOtMaoNV6n21LVEEIR09PZ57071YxvvvfC6W5xERYarykdnrjemnZrCOFC2BuuhFrYffnqS28uPH7y4olL+9565fC1tZl7AACYLF+/cnhx11//fO+OG6/edzRsag1P++e1mN4W9/uPxh3/tP9fCZ3poi20m8nGm46hMts53lSX8RrlTHcfb7pH+TNZ+dUe420KH1z+VNuwbvMN4yytx7VQVOY70pXK/HzzmDw0jutnivnzZ88989yIKgqsun/fH0LY2xaOXepMr2VIG5tBpjmyFnUpmv/razy/9WEt140Wjg6vrBv1ppHP85BCfftotz8ASX698A4X8jMLK9P6tOn+yr/+WKX79LAKhr3+D1T+zIjLD8r/zUVbHFbPRl2b0nyl39G2mE7/3ukepvz+pd6/v/xKR+fQ/HpEtc969rqOMC7XF3rVc2rI9ViuXvXP14uN6ssxTsvhK1l+++8n/07H5TsGuvtPfv5fEDrC3nVQB6EjhI50dSWfVR/x9gdYv/L75urp+miU39eX528qyd9ckj9bkr+lJH9rST5Mst99/6fhxWLpOD8/ph/0fHg6z3ZXjD80YH3y85GDlp/f9zuolZaf308M69kfTj155gtPP3W1ef9/0Vr/b8X1PR1u1OJv60ocIZ0vzM+rt+79r3WWU+kx3t1Zfe7qMn7j/c7O8YqdS58T2rYzd9RjrnO67b3G29M5Xi0bbzaGzVl98/2TLdl0af8jbVfT8prO5reazcdMVo+0XdkR47wesBxpfex1/39aP+dCtXjm7Lkzj8Z0Wk//NFXddHv4gSHXG1i5fp//mQudz/9saw2vVtq3C9uXhhfN7cJr8fM6hy+0yukcfjCm0//ct6ZmG8PnT3/33NOrP/sw0Z770fPfPnXu3JnvebPsN19dH9UY5E06bFkv9RmHN5WwLqoxrDcj3jABa27/j5s7AY+c/c6pZ888e+b8wUOHDi4sHPriwcX9jf36/e179+0ujKC2wGpa+tMfdU0AAAAAAAAAAACAfv3gxPGrb7/x+Xeaz/8vPf+Xnv9Pd/6m5/9/kj3/nz8nn56DT88B7uiS3xgna2B1JhuvGsOHs/ruzMrZlU33kRi3+vGLz/+n4vJ2XVN97smGV3sks+YE7mgvZSZrgyTvL/DjMb4U418HGKFitvvgGJe1b53W9dQ+RVu7FPWpSWlEeQNI31taG5rtmCz15Nq1Xae2L3vHkOrJ6lqbhwdnPFkAY+CfE9X+97+WZnzkdRF6h+nhlvfzyV0n6vVevXj024MNwOoYdf+f6bxnis//8Wubb4c02vXHOreXefulMIi/vN2ZXu/9T651+Xm/fcMuf9TzP+z+P1v93/W9/ct6zKstr9z//uLaO23Fht39lp/Pf2oHeudg5d+I5ae5eSj0V379V1n5+QWhPv0vK39Ln+XfMf97llf+/2P5abE9/EBJ+enE8MVmjYtKZz1ms/lI1//y88bJzWz+U9ueHzD/33i+2/wv8xrDrVg+TLJx6Wd2UNl+RGunvf3+gjBQ/7/RhdXt/7dV2Wyzlt+H8bmYTn8E6T6HvL+TQeuf7q9I/wO7ss8vSv7f9P873r4U47LfQ+r/N62PtfiX35ZuLMuUrnZZtht1WwPj6t2Juv43FmHzOqiD0H+oTy1julY/cSOuf71eX9sTWiVGWjgjX/6jPk4YdfmjXv5l8v5/8334vP/fPD/v/zfPz/v/zfNn4zfUKz/v/zdfnnn/v3n+Pdnn5v0Dz5Xkf7Qkf3f3/NZh+70l0+8pyf9YSf6+Vv6RjjFS/n0l099fkn93Sf4DJfmfKMn/ZEn+gyX5D7flt/cBnfI/VTL9RpeeR5nU+YdJlj+f5/cPkyNd/+n1+99Zkg+Mr5+9euDYU7/9Zq35/P9M63xIuo53NKar8fjphzGdX/cObenbeW/E9N+y/PV+vgMmSd5+Rv7//lBJPjC+0n1eft8wgYrN3QfHuKzdql77+YyXT8f4MzH+bIwfifF8jPfH+ECMF4ZUP9bGsdd+f/jFYul4f3uW3+/95PnzQB3tRIUQDvZZn/z8wKD3s+ft+A1qpeUv83EwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAkak0XhcX54oQLr/+8vEnT57df3vIkdYYtcbrdFuq2pouhEdjPBXjX8Y3N9974XR7fCvGRVgIRShaw8MT11slbQ0hXAh7w5VQC7svX33pzYXHT148cWnfW68cvrZ2SwAAAAA2vvcDAAD//8HPC1U=") r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file2\x00', 0x107042, 0x2) syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f00000002c0)='./file0\x00', 0x3000840, &(0x7f0000000900)=ANY=[@ANYBLOB='shortname=win95,nonumtail=0,nonumtail=0,iocharset=cp737,shortname=mixed,uni_xlate=0,rodir,codepage=949,uni_xlate=1,rodir,shortname=winnt,utf8=0,\x00b'], 0x3, 0x36e, &(0x7f0000000580)="$eJzs3U2IW9UXAPCTvkwyU+h/ZvGHoiA83Qk6tBUXuppSplDMRiX4sRCDnapMxsIEg+2i6bgRl4JLXblzoQsXXYugiDsFt1aQqrjQbqRC8Ury8jlJpq10qsXfbxFOzzun997JI3nzwty8uBabpxfizNWrV2JxsRTltRNrca0UK5HFwMWYVpmRAwDuDtdSit9S4SZbSvs8JQBgn/Xe/18+NJZ58/O96pN3fwC46/V//18q/pXNrFmc13x236YFAOyjqfv/D0wcrkx+1F+ec4UAANxNnn7u+SeO1yKeyvPFiK232vV2PR4fHT9+Jl6NZmzEkVj+43pEcaHQfSj1Hk+eqq0fyfO8Ez+uRL3b0a5HbHXa9eJK4XjW66/G0ViOlX5//2ojpZSd/KS2fjTP87z3ucLFTm/82Cq16wtxsD/+dwdjI45FHv+f6o84VVs/lheivjXo70TsjO5bdOe/Gsvx9UtxNppxOrq9g8ua2vqFo3l+ItUm+tv1aq+uMPcOCAAAAAAAAAAAAAAAAAAAAAAA/C2r+dDKcP+bNNq/Z3V1xvHe/jhFf39/oJ04EstxPVVTpPTrGw/X385iYn+g3fvztOvlOPDPLh0AAAAAAAAAAAAAAAAAAAD+NVrnKtFoNje2W+fOb44Hne3WuQMR0c289uVHny3FdM0NgnJ/jLFDeT91frORskFxyoqapYn2rDv4IPPhpeGMx2uqw1XMnEZ1/qFm89D9P7w3ytyXDf7nP0c1WcxeYLZrGuPB1v+KKd3KD2oYHLtBzeWU0rz2Cy9Md0UponzrT9zeQeoGX1x55Z5HWocf7WU+TYUHH1p+5vK7H/y82Wh2R47eM1jZbl1Pm43SUpG4xUF3fk9pkClFEZSGZ0Kpf4rNa9+ZzDSyb3959t53vrq50dN45vV+UInBuja2s2I5H+9urxRBaXpiS7PGWojy3qfx7QkOv7/WuHTh+59utmvsRaK3Ucfi7X7pAQAAAAAAAAAAAAAAAAAAdhn7W/G+/rfyL+zV9diT+z8zAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALhzRt//PxbsTGWmg2rsymTRieni6sZ2K6IyZ/Rv7vBqAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4r/orAAD//26hZxY=") open(0x0, 0x0, 0x0) write(r0, &(0x7f0000000400)='o', 0x1) 5.160559859s ago: executing program 3 (id=6930): openat$rfkill(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) r0 = syz_io_uring_setup(0x239, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000000)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000380)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r0, 0x2def, 0x0, 0x0, 0x0, 0x0) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) 4.755860566s ago: executing program 3 (id=6932): syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000000)='./file0\x00', 0x800, &(0x7f0000000300)={[{@iocharset={'iocharset', 0x3d, 'cp850'}}, {@umask={'umask', 0x3d, 0x5}}, {@namecase}, {}, {@fmask={'fmask', 0x3d, 0x8}}, {@umask={'umask', 0x3d, 0x6}}, {@dmask={'dmask', 0x3d, 0x9}}, {@iocharset={'iocharset', 0x3d, 'iso8859-9'}}, {@utf8}, {@allow_utime={'allow_utime', 0x3d, 0xce38}}]}, 0x1, 0x1528, &(0x7f00000037c0)="$eJzs3AuYT9X6OPD3XWvtMSS+TXIZ1lrv5ptclkmSXJLkkiRJkuSWkDTJkYTEEJI0JCG5DEkMIblMTBr3+/2SkCRNkoTklqz/M+FxOnX+p/M7/XKe37yf59mP9X73ftd+9/f9XvbeZubbrkNrNaldvRERwX8EL/yTBACxADAQAPICQAAA5ePKx2Wtzykx6T/bCftzPZh6pStgVxL3P3vj/mdv3P/sjfufvXH/szfuf/bG/c/euP+MZWebphW6hpfsu/D9/+yMv///D8ksM/bLNWWu6wYQ80dTuP/ZG/f//6zgj2zE/c/euP/ZVeyVLoD9F+D3f3aQ45+u4f5nb9x/xrKzK33/+UovEPkvew6O5LzQmL/q+BljjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMsb/AaX+ZAoBL4ytdF2OMMcYYY4wxxv48PseVroAxxhhjjDHGGGP/+xAESFAQQAzkgFjICblAAMDVkAfyQgSugTi4FvLBdZAfCkBBKATxUBiKgAYDFghCKArFIArXQ3G4AUpASSgFpcFBGUiAG6Es3ATl4GYoD7dABbgVKkIlqAxV4DaoCrdDNbgDqsOdUANqQi2oDXdBHbgb6sI9UA/uhfpwHzSA+6EhPACN4EFoDA9BE3gYmsIj0AyaQwtoCa3+R/nPQ094AXpBb0iCPtAXXoR+0B8GwEswEF6GQfAKDIZXIRmGwFB4DYbB6zAc3oARMBJGwZswGt6CMTAWxsF4SIEJMBHehknwDkyGd2EKTIVUmAbT4T2YATNhFrwPs+EDmANzYR7MhzT4EBbAQkiHj2ARfAwZsBiWwFJYBsthBayEVbAa1sBaWAfrYQNshE2wGbbAVtgG22EHfAI74VPYBbthD3wGe+HzfzP/1D/kd0NAQIECFSqMwRiMxVjMhbkwN+bGPJgHIxjBOIzDfJgP82N+LIgFMR7jsQgWQYMGCQmLYlGMYhSLY3EsgSWwFJZChw4TMAHL4k1YDstheSyPFbACVsRKWAmrYBWsilWxGlbD6lgda2ANrIW18C68C/tgXayL9bAe1sf6l25PYSNshI2xMTbBJtgUm2IzbIYtsAW2wlbYGltjG2yD7bAdtsf22AE7YCImYkfsiJ2wE3bGztgFu2BX7IrdsDt2z3w+B+AL+AL2xhqiD/bFvtgPk3MMwJfwJXwZB+Er+Aq+isk4BIfia/gavo7D8SSOwJE4CkdhVfEWjsGxSGI8pmAKTsSJOAknYVah7+JUTMVpOB2n4wyciTPxfZyNH+AHOBfn4nxMwzRcgAsxHdNxEZ7CDFyMS3ApLsPluAxX4ipciWtwLa7B9bgeN+JG3IybcStuxe24HT9BBYCf4m7cjcm4F/fiPtyH+3E/HsADmImZeBAP4iE8hIfxMB7BI3gUj+FxPIYn8ASexFN4Gk/jWTyL5/DZ+K8bf1JydTKILEooESNiRKyIFblELpFb5BZ5RB4RERERJ+JEPpFP5Bf5RUFRUMSLeFFEFBFGGEEijAEAERVRUVwUFyVECVFKlBJOOJEgEkRZUVaUE+VEeXGLqCBuFRVFJdHWVRFVRFXRzlUTd4jqorqoIWqKWqK2qC3qiDqirqgr6ol6or6oLxqI+0VD0QcH4IMiqzNNxBBsKoZiM9FcyIufYK3FcGwj2op24nExEkdgB9HaJYqnREcxBjuJv4mx+IzoIsZjV/Gc6Ca6ix7iedFTtHG9RG8xGfuIvmIq9hP9xQDxkpiBNcX7ODtnLfGqSBZDxFDxmpiPr4vh4g0xQowUo8SbYrR4S4wRY8U4MV6kiAlionhbTBLviMniXTFFTBWpYpqYLt4TM8RMMUu8L2aLD8QcMVfME/NFmvhQLBALRbr4SCwSH4sMsVgsEUvFMrFcrBArxSqxWqwRa8U6sV5sEBvFJrFZbBFbxTaxXewQn4id4lOxS+wWe8RnYq/4XOwTX4j94ktxQHwlMsXX4qD4RhwS34rD4jtxRHwvjopj4rj4QZwQP4qT4pQ4Lc6Is+IncU78LM4LL0CiFFJKJQMZI3PIWJlT5pJXydwyuPjsXiPj5LUyn7xO5pcFZEFZSMbLwrKI1NJIK0mGsqgsJqPyellc3iBLyJKylCwtnSwjE+SNsqy8SZaTN8vy8hZZQd4qK8pKsrKsIm+TVeXtEiIX9lFD1pS1ZG15l0yCu2VdeY+sJ++V9eV9soG8XzaUD8hG8kHZWD4km8iHZVP5iGwmm8sWsqVsJR+VreVjso1sK9vJx2V7+YTsIJ+UifIp2VH6iy+RZ2QX+azsKp+T3WR32UP+LM9LL3vJ3hL6gOwrX5T9ZH85IBYA5MtykHxFDpavymQ5RA6Vr8lh8nU5XL4hR8iRcpR8U46Wb8kxcqwcJ8fLFDlBTpRvy0nyHTlZviunyKkyVU6TA+TAX2aaJeW/zH/7d/IH/7L3jXKT3Cy3yK1ym9wud8hP5E65U+6Su+QeuUfulXvlPrlP7pf75QF5QGbKTHlQHpSH5CF5WB6WR+QReVQek2fkD/KE/FGelKfkKXlGnpVn5bmLzwEoVEJJpVSgYlQOFatyqlzqKpVbXa3yqLwqoq5RcepalU9dp/KrAqqgKqTiVWFVRGlllFWkQlVUFVNRdT1efMGoUqq0cqqMSlA3/jv5qri6QZVQJX+Vf6m+pH9SXyvVSrVWrVUb1Ua1U+1Ue9VedVAdVKJKVB1VR9VJdVKdVWfVRXVRXVVX1U11Uz1UD9VT9VS9VC+VpJJUX/Wi6qf6qwHqJTVQvawGqUFqsBqsklWyGqqGqmFqmBquhqsRaoQapUap0Wq0GqPGqHFqnEpRKWqimqgmqUlqspqspqgpKlWlqulqupqhZqhZapaarWarOWqOmqfmqTSVphaoBSpdpatFapHKUIvVYrVULVXL1XK1Uq1Uq9VqtVatVevVepWhNqlNaovaorapbWqH2qF2qp1ql9ql9qg9aq/aq/apfWq/2q8OqAMqU2Wqg+qgOqQOqcPqsDqijqij6qg6ro6rE+qEOqlOqtPqtDqrzqpz6pw6r85nnfYFIhCBClQQE8QEsUFskCvIFeQOcgd5gjxBJIgEcUFckC+4LsgfFAgKBoWC+KBwUCTQgQlsIC42PRpcHxQPbghKBCWDUkHpwAVlgoTgxqBscFNQLrg5KB/cElQIbg0qBpWCykGV4LaganB7UC24I6ge3BnUCGoGtYLawV1BneDuoG5wT1AvuDeoH9wXNAjuDxoGDwSNggeDxsFDQZPg4aBp8EjQLGgetAhaBq3+1Pm9P1ngMddL99ZJuo/uq1/U/XR/PUC/pAfql/Ug/YoerF/VyXqIHqpf08P063q4fkOP0CP1KP2mHq3f0mP0WD1Oj9cpeoKeqN/Wk/Q7erJ+V0/RU3Wqnqan6/f0DD1Tz9Lv69n6Az1Hz9Xz9Hydpj/UC/RCna4/0ov0xzpDL9ZL9FK9TC/XK/RKvUqv1mv0Wr1Or9cb9Ea9SW/WW/RWvU1v1zv0J3qn/lTv0rv1Hv2Z3qs/1/v0F3q//lIf0F/pTP21Pqi/0Yf0t/qw/k4f0d/ro/qYPq5/0Cf0j/qkPqVP6zP6rP5Jn9M/6/PaZ53cZ329G2WUiTExJtbEmlwml8ltcps8Jo+JmIiJM3Emn8ln8pv8pqApaOJNvCliipgsZMgUNUVN1ERNcVPclDAlTClTyjjjTIJJMGVNWVPOlDPlTXlTwVQwFU1FU9lUNreZ28zt5nZzh7nD3GnuNDVNTVPb1DZ1TB1T19Q19Uw9U9/UNw1MA9PQNDSNTCPT2DQ2TUwT09Q0Nc1MM9PCtDCtTCvT2rQ2bUwb0860M+1Ne9PBdDCJJtF0NB1NJ9PJdDadTRfTxXQ1XU030830MD1MT9PT9DK9TJJJMn1NX9PP9DMDzAAz0Aw0g8wgM9gMNskm2Qw1Q80wM8wMN8PNCDPSjMo6UTVvmTFmrBlnxpsUk2ImmolmkplkJpvJZoqZYlJNqpluppsZZoaZZWaZ2Wa2mWPmmHlmnkkzaWaBWWDSTbpZZBaZDJNhlpglZplZZlaYFWaVWWXWmDVmHawzG8wGs8lsMlvMFrPNbDM7zA6z0+w0u8wus8fsMXvNXrPP7DP7zX5zwBwwmSbTHDQHzSFzyBw2h80Rc8QcNUfNcXPcnDAnzElz0pw2p81ZU+Di96U3sTanzWWvsrnt1TaPzWv/MS5oC9l4W9gWsdrmtwV+FRtrbQlb0paypa2zZWyCvfE3cUVbyVa2Vexttqq93Vb7TVzH3m3r2ntsPXuvrW3v+lVc395nG9iHbUNEANvcNrYtbRP7sG1qH7HNbHPbwra07e0TtoN90ibap2xH+/Rv4gV2oV1lV9s1dq3dZXfb0/aMPWS/tWftT7aX7W0H2pftIPuKHWxftcl2yG/iUfZNO9q+ZcfYsXacHf+beIqdalPtNDvdvmdn2Jm/idPsh3a2Tbdz7Fw7z87/Jc6qKd1+ZBfZj22GDWCJXWqX2eV2hV15qVaf1663G+xGu9N+arfYrXab3W53XDoRtrvtHvuZ3Ws/twftN3a//dIesIdtpv36lzjr+A7b7+wR+709ao/Z4/YHe8L+qC5lZx37D/Zne956C4QEJElRQDGUg2IpJ+Wiqyg3XU15KC9F6BqKo2spH11H+akAFaRCFE+FqQhpMmSJKKSiVIyidD1dKq8UlSZHZSiBbqSydBOVo5upPN1CFehWqkiVqDJVoduoKt1O1egOqk53Ug2qSbWoNt1Fdehuqkv3UD26l+rTfdSA7qeG9AA1ogepMT1ETehhakqPUDNqTi2oJbWiR6k1PUZtqC21o8epPT1BHehJSqSnqCM9TZ3ob9SZnqEu9Cx1peeoG3WnHvQ89aQXqBf1piTqQ33pRepH/WkAvUQD6WUaRK/QYHqVkmkIDaXXaBi9TsPpDRpBI2kUvUmj6S0aQ2NpHI2nFJpAE+ltmkTv0GR6l6bQVEqlaTSd3qMZNJNm0fs0mz6gOTSX5tF8SqMPaQEtpHT6iBbRx5RBi2kJLaVltJxW0EpaRatpDa2ldbSeNtBG2kSbaQttpW20nXbQJ7STPqVdtJv20Ge0lz6nffQF7acv6QB9RZn0NR2kb+gQfUuH6Tvfm76no3SMjtMPdIJ+pJN0ik7TGTpLP9E5+pnOkycIMRShDFUYhDFhjjA2zBnmCq8Kc4dXh3nCvGEkvCaMC68N84XXhfnDAmHBsFAYHxYOi4Q6NKENKQzDomGxMBpeHxYPbwhLhCXDUmHp0IVlwoTwxrBseFNYLrw5LB/eElYIbw0rhpXCh++tEt4WVg1vD6uFd4TVwzvDGmHNsFZYO7wrrBPeHdYN7wnrhfeG5cL7wgbh/WHD8IGwUfhg2Dh8KGwSPhw2DR8Jm4XNwxZhy7BV+GjYOnwsbBO2DduFj4ftwyfCDuGTYWL4VNgxfPqX9fct/Ofrk8I+Yd/wxfDF0Pt75Lzo/Gha9MPogujCaHr0o+ii6MfRjOji6JLo0uiy6PLoiujK6Kro6uia6Nrouuj66Iboxqj3tXOAQyecdMoFLsblcLEup8vlrnK53dUuj8vrIu4aF+eudfncdS6/K+AKukIu3hV2RZx2xllHLnRFXTEXdde74u4GV8KVdKVcaedcGZfgWrpWrpVr7R5zbVxb18497h53T7gn3JPuSfeU6+iedp3c31xn94zr4p51z7rnXDfX3fVwz7uebkKeC+/JJNfX9XX9XD83wA1wA91AN8gNcoPdYJfskt1QN9QNc8PccDfcjXAj3Cg3yo12o90YN8aNc+NciktxE91EN8lNcpPdZDfFTXGpLtVNd9PdDDfDVZ15YS9z3Bw3z81zaS7NLXBZ54zpbpFb5DJchlvilrhlbplb4Va4VW6VW+PWuHVundvgNrhNbpPb4ra4bW6b2+F2uJ1up9vl816Y1O11+9w+t9/tdwfcVy7Tfe0Oum/cIfetO+y+c0fc9+6oO+aOux/cCfejO+lOudPujDvrfnLn3M/uvPMuJTIhMjHydmRS5J3I5Mi7kSmRqZHUyLTI9Mh7kRmRmZFZkfcjsyMfROZE5kbmReZH0iIfRhZEFkbSIx9FFkU+jmREFkeWRJZGlkWWR7wvvCX0RX0xH/XX++L+Bl/Cl/SlfGnvfBmf4G/0Zf1Nvpy/2Zf3t/gK/lZf0Vfylf0jvplv7lv4lr6Vf9S39o/5Nr6tb+cf9+39E76Df9In+qd8R/+07+T/5jv7Z3wX/6zv6p/z3Xx338M/73v6F3wv39sn+T6+r3/R9/P9/QD/kh/oX/aD/Ct+sH/VJ/shfqh/zQ/zr/vh/g0/wo/0o2Le9KMvXSLDeJ/iJ/iJ/m0/yb/jJ/t3/RQ/1af6aX66f8/P8DP9LP++n+0/8HP8XD/Pz/dp/kO/wC/06f4jv8h/7DP84ks3lf0Kv9Kv8qv9Gr/Wr/Pr/Qa/0W/ym/0Wv9Vv89v9Dv+J3+k/9bv8br/Hf+b3+s/9Pv+F3++/9Af8Vz7Tf+0P+m/8If+tP+y/80f89/6oP+aP+x/8Cf+jP+lP+dP+jD/rf/Ln/M/+PP/OGmOMMcbYHzLh8lD8es2F2/l9fidH/N3GfQHg6q2FMv9+fdYZ5br8F8b9RXz7CAA81bvrg5eWGjWSkpIubpshISg2F+DS/wRliYHL8WJoB09AIrSFsr9bf3/R/Sz9i/mjtwDk+rucWLgcX57/CwBM+p35H3181IIK4em4/8/8cwFKFLuckxMux4uh3S/3V9pCuX9Sf4HW/6L+nF+mALT5u5zccDm+XH8CPAZPQ+KvtmSMMcYYY4wxxi7oLyp3vnT9eeknPn/v+jxeXc7JAZfjf3V9zhhjjDHGGGOMsSvvme49nnw0MbFt539/UO1/lPWHB03hf2tmHvzuwHuAS48oAPgPJwTIGsi/8ig2/yX7Sr741vnHVcvO+AD+O1r5Zwyu8AcTY4wxxhhj7E93+aT/14+rK1UQY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDGWDf0Vf07sSh8jY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxdqX9vwAAAP//kfb+pw==") ioctl$USBDEVFS_CONTROL(0xffffffffffffffff, 0x8004551a, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) 4.643294083s ago: executing program 0 (id=6933): r0 = io_uring_setup(0x3e76, &(0x7f0000000000)) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) setsockopt$sock_linger(r1, 0x1, 0xd, &(0x7f0000000000)={0x1, 0x10000}, 0x8) shutdown(r1, 0x2) close_range(r0, 0xffffffffffffffff, 0x0) 4.587811939s ago: executing program 1 (id=6934): openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_mount_image$ext4(&(0x7f00000008c0)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x1000c80, &(0x7f0000000200), 0xe, 0x588, &(0x7f0000000300)="$eJzs3U1sHFcdAPD/TOzsOnGaFHooCGgohYCirmOnjapeWi5IUFUgFU49pNZ6Y0VeZyPvutTGB+fEgSsSlTjBhQsnDpU4IPWEuHKDG5dyQCooAtVICE01491kd7ObbOOPie3fTxrte/P1f2/kfeN5szMvgBPrYkRsR8TpiHgnIs5HUsxPulO8vjvl631yd6u+c3ernkSWvfWvqe4etuq99XvORsRPR8Sq9KXbG5sri81mY62bn+us3p5rb2y+eHN1cbmx3Li1sHBt/tqVV66+vLBvdX1u9Xcff+fmGz/6w++//NGft7/1k7zMr3WX5XXrWzXJsmzvAV/rHZfpmO3OSiMiP3Jv7H3vT4RT3fqcLrsgPJb87/FzEfF8N31PtbwyAQAHK8vOR3a+P39fOpDLsmTEOgDA0ZNf889Gkta61/+zkaa1WtGHV30mzqTNVrtz+UZr/VbS6+KbTm/cbDauFH2FEZWYTvL8fERcKKbd/MJQ/mpEPB0RP6/MFPlavdVcKuU/HgDg7ND5/z+V/PxfmWRTdwgA4ChzJgeAk+fB8/90KeUAAA6P638AOHn6zv8T3fkHAI6+6tCz/yNlyaGUBQA4HCP7/98+dz/9bDL0ii8A4Khz/x8ATpQfvPlmPmU7WVK8/3rp3Y31lda7Ly412iu11fV6rd5au11bbrWWi3f2rI7YxZ3+TLPVuj3/Uqy/N9dptDtz7Y3N66ut9Vud68V7va83PFgAAOV7+rkP/5pExParM8UUvbEcHv2DAOCISyNmyi4DUI5TZRcAKM1U2QUASqM/HnjUj3tH/kRoJiLeH7+NjgV4sl36wpj+/+H/DQbvB/x/H0bHBkrW/VrrBoATaG/9/3oP4Ch7+Infg0FwnGVZYjx/ADhhJriC9xNBOOYe6/4/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnHCzxZSkte5Y4LORprVaxLmIuBDTyY2bzcaViHgqIv5Sma7k+fmyCw0A7FH6j6Q7/tel8y/MDi89nfy3UnxGxI9/+dYv3lvs9IYOvDe/834xv7O2MDJA5eDrAAD0mRqe0TtPF599F/Kf3N2q96bDLODH394dXDSPu3N3q35/POKpbuGrkc878+9koDLJPg1MvH0nIp4drn96b/mF7sinw/Hz2OcOLH4UNZwdiD/4b1RaLNv9zI/F52cmjLcPZYbj4sO8/Xl91PcvjYvFZ/f7NzXYmFbjZw82ro+h1/7tZLvt305f/Hz/3z9XLdqaUe3fxUljvPTH745ddudU9sWpiF7snb72Z1e1SI2K/8KE8f/2pa88P+5gZb+KuBQPi7+bmuus3p5rb2z+9nsf/Gm5sdy4tbBwbf7alVeuvrwwV/RRz/V6qh/0z1cvPzW+/hFnxsSvPqL+X5+w/r/+3ztvf/Uh8b/5tVHx03jmIfHzc+I3Ym2i+ItnPhg7fHcef2lM/acG4p8e2C6fd3l4Z2P+ID/6++bSRAUFAA5Fe2NzZbHZbKxNkkhjc2Wxd6E58VYDiZnH2mrCRBzYnkcnpgcOQvWgYp0ds+g3n3mH03Gox2ffEnc+w8qVcop6Kpq9/qhHrtxdb3svQbNsD2W+OME6JTVIwKG5/6UvuyQAAAAAAAAAAAAAAMA47R92X/m3zw9F9T8MV3YdAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOL4+DQAA//+T6cce") r0 = syz_usb_connect(0x2, 0x36, &(0x7f00000003c0)=ANY=[@ANYBLOB="31010000dccd5e08cb060700000000952301090224000100007e000904340102d469e70009058a"], 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) 4.409231657s ago: executing program 5 (id=6937): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x17, 0x3, &(0x7f0000000b00)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sysctl, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup\x00', 0x0, 0x0) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000000)={r0, r1, 0x12}, 0x10) r2 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/am_droprate\x00', 0x2, 0x0) sendfile(r2, r2, 0x0, 0x8) 4.273495945s ago: executing program 3 (id=6938): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newtaction={0x48, 0x1e, 0x0, 0x0, 0x0, {}, [{0x34, 0x1, [@m_vlan={0x30, 0x0, 0x0, 0x0, {{0x9, 0x8}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0x48}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=@newlink={0x3c, 0x10, 0x0, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @xfrm={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_XFRM_IF_ID={0x8}]}}}]}, 0x3c}}, 0x0) r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={0x34, 0x0, 0x0, 0x0, 0x0, {0x10}, [@ETHTOOL_A_COALESCE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}, @ETHTOOL_A_COALESCE_RX_MAX_FRAMES_LOW={0x8}]}, 0x34}}, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03003b000b05d25a806c8c6394f90224fc60100005000a000200053582c137153e37000c0180fc0b10000500", 0x33fe0}], 0x1}, 0x0) 4.161586402s ago: executing program 0 (id=6941): syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x2010480, &(0x7f0000000280), 0x45, 0x779, &(0x7f00000007c0)="$eJzs3c9vG8UeAPDvOknTpH0vedKT3iunnKBSVYeU0ILEoYgDQqJSJTjTWo4blThxFTsViSLRCiFxQQLEAQkuPfOj3Ljy4wr/BQfUqkBaUcQBBa29Tt3GDk4b20j5fKRNZnbXnvl6dmfH3pEdwL41lf7JRRyJiPeSiIlsfRIRI/XUcMTpxn53N9aL6ZLE5uYrvyT1fe5srBej5TGpQ1nm/xHx7dsRx3Lby62uri0UyuXScpafri1emq6urh2/uFiYL82Xlk7OzM6eOPX0qZN7F+tvP6wdvvn+i098cfqPt/53/d3vkjgdh7NtrXHslamYyl6TkfQlvM8Le13YgCWDrgAPJT01hxpneRyJiRiqpzoY62fNAIBeeTMiNgGAfSZx/QeAfab5OcCdjfVicxnsJxL9dev5iDjYiL95f7OxZTi7Z3ewfh90/E5y352RJCIm96D8qYj45KvXPkuX6NF9SIB2rlyNiPOTU9v7/2TbnIXderKLfaYeyOv/oH++Tsc/z7Qb/+W2xj/RZvwz2ubcfRhbz9GYbNbm/M/d2INiOkrHf8+1zG272xJ/ZnIoy/2rPuYbSS5cLJfSvu3fEXE0RkbT/MwOZRy9/eftTttax3+/fvD6p2n56f97e+RuDI/e/5i5Qq3wKDG3unU14rHhdvEnW+2fdBj/nu2yjJeefefjTtvS+NN4m8v2+Htr81rE423b/96MtmTH+YnT9cNhunlQtPHljx+Ndyq/tf3TJS2/+V6gH9L2H985/smkdb5mdfdlfH9t4ptO2/4+/vbH/4Hk1Xr6QLbujUKttjwTcSB5efv6E/ce28w39791dTOb8rr9/N/p+E+7q/Ndxj988+fPHz7+3krbf25X7b/7xPW7C0Odyu+u/WfrqaPZmm76v24r+CivHQAAAAAAAAAAAAAAAAAAAAAAAAB0KxcRhyPJ5bfSuVw+3/gN7//GeK5cqdaOXaisLM1F/beyJ2Mk1/yqy4mW70Odyb4Pv5k/8UD+qYj4T0R8ODpWz+eLlfLcoIMHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgMyhDr//n/ppdNC1AwB65uCgKwAA9F2n6/9wn+sBAPTP7t7/j/WsHgBA//j8HwD2H9d/ANh/XP8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADosbNnzqTL5u8b68U0P3d5dWWhcvn4XKm6kF9cKeaLleVL+flKZb5cyhcrix2f6ErjX7lSuTQbSysRtVK1Nl1dXTu3WFlZqp27uFiYL50rjfQtMgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADoXnV1baFQLpeWJSQkJLYSrb3E2OA6KAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB/uL8CAAD//xF3KQg=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x2, 0x0) write(r0, &(0x7f0000000240)="01", 0x2001) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0xc4042, 0x1ff) sendfile(r1, r1, 0x0, 0xfffe80) 4.145097888s ago: executing program 5 (id=6942): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000040)=0x5) ioctl$PPPIOCSACTIVE(r0, 0x40047459, &(0x7f0000000080)={0xfffffffffffffe43, 0x0}) read(r0, &(0x7f0000000100)=""/113, 0x71) write$ppp(r0, &(0x7f0000000200)="bc72", 0x2) 3.841034893s ago: executing program 3 (id=6944): prctl$PR_SET_IO_FLUSHER(0x43, 0x1) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r0}, 0x10) prctl$PR_SET_IO_FLUSHER(0x43, 0x0) 3.84091037s ago: executing program 4 (id=6945): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r0, &(0x7f0000000200)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r0, 0x0) r1 = socket$l2tp(0x2, 0x2, 0x73) connect$inet(r1, &(0x7f0000000080)={0x2, 0x0, @remote}, 0xc) 3.839778733s ago: executing program 0 (id=6946): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10) r1 = syz_open_dev$dmmidi(&(0x7f0000000300), 0x2, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_PVERSION(r1, 0x40045702, &(0x7f0000000000)) ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r1, 0xc0305710, &(0x7f00000000c0)={0x1, 0x0, 0x0, 0x0, 0x6}) 3.794389465s ago: executing program 5 (id=6947): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000d00)={'#! ', './file0', [], 0xa, "2e7524d8ce7f784dc5ef1d9fbb7895a87a066e5efe145a4f2d0b9c6ef4d29306cceaea05a1314a5b98d2bcdd0bfeff6d438ab9badc8783b4465c7c471e3b9923933d439ac52de881c3ead5079f98a7e25868fe1182603478871cb02b423db8ceffffffdf00000000d8f88abd00000000000059eed703"}, 0x81) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r1, 0x0) getsockopt$inet_int(r0, 0x0, 0x33, 0x0, &(0x7f0000000080)) 3.218047536s ago: executing program 2 (id=6949): r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) r2 = openat$cgroup_ro(r1, &(0x7f0000000040)='freezer.state\x00', 0x275a, 0x0) dup2(r0, r2) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x12, r2, 0x46e5000) 3.217539414s ago: executing program 4 (id=6950): r0 = io_uring_setup(0x4721, &(0x7f0000000140)={0x0, 0x200, 0x0, 0x0, 0x1}) r1 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_DEST_DROPPABLE(r1, 0x10f, 0x81, &(0x7f0000000000)=0x6a, 0x4) sendmsg$tipc(r1, &(0x7f0000000100)={&(0x7f0000000080)=@id, 0x10, &(0x7f00000000c0)=[{&(0x7f00000001c0)="a4", 0x1}], 0x1}, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 3.20839932s ago: executing program 5 (id=6951): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x1b, &(0x7f0000000040)=0x1, 0x4) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r0, 0xfff) syz_emit_ethernet(0x4a, &(0x7f00000004c0)={@local, @link_local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0180f2", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0) 3.03157795s ago: executing program 0 (id=6952): r0 = syz_usb_connect(0x2, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0xd9, 0x72, 0xa4, 0x40, 0x20b7, 0x1540, 0xb75a, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xff}}]}}]}}, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000480)={0x44, &(0x7f0000000200)=ANY=[@ANYBLOB="1a0103"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 2.879762257s ago: executing program 2 (id=6953): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x0, 0x0, @private2}]}, &(0x7f0000000180)=0x10) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x85, &(0x7f0000000000)={r1, @in={{0x2, 0x0, @empty}}, 0x0, 0x7ffe}, 0x90) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000280)={r1, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x1, 0x96}, 0x9c) 2.879347005s ago: executing program 5 (id=6954): unshare(0x68040200) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) getsockopt$IP6T_SO_GET_INFO(r0, 0x29, 0x40, &(0x7f0000000040)={'nat\x00', 0x0, [0x40, 0x101, 0x6a1, 0x0, 0x6]}, &(0x7f0000000000)=0x54) 2.821490843s ago: executing program 4 (id=6955): mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0) execveat(0xffffffffffffff9c, &(0x7f0000000280)='./file2\x00', 0x0, 0x0, 0x0) openat$dir(0xffffffffffffff9c, 0x0, 0x1, 0x0) mknodat(0xffffffffffffff9c, &(0x7f0000000400)='./file7\x00', 0x21c0, 0x103) mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x21c0, 0x103) 2.687365014s ago: executing program 2 (id=6956): syz_mount_image$nilfs2(&(0x7f0000000080), &(0x7f0000000300)='./file0\x00', 0x0, &(0x7f0000000100)=ANY=[], 0x1, 0xaca, &(0x7f0000000e00)="$eJzs3U2MW0cBAOB53vUmm6TEKQld0tAmFNry002zWcJPBEmVCImoqRCXShWXKE1LRAgSRQKqSiQ5caNVFSRO/IhTL1VBSPSCop64VKKRKqSeCgcOREFU4gCBxFXsGa89sfvs/bHX6++TxuN5855n3vPz8/udCcDEqjReFxfnihAuv/7y8X88+PfZ20OOtMaoNV6n21LVEEIR09PZ57071YxvvvfC6W5xERYarykdnrjemnZrCOFC2BuuhFrYffnqS28uPH7y4olL+9565fC1tZl7AACYLF+/cnhx11//fO+OG6/edzRsag1P++e1mN4W9/uPxh3/tP9fCZ3poi20m8nGm46hMts53lSX8RrlTHcfb7pH+TNZ+dUe420KH1z+VNuwbvMN4yytx7VQVOY70pXK/HzzmDw0jutnivnzZ88989yIKgqsun/fH0LY2xaOXepMr2VIG5tBpjmyFnUpmv/razy/9WEt140Wjg6vrBv1ppHP85BCfftotz8ASX698A4X8jMLK9P6tOn+yr/+WKX79LAKhr3+D1T+zIjLD8r/zUVbHFbPRl2b0nyl39G2mE7/3ukepvz+pd6/v/xKR+fQ/HpEtc969rqOMC7XF3rVc2rI9ViuXvXP14uN6ssxTsvhK1l+++8n/07H5TsGuvtPfv5fEDrC3nVQB6EjhI50dSWfVR/x9gdYv/L75urp+miU39eX528qyd9ckj9bkr+lJH9rST5Mst99/6fhxWLpOD8/ph/0fHg6z3ZXjD80YH3y85GDlp/f9zuolZaf308M69kfTj155gtPP3W1ef9/0Vr/b8X1PR1u1OJv60ocIZ0vzM+rt+79r3WWU+kx3t1Zfe7qMn7j/c7O8YqdS58T2rYzd9RjrnO67b3G29M5Xi0bbzaGzVl98/2TLdl0af8jbVfT8prO5reazcdMVo+0XdkR47wesBxpfex1/39aP+dCtXjm7Lkzj8Z0Wk//NFXddHv4gSHXG1i5fp//mQudz/9saw2vVtq3C9uXhhfN7cJr8fM6hy+0yukcfjCm0//ct6ZmG8PnT3/33NOrP/sw0Z770fPfPnXu3JnvebPsN19dH9UY5E06bFkv9RmHN5WwLqoxrDcj3jABa27/j5s7AY+c/c6pZ888e+b8wUOHDi4sHPriwcX9jf36/e179+0ujKC2wGpa+tMfdU0AAAAAAAAAAACAfv3gxPGrb7/x+Xeaz/8vPf+Xnv9Pd/6m5/9/kj3/nz8nn56DT88B7uiS3xgna2B1JhuvGsOHs/ruzMrZlU33kRi3+vGLz/+n4vJ2XVN97smGV3sks+YE7mgvZSZrgyTvL/DjMb4U418HGKFitvvgGJe1b53W9dQ+RVu7FPWpSWlEeQNI31taG5rtmCz15Nq1Xae2L3vHkOrJ6lqbhwdnPFkAY+CfE9X+97+WZnzkdRF6h+nhlvfzyV0n6vVevXj024MNwOoYdf+f6bxnis//8Wubb4c02vXHOreXefulMIi/vN2ZXu/9T651+Xm/fcMuf9TzP+z+P1v93/W9/ct6zKstr9z//uLaO23Fht39lp/Pf2oHeudg5d+I5ae5eSj0V379V1n5+QWhPv0vK39Ln+XfMf97llf+/2P5abE9/EBJ+enE8MVmjYtKZz1ms/lI1//y88bJzWz+U9ueHzD/33i+2/wv8xrDrVg+TLJx6Wd2UNl+RGunvf3+gjBQ/7/RhdXt/7dV2Wyzlt+H8bmYTn8E6T6HvL+TQeuf7q9I/wO7ss8vSv7f9P873r4U47LfQ+r/N62PtfiX35ZuLMuUrnZZtht1WwPj6t2Juv43FmHzOqiD0H+oTy1julY/cSOuf71eX9sTWiVGWjgjX/6jPk4YdfmjXv5l8v5/8334vP/fPD/v/zfPz/v/zfNn4zfUKz/v/zdfnnn/v3n+Pdnn5v0Dz5Xkf7Qkf3f3/NZh+70l0+8pyf9YSf6+Vv6RjjFS/n0l099fkn93Sf4DJfmfKMn/ZEn+gyX5D7flt/cBnfI/VTL9RpeeR5nU+YdJlj+f5/cPkyNd/+n1+99Zkg+Mr5+9euDYU7/9Zq35/P9M63xIuo53NKar8fjphzGdX/cObenbeW/E9N+y/PV+vgMmSd5+Rv7//lBJPjC+0n1eft8wgYrN3QfHuKzdql77+YyXT8f4MzH+bIwfifF8jPfH+ECMF4ZUP9bGsdd+f/jFYul4f3uW3+/95PnzQB3tRIUQDvZZn/z8wKD3s+ft+A1qpeUv83EwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAkak0XhcX54oQLr/+8vEnT57df3vIkdYYtcbrdFuq2pouhEdjPBXjX8Y3N9974XR7fCvGRVgIRShaw8MT11slbQ0hXAh7w5VQC7svX33pzYXHT148cWnfW68cvrZ2SwAAAAA2vvcDAAD//8HPC1U=") r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file2\x00', 0x107042, 0x2) syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f00000002c0)='./file0\x00', 0x3000840, &(0x7f0000000900)=ANY=[@ANYBLOB='shortname=win95,nonumtail=0,nonumtail=0,iocharset=cp737,shortname=mixed,uni_xlate=0,rodir,codepage=949,uni_xlate=1,rodir,shortname=winnt,utf8=0,\x00b'], 0x3, 0x36e, &(0x7f0000000580)="$eJzs3U2IW9UXAPCTvkwyU+h/ZvGHoiA83Qk6tBUXuppSplDMRiX4sRCDnapMxsIEg+2i6bgRl4JLXblzoQsXXYugiDsFt1aQqrjQbqRC8Ury8jlJpq10qsXfbxFOzzun997JI3nzwty8uBabpxfizNWrV2JxsRTltRNrca0UK5HFwMWYVpmRAwDuDtdSit9S4SZbSvs8JQBgn/Xe/18+NJZ58/O96pN3fwC46/V//18q/pXNrFmc13x236YFAOyjqfv/D0wcrkx+1F+ec4UAANxNnn7u+SeO1yKeyvPFiK232vV2PR4fHT9+Jl6NZmzEkVj+43pEcaHQfSj1Hk+eqq0fyfO8Ez+uRL3b0a5HbHXa9eJK4XjW66/G0ViOlX5//2ojpZSd/KS2fjTP87z3ucLFTm/82Cq16wtxsD/+dwdjI45FHv+f6o84VVs/lheivjXo70TsjO5bdOe/Gsvx9UtxNppxOrq9g8ua2vqFo3l+ItUm+tv1aq+uMPcOCAAAAAAAAAAAAAAAAAAAAAAA/C2r+dDKcP+bNNq/Z3V1xvHe/jhFf39/oJ04EstxPVVTpPTrGw/X385iYn+g3fvztOvlOPDPLh0AAAAAAAAAAAAAAAAAAAD+NVrnKtFoNje2W+fOb44Hne3WuQMR0c289uVHny3FdM0NgnJ/jLFDeT91frORskFxyoqapYn2rDv4IPPhpeGMx2uqw1XMnEZ1/qFm89D9P7w3ytyXDf7nP0c1WcxeYLZrGuPB1v+KKd3KD2oYHLtBzeWU0rz2Cy9Md0UponzrT9zeQeoGX1x55Z5HWocf7WU+TYUHH1p+5vK7H/y82Wh2R47eM1jZbl1Pm43SUpG4xUF3fk9pkClFEZSGZ0Kpf4rNa9+ZzDSyb3959t53vrq50dN45vV+UInBuja2s2I5H+9urxRBaXpiS7PGWojy3qfx7QkOv7/WuHTh+59utmvsRaK3Ucfi7X7pAQAAAAAAAAAAAAAAAAAAdhn7W/G+/rfyL+zV9diT+z8zAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALhzRt//PxbsTGWmg2rsymTRieni6sZ2K6IyZ/Rv7vBqAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4r/orAAD//26hZxY=") open(0x0, 0x0, 0x0) write(r0, &(0x7f0000000400)='o', 0x1) 2.52534002s ago: executing program 4 (id=6957): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_int(r0, 0x0, 0x6, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000140)='./file0\x00', 0x8003, &(0x7f0000000000), 0x3, 0x4e9, &(0x7f0000000e80)="$eJzs3d9rW9cdAPDvla3MTpzZ2faQBZaYsZGELZIdL4nZQ5LB2J4C27J3z7NlYyxbxpKT2IThsOcxGGMb28v61JdC/4BCyZ9QCoH2PZTSEtokfehDWxVJV4nrSnZCJCuxPx84vuf+0P1+j4SOdO691g3gwBqNiKsR0RcRZyNiOF2eSUtsNkptu0cPb8/UShLV6vVPkkjSZc19Jen0SPqwgYj4w28j/pwkjQVblNc3FqeLxcJqOp+vLK3ky+sb5xaWpucL84XliYnxi5OXJi9MjnWsrZd//eG//v76by6//fOb96c+PvOXWr5D6bqt7eikxnOSrT8XTf0RsdqNYD3Ql7Yn+ywbJ93PBwCAndW+438vIn4cEY//2+tsAAAAgG6oXhmKL5KIKgAAALBvZerXwCaZXHotwFBkMrlc4xreH8SVKJbKlZ/NldaWZxvXyo5ENjO3UCyMpdcKj0Q2qc2P1+tP589vm5+IiGMR8c/hwfp8bqZUnO31wQ8AAAA4IGrj/KFMo16bfDbcGP8DAAAA+8xIrxMAAAAAus74HwAAAPa/b4//RxuTpH/vkwEAAAA67XfXrtVKtXn/69kb62uLpRvnZgvlxdzS2kxuprS6kpsvlebrv9m3tNv+iqXSyi9iee1WvlIoV/Ll9Y2ppdLacmWqfl/vqcIz3ScaAAAA6Khjp+6+n0TE5i8H66XmULrOWB32t8zzbZ50Kw9g7/X1OgGgZ1zgCweXMT6w28B+YI/yAAAAuuf0D5+c/x+MLef/j953bAD2u+c8/w/sI87/w8G17fz//3uVB7D3jPGB3Y4DtD3//07ncwEAALpjqF6STC4dAwxFJpPLRRyt3xYgm8wtFAtjEfHdiHhvOPud2vx4r5MGAAAAAAAAAAAAAAAAAAAAAAAAgFdMtZpEFQAAANjXIjIfJRGRxEDE8E+Gth8fOJR8PlyfRsTN/13/963pSmV1vLb80yfLK/9Jl5/vxREMAAAAYLvmOL05jgcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACATnr08PZMs+xl3Ae/ioiRVvH7Y6A+HYhsRBx+nET/lsclEdHXgfibdyLieKv4SS2tGEmz2B4/ExGDPY5/pAPx4SC7W+t/rrZ6/2VitD5t/f7rT8uLejDarv/LPOn/+tr0f0d32fehdHri3pv5tvHvRJzob93/NOMnL9j//umPGxvt1lVfizjd8vMn+UasfGVpJV9e3zi3sDQ9X5gvLE9MjF+cvDR5YXIsP7dQLKR/W8b4x4/e+mqn9h9uE3+kXfuTRk7Vaut9nto2/+W9Ww+/32rDJOLB39J6i9f/eLv46XP/0/RzoLb+dLO+2ahvdfKNd0/u1P7ZNu3f7fU/026n25z9/V8/aNSyz/gIAKCbyusbi9PFYmH1Va/UGvMSpNHByujLkYbKwaz0umcCAAA67emX/l5nAgAAAAAAAAAAAAAAAAAAAAdX8///m7/l3I2fE9sab6BZSZI9bysAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwE6+DgAA///TSdFe") r1 = fspick(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r1, 0x7, 0x0, 0x0, 0x0) 2.190964024s ago: executing program 2 (id=6958): syz_mount_image$ext4(&(0x7f0000000700)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x8052, &(0x7f00000000c0)={[{@noauto_da_alloc}, {@init_itable_val={'init_itable', 0x3d, 0x6}}, {@dioread_nolock}]}, 0x3, 0x4de, &(0x7f0000000c40)="$eJzs3E1oXNUeAPD/nUma9Ot1Xl9f32utmlrFYDFp02q7EKSi4EJBrKAuQ5KW2rSRJgVbqkxB6lIK7sWlWxdu1U0RV4LbuhSkUKSbtoI4cmfunZlMZ5ImmWSM+f1gMufcr3POPffcOfeczASwYQ2lf5Ja+GZE7IiIQusGQ7W3e3euTNy/c2UiypXKyd+S6m5303gmO0xszSLDhYjCx0ljRZPZS5fPjk9PT13I4qNz594fnb10+dkzg9mS48ePHjl87Pmx55ZeqDbppeW6u/ejmX17Xn33+usTffnyPLXmcnTLUAy1y0rVU91OrMe2N4WTvh5mhCVJr/+0uvqr7X9HFGOhyiuvYc6A1VapVCoDnVeXK62uPrAEWLeS6HUOgN7IP+jT59/81a4jsGl1uh89d/tE7QEoLfe97BXxeHVhPg7S3/J8201DEfFO+ffP01es0jgEAECzb0/kPcGW/l+pNjPyx8UbL6bv/8rmUEoR8e+I2BkR/4mIXRHx34jYHRH/i4j/txy/GBGVBdIfaonX069PQhVudamobaX9vxeyua1G/29eBkrFLLY9Iu8wTx3Kzslw9A+cOjM9dXiBNL57+adPO61r7v+lrzT9vC+Y5eNWX8sA3eT43PiyC9zi9tWIvX2t5U/6IpL6TEASEXsiYu8SjltqCp955st99Uj//O0WL39Vpe08WhfmmSpfRDxdq/9yzKv/RorJvPnJc+Onp05PnR+rz0+ODsb01KHR9Co41DaNH3689kan9Bct/9e/tO7yyrFvTmYta+XS+t/SdP1HPn/bKH8piUjq87WzS0/j2s+fdHymWe71vyl5qxrOn0s/GJ+bu3A4YlPy2oPLxxr75vH0Pcq18g8faN/+d2b7pGfikYhIL+JHI+KxqD0hpnnfHxFPRMSBBcr//UtPvrf88q+utPyTLfe/Ws3Pq//GfH2nQJLNDbZZVTy7/+b9DjePh6v/o9XQcLak/f0vmXeL6JTT/NMuXfLnis8eAAAArA+FiNjWNJa0LQqFkZHaGNCu2FKYnpmdO3hq5uL5yXRdRCn6C/lIV208uD/Jxz9LTfGxlviRbNz4s+LmanxkYmZ6sqclB7ZW23xSGIl4u9jU/lO/dmeIGfg7830t2LgWav9pJ3739TXMDLCmHv7z/8aHq5oRYM01tf9O3/AvL+P/voB1wPM/0LD4D/24Z8D6V9GWYUNbUvs/6EcA4Z+kL96shws9zQmw1vT/YUNa9Hv9KwpUBtqvGowHN47BhQ9YjOVlY3ObtHoSSHtWPUl983L2yn9NoeM2UVjaAQeiO3V6aoVno3xh9vTurl/8lex/5btdg1+tSTttF+jJ7QgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDr/goAAP//aUHglQ==") r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x13, r0, 0x0) rename(&(0x7f00000002c0)='./file2\x00', &(0x7f0000000340)='./bus\x00') pwritev2(r0, &(0x7f0000000000)=[{&(0x7f0000000340)='\b', 0x1}, {&(0x7f00000011c0)='(', 0x1}], 0x2, 0x7, 0x0, 0x0) 2.190178646s ago: executing program 1 (id=6969): openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0) pipe2(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000002880)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0) sendfile(r0, r1, 0x0, 0x2000) 1.937129103s ago: executing program 1 (id=6959): bind$l2tp(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @multicast2}, 0x10) r0 = syz_io_uring_setup(0x1f87, &(0x7f0000000080)={0x0, 0x2, 0x13580}, &(0x7f0000000100)=0x0, &(0x7f0000000280)=0x0) r3 = socket$tipc(0x1e, 0x2, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r3, 0x0, 0x0}) io_uring_enter(r0, 0x54, 0x0, 0xf, 0x0, 0x18) 1.768633677s ago: executing program 4 (id=6960): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)={0x2c, r2, 0x1, 0x0, 0x0, {0x2a}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}]}, 0x2c}}, 0x0) 1.730517201s ago: executing program 1 (id=6961): openat$rfkill(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) r0 = syz_io_uring_setup(0x239, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000000)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000380)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r0, 0x2def, 0x0, 0x0, 0x0, 0x0) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) 1.386653247s ago: executing program 2 (id=6962): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r0, &(0x7f0000000200)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r0, 0x0) r1 = socket$l2tp(0x2, 0x2, 0x73) connect$inet(r1, &(0x7f0000000080)={0x2, 0x0, @remote}, 0xc) 739.346475ms ago: executing program 5 (id=6963): syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0) syz_80211_inject_frame(0x0, 0x0, 0x47) r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000000)={'wlan1\x00'}) syz_80211_join_ibss(&(0x7f0000000480)='wlan1\x00', &(0x7f0000000440)=@default_ap_ssid, 0x6, 0x0) 721.269411ms ago: executing program 1 (id=6975): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r0, &(0x7f0000000200)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r0, 0x0) r1 = socket$l2tp(0x2, 0x2, 0x73) connect$inet(r1, &(0x7f0000000080)={0x2, 0x0, @remote}, 0xc) 720.660379ms ago: executing program 2 (id=6964): openat$uinput(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) openat$null(0xffffffffffffff9c, 0x0, 0x80000, 0x0) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x0) syz_usb_connect$uac1(0x0, 0xa4, &(0x7f0000000200)=ANY=[@ANYBLOB="2a01000020000040b708000000000000030109029200030172e5000904000000010100000a24010000000201020c0d2405000005000000000000000c240000e9fffff5ffffffff092403f3ff000005024524", @ANYRES8=r0, @ANYBLOB="05", @ANYRES16=r0, @ANYRES8, @ANYRES16, @ANYRES16=r1], 0x0) 583.927696ms ago: executing program 0 (id=6965): r0 = syz_usb_connect(0x2, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x3a, 0xfe, 0x6, 0x20, 0x4e6, 0xb, 0x100, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x14, 0x0, 0x2, 0xa0, 0x24, 0x26, 0x0, [], [{{0x9, 0x5, 0x6, 0x2, 0x3ff}}, {{0x9, 0x5, 0x82, 0x2, 0x8}}]}}]}}]}}, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = fanotify_init(0x0, 0x0) fanotify_mark(r1, 0xa, 0x8, 0xffffffffffffffff, 0x0) syz_usb_control_io(r0, 0x0, 0x0) 167.794µs ago: executing program 4 (id=6966): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r1 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xfffffdf2, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03003e000b05d25a806c8c6f94f90324fc60350005000a000200053582c137153e37000c0980fc0b10000300", 0x33fe0}], 0x1}, 0x0) 0s ago: executing program 1 (id=6967): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$TIPC_CMD_ENABLE_BEARER(r1, 0x0, 0x0) sendmsg$TIPC_CMD_ENABLE_BEARER(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000040)={0x34, r2, 0x1, 0x0, 0x0, {{}, {}, {0x18, 0x17, {0x0, 0x0, @l2={'ib', 0x3a, 'caif0\x00'}}}}}, 0x34}}, 0x0) kernel console output (not intermixed with test programs): ing ep0 maxpacket: 8 [ 834.811997][ T5296] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 834.830108][ T29] audit: type=1800 audit(1727406248.698:247): pid=22452 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.6279" name="bus" dev="loop1" ino=1048911 res=0 errno=0 [ 834.851427][ T5296] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 834.873607][T17144] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 834.889953][T17144] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 834.901839][ T5296] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 834.926917][T17144] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 834.949245][ T5296] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 834.975429][T17144] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 834.996166][ T5296] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 835.005915][T17144] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 835.059920][ T5296] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 835.071938][T22455] loop2: detected capacity change from 0 to 2048 [ 835.089004][T17144] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 835.119931][T17144] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 835.130959][T22460] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 835.218644][T22455] NILFS error (device loop2): nilfs_check_folio: bad entry in directory #2: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, name_len=0 [ 835.280905][T22455] Remounting filesystem read-only [ 835.300308][T22455] NILFS error (device loop2): nilfs_readdir: bad page in #2 [ 835.384922][ T5296] usb 5-1: usb_control_msg returned -32 [ 835.390760][ T5296] usbtmc 5-1:16.0: can't read capabilities [ 835.446129][T17144] usb 6-1: GET_CAPABILITIES returned 0 [ 835.452011][T17144] usbtmc 6-1:16.0: can't read capabilities [ 835.521931][T22469] netlink: 16 bytes leftover after parsing attributes in process `syz.2.6286'. [ 835.758767][ T1843] usb 6-1: USB disconnect, device number 35 [ 835.860315][ T5308] usb 1-1: new high-speed USB device number 52 using dummy_hcd [ 836.009982][ T5308] usb 1-1: Using ep0 maxpacket: 16 [ 836.035055][ T5308] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 836.049973][ T5308] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 836.093694][ T5308] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 836.127255][ T5308] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 836.139501][T22491] loop2: detected capacity change from 0 to 128 [ 836.176833][ T5308] usb 1-1: config 0 descriptor?? [ 836.282812][T22491] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256 [ 836.304091][T22491] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 836.545923][T22496] loop3: detected capacity change from 0 to 2048 [ 836.625015][ T5308] usbhid 1-1:0.0: can't add hid device: -71 [ 836.636198][ T5308] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 836.672589][ T5308] usb 1-1: USB disconnect, device number 52 [ 836.900947][T22498] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 836.975153][T22021] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 836.977502][T22504] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 836.985884][T22021] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 837.013127][ T29] audit: type=1800 audit(1727406250.898:248): pid=22496 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.6298" name="file2" dev="loop3" ino=16 res=0 errno=0 [ 837.384232][ T5308] usb 5-1: USB disconnect, device number 39 [ 837.629255][T22522] vxcan1: tx drop: invalid sa for name 0xfffffffffffffffe [ 837.673643][T22524] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 837.735589][T22496] NILFS (loop3): vblocknr = 15 has abnormal lifetime: start cno (= 4128770) > current cno (= 3) [ 837.766869][T22527] netlink: 'syz.5.6310': attribute type 9 has an invalid length. [ 837.789293][T22527] netlink: 134660 bytes leftover after parsing attributes in process `syz.5.6310'. [ 837.799673][T22496] NILFS error (device loop3): nilfs_bmap_propagate: broken bmap (inode number=16) [ 838.042679][T22496] Remounting filesystem read-only [ 838.277584][ C1] vkms_vblank_simulate: vblank timer overrun [ 838.327318][T18476] NILFS (loop3): disposed unprocessed dirty file(s) when stopping log writer [ 838.513126][ C1] vkms_vblank_simulate: vblank timer overrun [ 838.925640][T22553] loop3: detected capacity change from 0 to 4096 [ 838.968395][T22553] ntfs3: loop3: Different NTFS sector size (4096) and media sector size (512). [ 839.060869][T22553] ntfs3: loop3: Inode r=19 is not in use! [ 839.079517][T22553] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 839.645867][T22591] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 839.858589][T22596] loop4: detected capacity change from 0 to 512 [ 839.925993][T22603] loop5: detected capacity change from 0 to 256 [ 839.944579][T22596] UDF-fs: warning (device loop4): udf_load_vrs: No VRS found [ 839.945994][T22603] exfat: Deprecated parameter 'namecase' [ 839.960573][T22603] exfat: Deprecated parameter 'namecase' [ 839.961676][T22596] UDF-fs: Scanning with blocksize 512 failed [ 839.990220][T22596] UDF-fs: warning (device loop4): udf_load_vrs: No VRS found [ 839.996136][T22603] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 839.997750][T22596] UDF-fs: Scanning with blocksize 1024 failed [ 840.063875][T22596] UDF-fs: warning (device loop4): udf_load_vrs: No VRS found [ 840.088808][T22596] UDF-fs: Scanning with blocksize 2048 failed [ 840.133660][T22596] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256 [ 840.156378][T22558] loop2: detected capacity change from 0 to 32768 [ 840.193838][T22558] XFS: noikeep mount option is deprecated. [ 840.264160][T22596] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 840.386119][T22558] XFS (loop2): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 840.500102][T22625] loop5: detected capacity change from 0 to 256 [ 840.661158][T22558] XFS (loop2): Ending clean mount [ 840.690468][T22558] XFS (loop2): Quotacheck needed: Please wait. [ 840.840862][T22558] XFS (loop2): Quotacheck: Done. [ 840.881168][ T1843] usb 2-1: new high-speed USB device number 44 using dummy_hcd [ 840.978341][T22639] loop5: detected capacity change from 0 to 512 [ 840.989919][ T5304] usb 1-1: new high-speed USB device number 53 using dummy_hcd [ 841.007839][T21464] XFS (loop2): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 841.032861][T22639] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 841.090387][ T1843] usb 2-1: Using ep0 maxpacket: 8 [ 841.109622][T22639] EXT4-fs (loop5): 1 truncate cleaned up [ 841.130689][ T1843] usb 2-1: config 0 has an invalid interface number: 52 but max is 0 [ 841.138925][ T1843] usb 2-1: config 0 has an invalid descriptor of length 48, skipping remainder of the config [ 841.149408][ T1843] usb 2-1: config 0 has no interface number 0 [ 841.155791][ T1843] usb 2-1: config 0 interface 52 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 841.168873][ T1843] usb 2-1: config 0 interface 52 has no altsetting 0 [ 841.170800][T22639] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 841.181404][ T1843] usb 2-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00 [ 841.197630][ T1843] usb 2-1: New USB device strings: Mfr=22, Product=149, SerialNumber=35 [ 841.207905][ T5304] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 841.221273][ T5304] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 841.231412][ T1843] usb 2-1: Product: syz [ 841.235648][ T1843] usb 2-1: Manufacturer: syz [ 841.240378][ T5304] usb 1-1: New USB device found, idVendor=0fc5, idProduct=b080, bcdDevice= 0.00 [ 841.249512][ T5304] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 841.294150][ T1843] usb 2-1: SerialNumber: syz [ 841.330278][ T1843] usb 2-1: config 0 descriptor?? [ 841.347293][ T5304] usb 1-1: config 0 descriptor?? [ 841.458400][T15406] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 841.602160][T22652] loop2: detected capacity change from 0 to 512 [ 841.875177][T22627] loop1: detected capacity change from 0 to 1024 [ 841.899923][ T1843] usb 5-1: new high-speed USB device number 40 using dummy_hcd [ 841.923357][T22627] hfsplus: invalid catalog max_key_len 0 [ 841.961372][T22652] EXT4-fs error (device loop2): ext4_orphan_get:1388: inode #15: comm syz.2.6359: casefold flag without casefold feature [ 841.997548][ C1] vkms_vblank_simulate: vblank timer overrun [ 842.007969][T22627] hfsplus: failed to load catalog file [ 842.022863][T22652] EXT4-fs error (device loop2): ext4_orphan_get:1391: comm syz.2.6359: couldn't read orphan inode 15 (err -117) [ 842.039951][T17144] usb 2-1: USB disconnect, device number 44 [ 842.047286][T22652] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 842.119517][ T1843] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 842.140225][ T1843] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 842.148466][ T1843] usb 5-1: Product: syz [ 842.181224][ T1843] usb 5-1: Manufacturer: syz [ 842.185958][ T1843] usb 5-1: SerialNumber: syz [ 842.221547][T21464] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 842.233783][ T1843] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 842.234679][T22665] loop3: detected capacity change from 0 to 256 [ 842.256576][ T46] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 842.401556][T22013] wlan1: Trigger new scan to find an IBSS to join [ 842.435102][T22667] loop2: detected capacity change from 0 to 256 [ 842.498178][T17144] usb 1-1: USB disconnect, device number 53 [ 843.156573][T22684] loop2: detected capacity change from 0 to 764 [ 843.281868][ T46] ath9k_htc 5-1:1.0: ath9k_htc: Target is unresponsive [ 843.315418][ T46] ath9k_htc: Failed to initialize the device [ 843.380596][T22693] sctp: [Deprecated]: syz.0.6380 (pid 22693) Use of int in maxseg socket option. [ 843.380596][T22693] Use struct sctp_assoc_value instead [ 843.386056][T22691] loop1: detected capacity change from 0 to 128 [ 843.417430][ T46] usb 5-1: ath9k_htc: USB layer deinitialized [ 843.451876][T22691] syz.1.6381: attempt to access beyond end of device [ 843.451876][T22691] loop1: rw=2051, sector=104, nr_sectors = 25 limit=128 [ 843.729177][T22701] loop1: detected capacity change from 0 to 256 [ 843.840479][T22704] 9pnet_fd: Insufficient options for proto=fd [ 844.183790][T22717] RDS: rds_bind could not find a transport for fe80::bb, load rds_tcp or rds_rdma? [ 844.480402][T22650] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 844.491196][T22650] Bluetooth: hci6: Opcode 0x0c1a failed: -4 [ 844.510143][T22650] Bluetooth: hci6: Opcode 0x0406 failed: -4 [ 844.538312][T22650] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 844.555063][T22650] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 844.568485][T22725] netlink: 24 bytes leftover after parsing attributes in process `syz.1.6395'. [ 844.615610][T22650] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 844.623818][T22650] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 844.637107][T22650] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 844.653513][T22650] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 844.673715][T22650] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 844.693609][T22650] Bluetooth: hci7: Opcode 0x0c1a failed: -4 [ 844.701393][T22650] Bluetooth: hci7: Opcode 0x0406 failed: -4 [ 844.717317][T22650] Bluetooth: hci7: Opcode 0x0406 failed: -4 [ 844.800175][ T5249] Bluetooth: hci1: command 0x0c1a tx timeout [ 844.942805][T22731] loop1: detected capacity change from 0 to 1024 [ 844.952972][ T5292] usb 5-1: USB disconnect, device number 40 [ 844.979974][T17145] usb 1-1: new high-speed USB device number 54 using dummy_hcd [ 845.021924][T17144] usb 6-1: new high-speed USB device number 36 using dummy_hcd [ 845.131652][T22739] loop3: detected capacity change from 0 to 1024 [ 845.141178][T22739] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 845.149967][T17145] usb 1-1: Using ep0 maxpacket: 32 [ 845.151751][T22739] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (42152!=20869) [ 845.166964][T22739] EXT4-fs (loop3): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 845.183295][T17145] usb 1-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb [ 845.193192][T22739] EXT4-fs error (device loop3): ext4_get_journal_inode:5762: inode #5: comm syz.3.6403: unexpected bad inode w/o EXT4_IGET_BAD [ 845.213761][T17144] usb 6-1: config 0 has no interfaces? [ 845.219331][T17144] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 845.230308][T22739] EXT4-fs (loop3): no journal found [ 845.235752][T22739] EXT4-fs (loop3): can't get journal size [ 845.239096][T17145] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 845.257032][T22739] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 845.289694][T17144] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 845.310183][T17145] usb 1-1: Product: syz [ 845.317501][T17145] usb 1-1: Manufacturer: syz [ 845.337465][T17145] usb 1-1: SerialNumber: syz [ 845.344902][T17144] usb 6-1: config 0 descriptor?? [ 845.352430][T17145] usb 1-1: config 0 descriptor?? [ 845.359283][T22739] EXT4-fs error (device loop3): ext4_validate_block_bitmap:440: comm syz.3.6403: bg 0: block 32: padding at end of block bitmap is not set [ 845.361278][T22021] wlan1: Trigger new scan to find an IBSS to join [ 845.432589][T17145] gspca_main: ov534_9-2.14.0 probing 05a9:1550 [ 845.670956][T18476] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 845.876051][T22699] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 845.951399][T22699] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 845.961702][ T5304] usb 6-1: USB disconnect, device number 36 [ 846.016969][ T11] hfsplus: b-tree write err: -5, ino 4 [ 846.168063][T17145] gspca_ov534_9: reg_w failed -110 [ 846.502372][T22772] loop1: detected capacity change from 0 to 64 [ 846.562869][ T5249] Bluetooth: hci2: command 0x0406 tx timeout [ 846.562886][ T5232] Bluetooth: hci6: command 0x0406 tx timeout [ 846.587845][T17145] gspca_ov534_9: Unknown sensor 0000 [ 846.587954][T17145] ov534_9 1-1:0.0: probe with driver ov534_9 failed with error -22 [ 846.605262][T17145] usb 1-1: USB disconnect, device number 54 [ 846.720052][ T5232] Bluetooth: hci7: command 0x0c1a tx timeout [ 846.720119][ T5249] Bluetooth: hci4: command 0x0c1a tx timeout [ 846.726787][ T5232] Bluetooth: hci0: command 0x0406 tx timeout [ 846.785158][T22781] loop4: detected capacity change from 0 to 1024 [ 847.100006][T17145] usb 1-1: new high-speed USB device number 55 using dummy_hcd [ 847.279304][T17145] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 847.306212][T17145] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 847.320119][ T5308] usb 6-1: new full-speed USB device number 37 using dummy_hcd [ 847.345657][T17145] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 847.385188][T17145] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 847.424373][T17145] usb 1-1: config 0 descriptor?? [ 847.476275][T22797] loop4: detected capacity change from 0 to 128 [ 847.483184][ T5293] usb 2-1: new high-speed USB device number 45 using dummy_hcd [ 847.512397][ T5308] usb 6-1: config 0 has an invalid interface number: 20 but max is 0 [ 847.524633][ T5308] usb 6-1: config 0 has no interface number 0 [ 847.535564][ T5308] usb 6-1: config 0 interface 20 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64 [ 847.580569][ T5308] usb 6-1: New USB device found, idVendor=04e6, idProduct=000b, bcdDevice= 1.00 [ 847.609875][ T5308] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 847.619821][ T5308] usb 6-1: Product: syz [ 847.624097][ T5308] usb 6-1: Manufacturer: syz [ 847.649309][ T5308] usb 6-1: SerialNumber: syz [ 847.654302][ T5293] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 847.669391][ T5308] usb 6-1: config 0 descriptor?? [ 847.681053][ T5293] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 847.697216][ T5293] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 847.700687][T22787] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22 [ 847.708010][ T5293] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 847.723546][ T5293] usb 2-1: SerialNumber: syz [ 847.732848][T22800] loop3: detected capacity change from 0 to 4096 [ 847.753285][ T29] audit: type=1326 audit(1727406261.638:249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22802 comm="syz.2.6429" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fed1c77df39 code=0x0 [ 847.754298][ T5308] usb-storage 6-1:0.20: USB Mass Storage device detected [ 847.798038][ T5308] usb-storage 6-1:0.20: Quirks match for vid 04e6 pid 000b: 4 [ 847.824362][T22806] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 847.872871][T17145] keytouch 0003:0926:3333.0049: fixing up Keytouch IEC report descriptor [ 847.886843][T17145] input: HID 0926:3333 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0926:3333.0049/input/input84 [ 847.942439][ T5293] usb 2-1: 0:2 : does not exist [ 847.956242][ T5308] scsi host1: usb-storage 6-1:0.20 [ 847.956835][ T5293] usb 2-1: unit 255 not found! [ 848.006825][T17145] keytouch 0003:0926:3333.0049: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.0-1/input0 [ 848.031378][ T5293] usb 2-1: USB disconnect, device number 45 [ 848.082323][T17145] usb 1-1: USB disconnect, device number 55 [ 848.198782][ T5308] usb 6-1: USB disconnect, device number 37 [ 848.335583][T22004] wlan1: Trigger new scan to find an IBSS to join [ 848.640414][T22780] Bluetooth: hci2: command 0x0406 tx timeout [ 848.646613][T22780] Bluetooth: hci6: command 0x0406 tx timeout [ 848.780637][T22817] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 848.789167][T22817] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 848.808693][T22780] Bluetooth: hci4: command 0x0c1a tx timeout [ 848.808729][ T5232] Bluetooth: hci0: command 0x0406 tx timeout [ 848.808792][ T5232] Bluetooth: hci7: command 0x0c1a tx timeout [ 848.817775][T22818] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 849.060172][T22822] loop4: detected capacity change from 0 to 2048 [ 849.215370][T22831] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 849.293476][ T11] wlan1: Creating new IBSS network, BSSID be:18:bf:d0:a6:a9 [ 849.311398][T22833] netlink: 'syz.5.6438': attribute type 1 has an invalid length. [ 849.327839][T22833] netlink: 9320 bytes leftover after parsing attributes in process `syz.5.6438'. [ 849.361382][T22833] netlink: 44 bytes leftover after parsing attributes in process `syz.5.6438'. [ 849.402512][T22833] netlink: 'syz.5.6438': attribute type 1 has an invalid length. [ 849.421581][T22833] netlink: 'syz.5.6438': attribute type 2 has an invalid length. [ 849.432535][T22822] NILFS error (device loop4): nilfs_check_folio: bad entry in directory #2: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, name_len=0 [ 849.578077][T22837] loop2: detected capacity change from 0 to 256 [ 849.587381][T22837] exfat: Deprecated parameter 'namecase' [ 849.593344][T22837] exfat: Deprecated parameter 'namecase' [ 849.594492][T22822] Remounting filesystem read-only [ 849.636169][T22837] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 849.670506][T22822] NILFS error (device loop4): nilfs_readdir: bad page in #2 [ 849.808922][T22839] netlink: 24 bytes leftover after parsing attributes in process `syz.5.6441'. [ 850.250264][T22846] loop0: detected capacity change from 0 to 256 [ 850.434951][T22854] netlink: 36 bytes leftover after parsing attributes in process `syz.2.6447'. [ 850.440105][T22846] exFAT-fs (loop0): failed to load alloc-bitmap [ 850.500366][T22846] exFAT-fs (loop0): failed to recognize exfat type [ 850.883692][T22710] Bluetooth: hci7: command 0x0c1a tx timeout [ 850.890133][ T5232] Bluetooth: hci4: command 0x0c1a tx timeout [ 850.939996][ T5308] usb 2-1: new high-speed USB device number 46 using dummy_hcd [ 851.076399][T22861] loop2: detected capacity change from 0 to 4096 [ 851.102375][ T5308] usb 2-1: Using ep0 maxpacket: 32 [ 851.115473][T22861] ntfs3: loop2: Different NTFS sector size (4096) and media sector size (512). [ 851.136760][ T5308] usb 2-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be [ 851.169913][ T5308] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 851.178537][T22861] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 851.205780][ T5308] usb 2-1: config 0 descriptor?? [ 851.261700][ T5308] gspca_main: vc032x-2.14.0 probing 0ac8:0321 [ 851.557018][T22871] loop4: detected capacity change from 0 to 764 [ 851.819988][ T5293] usb 1-1: new high-speed USB device number 56 using dummy_hcd [ 851.920549][T22875] loop5: detected capacity change from 0 to 32768 [ 851.928765][T22875] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.6458 (22875) [ 851.951355][ T5308] gspca_vc032x: reg_w err -71 [ 851.958207][ T5308] gspca_vc032x: I2c Bus Busy Wait 00 [ 851.964743][T22875] BTRFS info (device loop5): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 851.974316][ T5293] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 851.975244][T22875] BTRFS info (device loop5): using crc32c (crc32c-intel) checksum algorithm [ 851.995302][T22875] BTRFS info (device loop5): using free-space-tree [ 852.002495][ T5308] gspca_vc032x: I2c Bus Busy Wait 00 [ 852.007950][ T5308] gspca_vc032x: I2c Bus Busy Wait 00 [ 852.013505][ T5308] gspca_vc032x: I2c Bus Busy Wait 00 [ 852.018871][ T5308] gspca_vc032x: I2c Bus Busy Wait 00 [ 852.022688][ T5293] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 852.024279][ T5308] gspca_vc032x: I2c Bus Busy Wait 00 [ 852.039709][ T5308] gspca_vc032x: I2c Bus Busy Wait 00 [ 852.045146][ T5308] gspca_vc032x: I2c Bus Busy Wait 00 [ 852.050749][ T5308] gspca_vc032x: I2c Bus Busy Wait 00 [ 852.056100][ T5308] gspca_vc032x: I2c Bus Busy Wait 00 [ 852.061603][ T5308] gspca_vc032x: I2c Bus Busy Wait 00 [ 852.067382][ T5308] gspca_vc032x: I2c Bus Busy Wait 00 [ 852.072934][ T5308] gspca_vc032x: I2c Bus Busy Wait 00 [ 852.074847][ T5293] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 852.078249][ T5308] gspca_vc032x: I2c Bus Busy Wait 00 [ 852.078274][ T5308] gspca_vc032x: I2c Bus Busy Wait 00 [ 852.078293][ T5308] gspca_vc032x: I2c Bus Busy Wait 00 [ 852.078314][ T5308] gspca_vc032x: I2c Bus Busy Wait 00 [ 852.078333][ T5308] gspca_vc032x: I2c Bus Busy Wait 00 [ 852.078354][ T5308] gspca_vc032x: Unknown sensor... [ 852.124324][ T5308] vc032x 2-1:0.0: probe with driver vc032x failed with error -22 [ 852.138045][ T5308] usb 2-1: USB disconnect, device number 46 [ 852.159096][ T5293] usb 1-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00 [ 852.197463][ T5293] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 852.265187][ T5293] usb 1-1: config 0 descriptor?? [ 852.581696][T15406] BTRFS info (device loop5): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 852.970753][ C1] vkms_vblank_simulate: vblank timer overrun [ 853.050057][ T5308] usb 5-1: new high-speed USB device number 41 using dummy_hcd [ 853.089649][ C1] vkms_vblank_simulate: vblank timer overrun [ 853.195141][ C1] vkms_vblank_simulate: vblank timer overrun [ 853.290236][ C1] vkms_vblank_simulate: vblank timer overrun [ 853.310766][ T5308] usb 5-1: Using ep0 maxpacket: 16 [ 853.565415][ T5308] usb 5-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15 [ 853.609276][ C1] vkms_vblank_simulate: vblank timer overrun [ 853.638636][ T5308] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 853.653536][ T5308] usb 5-1: Product: syz [ 853.657853][ T5308] usb 5-1: Manufacturer: syz [ 853.672748][ T5308] usb 5-1: SerialNumber: syz [ 853.815088][ C1] vkms_vblank_simulate: vblank timer overrun [ 853.915684][T22908] loop2: detected capacity change from 0 to 512 [ 854.006779][T22910] bridge0: port 3(erspan0) entered blocking state [ 854.042896][ C1] vkms_vblank_simulate: vblank timer overrun [ 854.076447][ C1] vkms_vblank_simulate: vblank timer overrun [ 854.117504][ C1] vkms_vblank_simulate: vblank timer overrun [ 854.186121][ C1] vkms_vblank_simulate: vblank timer overrun [ 854.195333][T22910] bridge0: port 3(erspan0) entered disabled state [ 854.204114][T22908] EXT4-fs (loop2): warning: mounting unchecked fs, running e2fsck is recommended [ 854.215428][ T5308] usb 5-1: config 0 descriptor?? [ 854.221045][T22910] erspan0: entered allmulticast mode [ 854.230194][ T5308] ssu100 5-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected [ 854.250051][T22910] erspan0: entered promiscuous mode [ 854.256129][T22910] bridge0: port 3(erspan0) entered blocking state [ 854.262814][T22910] bridge0: port 3(erspan0) entered forwarding state [ 854.270124][ T46] usb 6-1: new high-speed USB device number 38 using dummy_hcd [ 854.392738][ C1] vkms_vblank_simulate: vblank timer overrun [ 854.400779][T22908] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006] [ 854.419454][T22908] System zones: 0-2, 18-18, 34-35 [ 854.443405][T22908] EXT4-fs (loop2): mounted filesystem 00000000-0700-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 854.459588][ T46] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 854.490037][ T46] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 854.581692][ T5308] ssu100 5-1:0.0: probe with driver ssu100 failed with error -110 [ 854.589831][ T46] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 854.655893][ T46] usb 6-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00 [ 854.698168][ T46] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 854.775071][ T46] usb 6-1: config 0 descriptor?? [ 854.868597][T22919] loop1: detected capacity change from 0 to 128 [ 854.891147][ T5308] usb 3-1: new full-speed USB device number 47 using dummy_hcd [ 854.936095][T22919] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 854.972278][T22919] ext4 filesystem being mounted at /70/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 855.050895][T22919] syz.1.6469 (pid 22919) is setting deprecated v1 encryption policy; recommend upgrading to v2. [ 855.072298][ T5308] usb 3-1: config 0 has an invalid interface number: 52 but max is 0 [ 855.089905][ T5308] usb 3-1: config 0 has an invalid descriptor of length 229, skipping remainder of the config [ 855.121115][ T5308] usb 3-1: config 0 has no interface number 0 [ 855.127364][ T5308] usb 3-1: config 0 interface 52 altsetting 1 endpoint 0x8A has invalid maxpacket 52412, setting to 64 [ 855.193063][ T5308] usb 3-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 855.271872][ T5308] usb 3-1: config 0 interface 52 has no altsetting 0 [ 855.310535][ T5308] usb 3-1: New USB device found, idVendor=06cb, idProduct=0007, bcdDevice= 0.00 [ 855.347381][ T5308] usb 3-1: New USB device strings: Mfr=0, Product=149, SerialNumber=35 [ 855.379940][ T5308] usb 3-1: Product: syz [ 855.412523][ T5308] usb 3-1: SerialNumber: syz [ 855.443481][ T5308] usb 3-1: config 0 descriptor?? [ 855.484573][T21462] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 855.553872][ C1] vkms_vblank_simulate: vblank timer overrun [ 855.686668][T22916] EXT4-fs error (device loop2): ext4_validate_block_bitmap:440: comm ext4lazyinit: bg 0: block 224: padding at end of block bitmap is not set [ 855.741628][ T5308] input: syz (Stick) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.52/input/input85 [ 855.914403][ T5308] usb 5-1: USB disconnect, device number 41 [ 856.065246][ T5304] usb 3-1: USB disconnect, device number 47 [ 856.065335][ C1] synaptics_usb 3-1:0.52: synusb_irq - usb_submit_urb failed with result: -19 [ 856.891348][ T5293] acrux 0003:1A34:0802.004A: hidraw0: USB HID v0.00 Device [HID 1a34:0802] on usb-dummy_hcd.0-1/input0 [ 856.907326][ T46] acrux 0003:1A34:0802.004B: hidraw1: USB HID v0.00 Device [HID 1a34:0802] on usb-dummy_hcd.5-1/input0 [ 856.920060][ T5293] acrux 0003:1A34:0802.004A: no inputs found [ 856.926097][ T5293] acrux 0003:1A34:0802.004A: Failed to enable force feedback support, error: -19 [ 856.978851][ T46] acrux 0003:1A34:0802.004B: no inputs found [ 857.004308][T21464] EXT4-fs (loop2): unmounting filesystem 00000000-0700-0000-0000-000000000000. [ 857.017671][T22937] loop1: detected capacity change from 0 to 1024 [ 857.029830][ T46] acrux 0003:1A34:0802.004B: Failed to enable force feedback support, error: -19 [ 857.132238][ T46] usb 6-1: USB disconnect, device number 38 [ 857.645537][T22004] hfsplus: b-tree write err: -5, ino 4 [ 858.352412][T22949] loop2: detected capacity change from 0 to 32768 [ 858.491129][T22949] Dev loop2 SGI disklabel: csum bad, label corrupted [ 859.957787][T22710] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 859.982214][T22710] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 859.999757][T22710] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 860.173437][T22710] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 860.181272][T22710] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 860.188605][T22710] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 860.899887][ T46] usb 5-1: new high-speed USB device number 42 using dummy_hcd [ 861.119982][ T46] usb 5-1: Using ep0 maxpacket: 32 [ 861.335567][T22963] chnl_net:caif_netlink_parms(): no params data found [ 861.433229][ T46] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 861.659963][ T46] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 861.682149][ T46] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 861.712845][ T46] usb 5-1: Product: syz [ 861.717087][ T46] usb 5-1: Manufacturer: syz [ 861.749912][ T46] usb 5-1: SerialNumber: syz [ 861.769885][ T46] usb 5-1: config 0 descriptor?? [ 861.775833][T22977] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 862.436839][T22710] Bluetooth: hci5: command tx timeout [ 862.570562][T22994] loop1: detected capacity change from 0 to 512 [ 862.699645][T22963] bridge0: port 1(bridge_slave_0) entered blocking state [ 862.758663][T22963] bridge0: port 1(bridge_slave_0) entered disabled state [ 862.946978][ T5304] usb 5-1: USB disconnect, device number 42 [ 862.969048][T23001] loop5: detected capacity change from 0 to 256 [ 862.981815][T22994] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 863.004879][T22994] ext4 filesystem being mounted at /80/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 863.023490][T23001] exFAT-fs (loop5): failed to load alloc-bitmap [ 863.050721][T23001] exFAT-fs (loop5): failed to recognize exfat type [ 863.100174][T22963] bridge_slave_0: entered allmulticast mode [ 863.107721][T22963] bridge_slave_0: entered promiscuous mode [ 863.157789][T22963] bridge0: port 2(bridge_slave_1) entered blocking state [ 863.208111][T22993] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1217: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters [ 863.231050][T22963] bridge0: port 2(bridge_slave_1) entered disabled state [ 863.251648][T22963] bridge_slave_1: entered allmulticast mode [ 863.272631][T22963] bridge_slave_1: entered promiscuous mode [ 863.370054][T22993] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 15 with max blocks 1 with error 28 [ 863.447898][T22993] EXT4-fs (loop1): This should not happen!! Data will be lost [ 863.447898][T22993] [ 863.508953][T22993] EXT4-fs (loop1): Total free blocks count 0 [ 863.594126][T22993] EXT4-fs (loop1): Free/Dirty block details [ 863.640063][T22993] EXT4-fs (loop1): free_blocks=39626 [ 863.662189][T22993] EXT4-fs (loop1): dirty_blocks=1 [ 863.689962][T22993] EXT4-fs (loop1): Block reservation details [ 863.696017][T22993] EXT4-fs (loop1): i_reserved_data_blocks=1 [ 863.903192][T21462] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 864.709830][T22710] Bluetooth: hci5: command tx timeout [ 865.902986][T22963] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 865.976881][T22963] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 866.413800][T22963] team0: Port device team_slave_0 added [ 866.481479][T22963] team0: Port device team_slave_1 added [ 866.581040][T23021] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.6501'. [ 866.640308][T23017] tipc: Failed to obtain node identity [ 866.648006][T23017] tipc: Enabling of bearer rejected, failed to enable media [ 866.720334][T22710] Bluetooth: hci5: command tx timeout [ 866.859954][T22963] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 866.869847][ T5304] usb 3-1: new high-speed USB device number 48 using dummy_hcd [ 866.889940][T22963] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 866.938353][ T5293] usb 1-1: USB disconnect, device number 56 [ 866.962816][T22963] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 867.040863][ T5304] usb 3-1: Using ep0 maxpacket: 32 [ 867.061014][ T5304] usb 3-1: config index 0 descriptor too short (expected 156, got 27) [ 867.114246][ T5304] usb 3-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 867.167758][ T5304] usb 3-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 151, changing to 11 [ 867.239905][ T5304] usb 3-1: config 0 interface 0 altsetting 191 endpoint 0x87 has invalid maxpacket 17729, setting to 1024 [ 867.334728][ T5304] usb 3-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 867.418099][ T5304] usb 3-1: config 0 interface 0 has no altsetting 0 [ 867.473062][ T5304] usb 3-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 867.486186][ T5304] usb 3-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 867.507922][ T5304] usb 3-1: Product: syz [ 867.517082][ T5304] usb 3-1: Manufacturer: syz [ 867.560095][ T5304] usb 3-1: SerialNumber: syz [ 867.578637][ T5304] usb 3-1: config 0 descriptor?? [ 867.591349][T23027] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 867.605329][ T5304] ldusb 3-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 867.651178][ T5304] ldusb 3-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 867.716653][T23033] loop1: detected capacity change from 0 to 2048 [ 867.740014][T23033] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) [ 867.808484][T23033] syz.1.6510: attempt to access beyond end of device [ 867.808484][T23033] loop1: rw=524288, sector=33554430, nr_sectors = 2 limit=2048 [ 867.833885][T23034] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 867.928515][ T5304] usb 3-1: USB disconnect, device number 48 [ 867.945921][T23020] loop0: detected capacity change from 0 to 32768 [ 867.964035][ T5304] ldusb 3-1:0.0: LD USB Device #0 now disconnected [ 867.986752][T23020] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.6504 (23020) [ 868.268584][T22963] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 868.299101][T22963] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 868.337252][T22963] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 868.548495][T22963] hsr_slave_0: entered promiscuous mode [ 868.585821][T22963] hsr_slave_1: entered promiscuous mode [ 868.619560][T22963] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 868.670765][T22963] Cannot create hsr debugfs directory [ 868.800287][T22710] Bluetooth: hci5: command tx timeout [ 869.090789][T23044] loop4: detected capacity change from 0 to 256 [ 869.121004][T23044] exfat: Deprecated parameter 'namecase' [ 869.127196][T23044] exfat: Deprecated parameter 'utf8' [ 869.249822][T23044] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d) [ 869.265230][T23020] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 869.290327][T23020] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 869.343068][T23020] BTRFS info (device loop0): using free-space-tree [ 869.378300][T23020] workqueue: Failed to create a rescuer kthread for wq "btrfs-delalloc": -EINTR [ 869.380495][T23020] workqueue: Failed to create a rescuer kthread for wq "btrfs-flush_delalloc": -EINTR [ 869.493116][T23020] workqueue: Failed to create a rescuer kthread for wq "btrfs-cache": -EINTR [ 869.553846][T23020] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio": -EINTR [ 869.839434][T22963] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 870.300181][T23020] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-meta": -EINTR [ 870.300472][T23020] workqueue: Failed to create a rescuer kthread for wq "btrfs-rmw": -EINTR [ 870.345999][T23020] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-write": -EINTR [ 870.396371][T23020] workqueue: Failed to create a rescuer kthread for wq "btrfs-compressed-write": -EINTR [ 870.470323][T23020] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR [ 870.534374][T23020] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR [ 870.754242][T23055] loop5: detected capacity change from 0 to 32768 [ 870.776385][T23055] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.6517 (23055) [ 870.819698][T23055] BTRFS info (device loop5): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 870.840595][T23055] BTRFS info (device loop5): using sha256 (sha256-ni) checksum algorithm [ 870.849087][T23055] BTRFS info (device loop5): using free-space-tree [ 871.025958][T22963] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 871.085004][T23077] loop1: detected capacity change from 0 to 2048 [ 871.223972][T22963] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 871.375744][T22963] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 871.416226][T23020] BTRFS error (device loop0): open_ctree failed [ 871.963594][T23077] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 872.383679][T22004] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 872.403192][T23091] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1217: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 872.466279][T22004] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 872.484411][T22017] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 5 with error 28 [ 872.546407][T22017] EXT4-fs (loop1): This should not happen!! Data will be lost [ 872.546407][T22017] [ 872.556884][T23055] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR [ 872.579378][T23055] BTRFS error (device loop5): open_ctree failed [ 872.653354][T22017] EXT4-fs (loop1): Total free blocks count 0 [ 872.659426][T22017] EXT4-fs (loop1): Free/Dirty block details [ 872.722751][T22017] EXT4-fs (loop1): free_blocks=2415919104 [ 872.758704][T22017] EXT4-fs (loop1): dirty_blocks=16 [ 872.788386][T22017] EXT4-fs (loop1): Block reservation details [ 872.860126][T22017] EXT4-fs (loop1): i_reserved_data_blocks=1 [ 872.893337][T21462] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 873.065102][T22963] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 873.222334][T23102] netlink: 16 bytes leftover after parsing attributes in process `syz.5.6530'. [ 873.392735][T22963] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 873.492538][ T5232] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 873.538400][T23105] loop2: detected capacity change from 0 to 256 [ 873.756715][ T5232] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 873.840903][ T5232] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 873.856892][ T5232] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 873.866913][ T5232] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 873.875375][ T5232] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 874.310756][T22004] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 874.373834][T22004] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 874.483300][T22963] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 874.526834][T22963] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 874.537466][T23119] loop2: detected capacity change from 0 to 1024 [ 874.701004][T23119] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 874.735440][ T1261] ieee802154 phy0 wpan0: encryption failed: -22 [ 874.746185][ T1261] ieee802154 phy1 wpan1: encryption failed: -22 [ 874.871869][ T29] audit: type=1800 audit(1727406288.748:250): pid=23119 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.6535" name="bus" dev="loop2" ino=18 res=0 errno=0 [ 874.976952][ T29] audit: type=1800 audit(1727406288.748:251): pid=23119 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.6535" name="bus" dev="loop2" ino=18 res=0 errno=0 [ 875.164642][T21464] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 875.315617][T23132] loop5: detected capacity change from 0 to 512 [ 875.386270][T23135] loop1: detected capacity change from 0 to 512 [ 875.418854][T23132] EXT4-fs (loop5): mounted filesystem 00800000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 875.495893][T22004] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 875.506619][T22004] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 875.714499][T23135] EXT4-fs error (device loop1): ext4_get_branch:178: inode #11: block 4294967295: comm syz.1.6543: invalid block [ 875.728689][T23135] EXT4-fs error (device loop1): ext4_free_branches:1020: inode #11: comm syz.1.6543: invalid indirect mapped block 4294967295 (level 1) [ 875.784031][T23135] EXT4-fs error (device loop1): ext4_free_branches:1020: inode #11: comm syz.1.6543: invalid indirect mapped block 4294967295 (level 1) [ 875.834809][T23135] EXT4-fs (loop1): 2 truncates cleaned up [ 875.858019][T23135] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 875.920089][ T5232] Bluetooth: hci2: command tx timeout [ 876.083699][T22004] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 876.106214][T22004] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 876.141821][T23132] Quota error (device loop5): v2_read_file_info: Free block number 58381 out of range (1, 6). [ 876.195716][T23132] EXT4-fs warning (device loop5): ext4_enable_quotas:7093: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 876.632724][T22963] 8021q: adding VLAN 0 to HW filter on device bond0 [ 876.658818][T22963] 8021q: adding VLAN 0 to HW filter on device team0 [ 876.706343][T22963] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 876.718722][T22963] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 876.751540][T22013] bridge0: port 1(bridge_slave_0) entered blocking state [ 876.758753][T22013] bridge0: port 1(bridge_slave_0) entered forwarding state [ 876.768636][T22013] bridge0: port 2(bridge_slave_1) entered blocking state [ 876.776265][T22013] bridge0: port 2(bridge_slave_1) entered forwarding state [ 876.854381][T23100] chnl_net:caif_netlink_parms(): no params data found [ 876.959607][T15406] EXT4-fs (loop5): unmounting filesystem 00800000-0000-0000-0000-000000000000. [ 876.975535][T21462] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 877.084982][T22004] bridge_slave_1: left allmulticast mode [ 877.092714][T22004] bridge_slave_1: left promiscuous mode [ 877.098621][T22004] bridge0: port 2(bridge_slave_1) entered disabled state [ 877.116432][T22004] bridge_slave_0: left promiscuous mode [ 877.135106][T22004] bridge0: port 1(bridge_slave_0) entered disabled state [ 877.360815][T23167] loop0: detected capacity change from 0 to 128 [ 877.374411][T23167] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x00067272 (sector = 1) [ 877.385700][T23167] FAT-fs (loop0): count of clusters too big (2147922302) [ 877.398943][T23167] FAT-fs (loop0): Can't find a valid FAT filesystem [ 878.014314][ T5232] Bluetooth: hci2: command tx timeout [ 878.124114][T23164] Bluetooth: hci0: Opcode 0x0c20 failed: -4 [ 878.133840][T23183] loop5: detected capacity change from 0 to 512 [ 878.165560][T23183] EXT4-fs: journaled quota format not specified [ 878.315027][T23185] loop1: detected capacity change from 0 to 512 [ 878.336123][T23185] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 878.396683][T23185] EXT4-fs (loop1): 1 orphan inode deleted [ 878.403209][T23185] EXT4-fs (loop1): 1 truncate cleaned up [ 878.411654][T23185] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 878.488351][ T29] audit: type=1326 audit(1727406292.368:252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23189 comm="syz.5.6561" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3b3e57df39 code=0x0 [ 878.497543][T23185] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1217: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 878.577630][T23185] EXT4-fs (loop1): Remounting filesystem read-only [ 878.626319][T23185] EXT4-fs (loop1): error restoring inline_data for inode -- potential data loss! (inode 12, error -5) [ 878.712602][T21462] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 878.726666][T22004] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 878.775572][T22004] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 878.815567][T22004] bond0 (unregistering): Released all slaves [ 878.927116][T23197] loop1: detected capacity change from 0 to 64 [ 879.167106][T23202] loop2: detected capacity change from 0 to 512 [ 879.196992][T23202] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 879.304693][T23202] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 879.319970][T23100] bridge0: port 1(bridge_slave_0) entered blocking state [ 879.327105][T23100] bridge0: port 1(bridge_slave_0) entered disabled state [ 879.329627][T23202] ext4 filesystem being mounted at /96/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 879.370182][ T5232] Bluetooth: hci0: command 0x0406 tx timeout [ 879.380337][T22017] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 879.390251][T23100] bridge_slave_0: entered allmulticast mode [ 879.404487][T23100] bridge_slave_0: entered promiscuous mode [ 879.443947][T22963] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 879.480573][ T5292] usb 2-1: new high-speed USB device number 47 using dummy_hcd [ 879.552071][T21464] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 879.700078][ T5292] usb 2-1: New USB device found, idVendor=2c42, idProduct=1709, bcdDevice=ca.b7 [ 879.728593][ T5292] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 879.758844][ T5292] usb 2-1: Product: syz [ 879.764866][T23100] bridge0: port 2(bridge_slave_1) entered blocking state [ 879.778568][ T5292] usb 2-1: Manufacturer: syz [ 879.787329][T23100] bridge0: port 2(bridge_slave_1) entered disabled state [ 879.799890][ T5292] usb 2-1: SerialNumber: syz [ 879.812001][T23100] bridge_slave_1: entered allmulticast mode [ 879.819499][ T5292] usb 2-1: config 0 descriptor?? [ 879.831430][T23100] bridge_slave_1: entered promiscuous mode [ 880.029448][T22004] hsr_slave_0: left promiscuous mode [ 880.048167][T22004] hsr_slave_1: left promiscuous mode [ 880.061520][T22004] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 880.086019][T23227] loop0: detected capacity change from 0 to 1024 [ 880.093833][ T5232] Bluetooth: hci2: command tx timeout [ 880.123994][T22004] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 880.167222][T22004] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 880.175793][T22021] hfsplus: b-tree write err: -5, ino 4 [ 880.175815][T22004] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 880.253004][T22004] veth1_macvtap: left promiscuous mode [ 880.268905][T22004] veth0_macvtap: left promiscuous mode [ 880.287963][T22004] veth1_vlan: left promiscuous mode [ 880.303068][T22004] veth0_vlan: left promiscuous mode [ 881.607956][ T46] IPVS: starting estimator thread 0... [ 881.660931][T22004] team0 (unregistering): Port device team_slave_1 removed [ 881.757946][T23242] IPVS: using max 15 ests per chain, 36000 per kthread [ 881.774813][T22004] team0 (unregistering): Port device team_slave_0 removed [ 882.160205][ T5232] Bluetooth: hci2: command tx timeout [ 882.726219][T23100] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 882.768860][ T5292] usb 2-1: f81604_read: reg: 100f failed: -EPROTO [ 882.782371][T23241] tipc: Started in network mode [ 882.789078][T23241] tipc: Node identity ac1414aa, cluster identity 4711 [ 882.831986][T23241] tipc: Enabled bearer , priority 10 [ 882.873962][T23100] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 882.899386][ T5292] usb 2-1: f81604_read: reg: 200f failed: -EPROTO [ 882.933607][ T5292] usb 2-1: USB disconnect, device number 47 [ 883.145377][T23100] team0: Port device team_slave_0 added [ 883.162139][T23252] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 883.194075][ T5292] usb 2-1: f81604_read: reg: 100f failed: -ENODEV [ 883.236327][T23100] team0: Port device team_slave_1 added [ 883.346150][T23257] loop2: detected capacity change from 0 to 256 [ 883.400645][ T5292] usb 2-1: f81604_read: reg: 200f failed: -ENODEV [ 883.448821][T23100] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 883.460052][T23100] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 883.486920][ C0] vkms_vblank_simulate: vblank timer overrun [ 883.501368][T23261] loop0: detected capacity change from 0 to 512 [ 883.530456][T23100] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 883.565603][T23261] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2240: inode #12: comm syz.0.6588: corrupted in-inode xattr: invalid ea_ino [ 883.605528][T23261] EXT4-fs error (device loop0): ext4_orphan_get:1391: comm syz.0.6588: couldn't read orphan inode 12 (err -117) [ 883.623293][T22963] veth0_vlan: entered promiscuous mode [ 883.631794][T23100] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 883.638795][T23100] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 883.666635][T23261] EXT4-fs (loop0): mounted filesystem 00000005-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 883.710660][T23100] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 883.862839][T19881] EXT4-fs (loop0): unmounting filesystem 00000005-0000-0000-0000-000000000000. [ 883.949955][ T46] tipc: Node number set to 2886997162 [ 883.965076][T22963] veth1_vlan: entered promiscuous mode [ 884.006579][T23100] hsr_slave_0: entered promiscuous mode [ 884.047418][T23100] hsr_slave_1: entered promiscuous mode [ 884.069101][T23100] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 884.087043][T23100] Cannot create hsr debugfs directory [ 884.101156][T23272] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6593'. [ 884.338891][T22963] veth0_macvtap: entered promiscuous mode [ 884.395369][T22963] veth1_macvtap: entered promiscuous mode [ 884.497992][T23283] loop1: detected capacity change from 0 to 2048 [ 884.507416][T23283] EXT4-fs: Ignoring removed orlov option [ 884.551886][T22004] bridge_slave_1: left allmulticast mode [ 884.564444][T23283] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 884.579322][T22004] bridge_slave_1: left promiscuous mode [ 884.586558][T22004] bridge0: port 2(bridge_slave_1) entered disabled state [ 884.642017][T22004] bridge_slave_0: left allmulticast mode [ 884.647819][T22004] bridge_slave_0: left promiscuous mode [ 884.664785][T22004] bridge0: port 1(bridge_slave_0) entered disabled state [ 884.764093][T21462] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 884.905743][ C0] vkms_vblank_simulate: vblank timer overrun [ 885.253190][ C0] vkms_vblank_simulate: vblank timer overrun [ 885.392239][T23302] loop2: detected capacity change from 0 to 1024 [ 885.435004][T23302] EXT4-fs (loop2): Test dummy encryption mode enabled [ 885.463260][T23302] EXT4-fs (loop2): stripe (7) is not aligned with cluster size (16), stripe is disabled [ 885.502721][T23302] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 885.570366][ C0] vkms_vblank_simulate: vblank timer overrun [ 885.678791][T23303] loop0: detected capacity change from 0 to 8192 [ 885.817546][T21464] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 886.733906][T22004] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 886.758354][T22004] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 886.785820][T22004] bond0 (unregistering): Released all slaves [ 886.935441][T23330] loop0: detected capacity change from 0 to 2048 [ 887.003914][T23334] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 887.018350][T23333] loop5: detected capacity change from 0 to 2048 [ 887.071067][T23335] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 887.141519][T22004] tipc: Left network mode [ 887.166676][T22963] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 887.199860][T22963] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 887.230139][T22963] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 887.250063][T22963] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 887.260258][T22963] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 887.271171][T22963] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 887.290355][T22963] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 887.313242][T22963] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 887.332433][T22963] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 887.351129][T22963] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 887.400734][T22963] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 887.453979][T22963] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 887.472835][T22963] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 887.496250][T22963] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 887.519961][T22963] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 887.543216][T22963] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 887.569951][T22963] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 887.595514][T22963] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 887.616905][T22963] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 887.634254][T22963] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 887.645296][T22963] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 887.656689][T22963] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 887.667331][T22963] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 887.681045][T22963] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 887.798450][T22963] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 887.808481][ T46] usb 3-1: new high-speed USB device number 49 using dummy_hcd [ 887.816728][T22963] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 887.829580][T22963] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 887.850080][T22963] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 887.974304][ T46] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 887.989174][ T46] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 888.012239][T22004] hsr_slave_0: left promiscuous mode [ 888.018419][T22004] hsr_slave_1: left promiscuous mode [ 888.024121][ T46] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 888.033918][T22004] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 888.041615][ T46] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 888.041665][ T46] usb 3-1: SerialNumber: syz [ 888.060123][T22004] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 888.081311][T22004] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 888.098249][T22004] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 888.157532][T22004] veth1_macvtap: left promiscuous mode [ 888.178851][T22004] veth1_vlan: left promiscuous mode [ 888.186182][T22004] veth0_vlan: left promiscuous mode [ 888.287009][ T46] usb 3-1: 0:2 : does not exist [ 888.319558][ T46] usb 3-1: 5:0: failed to get current value for ch 1 (-22) [ 888.358448][ T46] usb 3-1: USB disconnect, device number 49 [ 888.920692][T23361] TCP: TCP_TX_DELAY enabled [ 888.952642][T23357] loop1: detected capacity change from 0 to 32768 [ 889.035202][T23357] XFS (loop1): DAX unsupported by block device. Turning off DAX. [ 889.045535][T23357] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 889.370713][T23357] XFS (loop1): Ending clean mount [ 889.426430][T23357] XFS (loop1): Quotacheck needed: Please wait. [ 889.523281][T23378] vivid-000: disconnect [ 889.537501][T23357] XFS (loop1): Quotacheck: Done. [ 889.673041][T21462] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 889.974072][T22004] team0 (unregistering): Port device team_slave_1 removed [ 889.989974][ T46] usb 6-1: new high-speed USB device number 39 using dummy_hcd [ 890.133580][T22004] team0 (unregistering): Port device team_slave_0 removed [ 890.189347][ T46] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 890.215112][ T46] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 890.249869][ T46] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 890.265968][ T46] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 890.279593][ T46] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 890.289005][ T46] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 890.299238][ T46] usb 6-1: config 0 descriptor?? [ 890.768861][ T46] plantronics 0003:047F:FFFF.004C: unknown main item tag 0x0 [ 890.781119][ T46] plantronics 0003:047F:FFFF.004C: No inputs registered, leaving [ 890.801796][ T46] plantronics 0003:047F:FFFF.004C: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0 [ 891.114099][ T5292] usb 6-1: USB disconnect, device number 39 [ 891.274085][T23391] loop1: detected capacity change from 0 to 256 [ 891.312684][ T29] audit: type=1800 audit(1727406305.198:253): pid=23391 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.6640" name="file1" dev="loop1" ino=1048927 res=0 errno=0 [ 891.588653][T23374] vivid-000: reconnect [ 891.820074][T22021] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 891.827952][T22021] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 891.923322][T23402] loop5: detected capacity change from 0 to 512 [ 891.938227][ T79] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 891.947496][ T79] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 892.018116][T23402] EXT4-fs error (device loop5): ext4_orphan_get:1388: inode #15: comm syz.5.6644: casefold flag without casefold feature [ 892.112614][T23402] EXT4-fs error (device loop5): ext4_orphan_get:1391: comm syz.5.6644: couldn't read orphan inode 15 (err -117) [ 892.130837][T23402] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 892.241995][T23100] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 892.351756][T23100] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 892.393220][T23100] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 892.401365][T23402] support for cryptoloop has been removed. Use dm-crypt instead. [ 892.436117][T23100] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 892.495280][T23423] loop0: detected capacity change from 0 to 64 [ 892.693313][T15406] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 892.724353][T23427] (unnamed net_device) (uninitialized): invalid ARP target 0.0.0.0 specified for addition [ 892.780005][T23427] (unnamed net_device) (uninitialized): option arp_ip_target: invalid value (0) [ 892.876294][T23100] 8021q: adding VLAN 0 to HW filter on device bond0 [ 892.979353][T23100] 8021q: adding VLAN 0 to HW filter on device team0 [ 893.112921][T23441] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 893.222860][T22019] bridge0: port 1(bridge_slave_0) entered blocking state [ 893.230116][T22019] bridge0: port 1(bridge_slave_0) entered forwarding state [ 893.461755][T22019] bridge0: port 2(bridge_slave_1) entered blocking state [ 893.469134][T22019] bridge0: port 2(bridge_slave_1) entered forwarding state [ 893.706447][T23100] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 893.717026][T23100] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 894.228213][T23100] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 894.283207][T23498] netlink: 5300 bytes leftover after parsing attributes in process `syz.5.6669'. [ 894.303368][T23498] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 894.512861][T23485] loop3: detected capacity change from 0 to 32768 [ 894.542096][T23485] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.6662 (23485) [ 894.566884][T23485] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 894.629173][T23485] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 894.654765][T23100] veth0_vlan: entered promiscuous mode [ 894.691289][T23100] veth1_vlan: entered promiscuous mode [ 894.738187][T23485] BTRFS info (device loop3): using free-space-tree [ 894.780071][T23100] veth0_macvtap: entered promiscuous mode [ 894.790690][T23100] veth1_macvtap: entered promiscuous mode [ 894.857271][T23100] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 894.868434][T23100] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 894.878813][T23100] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 894.883330][T23520] RDS: rds_bind could not find a transport for fe80::bb, load rds_tcp or rds_rdma? [ 894.890227][T23100] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 894.908620][T23100] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 894.920052][T23100] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 894.929981][T23100] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 894.940549][T23100] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 894.951110][T23100] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 894.961841][T23100] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 894.974253][T23100] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 895.039265][T23100] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 895.050341][T23100] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 895.060550][T23100] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 895.071613][T23100] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 895.081722][T23100] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 895.092319][T23100] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 895.102364][T23100] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 895.112954][T23100] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 895.123108][T23100] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 895.134045][T23100] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 895.144009][T23100] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 895.154597][T23100] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 895.166623][T23100] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 895.180172][T23100] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 895.188967][T23100] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 895.197892][T23100] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 895.207570][T23100] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 895.373296][T23529] Cannot find add_set index 0 as target [ 895.540264][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 895.558747][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 895.678761][T22004] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 895.720019][T22004] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 895.858721][T22963] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 896.691186][ T5304] kernel write not supported for file /uinput (pid: 5304 comm: kworker/1:5) [ 896.778013][T23565] loop4: detected capacity change from 0 to 2048 [ 896.846611][T23565] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 897.308535][T23574] loop2: detected capacity change from 0 to 32768 [ 897.316486][T23100] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1217: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 897.363470][T23574] [ 897.363470][T23574] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 897.363470][T23574] [ 897.450315][ T35] [ 897.450315][ T35] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 897.450315][ T35] [ 897.463917][T23100] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 897.479879][ T35] [ 897.479879][ T35] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 897.479879][ T35] [ 897.495511][ T110] [ 897.495511][ T110] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 897.495511][ T110] [ 897.526751][T21464] [ 897.526751][T21464] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 897.526751][T21464] [ 897.569950][T21464] [ 897.569950][T21464] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 897.569950][T21464] [ 897.983455][T23586] loop5: detected capacity change from 0 to 32768 [ 897.984724][T23553] loop1: detected capacity change from 0 to 40427 [ 898.071524][T23591] loop3: detected capacity change from 0 to 2048 [ 898.089976][T23553] F2FS-fs (loop1): build fault injection attr: rate: 690, type: 0x1fffff [ 898.098540][T23553] F2FS-fs (loop1): Image doesn't support compression [ 898.108412][T23553] F2FS-fs (loop1): Image doesn't support compression [ 898.180536][T23553] F2FS-fs (loop1): invalid crc value [ 898.180637][T23586] XFS (loop5): Mounting V5 Filesystem 9f91832a-3b79-45c3-9d6d-ed0bc7357fe4 [ 898.183835][T23553] F2FS-fs (loop1): Found nat_bits in checkpoint [ 898.237054][T23591] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 898.242285][T23597] loop4: detected capacity change from 0 to 4096 [ 898.243887][T23597] ntfs3: loop4: Different NTFS sector size (4096) and media sector size (512). [ 898.266030][T23591] ext4 filesystem being mounted at /5/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 898.333874][T23553] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 898.340123][T23586] XFS (loop5): Ending clean mount [ 898.394384][T23610] loop0: detected capacity change from 0 to 256 [ 898.403600][T23610] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 898.405337][T23610] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=512, location=512 [ 898.405379][T23610] UDF-fs: warning (device loop0): udf_load_vrs: No anchor found [ 898.405408][T23610] UDF-fs: Scanning with blocksize 512 failed [ 898.407700][T23610] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 898.410672][T23610] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 898.421129][ T29] audit: type=1800 audit(1727406312.308:254): pid=23597 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.6699" name="bus" dev="loop4" ino=33 res=0 errno=0 [ 898.438061][ T29] audit: type=1800 audit(1727406312.318:255): pid=23597 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.6699" name="bus" dev="loop4" ino=33 res=0 errno=0 [ 898.457017][T23553] F2FS-fs (loop1): inject dquot initialize in f2fs_dquot_initialize of f2fs_mkdir+0x11e/0x620 [ 898.546775][T22963] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 898.592777][T21462] syz-executor: attempt to access beyond end of device [ 898.592777][T21462] loop1: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 898.593602][T21462] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 898.593924][T21462] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 898.788365][ C0] vkms_vblank_simulate: vblank timer overrun [ 899.219262][T15406] XFS (loop5): Unmounting Filesystem 9f91832a-3b79-45c3-9d6d-ed0bc7357fe4 [ 899.336379][ T29] audit: type=1326 audit(1727406313.218:256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23627 comm="syz.4.6710" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5079d7df39 code=0x7ffc0000 [ 899.421418][ T29] audit: type=1326 audit(1727406313.218:257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23627 comm="syz.4.6710" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5079d7df39 code=0x7ffc0000 [ 899.520620][ T29] audit: type=1326 audit(1727406313.218:258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23627 comm="syz.4.6710" exe="/root/syz-executor" sig=0 arch=c000003e syscall=274 compat=0 ip=0x7f5079d7df39 code=0x7ffc0000 [ 899.527809][T23634] loop2: detected capacity change from 0 to 512 [ 899.601724][ T29] audit: type=1326 audit(1727406313.218:259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23627 comm="syz.4.6710" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5079d7df39 code=0x7ffc0000 [ 899.688981][ T29] audit: type=1326 audit(1727406313.218:260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23627 comm="syz.4.6710" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5079d7df39 code=0x7ffc0000 [ 899.753928][T23634] EXT4-fs error (device loop2): ext4_orphan_get:1388: inode #15: comm syz.2.6711: casefold flag without casefold feature [ 899.831167][T23634] EXT4-fs error (device loop2): ext4_orphan_get:1391: comm syz.2.6711: couldn't read orphan inode 15 (err -117) [ 899.901121][T23634] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 900.041358][T21464] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 900.110547][T23647] syz.1.6718[23647] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 900.110752][T23647] syz.1.6718[23647] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 900.151340][ T29] audit: type=1326 audit(1727406314.038:261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23650 comm="syz.2.6719" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed1c77df39 code=0x7ffc0000 [ 900.152227][T23648] netlink: 'syz.3.6717': attribute type 2 has an invalid length. [ 900.179833][ T29] audit: type=1326 audit(1727406314.058:262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23650 comm="syz.2.6719" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed1c77df39 code=0x7ffc0000 [ 900.185394][ C0] vkms_vblank_simulate: vblank timer overrun [ 900.189059][T23647] syz.1.6718[23647] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 900.230617][ T29] audit: type=1326 audit(1727406314.088:263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23650 comm="syz.2.6719" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7fed1c77df39 code=0x7ffc0000 [ 900.266315][T23651] loop2: detected capacity change from 0 to 1024 [ 900.271662][T23648] netlink: 'syz.3.6717': attribute type 1 has an invalid length. [ 900.291054][T23651] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (24866!=20869) [ 900.296259][T23653] loop4: detected capacity change from 0 to 2048 [ 900.319802][T23648] netlink: 181400 bytes leftover after parsing attributes in process `syz.3.6717'. [ 900.329229][T23651] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 900.351124][T23653] EXT4-fs: Ignoring removed mblk_io_submit option [ 900.374829][T23651] EXT4-fs (loop2): invalid journal inode [ 900.395122][T23653] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 900.500153][T23656] loop0: detected capacity change from 0 to 1024 [ 900.552404][T23653] EXT4-fs (loop4): shut down requested (0) [ 900.704867][T23664] RDS: rds_bind could not find a transport for fe80::bb, load rds_tcp or rds_rdma? [ 900.846277][T23656] hfsplus: xattr searching failed [ 900.894666][T23100] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 900.994563][T23676] loop2: detected capacity change from 0 to 512 [ 901.032135][T23656] hfsplus: b-tree write err: -5, ino 3 [ 901.056818][T23676] EXT4-fs error (device loop2): ext4_orphan_get:1414: comm syz.2.6730: bad orphan inode 17 [ 901.093222][T23676] ext4_test_bit(bit=16, block=4) = 1 [ 901.098616][T23676] is_bad_inode(inode)=0 [ 901.110608][T23676] NEXT_ORPHAN(inode)=0 [ 901.115373][T23676] max_ino=32 [ 901.118604][T23676] i_nlink=1 [ 901.140697][T23676] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 901.306839][T23687] loop1: detected capacity change from 0 to 256 [ 901.326279][T23687] exfat: Deprecated parameter 'namecase' [ 901.335612][T23687] exfat: Deprecated parameter 'utf8' [ 901.445006][T21464] EXT4-fs error (device loop2): ext4_readdir:259: inode #2: block 13: comm syz-executor: path /134/bus: bad entry in directory: rec_len % 4 != 0 - offset=92, inode=0, rec_len=127, size=1024 fake=0 [ 901.455712][T23687] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xdc42f586, utbl_chksum : 0xe619d30d) [ 901.497253][T21464] EXT4-fs error (device loop2): ext4_validate_block_bitmap:431: comm syz-executor: bg 0: block 7: invalid block bitmap [ 901.524754][T21464] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6550: Corrupt filesystem [ 901.540928][T21464] EXT4-fs error (device loop2): ext4_readdir:259: inode #2: block 13: comm syz-executor: path /134/bus: bad entry in directory: rec_len % 4 != 0 - offset=92, inode=0, rec_len=127, size=1024 fake=0 [ 901.564063][T21464] EXT4-fs error (device loop2): ext4_readdir:259: inode #2: block 13: comm syz-executor: path /134/bus: bad entry in directory: rec_len % 4 != 0 - offset=92, inode=0, rec_len=127, size=1024 fake=0 [ 901.648312][T21464] EXT4-fs error (device loop2): ext4_readdir:259: inode #2: block 13: comm syz-executor: path /134/bus: bad entry in directory: rec_len % 4 != 0 - offset=92, inode=0, rec_len=127, size=1024 fake=0 [ 901.674855][T21464] EXT4-fs error (device loop2): ext4_readdir:259: inode #2: block 13: comm syz-executor: path /134/bus: bad entry in directory: rec_len % 4 != 0 - offset=92, inode=0, rec_len=127, size=1024 fake=0 [ 901.722975][T21464] EXT4-fs error (device loop2): ext4_readdir:259: inode #2: block 13: comm syz-executor: path /134/bus: bad entry in directory: rec_len % 4 != 0 - offset=92, inode=0, rec_len=127, size=1024 fake=0 [ 901.802254][T21464] EXT4-fs error (device loop2): ext4_readdir:259: inode #2: block 13: comm syz-executor: path /134/bus: bad entry in directory: rec_len % 4 != 0 - offset=92, inode=0, rec_len=127, size=1024 fake=0 [ 901.843524][T21464] EXT4-fs error (device loop2): ext4_readdir:259: inode #2: block 13: comm syz-executor: path /134/bus: bad entry in directory: rec_len % 4 != 0 - offset=92, inode=0, rec_len=127, size=1024 fake=0 [ 902.004371][T23701] loop1: detected capacity change from 0 to 1764 [ 902.141465][T23701] iso9660: Corrupted directory entry in block 2 of inode 1920 [ 902.200657][ T5292] usb 1-1: new high-speed USB device number 57 using dummy_hcd [ 902.287751][T23709] loop5: detected capacity change from 0 to 512 [ 902.364884][ T5292] usb 1-1: Using ep0 maxpacket: 8 [ 902.379109][T23709] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 902.379244][ T5292] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 1536, setting to 1024 [ 902.404994][T23709] ext4 filesystem being mounted at /604/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 902.476172][ T5292] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 902.499333][T23709] EXT4-fs error (device loop5): ext4_readdir:259: inode #12: block 32: comm syz.5.6743: path /604/bus/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 902.520144][ C0] vkms_vblank_simulate: vblank timer overrun [ 902.541259][ T5292] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 902.574122][ T5292] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 902.603076][ T5292] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 902.613203][ T5292] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 902.735732][T23719] netlink: 80236 bytes leftover after parsing attributes in process `syz.3.6747'. [ 902.849387][ T5292] usb 1-1: usb_control_msg returned -32 [ 902.857988][ T5292] usbtmc 1-1:16.0: can't read capabilities [ 903.323275][T15406] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 903.670903][ T7570] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 904.021753][ T7570] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 904.268977][T23723] loop1: detected capacity change from 0 to 32768 [ 904.315188][T23751] loop5: detected capacity change from 0 to 1024 [ 904.348334][ T7570] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 904.368360][T23751] EXT4-fs (loop5): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 904.413977][T23751] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (42152!=20869) [ 904.440013][T23751] EXT4-fs (loop5): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 904.470498][T23751] EXT4-fs error (device loop5): ext4_get_journal_inode:5762: inode #5: comm syz.5.6760: unexpected bad inode w/o EXT4_IGET_BAD [ 904.536215][ T7570] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 904.541596][T23751] EXT4-fs (loop5): no journal found [ 904.579834][T23751] EXT4-fs (loop5): can't get journal size [ 904.617939][T23751] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 904.874455][T21464] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 904.884306][T23751] EXT4-fs error (device loop5): ext4_validate_block_bitmap:440: comm syz.5.6760: bg 0: block 32: padding at end of block bitmap is not set [ 905.077228][ T5304] usb 1-1: USB disconnect, device number 57 [ 905.129442][T15406] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 905.247908][ T7570] erspan0: left allmulticast mode [ 905.253850][ T7570] erspan0: left promiscuous mode [ 905.269284][ T7570] bridge0: port 3(erspan0) entered disabled state [ 905.300618][ T7570] bridge_slave_1: left allmulticast mode [ 905.306523][ T7570] bridge_slave_1: left promiscuous mode [ 905.322972][ T7570] bridge0: port 2(bridge_slave_1) entered disabled state [ 905.355712][ T7570] bridge_slave_0: left allmulticast mode [ 905.400051][ T7570] bridge_slave_0: left promiscuous mode [ 905.405884][ T7570] bridge0: port 1(bridge_slave_0) entered disabled state [ 905.479433][T23770] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6769'. [ 905.929960][T22710] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 905.941990][T22710] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 905.950582][T22710] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 905.961371][T22710] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 905.970678][T22710] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 905.978227][T22710] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 906.311387][T23794] netlink: 12 bytes leftover after parsing attributes in process `syz.5.6780'. [ 906.457229][T23796] loop4: detected capacity change from 0 to 8 [ 906.477691][T23796] squashfs image failed sanity check [ 907.069943][ T7570] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 907.084549][ T7570] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 907.097792][ T7570] bond0 (unregistering): Released all slaves [ 907.700789][T23815] loop0: detected capacity change from 0 to 1024 [ 907.710904][T23815] EXT4-fs: Ignoring removed orlov option [ 907.737591][T23815] EXT4-fs: Ignoring removed nomblk_io_submit option [ 907.743206][T23817] could not open pipe file descriptor [ 907.831834][T23815] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 908.002442][T22710] Bluetooth: hci6: command tx timeout [ 908.111577][T19881] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 908.160091][ T7570] hsr_slave_0: left promiscuous mode [ 908.284265][ T7570] hsr_slave_1: left promiscuous mode [ 908.314069][ T7570] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 908.335985][ T7570] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 908.353644][ T7570] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 908.386420][ T7570] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 908.434472][ T7570] veth1_macvtap: left promiscuous mode [ 908.435002][T23841] nvme_fabrics: missing parameter 'transport=%s' [ 908.444883][ T7570] veth0_macvtap: left promiscuous mode [ 908.460009][ T7570] veth1_vlan: left promiscuous mode [ 908.471241][T23841] nvme_fabrics: missing parameter 'nqn=%s' [ 908.473494][ T7570] veth0_vlan: left promiscuous mode [ 909.352381][T23848] slcan: can't register candev [ 909.357380][T23848] Falling back ldisc for ptm0. [ 909.922044][T23872] loop0: detected capacity change from 0 to 128 [ 909.969875][ T46] usb 2-1: new high-speed USB device number 48 using dummy_hcd [ 910.078506][ T7570] team0 (unregistering): Port device team_slave_1 removed [ 910.079881][T22710] Bluetooth: hci6: command tx timeout [ 910.121920][ T46] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 910.139435][ T46] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 910.148829][ T46] usb 2-1: config 1 has no interface number 0 [ 910.155062][ T46] usb 2-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 910.166922][ T46] usb 2-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping [ 910.178879][ T46] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 910.188229][ T46] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 910.196320][ T46] usb 2-1: Product: syz [ 910.200619][ T46] usb 2-1: Manufacturer: syz [ 910.205257][ T46] usb 2-1: SerialNumber: syz [ 910.276285][ T7570] team0 (unregistering): Port device team_slave_0 removed [ 911.055294][ T46] cdc_ncm 2-1:1.1: bind() failure [ 911.074398][ T46] usb 2-1: USB disconnect, device number 48 [ 911.279582][T23879] loop0: detected capacity change from 0 to 128 [ 911.319796][ T29] kauditd_printk_skb: 23 callbacks suppressed [ 911.319829][ T29] audit: type=1800 audit(1727406325.168:287): pid=23879 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.6812" name="file1" dev="loop0" ino=1048939 res=0 errno=0 [ 911.387158][ T29] audit: type=1800 audit(1727406325.168:288): pid=23879 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.6812" name="file1" dev="loop0" ino=1048939 res=0 errno=0 [ 911.411676][T23879] FAT-fs (loop0): error, invalid FAT chain (i_pos 548, last_block 8) [ 911.434497][ T29] audit: type=1800 audit(1727406325.268:289): pid=23879 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.6812" name="file1" dev="loop0" ino=1048939 res=0 errno=0 [ 911.455974][T23879] FAT-fs (loop0): Filesystem has been set read-only [ 911.462906][T23879] FAT-fs (loop0): error, corrupted file size (i_pos 548, 522) [ 911.766042][T23781] chnl_net:caif_netlink_parms(): no params data found [ 911.783677][T23842] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6798'. [ 911.797736][T23842] (unnamed net_device) (uninitialized): Invalid ad_actor_system MAC address. [ 911.810867][T23842] (unnamed net_device) (uninitialized): option ad_actor_system: invalid value (15) [ 911.906612][T23891] loop0: detected capacity change from 0 to 512 [ 912.043703][T23891] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 912.089263][T23891] ext4 filesystem being mounted at /257/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 912.162477][T22710] Bluetooth: hci6: command tx timeout [ 912.168801][T23901] input input86: cannot allocate more than FF_MAX_EFFECTS effects [ 912.343013][T23891] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1217: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 912.374122][T23909] netlink: 16 bytes leftover after parsing attributes in process `syz.5.6822'. [ 912.387181][T23781] bridge0: port 1(bridge_slave_0) entered blocking state [ 912.430373][T23781] bridge0: port 1(bridge_slave_0) entered disabled state [ 912.466020][T23781] bridge_slave_0: entered allmulticast mode [ 912.502023][T23781] bridge_slave_0: entered promiscuous mode [ 912.560806][T23781] bridge0: port 2(bridge_slave_1) entered blocking state [ 912.576448][T23781] bridge0: port 2(bridge_slave_1) entered disabled state [ 912.599097][T23781] bridge_slave_1: entered allmulticast mode [ 912.625501][T19881] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 912.627107][T23781] bridge_slave_1: entered promiscuous mode [ 912.884141][T23781] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 913.041513][T23781] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 913.223443][T23935] netlink: 368 bytes leftover after parsing attributes in process `syz.0.6832'. [ 913.258777][T23781] team0: Port device team_slave_0 added [ 913.259442][ C0] IPv4: Oversized IP packet from 172.20.20.24 [ 913.285232][T23781] team0: Port device team_slave_1 added [ 913.487321][T23781] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 913.514148][T23781] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 913.553817][T23781] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 913.582692][T23781] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 913.606040][T23781] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 913.683989][T23781] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 913.779856][T17144] usb 6-1: new full-speed USB device number 40 using dummy_hcd [ 913.786374][T23781] hsr_slave_0: entered promiscuous mode [ 913.840668][T23781] hsr_slave_1: entered promiscuous mode [ 913.879956][T23781] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 913.907195][T23781] Cannot create hsr debugfs directory [ 913.924015][T23925] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 914.058861][T23956] loop1: detected capacity change from 0 to 64 [ 914.240108][T22710] Bluetooth: hci6: command tx timeout [ 914.270597][T23956] hfs: unable to load codepage "macromanin" [ 914.278507][T23956] hfs: unable to parse mount options [ 914.297722][T23954] loop4: detected capacity change from 0 to 32768 [ 914.306490][T23954] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.6841 (23954) [ 914.336189][T23954] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 914.347287][T23954] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [ 914.356122][T23954] BTRFS info (device loop4): using free-space-tree [ 914.365185][T17144] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 520, setting to 64 [ 914.377163][T17144] usb 6-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 6 [ 914.391766][T17144] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 914.403255][T17144] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 914.411479][T17144] usb 6-1: SerialNumber: syz [ 914.419528][T23943] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 914.517757][ T46] usb 1-1: new high-speed USB device number 58 using dummy_hcd [ 914.649148][T23943] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 914.682238][T23978] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 914.702414][ T46] usb 1-1: config 0 has an invalid interface number: 183 but max is 0 [ 914.711330][ T46] usb 1-1: config 0 has no interface number 0 [ 914.717470][ T46] usb 1-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=26.3d [ 914.728162][T23100] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 914.769210][ T46] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 914.822653][ T46] usb 1-1: config 0 descriptor?? [ 915.106597][T17144] cdc_ether 6-1:1.0 usb0: register 'cdc_ether' at usb-dummy_hcd.5-1, CDC Ethernet Device, 42:42:42:42:42:42 [ 915.286324][ T46] airspy 1-1:0.183: Board ID: 00 [ 915.291642][ T46] airspy 1-1:0.183: Firmware version: [ 915.312402][T23985] loop1: detected capacity change from 0 to 2048 [ 915.344208][ T5308] usb 6-1: USB disconnect, device number 40 [ 915.352952][ T5308] cdc_ether 6-1:1.0 usb0: unregister 'cdc_ether' usb-dummy_hcd.5-1, CDC Ethernet Device [ 915.419976][T23991] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 915.455208][ T29] audit: type=1800 audit(1727406329.338:290): pid=23985 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.6849" name="file2" dev="loop1" ino=16 res=0 errno=0 [ 915.533435][T23985] NILFS (loop1): vblocknr = 15 has abnormal lifetime: start cno (= 4128770) > current cno (= 3) [ 915.574714][T23985] NILFS error (device loop1): nilfs_bmap_propagate: broken bmap (inode number=16) [ 915.576028][T23781] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 915.630945][T23985] Remounting filesystem read-only [ 915.632803][T23781] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 915.704351][T23781] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 915.762273][T23781] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 915.777241][T21462] NILFS (loop1): disposed unprocessed dirty file(s) when stopping log writer [ 915.890110][ T46] airspy 1-1:0.183: usb_control_msg() failed -71 request 12 [ 915.909083][ T46] airspy 1-1:0.183: Registered as swradio16 [ 915.939860][ T46] airspy 1-1:0.183: SDR API is still slightly experimental and functionality changes may follow [ 915.971422][ T46] usb 1-1: USB disconnect, device number 58 [ 916.023614][T23781] 8021q: adding VLAN 0 to HW filter on device bond0 [ 916.076260][T23781] 8021q: adding VLAN 0 to HW filter on device team0 [ 916.170535][T22017] bridge0: port 1(bridge_slave_0) entered blocking state [ 916.177752][T22017] bridge0: port 1(bridge_slave_0) entered forwarding state [ 916.187522][T22017] bridge0: port 2(bridge_slave_1) entered blocking state [ 916.194834][T22017] bridge0: port 2(bridge_slave_1) entered forwarding state [ 916.251848][T23781] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 916.262366][T23781] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 916.440377][ T5304] usb 4-1: new high-speed USB device number 39 using dummy_hcd [ 916.612309][ T5304] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 916.616894][T23781] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 916.630899][ T5304] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 916.630963][ T5304] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 916.631031][ T5304] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 916.631114][ T5304] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 916.631170][ T5304] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 916.644043][ T5304] usb 4-1: config 0 descriptor?? [ 916.797336][T24007] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 916.829383][T23781] veth0_vlan: entered promiscuous mode [ 916.859092][T23781] veth1_vlan: entered promiscuous mode [ 916.933434][T23781] veth0_macvtap: entered promiscuous mode [ 916.957284][T23781] veth1_macvtap: entered promiscuous mode [ 917.002416][T24033] loop4: detected capacity change from 0 to 64 [ 917.007947][ T46] usb 1-1: new high-speed USB device number 59 using dummy_hcd [ 917.035678][T23781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 917.066797][T23781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 917.107620][T23781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 917.137846][T23781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 917.157057][T23781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 917.170387][T23781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 917.185345][T23781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 917.196162][T23781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 917.209645][T23781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 917.209997][ T46] usb 1-1: Using ep0 maxpacket: 32 [ 917.222212][T23781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 917.231828][ T46] usb 1-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be [ 917.245722][ T46] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 917.270638][T23781] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 917.277108][ T46] usb 1-1: config 0 descriptor?? [ 917.285491][ T5304] plantronics 0003:047F:FFFF.004D: unknown main item tag 0xd [ 917.287331][T23781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 917.314726][ T5304] plantronics 0003:047F:FFFF.004D: No inputs registered, leaving [ 917.332133][ T46] gspca_main: vc032x-2.14.0 probing 0ac8:0321 [ 917.339805][T23781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 917.344679][ T5304] plantronics 0003:047F:FFFF.004D: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 917.349647][T23781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 917.349682][T23781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 917.349711][T23781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 917.350239][ T5292] usb 6-1: new high-speed USB device number 41 using dummy_hcd [ 917.410333][T23781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 917.420575][T23781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 917.431951][T23781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 917.443686][T23781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 917.454801][T23781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 917.466618][T23781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 917.477283][T23781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 917.489653][T23781] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 917.548212][T23781] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 917.577800][T23781] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 917.590667][T23781] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 917.609932][T23781] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 917.621326][ T5292] usb 6-1: Using ep0 maxpacket: 8 [ 917.634354][ T5292] usb 6-1: New USB device found, idVendor=0c45, idProduct=6128, bcdDevice=c4.6d [ 917.644855][ T5292] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 917.651869][ T5304] usb 4-1: USB disconnect, device number 39 [ 917.672083][ T5292] usb 6-1: Product: syz [ 917.688627][ T5292] usb 6-1: Manufacturer: syz [ 917.702231][ T5292] usb 6-1: SerialNumber: syz [ 917.739500][ T5292] usb 6-1: config 0 descriptor?? [ 917.774949][ T5292] gspca_main: sonixj-2.14.0 probing 0c45:6128 [ 917.838033][T22004] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 917.874104][T22004] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 917.885670][T24047] loop4: detected capacity change from 0 to 512 [ 917.921935][T22004] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 917.930147][ T1843] usb 2-1: new high-speed USB device number 49 using dummy_hcd [ 917.952277][ T46] gspca_vc032x: reg_w err -71 [ 917.957005][ T46] gspca_vc032x: I2c Bus Busy Wait 00 [ 917.968289][T22004] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 917.986844][ T46] gspca_vc032x: I2c Bus Busy Wait 00 [ 917.988008][T24047] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 917.994282][ T46] gspca_vc032x: I2c Bus Busy Wait 00 [ 918.024371][T24047] ext4 filesystem being mounted at /41/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 918.089985][ T46] gspca_vc032x: I2c Bus Busy Wait 00 [ 918.095328][ T46] gspca_vc032x: I2c Bus Busy Wait 00 [ 918.106033][ T1843] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 918.136612][ T1843] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 918.145676][ T46] gspca_vc032x: I2c Bus Busy Wait 00 [ 918.157220][ T46] gspca_vc032x: I2c Bus Busy Wait 00 [ 918.175433][ T1843] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 918.184798][ T46] gspca_vc032x: I2c Bus Busy Wait 00 [ 918.206406][ T46] gspca_vc032x: I2c Bus Busy Wait 00 [ 918.214135][ T1843] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 918.234082][ T46] gspca_vc032x: I2c Bus Busy Wait 00 [ 918.240560][ T1843] usb 2-1: SerialNumber: syz [ 918.246865][ T46] gspca_vc032x: I2c Bus Busy Wait 00 [ 918.253678][ T46] gspca_vc032x: I2c Bus Busy Wait 00 [ 918.259166][ T46] gspca_vc032x: I2c Bus Busy Wait 00 [ 918.265268][ T46] gspca_vc032x: I2c Bus Busy Wait 00 [ 918.270684][ T46] gspca_vc032x: I2c Bus Busy Wait 00 [ 918.276058][ T46] gspca_vc032x: I2c Bus Busy Wait 00 [ 918.281539][T23100] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 918.291312][ T46] gspca_vc032x: I2c Bus Busy Wait 00 [ 918.296968][ T46] gspca_vc032x: I2c Bus Busy Wait 00 [ 918.305722][ T46] gspca_vc032x: Unknown sensor... [ 918.357060][ T46] vc032x 1-1:0.0: probe with driver vc032x failed with error -22 [ 918.393109][T24058] IPVS: sync thread started: state = MASTER, mcast_ifn = ip6gre0, syncid = 0, id = 0 [ 918.407014][T24054] IPVS: stopping master sync thread 24058 ... [ 918.438134][ T46] usb 1-1: USB disconnect, device number 59 [ 918.488069][ T1843] usb 2-1: 0:2 : does not exist [ 918.518542][ T1843] usb 2-1: usbmixer: too many channels (61) in unit 5 [ 918.607503][ T1843] usb 2-1: USB disconnect, device number 49 [ 919.025007][T24062] loop3: detected capacity change from 0 to 32768 [ 919.041371][ T5292] gspca_sonixj: reg_w err -71 [ 919.046229][ T5292] sonixj 6-1:0.0: probe with driver sonixj failed with error -71 [ 919.057754][ T5292] usb 6-1: USB disconnect, device number 41 [ 919.072699][T24062] Dev loop3 SGI disklabel: csum bad, label corrupted [ 919.187017][T24073] netlink: 'syz.0.6882': attribute type 1 has an invalid length. [ 919.602899][ T5292] usb 3-1: new high-speed USB device number 50 using dummy_hcd [ 919.800123][ T5292] usb 3-1: Using ep0 maxpacket: 16 [ 919.819572][ T5292] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 919.841619][T24095] loop3: detected capacity change from 0 to 256 [ 919.865951][ T5292] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 919.910713][ T5292] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 919.929805][ T5292] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 919.950426][ T5308] usb 5-1: new high-speed USB device number 43 using dummy_hcd [ 919.953229][ T5292] usb 3-1: config 0 descriptor?? [ 920.150493][ T5308] usb 5-1: Using ep0 maxpacket: 16 [ 920.155326][ T29] audit: type=1326 audit(1727406334.038:291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24104 comm="syz.0.6898" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0136b7df39 code=0x0 [ 920.210078][ T5308] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 920.221444][ T5308] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 920.234423][ T5308] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 920.243840][ T5308] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 920.273906][ T5308] usb 5-1: config 0 descriptor?? [ 920.338504][ T7570] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 920.342867][T24111] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 920.346691][ T7570] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 920.385241][T24112] netlink: 20 bytes leftover after parsing attributes in process `syz.5.6900'. [ 920.403398][ T5292] usbhid 3-1:0.0: can't add hid device: -71 [ 920.409684][ T5292] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 920.430388][ T5292] usb 3-1: USB disconnect, device number 50 [ 920.579489][T24117] netlink: 4 bytes leftover after parsing attributes in process `syz.5.6901'. [ 920.600162][T24117] (unnamed net_device) (uninitialized): Invalid ad_actor_system MAC address. [ 920.609126][T24117] (unnamed net_device) (uninitialized): option ad_actor_system: invalid value (15) [ 920.723978][T24085] raw-gadget.1 gadget.4: fail, usb_ep_set_wedge returned -11 [ 920.736153][ T5308] usbhid 5-1:0.0: can't add hid device: -71 [ 920.742541][ T5308] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 920.752810][ T5308] usb 5-1: USB disconnect, device number 43 [ 921.103435][T24120] loop5: detected capacity change from 0 to 32768 [ 921.151708][T24120] Dev loop5 SGI disklabel: csum bad, label corrupted [ 921.201914][T24123] binder: 24121:24123 ioctl c0306201 200001c0 returned -14 [ 921.228562][ T29] audit: type=1326 audit(1727406335.108:292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24124 comm="syz.2.6904" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff866f7df39 code=0x7ffc0000 [ 921.319873][ T29] audit: type=1326 audit(1727406335.138:293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24124 comm="syz.2.6904" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff866f7df39 code=0x7ffc0000 [ 921.401893][ T29] audit: type=1326 audit(1727406335.138:294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24124 comm="syz.2.6904" exe="/root/syz-executor" sig=0 arch=c000003e syscall=97 compat=0 ip=0x7ff866f7df39 code=0x7ffc0000 [ 921.509873][ T29] audit: type=1326 audit(1727406335.138:295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24124 comm="syz.2.6904" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff866f7df39 code=0x7ffc0000 [ 921.603610][ T29] audit: type=1326 audit(1727406335.138:296): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24124 comm="syz.2.6904" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff866f7df39 code=0x7ffc0000 [ 921.771543][T24142] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.6912'. [ 921.811136][T24142] openvswitch: netlink: Multiple metadata blocks provided [ 921.829096][T24147] vivid-002: disconnect [ 921.851725][T24139] vivid-002: reconnect [ 922.190153][T24155] loop0: detected capacity change from 0 to 2048 [ 922.240236][T24155] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 922.272909][T24155] syz.0.6917: attempt to access beyond end of device [ 922.272909][T24155] loop0: rw=524288, sector=33554430, nr_sectors = 2 limit=2048 [ 922.287593][T24163] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 922.447431][ T5308] usb 5-1: new high-speed USB device number 44 using dummy_hcd [ 922.499420][T24171] tipc: Failed to obtain node identity [ 922.506069][T24171] tipc: Enabling of bearer rejected, failed to enable media [ 922.583164][T17144] usb 2-1: new full-speed USB device number 50 using dummy_hcd [ 922.602119][ T5308] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 922.620804][ T5304] usb 6-1: new high-speed USB device number 42 using dummy_hcd [ 922.654632][ T5308] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 922.668228][T24174] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.6939'. [ 922.696979][ T5308] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 922.716730][ T5308] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 922.745325][ T5308] usb 5-1: SerialNumber: syz [ 922.768216][T17144] usb 2-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 922.787823][T17144] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 922.789915][ T5304] usb 6-1: Using ep0 maxpacket: 32 [ 922.798362][T17144] usb 2-1: Product: syz [ 922.830734][T17144] usb 2-1: Manufacturer: syz [ 922.845991][T17144] usb 2-1: SerialNumber: syz [ 922.854774][ T5304] usb 6-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb [ 922.865266][ T5304] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 922.875128][T17144] usb 2-1: config 0 descriptor?? [ 922.900002][ T5292] usb 3-1: new full-speed USB device number 51 using dummy_hcd [ 922.920166][ T5304] usb 6-1: Product: syz [ 922.936812][ T5304] usb 6-1: Manufacturer: syz [ 922.972961][ T5304] usb 6-1: SerialNumber: syz [ 922.987426][ T5308] usb 5-1: 0:2 : does not exist [ 923.015336][ T5304] usb 6-1: config 0 descriptor?? [ 923.025132][ T5304] gspca_main: ov534_9-2.14.0 probing 05a9:1550 [ 923.032725][ T5308] usb 5-1: unit 255 not found! [ 923.073174][ T5292] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 520, setting to 64 [ 923.111786][ T5308] usb 5-1: USB disconnect, device number 44 [ 923.125905][ T5292] usb 3-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 6 [ 923.181844][ T5292] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 923.200765][ T5292] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 923.240046][ T5292] usb 3-1: SerialNumber: syz [ 923.271187][T24176] raw-gadget.3 gadget.2: fail, usb_ep_enable returned -22 [ 923.343625][T17144] usb 2-1: Firmware: major: 0, minor: 0, hardware type: ATUSB (0) [ 923.375606][T17144] usb 2-1: Firmware version (0.0) predates our first public release. [ 923.386324][T17144] usb 2-1: Please update to version 0.2 or newer [ 923.524843][T24176] raw-gadget.3 gadget.2: fail, usb_ep_enable returned -22 [ 923.623589][T17144] usb 2-1: USB disconnect, device number 50 [ 923.725706][ T5304] gspca_ov534_9: reg_w failed -71 [ 923.789992][T24184] loop0: detected capacity change from 0 to 2048 [ 923.848447][T24189] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 923.901605][T24192] veth0_macvtap: left promiscuous mode [ 923.951808][ T29] audit: type=1800 audit(1727406337.818:297): pid=24184 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.6929" name="file2" dev="loop0" ino=16 res=0 errno=0 [ 923.976550][T24184] NILFS (loop0): vblocknr = 15 has abnormal lifetime: start cno (= 4128770) > current cno (= 3) [ 924.000527][T24184] NILFS error (device loop0): nilfs_bmap_propagate: broken bmap (inode number=16) [ 924.059930][T24184] Remounting filesystem read-only [ 924.106582][ T5292] cdc_ether 3-1:1.0 usb0: register 'cdc_ether' at usb-dummy_hcd.2-1, CDC Ethernet Device, 42:42:42:42:42:42 [ 924.130000][ T5304] gspca_ov534_9: Unknown sensor 0000 [ 924.130092][ T5304] ov534_9 6-1:0.0: probe with driver ov534_9 failed with error -22 [ 924.174363][ T5304] usb 6-1: USB disconnect, device number 42 [ 924.230593][ T5292] usb 3-1: USB disconnect, device number 51 [ 924.236944][T19881] NILFS (loop0): disposed unprocessed dirty file(s) when stopping log writer [ 924.238504][ T5292] cdc_ether 3-1:1.0 usb0: unregister 'cdc_ether' usb-dummy_hcd.2-1, CDC Ethernet Device [ 924.266070][T24194] loop3: detected capacity change from 0 to 256 [ 924.300814][T24194] exfat: Deprecated parameter 'namecase' [ 924.306723][T24194] exfat: Deprecated parameter 'utf8' [ 924.350981][T24194] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d) [ 924.451672][T24196] loop1: detected capacity change from 0 to 512 [ 924.478910][T24196] EXT4-fs (loop1): warning: mounting unchecked fs, running e2fsck is recommended [ 924.501074][T24196] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006] [ 924.544510][T24196] System zones: 0-2, 18-18, 34-35 [ 924.565238][T24196] EXT4-fs (loop1): mounted filesystem 00000000-0700-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 924.793345][T24207] tipc: Failed to obtain node identity [ 924.799307][T24207] tipc: Enabling of bearer rejected, failed to enable media [ 924.829037][T24209] loop0: detected capacity change from 0 to 2048 [ 924.856721][T24209] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 924.890217][T24045] usb 2-1: new full-speed USB device number 51 using dummy_hcd [ 925.030864][T24216] loop2: detected capacity change from 0 to 512 [ 925.068201][T24045] usb 2-1: config 0 has an invalid interface number: 52 but max is 0 [ 925.079539][ T7570] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1217: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 925.111664][T24045] usb 2-1: config 0 has an invalid descriptor of length 229, skipping remainder of the config [ 925.140681][T24045] usb 2-1: config 0 has no interface number 0 [ 925.147018][ T7570] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 5 with error 28 [ 925.159973][T24045] usb 2-1: config 0 interface 52 altsetting 1 endpoint 0x8A has invalid maxpacket 52412, setting to 64 [ 925.190966][T24204] EXT4-fs error (device loop1): ext4_validate_block_bitmap:440: comm ext4lazyinit: bg 0: block 224: padding at end of block bitmap is not set [ 925.199266][T24216] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 925.218587][ T7570] EXT4-fs (loop0): This should not happen!! Data will be lost [ 925.218587][ T7570] [ 925.230601][T24045] usb 2-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 925.230834][ T7570] EXT4-fs (loop0): Total free blocks count 0 [ 925.243590][T24045] usb 2-1: config 0 interface 52 has no altsetting 0 [ 925.246428][T24045] usb 2-1: New USB device found, idVendor=06cb, idProduct=0007, bcdDevice= 0.00 [ 925.249964][T24216] ext4 filesystem being mounted at /12/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 925.256607][T24045] usb 2-1: New USB device strings: Mfr=0, Product=149, SerialNumber=35 [ 925.279810][ T7570] EXT4-fs (loop0): Free/Dirty block details [ 925.286301][T24045] usb 2-1: Product: syz [ 925.295988][T24045] usb 2-1: SerialNumber: syz [ 925.304806][T24045] usb 2-1: config 0 descriptor?? [ 925.361248][ T7570] EXT4-fs (loop0): free_blocks=2415919104 [ 925.367150][ T7570] EXT4-fs (loop0): dirty_blocks=16 [ 925.412145][ T7570] EXT4-fs (loop0): Block reservation details [ 925.418297][ T7570] EXT4-fs (loop0): i_reserved_data_blocks=1 [ 925.430997][T19881] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 925.505605][ T1098] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 925.540737][T24045] input: syz (Stick) as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.52/input/input88 [ 925.600781][T23781] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 925.782373][T24045] usb 2-1: USB disconnect, device number 51 [ 925.897668][ T1098] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 926.060816][ T5232] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 926.073203][ T5232] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 926.085930][ T5232] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 926.133586][ T5232] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 926.145668][ T5232] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 926.156503][ T5232] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 926.279273][ T1098] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 926.315160][T24247] loop2: detected capacity change from 0 to 2048 [ 926.359895][ T5308] usb 1-1: new full-speed USB device number 60 using dummy_hcd [ 926.420576][T24248] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 926.460094][T21462] EXT4-fs (loop1): unmounting filesystem 00000000-0700-0000-0000-000000000000. [ 926.464763][T24250] loop4: detected capacity change from 0 to 512 [ 926.520302][ T29] audit: type=1800 audit(1727406340.398:298): pid=24247 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.6956" name="file2" dev="loop2" ino=16 res=0 errno=0 [ 926.567723][ T1098] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 926.581356][T24250] EXT4-fs (loop4): mounted filesystem 00800000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 926.595301][T24247] NILFS (loop2): vblocknr = 15 has abnormal lifetime: start cno (= 4128770) > current cno (= 3) [ 926.606457][T24247] NILFS error (device loop2): nilfs_bmap_propagate: broken bmap (inode number=16) [ 926.621515][T24247] Remounting filesystem read-only [ 926.654559][ T5308] usb 1-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 926.664066][ T5308] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 926.690949][T23781] NILFS (loop2): disposed unprocessed dirty file(s) when stopping log writer [ 926.724049][ T5308] usb 1-1: Product: syz [ 926.728370][ T5308] usb 1-1: Manufacturer: syz [ 926.752624][T24250] Quota error (device loop4): v2_read_file_info: Free block number 58381 out of range (1, 6). [ 926.773985][ T5308] usb 1-1: SerialNumber: syz [ 926.795845][T24256] loop2: detected capacity change from 0 to 512 [ 926.812850][T24250] EXT4-fs warning (device loop4): ext4_enable_quotas:7093: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 926.841081][ T5308] usb 1-1: config 0 descriptor?? [ 926.888984][T24256] EXT4-fs error (device loop2): ext4_get_branch:178: inode #11: block 4294967295: comm syz.2.6958: invalid block [ 926.927030][T24256] EXT4-fs error (device loop2): ext4_free_branches:1020: inode #11: comm syz.2.6958: invalid indirect mapped block 4294967295 (level 1) [ 927.047653][T24256] EXT4-fs error (device loop2): ext4_free_branches:1020: inode #11: comm syz.2.6958: invalid indirect mapped block 4294967295 (level 1) [ 927.145307][T24256] EXT4-fs (loop2): 2 truncates cleaned up [ 927.152926][T24256] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 927.173692][T23100] EXT4-fs (loop4): unmounting filesystem 00800000-0000-0000-0000-000000000000. [ 927.304935][T24233] chnl_net:caif_netlink_parms(): no params data found [ 927.469709][ T1098] bridge_slave_1: left allmulticast mode [ 927.476556][ T1098] bridge_slave_1: left promiscuous mode [ 927.492149][ T1098] bridge0: port 2(bridge_slave_1) entered disabled state [ 927.500594][ T5308] usb 1-1: Firmware: major: 0, minor: 0, hardware type: ATUSB (0) [ 927.505973][T23781] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 927.508757][ T5308] usb 1-1: Firmware version (0.0) predates our first public release. [ 927.526891][ T5308] usb 1-1: Please update to version 0.2 or newer [ 927.527483][ T1098] bridge_slave_0: left allmulticast mode [ 927.546470][ T1098] bridge_slave_0: left promiscuous mode [ 927.562515][ T1098] bridge0: port 1(bridge_slave_0) entered disabled state [ 928.245525][T22710] Bluetooth: hci5: command tx timeout [ 928.440050][T24045] usb 3-1: new high-speed USB device number 52 using dummy_hcd [ 928.602295][T24045] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 928.613298][T24045] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 928.624312][T24045] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 928.634038][T24045] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 928.644409][T24045] usb 3-1: SerialNumber: syz [ 928.733888][ T1098] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 928.752994][ T1098] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 928.769634][ T1098] bond0 (unregistering): Released all slaves [ 928.872184][T24045] usb 3-1: 0:2 : does not exist [ 928.883493][T24045] usb 3-1: unit 255 not found! [ 928.907001][T24045] usb 3-1: USB disconnect, device number 52 [ 928.972667][T24285] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 928.990179][ T5308] usb 1-1: USB disconnect, device number 60 [ 929.000129][T22004] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 929.020998][T22004] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 929.035244][T24233] bridge0: port 1(bridge_slave_0) entered blocking state [ 929.053998][T24233] bridge0: port 1(bridge_slave_0) entered disabled state [ 929.067606][ C0] ------------[ cut here ]------------ [ 929.073946][ C0] no supported rates for sta (null) (0xffffffff, band 0) in rate_mask 0x0 with flags 0x0 [ 929.085301][ C0] WARNING: CPU: 0 PID: 0 at net/mac80211/rate.c:380 __rate_control_send_low+0x6d9/0x800 [ 929.095112][ C0] Modules linked in: [ 929.099151][ C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.11.0-syzkaller-11558-g075dbe9f6e3c #0 [ 929.109283][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 929.119537][ C0] RIP: 0010:__rate_control_send_low+0x6d9/0x800 [ 929.125869][ C0] Code: a4 a0 d4 00 00 00 e8 f6 92 ff f6 44 8b 44 24 3c 45 89 e9 89 d9 48 8b 74 24 18 44 89 e2 48 c7 c7 00 0c bf 8c e8 78 a2 c0 f6 90 <0f> 0b 90 90 e9 ff fc ff ff 48 8b 7c 24 30 e8 34 2a 60 f7 e9 e1 fb [ 929.146088][ C0] RSP: 0018:ffffc90000007940 EFLAGS: 00010282 [ 929.152207][ C0] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff814e01e9 [ 929.160241][ C0] RDX: ffffffff8de957c0 RSI: ffffffff814e01f6 RDI: 0000000000000001 [ 929.168232][ C0] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 [ 929.176247][ C0] R10: 0000000000000000 R11: 0000000000000000 R12: 00000000ffffffff [ 929.184261][ C0] R13: 0000000000000000 R14: 000000000000000c R15: dffffc0000000000 [ 929.192299][ C0] FS: 0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 929.201337][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 929.208251][ C0] CR2: 0000001b30618ff8 CR3: 0000000049392000 CR4: 0000000000350ef0 [ 929.216307][ C0] Call Trace: [ 929.219652][ C0] [ 929.222556][ C0] ? __warn+0xea/0x3d0 [ 929.226671][ C0] ? __iterate_interfaces+0x2d3/0x5d0 [ 929.232124][ C0] ? __rate_control_send_low+0x6d9/0x800 [ 929.237857][ C0] ? report_bug+0x3c0/0x580 [ 929.242427][ C0] ? handle_bug+0x54/0xa0 [ 929.246805][ C0] ? exc_invalid_op+0x17/0x50 [ 929.251547][ C0] ? asm_exc_invalid_op+0x1a/0x20 [ 929.256633][ C0] ? __warn_printk+0x199/0x350 [ 929.261508][ C0] ? __warn_printk+0x1a6/0x350 [ 929.266460][ C0] ? __rate_control_send_low+0x6d9/0x800 [ 929.272181][ C0] rate_control_send_low+0x29a/0x820 [ 929.277498][ C0] ? trace_kmem_cache_alloc+0x2d/0xe0 [ 929.282955][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 929.288665][ C0] ? kmem_cache_alloc_node_noprof+0x1a2/0x310 [ 929.294841][ C0] rate_control_get_rate+0x1be/0x590 [ 929.300197][ C0] ieee80211_beacon_get_finish+0x468/0x670 [ 929.306059][ C0] ? __pfx_ieee80211_beacon_get_finish+0x10/0x10 [ 929.312564][ C0] ? lock_sync+0xc0/0x190 [ 929.316954][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 929.322662][ C0] __ieee80211_beacon_get+0xdbe/0x16b0 [ 929.328166][ C0] ieee80211_beacon_get_tim+0xa7/0x280 [ 929.333682][ C0] ? __pfx_ieee80211_beacon_get_tim+0x10/0x10 [ 929.339856][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 929.345643][ C0] mac80211_hwsim_beacon_tx+0x4ea/0xa00 [ 929.351265][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 929.356949][ C0] ? find_held_lock+0x2d/0x110 [ 929.361774][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 929.367456][ C0] __iterate_interfaces+0x2d3/0x5d0 [ 929.372709][ C0] ? __pfx_mac80211_hwsim_beacon_tx+0x10/0x10 [ 929.378814][ C0] ? __pfx_mac80211_hwsim_beacon_tx+0x10/0x10 [ 929.384932][ C0] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 929.390976][ C0] ieee80211_iterate_active_interfaces_atomic+0x71/0x1b0 [ 929.398063][ C0] mac80211_hwsim_beacon+0x105/0x200 [ 929.403444][ C0] __hrtimer_run_queues+0x20f/0xcc0 [ 929.408708][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 929.414498][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 929.420276][ C0] ? ktime_get_update_offsets_now+0x201/0x310 [ 929.426389][ C0] hrtimer_run_softirq+0x17d/0x350 [ 929.431551][ C0] handle_softirqs+0x216/0x8f0 [ 929.436445][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 929.441791][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 929.447468][ C0] irq_exit_rcu+0xbb/0x120 [ 929.451934][ C0] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 929.457600][ C0] [ 929.460568][ C0] [ 929.463685][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 929.469716][ C0] RIP: 0010:acpi_safe_halt+0x1a/0x20 [ 929.475106][ C0] Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 65 48 8b 05 38 e7 e5 74 48 8b 00 a8 08 75 0c eb 07 0f 00 2d 68 29 bf 00 fb f4 e9 6b 4c 32 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 929.494979][ C0] RSP: 0018:ffffffff8de07d70 EFLAGS: 00000246 [ 929.501207][ C0] RAX: 0000000000004000 RBX: 0000000000000001 RCX: ffffffff8b1dd7b9 [ 929.509307][ C0] RDX: 0000000000000001 RSI: ffff88814369f000 RDI: ffff88814369f064 [ 929.517612][ C0] RBP: ffff88814369f064 R08: 0000000000000001 R09: ffffed10170c7025 [ 929.525633][ C0] R10: ffff8880b863812b R11: 0000000000000000 R12: ffff888146af9800 [ 929.533646][ C0] R13: ffffffff8ee117e0 R14: 0000000000000000 R15: 0000000000000000 [ 929.541670][ C0] ? ct_kernel_exit+0x139/0x190 [ 929.546669][ C0] acpi_idle_enter+0xc5/0x160 [ 929.551407][ C0] cpuidle_enter_state+0xad/0x4f0 [ 929.556479][ C0] ? __pfx_tsc_verify_tsc_adjust+0x10/0x10 [ 929.562383][ C0] cpuidle_enter+0x4e/0xa0 [ 929.566862][ C0] do_idle+0x313/0x3f0 [ 929.571033][ C0] ? __pfx_do_idle+0x10/0x10 [ 929.575678][ C0] cpu_startup_entry+0x4f/0x60 [ 929.580661][ C0] rest_init+0x16b/0x2b0 [ 929.585077][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 929.590825][ C0] ? __pfx_x86_late_time_init+0x10/0x10 [ 929.596549][ C0] start_kernel+0x3e4/0x4d0 [ 929.601155][ C0] x86_64_start_reservations+0x18/0x30 [ 929.606668][ C0] x86_64_start_kernel+0xb2/0xc0 [ 929.611788][ C0] common_startup_64+0x13e/0x148 [ 929.616836][ C0] [ 929.619919][ C0] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 929.627239][ C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.11.0-syzkaller-11558-g075dbe9f6e3c #0 [ 929.637267][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 929.647628][ C0] Call Trace: [ 929.650934][ C0] [ 929.653824][ C0] dump_stack_lvl+0x3d/0x1f0 [ 929.658467][ C0] panic+0x71d/0x800 [ 929.662420][ C0] ? __pfx_panic+0x10/0x10 [ 929.667003][ C0] ? show_trace_log_lvl+0x29d/0x3d0 [ 929.672437][ C0] ? check_panic_on_warn+0x1f/0xb0 [ 929.677593][ C0] ? __rate_control_send_low+0x6d9/0x800 [ 929.683263][ C0] check_panic_on_warn+0xab/0xb0 [ 929.688265][ C0] __warn+0xf6/0x3d0 [ 929.692224][ C0] ? __iterate_interfaces+0x2d3/0x5d0 [ 929.697628][ C0] ? __rate_control_send_low+0x6d9/0x800 [ 929.703336][ C0] report_bug+0x3c0/0x580 [ 929.707714][ C0] handle_bug+0x54/0xa0 [ 929.711937][ C0] exc_invalid_op+0x17/0x50 [ 929.716485][ C0] asm_exc_invalid_op+0x1a/0x20 [ 929.721655][ C0] RIP: 0010:__rate_control_send_low+0x6d9/0x800 [ 929.727956][ C0] Code: a4 a0 d4 00 00 00 e8 f6 92 ff f6 44 8b 44 24 3c 45 89 e9 89 d9 48 8b 74 24 18 44 89 e2 48 c7 c7 00 0c bf 8c e8 78 a2 c0 f6 90 <0f> 0b 90 90 e9 ff fc ff ff 48 8b 7c 24 30 e8 34 2a 60 f7 e9 e1 fb [ 929.747644][ C0] RSP: 0018:ffffc90000007940 EFLAGS: 00010282 [ 929.753843][ C0] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff814e01e9 [ 929.762074][ C0] RDX: ffffffff8de957c0 RSI: ffffffff814e01f6 RDI: 0000000000000001 [ 929.770276][ C0] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 [ 929.778269][ C0] R10: 0000000000000000 R11: 0000000000000000 R12: 00000000ffffffff [ 929.786294][ C0] R13: 0000000000000000 R14: 000000000000000c R15: dffffc0000000000 [ 929.794344][ C0] ? __warn_printk+0x199/0x350 [ 929.799272][ C0] ? __warn_printk+0x1a6/0x350 [ 929.804101][ C0] rate_control_send_low+0x29a/0x820 [ 929.809434][ C0] ? trace_kmem_cache_alloc+0x2d/0xe0 [ 929.814876][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 929.820573][ C0] ? kmem_cache_alloc_node_noprof+0x1a2/0x310 [ 929.826792][ C0] rate_control_get_rate+0x1be/0x590 [ 929.832231][ C0] ieee80211_beacon_get_finish+0x468/0x670 [ 929.838101][ C0] ? __pfx_ieee80211_beacon_get_finish+0x10/0x10 [ 929.844497][ C0] ? lock_sync+0xc0/0x190 [ 929.848892][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 929.854586][ C0] __ieee80211_beacon_get+0xdbe/0x16b0 [ 929.860122][ C0] ieee80211_beacon_get_tim+0xa7/0x280 [ 929.865738][ C0] ? __pfx_ieee80211_beacon_get_tim+0x10/0x10 [ 929.871953][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 929.877647][ C0] mac80211_hwsim_beacon_tx+0x4ea/0xa00 [ 929.883244][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 929.889122][ C0] ? find_held_lock+0x2d/0x110 [ 929.894044][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 929.900003][ C0] __iterate_interfaces+0x2d3/0x5d0 [ 929.905238][ C0] ? __pfx_mac80211_hwsim_beacon_tx+0x10/0x10 [ 929.911458][ C0] ? __pfx_mac80211_hwsim_beacon_tx+0x10/0x10 [ 929.917670][ C0] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 929.923553][ C0] ieee80211_iterate_active_interfaces_atomic+0x71/0x1b0 [ 929.930651][ C0] mac80211_hwsim_beacon+0x105/0x200 [ 929.935987][ C0] __hrtimer_run_queues+0x20f/0xcc0 [ 929.941249][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 929.947028][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 929.952710][ C0] ? ktime_get_update_offsets_now+0x201/0x310 [ 929.958901][ C0] hrtimer_run_softirq+0x17d/0x350 [ 929.964058][ C0] handle_softirqs+0x216/0x8f0 [ 929.968949][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 929.974287][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 929.980076][ C0] irq_exit_rcu+0xbb/0x120 [ 929.984567][ C0] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 929.990240][ C0] [ 929.993194][ C0] [ 929.996143][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 930.002158][ C0] RIP: 0010:acpi_safe_halt+0x1a/0x20 [ 930.007486][ C0] Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 65 48 8b 05 38 e7 e5 74 48 8b 00 a8 08 75 0c eb 07 0f 00 2d 68 29 bf 00 fb f4 e9 6b 4c 32 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 930.027248][ C0] RSP: 0018:ffffffff8de07d70 EFLAGS: 00000246 [ 930.033383][ C0] RAX: 0000000000004000 RBX: 0000000000000001 RCX: ffffffff8b1dd7b9 [ 930.041410][ C0] RDX: 0000000000000001 RSI: ffff88814369f000 RDI: ffff88814369f064 [ 930.049409][ C0] RBP: ffff88814369f064 R08: 0000000000000001 R09: ffffed10170c7025 [ 930.057437][ C0] R10: ffff8880b863812b R11: 0000000000000000 R12: ffff888146af9800 [ 930.065446][ C0] R13: ffffffff8ee117e0 R14: 0000000000000000 R15: 0000000000000000 [ 930.073460][ C0] ? ct_kernel_exit+0x139/0x190 [ 930.078372][ C0] acpi_idle_enter+0xc5/0x160 [ 930.083283][ C0] cpuidle_enter_state+0xad/0x4f0 [ 930.088438][ C0] ? __pfx_tsc_verify_tsc_adjust+0x10/0x10 [ 930.094330][ C0] cpuidle_enter+0x4e/0xa0 [ 930.098989][ C0] do_idle+0x313/0x3f0 [ 930.103779][ C0] ? __pfx_do_idle+0x10/0x10 [ 930.108551][ C0] cpu_startup_entry+0x4f/0x60 [ 930.113398][ C0] rest_init+0x16b/0x2b0 [ 930.117722][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 930.123523][ C0] ? __pfx_x86_late_time_init+0x10/0x10 [ 930.129387][ C0] start_kernel+0x3e4/0x4d0 [ 930.133983][ C0] x86_64_start_reservations+0x18/0x30 [ 930.139508][ C0] x86_64_start_kernel+0xb2/0xc0 [ 930.144591][ C0] common_startup_64+0x13e/0x148 [ 930.149612][ C0] [ 930.152985][ C0] Kernel Offset: disabled [ 930.157344][ C0] Rebooting in 86400 seconds..