last executing test programs: 42m37.174288667s ago: executing program 32 (id=223): capset(&(0x7f0000000380)={0x20080522}, &(0x7f0000000040)={0x200000, 0x200003, 0x3, 0x0, 0x7, 0x400}) r0 = socket(0x2b, 0x80801, 0x1) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, 0x0, 0x53a) 41m54.640856948s ago: executing program 33 (id=366): syz_mount_image$ext4(&(0x7f0000000440)='ext4\x00', &(0x7f0000000480)='./file1\x00', 0x9, &(0x7f0000000000)={[{@nombcache}, {@jqfmt_vfsv0}, {@abort}, {}, {@noquota}, {@usrjquota, 0x2e}], [], 0x2e}, 0x6, 0x48d, &(0x7f0000000980)="$eJzs3EtvG1UbAOB3xnV6/5qv3wV6AQIFEXFJmrRAF2xAIHWDhARIZRnStCpNG9QEiVYVTREqS9RfACyR+AWsYIOAFYgtSGyQEFKFuqGwGjT2TOpcHGzHjil+HsntOTNnfM47M8c+MyfjAAbWSP5PErErIr4fithTzy4vMFL/79bNy9O/37w8nUSWvfRrUiv3283L02XRcrudRWY0jUjfTeLAGvXOX7x0dmp2duZCkR9fOPfG+PzFS4+fOTd1eub0zPnJY8eOHpl46snJJ7oS5+68rfvfnju47/ir11+YPnH9ta8+yZfvKtY3xlE33PJ7b2+yfCRGlu/LBg9F/JRlWct1/N3tbkgnW/rYENpSiYj8cFXz/h97ohK3D96eeP6dvjYO6Kksy7Ktq5ZWysRiBvyDJdF0VbqpDQE2WflFn1//lq9NHH703Y1n6hdAedy3ild9zZZIizLVFde33TQSEScW//ggf8Wa9yEAALrrs3z889ha4780/t9Q7l9Rnxsajoh/R8TeiPhPRPw3Iv4XUSt7V0Tc3Wb9Iyvyq8c/3zabXumKfPz3dDG3dXv8N1SLvzBcKXK7a/FXk1NnZmcOF/tkNKpb8/zEOnV8/tx37y9lti1f1zj+y195/eVYsC79ZcuKG3QnpxamuhB6zY2rS4GuGP8mSzMBSUTsi4j9Hbx/vs/OPPLxwWbr/zr+dXRhnin7KOLh+vFfjBXxl5L15yfHt8XszOHx8qxY7etvrr3YrP4Nxd8FN65G7Fh1/kdj/MNJ43ztfPt1XPvhvabXNJ2e/0PJy7X0ULHsramFhQsTEUPJ4urlk7e3LfNl+Tz+0UNrxZ/W3uPDYrsDEZGfxPdExL0RcV/R9vsj4oGIOLRO/F8+++DrncffW3n8J9s6/u0nKme/+LRZ/a0d/6O11GixpJXPv1YbuJF9BwAAAHeKtPY38Ek6tpRO07GxiFdq93Z3pLNz8wuPnpp78/zJ+t/KD0c1Le90pQ33QyeKe8NlfnJF/kjtvnGWZdn2Wn5sem62V3PqQGt2Nun/uZ8r/W4d0HNtzaM1e6INuCO11f9XPy0E3ME8rw2Dq9X+X+1xO4DN5/sfBtda/f9KxK0+NAXYZL7/YXDp/zC49H8YXPo/DKSNPNe/XmLv8Y43zzZUe/n7Kh1u/mNP9sZ6iUqnm29t42cOepCIdM1V1YjoS3vaSqS9qyI/+drbKj+QrRa+0umJ3XZi2cfEUD8+mwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALrhzwAAAP//dNfhIw==") syz_mount_image$msdos(&(0x7f0000000f40), &(0x7f0000000f00)='.\x00', 0x1a4a438, &(0x7f00000008c0)=ANY=[], 0xb, 0x0, &(0x7f0000000000)) syz_mount_image$msdos(&(0x7f0000000180), &(0x7f0000000100)='.\x00', 0x61, &(0x7f00000001c0)=ANY=[], 0x1, 0x0, &(0x7f0000000000)) 39m12.210892013s ago: executing program 34 (id=902): r0 = syz_open_dev$swradio(&(0x7f0000000000), 0x1, 0x2) ioctl$VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f00000002c0)={0xf0f044, 0x50000800}) poll(&(0x7f0000000040)=[{r0, 0x1101}, {r0, 0x360}], 0x2, 0x2) 31m42.080951673s ago: executing program 35 (id=2870): syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000140)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x800042, &(0x7f0000000000), 0xfc, 0x575, &(0x7f0000000180)="$eJzs3e9rJGcdAPDvbHbz4y6aqH1RhdbDFu6KXnLp2TaI9E4Q3xWU6usz5PZCuE32yG7aSyiSwz9AENGCb/SVbwT/AEHuTyhCwb4XK8qhVwWLaEfmR+6SdKfZpNldm3w+8GSenXlmvt9ndzM7O/MkE8CZdSEirkfEWEQ8FxEz5fxaWWKnKFm79x6+sZyVJNL01b8lkZTzsmZJWTLny9Umi8l+U8Wks7V9e6nVam6Us+e7a3fmO1vbl1fXllaaK831q1cXXlx8afGFxSsn0s+sXy9/888//dGvvvXy777y+h9v/PXSD7J8p8vlu/04acVz0siei0fqEbExiGAjMFb2599poaLZxJDTAgCgQnaM/9mI+FJ+/D8TY/nRXLXxPfVk4NkBAAAAJyG9Nh3/SSLSI2oceQ0AAABgVGr5GNikNleOBZiOWm1urhjD+0Scq7Xane6Xb7U3128WY2Vno1G7tdpqXsnH1E5ERCPJHi88OqNQPH4+b5uVZN8Y4J/MTOXL55bbrZujOOEBAAAAZ9D5A9///zlTfP8HAAAATpnZcnpuxHkAAAAAgzM76gQAAACAgTvG9//xQeQBAAAADMS3X3klK+nu/a9vvra1ebv92uWbzc7tubXN5bnl9saduZV2e6WVTkSsHba9Vrt956uxvnl3vtvsdOc7W9s31tqb690bq/tugQ0AAAAM0We+eP+dJCJ2vjaVl9i9tj9WsYK/FYBTo9ZnuzT78e5gcwGGq+pjHjj96h+92DBfOMUaxSQZdR7A6By2A5isavHWscI5rgAAgBG4+Pn776TJh6//1x+fGwBOqX6v/wOnT8X1/3Rm2IkAQ1d5/f+QgQHAJ1/DCEA48w6//l/hrXzR9cMjpOmh2wIAAAZqOi9Jba68FjgdtffTQsxGI7m12mpeiYhPR8QfZhoT2eOFfM3EHw0AAAAAAAAAAAAAAAAAAAAAAAAAQJ/SNIn0GOrHWgsAAAAYhYjaX5LyPsAXZ56dPnh+YDx5P78V8Adpmr7+81d/dnep291YyOb/PZ8/HhHdN7P546M4fQEAAADssXuX//z7+/ONEWcDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwGn13sM3lnfLMOM++EZEzPaKX4/JfDoZjYg4948k6nvWSyJi7ATi79yLiCd7xU+ytGK2zOJg/FpETOVZDDz+U2ma9ox//mNHh7Ptfrb/ud7r968WF/Jp79//elGufdz41fu/2qP939jB+PVi//epPmN84e3fzO95+L3H1Ylieb33/mc3flKx/32mV7D6h2d9/7vb21W5pb+MuNjz8yfZF2u+u3ZnvrO1fXl1bWmludJcv3p14cXFlxZfWLwyf2u11Sx/9ozx46d++0FV/AcXIs6V8cd3cyo/WGaLydeTR6mM78vp2azSqNryY/99++7DzxXVva3zrT64F3Hpmd6v/5P5tOfz/4t/pbn8cyBbfrH8TEh2inpE+faNiKd//funK/t/b7KsHf31v3R413PPfeeHf+qzKQAwBJ2t7dtLrVZzY+CVN9M07a9xdlTa/5aTiJ2Di7IDuBPuxVREVCzaH2uqfFaj3y0/UZnqu1MRQ3p1jlq5dpTG6cSR3mzJzv9BB89wZTx/Q456zwQAAJy0x0f/o84EAAAAAAAAAAAAAAAAAAAAzq5h/F+xgzF3RtNVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICP9L8AAAD//6zP1vE=") r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="5800000010001fff000000010000000000000000", @ANYRES32=0x0, @ANYBLOB="000002008d020600300012800b000100697036746e6c0000200002801400030000000000000000000000ffff640101010500090004000000080004"], 0x58}, 0x1, 0x0, 0x0, 0x4}, 0x0) 28m22.579600746s ago: executing program 36 (id=3632): r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r0, 0x10e, 0xc, &(0x7f0000000640)=0x4, 0x4) sendmsg$netlink(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000400)={0x1c, 0x5e, 0x601, 0x0, 0x0, "", [@typed={0x8, 0x0, 0x0, 0x0, @fd}, @typed={0x4}]}, 0x1c}], 0x1}, 0x0) 27m25.493706381s ago: executing program 37 (id=3886): capset(&(0x7f00000004c0)={0x20080522}, &(0x7f0000000500)) r0 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x101000) ioctl$IOC_PR_RESERVE(r0, 0x401070c9, 0x0) 27m12.095965081s ago: executing program 38 (id=3926): r0 = socket(0x10, 0x3, 0x0) recvmmsg$unix(r0, &(0x7f00000003c0)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000002480)=""/4100, 0x1004}, {&(0x7f0000001580)=""/60, 0x3c}, {&(0x7f0000001980)=""/236, 0xec}, {0x0}], 0x4}}], 0x1, 0x40010122, 0x0) write(r0, &(0x7f0000000100)="1400000052004f7fb3e4bf80a000080000000000", 0x14) 27m5.769526018s ago: executing program 39 (id=3941): unshare(0x2c020400) r0 = creat(&(0x7f0000000180)='./file0\x00', 0x20b) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x18, 0x5, &(0x7f00000006c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, [@map_val={0x18, 0x2, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0x31}]}, &(0x7f00000005c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000}, 0x94) 26m59.065268343s ago: executing program 40 (id=3952): syz_mount_image$squashfs(&(0x7f0000000000), &(0x7f0000000140)='./bus\x00', 0x10, &(0x7f000001fd00)=ANY=[@ANYBLOB="005901e3fd18fb9c322293c67dcde48bfeffd1843c336e09b34af65ad26aafded7da5cfeeda2b8d8d900c2195f00f646f699eeb47813177405a6a6baf786c0d14f2079a9efa9db8973bcca25eb2973856c6760a483c41d0980c78a4cb096a5affa6b980600000000000000a1eacd2c820176737d4eb55dca564820dd769d8742f6d9ab243775a67afcdf845f978e95365cdf6f30aa43423b381881433e00ccbe6353b21300d8f0ca972589398eef9487db78486fcf174990c488031f8b39cc01bb509f3ea4bcde33d4c9e305ecb4dd88204c5d7bb5e469cabfda0feca3ce70c0acbc34d13e5a5c796eab23abfe3b717834f8e9d7120e1e925c4e210b4152c75210b3e979fbe8ddf23eef2d53733209b22206e0a4afc354c33d7ca2a00116a14d686e4aa86b6ec6a4130178c3ad8c723c0d8506bd7bff780000000000000000004b2ec61cfde813cc124715aaaf5508b93d8cf0860042108b660b74f94b1e4851eeec09fdb7a617eabeeeff8ce8bb99f4b1f9c2896cf31e19c3c24155b0ea7dc3cae1b56acb1946830cad94af3f1caf43ea03b38fc08a7e19480e283a4c0d", @ANYRES64=0x0, @ANYRES16, @ANYRES8, @ANYRESOCT, @ANYRESDEC, @ANYRES32], 0x21, 0x1f9, &(0x7f0000000b80)="$eJzskr1rFEEYxp/ZndvsBWMOiYIiiBo0TXJ7Gzk/CgUbD7UQiRADgsdmcy5u/Mge6B0pVhBEbASDkCAWgiSIhfgPuIVVOoVgFwKpU6QQQRJXZvbdc47rrebXPDPvvPN+zdyJHkZ9AHa35z2gBAHHEL4xBg7gCJMmTJuZ2qRXSS06v2RkmpD+Jt093Z6cAlhwbL1qJHFmxM/VDXgYvIWzb698/H69sLC2b+v9F3Fy+UbrM9jJ6cF3bz69vLg4IMOzm1NqHDM5vGQfZbLYVzuT6xv8IIbyWMHC2n77z4HVp8sfqs9FB69nwJwlG8DY19HF887AC4NiRq323XoY+nPRhScGtmSqH9vznljcBpCmaSp7B1ADoPqI9lcUn0McmABgIu34cPyj3Jx9UI5a7dFgtt7wG/491x2vOqdoivCd8kwQ+g5TUtAEYQC/RBbxTEXlvABgB7gm9v3oRjil/VlpdM7Uu5bydCPHu+8aSlu5MiSdu33kJ2qfwAmI0T6KmWIdllE4ZEs1FGHSpsKV+rJcDQChP+bdt8kkPK2isgn9yiYKnYCuuhk/k38pPCMdJq2RLpNukuY/Ov+pXEYw6CVGYsDC43qzOVexgJU9dItsrhhctirF6sBE1pLZ3dw5Ez3s7TVpNBqNRqPRaDQazX/hbwAAAP//FKeYyA==") r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x101000, 0x108) getdents64(r0, &(0x7f0000000f80)=""/4096, 0x1000) 25m29.094987105s ago: executing program 41 (id=4231): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000) recvmmsg(r0, &(0x7f0000002c00)=[{{0x0, 0x0, 0x0}, 0x8101}, {{0x0, 0x0, 0x0}, 0x10000}, {{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000380)=""/188, 0xbc}, {&(0x7f0000000840)=""/230, 0xe6}, {&(0x7f0000001b40)=""/4109, 0x100d}, {&(0x7f00000006c0)=""/229, 0xe5}], 0x4}, 0x80000000}, {{0x0, 0x0, 0x0}, 0x2}], 0x4, 0x20, 0x0) 23m39.531166975s ago: executing program 42 (id=4748): r0 = syz_open_dev$evdev(&(0x7f0000000240), 0x20000, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00'}, 0x10) ioctl$EVIOCGLED(r0, 0x80284504, &(0x7f0000000000)=""/56) 23m23.153951572s ago: executing program 43 (id=4808): syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800710, &(0x7f0000000100)={[{@quota}, {@bsdgroups}, {@noload}, {@user_xattr}, {@errors_remount}, {@oldalloc}, {@orlov}]}, 0x2, 0x462, &(0x7f0000000d80)="$eJzs3M9vFFUcAPDvTFtQfrUi/gBRq8TY+KOlBZWDF40mHjCa6AH1VNtCCAs1tCZCiFRj8GJiSPSsHk38C7x5MerJxKveDQlRLqCnmpmdgd1lt93SpVu7n08y8N6+t/ve2zdv5s28nQbQs4azf5KIbRHxe0QMVqP1GYar/127cm7qnyvnppJYXHzjryTPd/XKuakya/m+rUVkJI1IP0mKQurNnTl7YrJSmTldxMfmT743Nnfm7NPHT04emzk2c2ri0KGDB8afe3bimY60M2vX1T0fzu7d/cpbF1+dOnLx3Z+/y+q7rUivbcct2XTzS8NZw/9ezDWmPbaqwtaf7TXhpL+LFWFF+iIi666BfPwPRl/c6LzBePnjrlYOuK2yc9Pm1skLi8AGlkS3awB0R3miz65/y22Nph7rwuUXqhdAWbuvFVs1pT/SIs9Aw/VtJw1HxJGFf7/KtujEfQgAgGV8NvXl4Xiq2fwvjXtr8u0o1lCGIuKuiNgZEXdHxK6IuCciz3tfRNy/wvIbl4Zunv+kl26pYW3K5n/PF2tb9fO/cvYXQ31FbHve/oHk6PHKzP7iOxmJgc1ZfHyJMn546bfPW6XVzv+yLSu/nAsW9bjU33CDbnpyfjKflHbA5Y8i9vQ3a39yfSUgiYjdEbFnZR+9owwcf+Lbva0yLd/+JXRgnWnxm4jHq/2/EA3tLyVLr0+O3RGVmf1j5V5xs19+vfB6q/JX1f4OyPp/S/3+X6R8faYIDL1Tu147t/IyLvzxactrmlvd/zclb+bHo3LZ9YPJ+fnT4xGbksN5vO71iRvvLeNl/qz9I/uaj/+dxXuy/n8gIrKd+MGIeCgiHi7q/khEPBoR+5Zo/08vtk5bD/0/3fT4d33/H0rq+n/lgb4TP37fqvz2+v9gHhopXsmPf8tot4Kr+e4AAADg/yLNfwOfpKPXw2k6Olr9Df+u2JJWZufmnzw6+/6p6epv5YdiIC3vdA3W3A8dTxaKT6zGJ4p7xWX6geK+8Rd9d+bx0anZynSX2w69bmuL8Z/5s6/btQNuu2braBNNHmgDNp7G8Z/WR8+/tpaVAdaU57Whdy0z/tO1qgew9pz/oXc1G//nG+LWAmBjcv6H3mX8Q+8y/qF3NYx/l/rQG1bzXL9ALwciXRfVaCvQ/t+DuN2Bt9dHNdoIdPvIBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0Bn/BQAA//8cWu+A") r0 = open(&(0x7f00000000c0)='./file1\x00', 0x14927e, 0x6) write$9p(r0, &(0x7f0000000440)="e4", 0x1) 22m49.122132627s ago: executing program 44 (id=4927): keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_new={'new ', 'default', 0x20, 'trusted:', 'syz', 0x20, 0xe8c}, 0x2d, 0xfffffffffffffff9) r0 = add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe) keyctl$update(0x2, r0, 0x0, 0x0) 20m13.451351345s ago: executing program 45 (id=5595): r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0xa40, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000040)=0x3) ioctl$SNDCTL_DSP_SUBDIVIDE(r0, 0xc0045009, &(0x7f0000004440)=0x7ff) 12m38.825619456s ago: executing program 46 (id=7083): pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000013c0)=ANY=[@ANYBLOB="640000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="e5fda988000000002800128009000100766c616e00000000180002800c0002001c0000001f000000060001000000000008000500", @ANYRES32=r0, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0x64}}, 0x0) 8m12.951575795s ago: executing program 7 (id=8099): bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000001c0)={0x0, 0xffffffffffffffff, 0x0, 0x20, &(0x7f0000000000)='/proc/net/\x00\x00t4/c+\x0fG\xf9aK\fX\a0\x04\x00\x00\x82q\xee'}, 0x30) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) 8m12.435651775s ago: executing program 7 (id=8103): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f00000004c0), 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000600)={0x20, r1, 0x81, 0x70bd2b, 0x25dfdbfe, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x20}, 0x1, 0x0, 0x0, 0x40000}, 0x4000) 8m11.523050529s ago: executing program 7 (id=8108): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) fstatfs(r0, &(0x7f0000002c80)=""/181) 8m10.813038345s ago: executing program 7 (id=8113): syz_mount_image$ext4(&(0x7f0000001280)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x0, &(0x7f0000001080), 0x1, 0x4fe, &(0x7f0000000a40)="$eJzs3c9vI1cdAPDvTOIkm6ZNCpUKCOhSCgtarZ1426jqqVxAqKqEqDhxSEPijaLYcRQ7pQkrNfkfkKjEAcGJMwckDpV64ojgBrdeygGpwAq0QeJgNP6RzW7sJOw6tmp/PtJo5s0bz/e9teY97zeJXwBj63pEHEbEVES8HRHz7fNJe4vXW1t23f17d9eO791dS6LReOsfSbM+OxenXpN5qn3PmYj4/ncifpScjVvbP9haLZdLu+1yoV7ZKdT2D25tVlY3Shul7WJxeWl58dXbrxT71tcXKr/55Nubb/zgg9996eM/HX7zJ1mz5tp1p/vRT62u507iZCYj4o2rCDYEE+3+TA27ITyWNCI+ExEvNp//+ZhovpuX0+WxBgA+BRqN+WjMny4DAKMubebAkjTfzgXMRZrm860c3nMxm5artfrNO9W97fVWrmwhcumdzXJpsZ0rXIhckpWX3suOH5SL8XD5dkQ8GxE/nb7WLOfXLp9nAAD666lH5v9/T7fmfwBgxM1cdMHKYNoBAAzOhfM/ADByzP8AMH7M/wAwfsz/ADB+zP8AMG4+6sz/E8NuCQAwEN97881saxy3v/96/Z39va3qO7fWS7WtfGVvLb9W3d3Jb1SrG+VSfq1aueh+5Wp1Z+nl2Hu3UC/V6oXa/sFKpbq3XV9pfq/3Sik3kF4BAOd59oUP/5JExOFr15pbnFrLwVwNoy0ddgOAoZHzh/HlW7hhfPk/PnDRWp49f0X4/ccI1njvMV4E9NuNz8v/w7jqkv+XEoAxIf8P48tkD+Or0Uh6rfmfnlwCAIwUOX5goD//BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgBEx19wWTpXTNJ+PeDoiFiKX3NkslxYj4pmI+PN0bjorLw21xQDAk0v/lrTX/7ox/9Lco7VTyX+uNfcR8eOfv/Wzd1fr9d2l7Pw/pzvn6++3zxeH0X4A4CKdebozj3fcv3d3rbMNsj2ffKu1uGgW97i9tWomYzLb/XEmchEx+6+kVW7LPq9M9CH+4VFEfK5b/5NmbmShvfLpo/Gz2E8PNH76UPy0WdfaZ/8Wnz1z5+meMS9a6xXGxYfZ+PN6t+cvjevN/UzXxY9nmiPUk+uMf8dnxr/O8z7THGu6jX/XLxvj5d9/t2fdUcQXJrvFT07iJz3iv3RSmjo3/kdf/PKLveoav4y4Ed3jn45VqFd2CrX9g1ubldWN0kZpu1hcXlpefPX2K8VCM0dd6GSqz/r7azef6dn/X0fM9og/c0H/v3ZurxsnA/Cv/vv2D7/SK/5RxDe+2v39f+6c+Nmc+PVz4z+wOvvbnst3Z/HXW/0/+n/f/5uXjP/xXw/WL3kpADAAtf2DrdVyubTb14NcdKma7k+I5Ira7GDED7LP4096n+fbKbOu1/zhFx88n1UOvad9ORjywARcuQcP/bBbAgAAAAAAAAAAAAAA9HLlf06UDruHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAjLL/BQAA//8SwcrQ") syz_mount_image$fuse(0x0, &(0x7f0000000400)='./file4\x00', 0x1018000, 0x0, 0x1, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x10000, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file4'}}], [], 0x2c}) 8m9.435228356s ago: executing program 7 (id=8118): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), r0) sendmsg$DEVLINK_CMD_RATE_GET(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x34, r1, 0x1, 0x70bd2d, 0x0, {0x36}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x4040811}, 0x20042840) 8m8.473250195s ago: executing program 7 (id=8123): r0 = socket$kcm(0x2b, 0x1, 0x0) sendmsg$inet(r0, &(0x7f0000001700)={0x0, 0x0, 0x0}, 0x20000010) setsockopt$sock_attach_bpf(r0, 0x1, 0x7, &(0x7f0000000000), 0x4) 8m6.065673781s ago: executing program 47 (id=8123): r0 = socket$kcm(0x2b, 0x1, 0x0) sendmsg$inet(r0, &(0x7f0000001700)={0x0, 0x0, 0x0}, 0x20000010) setsockopt$sock_attach_bpf(r0, 0x1, 0x7, &(0x7f0000000000), 0x4) 7m30.348516979s ago: executing program 4 (id=8276): capset(&(0x7f0000000080)={0x20080522}, &(0x7f00000000c0)={0x200000, 0x200000, 0x7}) pipe2(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f00000000c0)={0xb0000004}) 7m29.681891512s ago: executing program 4 (id=8280): syz_mount_image$ext4(0x0, &(0x7f0000000440)='./file0\x00', 0x2915048, 0x0, 0x1, 0x0, &(0x7f0000000000)) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000)='configfs\x00', 0x0, 0x0) fchownat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0xffffffffffffffff, 0x0) 7m28.911825565s ago: executing program 4 (id=8285): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000003c0)={0x4c, 0x0, &(0x7f00000001c0)=[@reply_sg={0x40486312, {0x1, 0x0, 0x0, 0x0, 0x31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000480)={0x20, 0x0, &(0x7f0000000000)=[@request_death={0x400c630e, 0x0, 0x2000000}, @clear_death], 0xfc, 0x1000000, 0x0}) 7m27.87346517s ago: executing program 4 (id=8291): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f0000000500)={[{@discard}, {@abort}, {@dioread_lock}, {@norecovery}, {@nombcache}, {@lazytime}, {@noload}, {@usrquota}, {@noauto_da_alloc}, {@resuid}, {@init_itable_val}, {@jqfmt_vfsv1}]}, 0xfe, 0x558, &(0x7f0000000c00)="$eJzs3U1rG0cfAPD/ynbenOeJAyG0PRRDDk1JI8d2X1LoIT2WNjTQ3lNhb0ywHAVLDrEbaHJoLr2UUCilgdIP0HuPoV+gnyLQBkIJpj30orLyylFsyZZtpVaq3w82mdldaXY0+x/PaCQUwMAaz/4pRLwcEV8nEcdajg1HfnB87bzVJ7dmsi2Jev2TP5JI8n3N85P8/9E881JE/PJlxJnC5nKryyvzpXI5XczzE7WF6xPV5ZWzVxdKc+lcem1qevr8W9NT777zds/q+vqlv777+MEH5786tfrtT4+O30viQhzNj7XWYw9ut2bGYzx/TUbiwoYTJ3tQWD9J9vsC2JWhPM5HIusDjsVQHvXAf98XEVEHBlQi/mFANccBzbl9j+bBL4zH769NgDbXf3jtvZE41JgbHVlNnpkZZfPdsR6Un5Xx8+/372Vb9O59CIBt3b4TEeeGhzf3f0ne/+3euS7O2VjGDvu/+g4vCWjxIBv/vNFu/FNYH/9Em/HPaJvY3Y3t47/wqAfFdJSN/95rO/5dX7QaG8pz/2uM+UaSK1fLada3/T8iTsfIwSy/1XrO+dWHHfup1vFftmXlN8eC+XU8Gj747GNmS7XSXurc6vGdiFfajn+T9fZP2rR/9npc6rKMk+n9Vzsd277+z1f9x4jX2rb/0xWtZOv1yYnG/TDRvCs2+/PuyV87lb/f9c/a/8jW9R9LWtdrqzsv44dDf6edju32/j+QfNpIH8j33SzVaouTEQeSjzbvn3r62Ga+eX5W/9Ontu7/2t3/hyPisy7rf/fE3Y6n9kP7z+6o/XeeePjh5993Kr+79n+zkTqd7+mm/+v2Avfy2gEAAAAAAEC/KUTE0UgKxfV0oVAsrn2+40QcKZQr1dqZK5Wla7PR+K7sWIwUmivdoy2fh5jMPw/bzE9tyE9HxPGI+GbocCNfnKmUZ/e78gAAAAAAAAAAAAAAAAAAANAnRjt8/z/z29B+Xx3w3PnJbxhc28Z/L37pCehL/v7D4BL/MLjEPwwu8Q+DS/zD4BL/MLjEPwwu8Q8AAAAAAAAAAAAAAAAAAAAAAAAAAAA9denixWyrrz65NZPlZ28sL81XbpydTavzxYWlmeJMZfF6ca5SmSunxZnKwnbPV65Urk9OxdLNiVparU1Ul1cuL1SWrtUuX10ozaWX05F/pVYAAAAAAAAAAAAAAAAAAADwYqkur8yXyuV0UUJiV4nh/rgMibVEM7D3/IT72y8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQKt/AgAA//+jgjYy") mkdir(&(0x7f00000004c0)='./bus\x00', 0x92) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) 7m26.648869118s ago: executing program 4 (id=8297): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x16) madvise(&(0x7f0000000000/0x800000)=nil, 0x800018, 0x19) 7m23.280581718s ago: executing program 4 (id=8312): madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe) madvise(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0xa) syz_io_uring_setup(0x48ba, &(0x7f0000000000)={0x0, 0xfffffffc, 0x1000, 0xfffffffb, 0x333}, &(0x7f00000002c0), &(0x7f0000ff4000)) 7m20.624476907s ago: executing program 48 (id=8312): madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe) madvise(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0xa) syz_io_uring_setup(0x48ba, &(0x7f0000000000)={0x0, 0xfffffffc, 0x1000, 0xfffffffb, 0x333}, &(0x7f00000002c0), &(0x7f0000ff4000)) 6m54.742204058s ago: executing program 6 (id=8416): r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000)) ioctl$SNDCTL_DSP_SUBDIVIDE(r0, 0xc0045009, &(0x7f0000000140)=0x8) 6m53.738100742s ago: executing program 6 (id=8422): syz_mount_image$erofs(&(0x7f0000000080), &(0x7f0000000200)='./file0\x00', 0x810410, &(0x7f0000001a00)=ANY=[], 0x1, 0x1dc, &(0x7f0000000900)="$eJzsmb/L00AYx793ydu+vojg4uDiYMWKNk1SlS4dKrgL9edmsbFU01baCG3Bobi4ODoIrv4DDg6dHNzcXHVQQXCwo5twctdrciRGrFVBfD7Qp9889+u5C/kWGhAE8d/y4f2Xdw/P1S+eArAfJRR1/pOV9OFG/7eP75581Dj/5Nmbpy8HB+4t0vMVN1xf9n/RtBBhn84IYbaXVGS2rKKkc5fAcULrK2A4pvV1cFzWOgDDNa1vGXq4XiYMnBvDsHOzFwauDJ4Mvgw1c30bwHLO0AGwq6oTghnt4+nsdjsMg1Fa7Ij1OpmmTcWPzk/V1+RoxKcnhLxfVx/cn8trR+dd4/w8cHha18DQ0rqOIhzHSY7E2P9hO5nf+pn9/zZh/frwg5U/WRiJf1SwdEY+0HHm0HLxKjvq4/ars7/2yKSEMi4AmabXe9vNXNA7+m6fxJ+kex83/MmGHftHNerfqY6ns0qv3+4G3WDg+7Wz7mnXPeNXlRGtYsb3vsb+t6v8ac+YfyfHKwusgEk7ikbeBIhGXnztr6LhuK3nw89qDFf+x1E+uppD3kS17ZwfOqY/XH1LVbZyyiEIgiAIgiAIgiAIgiAIgtiQI2DqX1D9okrk4F9Qvb8FAAD//0crYjA=") r0 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) getdents(r0, 0x0, 0x0) 6m52.673824379s ago: executing program 6 (id=8428): r0 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r1 = epoll_create1(0x80000) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000001340)={0x80000000}) 6m51.894600742s ago: executing program 6 (id=8434): r0 = memfd_secret(0x80000) fcntl$setlease(r0, 0x400, 0x1) fsetxattr$system_posix_acl(r0, &(0x7f0000000380)='system.posix_acl_default\x00', 0x0, 0x0, 0x0) 6m51.150489461s ago: executing program 6 (id=8437): r0 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000001c0)=0x10) fstat(r0, &(0x7f0000003200)) 6m50.28590894s ago: executing program 6 (id=8442): r0 = memfd_create(&(0x7f0000000680)='prodM\xb0\xea\a\x06\xbe\xaen/\xce4C\x80\x00\x02\x00\x00\x00\xad[\xc9\x10\x04\x00\x00\x1dz\xd0\x11\xe3\x05\x01\xb1\x84\xea\x91^%A\xf5\x9e\x13TdT\xc6^p\xcc#P\x04\x06\xae\xeb\x7f;Y\xeb\x8f\xec\xb4\xf9\x17\xb7\x04\xc2\xc0\xc6\xb4\v\xff\xfc\x88\x90\xabC\x03`\xf0\xc728\xfc\xfc\x00\x00?\x86\xb7\xd4\x00\x00\x00\x00\x00\x00\x80\f\xed{u[\xbd\x9d^\xffj\xa0\x14\xb7\xb6v\x1d*1>\x00\x00\x00\x00\x00\x00\x00\t\x00\x003F\xf1 \x17-\x964C?]\x8c\xb4Y\xcf\x80\x85\xd6\x036\xc8~\xa8\x8c\xcd\b\xb5U\xec\x85\x9b\xe4Q>\xed\xdf\xdf\a\xd0lg\x13\r\x8c:s\x18@\xe6\x80\xb3\x9f#\x15$\x97I\xf0LC\xfc\xe7\xdf\x86\xfck\xdc\xe0\x9d\xd3[i\x1b\x9b{4)\xb9\xd8\xb8\x8f\xa22)\x8d\xec\xf0(!\xf0\xb5-e+><\xc8X\xdaNz,u\x8f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xed\xb7\xe7(.9\x00\xf6\x8e\xed\x02}&\xde\xf1\xa2\\m05u6\xaf\xa6j-\x9aJ\x83\xdf1\xa3\xff\xf1\xfac}\xc8i\"2\x7f\x98\xd5SENEn\xaa\xf7\xcf<\xee\xd2\xaf\xcb\x8b\xa2\xc6(S\xb47\x9c)\x8cE\xdf\x13Kc|\x82\xc1\xaa\xdeT\x1f\xaf\xa0,\xb0ec\x03\xfd\xe4\xde&\xf8\xcd_\xaa\x9aO\x9cP\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x9d\x1e\xee\xc2\xdd2\xcf\x8b\x1e\\\b\xb3\xab\xed\x17\xc8\x84\xc7\xf2\x91\x04!\xdfV\xab]Z\xc8\xca\xe9G\x88\xf5q\x9cz7\xb3\xda\xcf\xee\x1d\xdd-3\x95\x16\x00\x00\x00\x00\x00\x00\x00\t\x00\x003F\xf1 \x17-\x964C?]\x8c\xb4Y\xcf\x80\x85\xd6\x036\xc8~\xa8\x8c\xcd\b\xb5U\xec\x85\x9b\xe4Q>\xed\xdf\xdf\a\xd0lg\x13\r\x8c:s\x18@\xe6\x80\xb3\x9f#\x15$\x97I\xf0LC\xfc\xe7\xdf\x86\xfck\xdc\xe0\x9d\xd3[i\x1b\x9b{4)\xb9\xd8\xb8\x8f\xa22)\x8d\xec\xf0(!\xf0\xb5-e+><\xc8X\xdaNz,u\x8f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xed\xb7\xe7(.9\x00\xf6\x8e\xed\x02}&\xde\xf1\xa2\\m05u6\xaf\xa6j-\x9aJ\x83\xdf1\xa3\xff\xf1\xfac}\xc8i\"2\x7f\x98\xd5SENEn\xaa\xf7\xcf<\xee\xd2\xaf\xcb\x8b\xa2\xc6(S\xb47\x9c)\x8cE\xdf\x13Kc|\x82\xc1\xaa\xdeT\x1f\xaf\xa0,\xb0ec\x03\xfd\xe4\xde&\xf8\xcd_\xaa\x9aO\x9cP\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x9d\x1e\xee\xc2\xdd2\xcf\x8b\x1e\\\b\xb3\xab\xed\x17\xc8\x84\xc7\xf2\x91\x04!\xdfV\xab]Z\xc8\xca\xe9G\x88\xf5q\x9cz7\xb3\xda\xcf\xee\x1d\xdd-3\x95\x160x0) r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x2200, 0x0) io_submit(r0, 0x1, &(0x7f00000000c0)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0, r1}]) 3m3.84808452s ago: executing program 3 (id=9796): r0 = openat$rtc(0xffffff9c, &(0x7f00000004c0), 0x40000, 0x0) capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x8001, 0x0, 0x81, 0xffffffff}) ioctl$RTC_EPOCH_SET(r0, 0x4004700e, 0x6) 3m3.340308873s ago: executing program 3 (id=9801): r0 = fsopen(&(0x7f0000000100)='ramfs\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) fsmount(r0, 0x0, 0x20) 3m2.815133509s ago: executing program 3 (id=9804): syz_mount_image$minix(&(0x7f0000000180), &(0x7f00000001c0)='./file1\x00', 0x200000, &(0x7f00000000c0)=ANY=[], 0xfe, 0x1bb, &(0x7f0000000340)="$eJzs20tu2kAcx/GfMQZK369NV5W6aDeFlnbTXTlAL9AdAhehmrYq3YAqVT1Kb8JNegGQkl1WcWRjIkMMDCbBPL4fKclfGf9mxhETzywsAEfrQfjdkiUnrHzf//Nc0udPkvIZTw7AjfJ17gM4VvZJ1jMAkI1x3Q73AUNL+n/6uzmKvhzD/cO4npsUJUmxfME0/9cKfz7LS6NYvhh1uXL/8m+Sf6nZ/K01xy/P5csrctZlfnL/r17M5m9LuiPprqR7ku5HZ62Hkh4ljN+aG/+p4fyBTQSfvsqm+Q06CFbPl47nvklqtFfnnSj/Nrk59i9kmHhBIcrXDOe7KP8uZb4Y5SvN714roT2Xsl/ARC7j9W9LZ/78+v9ons8vX/8Aluj1B18bnuf+XKNwwqIY9bDs4uDpGPtNcPmaY1FkUZQSmpyUn5Z0RWE7dxo8vnbhD25YTFftNscCcKiqv7o/qr3+4HWn22i7bfdb7f2H6bE7PJdXF57OAey52c05AAAAAAAAAAAAAADYR48lPUkTNH3BDwAAAMDOuN53hhxJV5uyvkcAAAAAAAAAAAAAAAAAAADgUFwEAAD//312QIE=") syz_mount_image$exfat(0x0, &(0x7f0000000100)='./bus\x00', 0x4800, 0x0, 0x3, 0x0, &(0x7f0000000080)) mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000), 0x10000, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './bus'}}], [], 0x2c}) 3m1.965600333s ago: executing program 3 (id=9809): chdir(&(0x7f0000000540)='./cgroup\x00') fchmodat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0xfffffed3) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) 3m1.248665622s ago: executing program 3 (id=9814): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040)='binder\x00', 0x0, 0x0) mount$binder(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x28, 0x0) 2m59.583814346s ago: executing program 50 (id=9814): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040)='binder\x00', 0x0, 0x0) mount$binder(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x28, 0x0) 1m59.84048304s ago: executing program 2 (id=10179): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'batadv0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000001800)=ANY=[@ANYBLOB="4c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="03000000000000001c0012800c0001006d6163766c616e000c000280080001000800000008000500", @ANYRES32=r1, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r1], 0x4c}}, 0x800) 1m58.861257305s ago: executing program 2 (id=10183): r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0x2e, &(0x7f0000000180)=0x7b, 0x4) recvmmsg(r0, &(0x7f00000066c0), 0xa0d, 0xf2, 0x0) 1m58.357808129s ago: executing program 2 (id=10187): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REG(r0, &(0x7f0000001680)={0x0, 0x0, &(0x7f0000001640)={&(0x7f0000001500)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002cbd7000fcdbdf251a00000010002280040000800400008004200080060021"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x20000000) 1m57.689321567s ago: executing program 2 (id=10192): syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000040)='./file1\x00', 0x10, &(0x7f00000004c0)={[{@i_version}, {@nodiscard}, {@min_batch_time={'min_batch_time', 0x3d, 0x3ff}}]}, 0x1, 0x3f7, &(0x7f0000003080)="$eJzs3c1uG0UcAPD/bj6bliaVOPBxiQCJSIikSVugEkhEXDjQEz1wJIrdEtVpUGIkWkV8CMQNJBAPAAfgETjCgXeAM3CAShHKgZSb0dq7jhvbaZPadZX8ftLIMztrz6zHs15PZicBHFvTEfFqRAxFxNmImMy3p3mIjxoh229ne3P5v+3N5SRqtTf/SSLJtxWvleSPJ/MXmEkj0k+TeLJDuRs3bl5bqlTK63l6rrr67tzGjZvPr6wuXS1fLV9feOHc+QsXXrq48GLPjnVrNfn8me/f+PPLz0pf/fr3T1NZfU/lea3H0SvTMd18T/a62OvCBmy8JZ4MD7AiAADsK82v/Yfr1/+TMRS7F2+T8cUvA60cAAAA0BO1WvEIAAAAHF2J3/4AAABwxBXzAHa2N5eLMMDpCDxgW4sRMdVo/9t5aOQMN+/pHYkYGe9T+dMR8fr4pYUsRJ/uwwYAAAA4zn5ebCz81z7+l8ZjLfudiIiJYm2/Hprek24f/0lv9bhIWmwtRrwcEbfbxv/SYpepoTz1SH2ocCS5slIpn42I0xExEyNjWXp+nzI+eOraD93yWsf/vvnjrfms/Oxxd4/01vDYnc8pLVWX7ueY2bX1ccQTw53aP2mO/7auk3kYb6/svNItL2v/rL2L0N7+9FPt24hnO/b/3ZVLk/3XZ52rnw/m8rPCWHsZv5/67pNu5bf2/yxk5Rd/C6D/sv4/sX/719fJba7Xu3HwMn7899Jv3fLu3v6dz/+jyeV6BUfzbe8vVavr8xGjSWPLHdt9mpqK96N4v7L2n3m68/d/cf2X5N/9p1vWhz6I1z48c7lbnv4/WFn7lw7U/w8eeWfi8Zlu5d9b/z9fr0zxIq7/7u5eG2jQ9QQAAAAAAACgN9L63L4knW3G03R2tjHP99GYSCtrG9Xnrqy9d73UmAM4FSNpMf9zsmU+6HzjNvJmemFP+lxEnImIrydP1NOzy2uV0qAPHgAAAI6Jk11+/2f+OszNHgAAAMDDaWrQFQAAAAD6zu9/AAAAONLuZ13/Snm9+BdBh3y6iMjhIkP5B+9hqc/RiwzwpAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA/B8AAP//91C79Q==") syz_mount_image$vfat(&(0x7f0000000140), &(0x7f00000006c0)='./bus\x00', 0x2302000, 0x0, 0x9, 0x0, &(0x7f00000002c0)) mount$overlay(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000001100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@workdir={'workdir', 0x3d, './bus'}}], [], 0x2c}) 1m56.578459707s ago: executing program 2 (id=10199): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000100)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_BIND(r0, &(0x7f0000000680)={0x14, 0x88, 0xfa00, {r1, 0x1c, 0x0, @in6={0xa, 0x4e22, 0x4, @loopback, 0x101}}}, 0x90) 1m55.592747985s ago: executing program 2 (id=10207): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="04010000160001002bbd7000fedbdf250a010101000000000000000023000000ffffffff0000000000000000000000004e2300004e2400000a0080a01d000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe880000000000000000000000000001000004d533000000ac1414100000000000000000000000000800000000000000b507000000000000000000000000000006000000000000000900000000000000faffffffffffffffffffffff000000000300000000000000020000000000000003000000000000000100000000000000faffffffffffffff0000000001000100f9ffffff2abd7000000000000000020601000000080000004f"], 0x104}, 0x1, 0x0, 0x0, 0x10}, 0x400c8c0) recvmmsg(r0, &(0x7f0000004380)=[{{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000080)=""/198, 0xc6}, {&(0x7f0000000180)=""/20, 0x14}, {&(0x7f0000000240)=""/28, 0x1c}, {&(0x7f0000000280)=""/8, 0x8}], 0x4}, 0x3ffc0}], 0x1, 0x0, 0x0) 1m53.559513726s ago: executing program 51 (id=10207): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="04010000160001002bbd7000fedbdf250a010101000000000000000023000000ffffffff0000000000000000000000004e2300004e2400000a0080a01d000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe880000000000000000000000000001000004d533000000ac1414100000000000000000000000000800000000000000b507000000000000000000000000000006000000000000000900000000000000faffffffffffffffffffffff000000000300000000000000020000000000000003000000000000000100000000000000faffffffffffffff0000000001000100f9ffffff2abd7000000000000000020601000000080000004f"], 0x104}, 0x1, 0x0, 0x0, 0x10}, 0x400c8c0) recvmmsg(r0, &(0x7f0000004380)=[{{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000080)=""/198, 0xc6}, {&(0x7f0000000180)=""/20, 0x14}, {&(0x7f0000000240)=""/28, 0x1c}, {&(0x7f0000000280)=""/8, 0x8}], 0x4}, 0x3ffc0}], 0x1, 0x0, 0x0) 3.741467794s ago: executing program 1 (id=10891): bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r0, &(0x7f0000000000), 0xd) 3.573648881s ago: executing program 5 (id=10892): syz_mount_image$vfat(&(0x7f0000000540), &(0x7f0000000000)='./file0\x00', 0xa18c14, &(0x7f0000000440)={[{@iocharset={'iocharset', 0x3d, 'iso8859-1'}}, {@shortname_mixed}, {@fat=@codepage={'codepage', 0x3d, '1250'}}, {@fat=@quiet}, {@utf8}, {@uni_xlateno}, {@uni_xlate}, {@numtail}, {@iocharset={'iocharset', 0x3d, 'cp850'}}, {@numtail}, {@rodir}, {@rodir}, {@iocharset={'iocharset', 0x3d, 'default'}}]}, 0x81, 0x29b, &(0x7f0000000840)="$eJzs3T1rc2UYAOD7pPlUIRmcRPCADg4S3vf9BQ1SoZhJyaCLFtuCJKHQQsAPjJ3cBSfBn+B/8Ae4OLo5OApudhCPJCffTdNW0lb6Xtdy7p7nvs/zkaftdJ58/Gq/e3hydnz+5W9RrSZR2I3duEiiEYWY+joAgMfkIsvizyy3MbEyDbJ6fi0W7nxwAMCduPH/fwDg0Xj/gw/fbbXbe++laTWi/82gk7yVX/P21nF8Gr04iidRj78jspk8fmm/vffDH/PnDWrRieh/9PPk59aobVT/NOrRWK0vT7LSsXijPxx0Rj2PrqV4IYloZUme8izq8XJEVorJQ/LLO/vtvWfp5frolOPN17+fjP+fo2hGPX75JE6iF4fjR8zrv3qapm9n3/31RT6DTkQyHHQq47y5bOfuPw0AAAAAAAAAAAAAAAAAAAAAAJ4XzXSmsXh+zvQ0wGZzffuV5wNNTvgZLpyv8yRN0+kxPoNOKfL6YrxSjOLDzRwAAAAAAAAAAAAAAAAAAAD+P84++7x70OsdnS4FP2WjoLYxZzUoLtyZvtZ/fdX6oPtjxO2rbhLEzmRoveRSF8m0aQt9VW6TXFvXaRSuWsNiL/LBf3v7gb22rQluDKa7q3uQxDXJ1fWbZGHX5dvw12s37XKQrVm6nSuryluae/nF/1peW7tQoy1Zmi3mclV19Eku3Clt+TdlRbLlvzwAAAAAAAAAAAAAAAAAAMCq+Uu/8XtEZbnx/KFGBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD3a/79/7MgGqt3VoPhpHh8p7A5uXJ6tqbbxj1PEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgEfu3wAAAP//td9W7g==") syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x80a053, 0x0, 0xfc, 0x0, &(0x7f00000000c0)) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) 3.391978917s ago: executing program 8 (id=10893): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'syz_tun\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000000c0)=@newlink={0x48, 0x10, 0x503, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0x14615, 0xef}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r1}, @IFLA_BROADCAST={0xa, 0x2, @remote}]}, 0x48}}, 0x0) 3.333069072s ago: executing program 9 (id=10894): r0 = socket$can_bcm(0x1d, 0x2, 0x2) io_setup(0x9, &(0x7f0000000240)=0x0) connect$can_bcm(r0, &(0x7f0000000040), 0x10) io_submit(r1, 0x1, &(0x7f00000012c0)=[&(0x7f00000000c0)={0x400000, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f0000000200)="0500000093cb1faf16da39de706f646800580f02000000003f420f0000000000ff030f02000000003f420f00000000003bf81b05ff000000", 0x38}]) 3.093827255s ago: executing program 1 (id=10895): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94) r0 = socket$qrtr(0x2a, 0x2, 0x0) connect$qrtr(r0, &(0x7f0000000040)={0x2a, 0x1, 0x4000}, 0xc) writev(r0, &(0x7f0000000340)=[{&(0x7f0000000080)='8', 0x1}], 0xc) 2.880855241s ago: executing program 0 (id=10896): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0) r1 = openat$cgroup_devices(r0, &(0x7f0000000300)='devices.allow\x00', 0x2, 0x0) write$cgroup_devices(r1, &(0x7f0000000000)=ANY=[@ANYBLOB='b *:* mw'], 0x9) 2.810849299s ago: executing program 5 (id=10897): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, 0x0) 2.760574668s ago: executing program 9 (id=10898): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000880)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x9, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8, 0x4, 0x1, 0x0, 0x8000000}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x1}]}], {0x14}}, 0x64}, 0x1, 0x0, 0x0, 0x814}, 0x0) sendmsg$NFT_MSG_GETOBJ(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYBLOB="34000000150a03000000000000000000020000000900020073797a310000000008000340000700010900010073797a30"], 0x34}}, 0x0) 2.728603909s ago: executing program 8 (id=10899): socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000005c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r0, &(0x7f0000001800)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r1 = socket$netlink(0x10, 0x3, 0x4) write(r1, &(0x7f00000000c0)="29000000140005b7ff000051915f95eb01010003a606a40e07fff024bb000000000000000040000000", 0x29) 2.516733392s ago: executing program 1 (id=10901): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x94) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='sched_process_wait\x00', r0, 0x0, 0x3}, 0x18) r2 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r1}, 0x8) bpf$BPF_PROG_DETACH(0x8, &(0x7f00000006c0)=ANY=[@ANYRES32=0x0, @ANYRES32, @ANYBLOB="1100"/12, @ANYRES32=r2, @ANYBLOB="1d4e"], 0x20) 2.351701509s ago: executing program 0 (id=10902): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_int(r0, 0x0, 0xb, &(0x7f0000000040)=0x3, 0x4) setsockopt$IP_VS_SO_SET_STARTDAEMON(r0, 0x0, 0x1a, &(0x7f0000000240)={0x1, 'veth0_to_team\x00'}, 0x18) syz_emit_ethernet(0x46, &(0x7f0000000100)={@broadcast, @empty, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0xfe, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x1, 0x0, 0x3, 0x24, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x7, @local, @rand_addr=0x640100fe}, "03000000d1d3d8f4"}}}}}, 0x0) 2.125118735s ago: executing program 9 (id=10903): r0 = socket(0x200000000000011, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'team_slave_0\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="840000001300f5d129bd70000000000000000000", @ANYRES32=r1, @ANYBLOB="000004000000000064001680600001800c000900010000000c0b000018000c"], 0x84}, 0x1, 0x0, 0x0, 0x40010}, 0x240480d0) 2.108105217s ago: executing program 8 (id=10904): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="10000000040000000400000004"], 0x48) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0x58, &(0x7f0000000080)={0x0, 0x0}}, 0x10) r2 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={r1}, 0xc) bpf$BPF_GET_PROG_INFO(0x4, &(0x7f0000000880)={r2, 0xe0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) 2.049001693s ago: executing program 5 (id=10905): r0 = socket(0x2, 0x80805, 0x0) sendmmsg$inet_sctp(r0, &(0x7f00000024c0)=[{&(0x7f00000000c0)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000040)=[{&(0x7f0000000100)='a', 0x1}], 0x1}], 0x1, 0x0) setsockopt$inet_sctp_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000180)={0x0, 0x20, 0x8f, 0x2, 0x0, 0x0, 0x0, 0x2, 0x2, 0x0, 0x0, 0x0, 0x4}, 0xe) close(0x3) 1.885026617s ago: executing program 1 (id=10906): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x801, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f00000001c0)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) ioctl$UI_GET_SYSNAME(r0, 0x8040552c, 0x0) 1.774541686s ago: executing program 0 (id=10907): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000a00)=@delchain={0x188, 0x65, 0x2, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x4, 0x2}, {0x0, 0x1}, {0x0, 0xfff1}}, [@TCA_CHAIN={0x8, 0xb, 0x6}, @TCA_RATE={0x6, 0x5, {0x8, 0x81}}, @filter_kind_options=@f_bpf={{0x8}, {0x14c, 0x2, [@TCA_BPF_FD={0x8}, @TCA_BPF_NAME={0xc, 0x7, './file0\x00'}, @TCA_BPF_ACT={0x12c, 0x1, [@m_simple={0x8c, 0x1e, 0x0, 0x0, {{0xb}, {0x60, 0x2, 0x0, 0x1, [@TCA_DEF_PARMS={0x18, 0x2, {0x68f6, 0x6, 0x2, 0x8, 0x9}}, @TCA_DEF_DATA={0x9, 0x3, '/-@@\x00'}, @TCA_DEF_DATA={0x1e, 0x3, 'cpuacct.usage_percpu_user\x00'}, @TCA_DEF_PARMS={0x18, 0x2, {0x0, 0x4a66, 0x4, 0x3, 0x81}}]}, {0x4}, {0xc}, {0xc}}}, @m_connmark={0x6c, 0x15, 0x0, 0x0, {{0xd}, {0x3c, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x9, 0xfffffffb, 0x6, 0x9f32, 0x80000001}, 0x7}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0xeee4, 0x2, 0x6, 0xc, 0x6}, 0x12}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x3}}}}, @m_csum={0x30, 0x8, 0x0, 0x0, {{0x9}, {0x4}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}]}, @TCA_BPF_FLAGS_GEN={0x8}]}}]}, 0x188}, 0x1, 0x0, 0x0, 0x81}, 0x20000080) r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0xffffffffffffff2f}}], 0x4000000000003b4, 0x2040000, &(0x7f0000003700)={0x77359400}) 1.569341452s ago: executing program 8 (id=10908): syz_mount_image$bfs(&(0x7f0000000000), &(0x7f0000000240)='./bus\x00', 0x8008, &(0x7f0000000100)=ANY=[@ANYRES64=0x0], 0xf, 0xab, &(0x7f0000010140)="$eJzs1zGKwkAYBeB/s7CbdptFsLBO4x08ilhqI1aK4A3Ei3gVj5DewiKtiCOYiIidRQT5vmLgzWPgtbM7brubIiKtIlLRme7T3Wy+GA8n9Rl8pCwifiMij4jeX50Pg7r7avqyWo7K6vv58c+69b0AAMDrsug/5nNqLk7NL/Aa/m993vI+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgHe7BAAA//+dfyiL") r0 = openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0) getdents64(r0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0) 1.523171003s ago: executing program 5 (id=10909): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x40) sendmmsg$unix(r0, 0x0, 0x0, 0x40000) 1.32791893s ago: executing program 9 (id=10910): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) sendto$packet(r1, &(0x7f0000000080)="18", 0x10, 0x0, &(0x7f00000000c0)={0x11, 0xc, r2, 0x1, 0x0, 0x6, @multicast}, 0x14) 1.233985949s ago: executing program 1 (id=10911): r0 = socket$inet6_sctp(0xa, 0x801, 0x84) sendmmsg$inet6(r0, &(0x7f0000006d00)=[{{&(0x7f0000000000)={0xa, 0xa0ec, 0xfffffe01, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0xc2}, 0x1c, &(0x7f00000021c0)=[{&(0x7f0000001080)='J', 0x1}], 0x1}}], 0x1, 0x8000) shutdown(r0, 0x1) getsockopt$bt_hci(r0, 0x84, 0x1f, &(0x7f0000000080)=""/4057, &(0x7f0000001180)=0xfd9) 1.216506506s ago: executing program 0 (id=10912): r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f00000000c0)={0x0, "08000000000000000000000000000000000000b582000000010000000100", 0xffffffffffffffff}) ioctl$SYNC_IOC_MERGE(r1, 0xc0303e03, &(0x7f0000000080)={"6739669f274d13b691ebe45b00e4f5b53e0ca34dd02acecdc67c5e3126628168", r1, 0xffffffffffffffff}) ioctl$SYNC_IOC_MERGE(r2, 0x40103e05, &(0x7f0000000080)={"000c00816800df00"}) 979.303742ms ago: executing program 5 (id=10913): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x1c, 0x2, 0x3, 0x3, 0x0, 0x0, {}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}, 0x1, 0x0, 0x0, 0x400c000}, 0x0) sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x1c, 0x2, 0x3, 0x3, 0x0, 0x0, {0x0, 0x0, 0x10}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0) sendmsg$NFQNL_MSG_VERDICT(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="20000000010301010000020000000000000000000c0002"], 0x20}}, 0x0) 911.673215ms ago: executing program 8 (id=10914): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x101002, 0x0) r1 = dup(r0) munmap(&(0x7f0000001000/0x3000)=nil, 0x3000) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) 743.705143ms ago: executing program 9 (id=10915): memfd_create(&(0x7f0000002180)='\t^\x1ax1\xc7\xbe\xa1\xc6F\xfa\x9cq\xb8w&\xdfP\xba\xdf%\x7f\xb7\xac\x952\x8d\xa0\x15\xbc\xf4nS\x11X\x95\xc0~srQ\xeaS\x88\xad\xd1Js\\\xb2\xc5\xed\xe8\x7f\xdc(\x01\xcey\xc7\x15?\n\xad\xe7Z\x9e\xe1K\xfd\xc95f@O}\\\xdd\xca!;\xf38\'D9\xcb\xda\xa1\xc1\v\xb9\xad\xb7}l\xbe\x95p\xd4)\x18x\x17\xab7\x06\x9f\xe3X\v\xf2\xcc\x05\xb4( m\xde\x0f\xf3\xf8\x1b\vW\x00\x90\x01\xfe\x1e<\xabL-3\xe6\x81V\x8d3\x1b\xe4}\xe3\x7f\x06\xce\xe1D\x94&\xac\x88\x95\xff\xda\x14d\xcbx\x93x\x95\xab\xcb@\x8d\xa0\xe4I\xff\x87\x90\xd9\x89O\x98\x90\x86\xff\xcc\xc1\xf5\r\xea\x19c\xba\xa9\"d$\x01h\x0f&/B\xa5\x18%\xc7\x7f\x81X)s\xc8\xc7ex#\xb0\xe4\x1b\xce\x0f\xear,\x8ch=:F$\xe6\x87\xf0AF\xd5\x84c\xd5\xd5(\xb3\xac\x9b\x80\x81y\xf1\a\x0f\x00\x00\x00\x00\xff\xff\xff\xff\xb8~\xaa-', 0xb) syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000300)='./bus\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYRES64=0x0, @ANYRES32, @ANYRESOCT], 0x2, 0x627, &(0x7f0000000b80)="$eJzs3U9oHNcdB/DvrCVZUoujJHZi2kBFDGmpqa0/KK16iRtC8SGUkB56FrYcC6+VIClBCaGo6b9rD7kW0oNuPRV6F7Tn5parjoFCLzkJWlCZ2dn1ylopKznySvbnY96+9+bNvPeb387sahfMBnhqvf5GspUiN6++uV72tzdnm9ubs+fr4WaSst1IhlpViuVk6M/JjbRKRrqmKw5a59Ol+be/+Gr7y1ZvqC7V/o1k+BHPYqMumUxyrq73O2SZ3d0D57t14Hz9KjqZKRN2paw3HmlC+Gbs7tO+Mv/bz+EH3u/A2VG03jf3mUjGk4y2/g7ovIE2HmtwJ8D7LwAAAE+DZ3ayk/VcGHQcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcJbUv/9f1KXRbk+maP/+/0i9LXX7jCn29LYGFgcAAAAAAAAAHEfRc+v3drKT9Uanv1uk8d3k5apzsXr8Vt7PahazkmtZz0LWspaVTCeZ6JpoZH1hbW1luo8jZ3oeOXMCpwwAAAAAAAAAT6LJnls/yc1ceOyxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAIYrkXKuqysW6bhtNMlI2NpLP2+2zbGvQAQAAAMBj8MxOdrKeC+3+blF95n+h+tw/mveznLUsZS3NLOZ2/V1A+am/sb0529zenL1flnLj+T3z/uw/RwqjmjGt7x56r3y52mMsd7JUbbmWW3k3zdxOozqydLkdT3dcD/ymjKl4raXoM7LbdV3u/6eHvg0ZrIkqI8OdjEzVsZXZePbwTBzx2Xl4pek0Ot/8XDxCzl/rc73xui7P5w+nOucz9dX3eXnPHJCJTvTf//tff3W3uXzv7p3Vq6fnlI6pzsTGUJ2J2a778MXDr4knLBNTVSYudfo38/P8MlczmbeykqV8kIWsZTGTjTeq1kJ9RZSPE4dn6sae3ltfF8lI/by0XkX7iintmF6ujr2Qpfwi7+Z2FvNq9W8m0/lx5jKX+a5n+FIfd33jaHf9lR/UjbEkf6zr06HM67Ndee1+zZ2oxrq3PMjScwdnqTjma+PQd+pGucZv6/p0eDgT012ZeP7w6+Uvu+XjanP53srdhff6XO+Vui5T+ftT9S5RXi/PlU9W1dt7dZRjz/ccm67GLnbGGvvGLnXGet6pK+3156u9X+g500w19mLPsdlq7HLXWK+/twA49cZ/OD4y9u+xf419Nva7sbtjb46+fv4n518ayfA/h386NHXulcZLxd/yWX794PM/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwfKsffnRvodlcXPmaxlYf+zxKo6h/yOcEl9Do0RjJ4FbP6ClJgkavZwd4wl1fu//e9dUPP/rR0v2FdxbfWVwenpubn5qfe3X2+p2l5uJU63HQUQIn4dt1vbLa9yEfn1gwAAAAAAAAAAAAQF8ex38nGPQ5AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGfbzasZ2kqR6alrU2V/e3O2WZZ2+8GeQ0kaSYqPk+IfyY20Sia6pisOWufTpfm3v/hq+8vOXJ/8r71/47Djehp+eMNGXTKZ5Fw+GD/SdPvtme9WXR9f0TnDMmFX2omDQft/AAAA///9xArx") r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_SCRNMAP(r0, 0x4b41, &(0x7f0000000040)="51c760047bd52cae83a48d46fd24a4bc4540a0768ca7edb8902a076228bd7bf612c6f08a2d0b66b9ec1ead5bfc1bb9ecc90dc09bb021efd5877b8347ca5a90ac34a09272a313e51cae907fbc6e050f2af560db89b05fc74f984e2912987abadab626bda4abed31c9bce33e343e492f340e70c16ca35b8e89155b1dd91c051ea6b4352c01175f7f4c0694ea5c50a2c5bfa9036393b7943e61d807d1505df6dc08684e4a4c192d9a18c3c7c337a11aceb678eeeb8a449a91508d134a28d6b613163cc23f99f9180492aae9c40e5aa9e563970cc5e02d55c5db") 659.722785ms ago: executing program 0 (id=10916): r0 = socket$inet6_sctp(0xa, 0x801, 0x84) sendto$inet6(r0, &(0x7f0000000140)='U', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) connect$inet6(r0, &(0x7f00000001c0)={0xa, 0x4e22, 0x0, @private1}, 0x1c) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f0000000000)={0x0, 0x0, 0x5}, 0x8) 617.820734ms ago: executing program 1 (id=10917): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x404, &(0x7f00000000c0)={[{@nojournal_checksum}, {@grpquota}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x68}}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@block_validity}, {@dioread_lock}]}, 0x3, 0x439, &(0x7f0000002380)="$eJzs3MtvG0UYAPBv105LXyRU5dEHECiIikfSpKX0wAUEEgeQkOBQjiFJq1K3QU2QaFVBQKgcUSXuiCMSfwEnuCDghMQV7qhShXJp4WS09m5iO3aauE5c8O8nrTuzO9bM592xZ3a6CWBgjWYvScTuiPg9Iobr2eYCo/V/bi1dmf576cp0EtXqW38ltXI3l65MF0WL9+0qMuWI9LMkDrapd/7S5XNTlcrsxTw/vnD+/fH5S5efO3t+6szsmdkLkydPHj828cKJyed7EmcW180DH80d2v/aO9femD517d2fv02K+Fvi6JHRtQ4+Wa32uLr+2tOQTsp9bAgbUqp30xiq9f/hKMXKyRuOVz/ta+OATVWtVqsPdD68WAX+x5LodwuA/ih+6LP5b7Ft0dDjrnDjpfoEKIv7Vr7Vj5QjzcsMtcxve2k0Ik4t/vNVtsXm3IcAAGjyfTb+ebbd+C+NxvtC9+ZrKCMRcV9E7I2IExGxLyLuj6iVfTAiHtpg/a2LJKvHP+n1rgJbp2z892K+ttU8/itGfzFSynN7avEPJafPVmaP5p/JkRjanuUn1qjjh1d++6LTscbxX7Zl9Rdjwbwd18vbm98zM7UwdScxN7rxScSBcrv4k+WVgCQi9kfEgS7rOPv0N4c6Hbt9/GvowTpT9euIp+rnfzFa4i8ka69Pjt8Tldmj48VVsdovv159s1P9dxR/D2Tnf2fb6385/pGkcb12fuN1XP3j845zmm6v/23J2037PpxaWLg4EbEteb3e6JX9pYuTLeUmV8pn8R853L7/742VT+JgRGQX8cMR8UhEPJq3/bGIeDwiDq8R/08vP/Fe9/Fvriz+mQ2d/5XEtmjd0z5ROvfjd02Vjmwk/uz8H6+ljuR71vP9t552dXc1AwAAwH9PGhG7I0nHltNpOjZW/z/8+2JnWpmbX3jm9NwHF2bqzwiMxFBa3OkabrgfOpFP64v8ZEv+WH7f+MvSjlp+bHquMtPv4GHA7erQ/zN/lvrdOmDTdbeOlva8HcDW87wmDC79HwaX/g+Dq03/39GPdgBbr93v/8d9aAew9coNr/nfBAMGhPk/DC79HwaX/g8DaX5H3P4heQmJVYlI74pmSGxSot/fTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAL3xbwAAAP//1Xjmag==") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='blkio.bfq.io_queued_recursive\x00', 0x275a, 0x0) setresuid(0xee00, 0xee01, 0x0) utimensat(r0, 0x0, &(0x7f0000000080)={{}, {0x77359400}}, 0x0) 380.486963ms ago: executing program 5 (id=10918): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000280), 0x2982, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/stat\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x20000023896) ioctl$TCXONC(r0, 0x540a, 0x0) 183.070807ms ago: executing program 8 (id=10919): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000bc0), r0) sendmsg$NL802154_CMD_GET_WPAN_PHY(r0, &(0x7f0000000cc0)={0x0, 0x0, &(0x7f0000000c80)={&(0x7f0000000c00)={0x14, r1, 0x301, 0x70bd27, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x4000001}, 0x800) syz_genetlink_get_family_id$ieee802154(&(0x7f0000000200), r0) 27.517308ms ago: executing program 9 (id=10920): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005345c0f63cdc2e82818254950ee03568b8809a1f04c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab66c1aae9314d7381fcfeb970bea672010000000000000043144648a07a975bd89dc398712376610faa54f12495b4659be8673086f6f3543205d4bc4ce05b8b961103673dff7f158052e62bfbdcddde6985f3f1ac5d9a94cc53207899762a07282a1914452d11858e795a3ca30a101af5574f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5ed44039aab46419496362e54cfad05b4004ac71a003d7b85d07191bed4e5a8908263722d4146f7ed569985439baa355cf3d8731f5e7a237bc06d035a8d601f21746d880819f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c5b9f87d988c9fbd2b9d9b4e2d71753b1549fa734f0b2e5fcf9549804cddad721971637f9c9730a9cc384eed30345979db9c93e1c52f42cad0a4d4f9436d3f39b0ed09c395dc6e970366087a8e4daeeb1b017006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f710c490ecd085d2811a7555c53030000007f00000000bfa6478eb96b079c277e2910b7ccdc3d672ed34aa65278c549e2abb549ad954884289130bc71cee2b7de62bf48129ae1af052a2d46a6165eb0954dac7265f1f425735acf6377793946b3229e861d8ea49806b3b533345d36ecef9df700000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c000000aaae37f044bcadeb0f6846582b7653665aa336db9f0384d3c7ddf79c2e0000000000000000000000000000000000000000000000e154aa0d3e41986a668ee1e5ef93a8ceac75f44aae95e26742f895f287111f8ee86f7e3ffb63cfb0e345cf7fc63dd2b0d30977899c6f03640040af4db71f7452bfc79a05118d8bb42b63b195771e42f9942ec626bd4b5461b74324012164e8"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock}, 0x70) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000140)=ANY=[@ANYRES32=r1, @ANYRES32=r0, @ANYBLOB="02"], 0x20) 0s ago: executing program 0 (id=10921): r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000)) ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000140)) write$dsp(r0, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000) kernel console output (not intermixed with test programs): [ 2602.453406][T29035] loop2: detected capacity change from 0 to 736 [ 2602.801172][T29043] netlink: 'syz.0.9267': attribute type 2 has an invalid length. [ 2602.888085][T29041] loop3: detected capacity change from 0 to 4096 [ 2603.397916][ T30] audit: type=1800 audit(2000000330.610:2132): pid=29041 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.9265" name="file0" dev="loop3" ino=0 res=0 errno=0 [ 2603.606002][T23745] hid-generic 0000:0000:0000.005F: unknown main item tag 0x0 [ 2603.619049][T23745] hid-generic 0000:0000:0000.005F: unknown main item tag 0x0 [ 2603.628229][T23745] hid-generic 0000:0000:0000.005F: unknown main item tag 0x0 [ 2603.676033][T23745] hid-generic 0000:0000:0000.005F: hidraw0: HID v0.00 Device [syz1] on syz1 [ 2603.720408][T29054] pim6reg: entered allmulticast mode [ 2603.771550][T29055] pim6reg: left allmulticast mode [ 2605.686276][T29090] netlink: 4 bytes leftover after parsing attributes in process `syz.2.9288'. [ 2605.742911][T29090] netlink: 104 bytes leftover after parsing attributes in process `syz.2.9288'. [ 2605.753822][T29090] netlink: 104 bytes leftover after parsing attributes in process `syz.2.9288'. [ 2606.518322][T29104] tmpfs: Cannot change global quota limit on remount [ 2606.761611][T29108] loop2: detected capacity change from 0 to 1024 [ 2607.429660][T29117] loop2: detected capacity change from 0 to 16 [ 2607.493435][T29118] digital: digital_start_poll: Unknown protocol [ 2608.100162][T29126] loop3: detected capacity change from 0 to 128 [ 2608.492398][T29128] loop2: detected capacity change from 0 to 4096 [ 2608.585683][T29128] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003] [ 2608.598893][T29128] System zones: 0-5 [ 2608.636567][T29128] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 2608.889627][T29134] loop1: detected capacity change from 0 to 512 [ 2609.126928][T26438] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 2609.179774][T29134] EXT4-fs error (device loop1): ext4_do_update_inode:5568: inode #16: comm syz.1.9308: corrupted inode contents [ 2609.198194][T29134] EXT4-fs error (device loop1): ext4_dirty_inode:6459: inode #16: comm syz.1.9308: mark_inode_dirty error [ 2609.235075][T29134] EXT4-fs error (device loop1): ext4_do_update_inode:5568: inode #16: comm syz.1.9308: corrupted inode contents [ 2609.272630][T29134] EXT4-fs error (device loop1): __ext4_ext_dirty:206: inode #16: comm syz.1.9308: mark_inode_dirty error [ 2609.336900][T29134] EXT4-fs error (device loop1): ext4_do_update_inode:5568: inode #16: comm syz.1.9308: corrupted inode contents [ 2609.398246][T29134] EXT4-fs error (device loop1) in ext4_orphan_del:305: Corrupt filesystem [ 2609.468131][T29134] EXT4-fs error (device loop1): ext4_do_update_inode:5568: inode #16: comm syz.1.9308: corrupted inode contents [ 2609.527849][T29134] EXT4-fs error (device loop1): ext4_truncate:4597: inode #16: comm syz.1.9308: mark_inode_dirty error [ 2609.568100][T29134] EXT4-fs error (device loop1) in ext4_process_orphan:347: Corrupt filesystem [ 2609.638007][T29134] EXT4-fs (loop1): 1 truncate cleaned up [ 2609.647004][T29134] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 2609.662437][T29134] ext4 filesystem being mounted at /184/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 2609.680652][T24362] Quota error (device loop1): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 2609.691351][T24362] EXT4-fs error (device loop1): ext4_release_dquot:6969: comm kworker/u8:3: Failed to release dquot type 1 [ 2610.022850][T26897] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 2610.045270][T29155] loop0: detected capacity change from 0 to 512 [ 2610.100130][T29155] EXT4-fs (loop0): Test dummy encryption mode enabled [ 2610.128674][T23745] usb 4-1: new high-speed USB device number 40 using dummy_hcd [ 2610.204711][T29155] EXT4-fs error (device loop0): __ext4_iget:5379: inode #11: block 1: comm syz.0.9315: invalid block [ 2610.329301][T29155] EXT4-fs error (device loop0): ext4_orphan_get:1398: comm syz.0.9315: couldn't read orphan inode 11 (err -117) [ 2610.396751][T29155] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 2610.627912][T23745] usb 4-1: Using ep0 maxpacket: 32 [ 2610.652270][T23745] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2610.663815][T23745] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 2610.674091][T23745] usb 4-1: New USB device found, idVendor=172f, idProduct=0501, bcdDevice= 0.00 [ 2610.686757][T23745] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2610.757784][T23745] usb 4-1: config 0 descriptor?? [ 2610.851391][T27325] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 2611.263218][T23745] waltop 0003:172F:0501.0060: collection stack underflow [ 2611.271500][T23745] waltop 0003:172F:0501.0060: item 0 1 0 12 parsing failed [ 2611.299210][T23745] waltop 0003:172F:0501.0060: probe with driver waltop failed with error -22 [ 2611.480485][T23745] usb 4-1: USB disconnect, device number 40 [ 2611.851143][T29169] loop0: detected capacity change from 0 to 512 [ 2612.146033][T29169] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 2612.160505][T29169] ext4 filesystem being mounted at /147/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 2612.594693][T27325] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 2613.198124][ T30] audit: type=1326 audit(2000000340.420:2133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29190 comm="syz.8.9331" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e539 code=0x7ffc0000 [ 2613.301920][ T30] audit: type=1326 audit(2000000340.460:2134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29190 comm="syz.8.9331" exe="/root/syz-executor" sig=0 arch=40000003 syscall=329 compat=1 ip=0xf703e539 code=0x7ffc0000 [ 2613.324252][ C0] vkms_vblank_simulate: vblank timer overrun [ 2613.331643][ T30] audit: type=1326 audit(2000000340.460:2135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29190 comm="syz.8.9331" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e539 code=0x7ffc0000 [ 2613.358888][ T30] audit: type=1326 audit(2000000340.480:2136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29190 comm="syz.8.9331" exe="/root/syz-executor" sig=0 arch=40000003 syscall=256 compat=1 ip=0xf703e539 code=0x7ffc0000 [ 2613.381690][ T30] audit: type=1326 audit(2000000340.480:2137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29190 comm="syz.8.9331" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e539 code=0x7ffc0000 [ 2614.824344][T29220] loop1: detected capacity change from 0 to 1024 [ 2617.315733][T29259] loop2: detected capacity change from 0 to 256 [ 2617.802834][T29266] loop3: detected capacity change from 0 to 512 [ 2617.842417][T29266] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 2618.062004][T29266] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 2618.132294][T29266] EXT4-fs (loop3): 1 truncate cleaned up [ 2618.140836][T29266] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 2618.588068][T19139] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 2620.657979][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 2622.708335][T29304] Bluetooth: hci3: command 0x0405 tx timeout [ 2622.749537][T29342] RDS: rds_bind could not find a transport for ::a:0:0, load rds_tcp or rds_rdma? [ 2623.833875][T29357] loop0: detected capacity change from 0 to 4096 [ 2623.958842][T29357] NILFS (loop0): invalid segment: Checksum error in segment payload [ 2623.967155][T29357] NILFS (loop0): trying rollback from an earlier position [ 2623.987876][T29359] loop2: detected capacity change from 0 to 2048 [ 2624.021158][T29363] loop1: detected capacity change from 0 to 164 [ 2624.032829][T29357] NILFS (loop0): recovery complete [ 2624.065500][T29366] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 2624.146957][T29359] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 2624.162908][T29359] ext4 filesystem being mounted at /252/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 2624.635174][T26438] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 2624.691001][ T30] audit: type=1326 audit(2000000351.900:2138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29372 comm="syz.3.9411" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70ee539 code=0x0 [ 2625.870641][T29385] loop1: detected capacity change from 0 to 4096 [ 2625.919718][T29385] ntfs3(loop1): Different NTFS sector size (4096) and media sector size (512). [ 2626.195500][T29385] ntfs3(loop1): Failed to initialize $Extend/$Reparse. [ 2627.152121][T29411] loop1: detected capacity change from 0 to 256 [ 2627.423457][T29411] FAT-fs (loop1): Directory bread(block 64) failed [ 2627.431164][T29411] FAT-fs (loop1): Directory bread(block 65) failed [ 2627.441266][T29411] FAT-fs (loop1): Directory bread(block 66) failed [ 2627.448261][T29411] FAT-fs (loop1): Directory bread(block 67) failed [ 2627.455270][T29411] FAT-fs (loop1): Directory bread(block 68) failed [ 2627.462277][T29411] FAT-fs (loop1): Directory bread(block 69) failed [ 2627.472215][T29411] FAT-fs (loop1): Directory bread(block 70) failed [ 2627.483010][T29411] FAT-fs (loop1): Directory bread(block 71) failed [ 2627.491363][T29411] FAT-fs (loop1): Directory bread(block 72) failed [ 2627.501091][T29411] FAT-fs (loop1): Directory bread(block 73) failed [ 2627.752210][ T5852] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 2627.964618][ T5852] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 2627.975554][ T5852] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 2627.984959][ T5852] usb 3-1: config 1 has no interface number 0 [ 2627.993057][ T5852] usb 3-1: config 1 interface 1 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 2628.140078][ T5852] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 2628.150181][ T5852] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2628.158665][ T5852] usb 3-1: Product: syz [ 2628.163090][ T5852] usb 3-1: Manufacturer: syz [ 2628.168203][ T5852] usb 3-1: SerialNumber: syz [ 2628.248896][ T5852] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found [ 2628.256084][ T5852] cdc_ncm 3-1:1.1: bind() failure [ 2628.326616][T29427] netlink: 8 bytes leftover after parsing attributes in process `syz.0.9437'. [ 2628.336075][T29427] netlink: 4 bytes leftover after parsing attributes in process `syz.0.9437'. [ 2628.346477][T29427] netlink: 'syz.0.9437': attribute type 7 has an invalid length. [ 2628.466554][ T5852] usb 3-1: USB disconnect, device number 13 [ 2629.482728][T29443] netlink: 24 bytes leftover after parsing attributes in process `syz.1.9444'. [ 2629.653117][T29448] loop3: detected capacity change from 0 to 64 [ 2629.830588][T29448] hfs: hfs: Invalid key length: 94 [ 2629.912949][T29451] netlink: 1 bytes leftover after parsing attributes in process `syz.8.9448'. [ 2630.131499][T29454] tmpfs: Bad value for 'mpol' [ 2630.172833][T29456] bond0: option mode: unable to set because the bond device has slaves [ 2630.200317][T19139] hfs: node 4:3 still has 1 user(s)! [ 2630.682030][T29462] loop3: detected capacity change from 0 to 2048 [ 2630.773845][T29462] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 2632.722028][T29497] netlink: 8 bytes leftover after parsing attributes in process `syz.3.9468'. [ 2633.548169][T29508] loop1: detected capacity change from 0 to 2048 [ 2633.569124][T23745] usb 4-1: new high-speed USB device number 41 using dummy_hcd [ 2633.589282][T29502] loop0: detected capacity change from 0 to 4096 [ 2633.645980][T29511] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 2633.746386][T23745] usb 4-1: Using ep0 maxpacket: 16 [ 2633.788687][T23745] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2633.803831][T23745] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 2633.814151][T23745] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 2633.830880][T23745] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 2633.844460][T23745] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2633.871225][T29511] NILFS (loop1): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3) [ 2633.882602][T29511] NILFS error (device loop1): nilfs_bmap_propagate: broken bmap (inode number=4) [ 2633.938778][T29511] Remounting filesystem read-only [ 2633.955829][T26897] NILFS (loop1): disposed unprocessed dirty file(s) when stopping log writer [ 2634.010663][T23745] usb 4-1: config 0 descriptor?? [ 2634.206986][T29502] ntfs3(loop0): failed to convert "0080" to koi8-ru [ 2634.462663][T23745] microsoft 0003:045E:07DA.0061: unknown main item tag 0x0 [ 2634.473352][T23745] microsoft 0003:045E:07DA.0061: unknown main item tag 0x0 [ 2634.481143][T23745] microsoft 0003:045E:07DA.0061: unknown main item tag 0x0 [ 2634.490450][T23745] microsoft 0003:045E:07DA.0061: unknown main item tag 0x0 [ 2634.501337][T23745] microsoft 0003:045E:07DA.0061: unknown main item tag 0x0 [ 2634.509142][T23745] microsoft 0003:045E:07DA.0061: unknown main item tag 0x0 [ 2634.516726][T23745] microsoft 0003:045E:07DA.0061: unknown main item tag 0x0 [ 2634.666418][T23745] microsoft 0003:045E:07DA.0061: No inputs registered, leaving [ 2634.718421][T23745] microsoft 0003:045E:07DA.0061: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.3-1/input0 [ 2634.732444][T23745] microsoft 0003:045E:07DA.0061: no inputs found [ 2634.741907][T23745] microsoft 0003:045E:07DA.0061: could not initialize ff, continuing anyway [ 2634.865061][T23745] usb 4-1: USB disconnect, device number 41 [ 2635.689000][T29538] netlink: 8 bytes leftover after parsing attributes in process `syz.3.9488'. [ 2635.698766][T29538] netlink: 4 bytes leftover after parsing attributes in process `syz.3.9488'. [ 2635.708037][T29538] netlink: 'syz.3.9488': attribute type 18 has an invalid length. [ 2635.717167][T29538] netlink: 'syz.3.9488': attribute type 18 has an invalid length. [ 2636.118861][T29543] usb usb8: usbfs: process 29543 (syz.2.9489) did not claim interface 0 before use [ 2637.938765][T29570] loop2: detected capacity change from 0 to 64 [ 2639.459223][T29594] loop2: detected capacity change from 0 to 512 [ 2639.516882][T29594] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 2639.526177][T29594] EXT4-fs (loop2): bad geometry: first data block 0 is beyond end of filesystem (0) [ 2639.916097][T29601] loop1: detected capacity change from 0 to 256 [ 2640.238137][T29601] FAT-fs (loop1): Directory bread(block 64) failed [ 2640.244975][T29601] FAT-fs (loop1): Directory bread(block 65) failed [ 2640.252527][T29601] FAT-fs (loop1): Directory bread(block 66) failed [ 2640.262283][T29601] FAT-fs (loop1): Directory bread(block 67) failed [ 2640.269707][T29601] FAT-fs (loop1): Directory bread(block 68) failed [ 2640.280610][T29601] FAT-fs (loop1): Directory bread(block 69) failed [ 2640.289440][T29601] FAT-fs (loop1): Directory bread(block 70) failed [ 2640.296239][T29601] FAT-fs (loop1): Directory bread(block 71) failed [ 2640.306322][T29601] FAT-fs (loop1): Directory bread(block 72) failed [ 2640.313345][T29601] FAT-fs (loop1): Directory bread(block 73) failed [ 2641.507351][T29622] netlink: 24 bytes leftover after parsing attributes in process `syz.8.9529'. [ 2644.193549][T29667] loop2: detected capacity change from 0 to 1024 [ 2644.368711][T29671] loop0: detected capacity change from 0 to 512 [ 2644.544489][T29671] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 2644.557966][T29671] ext4 filesystem being mounted at /193/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 2644.818949][T29671] EXT4-fs: Ignoring removed orlov option [ 2644.826113][T29671] EXT4-fs: Cannot specify journal on remount [ 2645.073680][T27325] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 2646.941448][T25522] Bluetooth: hci4: failed to read key size for handle 201 [ 2646.949149][T25522] Bluetooth: hci4: unexpected event for opcode 0x1408 [ 2647.926781][T29726] loop2: detected capacity change from 0 to 2048 [ 2647.996158][T29728] loop0: detected capacity change from 0 to 2048 [ 2648.046651][T29726] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 2648.109634][T29728] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 2648.256265][T29728] EXT4-fs error (device loop0): ext4_search_dir:1474: inode #12: block 9: comm syz.0.9577: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=13, rec_len=21, size=56 fake=0 [ 2648.301460][T29728] EXT4-fs (loop0): Remounting filesystem read-only [ 2648.523428][T27325] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 2648.571782][T23745] usb 9-1: new high-speed USB device number 12 using dummy_hcd [ 2648.800128][T23745] usb 9-1: config 0 has an invalid descriptor of length 33, skipping remainder of the config [ 2648.811585][T23745] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 2648.824612][T23745] usb 9-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 2648.869360][T23745] usb 9-1: New USB device found, idVendor=8086, idProduct=0b5b, bcdDevice=e1.c5 [ 2648.885256][T23745] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2648.894839][T23745] usb 9-1: Product: syz [ 2648.899611][T23745] usb 9-1: Manufacturer: syz [ 2648.904524][T23745] usb 9-1: SerialNumber: syz [ 2648.919795][T23745] usb 9-1: config 0 descriptor?? [ 2649.146009][T23745] usb 9-1: Found UVC 34.00 device syz (8086:0b5b) [ 2649.155756][T23745] usb 9-1: No valid video chain found. [ 2649.197361][T23745] usb 9-1: USB disconnect, device number 12 [ 2649.907321][T29757] loop2: detected capacity change from 0 to 512 [ 2649.954988][T29757] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 2650.054693][T29757] EXT4-fs error (device loop2): ext4_find_inline_data_nolock:169: inode #17: comm syz.2.9589: inline data xattr refers to an external xattr inode [ 2650.117892][T29759] loop3: detected capacity change from 0 to 2048 [ 2650.118925][T29757] EXT4-fs error (device loop2): ext4_orphan_get:1398: comm syz.2.9589: couldn't read orphan inode 17 (err -117) [ 2650.181432][T29759] UDF-fs: error (device loop3): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 2650.255621][T29757] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 2650.282366][T29759] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 2650.643926][T26438] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 2651.033012][T25522] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0 [ 2651.042081][T25522] Bluetooth: hci4: Injecting HCI hardware error event [ 2651.051210][T25522] Bluetooth: hci4: hardware error 0x00 [ 2651.106863][T29775] loop3: detected capacity change from 0 to 256 [ 2651.158355][T29775] exFAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 2651.169853][T29775] exFAT-fs (loop3): Medium has reported failures. Some data may be lost. [ 2651.348192][ C0] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 2651.406903][T29775] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 2651.767917][T29784] netlink: 'syz.8.9601': attribute type 4 has an invalid length. [ 2651.973463][T29786] netlink: 8 bytes leftover after parsing attributes in process `syz.3.9603'. [ 2652.739938][T29798] loop0: detected capacity change from 0 to 1024 [ 2652.880114][T29798] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 2653.055401][ T30] audit: type=1800 audit(2000000380.260:2139): pid=29798 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.9609" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 2653.110578][T25522] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 2653.341480][T27325] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 2653.581501][T29815] program syz.2.9614 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 2654.205539][T29824] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 2655.560280][T29850] loop3: detected capacity change from 0 to 64 [ 2656.538875][ T5852] usb 4-1: new high-speed USB device number 42 using dummy_hcd [ 2656.600356][T29866] netlink: 8 bytes leftover after parsing attributes in process `syz.2.9638'. [ 2656.725720][ T5852] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 64, changing to 10 [ 2656.737940][ T5852] usb 4-1: New USB device found, idVendor=0c70, idProduct=f011, bcdDevice= 0.00 [ 2656.747295][ T5852] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2656.860257][ T5852] usb 4-1: config 0 descriptor?? [ 2657.363019][ T5852] aquacomputer_d5next 0003:0C70:F011.0062: hidraw0: USB HID v0.00 Device [HID 0c70:f011] on usb-dummy_hcd.3-1/input0 [ 2657.571290][ T5852] usb 4-1: USB disconnect, device number 42 [ 2657.631967][ T30] audit: type=1326 audit(2000000384.850:2140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29873 comm="syz.0.9642" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf712e539 code=0x0 [ 2657.653663][ C0] vkms_vblank_simulate: vblank timer overrun [ 2658.813131][ T5852] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 2659.010215][T29898] loop0: detected capacity change from 0 to 1024 [ 2659.028311][ T5852] usb 3-1: config index 0 descriptor too short (expected 23569, got 27) [ 2659.037000][ T5852] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 2659.040693][T29898] EXT4-fs: Ignoring removed oldalloc option [ 2659.053588][T29898] EXT4-fs: Ignoring removed bh option [ 2659.146252][ T5852] usb 3-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 2659.155919][ T5852] usb 3-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 2659.169515][ T5852] usb 3-1: Manufacturer: syz [ 2659.183166][T29898] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 2659.207717][T13467] usb 9-1: new high-speed USB device number 13 using dummy_hcd [ 2659.255089][ T5852] usb 3-1: config 0 descriptor?? [ 2659.382114][T29898] EXT4-fs: Ignoring removed orlov option [ 2659.408849][T13467] usb 9-1: Using ep0 maxpacket: 8 [ 2659.426407][T29898] EXT4-fs (loop0): can't enable nombcache during remount [ 2659.458679][T13467] usb 9-1: New USB device found, idVendor=04b4, idProduct=8613, bcdDevice=95.8f [ 2659.469122][T13467] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2659.477957][T13467] usb 9-1: Product: syz [ 2659.482391][T13467] usb 9-1: Manufacturer: syz [ 2659.487246][T13467] usb 9-1: SerialNumber: syz [ 2659.533564][T29909] netlink: 4 bytes leftover after parsing attributes in process `syz.1.9655'. [ 2659.559872][T13467] usb 9-1: config 0 descriptor?? [ 2659.586524][T29910] netlink: 277 bytes leftover after parsing attributes in process `syz.1.9655'. [ 2659.596297][T29910] netlink: 277 bytes leftover after parsing attributes in process `syz.1.9655'. [ 2659.642340][T13467] usbtest 9-1:0.0: FX2 device [ 2659.647327][T13467] usbtest 9-1:0.0: high-speed {control bulk-in bulk-out} tests (+alt) [ 2659.717897][ T5852] rc_core: IR keymap rc-hauppauge not found [ 2659.724190][ T5852] Registered IR keymap rc-empty [ 2659.730872][ T5852] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0 [ 2659.746150][ T5852] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input23 [ 2659.771961][T27325] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 2659.812811][ T5852] usb 9-1: USB disconnect, device number 13 [ 2659.902772][T29911] rc rc0: two consecutive events of type space [ 2660.050782][T29914] netlink: 'syz.3.9657': attribute type 2 has an invalid length. [ 2660.059284][T29914] netlink: 85376 bytes leftover after parsing attributes in process `syz.3.9657'. [ 2660.164378][ T5852] usb 3-1: USB disconnect, device number 14 [ 2660.746921][T29924] netlink: 'syz.8.9662': attribute type 1 has an invalid length. [ 2660.757131][T29924] netlink: 'syz.8.9662': attribute type 2 has an invalid length. [ 2660.837817][T29926] loop0: detected capacity change from 0 to 64 [ 2662.547772][T29952] loop2: detected capacity change from 0 to 64 [ 2664.112749][T29976] loop0: detected capacity change from 0 to 1024 [ 2664.255041][T29976] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 2664.494722][T29976] EXT4-fs: Ignoring sb option on remount [ 2664.501162][T29976] EXT4-fs: Ignoring removed orlov option [ 2664.507262][T29976] EXT4-fs: Ignoring removed nomblk_io_submit option [ 2664.514432][T29976] EXT4-fs: Remounting fs w/o journal so ignoring data_err option [ 2664.624673][T29976] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000. [ 2664.980203][T27325] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 2665.879986][T30010] loop0: detected capacity change from 0 to 64 [ 2665.949028][T30011] netlink: 24 bytes leftover after parsing attributes in process `syz.1.9703'. [ 2665.984643][T30010] Trying to free block not in datazone [ 2666.030390][T30010] minix_free_block (loop0:21): bit already cleared [ 2666.682498][T30021] loop1: detected capacity change from 0 to 1024 [ 2666.849073][ T30] audit: type=1800 audit(2000000394.060:2141): pid=30021 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.9708" name="file2" dev="loop1" ino=21 res=0 errno=0 [ 2666.869898][ C0] vkms_vblank_simulate: vblank timer overrun [ 2668.469302][T30052] tipc: Enabling of bearer rejected, failed to enable media [ 2668.492908][T30053] netlink: 8 bytes leftover after parsing attributes in process `syz.2.9722'. [ 2669.101635][T30063] loop2: detected capacity change from 0 to 128 [ 2669.215460][T30063] FAT-fs (loop2): error, corrupted directory (invalid entries) [ 2669.224559][T30063] FAT-fs (loop2): Filesystem has been set read-only [ 2669.261896][T30063] FAT-fs (loop2): error, corrupted directory (invalid entries) [ 2669.295551][T30067] netlink: 8 bytes leftover after parsing attributes in process `syz.8.9729'. [ 2669.333711][T30067] bridge0: port 3(macvlan3) entered blocking state [ 2669.344188][T30067] bridge0: port 3(macvlan3) entered disabled state [ 2669.351850][T30067] macvlan3: entered allmulticast mode [ 2669.361867][T30067] bridge0: entered allmulticast mode [ 2669.522002][T30067] macvlan3: left allmulticast mode [ 2669.527776][T30067] bridge0: left allmulticast mode [ 2670.359992][T30079] smc: net device lo applied user defined pnetid SYZ1 [ 2670.870049][T30087] overlayfs: option "volatile" is meaningless in a non-upper mount, ignoring it. [ 2670.879726][T30087] overlayfs: missing 'lowerdir' [ 2673.166238][T30112] loop1: detected capacity change from 0 to 4096 [ 2673.217910][T30112] EXT4-fs (loop1): Test dummy encryption mode enabled [ 2673.304723][T30121] loop3: detected capacity change from 0 to 512 [ 2673.315649][T30124] sd 0:0:1:0: device reset [ 2673.362568][T30121] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 2673.411734][T30112] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 2673.481800][T30121] EXT4-fs (loop3): 1 truncate cleaned up [ 2673.493122][T30121] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 2673.689030][T30121] EXT4-fs error (device loop3): ext4_find_extent:903: inode #15: comm syz.3.9754: inode has invalid extent depth: 25964 [ 2673.709811][T30121] EXT4-fs (loop3): Remounting filesystem read-only [ 2673.716856][T30121] fs-verity (loop3, inode 15): Error -117 getting verity descriptor size [ 2673.824848][T30121] fs-verity (loop3, inode 15): Error -117 getting verity descriptor size [ 2673.969572][T26897] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 2674.159321][T19139] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 2674.378835][T23745] usb 9-1: new high-speed USB device number 14 using dummy_hcd [ 2674.571085][T23745] usb 9-1: Using ep0 maxpacket: 32 [ 2674.610528][T23745] usb 9-1: config index 0 descriptor too short (expected 35577, got 27) [ 2674.619517][T23745] usb 9-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 2674.632284][T23745] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 2674.642098][T23745] usb 9-1: config 1 has no interface number 0 [ 2674.648806][T23745] usb 9-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 2674.662939][T23745] usb 9-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 2674.676375][T23745] usb 9-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 2674.689103][T23745] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2674.865454][T23745] snd_usb_pod 9-1:1.1: Line 6 Pocket POD found [ 2675.073741][T23745] snd_usb_pod 9-1:1.1: Line 6 Pocket POD now attached [ 2675.212171][T30151] loop0: detected capacity change from 0 to 1024 [ 2675.531556][T23745] usb 9-1: USB disconnect, device number 14 [ 2675.542646][T23745] snd_usb_pod 9-1:1.1: Line 6 Pocket POD now disconnected [ 2675.649269][ T4090] hfsplus: b-tree write err: -5, ino 4 [ 2676.246736][T30167] loop2: detected capacity change from 0 to 47 [ 2677.500588][T30189] loop2: detected capacity change from 0 to 1024 [ 2677.596033][T30189] hfsplus: bad catalog entry type [ 2677.691739][T30192] loop3: detected capacity change from 0 to 256 [ 2677.812600][T12558] hfsplus: b-tree write err: -5, ino 4 [ 2678.091446][T30198] pim6reg: entered allmulticast mode [ 2680.008006][T30231] loop3: detected capacity change from 0 to 64 [ 2680.145520][T30231] overlayfs: upper fs needs to support d_type. [ 2680.194630][T30231] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 2680.202209][T30231] overlayfs: failed to set xattr on upper [ 2680.208539][T30231] overlayfs: ...falling back to redirect_dir=nofollow. [ 2680.213764][T30229] loop2: detected capacity change from 0 to 2048 [ 2680.219368][T30231] overlayfs: ...falling back to index=off. [ 2680.232118][T30231] overlayfs: ...falling back to uuid=null. [ 2680.339361][T30229] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 2680.646822][T19139] Bad inode number on dev loop3: 4160749571 is out of range [ 2680.668806][T30238] (unnamed net_device) (uninitialized): option ad_user_port_key: invalid value (48423) [ 2680.676436][T19139] Bad inode number on dev loop3: 4160749571 is out of range [ 2680.679417][T30238] (unnamed net_device) (uninitialized): option ad_user_port_key: allowed values 0 - 1023 [ 2681.323661][T30244] netlink: 44 bytes leftover after parsing attributes in process `syz.0.9812'. [ 2681.333385][T30244] netlink: 'syz.0.9812': attribute type 6 has an invalid length. [ 2681.348348][T30244] netlink: 'syz.0.9812': attribute type 5 has an invalid length. [ 2681.358156][T30244] netlink: 'syz.0.9812': attribute type 4 has an invalid length. [ 2681.933813][T12558] bridge_slave_1: left allmulticast mode [ 2681.939945][T12558] bridge_slave_1: left promiscuous mode [ 2681.946564][T12558] bridge0: port 2(bridge_slave_1) entered disabled state [ 2682.017285][T12558] bridge_slave_0: left allmulticast mode [ 2682.023420][T12558] bridge_slave_0: left promiscuous mode [ 2682.030306][T12558] bridge0: port 1(bridge_slave_0) entered disabled state [ 2682.099358][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 2682.602492][T12558] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2682.625542][T12558] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2682.657281][T12558] bond0 (unregistering): Released all slaves [ 2682.824953][T12558] tipc: Left network mode [ 2683.058428][T12558] hsr_slave_0: left promiscuous mode [ 2683.093908][T12558] hsr_slave_1: left promiscuous mode [ 2683.102551][T12558] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 2683.151049][T12558] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 2683.586471][T12558] team0 (unregistering): Port device team_slave_1 removed [ 2683.639123][T12558] team0 (unregistering): Port device team_slave_0 removed [ 2684.267100][T30260] loop2: detected capacity change from 0 to 512 [ 2684.342282][T30260] EXT4-fs (loop2): filesystem is read-only [ 2684.392595][T30260] EXT4-fs (loop2): filesystem is read-only [ 2684.399367][T30260] EXT4-fs (loop2): orphan cleanup on readonly fs [ 2684.445413][T30260] EXT4-fs error (device loop2): ext4_orphan_get:1419: comm syz.2.9821: bad orphan inode 16 [ 2684.455231][T30262] usb usb8: usbfs: process 30262 (syz.0.9823) did not claim interface 0 before use [ 2684.473883][T29304] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 2684.484921][T29304] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 2684.495308][T29304] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 2684.509855][T29304] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 2684.550167][T30260] ext4_test_bit(bit=15, block=3) = 0 [ 2684.559923][T30260] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 2684.568039][T12558] IPVS: stop unused estimator thread 0... [ 2684.618629][T29304] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 2684.953776][T26438] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 2685.089066][T30271] tipc: Started in network mode [ 2685.094287][T30271] tipc: Node identity 5f00000000000000faffffffffffffff, cluster identity 4711 [ 2685.382399][T30277] loop0: detected capacity change from 0 to 8 [ 2685.502153][T30277] SQUASHFS error: zlib decompression failed, data probably corrupt [ 2685.510658][T30277] SQUASHFS error: Failed to read block 0x9b: -5 [ 2685.517139][T30277] SQUASHFS error: Unable to read metadata cache entry [99] [ 2685.524904][T30277] SQUASHFS error: Unable to read inode 0x127 [ 2685.616808][T30265] chnl_net:caif_netlink_parms(): no params data found [ 2685.652458][T30277] veth1_to_team: entered promiscuous mode [ 2685.669755][T30277] A link change request failed with some changes committed already. Interface veth1_to_team may have been left with an inconsistent configuration, please check. [ 2685.942215][ T30] audit: type=1326 audit(2000000413.170:2142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30282 comm="syz.8.9829" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf703e539 code=0x0 [ 2686.708121][T29304] Bluetooth: hci1: command tx timeout [ 2687.031496][T30265] bridge0: port 1(bridge_slave_0) entered blocking state [ 2687.039338][T30265] bridge0: port 1(bridge_slave_0) entered disabled state [ 2687.047142][T30265] bridge_slave_0: entered allmulticast mode [ 2687.056815][T30265] bridge_slave_0: entered promiscuous mode [ 2687.134566][T30265] bridge0: port 2(bridge_slave_1) entered blocking state [ 2687.142568][T30265] bridge0: port 2(bridge_slave_1) entered disabled state [ 2687.150524][T30265] bridge_slave_1: entered allmulticast mode [ 2687.160065][T30265] bridge_slave_1: entered promiscuous mode [ 2687.431772][T30265] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2687.474708][T30265] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2687.655694][T30265] team0: Port device team_slave_0 added [ 2687.690201][T30265] team0: Port device team_slave_1 added [ 2687.755952][T30306] loop2: detected capacity change from 0 to 1024 [ 2687.915269][T30306] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 2687.933105][T30265] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 2687.942630][T30265] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2687.968857][ C0] vkms_vblank_simulate: vblank timer overrun [ 2687.975751][T30265] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 2688.175570][T30265] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 2688.182950][T30265] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2688.209049][ C0] vkms_vblank_simulate: vblank timer overrun [ 2688.224002][T30265] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 2688.291093][T26438] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 2688.478170][T30265] hsr_slave_0: entered promiscuous mode [ 2688.488623][T30265] hsr_slave_1: entered promiscuous mode [ 2688.788415][T29304] Bluetooth: hci1: command tx timeout [ 2688.816404][T30319] ieee802154 phy0 wpan0: encryption failed: -22 [ 2689.729857][T30265] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 2689.765085][T30265] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 2689.793580][T30265] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 2689.879614][T30265] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 2689.904312][T30332] netlink: 8 bytes leftover after parsing attributes in process `syz.2.9848'. [ 2690.411065][T30339] loop2: detected capacity change from 0 to 256 [ 2690.453088][T30339] exfat: Deprecated parameter 'namecase' [ 2690.566722][T30339] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xe3f33698, utbl_chksum : 0xe619d30d) [ 2690.844422][T30265] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2690.874816][T29304] Bluetooth: hci1: command tx timeout [ 2690.960692][T30265] 8021q: adding VLAN 0 to HW filter on device team0 [ 2691.034393][ T14] bridge0: port 1(bridge_slave_0) entered blocking state [ 2691.042216][ T14] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2691.096130][ T14] bridge0: port 2(bridge_slave_1) entered blocking state [ 2691.103886][ T14] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2691.878051][T30351] loop0: detected capacity change from 0 to 512 [ 2691.949325][T30351] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [ 2691.957157][T30351] UDF-fs: Scanning with blocksize 512 failed [ 2692.022053][T30351] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [ 2692.030272][T30351] UDF-fs: Scanning with blocksize 1024 failed [ 2692.110207][T30351] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [ 2692.118115][T30351] UDF-fs: Scanning with blocksize 2048 failed [ 2692.181376][T30351] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 2692.329191][T30351] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 2692.948084][T29304] Bluetooth: hci1: command tx timeout [ 2693.142070][T30265] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2693.225926][T30367] netlink: 'syz.0.9862': attribute type 28 has an invalid length. [ 2693.245672][T30369] veth1_macvtap: left promiscuous mode [ 2693.251691][T30369] macsec0: entered allmulticast mode [ 2693.392381][T30372] veth1_macvtap: entered promiscuous mode [ 2693.398691][T30372] veth1_macvtap: entered allmulticast mode [ 2693.404804][T30372] macsec0: left allmulticast mode [ 2693.410218][T30372] veth1_macvtap: left allmulticast mode [ 2694.891631][T30395] netlink: 24 bytes leftover after parsing attributes in process `syz.1.9871'. [ 2695.546448][T30265] veth0_vlan: entered promiscuous mode [ 2695.640969][T30265] veth1_vlan: entered promiscuous mode [ 2695.896644][T30265] veth0_macvtap: entered promiscuous mode [ 2696.027293][T30265] veth1_macvtap: entered promiscuous mode [ 2696.178407][T30265] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 2696.274423][T30265] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 2696.378695][T30265] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2696.387994][T30265] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2696.401581][T30265] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2696.415121][T30265] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2697.194462][T30426] sp0: Synchronizing with TNC [ 2697.207228][T30425] [U] è [ 2697.387839][T24824] usb 2-1: new full-speed USB device number 12 using dummy_hcd [ 2697.609266][T24824] usb 2-1: config index 0 descriptor too short (expected 63524, got 36) [ 2697.620633][T24824] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xB has an invalid bInterval 48, changing to 4 [ 2697.632518][T24824] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 30768, setting to 1023 [ 2697.748831][T24824] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 2697.758982][T24824] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2697.768953][T24824] usb 2-1: Product: syz [ 2697.773383][T24824] usb 2-1: Manufacturer: syz [ 2697.779082][T24824] usb 2-1: SerialNumber: syz [ 2697.878922][T24824] usb 2-1: config 0 descriptor?? [ 2697.911151][T24824] usb 2-1: 0:0 : invalid sync pipe. bmAttributes 01, bLength 9, bSynchAddress 30 [ 2698.242931][T24824] usb 2-1: USB disconnect, device number 12 [ 2698.690877][T30443] netlink: 'syz.2.9889': attribute type 3 has an invalid length. [ 2699.264360][T30450] netlink: 80 bytes leftover after parsing attributes in process `syz.0.9891'. [ 2699.276895][T30450] nbd: must specify at least one socket [ 2699.290435][T30451] xt_socket: unknown flags 0x4 [ 2699.426685][T30455] netlink: 4 bytes leftover after parsing attributes in process `syz.8.9894'. [ 2699.446043][T30455] netlink: 173 bytes leftover after parsing attributes in process `syz.8.9894'. [ 2699.807305][T30458] loop1: detected capacity change from 0 to 8 [ 2699.954945][T30458] SQUASHFS error: Failed to read block 0x2d7: -5 [ 2699.964524][T30458] SQUASHFS error: Unable to read metadata cache entry [2d5] [ 2702.683107][T30506] netlink: 'syz.2.9914': attribute type 2 has an invalid length. [ 2702.861492][T15818] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2702.873086][T15818] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2702.992149][T15818] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2703.000551][T15818] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2703.766669][T30522] syz.8.9921: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 2703.782855][T30522] CPU: 1 UID: 0 PID: 30522 Comm: syz.8.9921 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(undef) [ 2703.783012][T30522] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 2703.783096][T30522] Call Trace: [ 2703.783146][T30522] [ 2703.783198][T30522] __dump_stack+0x26/0x30 [ 2703.783374][T30522] dump_stack_lvl+0x1df/0x270 [ 2703.783552][T30522] dump_stack+0x1e/0x25 [ 2703.783716][T30522] warn_alloc+0x470/0x690 [ 2703.783914][T30522] ? kmsan_get_metadata+0xfb/0x160 [ 2703.784122][T30522] __vmalloc_node_range_noprof+0x133/0x2360 [ 2703.784314][T30522] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 2703.784524][T30522] ? should_fail_ex+0x45/0x8a0 [ 2703.784696][T30522] ? kmsan_get_metadata+0xfb/0x160 [ 2703.784884][T30522] ? kmsan_get_metadata+0xfb/0x160 [ 2703.785073][T30522] ? kmsan_get_metadata+0xfb/0x160 [ 2703.785260][T30522] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 2703.785454][T30522] ? kmsan_get_metadata+0xfb/0x160 [ 2703.785651][T30522] vmalloc_user_noprof+0xce/0x140 [ 2703.785819][T30522] ? xskq_create+0x11d/0x290 [ 2703.785992][T30522] xskq_create+0x11d/0x290 [ 2703.786160][T30522] xsk_init_queue+0xfd/0x1d0 [ 2703.786324][T30522] xsk_setsockopt+0x873/0xc30 [ 2703.786502][T30522] do_sock_setsockopt+0x4dc/0x820 [ 2703.786666][T30522] ? __pfx_xsk_setsockopt+0x10/0x10 [ 2703.786830][T30522] __ia32_sys_setsockopt+0x2ac/0x4a0 [ 2703.787012][T30522] ia32_sys_call+0x41fa/0x42c0 [ 2703.787153][T30522] __do_fast_syscall_32+0xb0/0x150 [ 2703.787310][T30522] ? irqentry_exit_to_user_mode+0x82/0xa0 [ 2703.787465][T30522] do_fast_syscall_32+0x38/0x80 [ 2703.787615][T30522] do_SYSENTER_32+0x1f/0x30 [ 2703.787767][T30522] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 2703.787961][T30522] RIP: 0023:0xf703e539 [ 2703.788088][T30522] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 2703.788216][T30522] RSP: 002b:00000000f502e55c EFLAGS: 00000206 ORIG_RAX: 000000000000016e [ 2703.788355][T30522] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000000011b [ 2703.788454][T30522] RDX: 0000000000000006 RSI: 0000000080000000 RDI: 0000000000000004 [ 2703.788546][T30522] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 2703.788642][T30522] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 2703.788733][T30522] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2703.788854][T30522] [ 2703.803715][T30521] usb usb8: usbfs: process 30521 (syz.1.9920) did not claim interface 0 before use [ 2703.812778][T30522] Mem-Info: [ 2703.812856][T30522] active_anon:4037 inactive_anon:0 isolated_anon:0 [ 2703.812856][T30522] active_file:4186 inactive_file:41168 isolated_file:0 [ 2703.812856][T30522] unevictable:768 dirty:317 writeback:0 [ 2703.812856][T30522] slab_reclaimable:5323 slab_unreclaimable:26081 [ 2703.812856][T30522] mapped:29235 shmem:1836 pagetables:1356 [ 2703.812856][T30522] sec_pagetables:0 bounce:0 [ 2703.812856][T30522] kernel_misc_reclaimable:0 [ 2703.812856][T30522] free:359667 free_pcp:13022 free_cma:0 [ 2703.813189][T30522] Node 0 active_anon:16148kB inactive_anon:0kB active_file:16724kB inactive_file:164472kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:116940kB dirty:1268kB writeback:0kB shmem:5808kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:4832kB pagetables:4928kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 2703.813521][T30522] Node 1 active_anon:0kB inactive_anon:0kB active_file:20kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:32kB pagetables:496kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 2703.813851][T30522] Node 0 DMA free:4096kB boost:0kB min:164kB low:204kB high:244kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2703.814220][T30522] lowmem_reserve[]: 0 930 1243 1243 1243 [ 2703.814520][T30522] Node 0 DMA32 free:510092kB boost:0kB min:36868kB low:46084kB high:55300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:5108kB inactive_anon:0kB active_file:15832kB inactive_file:80708kB unevictable:0kB writepending:1220kB present:3129332kB managed:952988kB mlocked:0kB bounce:0kB free_pcp:37488kB local_pcp:15488kB free_cma:0kB [ 2703.814905][T30522] lowmem_reserve[]: 0 0 312 312 312 [ 2703.815190][T30522] Node 0 Normal free:18244kB boost:2048kB min:15052kB low:18300kB high:21548kB reserved_highatomic:0KB free_highatomic:0KB active_anon:11040kB inactive_anon:0kB active_file:892kB inactive_file:83764kB unevictable:1536kB writepending:48kB present:1048580kB managed:320456kB mlocked:0kB bounce:0kB free_pcp:14600kB local_pcp:7924kB free_cma:0kB [ 2704.289041][T30522] lowmem_reserve[]: 0 0 0 0 0 [ 2704.294416][T30522] Node 1 Normal free:906236kB boost:0kB min:40064kB low:50080kB high:60096kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:20kB inactive_file:200kB unevictable:1536kB writepending:0kB present:4194300kB managed:987204kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2704.328463][T30522] lowmem_reserve[]: 0 0 0 0 0 [ 2704.333851][T30522] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB [ 2704.347931][T30522] Node 0 DMA32: 1247*4kB (ME) 1018*8kB (UME) 906*16kB (ME) 507*32kB (UME) 299*64kB (UME) 207*128kB (UME) 119*256kB (UME) 44*512kB (UM) 43*1024kB (UM) 6*2048kB (UME) 76*4096kB (UM) = 510092kB [ 2704.369179][T30522] Node 0 Normal: 755*4kB (ME) 431*8kB (UME) 218*16kB (UM) 99*32kB (ME) 36*64kB (M) 4*128kB (ME) 5*256kB (UM) 2*512kB (UE) 0*1024kB 0*2048kB 0*4096kB = 18244kB [ 2704.389191][T30522] Node 1 Normal: 7*4kB (UME) 12*8kB (UME) 20*16kB (UE) 20*32kB (UME) 19*64kB (UME) 16*128kB (UME) 13*256kB (UME) 9*512kB (UME) 7*1024kB (UME) 9*2048kB (UME) 212*4096kB (UM) = 906236kB [ 2704.410549][T30522] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2704.423118][T30522] Node 0 hugepages_total=3 hugepages_free=3 hugepages_surp=0 hugepages_size=2048kB [ 2704.433804][T30522] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2704.445292][T30522] Node 1 hugepages_total=1 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB [ 2704.455276][T30522] 46870 total pagecache pages [ 2704.460389][T30522] 0 pages in swap cache [ 2704.464750][T30522] Free swap = 124996kB [ 2704.470741][T30522] Total swap = 124996kB [ 2704.475120][T30522] 2097051 pages RAM [ 2704.481504][T30522] 0 pages HighMem/MovableOnly [ 2704.486409][T30522] 1530865 pages reserved [ 2704.491647][T30522] 0 pages cma reserved [ 2704.906379][T30528] loop1: detected capacity change from 0 to 256 [ 2705.043443][T30530] netlink: 48 bytes leftover after parsing attributes in process `syz.5.9923'. [ 2705.981323][T30544] netlink: 8 bytes leftover after parsing attributes in process `syz.2.9931'. [ 2706.316583][T30550] loop0: detected capacity change from 0 to 256 [ 2706.339988][T30552] loop1: detected capacity change from 0 to 256 [ 2706.359252][T30551] netlink: 12 bytes leftover after parsing attributes in process `syz.8.9936'. [ 2706.403600][T30549] loop5: detected capacity change from 0 to 1024 [ 2706.415952][T30549] EXT4-fs: Ignoring removed orlov option [ 2706.425337][T30549] EXT4-fs: Ignoring removed nomblk_io_submit option [ 2706.472538][T30550] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x53fda505, utbl_chksum : 0xe619d30d) [ 2706.489380][T30550] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 2706.537660][T30552] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 2706.566580][T30550] exFAT-fs (loop0): valid_size(150994954) is greater than size(10) [ 2706.580175][T30549] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 2707.070665][T30265] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 2707.805722][T30573] netlink: 'syz.2.9944': attribute type 66 has an invalid length. [ 2708.148879][T30578] netlink: 'syz.0.9947': attribute type 30 has an invalid length. [ 2708.440730][T15913] usb 6-1: new high-speed USB device number 21 using dummy_hcd [ 2708.646548][T15913] usb 6-1: New USB device found, idVendor=0582, idProduct=008d, bcdDevice=7a.ac [ 2708.659313][T15913] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2708.667839][T15913] usb 6-1: Product: syz [ 2708.672259][T15913] usb 6-1: Manufacturer: syz [ 2708.682058][T15913] usb 6-1: SerialNumber: syz [ 2708.828239][T15913] usb 6-1: config 0 descriptor?? [ 2708.875237][T15913] usb 6-1: interface 1 not found [ 2709.100087][T24824] usb 6-1: USB disconnect, device number 21 [ 2710.329190][T30611] loop1: detected capacity change from 0 to 256 [ 2712.702950][T30644] loop0: detected capacity change from 0 to 2048 [ 2712.830770][T15913] usb 9-1: new full-speed USB device number 15 using dummy_hcd [ 2712.852606][T30644] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 2712.984074][T30644] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 281 free clusters [ 2713.014778][T30644] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 10 with max blocks 22 with error 28 [ 2713.030258][T30644] EXT4-fs (loop0): This should not happen!! Data will be lost [ 2713.030258][T30644] [ 2713.041851][T30644] EXT4-fs (loop0): Total free blocks count 0 [ 2713.048477][T30644] EXT4-fs (loop0): Free/Dirty block details [ 2713.054640][T30644] EXT4-fs (loop0): free_blocks=4096 [ 2713.060797][T30644] EXT4-fs (loop0): dirty_blocks=32 [ 2713.066155][T30644] EXT4-fs (loop0): Block reservation details [ 2713.072623][T30644] EXT4-fs (loop0): i_reserved_data_blocks=2 [ 2713.074736][T15913] usb 9-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 2713.097167][T15913] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 2713.226584][T24362] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 2713.278421][T15913] usb 9-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 2713.292821][T15913] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2713.305958][T15913] usb 9-1: Product: syz [ 2713.310525][T15913] usb 9-1: Manufacturer: syz [ 2713.315464][T15913] usb 9-1: SerialNumber: syz [ 2713.324464][T30660] loop5: detected capacity change from 0 to 64 [ 2713.873589][T15913] usb 9-1: cannot find UAC_HEADER [ 2713.980052][T15913] snd-usb-audio 9-1:1.0: probe with driver snd-usb-audio failed with error -22 [ 2714.052756][T15913] usb 9-1: USB disconnect, device number 15 [ 2714.187198][T30669] loop2: detected capacity change from 0 to 512 [ 2714.203687][T30669] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 2714.263133][T30669] EXT4-fs (loop2): 1 truncate cleaned up [ 2714.271627][T30669] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 2714.416908][T26438] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 2714.804989][T30677] netlink: 28 bytes leftover after parsing attributes in process `syz.2.9992'. [ 2716.457897][T24824] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 2716.526919][T30703] loop0: detected capacity change from 0 to 1024 [ 2716.638009][T24824] usb 2-1: Using ep0 maxpacket: 16 [ 2716.662447][T24824] usb 2-1: config 0 has an invalid interface number: 214 but max is 0 [ 2716.672955][T24824] usb 2-1: config 0 has no interface number 0 [ 2716.680052][T24824] usb 2-1: config 0 interface 214 altsetting 0 endpoint 0x83 has invalid maxpacket 1023, setting to 64 [ 2716.800096][T24824] usb 2-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5 [ 2716.809726][T24824] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2716.818467][T24824] usb 2-1: Product: syz [ 2716.824235][T24824] usb 2-1: Manufacturer: syz [ 2716.829226][T24824] usb 2-1: SerialNumber: syz [ 2716.903521][T15818] hfsplus: b-tree write err: -5, ino 4 [ 2716.940224][T24824] usb 2-1: config 0 descriptor?? [ 2717.192470][T30711] ipvlan2: entered promiscuous mode [ 2717.202538][T30713] loop2: detected capacity change from 0 to 512 [ 2717.208538][T30711] bridge0: port 3(ipvlan2) entered blocking state [ 2717.216051][T30711] bridge0: port 3(ipvlan2) entered disabled state [ 2717.225037][T30711] ipvlan2: entered allmulticast mode [ 2717.233584][T30711] bridge0: entered allmulticast mode [ 2717.241685][T30711] ipvlan2: left allmulticast mode [ 2717.246986][T30711] bridge0: left allmulticast mode [ 2717.461806][T30713] EXT4-fs (loop2): 1 orphan inode deleted [ 2717.473439][T30713] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 2717.511064][ T4090] Quota error (device loop2): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 2717.521804][ T4090] EXT4-fs error (device loop2): ext4_release_dquot:6969: comm kworker/u8:22: Failed to release dquot type 1 [ 2717.572065][T30713] ext4 filesystem being mounted at /381/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 2717.644655][T24824] usbtouchscreen 2-1:0.214: probe with driver usbtouchscreen failed with error -71 [ 2717.707907][T24824] usb 2-1: USB disconnect, device number 13 [ 2717.980680][T26438] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 2718.372478][T30730] netlink: 'syz.0.10017': attribute type 1 has an invalid length. [ 2718.381055][T30730] netlink: 160 bytes leftover after parsing attributes in process `syz.0.10017'. [ 2718.929657][T30737] loop5: detected capacity change from 0 to 256 [ 2719.747377][T30751] loop5: detected capacity change from 0 to 512 [ 2719.776630][T30751] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 2719.859214][T30751] EXT4-fs (loop5): 1 truncate cleaned up [ 2719.867797][T30751] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 2719.994238][T30751] EXT4-fs error (device loop5): ext4_get_verity_descriptor_location:298: inode #15: comm syz.5.10027: verity file has no extents [ 2720.051101][T30753] EXT4-fs error (device loop5): ext4_get_verity_descriptor_location:298: inode #15: comm syz.5.10027: verity file has no extents [ 2720.080448][T30753] EXT4-fs (loop5): Remounting filesystem read-only [ 2720.087393][T30753] fs-verity (loop5, inode 15): Error -117 getting verity descriptor size [ 2720.161352][T30751] fs-verity (loop5, inode 15): Error -117 getting verity descriptor size [ 2720.430782][T30265] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 2720.777711][T30764] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 2720.786886][T30764] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 2720.799112][T30764] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 2720.809853][T30764] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 2721.658192][T30780] loop1: detected capacity change from 0 to 256 [ 2723.782480][T15913] usb 6-1: new full-speed USB device number 22 using dummy_hcd [ 2723.995813][T15913] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 2724.006807][T15913] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 2724.021252][T15913] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 2724.031443][T15913] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5 [ 2724.115245][T15913] usb 6-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 2724.124960][T15913] usb 6-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 2724.133430][T15913] usb 6-1: Manufacturer: syz [ 2724.180776][T15913] usb 6-1: config 0 descriptor?? [ 2724.225914][T30820] loop0: detected capacity change from 0 to 512 [ 2724.278771][T30820] EXT4-fs: Ignoring removed oldalloc option [ 2724.346943][T30820] EXT4-fs error (device loop0): ext4_xattr_inode_iget:433: comm syz.0.10059: Parent and EA inode have the same ino 15 [ 2724.373987][T30820] EXT4-fs error (device loop0): ext4_xattr_inode_iget:433: comm syz.0.10059: Parent and EA inode have the same ino 15 [ 2724.383604][T30824] netlink: 8 bytes leftover after parsing attributes in process `syz.8.10060'. [ 2724.434193][T30820] EXT4-fs (loop0): 1 orphan inode deleted [ 2724.444740][T30820] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 2724.470414][ T30] audit: type=1326 audit(2000000451.700:2143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30825 comm="syz.2.10061" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f91539 code=0x7ffc0000 [ 2724.496870][ T30] audit: type=1326 audit(2000000451.700:2144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30825 comm="syz.2.10061" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f91539 code=0x7ffc0000 [ 2724.519324][ C0] vkms_vblank_simulate: vblank timer overrun [ 2724.529492][ T30] audit: type=1326 audit(2000000451.730:2145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30825 comm="syz.2.10061" exe="/root/syz-executor" sig=0 arch=40000003 syscall=356 compat=1 ip=0xf7f91539 code=0x7ffc0000 [ 2724.551856][ C0] vkms_vblank_simulate: vblank timer overrun [ 2724.567214][ T30] audit: type=1326 audit(2000000451.730:2146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30825 comm="syz.2.10061" exe="/root/syz-executor" sig=0 arch=40000003 syscall=192 compat=1 ip=0xf7f91539 code=0x7ffc0000 [ 2724.593138][ T30] audit: type=1326 audit(2000000451.790:2147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30825 comm="syz.2.10061" exe="/root/syz-executor" sig=0 arch=40000003 syscall=4 compat=1 ip=0xf7f91539 code=0x7ffc0000 [ 2724.615468][ C0] vkms_vblank_simulate: vblank timer overrun [ 2724.710473][T30826] loop2: detected capacity change from 0 to 512 [ 2724.718017][ T30] audit: type=1326 audit(2000000451.880:2148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30825 comm="syz.2.10061" exe="/root/syz-executor" sig=0 arch=40000003 syscall=91 compat=1 ip=0xf7f91539 code=0x7ffc0000 [ 2724.744211][ T30] audit: type=1326 audit(2000000451.940:2149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30825 comm="syz.2.10061" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7f91539 code=0x7ffc0000 [ 2724.766705][ C0] vkms_vblank_simulate: vblank timer overrun [ 2724.782269][ T30] audit: type=1326 audit(2000000451.940:2150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30825 comm="syz.2.10061" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f91539 code=0x7ffc0000 [ 2724.878271][T30826] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 2724.982554][ T30] audit: type=1326 audit(2000000452.040:2151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30825 comm="syz.2.10061" exe="/root/syz-executor" sig=0 arch=40000003 syscall=6 compat=1 ip=0xf7f91539 code=0x7ffc0000 [ 2725.009442][ T30] audit: type=1326 audit(2000000452.040:2152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30825 comm="syz.2.10061" exe="/root/syz-executor" sig=0 arch=40000003 syscall=6 compat=1 ip=0xf7f91539 code=0x7ffc0000 [ 2725.031644][ C0] vkms_vblank_simulate: vblank timer overrun [ 2725.043405][T15913] rc_core: IR keymap rc-hauppauge not found [ 2725.049837][T15913] Registered IR keymap rc-empty [ 2725.055499][T15913] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 2725.084968][T30826] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a843c018, mo2=0002] [ 2725.089137][T27325] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 2725.104052][T30826] System zones: 0-2, 18-18, 34-34 [ 2725.128947][T30826] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 2725.143189][T30826] ext4 filesystem being mounted at /392/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 2725.176126][T15913] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 2725.215051][T15913] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0 [ 2725.233080][T15913] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0/input25 [ 2725.352471][T15913] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 2725.385013][T15913] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 2725.415722][T15913] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 2725.444121][T15913] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 2725.482857][T15913] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 2725.510350][T26438] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 2725.532564][T15913] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 2725.561300][T15913] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 2725.667318][T15913] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 2725.703353][T15913] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 2725.730546][T15913] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 2725.754426][T30837] netlink: 28 bytes leftover after parsing attributes in process `syz.0.10063'. [ 2725.777132][T15913] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 2725.810882][T15913] mceusb 6-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 2725.820808][T15913] mceusb 6-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 2725.896111][T15913] usb 6-1: USB disconnect, device number 22 [ 2726.751055][T30850] loop2: detected capacity change from 0 to 1024 [ 2726.780536][T30850] EXT4-fs: inline encryption not supported [ 2726.786663][T30850] EXT4-fs: Ignoring removed i_version option [ 2726.853547][T30850] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 2727.084073][T30850] EXT4-fs error (device loop2): ext4_map_blocks:816: inode #3: block 1: comm syz.2.10070: lblock 1 mapped to illegal pblock 1 (length 1) [ 2727.175271][T30850] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.10070: Failed to acquire dquot type 0 [ 2727.235982][T30850] EXT4-fs error (device loop2): ext4_free_blocks:6587: comm syz.2.10070: Freeing blocks not in datazone - block = 0, count = 4096 [ 2727.309020][T30850] EXT4-fs error (device loop2): ext4_read_inode_bitmap:139: comm syz.2.10070: Invalid inode bitmap blk 0 in block_group 0 [ 2727.340691][ T4646] EXT4-fs error (device loop2): ext4_map_blocks:780: inode #3: block 1: comm kworker/u8:27: lblock 1 mapped to illegal pblock 1 (length 1) [ 2727.413153][T30850] EXT4-fs error (device loop2) in ext4_free_inode:361: Corrupt filesystem [ 2727.494258][ T4646] EXT4-fs error (device loop2): ext4_release_dquot:6969: comm kworker/u8:27: Failed to release dquot type 0 [ 2727.530960][T30850] EXT4-fs (loop2): 1 orphan inode deleted [ 2727.540013][T30850] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 2727.760054][T30850] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000. [ 2727.828609][T30862] 9pnet_fd: p9_fd_create_tcp (30862): problem binding to privport [ 2728.114975][T30866] loop5: detected capacity change from 0 to 512 [ 2728.124633][T26438] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 2728.233326][T30866] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 2728.300493][T30866] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a843c018, mo2=0002] [ 2728.332267][T30866] System zones: 0-2, 18-18, 34-34 [ 2728.393257][T30866] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 2728.406772][T30866] ext4 filesystem being mounted at /26/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 2728.575638][T30871] program syz.2.10078 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 2728.611592][T30265] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 2729.236018][T30882] loop2: detected capacity change from 0 to 512 [ 2729.364532][T30882] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 2729.378434][T30882] ext4 filesystem being mounted at /396/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 2729.596540][T30882] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 2729.697039][T30893] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 r/w. [ 2729.748280][T15913] usb 6-1: new high-speed USB device number 23 using dummy_hcd [ 2729.958287][T15913] usb 6-1: Using ep0 maxpacket: 8 [ 2729.966207][T26438] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 2730.009376][T15913] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 2730.020442][T15913] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 2730.033469][T15913] usb 6-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 2730.043419][T15913] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2730.066036][T15913] hub 6-1:1.0: bad descriptor, ignoring hub [ 2730.072686][T15913] hub 6-1:1.0: probe with driver hub failed with error -5 [ 2730.602166][T15913] usb 6-1: reset high-speed USB device number 23 using dummy_hcd [ 2730.971883][T30910] loop1: detected capacity change from 0 to 164 [ 2731.011915][T30912] loop0: detected capacity change from 0 to 64 [ 2731.149649][T15913] usb 6-1: USB disconnect, device number 23 [ 2731.191410][ T30] kauditd_printk_skb: 33 callbacks suppressed [ 2731.191491][ T30] audit: type=1800 audit(2000000458.420:2183): pid=30912 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.10096" name="file1" dev="loop0" ino=18 res=0 errno=0 [ 2732.083205][T30926] mkiss: ax0: crc mode is auto. [ 2733.726668][T30951] loop2: detected capacity change from 0 to 2048 [ 2733.737979][T30955] netlink: 'syz.1.10117': attribute type 1 has an invalid length. [ 2733.940873][T30951] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 2734.062460][T30961] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4128793 free clusters [ 2734.513855][T26438] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 2734.930097][T30974] loop0: detected capacity change from 0 to 512 [ 2734.992238][T30974] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem [ 2735.041990][T30974] EXT4-fs (loop0): invalid journal inode [ 2735.049171][T30974] EXT4-fs (loop0): can't get journal size [ 2735.138817][T30974] EXT4-fs (loop0): 1 truncate cleaned up [ 2735.148470][T30974] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 2735.183780][ T30] audit: type=1326 audit(2000000462.410:2184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30978 comm="syz.8.10129" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf703e539 code=0x0 [ 2735.249622][T30974] EXT4-fs (loop0): resizing filesystem from 256 to 1 blocks [ 2735.257364][T30974] EXT4-fs warning (device loop0): ext4_resize_fs:2042: can't shrink FS - resize aborted [ 2735.573605][T27325] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 2735.587368][T30982] loop5: detected capacity change from 0 to 4096 [ 2735.712639][T30988] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 2736.103347][T30992] loop1: detected capacity change from 0 to 1764 [ 2736.524086][T30994] loop2: detected capacity change from 0 to 1024 [ 2736.647649][T30994] hfsplus: bad catalog entry type [ 2736.913374][ T348] hfsplus: b-tree write err: -5, ino 4 [ 2737.322808][T31000] loop5: detected capacity change from 0 to 4096 [ 2737.463325][T31008] loop2: detected capacity change from 0 to 512 [ 2737.511218][T31008] EXT4-fs: Ignoring removed nomblk_io_submit option [ 2737.522759][T31008] EXT4-fs: Ignoring removed oldalloc option [ 2737.650235][T31008] EXT4-fs error (device loop2): ext4_xattr_inode_iget:433: comm syz.2.10140: Parent and EA inode have the same ino 15 [ 2737.695743][T31008] EXT4-fs (loop2): Remounting filesystem read-only [ 2737.711275][T31008] EXT4-fs warning (device loop2): ext4_evict_inode:274: xattr delete (err -30) [ 2737.721270][T31008] EXT4-fs (loop2): 1 orphan inode deleted [ 2737.732356][T31008] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 2737.913285][T31008] EXT4-fs warning (device loop2): ext4_resize_begin:82: There are errors in the filesystem, so online resizing is not allowed [ 2738.229534][T26438] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 2739.423586][T31036] netlink: 8 bytes leftover after parsing attributes in process `syz.1.10153'. [ 2739.490199][T31036] netlink: 8 bytes leftover after parsing attributes in process `syz.1.10153'. [ 2740.298986][T31049] loop5: detected capacity change from 0 to 1024 [ 2740.448448][T31049] hfsplus: bad catalog entry type [ 2740.750183][T24362] hfsplus: b-tree write err: -5, ino 4 [ 2741.930282][T31073] netlink: 16 bytes leftover after parsing attributes in process `syz.5.10171'. [ 2742.398305][T31080] binder: 31079:31080 ioctl c018620b 80000240 returned -14 [ 2742.534328][T31078] loop0: detected capacity change from 0 to 2048 [ 2742.843031][T31078] UDF-fs: warning (device loop0): udf_load_vrs: No anchor found [ 2742.851320][T31078] UDF-fs: Scanning with blocksize 512 failed [ 2743.019375][T31090] netlink: 4 bytes leftover after parsing attributes in process `syz.8.10178'. [ 2743.078902][T31091] batadv0: entered promiscuous mode [ 2743.102140][T31091] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 2743.114959][T31091] batadv0: left promiscuous mode [ 2743.193017][T31078] UDF-fs: warning (device loop0): udf_load_vrs: No anchor found [ 2743.201392][T31078] UDF-fs: Scanning with blocksize 1024 failed [ 2743.266717][T31078] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=515, location=515 [ 2743.276940][T31078] UDF-fs: warning (device loop0): udf_load_vrs: No anchor found [ 2743.287987][T31078] UDF-fs: Scanning with blocksize 2048 failed [ 2743.417160][T31095] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 2743.468129][T31078] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=259, location=259 [ 2743.532907][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 2743.578145][T31078] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=515, location=515 [ 2743.591861][T31078] UDF-fs: warning (device loop0): udf_load_vrs: No anchor found [ 2743.605538][T31078] UDF-fs: Scanning with blocksize 4096 failed [ 2743.613752][T31078] UDF-fs: warning (device loop0): udf_fill_super: No partition found (1) [ 2745.213109][T31118] loop2: detected capacity change from 0 to 512 [ 2745.247358][T31118] EXT4-fs: Ignoring removed i_version option [ 2745.408763][T31118] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 2746.131796][T26438] EXT4-fs error (device loop2): ext4_iget_extra_inode:5035: inode #15: comm syz-executor: corrupted in-inode xattr: overlapping e_value [ 2746.188626][T26438] EXT4-fs error (device loop2): ext4_iget_extra_inode:5035: inode #15: comm syz-executor: corrupted in-inode xattr: overlapping e_value [ 2746.378743][T31136] loop0: detected capacity change from 0 to 64 [ 2746.538545][ T30] audit: type=1800 audit(2000000473.750:2185): pid=31136 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.10200" name="file2" dev="loop0" ino=19 res=0 errno=0 [ 2746.787205][T26438] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 2746.821078][ T14] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2747.002819][ T14] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2747.203237][ T14] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2747.380526][ T14] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2747.765608][ T14] bridge_slave_1: left allmulticast mode [ 2747.771773][ T14] bridge_slave_1: left promiscuous mode [ 2747.778543][ T14] bridge0: port 2(bridge_slave_1) entered disabled state [ 2747.825918][ T14] bridge_slave_0: left allmulticast mode [ 2747.832225][ T14] bridge_slave_0: left promiscuous mode [ 2747.839001][ T14] bridge0: port 1(bridge_slave_0) entered disabled state [ 2747.885640][ T14] tipc: Resetting bearer [ 2748.199831][ T14] tipc: Disabling bearer [ 2748.457985][ T14] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2748.489606][ T14] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2748.519953][ T14] bond0 (unregistering): Released all slaves [ 2748.697052][ T14] tipc: Left network mode [ 2748.743560][ T14] IPVS: stopping master sync thread 28231 ... [ 2748.753208][ T14] IPVS: stopping backup sync thread 28024 ... [ 2748.914244][ T14] batman_adv: batadv0: Interface deactivated: wlan0 [ 2748.962419][ T14] batman_adv: batadv0: Removing interface: wlan0 [ 2749.137225][ T14] hsr_slave_0: left promiscuous mode [ 2749.181530][ T14] hsr_slave_1: left promiscuous mode [ 2749.190690][ T14] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 2749.198691][ T14] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 2749.225980][ T14] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 2749.235573][ T14] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 2749.279540][ T14] veth1_macvtap: left promiscuous mode [ 2749.285358][ T14] veth0_macvtap: left promiscuous mode [ 2749.287278][T31154] loop1: detected capacity change from 0 to 512 [ 2749.291492][ T14] veth1_vlan: left promiscuous mode [ 2749.303346][ T14] veth0_vlan: left promiscuous mode [ 2749.696358][T31154] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem [ 2750.025160][T31154] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8042c118, mo2=0002] [ 2750.036115][T29304] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 2750.045940][T29304] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 2750.080212][T31154] EXT4-fs error (device loop1): ext4_iget_extra_inode:5035: inode #15: comm syz.1.10210: corrupted in-inode xattr: e_value size too large [ 2750.098314][T29304] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 2750.167268][T31154] EXT4-fs error (device loop1): ext4_orphan_get:1398: comm syz.1.10210: couldn't read orphan inode 15 (err -117) [ 2750.210755][T29304] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 2750.280170][T31154] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 2750.303278][T29304] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 2750.614487][ T14] team0 (unregistering): Port device team_slave_1 removed [ 2750.640256][T31164] netlink: 8 bytes leftover after parsing attributes in process `syz.8.10214'. [ 2750.651129][T26897] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 2750.666653][ T14] team0 (unregistering): Port device team_slave_0 removed [ 2751.532466][ T14] IPVS: stop unused estimator thread 0... [ 2752.188616][T31159] chnl_net:caif_netlink_parms(): no params data found [ 2752.405695][T29304] Bluetooth: hci0: command tx timeout [ 2752.800140][T31186] loop5: detected capacity change from 0 to 4096 [ 2752.845862][T31186] ntfs3(loop5): Different NTFS sector size (4096) and media sector size (512). [ 2753.268393][T31186] ntfs3(loop5): ino=19, mi_enum_attr [ 2753.274139][T31186] ntfs3(loop5): Mark volume as dirty due to NTFS errors [ 2753.372241][T31159] bridge0: port 1(bridge_slave_0) entered blocking state [ 2753.380416][T31159] bridge0: port 1(bridge_slave_0) entered disabled state [ 2753.390451][T31159] bridge_slave_0: entered allmulticast mode [ 2753.400220][T31159] bridge_slave_0: entered promiscuous mode [ 2753.461277][T31159] bridge0: port 2(bridge_slave_1) entered blocking state [ 2753.469289][T31159] bridge0: port 2(bridge_slave_1) entered disabled state [ 2753.478609][T31159] bridge_slave_1: entered allmulticast mode [ 2753.488293][T31159] bridge_slave_1: entered promiscuous mode [ 2753.833413][T31159] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2753.834613][T31202] loop0: detected capacity change from 0 to 256 [ 2753.902533][T31202] exfat: Deprecated parameter 'utf8' [ 2753.909997][T31159] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2754.053297][T31205] netlink: 'syz.1.10230': attribute type 3 has an invalid length. [ 2754.083494][T31202] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x11bbdf60, utbl_chksum : 0xe619d30d) [ 2754.258752][T31159] team0: Port device team_slave_0 added [ 2754.286935][T31159] team0: Port device team_slave_1 added [ 2754.468285][T29304] Bluetooth: hci0: command tx timeout [ 2754.505822][T31159] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 2754.513580][T31159] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2754.542111][T31159] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 2754.618462][T31209] netlink: 8 bytes leftover after parsing attributes in process `syz.8.10232'. [ 2754.682558][T31159] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 2754.691271][T31159] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2754.719186][T31159] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 2754.888544][T31213] loop5: detected capacity change from 0 to 64 [ 2754.914264][T31211] loop1: detected capacity change from 0 to 1024 [ 2754.929550][T31213] BFS-fs: bfs_fill_super(): loop5 is unclean, continuing [ 2754.955462][T31211] hfsplus: Filesystem was not cleanly unmounted, running fsck.hfsplus is recommended. mounting read-only. [ 2755.078340][T31211] hfsplus: bad catalog entry type [ 2755.190655][T31159] hsr_slave_0: entered promiscuous mode [ 2755.201189][T31159] hsr_slave_1: entered promiscuous mode [ 2755.211543][T31159] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 2755.221252][T31159] Cannot create hsr debugfs directory [ 2755.875562][T31223] loop5: detected capacity change from 0 to 2048 [ 2755.953971][T31223] NILFS (loop5): broken superblock, retrying with spare superblock (blocksize = 1024) [ 2756.010975][T31226] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 2756.233592][T31230] loop0: detected capacity change from 0 to 256 [ 2756.411257][T31230] exFAT-fs (loop0): failed to load upcase table (idx : 0x0001034b, chksum : 0x6322ccb6, utbl_chksum : 0xe619d30d) [ 2756.548241][T29304] Bluetooth: hci0: command tx timeout [ 2756.769694][T31159] netdevsim netdevsim9 netdevsim0: renamed from eth0 [ 2756.815047][T31159] netdevsim netdevsim9 netdevsim1: renamed from eth1 [ 2756.879316][T31159] netdevsim netdevsim9 netdevsim2: renamed from eth2 [ 2756.965263][T31159] netdevsim netdevsim9 netdevsim3: renamed from eth3 [ 2757.943460][T31159] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2758.091405][T31159] 8021q: adding VLAN 0 to HW filter on device team0 [ 2758.169132][ T4038] bridge0: port 1(bridge_slave_0) entered blocking state [ 2758.176747][ T4038] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2758.345254][ T4038] bridge0: port 2(bridge_slave_1) entered blocking state [ 2758.353026][ T4038] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2758.628782][T29304] Bluetooth: hci0: command tx timeout [ 2760.409258][T31159] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2762.593588][T31159] veth0_vlan: entered promiscuous mode [ 2762.674755][T31159] veth1_vlan: entered promiscuous mode [ 2762.981251][T31159] veth0_macvtap: entered promiscuous mode [ 2763.049852][T31316] tipc: Enabling of bearer rejected, failed to enable media [ 2763.088730][T31159] veth1_macvtap: entered promiscuous mode [ 2763.236345][T31159] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 2763.286717][T31320] netlink: 12 bytes leftover after parsing attributes in process `syz.5.10279'. [ 2763.315580][T31159] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 2763.400176][T31159] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2763.411839][T31159] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2763.421492][T31159] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2763.430782][T31159] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2763.859296][T31328] random: crng reseeded on system resumption [ 2765.862883][T31356] loop5: detected capacity change from 0 to 1024 [ 2766.315037][ T4038] hfsplus: b-tree write err: -5, ino 4 [ 2766.858721][T31374] netlink: 'syz.1.10297': attribute type 27 has an invalid length. [ 2767.396677][T31382] loop5: detected capacity change from 0 to 256 [ 2767.499244][T31385] netlink: 96 bytes leftover after parsing attributes in process `syz.8.10302'. [ 2767.512313][T31385] netlink: 'syz.8.10302': attribute type 5 has an invalid length. [ 2767.523283][T31385] netlink: 44 bytes leftover after parsing attributes in process `syz.8.10302'. [ 2767.730045][T31382] FAT-fs (loop5): Directory bread(block 64) failed [ 2767.736883][T31382] FAT-fs (loop5): Directory bread(block 65) failed [ 2767.744216][T31382] FAT-fs (loop5): Directory bread(block 66) failed [ 2767.752002][T31382] FAT-fs (loop5): Directory bread(block 67) failed [ 2767.759198][T31382] FAT-fs (loop5): Directory bread(block 68) failed [ 2767.770108][T31382] FAT-fs (loop5): Directory bread(block 69) failed [ 2767.777078][T31382] FAT-fs (loop5): Directory bread(block 70) failed [ 2767.785645][T31382] FAT-fs (loop5): Directory bread(block 71) failed [ 2767.792835][T31382] FAT-fs (loop5): Directory bread(block 72) failed [ 2767.799799][T31382] FAT-fs (loop5): Directory bread(block 73) failed [ 2767.984309][T31389] netlink: 28 bytes leftover after parsing attributes in process `syz.1.10304'. [ 2768.035660][T31392] IPVS: sync thread started: state = MASTER, mcast_ifn = veth1_to_team, syncid = 4, id = 0 [ 2768.747835][T31401] loop5: detected capacity change from 0 to 64 [ 2769.115686][T31403] loop1: detected capacity change from 0 to 1024 [ 2769.153336][ T4646] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2769.161655][ T4646] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2769.329424][T31405] netlink: 4268 bytes leftover after parsing attributes in process `syz.8.10309'. [ 2769.339482][T31405] netlink: 4268 bytes leftover after parsing attributes in process `syz.8.10309'. [ 2769.367064][ T4038] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2769.375525][ T4038] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2769.926657][T31411] pim6reg: left allmulticast mode [ 2770.454245][T31420] loop1: detected capacity change from 0 to 64 [ 2770.980131][T31426] netlink: 28 bytes leftover after parsing attributes in process `syz.5.10317'. [ 2770.990799][T31426] netlink: 8 bytes leftover after parsing attributes in process `syz.5.10317'. [ 2771.902506][T31439] loop1: detected capacity change from 0 to 512 [ 2772.107275][T31439] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 2772.122561][T31439] ext4 filesystem being mounted at /411/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 2772.521891][T26897] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 2772.606574][T31447] loop9: detected capacity change from 0 to 4096 [ 2772.771403][T31454] NILFS (loop9): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 2773.154938][T31458] loop1: detected capacity change from 0 to 22 [ 2773.244213][T31458] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 2773.572570][T31462] tipc: Enabled bearer , priority 1 [ 2774.451835][T31472] loop0: detected capacity change from 0 to 64 [ 2774.688112][T24824] tipc: Node number set to 4227989505 [ 2775.686993][T31488] loop9: detected capacity change from 0 to 256 [ 2775.875797][T31488] exFAT-fs (loop9): failed to load upcase table (idx : 0x00012c80, chksum : 0x0ff561db, utbl_chksum : 0xe619d30d) [ 2776.532284][T31500] loop9: detected capacity change from 0 to 512 [ 2776.578055][T24824] usb 6-1: new high-speed USB device number 24 using dummy_hcd [ 2776.618074][T31500] EXT4-fs (loop9): 1 orphan inode deleted [ 2776.626278][T31500] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 2776.664458][T12558] Quota error (device loop9): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 2776.678835][T12558] EXT4-fs error (device loop9): ext4_release_dquot:6969: comm kworker/u8:0: Failed to release dquot type 1 [ 2776.758932][T31500] ext4 filesystem being mounted at /8/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 2776.815539][T24824] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 2776.827082][T24824] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 2776.890572][T24824] usb 6-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 2776.900791][T24824] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 2776.909983][T24824] usb 6-1: SerialNumber: syz [ 2777.052051][T31500] EXT4-fs: Project quota feature not enabled. Cannot enable project quota enforcement. [ 2777.176070][T24824] usb 6-1: 0:2 : does not exist [ 2777.266334][T24824] usb 6-1: USB disconnect, device number 24 [ 2777.324220][T31159] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 2778.826706][T31527] loop5: detected capacity change from 0 to 512 [ 2778.914321][T31527] EXT4-fs error (device loop5): ext4_orphan_get:1393: inode #15: comm syz.5.10363: iget: bad i_size value: 38620345925642 [ 2778.959675][T31527] EXT4-fs error (device loop5): ext4_orphan_get:1398: comm syz.5.10363: couldn't read orphan inode 15 (err -117) [ 2779.024517][T31527] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 2779.109406][T31527] EXT4-fs error (device loop5): empty_inline_dir:1786: inode #12: block 7: comm syz.5.10363: bad entry in directory: rec_len % 4 != 0 - offset=4, inode=4278190093, rec_len=255, size=60 fake=0 [ 2779.154520][T31527] EXT4-fs warning (device loop5): empty_inline_dir:1793: bad inline directory (dir #12) - inode 4278190093, rec_len 255, name_len 0inline size 60 [ 2779.431013][T30265] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 2780.849242][T31556] usb usb8: usbfs: process 31556 (syz.8.10376) did not claim interface 0 before use [ 2781.407913][T31559] loop9: detected capacity change from 0 to 2048 [ 2781.419840][T31559] ext2: Unknown parameter 'smackfsroot' [ 2782.196943][T31569] loop5: detected capacity change from 0 to 2048 [ 2782.421014][T31575] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 2782.766697][T31572] loop9: detected capacity change from 0 to 4096 [ 2782.808032][T31572] ntfs3(loop9): Different NTFS sector size (4096) and media sector size (512). [ 2783.076049][T31572] ntfs3(loop9): Failed to initialize $Extend/$Reparse. [ 2783.206515][T31585] tipc: Cannot configure node identity twice [ 2784.504899][T31601] loop1: detected capacity change from 0 to 1024 [ 2784.559025][T24824] usb 6-1: new high-speed USB device number 25 using dummy_hcd [ 2784.717868][T24824] usb 6-1: Using ep0 maxpacket: 8 [ 2784.745277][T24824] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 2784.756098][T24824] usb 6-1: config 0 interface 0 altsetting 252 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2784.770074][T24824] usb 6-1: config 0 interface 0 altsetting 252 endpoint 0x81 has invalid wMaxPacketSize 0 [ 2784.781074][T24824] usb 6-1: config 0 interface 0 altsetting 252 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 2784.794563][T24824] usb 6-1: config 0 interface 0 has no altsetting 0 [ 2784.801730][T24824] usb 6-1: New USB device found, idVendor=1e7d, idProduct=3232, bcdDevice= 0.00 [ 2784.812067][T24824] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2784.914020][T31607] netlink: 24 bytes leftover after parsing attributes in process `syz.8.10400'. [ 2784.967942][ T4090] hfsplus: b-tree write err: -5, ino 4 [ 2784.980164][T24824] usb 6-1: config 0 descriptor?? [ 2785.473415][T31613] loop1: detected capacity change from 0 to 256 [ 2785.475684][T24824] ryos 0003:1E7D:3232.0063: hidraw0: USB HID vff.ff Device [HID 1e7d:3232] on usb-dummy_hcd.5-1/input0 [ 2785.614171][T31613] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xb5fb52fc, utbl_chksum : 0xe619d30d) [ 2785.660101][T24824] usb 6-1: USB disconnect, device number 25 [ 2786.402845][T31628] binder: 31626:31628 ioctl c0306201 0 returned -14 [ 2788.824277][ T30] audit: type=1326 audit(2000000516.050:2186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31663 comm="syz.8.10427" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf703e539 code=0x0 [ 2788.846159][ C0] vkms_vblank_simulate: vblank timer overrun [ 2789.723125][ T30] audit: type=1326 audit(2000000516.940:2187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31672 comm="syz.0.10431" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf712e539 code=0x7ffc0000 [ 2789.745535][ C0] vkms_vblank_simulate: vblank timer overrun [ 2789.784807][T31675] sd 0:0:1:0: device reset [ 2789.810685][ T30] audit: type=1326 audit(2000000517.000:2188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31672 comm="syz.0.10431" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf712e539 code=0x7ffc0000 [ 2789.834807][ T30] audit: type=1326 audit(2000000517.000:2189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31672 comm="syz.0.10431" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf712e539 code=0x7ffc0000 [ 2789.858004][ T30] audit: type=1326 audit(2000000517.010:2190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31672 comm="syz.0.10431" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf712e539 code=0x7ffc0000 [ 2789.880283][ C0] vkms_vblank_simulate: vblank timer overrun [ 2789.891024][ T30] audit: type=1326 audit(2000000517.030:2191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31672 comm="syz.0.10431" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf712e539 code=0x7ffc0000 [ 2789.913385][ C0] vkms_vblank_simulate: vblank timer overrun [ 2789.920243][ T30] audit: type=1326 audit(2000000517.040:2192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31672 comm="syz.0.10431" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf712e539 code=0x7ffc0000 [ 2791.452835][T31699] loop1: detected capacity change from 0 to 256 [ 2791.667935][T24824] usb 10-1: new high-speed USB device number 14 using dummy_hcd [ 2791.867928][T24824] usb 10-1: Using ep0 maxpacket: 16 [ 2791.917858][T24824] usb 10-1: config 0 has an invalid interface number: 8 but max is 0 [ 2791.926273][T24824] usb 10-1: config 0 has no interface number 0 [ 2791.935114][T24824] usb 10-1: config 0 interface 8 altsetting 3 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2791.947645][T24824] usb 10-1: config 0 interface 8 altsetting 3 endpoint 0x81 has invalid wMaxPacketSize 0 [ 2791.958272][T24824] usb 10-1: config 0 interface 8 has no altsetting 0 [ 2791.965297][T24824] usb 10-1: New USB device found, idVendor=5543, idProduct=0522, bcdDevice= 0.00 [ 2791.974979][T24824] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2792.121312][T24824] usb 10-1: config 0 descriptor?? [ 2792.641181][T24824] uclogic 0003:5543:0522.0064: unknown main item tag 0x0 [ 2792.652455][T24824] uclogic 0003:5543:0522.0064: unknown main item tag 0x0 [ 2792.660756][T24824] uclogic 0003:5543:0522.0064: unknown main item tag 0x0 [ 2792.668307][T24824] uclogic 0003:5543:0522.0064: unknown main item tag 0x0 [ 2792.675701][T24824] uclogic 0003:5543:0522.0064: unknown main item tag 0x0 [ 2792.792008][T24824] uclogic 0003:5543:0522.0064: No inputs registered, leaving [ 2792.858995][T24824] uclogic 0003:5543:0522.0064: hidraw0: USB HID v0.00 Device [HID 5543:0522] on usb-dummy_hcd.9-1/input8 [ 2792.946242][T24824] usb 10-1: USB disconnect, device number 14 [ 2793.709948][T31728] loop1: detected capacity change from 0 to 64 [ 2796.194752][T31755] loop0: detected capacity change from 0 to 4096 [ 2796.267957][T31755] EXT4-fs: Ignoring removed mblk_io_submit option [ 2796.361275][T31755] EXT4-fs (loop0): Test dummy encryption mode enabled [ 2796.403974][T31765] loop9: detected capacity change from 0 to 8 [ 2796.477303][T31765] SQUASHFS error: zlib decompression failed, data probably corrupt [ 2796.488140][T31765] SQUASHFS error: Failed to read block 0x9b: -5 [ 2796.494631][T31765] SQUASHFS error: Unable to read metadata cache entry [99] [ 2796.502334][T31765] SQUASHFS error: Unable to read inode 0x127 [ 2796.579345][T31755] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 2797.032597][T27325] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 2797.486871][ T30] audit: type=1800 audit(2000000524.710:2193): pid=31782 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.10483" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0 [ 2798.018121][T31787] hub 8-0:1.0: USB hub found [ 2798.068864][T31787] hub 8-0:1.0: 1 port detected [ 2798.204916][ T30] audit: type=1326 audit(2000000525.430:2194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31788 comm="syz.0.10481" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf712e539 code=0x7ffc0000 [ 2798.227426][ C0] vkms_vblank_simulate: vblank timer overrun [ 2798.330525][ T30] audit: type=1326 audit(2000000525.550:2195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31788 comm="syz.0.10481" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf712e539 code=0x7ffc0000 [ 2798.354777][ T30] audit: type=1326 audit(2000000525.550:2196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31788 comm="syz.0.10481" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf712e539 code=0x7ffc0000 [ 2798.377263][ C0] vkms_vblank_simulate: vblank timer overrun [ 2798.387018][ T30] audit: type=1326 audit(2000000525.550:2197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31788 comm="syz.0.10481" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf712e539 code=0x7ffc0000 [ 2798.490685][T31797] loop1: detected capacity change from 0 to 256 [ 2798.512947][T31797] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 2798.524297][T31797] exFAT-fs (loop1): Medium has reported failures. Some data may be lost. [ 2798.632884][T31797] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000ff98, chksum : 0xc64c1d22, utbl_chksum : 0xe619d30d) [ 2798.948683][T31799] loop5: detected capacity change from 0 to 1024 [ 2799.074089][T31799] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 2799.087231][T31799] ext4 filesystem being mounted at /112/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 2799.180672][T31799] EXT4-fs error (device loop5): ext4_free_blocks:6587: comm syz.5.10490: Freeing blocks not in datazone - block = 0, count = 16 [ 2799.276221][T31799] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters [ 2799.615353][T30265] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 2799.828278][ C0] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 2800.035463][T31813] loop1: detected capacity change from 0 to 4096 [ 2800.059335][T31819] netlink: 8 bytes leftover after parsing attributes in process `syz.9.10499'. [ 2800.149479][T31819] netlink: 8 bytes leftover after parsing attributes in process `syz.9.10499'. [ 2800.176551][T31819] netlink: 8 bytes leftover after parsing attributes in process `syz.9.10499'. [ 2800.220362][T31819] netlink: 8 bytes leftover after parsing attributes in process `syz.9.10499'. [ 2801.374598][T31833] loop5: detected capacity change from 0 to 256 [ 2801.431676][T31833] exfat: Deprecated parameter 'utf8' [ 2801.509185][T31833] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d) [ 2801.694298][ T30] audit: type=1800 audit(2000000528.900:2198): pid=31833 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.10507" name="file1" dev="loop5" ino=1049504 res=0 errno=0 [ 2803.233108][T31860] loop1: detected capacity change from 0 to 1764 [ 2803.508755][T24824] usb 9-1: new low-speed USB device number 16 using dummy_hcd [ 2803.696060][T24824] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 2803.710275][T24824] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 2803.721209][T24824] usb 9-1: New USB device found, idVendor=258a, idProduct=0036, bcdDevice= 0.00 [ 2803.730687][T24824] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2803.784351][T24824] usb 9-1: config 0 descriptor?? [ 2804.247742][T24824] glorious 0003:258A:0036.0065: item fetching failed at offset 0/2 [ 2804.283240][T24824] glorious 0003:258A:0036.0065: probe with driver glorious failed with error -22 [ 2804.334124][T31869] loop9: detected capacity change from 0 to 4096 [ 2804.457336][T24824] usb 9-1: USB disconnect, device number 16 [ 2804.537878][T31877] NILFS (loop9): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 2804.589385][T31876] loop1: detected capacity change from 0 to 512 [ 2804.620284][T31876] EXT4-fs (loop1): Test dummy encryption mode enabled [ 2804.657861][T31876] EXT4-fs error (device loop1): __ext4_iget:5379: inode #11: block 1: comm syz.1.10526: invalid block [ 2804.678980][T31876] EXT4-fs error (device loop1): ext4_orphan_get:1398: comm syz.1.10526: couldn't read orphan inode 11 (err -117) [ 2804.723221][T31876] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 2804.983569][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 2805.194180][T26897] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 2805.399550][T31887] loop9: detected capacity change from 0 to 512 [ 2805.480016][T31887] EXT4-fs error (device loop9): ext4_orphan_get:1393: inode #15: comm syz.9.10528: iget: bad i_size value: 38620345925642 [ 2805.563754][T31887] EXT4-fs error (device loop9): ext4_orphan_get:1398: comm syz.9.10528: couldn't read orphan inode 15 (err -117) [ 2805.606761][T31894] loop1: detected capacity change from 0 to 8 [ 2805.625609][T31887] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 2805.702442][T31894] SQUASHFS error: lzo decompression failed, data probably corrupt [ 2805.710943][T31894] SQUASHFS error: Failed to read block 0x91: -5 [ 2805.717612][T31894] SQUASHFS error: Unable to read metadata cache entry [8f] [ 2805.725042][T31894] SQUASHFS error: Unable to read inode 0x11f [ 2806.040205][T31159] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 2807.031620][T25522] Bluetooth: hci1: command 0x0406 tx timeout [ 2807.252878][T31915] loop9: detected capacity change from 0 to 24 [ 2807.283766][T31915] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 2807.855824][T31919] loop0: detected capacity change from 0 to 1024 [ 2808.588932][ T4038] hfsplus: b-tree write err: -5, ino 4 [ 2808.599747][T24824] usb 9-1: new high-speed USB device number 17 using dummy_hcd [ 2808.818196][T24824] usb 9-1: Using ep0 maxpacket: 32 [ 2808.840995][T24824] usb 9-1: config 0 has an invalid interface number: 219 but max is 0 [ 2808.850323][T24824] usb 9-1: config 0 has no interface number 0 [ 2808.856697][T24824] usb 9-1: config 0 interface 219 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 2808.868163][T24824] usb 9-1: config 0 interface 219 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B [ 2808.881319][T24824] usb 9-1: config 0 interface 219 altsetting 0 endpoint 0x8B has invalid maxpacket 28739, setting to 1024 [ 2808.893380][T24824] usb 9-1: config 0 interface 219 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 2808.904015][T24824] usb 9-1: config 0 interface 219 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1023 [ 2808.914640][T24824] usb 9-1: config 0 interface 219 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 2808.987933][T24824] usb 9-1: New USB device found, idVendor=108c, idProduct=0169, bcdDevice=75.b9 [ 2808.997735][T24824] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2809.006045][T24824] usb 9-1: Product: syz [ 2809.010685][T24824] usb 9-1: Manufacturer: syz [ 2809.015528][T24824] usb 9-1: SerialNumber: syz [ 2809.026073][T24824] usb 9-1: config 0 descriptor?? [ 2809.038257][T31928] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22 [ 2809.046398][T31928] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22 [ 2809.341301][T24824] etas_es58x 9-1:0.219: Starting syz syz (Serial Number syz) [ 2809.558379][T24824] etas_es58x 9-1:0.219: could not parse product info: '424242424242' [ 2809.836691][T24824] usb 9-1: USB disconnect, device number 17 [ 2809.845958][T24824] etas_es58x 9-1:0.219: Disconnecting syz syz [ 2810.298461][ T30] audit: type=1326 audit(2000000537.380:2199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31946 comm="syz.1.10558" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fe539 code=0x7ffc0000 [ 2810.322261][ T30] audit: type=1326 audit(2000000537.380:2200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31946 comm="syz.1.10558" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fe539 code=0x7ffc0000 [ 2811.344093][T31955] loop5: detected capacity change from 0 to 1024 [ 2811.398579][T31955] EXT4-fs: Ignoring removed orlov option [ 2811.404625][T31955] EXT4-fs: Ignoring removed nomblk_io_submit option [ 2811.505781][T31955] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 2811.688748][ T30] audit: type=1800 audit(2000000538.910:2201): pid=31955 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.10559" name="file2" dev="loop5" ino=16 res=0 errno=0 [ 2811.709666][ C0] vkms_vblank_simulate: vblank timer overrun [ 2811.985596][T30265] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 2811.997639][T31969] Bluetooth: MGMT ver 1.23 [ 2813.229786][T31977] loop5: detected capacity change from 0 to 2048 [ 2813.345470][T31977] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 2813.490869][T31977] EXT4-fs error (device loop5): ext4_lookup:1787: inode #12: comm syz.5.10570: iget: bogus i_mode (4355) [ 2813.760391][T31988] loop1: detected capacity change from 0 to 512 [ 2813.801416][T30265] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 2813.817061][T31988] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 2813.875838][T31988] EXT4-fs (loop1): 1 truncate cleaned up [ 2813.884263][T31988] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 2813.921964][T31988] EXT4-fs error (device loop1): ext4_generic_delete_entry:2668: inode #2: block 13: comm syz.1.10574: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=8, size=1024 fake=0 [ 2813.960856][T31988] EXT4-fs (loop1): Remounting filesystem read-only [ 2813.967879][T31988] EXT4-fs warning (device loop1): ext4_rename_delete:3726: inode #2: comm syz.1.10574: Deleting old file: nlink 5, error=-117 [ 2814.336936][T26897] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 2814.671433][T31995] loop5: detected capacity change from 0 to 2048 [ 2814.818019][T31995] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 2815.270737][T32001] loop1: detected capacity change from 0 to 4096 [ 2815.710194][T32010] netlink: 48 bytes leftover after parsing attributes in process `syz.5.10584'. [ 2815.845744][T32013] netlink: 28 bytes leftover after parsing attributes in process `syz.8.10586'. [ 2815.855486][T32013] netlink: 28 bytes leftover after parsing attributes in process `syz.8.10586'. [ 2816.399905][T32017] loop9: detected capacity change from 0 to 512 [ 2816.439571][T32017] EXT4-fs: journaled quota format not specified [ 2816.555892][T32023] loop0: detected capacity change from 0 to 128 [ 2817.876239][T32042] loop1: detected capacity change from 0 to 2048 [ 2817.942070][T32042] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) [ 2818.037801][T32045] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 2818.097057][T32042] NILFS error (device loop1): nilfs_check_folio: size of directory #12 is not a multiple of chunk size [ 2818.112150][T32042] Remounting filesystem read-only [ 2819.119673][T32063] loop9: detected capacity change from 0 to 256 [ 2819.753056][T32073] loop5: detected capacity change from 0 to 256 [ 2820.228385][T32073] FAT-fs (loop5): Directory bread(block 64) failed [ 2820.235249][T32073] FAT-fs (loop5): Directory bread(block 65) failed [ 2820.243654][T32073] FAT-fs (loop5): Directory bread(block 66) failed [ 2820.251013][T32073] FAT-fs (loop5): Directory bread(block 67) failed [ 2820.262053][T32073] FAT-fs (loop5): Directory bread(block 68) failed [ 2820.269013][T32073] FAT-fs (loop5): Directory bread(block 69) failed [ 2820.275972][T32073] FAT-fs (loop5): Directory bread(block 70) failed [ 2820.283023][T32073] FAT-fs (loop5): Directory bread(block 71) failed [ 2820.290145][T32073] FAT-fs (loop5): Directory bread(block 72) failed [ 2820.299599][T32073] FAT-fs (loop5): Directory bread(block 73) failed [ 2821.994389][T32105] loop5: detected capacity change from 0 to 164 [ 2822.019040][T32106] netlink: 8 bytes leftover after parsing attributes in process `syz.0.10629'. [ 2822.028926][T32106] netlink: 4 bytes leftover after parsing attributes in process `syz.0.10629'. [ 2822.040852][T32106] netlink: 'syz.0.10629': attribute type 15 has an invalid length. [ 2822.058609][T32105] ISOFS: primary root directory is empty. Disabling Rock Ridge and switching to Joliet. [ 2822.409479][T31148] ip6_tunnel: ip6gretap0: Local routing loop detected! [ 2822.716769][T32113] loop0: detected capacity change from 0 to 1024 [ 2822.738903][T32116] netlink: 'syz.9.10634': attribute type 2 has an invalid length. [ 2822.827378][T32118] loop5: detected capacity change from 0 to 1024 [ 2822.928949][T31148] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 2822.979827][T12558] hfsplus: b-tree write err: -5, ino 4 [ 2823.109266][T15913] ip6_tunnel: ip6gretap0: Local routing loop detected! [ 2823.142468][T31148] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 2823.153209][T31148] usb 2-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00 [ 2823.166078][T31148] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2823.249162][ T14] hfsplus: b-tree write err: -5, ino 4 [ 2823.250774][T31148] usb 2-1: config 0 descriptor?? [ 2823.632934][T32125] loop0: detected capacity change from 0 to 1024 [ 2823.768351][T31148] lg-g15 0003:046D:C222.0066: hidraw0: USB HID v10.00 Device [HID 046d:c222] on usb-dummy_hcd.1-1/input0 [ 2823.813982][T32125] hfsplus: bad catalog entry type [ 2823.965411][T24824] usb 2-1: USB disconnect, device number 14 [ 2824.114420][ T4090] hfsplus: b-tree write err: -5, ino 4 [ 2824.352840][T32131] loop9: detected capacity change from 0 to 4096 [ 2824.418002][T32131] ntfs3(loop9): Different NTFS sector size (2048) and media sector size (512). [ 2824.851924][T32139] loop0: detected capacity change from 0 to 1024 [ 2824.990130][T32141] loop5: detected capacity change from 0 to 1024 [ 2824.999823][T32139] hfsplus: filesystem was not cleanly unmounted, running fsck.hfsplus is recommended. leaving read-only. [ 2825.228826][T32141] hfsplus: bad catalog entry type [ 2825.304845][T32143] loop1: detected capacity change from 0 to 4096 [ 2825.491257][T32146] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 2825.512412][T12558] hfsplus: b-tree write err: -5, ino 4 [ 2827.342684][T32169] loop1: detected capacity change from 0 to 512 [ 2827.385505][T32169] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 2827.509299][T32169] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 2827.526409][T32169] ext4 filesystem being mounted at /482/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 2827.952247][T26897] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 2828.030679][T32180] loop0: detected capacity change from 0 to 256 [ 2828.141789][T32180] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000e8a4, chksum : 0x7bc75166, utbl_chksum : 0xe619d30d) [ 2828.816152][T32184] loop5: detected capacity change from 0 to 4096 [ 2828.978011][T32193] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 2829.699423][T32203] netlink: 44 bytes leftover after parsing attributes in process `syz.1.10673'. [ 2829.709530][T32203] netlink: 84 bytes leftover after parsing attributes in process `syz.1.10673'. [ 2830.764246][T32222] loop9: detected capacity change from 0 to 64 [ 2830.918344][T32222] hfs: hfs: Invalid key length: 94 [ 2831.225480][T32227] loop5: detected capacity change from 0 to 1024 [ 2831.951219][T32241] (unnamed net_device) (uninitialized): (slave bond_slave_1): Device is not our slave [ 2831.961548][T32241] (unnamed net_device) (uninitialized): option active_slave: invalid value (bond_slave_1) [ 2831.977908][T32240] sctp: [Deprecated]: syz.5.10692 (pid 32240) Use of struct sctp_assoc_value in delayed_ack socket option. [ 2831.977908][T32240] Use struct sctp_sack_info instead [ 2832.617190][T32251] loop1: detected capacity change from 0 to 512 [ 2832.706163][T32251] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 2832.829122][T32251] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 2832.843382][T32251] ext4 filesystem being mounted at /490/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 2833.144438][T26897] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 2833.206111][T32260] loop5: detected capacity change from 0 to 64 [ 2833.506158][T32265] loop0: detected capacity change from 0 to 128 [ 2833.589523][T32265] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 2833.620024][T32265] ext4 filesystem being mounted at /413/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 2834.050953][T27325] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 2834.559444][T32280] loop0: detected capacity change from 0 to 1024 [ 2834.576394][T32280] ext4: Unknown parameter 'noacl' [ 2835.179479][T32290] loop5: detected capacity change from 0 to 512 [ 2835.199592][T32293] loop9: detected capacity change from 0 to 256 [ 2835.314199][T32290] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 2835.327913][T32290] ext4 filesystem being mounted at /157/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 2835.328614][T32299] netlink: 8 bytes leftover after parsing attributes in process `syz.1.10720'. [ 2835.843604][T30265] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 2836.048922][T32308] netlink: 16 bytes leftover after parsing attributes in process `syz.8.10724'. [ 2836.058543][T32308] netlink: 16 bytes leftover after parsing attributes in process `syz.8.10724'. [ 2836.757370][T32320] netlink: 'syz.8.10728': attribute type 3 has an invalid length. [ 2838.637968][T31148] usb 9-1: new high-speed USB device number 18 using dummy_hcd [ 2838.746833][T32356] netlink: 256 bytes leftover after parsing attributes in process `syz.1.10747'. [ 2838.756797][T32356] netlink: 56 bytes leftover after parsing attributes in process `syz.1.10747'. [ 2838.821305][T31148] usb 9-1: Using ep0 maxpacket: 8 [ 2838.863374][T31148] usb 9-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 2838.874294][T31148] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2838.915912][T31148] usb 9-1: config 0 descriptor?? [ 2839.061288][T32359] loop9: detected capacity change from 0 to 16 [ 2839.098219][T32359] erofs (device loop9): mounted with root inode @ nid 36. [ 2839.168424][T31148] asix 9-1:0.0 (unnamed net_device) (uninitialized): invalid hw address, using random [ 2839.592906][T31148] asix 9-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 2839.604895][T31148] asix 9-1:0.0: probe with driver asix failed with error -71 [ 2839.670824][T31148] usb 9-1: USB disconnect, device number 18 [ 2840.162562][T31148] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 2840.359051][T31148] usb 2-1: Using ep0 maxpacket: 8 [ 2840.379845][T31148] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 202, changing to 11 [ 2840.380041][T31148] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 2840.380260][T31148] usb 2-1: New USB device found, idVendor=056a, idProduct=0301, bcdDevice= 0.00 [ 2840.380420][T31148] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2840.396160][T31148] usb 2-1: config 0 descriptor?? [ 2840.895958][T31148] wacom 0003:056A:0301.0067: unbalanced delimiter at end of report description [ 2840.932123][T31148] wacom 0003:056A:0301.0067: parse failed [ 2840.938795][T31148] wacom 0003:056A:0301.0067: probe with driver wacom failed with error -22 [ 2841.111364][T31148] usb 2-1: USB disconnect, device number 15 [ 2841.290305][T32390] netlink: 4 bytes leftover after parsing attributes in process `syz.8.10764'. [ 2841.316927][T32390] netlink: 4 bytes leftover after parsing attributes in process `syz.8.10764'. [ 2841.809624][ T30] audit: type=1326 audit(2000000569.030:2202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32393 comm="syz.9.10766" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fe539 code=0x7ffc0000 [ 2841.937895][ T30] audit: type=1326 audit(2000000569.120:2203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32393 comm="syz.9.10766" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fe539 code=0x7ffc0000 [ 2841.960300][ C0] vkms_vblank_simulate: vblank timer overrun [ 2842.446972][T32409] netlink: 8 bytes leftover after parsing attributes in process `syz.8.10773'. [ 2843.818862][T32432] netlink: 4 bytes leftover after parsing attributes in process `syz.5.10784'. [ 2845.032643][T32454] loop5: detected capacity change from 0 to 22 [ 2845.088331][T32454] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 2845.937861][T32467] netlink: 8 bytes leftover after parsing attributes in process `syz.1.10800'. [ 2846.969930][T32482] loop1: detected capacity change from 0 to 47 [ 2848.355393][T32498] CUSE: unknown device info "ÿ" [ 2848.360955][T32498] CUSE: zero length info key specified [ 2848.620928][T32500] loop9: detected capacity change from 0 to 512 [ 2848.726040][T32500] EXT4-fs error (device loop9): ext4_validate_block_bitmap:441: comm syz.9.10816: bg 0: block 248: padding at end of block bitmap is not set [ 2848.787008][T32500] Quota error (device loop9): write_blk: dquota write failed [ 2848.795566][T32500] Quota error (device loop9): qtree_write_dquot: Error -117 occurred while creating quota [ 2848.807395][T32500] EXT4-fs error (device loop9): ext4_acquire_dquot:6933: comm syz.9.10816: Failed to acquire dquot type 1 [ 2848.846813][T32500] EXT4-fs (loop9): 1 truncate cleaned up [ 2848.855150][T32500] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 2848.870909][T32500] ext4 filesystem being mounted at /100/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 2848.883286][T32513] netlink: 36 bytes leftover after parsing attributes in process `syz.5.10820'. [ 2848.892956][T32513] netlink: 16 bytes leftover after parsing attributes in process `syz.5.10820'. [ 2848.902452][T32513] netlink: 36 bytes leftover after parsing attributes in process `syz.5.10820'. [ 2848.913124][T32513] netlink: 36 bytes leftover after parsing attributes in process `syz.5.10820'. [ 2849.105027][T32504] loop0: detected capacity change from 0 to 4096 [ 2849.175712][T32504] NILFS (loop0): invalid segment: Checksum error in segment payload [ 2849.184547][T32504] NILFS (loop0): trying rollback from an earlier position [ 2849.246142][T31159] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 2849.300691][T32504] NILFS (loop0): recovery complete [ 2849.338242][T32514] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 2852.676973][T32569] loop5: detected capacity change from 0 to 512 [ 2852.730401][T32569] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 2852.798095][T32569] EXT4-fs (loop5): 1 truncate cleaned up [ 2852.807282][T32569] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 2852.971536][T30265] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 2853.913218][T32588] netlink: 52 bytes leftover after parsing attributes in process `syz.0.10855'. [ 2854.888750][T32605] loop0: detected capacity change from 0 to 512 [ 2854.933285][T32605] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 2854.978132][T32605] EXT4-fs (loop0): 1 truncate cleaned up [ 2854.986364][T32605] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 2855.331545][T27325] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 2855.807785][T31148] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 2855.983030][T31148] usb 2-1: Using ep0 maxpacket: 16 [ 2856.055064][T31148] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2856.066770][T31148] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 2856.077934][T31148] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 2856.091879][T31148] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 2856.101369][T31148] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2856.172972][T31148] usb 2-1: config 0 descriptor?? [ 2856.608869][T31148] microsoft 0003:045E:07DA.0068: unknown main item tag 0x0 [ 2856.616492][T31148] microsoft 0003:045E:07DA.0068: unknown main item tag 0x0 [ 2856.624315][T31148] microsoft 0003:045E:07DA.0068: unknown main item tag 0x0 [ 2856.632385][T31148] microsoft 0003:045E:07DA.0068: unknown main item tag 0x0 [ 2856.640145][T31148] microsoft 0003:045E:07DA.0068: unknown main item tag 0x0 [ 2856.653213][T31148] microsoft 0003:045E:07DA.0068: unknown main item tag 0x0 [ 2856.662656][T31148] microsoft 0003:045E:07DA.0068: unknown main item tag 0x0 [ 2856.670429][T31148] microsoft 0003:045E:07DA.0068: unknown main item tag 0x0 [ 2856.678176][T31148] microsoft 0003:045E:07DA.0068: unknown main item tag 0x0 [ 2856.685779][T31148] microsoft 0003:045E:07DA.0068: unknown main item tag 0x0 [ 2856.694846][T31148] microsoft 0003:045E:07DA.0068: unknown main item tag 0x0 [ 2856.702937][T31148] microsoft 0003:045E:07DA.0068: unknown main item tag 0x0 [ 2856.711284][T31148] microsoft 0003:045E:07DA.0068: unknown main item tag 0x0 [ 2856.719516][T31148] microsoft 0003:045E:07DA.0068: unknown main item tag 0x0 [ 2856.727164][T31148] microsoft 0003:045E:07DA.0068: unknown main item tag 0x0 [ 2856.734899][T31148] microsoft 0003:045E:07DA.0068: unknown main item tag 0x0 [ 2856.742660][T31148] microsoft 0003:045E:07DA.0068: unbalanced collection at end of report description [ 2856.950819][T31148] microsoft 0003:045E:07DA.0068: parse failed [ 2856.963203][T31148] microsoft 0003:045E:07DA.0068: probe with driver microsoft failed with error -22 [ 2857.000200][T31148] usb 2-1: USB disconnect, device number 16 [ 2858.081871][T32646] loop1: detected capacity change from 0 to 4096 [ 2858.244752][T32654] netlink: 56 bytes leftover after parsing attributes in process `syz.5.10886'. [ 2858.596104][T32646] ntfs3(loop1): ino=22, The size of extended attributes must not exceed 64KiB [ 2859.270997][T32668] loop5: detected capacity change from 0 to 256 [ 2859.492588][T32671] syz_tun: entered promiscuous mode [ 2860.144761][T32679] netlink: 4 bytes leftover after parsing attributes in process `syz.9.10898'. [ 2860.880413][T32692] netlink: 56 bytes leftover after parsing attributes in process `syz.9.10903'. [ 2860.970501][T32694] input: syz1 as /devices/virtual/input/input27 [ 2862.267110][T32716] loop1: detected capacity change from 0 to 512 [ 2862.311491][T32716] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 2862.313558][T32715] loop9: detected capacity change from 0 to 1024 [ 2862.382077][T32715] hfsplus: unable to find HFS+ superblock [ 2862.490664][T32716] EXT4-fs (loop1): 1 truncate cleaned up [ 2862.499089][T32716] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 2862.576768][T15818] ===================================================== [ 2862.591967][T15818] BUG: KMSAN: uninit-value in n_tty_receive_buf_standard+0xafd/0x98a0 [ 2862.602608][T15818] n_tty_receive_buf_standard+0xafd/0x98a0 [ 2862.608833][T15818] n_tty_receive_buf_common+0x1a68/0x2540 [ 2862.614804][T15818] n_tty_receive_buf2+0x4c/0x60 [ 2862.620085][T15818] tty_ldisc_receive_buf+0xc6/0x2c0 [ 2862.625612][T15818] tty_port_default_receive_buf+0xd7/0x1a0 [ 2862.632822][T15818] flush_to_ldisc+0x49d/0xf00 [ 2862.638118][T15818] process_scheduled_works+0xb91/0x1d80 [ 2862.645102][T15818] worker_thread+0xedf/0x1590 [ 2862.650205][T15818] kthread+0xd5c/0xf00 [ 2862.654475][T15818] ret_from_fork+0x1e3/0x310 [ 2862.659392][T15818] ret_from_fork_asm+0x1a/0x30 [ 2862.664402][T15818] [ 2862.666858][T15818] Uninit was stored to memory at: [ 2862.672473][T15818] n_tty_receive_buf_standard+0xaf6/0x98a0 [ 2862.678629][T15818] n_tty_receive_buf_common+0x1a68/0x2540 [ 2862.684601][T15818] n_tty_receive_buf2+0x4c/0x60 [ 2862.693479][T15818] tty_ldisc_receive_buf+0xc6/0x2c0 [ 2862.700150][T15818] tty_port_default_receive_buf+0xd7/0x1a0 [ 2862.706259][T15818] flush_to_ldisc+0x49d/0xf00 [ 2862.711280][T15818] process_scheduled_works+0xb91/0x1d80 [ 2862.717093][T15818] worker_thread+0xedf/0x1590 [ 2862.722122][T15818] kthread+0xd5c/0xf00 [ 2862.726434][T15818] ret_from_fork+0x1e3/0x310 [ 2862.732923][T15818] ret_from_fork_asm+0x1a/0x30 [ 2862.738372][T15818] [ 2862.740879][T15818] Uninit was created at: [ 2862.745389][T15818] __kmalloc_noprof+0x95f/0x1310 [ 2862.750737][T15818] __tty_buffer_request_room+0x3d4/0x7a0 [ 2862.756720][T15818] __tty_insert_flip_string_flags+0x157/0x6f0 [ 2862.763337][T15818] uart_insert_char+0x368/0x930 [ 2862.768544][T15818] serial8250_read_char+0x1ba/0x670 [ 2862.774041][T15818] serial8250_handle_irq+0x930/0x1110 [ 2862.779829][T15818] serial8250_default_handle_irq+0x116/0x2b0 [ 2862.786033][T15818] serial8250_interrupt+0xc8/0x400 [ 2862.795088][T15818] __handle_irq_event_percpu+0x11c/0xbf0 [ 2862.802241][T15818] handle_irq_event+0xe0/0x2a0 [ 2862.807337][T15818] handle_edge_irq+0x31c/0xc80 [ 2862.812419][T15818] __common_interrupt+0x9f/0x220 [ 2862.817862][T15818] common_interrupt+0x94/0xb0 [ 2862.822838][T15818] asm_common_interrupt+0x2b/0x40 [ 2862.828193][T15818] [ 2862.830650][T15818] CPU: 0 UID: 0 PID: 15818 Comm: kworker/u8:2 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(undef) [ 2862.844285][T15818] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 2862.855018][T15818] Workqueue: events_unbound flush_to_ldisc [ 2862.861235][T15818] ===================================================== [ 2862.868444][T15818] Disabling lock debugging due to kernel taint [ 2862.874837][T15818] Kernel panic - not syncing: kmsan.panic set ... [ 2862.881438][T15818] CPU: 0 UID: 0 PID: 15818 Comm: kworker/u8:2 Tainted: G B 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(undef) [ 2862.895596][T15818] Tainted: [B]=BAD_PAGE [ 2862.899894][T15818] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 2862.910137][T15818] Workqueue: events_unbound flush_to_ldisc [ 2862.916153][T15818] Call Trace: [ 2862.919548][T15818] [ 2862.922598][T15818] __dump_stack+0x26/0x30 [ 2862.927138][T15818] dump_stack_lvl+0x53/0x270 [ 2862.931935][T15818] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 2862.937995][T15818] dump_stack+0x1e/0x25 [ 2862.942348][T15818] panic+0x4bd/0xd50 [ 2862.946504][T15818] kmsan_report+0x31c/0x320 [ 2862.951237][T15818] ? __msan_warning+0x1b/0x30 [ 2862.956112][T15818] ? n_tty_receive_buf_standard+0xafd/0x98a0 [ 2862.962311][T15818] ? n_tty_receive_buf_common+0x1a68/0x2540 [ 2862.968417][T15818] ? n_tty_receive_buf2+0x4c/0x60 [ 2862.973632][T15818] ? tty_ldisc_receive_buf+0xc6/0x2c0 [ 2862.979249][T15818] ? tty_port_default_receive_buf+0xd7/0x1a0 [ 2862.985418][T15818] ? flush_to_ldisc+0x49d/0xf00 [ 2862.990449][T15818] ? process_scheduled_works+0xb91/0x1d80 [ 2862.996402][T15818] ? worker_thread+0xedf/0x1590 [ 2863.001479][T15818] ? kthread+0xd5c/0xf00 [ 2863.005903][T15818] ? ret_from_fork+0x1e3/0x310 [ 2863.010846][T15818] ? ret_from_fork_asm+0x1a/0x30 [ 2863.015998][T15818] ? ret_from_fork_asm+0x1a/0x30 [ 2863.021158][T15818] ? __update_load_avg_cfs_rq+0xe9/0x1010 [ 2863.027123][T15818] ? __update_load_avg_se+0x194/0x11c0 [ 2863.032836][T15818] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 2863.038897][T15818] ? kmsan_get_metadata+0x150/0x160 [ 2863.044337][T15818] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 2863.050410][T15818] ? n_tty_receive_char+0xfae/0x1440 [ 2863.055939][T15818] ? kmsan_get_metadata+0xfb/0x160 [ 2863.061306][T15818] __msan_warning+0x1b/0x30 [ 2863.066021][T15818] n_tty_receive_buf_standard+0xafd/0x98a0 [ 2863.072084][T15818] ? kmsan_get_metadata+0xfb/0x160 [ 2863.077437][T15818] ? kmsan_get_metadata+0xfb/0x160 [ 2863.082785][T15818] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 2863.089341][T15818] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 2863.095654][T15818] n_tty_receive_buf_common+0x1a68/0x2540 [ 2863.101698][T15818] n_tty_receive_buf2+0x4c/0x60 [ 2863.106758][T15818] ? __pfx_n_tty_receive_buf2+0x10/0x10 [ 2863.112520][T15818] tty_ldisc_receive_buf+0xc6/0x2c0 [ 2863.117979][T15818] tty_port_default_receive_buf+0xd7/0x1a0 [ 2863.123995][T15818] flush_to_ldisc+0x49d/0xf00 [ 2863.128854][T15818] ? __pfx_tty_port_default_receive_buf+0x10/0x10 [ 2863.135490][T15818] ? __pfx_flush_to_ldisc+0x10/0x10 [ 2863.140874][T15818] process_scheduled_works+0xb91/0x1d80 [ 2863.146712][T15818] worker_thread+0xedf/0x1590 [ 2863.151659][T15818] kthread+0xd5c/0xf00 [ 2863.155913][T15818] ? __pfx_worker_thread+0x10/0x10 [ 2863.161272][T15818] ? __pfx_kthread+0x10/0x10 [ 2863.166045][T15818] ret_from_fork+0x1e3/0x310 [ 2863.170825][T15818] ? __pfx_kthread+0x10/0x10 [ 2863.175597][T15818] ret_from_fork_asm+0x1a/0x30 [ 2863.180615][T15818] [ 2863.184055][T15818] Kernel Offset: disabled [ 2863.188449][T15818] Rebooting in 86400 seconds..