last executing test programs: 8m38.639196518s ago: executing program 32 (id=102): r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setresuid(r1, r1, r1) r2 = socket$nl_crypto(0x10, 0x3, 0x15) sendmsg$nl_crypto(r2, &(0x7f0000001c40)={0x0, 0x0, &(0x7f0000001c00)={&(0x7f0000001ac0)=@del={0xe0, 0x11, 0x1, 0x0, 0x0, {{'morus640\x00'}}}, 0xe0}}, 0x0) 7m56.749288686s ago: executing program 33 (id=215): unshare(0x22020400) r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000900)="2600000022004701050007008980e8ff02006d20002b1f00c0e9f7094a51f10101033500b088", 0x26) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000007c0)='cpuacct.usage_sys\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0x0) recvfrom$inet6(r0, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @remote}, 0x20000000) 7m33.496423559s ago: executing program 34 (id=279): r0 = syz_open_dev$vbi(&(0x7f0000000000), 0x2, 0x2) r1 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0xffffffff, 0xffdffffe}, &(0x7f0000000000)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r1, 0x47f6, 0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f0000000080)={0xf0f041}) 5m8.923817778s ago: executing program 1 (id=606): bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000280)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = openat$kvm(0x0, &(0x7f0000000040), 0x2000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID2(r2, 0x4048aecb, &(0x7f0000000080)=ANY=[]) 5m7.795346087s ago: executing program 1 (id=611): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'michael_mic-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040)="4dc07f947163300c", 0x8) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$inet(r1, &(0x7f0000000e40)=[{{0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000100)='K', 0x1}, {&(0x7f0000000180)="e3", 0x1}, {&(0x7f0000000200)="b6db", 0x2}, {&(0x7f0000000680)="576e284ccce6a44a9d3907d5bd90fdbf6cb0e46de085e8baf03db67513e9d8", 0x1f}], 0x4}}], 0x1, 0x8000) recvmmsg(r1, &(0x7f0000004ac0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 5m7.025818449s ago: executing program 1 (id=612): mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x2000007, 0x401d031, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x1) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, &(0x7f0000000000)=0x9, 0x8, 0x0) ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000400)={&(0x7f000092b000/0x1000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x1000}) 5m5.701284281s ago: executing program 1 (id=626): syz_mount_image$udf(&(0x7f0000000a40), &(0x7f0000000100)='./file0\x00', 0x2004400, &(0x7f0000001140)=ANY=[@ANYBLOB="73686f72746164000000006d653d3030303030303030303030303030303030b030342c6e6f6164696e6963622c6869643d00", @ANYBLOB="a85f0dc3446ae0c36ba4848c770920cd9addace5c10dee3a96f810395203ae3bd777155e0b6764a2fd6da6853696460e4dc9849661ef1979cffa16b5bf59dabf336f10c3c559e5e6957f06f8cc8dc9d87dce1e2fe00f1a9e839df7923f50ee737985bd9b461e751d8f2be497d8651d589f890f61b87b83f3c7ad3ba191fa8e9a0ea1b14157305d0891f22ea0bbafcc5044e7177fcb08366d582b977b1847305408f72d19577993c4f746315483175fd218fe2194c2e6c97f561184a4f7c739d2ae93ba3016354f0d2ed26e6b810ebbbd0d1f93e7251bd3b5ed60ea3c840a2bbe7fc0", @ANYRES32], 0x1, 0xa1b, &(0x7f0000001f80)="$eJzs209sm+d9B/Dfw1dyaKdrFbdzkzbLWLQIMqUN5P9KvAH2rApt5iZGZWXzZTBlyQ4RiVIluXC6ofWwAUWAHowC62EDhlx2GLCDd9hlp2CHYcCwwdhhKFa009I1S28sNiCnTcP78qFEyXKsxbElO5+PYX/Jl7+XfP7Q5Es+fAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAiPjNL58aOZh2uhUAwP300sTXRw57/weAj5RzPv8DAAAAAAAAAAAAAMBul6KIP40Ur/64ky5U17vqZ1rtK1cnx8a33m1vihS1KKr68m/94KHDR44eOz7ay/ff/8P2RLw8ce5U4/T83MLizNLSzHRjst26OD89s+17uNv9NxuuBqAx99qV6UuXlhqHnju84earQ+888uiBoRPHXzy/v1c7OTY+PtFXMzD4gR/9Frc7w2NPFPHTSFH/7rupGRG1uPuxuMNz517bW3ViuOrE5Nh41ZHZVrO9XN6YarmqFjHUt9PJ3hjdh7m4K42Ia2XzywYPl92bWGguNqdmZxpnm4vLreXWfDvVuq0t+zMUtRhNEQsR0SluvbvBKOLfIsX33uukqYgoeuPwbHVi8J3bU7sHfdyGgbJvRcTNeADmbBd7JIp4I1J8//xIXMzjWg3b0xFfK/OpiG+UuRJxPV9P5RPkyYhfbPF84sEyEEX8Y6SYT5003Zv76nXlzCuNr7YvzffV9l5XHvj3h/tpl7821aOIqeoVv5M++MEOAAAAAAC7TxF/EyluzD2TFqJ/TbHVvtw415ya7X4r3Pvuv5H3Wl1dXR1K3WzkHMl5MufZnBdyLuS8lvN6zjdz3sj5Vs6bOVdydnJGLT9+zkbOkZwnc57NeSHnQs5rOa/nfDPnjZxv5byZcyVnJ2dY9wIAAAAAAABgl9kbRfwoUnz+r79ZnVcc1Xnpnzgx+sxXvtB/zvin73A/Ze1zEXEjtndO7mA+dTjVyj8ffr/YnnoU8e18/t8f7HRjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAHVWLIj4dKX7wRidFiohGxIXo5kqx060DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPoh6KuJ0pPj5l+vV9ZsR8ZmI+N/V8k9ErKxustMtBgAAAAAAAABukYoYiRSPPdFJQxFxdeidRx49MHTi+Ivn9xdRRCpL+utfnjh3qnF6fm5hcWZpaWa6MdluXZyfntnuw9XPtNpXrk6Ojd+TztzR3nvc/r310/MLry+2Lr+6vOXt++qnppaWF5sXt7459kYtYqR/y3DV4Mmx8arRs61mu9o11W7TwFpEY7udAQAAAAAAAOChsS8VcTRSvNo6knrrxgPdNf9f6l4r1mr//PfXfwswuyl7+n8/sJ3LabsNHa4W3huTY+PjE32bBwZvLS3blFIRfxUpPvs7j1fr4Sn2bbk2XtbtiRTHvnkk1w19tqw7uaGqPjw5Nt54ab79pVOzs/MXm8vNqdmZxsRC8+K2fzgAAAAAAAAAAPfQvlTEn0WK3x25mXrnnef1/4Hutb71/1+vltAr9bQx11Rr+x+v1va7lz9xYrQx/qu3234v1v/LNqVUxL9Gisd+7/HqfPre+v/Iptqy7r8ixb/8w5O5rranrDvY6073Hi+1ZmdGUh6rzz3bq42q9niu/eR67cGy9nOR4i+e3lg7mms/tV57qKz9o0jxP0e3rv3l9drDZe0fRorfervRq91X1p7JtQfWa5+7OD87fadhLef/byPF2Z9/JfX6fNv57/v9x7VNueaWOX//yx/W/A/1bbuW5/VHef4P3mH+/y5S/PFPnsx13bE/lG9/rPp3ff5/O1L8569srD2Wa/ev1x7cbrd2Wjn/X4wUJ374w7U+5/nPI7s+Q/3z/5mBjbn2LNmh+X+sb9tQbtfh/+dYfBQtvf6t15qzszOLLrjgggtrF3b6lYn7oXz//6dI8cKZWuodx+T3/491r60f/7337fX3/xc25Zodev/f37fthXzUMjgQUV+eWxg8EFFfev1bX2rNNS/PXJ5pjx47euT50WPHnh/c0zu2W7+07aF7KJTzfyZSvPKTf177HLPx+G/r4/99m3LNDs3/J/v7tOG4ZttD8ZFUzv/1SPGdt99d+7z5fsf/vc//z3x+Y679/9uh+f9U37bqN/4fj3i+b9ueiDi13ccCAACAh8y+vE7+J7/292vnvG/8/B9f6NX2f/9zO7vh/H8AAAAAAPio25eK+MtI8d8jX0y9c8i28/vP6U25Zod+/3egb9v0fTqvZduDDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwC6Uo4qlI8eqPO2mlKK931c+02leuTo6Nb73b3hQpalFU9eXf+sFDh48cPXZ8tJfvv/+H7Yl4eeLcqcbp+bmFxZmlpZnpxmS7dXF+embb93C3+282XA1AY+61K9OXLi01Dj13eMPNV4feeeTRA0Mnjr94fn+vdnJsfHyir2Zg8AM/+i3SbbbviSIuRYr6d99N/15E1OLux+IOz517bW/VieGqE5Nj41VHZlvN9nJ5Y6rlqlrEUN9OJ3tjdB/m4q40Iq6VzS8bPFx2b2Khudicmp1pnG0uLreWW/PtVOu2tuzPUNRiNEUsRESnuPXuBqOIqUjxvfc66e0iouiNw7MvTXx95PCd21O7B33st/qdLTcPlH0rIm7GAzBnu9gjUcTHIsX3z4/ET4vuuFbD9nTE18p8KuIbZa5EXM/XU/kEeTLiF1s8n3iwDEQRZyPFfOqk/yjy3FevK2deaXy1fWm+r7b3uvLAvz/cT7v8takeRfysesXvpJ/5/wwAAAAA8BAp4jcixY25Z1K1Pri2pthqX26ca07Ndr/W733338h7ra6urg6lbjZyjuQ8mfNszgs5F3Jey3k955s5b+R8K+fNnCs5Ozmjlh8/ZyPnSM6TOc/mvJBzIee1nNdzvpnzRs63ct7MuZKzkzN8Tw4AAAAAAADsQrUo4vFI8YM3Omm16C7wXohurljnfOj9XwAAAP//dBg+9w==") mount$bind(&(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) r0 = syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0x0) mmap$snddsp(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0x0) mmap$snddsp_control(&(0x7f0000000000/0x4000)=nil, 0x1000, 0xb, 0x8012, r0, 0x83000000) mount(0x0, &(0x7f0000000040)='./file0/../file0\x00', 0x0, 0x20, &(0x7f0000000140)='usrjquota=') 5m3.294391198s ago: executing program 1 (id=629): mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000240)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000000c0)='mmap_lock_acquire_returned\x00', r0}, 0x10) madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17) r1 = shmget$private(0x0, 0x2000, 0x800, &(0x7f0000ffd000/0x2000)=nil) shmat(r1, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffcfff) 5m2.25656157s ago: executing program 1 (id=633): close(0xffffffffffffffff) timerfd_create(0x1, 0x0) r0 = syz_io_uring_setup(0xd2, &(0x7f0000000480)={0x0, 0x3, 0x400}, &(0x7f0000000340)=0x0, &(0x7f0000000080)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f0000000240)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x3, 0x2, 0x0, 0x0, 0xe, 0x1}) io_uring_enter(r0, 0x43b3, 0xfffffffd, 0x0, 0x0, 0x0) 5m0.018729389s ago: executing program 35 (id=633): close(0xffffffffffffffff) timerfd_create(0x1, 0x0) r0 = syz_io_uring_setup(0xd2, &(0x7f0000000480)={0x0, 0x3, 0x400}, &(0x7f0000000340)=0x0, &(0x7f0000000080)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f0000000240)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x3, 0x2, 0x0, 0x0, 0xe, 0x1}) io_uring_enter(r0, 0x43b3, 0xfffffffd, 0x0, 0x0, 0x0) 4m32.591314098s ago: executing program 2 (id=685): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4) bind$inet6(r1, &(0x7f0000000140)={0xa, 0x4e22}, 0x1c) bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) 4m31.915808174s ago: executing program 2 (id=677): r0 = socket$can_bcm(0x1d, 0x2, 0x2) r1 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r1, &(0x7f0000000140), 0x10) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000340)={'vcan0\x00', 0x0}) sendmsg$can_bcm(r1, &(0x7f00000001c0)={&(0x7f0000000080)={0x1d, r2}, 0x10, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[@ANYBLOB="01000000cd0d00000200000000002000", @ANYRES64=r0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=r2, @ANYBLOB="0000000001"], 0x80}}, 0x0) sendmsg$can_bcm(r1, &(0x7f0000000300)={&(0x7f0000000000)={0x1d, r2}, 0x10, &(0x7f0000000280)={&(0x7f0000000200)=ANY=[@ANYBLOB="01000000320b00"/16, @ANYRES64=0x0, @ANYRES64=0xea60, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="0000000001"], 0x38}}, 0x0) 4m31.006566626s ago: executing program 2 (id=680): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x2, 0x0, @empty}, 0x1c) setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4) sendto$inet6(r0, &(0x7f0000000240)="c4", 0x1, 0x20000845, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @empty, 0x1}, 0x1c) setsockopt$inet6_int(r0, 0x29, 0x3c, &(0x7f0000000080)=0x5, 0x4) shutdown(r0, 0x2) 4m30.315909485s ago: executing program 2 (id=681): syz_mount_image$ext4(&(0x7f0000000040)='ext2\x00', &(0x7f0000000140)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x3, &(0x7f0000000000), 0xfc, 0x562, &(0x7f0000000780)="$eJzs3e9vG2cdAPDvOXaatIEE2IuBtFGxSe0EtZuVbRFCa5EQ7yaBBq9LlLpRVCeuYmdrogml4g9AQggm8QZe8QaJPwAJ9U+YkCax94ghUAUdSOwF7ND9cNtk9uJ2sV05n4/0+M733N33+9jOc+e7cy6AE+tsRFyJiJmIeCEiFsvplbLEflGy+T6499ZaVpJI09f/kURSTstmS8qSOVMuNlcMDpovBp3dvRurrVZzu5zc6G7ebHR29y5sbK6uN9ebW5cuLb+88srKSysXj6WdWbte/fZff/6T33zn1T987c0/X/37+R9l+S6U9b12HLfiNallr8V91YjYHkWwCZgp21OL3gMAAE+ybB//8xHxlXz/fzFm8r25wWYfGk9Gnh0AAABwHNLLC/HfJCIFAAAAplYlvwY2qdTLawEWolKp14treJ+K05VWu9P96vX2zta14lrZpahVrm+0mhfLa2qXopZkz5fvH1Eonr+Y12UlOXAN8M8W5/P6+lq7dW0SBzwAAADgBDpz6Pv/vxeL7/8AAADAlFkqh6cnnAcAAAAwOkuTTgAAAAAYucf4/j87ijwAAACAkfjua69lJe3d//raG7s7N9pvXLjW7Nyob+6s1dfa2zfr6+32eis9FbF51Ppa7fbNr8fWzq1Gt9npNjq7e1c32ztb3asbB26BDQAAAIzR5758570kIva/MZ+X6J3bnxmwgN8KwNSoDDlfmj28P9pcgPEatJkHpl/1k6td5gtTrFYMkknnAUzOUR3A3KA53hlFNgAAwCic++Kd99Lk4+f/qw+ODQBTatjz/8D0GXD+P10cdyLA2B1x/h+YYjVXAMKJd/T5/wHeyauuHB0hTY9cFwAAMFILeUkq9fJc4EJUPkwLsRS15PpGq3kxIj4bEX9arJ3Kni/nSyZ+NAAAAAAAAAAAAAAAAAAAAAAAAAAAQ0rTJNLHUH2spQAAAIBJiKj8LSnv/3Vu8fmFw8cHZpMP81sBf5Sm6Zu/fP0Xt1a73e3lbPo/8+mzEdF9u5z+4iSOYAAAAAA9vbv8F9/TaxPOBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBp9cG9t9Z6ZZxx734rIpb6xa/GXD6ci1pEnP5XEtWHlksiYuYY4u/fjoin+8VPsrRiqczicPxKRMznWYw8/jNpmvaNf+ZTR4eT7U7W/1zp9/dXibP5sP/ff7Uolz9t/MH9X+V+/zdzOH616P8+M2SML737u8ZDT3/wYPRUUV/t3//04icD+t/n+gWrfnzSD7+/tzcot/TXEef6bn+SA7Ea3c2bjc7u3oWNzdX15npz69Kl5ZdXXll5aeVi4/pGq1k+9o3x02d+/9Gg+HfPRpwu48/2cio3LEvF4JtJn24+m/R8NlIbtOYH/vfurXtfKEZrh1YRd29HnH+u//v/dD7s+/r/6j9pLt8OZPXnym1Csl+MR5Qf34h49rd/fHZg+2/PlWOP/v6fP7rpuRe+9+O/DDkrADAGnd29G6utVnN75CNvp2k63MzZXunwa04i9g9XZTtwx9yK+YgYUHUw1nz5qsawa35qYKrvz0eM6d151JHLjzJzeuqRPmzJ/hPQwBM8Mpt/ICfdMwEAAMftwd7/pDMBAAAAAAAAAAAAAAAAAACAk2sc/1fscMz9yTQVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAT/T8AAP//v2jSdw==") mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) setns(r1, 0x8020000) mount_setattr(0xffffffffffffff9c, &(0x7f0000000180)='.\x00', 0x8000, &(0x7f0000001dc0)={0xf, 0x0, 0x100000}, 0x20) 4m27.879705333s ago: executing program 2 (id=686): r0 = openat$dsp(0xffffffffffffff9c, &(0x7f00000003c0), 0x101a02, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder1\x00', 0x800, 0x0) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0)={0x20000000}) ioctl$BINDER_THREAD_EXIT(r1, 0x40046208, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 4m26.898019891s ago: executing program 2 (id=691): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000500)=ANY=[@ANYBLOB="12010000f1d566201e043c40d7cc000000010902120001000000000904"], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000780)={0x84, &(0x7f0000004000)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) 4m23.523991881s ago: executing program 36 (id=691): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000500)=ANY=[@ANYBLOB="12010000f1d566201e043c40d7cc000000010902120001000000000904"], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000780)={0x84, &(0x7f0000004000)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) 3m59.80766548s ago: executing program 8 (id=745): r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x2c240, 0x0) ioctl$LOOP_SET_STATUS(0xffffffffffffffff, 0x4c02, &(0x7f0000000140)={0x0, {}, 0x0, {}, 0x6000, 0x6, 0x4, 0x0, "cd0d05a286a8d9c7b438dd4350274fc803519e3d7d156d943d4034728428556b2b5a97d6203497d63e98ec46bc3116e3930f9b02cdc0f982e0d499db318cb04c", "e39fb4a6d3333aba8405d70d523a5a783847b8bc04869aad25d757c86a08e932", [0xd026, 0x52]}) syz_usb_connect(0x5, 0x24, &(0x7f0000000080)={{0x12, 0x1, 0x310, 0xcc, 0x10, 0xb6, 0x10, 0x13d8, 0x20, 0x1e90, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x80, 0x1, 0x0, 0x7, [{{0x9, 0x4, 0x42, 0x3, 0x0, 0xb, 0x93, 0x6b, 0x6}}]}}]}}, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0}) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c09, r0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, 0x0, 0x0) 3m57.10342322s ago: executing program 8 (id=750): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000c80)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000980)='mm_page_free\x00', r1}, 0x10) syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000040)='./file2\x00', 0x101080e, &(0x7f00000001c0)=ANY=[@ANYBLOB="756e686964652c68696465006e6f726f636b2c73657373696f6e3d3078303030303030013030303030303030312c686964652c63007b6865636b3d7374726963f4416e6f636fd689c91ceb036442a5e8b65659212a2bbc4e30952aa22edafcc01c50d9545f6d70726573534d6e6f726f636b2c6368657f12106458668eb97fd25f742c696f636861727365743d69736f383835392d31332c63727566742c7065726d6928d7997c17d1c8704a54dc34229c72656374696f2c61756469742c004b32b19ac463afda9675ef356e50e2fb3d253ba1480f27afe645fded942f5957f2992896524e7731fa148037452b21c34c9918911ac37dff04099efbbf3c69c8fb9bdcda4683151bb24329a40b273da9bce1145213686d55a96caab752943c330423edc3876e0b859d57cd6d60dc5220aa1367c24de5e66343c128db17391d25b7aa35001e68df726f9ca1e0bfab6993329f0318602f3c51a28ed0858da3e3c47e95de50cbd34e68dd8517f1b4e1eeab0000000000e7b4ea43ef9e4d817aae8e0d2e71215bc0127620b046361adbde0b60bee63e91aa28d93cd8d79802966dbfacceffe6b1d302c5515d7323f7cca3f665a6964cba6cd16ae40bc68e94ac6b40bf96a55dcefd4024a5d7a848d08bdb5d8bb89b4c1968cf6ae0fd7858fa38b738c1ee6822f2cfdb30c3941199251d603d495ab6ce2ddb8e918e72b9171aaa287f2b19755bdc92109150850d5c14ec2ac32dee0122b28fcb3e88d5096d6352799c5f13f597695adfd21e644379e6a400000000000000000000000000fa41c3f14dca4ef03fed7e6466a4e2d4503979398731ee0fc7487e0b09466d841e2d8e64ed9e0d4333e6a79acee454fdb4fff932f123000000", @ANYRES16, @ANYRESOCT], 0x1, 0x67e, &(0x7f0000001600)="$eJzs3V1v29Ydx/Ef5SfFHYJiG4IgSJOTZAUcLFMouXFgZMCqUZTNTRIFUh5sYECRNXYRRE63JAMW3xS+2BPQvYHd9WK72IsYsOu9iu1uA4rtbsBuWPCQsiVbD1btJG3y/QStKPLPc/4kFf7BSDwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACQ49Vct+yoEbQ2Ns1oXi0Km2OWZ63N6WY2cXNiv5KT/qdiURezWRe/fbj4Qvq/67qcvbusYvpS1N5bF96+963ZQm/9MQl9GZq2wafP9x7d73a3n5wgdkZTN/8qqXCCoDW/FcRh0Kyu+SaIQ7O6suLeXq/Hph40/Hgr7vhN40V+oRNGZsm7acqrq8vGL22FG621WrXh92be/V7FdVfMjxayAy2pFHvrQaMRtNZsTLo4jblrPv1pFuBXm8bsPOxuL09KMg0qnySoMimo4lYq5XKlUl65s3rnruvOHpvhphz3gI5FnPmHFl8zZ3fyBk6pkNb/fzpSQ0W1tKFNmaF/PNUUKVRzxPJcr/6/e9sf229//e9V+YvSD/LFl2Tr/5Xs3ZVR9X9ELkbGrjBsiTNi/nR/5vJWnuq59vRI99VVV9t6cgZtG5mrp23h12eSxz+SzOiINflqKVCsUIGaqto5Jp9jtKoVrcjVB1pXXbGM6grUkK9YW4rVkW8/UZ4i+aqqo1CRjJbk6aaMylrVqpZl5KukLYXaUEtrqqmq/yVJsqOHdr8vj9kK9YLKIwIW+oMqY1oaVf9/9kn2Oc3rv0v9f1Nln4OF/Cw2Lgb4Ckjy6/8pXX0x2QAAAAAAgBfBsf/67tjv7t+RlKgeNHz3VacFAAAAAADOkKNkQZflyP6kTe/I4fofAAAAAIDXjWPvsXMkLdof9TuHd0Kd5B8BZl5CigAAAAAA4JTsnf9X5qXEDlpxVc5U1/8AAAAAAOBr4Hd9Y+zP9sbYTXpf6xckxe0F56//WVA05+y3N7/j7FbTJdXdPObYLwA69UvO+XygXvsyL8m+8/zLTt5bPgjmwbiDn+9MGuvfiY4kMD/T38CIBJy055XZ/J0+1bVslWv5OPMP9gqyS7JeFutBwy95YeNeWdXq+ULH3+z88vHDX0nRwXbuPOxulz78uPvA5rKfztrfTRv9ZCCdwvCdcZjLMzvegr3nYtgWn1O91+XvW81Fx/br9rZ/RtXdQn9H4w7AYZ+/0fXsmF1fzGIX9w5G3E+3v5huf7lkD9nA1kdzzmEW5aNbPuxAjMiiaLO4kcXcWLqRvfTyS9spOMXvzkiV0vFjMJBFpT+LyfvC+e+xfTEui3xfLKdZ/C1taEQWy9NlceyIAMCrsnNYhewg5sfqbq889E5qX6ruTK7u7w9W92d/TBK7wow0m383MbaXotIz+pJj69C87Il19tKQM7qb15WiRpzR3VNUt7Svvxw+AylP+1gW/0+S5F7Z9vuHI1X1s3SFz0b2GzcqM+kuvP1s9+d2APzUR9sfbT+uVJZX3Pdc905Fc3Yz8pcZHc2U32wCAE7wjJ2JEc57upZFXHvw73ezqYGK982DnxSU9KE+VlcPdKv3CIGrw1td7PsZwq3sqlV9V63mwtv3zklHY8u6NfKqztbSvtjKQeyceqsMVurD2OUXfBQAAHi5rk+ow8Prf3Gg/t/SUhaxdGnodfdgLT/6hOBRseXJyb9/1nsDAIA3gx997ix2futEUdD+oLy6Wq521n0Thd6PTRTU1nwTtDp+5K1XW2u+aUdhJ/TChmlHWghqfmzijXY7jDqmHkamHcbBpn3yu8kf/R77zWqrE3hxu+FXY994YatTnZGpBbFn2hs/bATxuh/ZleO27wX1wKt2grBl4nAj8vySMbHv9wUGNb/VCepBOtky7ShoVqMt85OwsdH0Tc2PvShod8KsQduX1zFBqx5GTdtsScnUDzoEAOB19PT53qP73e72kzET+5ock0/MD2mQ75sBAPiKOSzXU6xUfIEJAQAAAAAAAAAAAAAAAAAAAACAY05y/99UE3PDbhaUDub84vyRtf6kYe04OuvEppkoTLtW75aIvUd/HxN87mBOb/f3x+y/tA381zekt+wcZXNmz76vc3ZvvLwD9/2dbI+OjEkXDl20cHAsZs/+r0M68fjPIxYlSZKMX31hcB/Oj9vAwYlZSU/mT3EIBk4TjJsBvIa+CAAA//9z/kFZ") 3m55.868857914s ago: executing program 8 (id=755): r0 = gettid() r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) read(r1, &(0x7f0000000240)=""/203, 0xcb) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r1, 0x4040534e, &(0x7f0000000080)={0x335, @tick=0x4}) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(r1, 0xc04c5349, &(0x7f0000000340)) tkill(r0, 0x7) 3m54.38230996s ago: executing program 8 (id=758): socket$nl_route(0x10, 0x3, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000180)='./bus\x00', 0x1400c, &(0x7f0000000840)={[{@stripe={'stripe', 0x3d, 0x3d}}, {@init_itable}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}]}, 0x3, 0x44c, &(0x7f0000000340)="$eJzs28tvG1UXAPAzdpx++dKSUMqr5REoiIpH0qQFumABCCQWRUKCBSyjJK1C3QQ1QaJVJFIWZYUQEnvEkn+BFWwQYoXEFvaoUoWyoWVlNPZMYru2m6R2XOrfT5r23Hnk3uOZa9+ZawcwsCbSf5KI/RHxe0SM1YqNO0zU/ru+sTZ3Y2NtLolK5d2/kup+f2+szeW75seN1hciiSMt6l25eOncbLm8cCErT62e/2hq5eKlFxbPz55dOLuwNHPq1MkT0y+/NPNiV/IcjUIWvfXBV2+f/qIh/6Y8umSi08anK5UuV9dfB+riZKiPDWFHihGRnq5Stf+PRTG2Tt5YvPlZXxsH9FSlUqmMtt+8XgHuYkk0lnV5GBT5B316/5svzYOAV3s3/Oi7a6/VboDSvK9nS23L0OYTg1LT/W03TUTE++v/fJMu0ZvnEAAADX5Ixz/Pp6Od5vFfIR6o2++ebG5oPCLujYiDEXFfLMWhiLg/orrvgxHx0A7rb54kuXn8U7i6q8S2KR3/vZLNbTWO//LRX4wXs9KBav6l5MxieeF49poci9K+tDzdoY4f3/jty3bb6sd/6ZLWn48Fs3ZcHdrXeMz87Ors7eRc79rliMNDrfJPNmcCkoh4OCIO77KOxWe/e6Tdtlvn30EX5pkq30Y8Uzv/69GUfy7pPD859b8oLxyfyq+Km/3y65V32tV/W/l3QXr+/9/y+t/Mfzypn69d2XkdV/74vO09zW6v/+HkvWo8nK37ZHZ19cJ0xHByutbo+vUzW8fm5Xz/NP9jR1v3/4Ox9UociYj0In40Ih6LiMeztj8REU9GxNEO+f/8+lMfNq8b2Xb+vZXmP7+j878VDEfzmtZB8dxP3zdUOr4VZvnf6Hz+T1ajY9ma7bz/baddu7uaAQAA4L+nEBH7IylMbsaFwuRk7Tv8hyIK5eWV1efOLH+8NF/7jcB4lAr5k66xuueh09ltfa18OSJqXy3It5+IQvW58dfFkWp5cm65PN/v5GHAjbbp/6k/i/1uHdBzfq8Fg0v/h8Gl/8Pg2ln/39ezdgB7r0X/H+lHO4C91+rz/9M+tAPYe03937QfDBDP/2Bw6f8wuPR/GEgrI3HrH8l3DPK/tMvD79ogSndEM3oWROGOaIagR0F/35cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC65d8AAAD//9S+3I8=") syz_mount_image$fuse(0x0, &(0x7f0000001040)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c}) r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0) linkat(r0, &(0x7f0000000180)='./file1\x00', r0, &(0x7f00000001c0)='./file3\x00', 0x0) 3m52.328321124s ago: executing program 8 (id=760): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18090000002300810000000000000000850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) openat(0xffffffffffffffff, 0x0, 0x1, 0x10c) r1 = socket$inet(0x2, 0x3, 0x6) ioctl$sock_inet_SIOCSARP(r1, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @dev}, {0x1, @local}, 0x4a, {0x2, 0x0, @dev}}) ioctl$sock_inet_SIOCSARP(r1, 0x8953, &(0x7f0000000000)={{0x2, 0x0, @dev}, {0x0, @random="db0b8c3bf344"}, 0x4a, {0x2, 0x4e21, @private=0xa010100}, 'syz_tun\x00'}) 3m51.061535044s ago: executing program 8 (id=763): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./bus\x00', 0x200000, &(0x7f0000000180), 0xfc, 0x57c, &(0x7f00000013c0)="$eJzs3U1rG9caAOB3xnbifNxrB0K4t4tiyKIpaaTY7kcKXaTL0oYG2n0qbMUEy1Gw5BC7gSaLZtNNCYVSGijtvvsuQ/9Af0WgDYQSTLvoxmXkkaPEki078kei54Gxz5kZ+ZxXM+/xGY2EAuhbY9mPNOL/EfF1EjHSsm0w8o1jq/stP745lS1JrKx88mcSSb6uuX+S/z6SV/4XEb9+GXE6Xd9ubXFptlSplOfzejGSa8Xa4tKZK3OlmfJM+erE5OS5tyYn3n3n7Z7F+vrFv7/7+P4H5746ufztzw+P3U3ifBzNt7XG8RxutVbGYix/Tobi/DM7jvegsf0k2esOsC0DeZ4PRTYGjMRAnvVtrYzsZteAHfZFltZAn0rkP/Sp5jygeW3fo+vgF8aj91cvgNbHP7j62kgMN66NDi8nT10ZZde7oz1oP2vjlz/u3c2W6N3rEACbunU7Is4ODq4f/5J8/Nu+s13s82wbxj/YPfez+c8b7eY/6dr8J9rMf460yd3t2Dz/04c9aKajbP73Xtv579pNq9GBvPafxpxvKLl8pVLOxrb/RsSpGDqY1Te4n/NZuvxgpdPG1vlftmTtN+eCeT8eDh58+jHTpXrpuYJu8eh2xCtt57/J2vFP2hz/7Pm42GUbJ8r3Xu20bfP4d9bKjxGvtT3+T+5oZaVifa7T/cli43woNs+K9f66c+K3Tu3vdfzZ8T+8cfyjSev92trW2/hh+J9yp23bPf8PJJ82ygfydTdK9fr8eMSB5KP16yeePLZZb+6fxX/q5MbjX7vz/1CW2F3Gf+f4ndZdh7cW/87K4p/e0vHfeuHBh59/36n97o7/m43SqXxNN+Nftx18nucOAAAAAAAA9ps0Io5GkhbWymlaKKy+v+N4HE4r1Vr99OXqwtXpaHxWdjSG0uad7pGW90OM5++HbdYnnqlPRsSxiPhm4FCjXpiqVqb3OngAAAAAAAAAAAAAAAAAAADYJ45EDLf7/H/m94G97h2w4zb4ym/gJdc5//MtvfimJ2Bfas3/g3vYD2D3mf9D/+oi/9Pd6Aew+/z/h/4l/6F/yX/oX/If+tdW8v+nCzvYEQAAAAAAAAAAAAAAAAAAAAAAAAAAAHg5XLxwIVtWlh/fnMrq09cXF2ar189Ml2uzhbmFqcJUdf5aYaZanamUC1PVuc3+XqVavTY+EQs3ivVyrV6sLS5dmqsuXK1fujJXmilfKg/tSlQAAAAAAAAAAAAAAAAAAADwYqktLs2WKpXyvILCtgqD+6MbnQppfqLvl/68MIU9HpgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoMW/AQAA//+LGzah") r0 = open(&(0x7f0000000040)='./bus\x00', 0x46b42, 0xb8) r1 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$binfmt_elf64(r1, &(0x7f0000000140)=ANY=[], 0xfd14) writev(r0, &(0x7f0000000300)=[{&(0x7f0000000380)='q', 0x1}], 0x1) lseek(r1, 0x1001, 0x4) 3m49.842267629s ago: executing program 37 (id=763): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./bus\x00', 0x200000, &(0x7f0000000180), 0xfc, 0x57c, &(0x7f00000013c0)="$eJzs3U1rG9caAOB3xnbifNxrB0K4t4tiyKIpaaTY7kcKXaTL0oYG2n0qbMUEy1Gw5BC7gSaLZtNNCYVSGijtvvsuQ/9Af0WgDYQSTLvoxmXkkaPEki078kei54Gxz5kZ+ZxXM+/xGY2EAuhbY9mPNOL/EfF1EjHSsm0w8o1jq/stP745lS1JrKx88mcSSb6uuX+S/z6SV/4XEb9+GXE6Xd9ubXFptlSplOfzejGSa8Xa4tKZK3OlmfJM+erE5OS5tyYn3n3n7Z7F+vrFv7/7+P4H5746ufztzw+P3U3ifBzNt7XG8RxutVbGYix/Tobi/DM7jvegsf0k2esOsC0DeZ4PRTYGjMRAnvVtrYzsZteAHfZFltZAn0rkP/Sp5jygeW3fo+vgF8aj91cvgNbHP7j62kgMN66NDi8nT10ZZde7oz1oP2vjlz/u3c2W6N3rEACbunU7Is4ODq4f/5J8/Nu+s13s82wbxj/YPfez+c8b7eY/6dr8J9rMf460yd3t2Dz/04c9aKajbP73Xtv579pNq9GBvPafxpxvKLl8pVLOxrb/RsSpGDqY1Te4n/NZuvxgpdPG1vlftmTtN+eCeT8eDh58+jHTpXrpuYJu8eh2xCtt57/J2vFP2hz/7Pm42GUbJ8r3Xu20bfP4d9bKjxGvtT3+T+5oZaVifa7T/cli43woNs+K9f66c+K3Tu3vdfzZ8T+8cfyjSev92trW2/hh+J9yp23bPf8PJJ82ygfydTdK9fr8eMSB5KP16yeePLZZb+6fxX/q5MbjX7vz/1CW2F3Gf+f4ndZdh7cW/87K4p/e0vHfeuHBh59/36n97o7/m43SqXxNN+Nftx18nucOAAAAAAAA9ps0Io5GkhbWymlaKKy+v+N4HE4r1Vr99OXqwtXpaHxWdjSG0uad7pGW90OM5++HbdYnnqlPRsSxiPhm4FCjXpiqVqb3OngAAAAAAAAAAAAAAAAAAADYJ45EDLf7/H/m94G97h2w4zb4ym/gJdc5//MtvfimJ2Bfas3/g3vYD2D3mf9D/+oi/9Pd6Aew+/z/h/4l/6F/yX/oX/If+tdW8v+nCzvYEQAAAAAAAAAAAAAAAAAAAAAAAAAAAHg5XLxwIVtWlh/fnMrq09cXF2ar189Ml2uzhbmFqcJUdf5aYaZanamUC1PVuc3+XqVavTY+EQs3ivVyrV6sLS5dmqsuXK1fujJXmilfKg/tSlQAAAAAAAAAAAAAAAAAAADwYqktLs2WKpXyvILCtgqD+6MbnQppfqLvl/68MIU9HpgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoMW/AQAA//+LGzah") r0 = open(&(0x7f0000000040)='./bus\x00', 0x46b42, 0xb8) r1 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$binfmt_elf64(r1, &(0x7f0000000140)=ANY=[], 0xfd14) writev(r0, &(0x7f0000000300)=[{&(0x7f0000000380)='q', 0x1}], 0x1) lseek(r1, 0x1001, 0x4) 3m6.945964221s ago: executing program 0 (id=274): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x10, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000018", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = syz_io_uring_setup(0xd1, &(0x7f0000000480)={0x0, 0x0, 0x400, 0x0, 0x2d2}, &(0x7f0000000000)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_READV=@pass_iovec={0x1, 0x8, 0x4007, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r0, 0x47ba, 0x0, 0x0, 0x0, 0x0) 2m29.267287736s ago: executing program 0 (id=274): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x10, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000018", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = syz_io_uring_setup(0xd1, &(0x7f0000000480)={0x0, 0x0, 0x400, 0x0, 0x2d2}, &(0x7f0000000000)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_READV=@pass_iovec={0x1, 0x8, 0x4007, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r0, 0x47ba, 0x0, 0x0, 0x0, 0x0) 2m9.577856364s ago: executing program 9 (id=1002): r0 = gettid() r1 = signalfd4(0xffffffffffffffff, &(0x7f0000000140)={[0xfffffffffffffff5]}, 0x8, 0x0) readv(r1, &(0x7f0000002940)=[{&(0x7f00000000c0)=""/121, 0x80}, {0x0}], 0x10000000000000fb) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1, 0x10012, r2, 0x0) tkill(r0, 0x7) 2m8.219677632s ago: executing program 9 (id=1004): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) timer_create(0x3, 0x0, &(0x7f0000000100)=0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) timer_gettime(r0, &(0x7f0000000080)) 2m7.533479098s ago: executing program 9 (id=1006): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x404, &(0x7f00000005c0)={[{@resgid}, {@resuid}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x68}}, {@jqfmt_vfsv0}, {@grpid}, {@init_itable_val={'init_itable', 0x3d, 0x6}}]}, 0x3, 0x42f, &(0x7f0000000940)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+Ninib4qjQ4bXO/hkpdLh6rrrQF066etiQ9iUUq2bRn+1/w9EKVZP3kC8+mlXGwdsq0qlUnmg/eGlCvA/lkS3WwB0R/FFn81/i22Hhh53hRsv1SZAWdy38q12pC/SvEx/0/y2k4Yj4szSP19lW2zPfQgAgAbfZ+OfZ1uN/9Kovy90b76GMhgR90XEwYg4FRGHIuL+iGrZByPioU3W37xIsnb8k17fUmAblI3/XszXthrHf8XoLwZLee5ANf7+5OxseeZ4/p6MRP/uLD++Th0/vPLbF+2O1Y//si2rvxgL5u243re78TXTkwuTdxJzvRufRAz1tYo/WVkJSCLicEQMbbGO2ae/Odru2O3jX0cH1pkqX0c8VTv/S9EUfyFZf31y7J4ozxwfK66KtX759eqb7eq/o/g7IDv/e1te/yvxDyb167Xzm6/j6h+ft53TbPX635W83bDvw8mFhUvjEbuS12uNrt8/0VRuYrV8Fv/Isdb9/2CsvhNHIiK7iB+OiEci4tG87Y9FxOMRcWyd+H96+Yn3th7/9srin97U+V9N7IrmPa0TpfM/ftdQ6eBm4s/O/8lqaiTfs5HPv420a2tXMwAAAPz3pBGxP5J0dCWdpqOjtd/wH4q9aXlufuGZs3MfXJyuPSMwGP1pcadroO5+6Hg+rS/yE035E/l94y9Le6r50am58nS3g4cet69N/8/8Wep264Bt53kt6F36P/Qu/R96l/4PvatF/9/TjXYAO6/V9//HXWgHsPOa+r9lP+gh5v/Qu/R/6F36P/Sk+T1x+4fkJSTWJCK9K5ohsU2Jbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMa/AQAA//9QOObV") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r0, &(0x7f00000006c0)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r0, 0x0) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) write(r1, &(0x7f00000000c0)=' ', 0x1) 2m6.137297548s ago: executing program 9 (id=1009): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x404, &(0x7f0000000280)={[{@nogrpid}, {@jqfmt_vfsv0}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x68}}, {@debug}, {@nombcache}, {@quota}, {@nolazytime}]}, 0x3, 0x42f, &(0x7f0000000940)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+Ninib4qjQ4bXO/hkpdLh6rrrQF066etiQ9iUUq2bRn+1/w9EKVZP3kC8+mlXGwdsq0qlUnmg/eGlCvA/lkS3WwB0R/FFn81/i22Hhh53hRsv1SZAWdy38q12pC/SvEx/0/y2k4Yj4szSP19lW2zPfQgAgAbfZ+OfZ1uN/9Kovy90b76GMhgR90XEwYg4FRGHIuL+iGrZByPioU3W37xIsnb8k17fUmAblI3/XszXthrHf8XoLwZLee5ANf7+5OxseeZ4/p6MRP/uLD++Th0/vPLbF+2O1Y//si2rvxgL5u243re78TXTkwuTdxJzvRufRAz1tYo/WVkJSCLicEQMbbGO2ae/Odru2O3jX0cH1pkqX0c8VTv/S9EUfyFZf31y7J4ozxwfK66KtX759eqb7eq/o/g7IDv/e1te/yvxDyb167Xzm6/j6h+ft53TbPX635W83bDvw8mFhUvjEbuS12uNrt8/0VRuYrV8Fv/Isdb9/2CsvhNHIiK7iB+OiEci4tG87Y9FxOMRcWyd+H96+Yn3th7/9srin97U+V9N7IrmPa0TpfM/ftdQ6eBm4s/O/8lqaiTfs5HPv420a2tXMwAAAPz3pBGxP5J0dCWdpqOjtd/wH4q9aXlufuGZs3MfXJyuPSMwGP1pcadroO5+6Hg+rS/yE035E/l94y9Le6r50am58nS3g4cet69N/8/8Wep264Bt53kt6F36P/Qu/R96l/4PvatF/9/TjXYAO6/V9//HXWgHsPOa+r9lP+gh5v/Qu/R/6F36P/Sk+T1x+4fkJSTWJCK9K5ohsU2Jbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMa/AQAA//9QOObV") creat(&(0x7f0000000000)='./bus\x00', 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, "ef359f413bb90900f7d6a4ae6dddfbd11000000000000000000ff8ee09e737ff0edf110ff4117639c2eb8f18d2b8f6277dd41905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61ffcf33524bbd9bffbcc2542ded71038232d71e14efbac003000000852f2036dc783800000000e9b49600", "f28359738e229a4c66810000000000f300e6d902000000000000000000000001"}) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) 2m4.421048636s ago: executing program 9 (id=1012): r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000140)=0x200000000) write$vhost_msg_v2(r0, &(0x7f0000000980)={0x2, 0x0, {0x0, 0xfffffe95, 0x0, 0x0, 0x2}}, 0x48) write$vhost_msg_v2(r0, &(0x7f0000002080)={0x2, 0x0, {&(0x7f0000000bc0)=""/148, 0x94, 0x0, 0x0, 0x2}}, 0x48) write$vhost_msg_v2(r0, &(0x7f0000000200)={0x2, 0x0, {&(0x7f0000000a00)=""/220, 0xdc, 0x0, 0x2, 0x2}}, 0x48) write$vhost_msg_v2(r0, &(0x7f00000003c0)={0x2, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3}}, 0x48) 2m1.345648978s ago: executing program 9 (id=1018): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000900)={0x26, 'hash\x00', 0x0, 0x0, 'michael_mic-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040)="4dc07f947163300c", 0x8) r1 = accept4(r0, 0x0, 0x0, 0x80000) sendmsg$kcm(r1, &(0x7f0000002b00)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000700)="9e39cded", 0x4}], 0x1}, 0x20008040) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_GET(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0}, 0x1, 0x0, 0x0, 0x24040041}, 0x80) 1m59.426103267s ago: executing program 38 (id=1018): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000900)={0x26, 'hash\x00', 0x0, 0x0, 'michael_mic-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040)="4dc07f947163300c", 0x8) r1 = accept4(r0, 0x0, 0x0, 0x80000) sendmsg$kcm(r1, &(0x7f0000002b00)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000700)="9e39cded", 0x4}], 0x1}, 0x20008040) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_GET(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0}, 0x1, 0x0, 0x0, 0x24040041}, 0x80) 1m50.153376165s ago: executing program 0 (id=274): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x10, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000018", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = syz_io_uring_setup(0xd1, &(0x7f0000000480)={0x0, 0x0, 0x400, 0x0, 0x2d2}, &(0x7f0000000000)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_READV=@pass_iovec={0x1, 0x8, 0x4007, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r0, 0x47ba, 0x0, 0x0, 0x0, 0x0) 1m39.661248123s ago: executing program 6 (id=1065): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @dev}, 0x2}}, 0x2e) r2 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_SESSION_DELETE(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)={0x1c, r2, 0x1, 0x1070bd2c, 0x4, {0x5}, [@L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}]}, 0x1c}}, 0x20) 1m39.002243789s ago: executing program 6 (id=1068): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000001140)={{0x12, 0x1, 0x0, 0xbd, 0xf7, 0x13, 0x8, 0x2770, 0x930c, 0x8d6a, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x2a, 0xc5, 0x98}}]}}]}}, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000003c0)={0x44, &(0x7f00000004c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) 1m35.076174297s ago: executing program 6 (id=1073): unshare(0x2040400) r0 = fsopen(&(0x7f0000000040)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) fsmount(r0, 0x0, 0x0) socket$inet_udp(0x2, 0x2, 0x0) fsmount(r0, 0x1, 0xa) 1m34.297313208s ago: executing program 6 (id=1074): syz_mount_image$fuse(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000040)='devtmpfs\x00', 0x0, 0x0) chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00') r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0) pivot_root(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000080)='./file0/../file0\x00') 1m33.818129342s ago: executing program 6 (id=1076): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="12010000000000406c256d0000000000000109022400010000000009040000010300000009210000000122050009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000540)={0x2c, &(0x7f0000000200)={0x0, 0x0, 0x5, {0x5, 0x0, "a8c6df"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000002c0)={0x24, 0x0, &(0x7f0000000380)={0x0, 0x3, 0x2, @string={0x2}}, 0x0, 0x0}, 0x0) syz_usb_control_io(r0, &(0x7f0000001780)={0x2c, 0x0, &(0x7f00000014c0)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x44c}}, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000000)={0x24, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="00031200000012033f"], 0x0, 0x0}, 0x0) 1m32.537444182s ago: executing program 6 (id=1079): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$bind(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0) chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00') r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0) pivot_root(&(0x7f0000000040)='./file0/../file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 1m30.105251594s ago: executing program 39 (id=1079): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$bind(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0) chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00') r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0) pivot_root(&(0x7f0000000040)='./file0/../file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 1m11.133249691s ago: executing program 0 (id=274): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x10, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000018", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = syz_io_uring_setup(0xd1, &(0x7f0000000480)={0x0, 0x0, 0x400, 0x0, 0x2d2}, &(0x7f0000000000)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_READV=@pass_iovec={0x1, 0x8, 0x4007, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r0, 0x47ba, 0x0, 0x0, 0x0, 0x0) 39.137883537s ago: executing program 0 (id=274): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x10, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000018", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = syz_io_uring_setup(0xd1, &(0x7f0000000480)={0x0, 0x0, 0x400, 0x0, 0x2d2}, &(0x7f0000000000)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_READV=@pass_iovec={0x1, 0x8, 0x4007, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r0, 0x47ba, 0x0, 0x0, 0x0, 0x0) 10.865630321s ago: executing program 5 (id=1274): r0 = socket$unix(0x1, 0x1, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000100)={'vcan0\x00', 0x0}) r2 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r2, &(0x7f0000000200)={0x1d, r1}, 0x10) sendmsg$can_bcm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB="010000000002a6d24000000000000000", @ANYRES64, @ANYRES64=0x0, @ANYRES64=0x77359400, @ANYRES64=0x0, @ANYBLOB="0000000001"], 0x48}}, 0x0) sendmsg$can_bcm(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x2, 0xffffff7f, 0x0, {}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "4fc66204f06af2f076fc9da946b31f2b8afcf335a470196a966d2ace5532dc5c6697382149a0e76d8ddfe7e63d710380fb6f867959b117a0ddde2eff989347a4"}}, 0x80}}, 0x0) 10.54094135s ago: executing program 5 (id=1275): madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17) r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x280}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) ioctl$UFFDIO_WRITEPROTECT(r0, 0xc018aa06, &(0x7f00000000c0)={{&(0x7f000040a000/0x800000)=nil, 0x800000}, 0x1}) madvise(&(0x7f00003c1000/0x1000)=nil, 0xdfc3efff, 0x19) 9.983412164s ago: executing program 7 (id=1276): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="0207a20802"], 0x10}}, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={0xffffffffffffffff, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8, 0x8, 0x0, 0x0}}, 0x10) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000480)={{{@in=@private=0xa010100, @in6=@remote, 0x0, 0x0, 0x4e24, 0x0, 0x2}, {0x0, 0xfffffffffffffffe, 0xfffffffe, 0xfffffffffffffffe, 0x4000000000000000}, {0xfffffffffffffffc, 0x0, 0x0, 0xffffffffe}, 0x40000, 0x0, 0x1}, {{@in=@private, 0x0, 0x3c}, 0xa, @in6=@private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x4, 0x0, 0x0, 0x0, 0xfffffffc, 0x1001}}, 0xe8) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}, 0x1c) 9.910591711s ago: executing program 4 (id=1277): r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) close(r0) syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = socket$phonet_pipe(0x23, 0x5, 0x2) listen(r1, 0x0) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x8000, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 9.907604807s ago: executing program 0 (id=274): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x10, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000018", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = syz_io_uring_setup(0xd1, &(0x7f0000000480)={0x0, 0x0, 0x400, 0x0, 0x2d2}, &(0x7f0000000000)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_READV=@pass_iovec={0x1, 0x8, 0x4007, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r0, 0x47ba, 0x0, 0x0, 0x0, 0x0) 7.444503688s ago: executing program 4 (id=1279): r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r0) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) r1 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) wait4(r1, 0x0, 0x8, 0x0) syz_open_procfs(r1, &(0x7f0000000680)='net/arp\x00') 7.44051301s ago: executing program 7 (id=1280): r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000240)={0xa, 0x4e20, 0x0, @rand_addr, 0x2}, 0x1c) listen(r0, 0x101) r1 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r1, &(0x7f0000e5c000)={0x2, 0x4e20, @dev}, 0x10) dup2(r1, r0) 7.349761433s ago: executing program 5 (id=1288): r0 = socket$inet6(0xa, 0x1, 0x84) sendto$inet6(r0, &(0x7f0000000140)='(', 0x1, 0x0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r1 = syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0xfad6}, &(0x7f0000000240)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r1, 0x47f6, 0x0, 0x0, 0x0, 0x0) 5.350064141s ago: executing program 3 (id=1281): r0 = socket(0x10, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000002140)={'wlan1\x00', 0x0}) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r1) sendmsg$NL80211_CMD_DEL_STATION(r1, &(0x7f0000002240)={0x0, 0x0, &(0x7f0000002200)={&(0x7f0000000400)={0x28, r3, 0xa29, 0x70bd29, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MAC={0xa}]}, 0x28}}, 0x0) 5.08813445s ago: executing program 7 (id=1282): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_GUEST_DEBUG(r2, 0x4048ae9b, &(0x7f0000000040)={0xe0003, 0x0, [0x3, 0x4, 0x100000000, 0x0, 0xfffffffffffffffb, 0xb, 0xfffffffffffffffd, 0x8000005]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 4.806280721s ago: executing program 5 (id=1283): unshare(0x60400) r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r1 = socket(0x15, 0x5, 0x0) recvmsg$can_raw(r1, &(0x7f0000000c40)={0x0, 0x0, 0x0}, 0x2) 4.65149154s ago: executing program 3 (id=1284): r0 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) mmap(&(0x7f00009ff000/0x600000)=nil, 0x600000, 0x0, 0x11, r0, 0x0) sendto$inet6(r0, 0x0, 0x0, 0xfffffeffffff7ffe, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000001400)=[{{0x0, 0x0, &(0x7f0000001280)=[{&(0x7f0000000240)="784e8532bc51d9778e4bbb81e255693d2832f3802728ed763aacf318e80e1b19cf30c5f4214185052aab22dea830553c6db324352d6edce6927f9e747f08a659c1365f8b318c734936b24ccb80c8b9892cf2d5f5e6f9bd14951b8dac37e3c51873f21eb6a3d5b0f6852ef05a094926bd00f74ab5d68f2dbec3a6471ec5517ea7973b0eadd203e9d651881048bf4102cc30729aae5c8a1b3a4223a29d92aa550723d99f6596f26bfc66e02de540c397a62d50bb060246300520caddf20ae6701bac03fe94aec0bb32b8ee92dd974bb54ea2ccc2959f4f07e91cb2f22e8e16b11cee681e1f909bc6edfd7d05f7c914a76c9c99879bc728e358d8fcd7e3767117482364ed76b0bd26fca5cc821dfcc0320e2da567cf8e266adcfa020bdc376bb0e3a3cc9725682a957265884a6705f12b04414779837b8fe1ac5457fc005d8609efe3a00007d08ac5a9c7442bbd775f9d7ff490b3fb820e2f4e64c31cfa2101de770ad8d0903c2cf7f907fccfadad58b54d3e76d855ccc9e69fa067578ef929d153e148f0e611a40fe480ee02c2c6880a3ebf78f949e53ffef9aab25fb2816e2933f480d6d60a91c045b70211934ace2695a867eb88d29b2253174baaa56ce64db43e4f5cc822d371c92fd49dec3ac483d904343b3549e529cac2b8be9532f073d7e7c742cf7fa09b030b36671b397e03b9aca2dea714e57b7b429bd064b3c5406b960dfceba3b624c67490309875a87a93250a9113c7e051c506ecb935ed7beef8b644e7725c473250b4b88c78a33c7329ae801e09fed0a408a4e7af19c2fe674b1a56da16c8aad062b00dc84ea79442cfca1645ee35e9bc22ce3199862506cb15cd79c2704c5b86bd992045fe4f8b3e07a9fe59f7b829a232a5fa15b8bcc971857e036afa9651cf114ac34600be4f663f07067e1e55ed8aa1641f6381cb6ce2cb751f032bd6588835acf67ddf7a3af75526ca75bdcfc7a5566044af497610e79987c61d8e5d8292a88107a5b4ee93a34eac880433585092356f76f2633db86b1a1412e10d3932bb7a52d3007dd635bda34a82769e5a9bdade27aed4f9c68f8527924b07749980e1e15c708010274a6c6ebc5213fe31d3bc459051823b7ee6c32797239e40d4821209b498c95080a2ca90c479da86c164304e02a7e71b8f55586292cc9fafa4c5bda285a9de792d6a6a03e5a1f2a13eac02a95f87f13fbfbedc6533b78cf5ac5ce562ef504f95465814f9bb35495196b73780c0a5fc7c6a006ee2d34123c1224d9c08baf0611ba9e7ceb3ccf887e58a78fe236947c4a486c83e49e0070d4fa81a9652e690dcdae169ebd65c281a863905a7ecf9c8f19fe059b2022ef75ab1e9c7c1ad532ff25da12c5e250f601ce95844223310d9959fddc0e684979c6f15d7673512237239b9eb48f72a930e5cc64c382c662db18581eb0069b2242058812f1ae092e139411fc8ec242e8f7dd4da10bcd3f92c0715edf775ffaabd181a36d2a39ceb192e3ebdff02c0c75bd259e725fd4cd5c2722efc41f37ab25706485a265d683c8569c3209a930e05047074b3941f41003d550d923e6dd50110e18d965763727739902067e73a520270c5cb53d6fd22ec4ea8853d113451cb3da2a7a698c807ec394c1da0b9de2a1d62f24a2292c65640ef6a0924191133e80aa60e4f8f5adbae3131956b38c997085f25f54338653d65847f1602e1ad7eb9501f9867e1bfc2410c3fc6402a1f605c0088ef13db8cf967a868e7ae2713b1dc297a5ab33b27566df656d954ee44ffed8a15bac40262099a3287f40425cd146c4a9639321fd46dd85dab9000bce3558f7c99de2849d57041d79082b82faf85abf5ac0c325ca3645500d2bb04809ac3ab33c24b738765d80c610c917b756a1cd4da3ce0921ae1789ea8c3f00532fe97c435cda5a2f5013b90ea596389af1fbba1510ce50d3476019d70be6634ddabdc925324e0bf6914a803c9bccb9f4daa61e9250e05a0d6e906d68418f906dfdcc416441828680bc9160a932168adf51240bce901a1eee84f69dce9cee3378f8414188afc484cfb92043b352271552a152ecac0ec1ba19f1dc72db5d4155d5bf6a63aee9a702f1e194082e609bb30419901349d244a11617795b4580a849196f5c67ed4b060e42b394bbfb4bbfa601d2c8ddff5986563df99b5f02a0f61d56d11a47095651d7337c7c167a04e4a71596fe58486d74bc8ef0a82c370c9ed24e58ed5950b119664767fd6742e967199c4671f5b48a2d723dabc77fc7f9ac57cc36d95b0e336032ccb4647a5502e44db059bb0bce58e4ed4bdd6931cc92c782c75d44d4a1f25e6f6ca076f2ea586ac5daadc5599aa6e5bb26206ffc1310779cba10d72bdbb7ef62b9d22bec948b2153afa5a8e1c1d8d724fc673069c74564102400417452c5eb5350e2a50a732f76122a5648525fa1793a0af6e0a3dcb568a598f7c179e908b40f19fc10a16d53b112692adc1e4dc954009f726057acf04a9740f6bb66327e746dcd7b8b8851e622f9da2c9ddd124e300f03f07e77cf04a263329b435ed04eadb9dc91cfe396f41114283eccbf58f2dccfe32f908cea6678f7490bacbe60c75eb2754e9722b2c58771537966bfe1066c4d28bcceccdca07eb60ddc355aa710266da85e456aa83739fea4ad7dadf461c682201391fa550e12e01be5a2a2c55c3b697aa2e176aad4be5a8dbfb8043f72c5743992e5c7000608a2cf86d88885bf6e1e2173b1361cec282ef35bde24cf99c11110c16c1678c38b74738911ec3eac23067500103f0f5d7dff122fca66852126ce9ac10c7c065992b3fcd81f7d94adad6fcb45872d3fa97f5d704f1653dad962c16daa6978e2fcf41f10257c306fc05fe4cd20e30989b37b19e874f27a065c8d62f2b4194a1540199be22b7e267ce6d2ffc8243421d9f629f5048587ff5d91f8c7bbb9049b40d859e6d382926ba8f005deb18727cefd76198d00d92ef680b56864c9eea9dca35b0e90d0afe1440af704bf00bd68ca088c568088d6aa34a42d66645743ad481b9e5490cfcee486f456490a0e9c3a0bff49b528871a4dfb104a18ba6a22df288349b6fca36b1908c548e90cec26fa28a0772fa4e9418c8d02a3319bc9e8f3892fc933f465ccb6ec683fdc9dd5854bb1295d114bde2e84d04513897ed3ee41ecc1d6d0354c57046c58e390836f11b3e6d4712f7d61b221aa147a58c3903b319a3da746296e576ae21bca4c1c939986fe04145093c4b9173e1936e54c4bfd9aaa4efdd39f2a39e9554fe1bfee4597ce8c798b6233e22a8dcdc7e610ddf6a8c810e7429bb2fcd60f7108119112b3cc5a71fef1fac311afa0d034fd00954111ded4cf381d6a73cc4f6165052325e04566fbb2c644e8bd7e7cf3923af608af8f3537deaaef891bdc258a8341e742f62727444c2cb28ccf8c7e3d79d1162c29af2914627830fe3433c8beb27efc8e08f14581ee0acb0a761a2b0a1f219601c9bae3c6d92f2d3d712e9c239d2910e9ea0f539bc069b7e8a1e36abb4e3ec20ca1677fa0cf3c4d2d3180d15a3c808d0421b564fcb180316df4f46b33df1e57ca2644d8b3fcdd13fef43a3ab76982887a4751615e7665d639854c8c3a8bdceb6cee0fb00fb19f98c42cd6a555da3c4d6a5c6c3ca9f7ccece5bee4907e8676a05aaf4213d4e60c4f5f0bf1a8126b6555ec137dc5f7ca56901bf21329da5a6ad30ebd1d454d7ee3110ae881cdc6342b68883a5205ef763645cdf26815e9f99f8c4bcc5227142ba4e9da752abe3ce3a11f2df8aff40ea3db731c8c1992fc0ab2681c9613861f61f8173d7fafd7a3516e169a8c0541d7632a59641ad3c67ca2cde8dcfcababaa676e25f113d0a6bf3274fc532fafb6042b633051039d682d87477f3a14fa77a7966a6f019738c0a8eb737eea7464d4477f7be1a4553ae736f0dde836688cd4d90e0d207cb82b33f1207d893b1c720d3070c73d6a9b1e52634aea9117ba6a3c063c28e46a687ab0e239b0d95cc2eb76f2b1b6fa6963bb11489e490e70d7f2394cb350f952170a0f6c6338e8460579a1013d9bbc9cc438f617551803af00700e636d0545a4a6877698441b5961cf86d5c40fbbf95775d13dbb50de6a565bd98c3fc8db86278de0bdada8860917ae00345191f96cdffb43216705048851b9bb9cca1e14d394bd9ecd6f567cb16a17592535b0322d143e14f0f982262d5ea7f6790e16c49f6e8740c40be3ae70bf21e5691a175b0060e72c8025f46a439732b8cb8239a5e6823846838f54cb939beca1ca0425c3e43027b3526fc1ffe5e71b72a908002e2e5090e343e87c82cbf2f162f2fef4081c4212b9e4eed4f746a85859f33bcca464667b850851c6e6aafacf930c2f70e777133c651c1851ea8015a9f01cf7c41bf37af677dcd6ad9b0a8eb235f73db7f72007b9d12044451725c559f47deb4bf5054f154e805788a39e69754a054aff979122800365765843cce90a93a3bc6955963594e02da9f7fad62743419870c04751fcd7d8800fc17d6c1566fd1c35f9b464d235d7569f2d0cceeee1c5adbff3e87f3e67bc4beaa4a3fb948b2241b315d0d2a2060bdb2514eaae67a0add5ff446c8291c69d3acd9b7ffa4d01490994bf0135759ba56973d703883c4736c76f5dacb2629bdb429e41bce829bf72b13c0c3d0163efff66b3cde89a61ec6d4a0c3269924934575ff6a6656fc89e9d0d5a5d2a093022b9791763c14a76581e5e1e9f0cf56803e3a29fa93610cff5473a9299dff90e5bfd0e078bc0c4f48a7e379c63b5b048a5ddaeddb495c1631b871f053ad863e832fdc250c1de5242375734feb2895f905d77a1cb3219bb48c3a1403173e401f99d30e5af3731a08fc47186657353cef9e0a628cbf2f67bbe297c9e5bc1b99968f6d744e338a9b3618f180e49d1b641290b2beeaba720abdf6ef0391ab5499d15b5ee5480060e05bb1b50e6516f1f28588343c73c037f410a413cddaecaca940072844ad343a497984d45aa9b8e2be120b8bd0c6e786f5541e7d400d58431417001694a990af3270f82e4a8717e29514f78d0f8e8d9fb373268656b60c0c1c81999f86343a5271481bdf7b724b55d8ae05cb2ef6d81a7688d2f13a087b4759f3dae8762f76b4cd1fd61cf5b50667e1010c1ae5cd00761b7e077238647ba9206513bf9c62b507088c2d60e76030d572a86a217eca7480886aa9c3a93019316ffcb1555d978a1ed048adbdfd0b128eb073e5eb9593789b7474a8fe1695a7176deb561cd8cd656fd852df410aa4642f1c1534a272b9a0a6e6f1d660d035a4ed6f566678b83775f359a1119643b28b2466c1d192b54bcd3c2e7104ecf1d5fa70544bd38a0edbf26e9a6844bd9adade62cc76be8f2840c50afb9fe95698b945fe2fe17080f4c296b474e47179583f4cdf36fb93c4d53ff4d0697a221d497ce4240db574b53f60dd38862e7e04e64bfdd53639ea6c4b60ec39f7425dab78c7635fac31685b626b67119e3afb3e682fe3476e82b18f115b4b45366816012fb579d67e1f01028622ab891d3a44db13fb8b15ceb4aa88be06c80b049176fd368d32d06975d402b3f4078828edeb8ea49220e888ef3aec7f572aec2ad09c216626a9121f9533b6cb0e5084ebbc1c8b77ddd0021cf749310ab316c285090b50315e51eb6ea04411c77ed685ca0a674aafbb5d39e7752de1956b5811a8e6dc259a5bf1cc43ff94e0eca9bee7452bb81d52480b3760f3563617cd0a5a297cff0da357f678f95ce433de5cca614114916a3b35d4a911c0", 0xffb}], 0x1}}, {{0x0, 0x0, &(0x7f00000013c0)=[{&(0x7f00000012c0)="88d837ee8b", 0x5}], 0x1}}], 0x2, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000006480)={&(0x7f0000b9a000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffdb8, 0x0, 0x0, 0xfffffffffffffed8}, &(0x7f00000064c0)=0x40) 4.101474498s ago: executing program 7 (id=1285): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) r2 = dup3(r1, r0, 0x0) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x3000) ftruncate(0xffffffffffffffff, 0x8002007ffb) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x44, 0x0, &(0x7f0000000fc0)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 4.049933733s ago: executing program 4 (id=1286): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000820000000000000000850000007b00000095"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000280)='netlink_extack\x00', r1}, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan1\x00'}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCBRDELBR(r2, 0x89a2, &(0x7f0000000000)='bridge0\x00') 3.471675981s ago: executing program 5 (id=1287): r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000200)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f00000003c0)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000180)={&(0x7f00000000c0)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_SETPLANE(r0, 0xc03064b7, &(0x7f0000000040)={r4, r2, r3, 0x2000000, 0xffffffff, 0x80000001, 0xddffffff, 0x0, 0x4000000, 0xd, 0x20000}) 3.326910516s ago: executing program 7 (id=1289): syz_mount_image$hfs(&(0x7f0000000180), &(0x7f0000000680)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x3200080, &(0x7f0000000340)=ANY=[@ANYRES16=0x0, @ANYRES8, @ANYRESDEC=0x0, @ANYRES64], 0x11, 0x2cc, &(0x7f0000000d40)="$eJzs3U1rE0Ecx/HfbNI2taFua0XwWC3oRWq9iJcUyYsQD6I2EYqholZQL63iSUTv3n0LXnwBghfFN+DNky8gnlZmdvKwyW42lnbT0O8HLJPdmZ3/dB9m/gG7AnBi3az/+nTtt/1npJJK0tsbUiCpIpUlndW5yrOd3e3dVrMx4jjtyLGtjOKWZqjS1k4zrW1FvoUX2k9lVfu34WhEUbQ5fKJw0ri7P0Ugzfm70+2vFB7ZaK8O2G7/kOOYNqattp5rcdJxAAAmy8//gZ/nq379HgTSmp/2j+X8P75k5O2JxVGUaOTevvnfZVmRsef3tNvVy/dcZmD3B50scZyeZwY+zyq+shILTJOXVbpYgvkH263mla1HrUag16p5fdVW3M9GfOl25ES7mpKbjjDG2E36inLBjWHGjmEjI/4zB+zxwMw388PcMaE+qtFd/5UjY0+TO1PhwJmK41/PPqIbZWhryT82arVakKiy5Do573vwckZZSc9I1LmilpT8giDMi9O1Wh5oFY/uamajL1VfsK025xOtNjqfMvpaSfRlR9O9mrOjPGrmvbllVvVHn1XvW/8HNr41jbwze3eNWYsfqO43Ho9nNr27sjtmODRz7Ot2Nbml+1ucywr97+hnGgbsSZrP2PdO93Vdi09fvHxYarWaT2zhXkrhcbW7ZeaNlFpnwgXt97bMKf4icqhyZ1IqMrDLh3pA+/zIrWzvskIGeCyvhKIK9e/FXkiTKBT4nMLE9E56btWvhQSEorl1V5z/9eUr626xZ3+EI9bpuQsyf8TIrrG7GVAl0X7ZlU79V26wkJ3BjZtzXbgkXRy/x9DHOR2ivZwKpq6fusv3/wAAAAAAAAAAAAAAAAAAANOmiP9OMOkxAgAAAAAAAAAAAAAAAAAAAAAw7brv/1Xn/b8a7/2/g3/5uxS/4eVQ3v/7YUe8/xc4ev8CAAD//zOsiI4=") r0 = open(&(0x7f0000000080)='./file1\x00', 0x10b942, 0x0) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r2, 0x0) fchown(r0, r2, 0x0) 2.845196819s ago: executing program 4 (id=1290): mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x200000a, 0x5d031, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000cab000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4}) ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000000)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000199000/0x800000)=nil, 0x800000}) 2.779140192s ago: executing program 5 (id=1291): r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x4801}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)) ioctl$SIOCSIFHWADDR(r1, 0x8943, &(0x7f0000002280)={'syzkaller0\x00', @random="01ffffffc300"}) 2.594889264s ago: executing program 3 (id=1292): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000e40)={0xffffffffffffffff}) r1 = io_uring_setup(0x291c, &(0x7f0000000140)={0x0, 0x0, 0x1, 0x0, 0x1}) dup3(r0, r1, 0x0) prctl$PR_SET_TIMERSLACK(0x1d, 0xffffffffffffffe1) futex(&(0x7f000000cffc)=0x100000000000004, 0x0, 0x4, &(0x7f0000edfff0)={0x0, 0x989680}, 0x0, 0x0) futex(&(0x7f000000cffc), 0x1, 0x0, 0x0, 0x0, 0x0) 1.969735002s ago: executing program 7 (id=1293): syz_mount_image$exfat(&(0x7f0000001500), &(0x7f0000000200)='./file1\x00', 0x10000, &(0x7f0000000100)=ANY=[], 0x1, 0x14fe, &(0x7f0000001580)="$eJzs3QuYjtX6MPB1r7UexjTxNslhWPe6H940WCZJckiSQ5IkSZJTQtIkSUJiyCkJSchxkhyGkBwmJo3z+ZBz0mRLkiSnnML6rqndtve//b/s/e39//y/Pffvutb1rvtaz72etd6beZ/nuebwQ9fhtZrUrt6IiMS/BH57SRFCxAghBgkh8gkhAiFE+fjy8dnjeRSk/GsnYf9ej6Zd6xWwa4nrn7Nx/XM2rn/OxvXP2bj+ORvXP2fj+udsXH/GcrKtMwvfwC3ntn/9+X/Mby/8/P//Q/z5n7Nx/f/TnM7zzxzN9f9Pctl7/89lcP1zNq5/zsb1z9m4/jkb1z9n4/ozlpNd6+fP3K5tu9b//hhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOM5Qzn/BVaCPF7/1qvizHGGGOMMcYYY/8+Pve1XgFjjDHGGGOMMcb+54GQQgktApFL5BYxIo+IFdeJOHG9yCvyiYi4QcSLG0V+cZMoIAqKQqKwSBBFRFFhBAorSISimCguouJmUULcIhJFSVFKlBZOlBFJ4lZRVtwmyonbRXlxh6gg7hQVRSVRWVQRd4mq4m5RTdwjqot7RQ1RU9QStcV9oo64X9QVD4h64kFRXzwkGoiHRUPxiGgkHhWNxWOiiXhcNBVPiGaiuWghWopW/1f5r4ie4lXRS/QWKaKP6CteE/1EfzFADBSDxOtisHhDDBFviqFimBgu3hIjxNtipHhHjBKjxRjxrhgrxonxYoKYKCaJVPGemCzeF1PEB2KqmCamixkiTcwUs8SHYraYI+aKj8Q88bGYLxaIhWKRSBefiMViicgQn4ql4jORKZaJ5WKFWClWidVijVgr1on1YoPYKDaJzWKL2Co+F9vEdrFD7BS7xG6xR3wh9oovxT7xlcgSX/+T+Wf/S343ECBAggQNGnJBLoiBGIiFWIiDOMgLeSECEYiHeMgP+aEAFIBCUAgSIAGKQlFAQCAgKAbFIApRKAElIBESoRSUAgcOkiAJysJtUA7KQXkoDxWgAlSESlAJqkAVqApVoRpUg+pQHWpADagFteA+uA/uh7pQF+pBPagP9aEBNICG0BAaQSNoDI2hCTSBptAUmkEzaAEtoBW0gtbQGtpAG2gH7aA9tIcO0AGSIRk6QkfoBJ2gM3SGLtAFukJX6AbdoTu8Aq/Aq/Aq9IYasg/0hb7QD/rBABgIA+F1GAxvwBvwJgyFYTAc3oK34G0YCWdgFIyGMTAGqspxMB4mAMlJkAqpMBkmwxSYAlNhGkyDGZAGM2EWzILZMAfmwEcwDz6Gj2EBLIBFkA7psBiWQAZkwFI4C5mwDJbDClgJq2AlrIG1sAbWwwZYD5tgE2yBLfA5fA7bYTvshJ2wG3bDF/AFfAlfwlDIgizYD/vhAByAg3AQDsEhOAyH4QgcgaNwFI7BMTgOJ+AknIDTcBrOwFk4B+fgAlyAi3ARLsPl7P/8MpuWWuaSuWSMjJGxMlbGyTiZV+aVERmR8TJe5pf5ZQFZQBaShWSCTJBFZVGJEiXJUBaTxWRURmUJWUImykRZSpaSTjqZJJNkWVlWlpPlZHl5h6wg75QVZSXZ1lWRVWRV2c5Vk/fI6rK6rCFrylqytqwt68g6sq6sK+vJerK+rC8byIdlQ9kHBsCjMrsyTeQwaCqHQzPZXLaQLeXb8KRsLUdCG9lWtpNPy9EwCjrI1i5ZPic7yvHQSb4gJ8CLsoucBF3ly7Kb7C57yFdkT9nG9ZK95VToI/vKGdBP9pcD5EA5G2rK7IrVkm/KoXKYHC7fkovgbTlSviNHydFyjHxXjpXj5Hg5QU6Uk2SqfE9Olu/LKfIDOVVOk9PlDJkmZ8pZ8kM5W86Rc+VHcp78WM6XC+RCuUimy0/kYrlEZshP5VL5mcyUy+RyuUKulKvkarlGrpXr5Hq5QW6Um+RmuUVulZ/LbXK73CF3yl1yt9wjv5B75Zdyn/xKZsmv5X75J3lAfiMPym/lIfmdPCy/l0fkD/Ko/FEekz/J4/KEPClPydPyZ3lGnpXn5Hl5Qf4iL8pL8rL0UihQUimlVaByqdwqRuVRseo6FaeuV3lVPhVRN6h4daPKr25SBVRBVUgVVgmqiCqqjEJlFalQFVPFVVTdrEqoW1SiKqlKqdLKqTIqSd2qyqrbVDl1uyqv7lAV1J2qoqqkKqsq6i5VVd2tqql7VHV1r6qhaqpaqra6T9VR96u66gFVTz2o6quHVAP1sGqoHlGN1KOqsXpMNVGPq6bqCdVMNVctVEvVSj2pWqunVBvVVrVTT6v26hnVQT2rktVzqqN6XnVSL6jO6kXVRb2kuqqXVTfVXfVQl9Rl5VUv1VulqD6qr3pN9VP91QA1UA1Sr6vB6g01RL2phqpharh6S41Qb6uR6h01So1WY9S7aqwap8arCWqimqRS1XtqsnpfTVEfqKlqmpquZqg0NVMN+PNMc/+B/Pf/Tv6QX8++RW1Vn6ttarvaoXaqXWq32qP2qL1qr9qn9qkslaX2q/3qgDqgDqqD6pA6pA6rw+qIOqKOqqPqmDqmjqsT6rw6pU6rn9UZdVadVefVBXVBXfzzeyA0aKmV1jrQuXRuHaPz6Fh9nY7T1+u8Op+O6Bt0vL5R59c36QK6oC6kC+sEXUQX1Uajtpp0qIvp4jqqb9Yl9C06UZfUpXRp7XQZnaRv/Zfzr7a+VrqVbq1b6za6jW6n2+n2ur3uoDvoZJ2sO+qOupPupDvrzrqL7qK76q66m+6me+geuqfuqb0QIkWn6L76Nd1P99cD9EA9SL+uB+vBeogeoofqoXq4Hq5H6BF6pB6pR+lReoweo8fqsXq8Hq8n6ok6VafqyXqynqKn6Kl6qp6up+s0naZn6Vl6tp6t5+q5ep6ep+fr+XqhXqjTdbperBfrDJ2hl+qlOlMv08v0Cr1Cr9Kr9Bq9Rq/T6/QGvUFv0pt0pv79GzR36B16l96l9+g9eq/eq/fpfTpLZ+n9er8+oA/og/qgPqQP6cP6sD6ij+ij+qg+po/p4/q4PqlP6tP6tD6jz+hz+py+oC/oi/qivqwvZ1/2BTKQgQ50kCvIFcQEMUFsEBvEBXFB3iBvEAkiQXwQH+QPbgoKBAWDQkHhICEoEhQNTICBDSgIg2JB8SAa3ByUCG4JEoOSQamgdOCCMkFScGtQNrgtKBfcHpQP7ggqBHcGFYNKQeWgSnBXUDW4O6gW3BNUD+4NagQ1g1pB7eC+oE5wf1A3eCCoFzwY1A8eChoEDwcNg0eCRsGjQePgsaBJ8HjQNHgiaBY0D1oELYNW/9b5vT9T8CnXy/Q2KaaP6WteM/1MfzPADDSDzOtmsHnDDDFvmqFmmBlu3jIjzNtmpHnHjDKjzRjzrhlrxpnxZoKZaCaZVPOemWzeN1PMB2aqmWammxkmzcw0s8yHZraZY+aaj8w887GZbxaYhWaRSTefmMVmickwn5ql5jOTaZaZ5WaFWWlWmdVmjVlr1pn1ZoPZaDaZzWaL2Wo+N9vMdrPD7DS7zG6zx3xh9povzT7zlckyX5v95k/mgPnGHDTfmkPmO3PYfG+OmB/MUfOjOWZ+MsfNCXPSnDKnzc/mjDlrzpnz5oL5xVw0l8xl47Mv7rM/3lGjxlyYC2MwBmMxFuMwDvNiXoxgBOMxHvNjfiyABbAQFsIETMCiWBSzERIWw2IYxSiWwBKYiIlYCkuhQ4dJmIRlsSyWw3JYHstjBayAFbEiVsbs+5G78G68G+/Be/BevBdrYk2sjbWxDtbBulgX62E9rI/1sQE2wIbYEBthI2yMjbEJNsGm2BSbYTNsgS2wFbbC1tga22AbbIftsD22xw7YAZMxGTtiR+yEnbAzdsYu2AW7Ylfsht2wB/bAntgTe2EvTMEU7It9sR/2wwE4AAfhIByMg3EIDsGhOBSH43AcgSNwJI7EUTgax+C7OBbH4XicgBNxEqZiKk7GyTgFp+BUnIrTcTqmYRrOwlk4G2fjXJyL83Aezsf5uBAXYjqm42JcjBmYgUtxKWZiJi7H5bgSV+JqXI1rcS2ux/W4ETfiZtyMW3ErbsNtuAN34C7chXtwD+7FvbgP92EWZuF+3I8H8AAexIN4CA/hYTyMR/AIHsWjeAyP4XE8DifxJJ7G03gGz+A5PIcX8Be8iJfwMnqMsXlsrL3OxtnrbV6bz8bYPL2FEH+JC9nCNsEWsUWtsQVswb+J0VqbaEvaUra0dbaMTbK3/iGuaCvZyraKvctWtXfban+I69j7bV37gK1nH7S17X1/E9e3D9kG9nHb0D5hG9nmtrFtaZvYx21T+4RtZpvbFralbW+fsR3sszbZPmc72uf/EC+2S+xau86utxvsXvulPWfP2yP2B3vB/mJ72d52kH3dDrZv2CH2TTvUDvtDPMa+a8facXa8nWAn2kl/iKfbGTbNzrSz7Id2tp3zhzjdfmLn2Qw73y6wC+2iX+PsNWXYT+1S+5nNtMvscrvCrrSr7Gq75i9rXWE32c12i91jv7Db7Ha7w+60u+zuX+PsfeyzX9ks+7U9bL+3B+w39qA9ag/Z736Ns/d31P5oj9mf7HF7wp60p+xp+7M9Y8/+uv/svZ+yl+xl660gIEmKNAWUi3JTDOWhWLqO4uh6ykv5KEI3UDzdSPnpJipABakQFaYEKkJFyRCSJaKQilFxitLNVIJuoUQqSaWoNDkqQ0l0K5Wl26gc3U7l6Q6qQHdSRapElakK3UVV6W6qRvdQdbqXalBNqkW16T6qQ/dTXXqA6tGDVJ8eogb0MDWkR6gRPUqN6TFqQo9TU3qCmlFzakEtqRU9Sa3pKWpDbakdPU3t6RnqQM9SMj1HHel56kQvUGd6kbrQS9SVXqZu1J160CvUk16lXtSbUqgP9aXXqB/1pwE0kAbR6zSY3qAh9CYNpWE0nN6iEfQ2jaR3aBSNpjH0Lo2lcTSeJtBEmkSp9B5NpvdpCn1AU2kaTacZlEYzaRZ9SLNpDs2lj2gefUzzaQEtpEWUTp/QYlpCGfQpLaXPKJOW0XJaQStpFa2mNbSW1tF62kAbaRNtpi20lT6nbbSddtBO2kW7aQ99QXvpS9pHX1EWfU376U90gL6hg/QtHaLv6DB9T0foBzpKP9Ix+omO0wk6SafoNP1MZ+gsnaPzdIF+oYt0iS6TJxFCKEMV6jAIc4W5w5gwTxgbXhfGhdeHecN8YSS8IYwPbwzzhzeFBcKCYaGwcJgQFgmLhibE0IYUhmGxsHgYDW8OS4S3hIlhybBUWDp0YZkwKbw1LBveFpYLbw/Lh3eEFcI7w4phpbByWCW8K6wa3h1WC+8Jq4f3hjXCmmGtsHZ4X1gnvD+sGz4Q1gsfDMuFD4UNwofDhuEjYaPw0bBx+FjYJHw8bBo+ETYLm4ctwpZhq/DJsHX4VNgmbBu2C58O24fPhB3CZ8Pk8LmwY/j8VcdTwj5h3/C18LXQ+wfUwuiiaHr0k+ji6JJoRvTT6NLoZ9HM6LLo8uiK6Mroqujq6Jro2ui66ProhujG6Kbo5uiWqPe1cwsHTjrltAtcLpfbxbg8LtZd5+Lc9S6vy+ci7gYX7250+d1NroAr6Aq5wi7BFXFFnXHorCMXumKuuIu6m10Jd4tLdCVdKVfaOVfGJbmWrpVr5Vq7p1wb19a1c0+7p90z7hn3rHvWPec6uuddJ/eC6+xedF3cS+4l97Lr5rq7Hu4V19O96nq53i7Fpbi+rq/r5/q5AW6AG+QGucFusBvihrihbqgb7oa7EW6EG+lGulFulBvjxrixbqwb78a7iW6iS3WpbrKb7Ka4KW6qm+qmu+kuzaW5WW6Wm+1mu7lurpvn5rn5br5b6Ba6dJfuFrvFLsNluKVuqct0mW65W+5WupVutVvt1rq1br1b7za6jW6z2+y2uq1um9vmdrgdbpfb5fa4PW6v2+v2uX0uy2W5/W6/O+AOuIPuW3fIfecOu+/dEfeDO+p+dMfcT+64O+FOulPutPvZnXFn3Tl33l1wv7iL7pK77LxLjbwXmRx5PzIl8kFkamRaZHpkRiQtMjMyK/JhZHZkTmRu5KPIvMjHkfmRBZGFkUWR9MgnkcWRJZGMyKeRpZHPIpmRZZHlkRWRlZFVEe+LbAt9MV/cR/3NvoS/xSf6kr6UL+2dL+OT/K2+rL/Nl/O3+/L+Dl/B3+kr+kq+sn/CN/PNfQvf0rfyT/rW/infxrf17fzTvr1/xnfwz/pk/5zv6J/3nfwLvrN/0XfxL/mu/mXfzXf3Pfwrvqd/1ffyvX2K7+P7+td8P9/fD/AD/SD/uh/s3/BD/Jt+qB/mh/u3/Aj/th/p3/Gj/Gg/xr/rx/pxfryf4Cf6ST7Vv+cn+/f9FP+Bn+qn+el+hk/zM/0s/6Gf7ef4uf4jP89/7Of7BX6hX+TT/Sd+sV/iM/ynfqn/zGf6ZX65X+FX+lV+tV/j1/p1fr3f4Df6TX6z3+K3+s/9Nr/d7/A7/S6/2+/xX/i9/ku/z3/ls/zXfr//kz/gv/EH/bf+kP/OH/bf+yP+B3/U/+iP+Z/8cX/Cn/Sn/Gn/sz/jz/pz/ry/4H/xF/0lf5l/Zo0xxhhj7B+irjLe57/JkX/u9xVCXL+98KH/Or6xwG/9/rkT2keEEM/17vro761GjZSUlD8fm6lEUHyBECJyJT+XuBIvE+3EMyJZtBVl/zIe81fn6i+7X6CrzB+9Q4jYv8rJzv89vjL/bX93//3luHlXnX+BEInFr+TkEVfiK/OX+2/mL9j6KvPn+SZViDZ/lRMnrsRX5k8ST4nnRfLfHMkYY4wxxhhjjP2mv6zc+Wr3t9n35wn6Sk5ucSX+e/fnjDHGGGOMMcYY+9/lxe49nn0yObltZ+78T3V8vt/e6v8t6+EOd/6BzrX+ysQYY4wxxhj7d7ty0X+tV8IYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjOVc/y9+ndjv57ra3xpkjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHG/lP9nwAAAP//sjE7Eg==") truncate(&(0x7f0000000900)='./file1\x00', 0xb73d) r0 = open(&(0x7f0000000140)='./file1\x00', 0x64842, 0x21) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) pwritev2(r0, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x78c00}], 0x1, 0x2000, 0x0, 0x3) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x0) 1.640239332s ago: executing program 3 (id=1294): r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1}) r1 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x1000002, 0x4018831, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r1, 0x20, &(0x7f0000000180)="5e73663bf4082f7c6cbecbf09d6dd7be5a06dfd64563f329c16f799d1836bfc45a7badc8faed24bb77c848723a43602d1fe0d236c062e105ec77ffd00fb243c3111dda42112650cc", 0x0, 0xfe2a) ioctl$UFFDIO_COPY(r0, 0xc028aa05, &(0x7f0000000040)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000000/0x3000)=nil, 0x3000}) 1.43993786s ago: executing program 4 (id=1295): r0 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) fchdir(r1) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000340)='.\x00', 0x0, 0x0) getdents64(r2, 0x0, 0x0) 958.009885ms ago: executing program 3 (id=1296): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000e00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000100)='kfree\x00', r0}, 0x18) r1 = socket$kcm(0xa, 0x5, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b19, &(0x7f0000000000)={'wlan1\x00', @random="020000001300"}) r2 = socket$kcm(0xa, 0x5, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r1, 0x8916, &(0x7f0000000000)={r2}) 632.629062ms ago: executing program 4 (id=1297): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c) setsockopt$inet6_IPV6_ADDRFORM(r0, 0x29, 0x1, &(0x7f0000000080), 0x4) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000ac0), 0x4) recvfrom$inet6(r0, 0x0, 0x0, 0x2020, 0x0, 0x0) 0s ago: executing program 3 (id=1298): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000180)={'batadv0\x00', 0x0}) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', 0x0}) r4 = syz_genetlink_get_family_id$batadv(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$BATADV_CMD_SET_HARDIF(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)={0x2c, r4, 0x18fe2a01ed25d92f, 0x2, 0x0, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r3}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r2}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x3}]}, 0x2c}}, 0x42054) kernel console output (not intermixed with test programs): atadv_slave_0 [ 580.771472][ T9127] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 580.782609][ T9127] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 580.795423][ T9127] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 580.811923][ T9127] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 580.831449][ T9127] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 580.843210][ T9127] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 580.858313][ T9127] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 580.871995][ T9127] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 580.882887][ T9127] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 580.893709][ T9127] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 580.908514][ T9127] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 580.931087][ T9281] hsr_slave_0: entered promiscuous mode [ 580.956679][ T9281] hsr_slave_1: entered promiscuous mode [ 580.977371][ T9281] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 580.985291][ T9281] Cannot create hsr debugfs directory [ 581.322189][ T9127] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 581.331466][ T9127] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 581.340752][ T9127] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 581.349949][ T9127] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 581.457731][ T5794] Bluetooth: hci2: command tx timeout [ 582.192471][ T9361] loop7: detected capacity change from 0 to 1024 [ 582.233736][ T9361] EXT4-fs: Ignoring removed orlov option [ 582.239946][ T9361] EXT4-fs: Ignoring removed nomblk_io_submit option [ 582.399510][ T9361] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 582.932720][ T9369] loop9: detected capacity change from 0 to 512 [ 582.988799][ T9369] EXT4-fs (loop9): encrypted files will use data=ordered instead of data journaling mode [ 583.153356][ T9369] EXT4-fs (loop9): 1 truncate cleaned up [ 583.172535][ T9369] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 583.251233][ T9369] EXT4-fs error (device loop9): ext4_generic_delete_entry:2687: inode #2: block 13: comm syz.9.823: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=8, size=1024 fake=0 [ 583.363977][ T9369] EXT4-fs error (device loop9) in ext4_delete_entry:2758: Corrupt filesystem [ 583.368416][ T6927] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 583.378440][ T9369] EXT4-fs warning (device loop9): ext4_rename_delete:3740: inode #2: comm syz.9.823: Deleting old file: nlink 6, error=-117 [ 583.841456][ T9281] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 583.986013][ T9281] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 583.997769][ T8805] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 584.065029][ T9281] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 584.131688][ T9281] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 584.397444][ T9384] loop7: detected capacity change from 0 to 512 [ 584.508546][ T9384] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode [ 584.800179][ T9384] EXT4-fs (loop7): 1 orphan inode deleted [ 584.806314][ T9384] EXT4-fs (loop7): 1 truncate cleaned up [ 584.836237][ T9384] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 585.050709][ T9391] netlink: 32 bytes leftover after parsing attributes in process `syz.6.828'. [ 585.060223][ T9391] netlink: 32 bytes leftover after parsing attributes in process `syz.6.828'. [ 585.133538][ T9384] EXT4-fs error (device loop7): ext4_inlinedir_to_tree:1404: inode #12: block 7: comm syz.7.825: path /141/bus/file0: bad entry in directory: directory entry overrun - offset=788, inode=13, rec_len=784, size=60 fake=0 [ 585.160981][ T9391] Invalid ELF header magic: != ELF [ 585.188997][ T9384] EXT4-fs (loop7): Remounting filesystem read-only [ 585.317952][ T9281] 8021q: adding VLAN 0 to HW filter on device bond0 [ 585.431957][ T9281] 8021q: adding VLAN 0 to HW filter on device team0 [ 585.466283][ T76] bridge0: port 1(bridge_slave_0) entered blocking state [ 585.474070][ T76] bridge0: port 1(bridge_slave_0) entered forwarding state [ 585.624242][ T76] bridge0: port 2(bridge_slave_1) entered blocking state [ 585.632031][ T76] bridge0: port 2(bridge_slave_1) entered forwarding state [ 585.694336][ T6927] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 586.336686][ T9396] loop6: detected capacity change from 0 to 1024 [ 586.941974][ T9396] hfsplus: xattr searching failed [ 587.048960][ T9396] hfsplus: xattr searching failed [ 587.610229][ T9281] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 587.778271][ T1777] hfsplus: bad catalog file entry [ 587.783675][ T1777] hfsplus: b-tree write err: -5, ino 3 [ 587.883071][ T9281] veth0_vlan: entered promiscuous mode [ 587.926664][ T1274] ieee802154 phy0 wpan0: encryption failed: -22 [ 587.933498][ T1274] ieee802154 phy1 wpan1: encryption failed: -22 [ 588.411163][ T9281] veth1_vlan: entered promiscuous mode [ 588.726737][ T9281] veth0_macvtap: entered promiscuous mode [ 588.910852][ T9281] veth1_macvtap: entered promiscuous mode [ 589.155557][ T9425] loop6: detected capacity change from 0 to 512 [ 589.197791][ T56] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 589.205875][ T56] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 589.240292][ T9281] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 589.249417][ T9427] kernel read not supported for file /eth0 (pid: 9427 comm: syz.9.838) [ 589.255641][ T9281] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 589.272724][ T9281] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 589.283522][ T9281] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 589.293687][ T9281] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 589.304698][ T9281] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 589.314927][ T9281] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 589.325817][ T9281] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 589.341079][ T9281] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 589.366113][ T9281] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 589.377084][ T9281] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 589.387273][ T9281] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 589.398022][ T9281] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 589.408145][ T9281] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 589.419976][ T9281] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 589.428470][ T29] audit: type=1800 audit(1735864889.667:41): pid=9427 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.9.838" name="eth0" dev="mqueue" ino=27103 res=0 errno=0 [ 589.432319][ T9281] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 589.467610][ T9281] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 589.486428][ T9281] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 589.547273][ T7903] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 589.558929][ T7903] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 589.703203][ T9281] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 589.713342][ T9281] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 589.722677][ T9281] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 589.731818][ T9281] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 590.126546][ T9437] loop7: detected capacity change from 0 to 512 [ 590.247953][ T9425] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 590.261248][ T9425] ext4 filesystem being mounted at /162/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 590.309425][ T9437] EXT4-fs error (device loop7): ext4_orphan_get:1389: inode #15: comm syz.7.840: casefold flag without casefold feature [ 590.496737][ T9437] EXT4-fs error (device loop7): ext4_orphan_get:1394: comm syz.7.840: couldn't read orphan inode 15 (err -117) [ 590.620292][ T9437] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 590.748577][ T9425] EXT4-fs error (device loop6): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 590.893334][ T9425] EXT4-fs (loop6): Delayed block allocation failed for inode 15 at logical offset 31 with max blocks 33 with error 28 [ 590.907363][ T9425] EXT4-fs (loop6): This should not happen!! Data will be lost [ 590.907363][ T9425] [ 590.917533][ T9425] EXT4-fs (loop6): Total free blocks count 0 [ 590.923771][ T9425] EXT4-fs (loop6): Free/Dirty block details [ 590.930137][ T9425] EXT4-fs (loop6): free_blocks=65280 [ 590.935686][ T9425] EXT4-fs (loop6): dirty_blocks=33 [ 590.941257][ T9425] EXT4-fs (loop6): Block reservation details [ 590.948302][ T9425] EXT4-fs (loop6): i_reserved_data_blocks=33 [ 591.140595][ T9437] overlayfs: invalid origin (000000790000000000000000000000000000000000000000000000000000000000000000000000000000000000000000) [ 591.388308][ T6706] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 591.709240][ T6927] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 592.200403][ T29] audit: type=1326 audit(1735864892.597:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9462 comm="syz.9.845" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf706d579 code=0x0 [ 593.774352][ T9488] syz.9.850 (9488): /proc/9487/oom_adj is deprecated, please use /proc/9487/oom_score_adj instead. [ 594.814864][ T9503] loop9: detected capacity change from 0 to 256 [ 596.398633][ T9523] netlink: 4 bytes leftover after parsing attributes in process `syz.9.858'. [ 596.837087][ T5835] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 597.093260][ T1777] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 597.101571][ T1777] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 597.202615][ T5835] usb 4-1: config index 0 descriptor too short (expected 45, got 36) [ 597.211564][ T5835] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 597.223641][ T5835] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 597.238176][ T5835] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 597.250830][ T5835] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 597.264385][ T5835] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 597.274064][ T5835] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 597.320205][ T4501] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 597.328503][ T4501] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 597.509720][ T5835] usb 4-1: config 0 descriptor?? [ 597.518294][ T9526] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 597.983239][ T5835] plantronics 0003:047F:FFFF.000E: unknown main item tag 0xd [ 598.101031][ T5835] plantronics 0003:047F:FFFF.000E: No inputs registered, leaving [ 598.222382][ T5835] plantronics 0003:047F:FFFF.000E: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 598.591767][ T1777] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 598.628157][ T5835] usb 4-1: USB disconnect, device number 2 [ 599.138989][ T1777] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 599.470198][ T1777] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 599.710006][ T1777] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 600.700739][ T1777] bridge_slave_1: left allmulticast mode [ 600.706670][ T1777] bridge_slave_1: left promiscuous mode [ 600.729258][ T1777] bridge0: port 2(bridge_slave_1) entered disabled state [ 600.825012][ T5793] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 600.848865][ T5793] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 600.848966][ T1777] bridge_slave_0: left allmulticast mode [ 600.849065][ T1777] bridge_slave_0: left promiscuous mode [ 600.869121][ T1777] bridge0: port 1(bridge_slave_0) entered disabled state [ 600.879991][ T5793] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 600.924725][ T5793] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 600.939562][ T5793] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 600.949192][ T5793] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 601.550225][ T9574] loop3: detected capacity change from 0 to 1024 [ 601.718083][ T9574] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 601.918891][ T1777] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 602.012578][ T1777] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 602.165946][ T9574] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 602.330887][ T1777] bond0 (unregistering): Released all slaves [ 602.366580][ T9574] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 21 with max blocks 44 with error 28 [ 602.379936][ T9574] EXT4-fs (loop3): This should not happen!! Data will be lost [ 602.379936][ T9574] [ 602.390217][ T9574] EXT4-fs (loop3): Total free blocks count 0 [ 602.396457][ T9574] EXT4-fs (loop3): Free/Dirty block details [ 602.402774][ T9574] EXT4-fs (loop3): free_blocks=68451041280 [ 602.409063][ T9574] EXT4-fs (loop3): dirty_blocks=80 [ 602.414428][ T9574] EXT4-fs (loop3): Block reservation details [ 602.421199][ T9574] EXT4-fs (loop3): i_reserved_data_blocks=5 [ 603.072862][ T5793] Bluetooth: hci2: command tx timeout [ 603.074161][ T4630] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 603.245770][ T9596] loop9: detected capacity change from 0 to 512 [ 603.448125][ T9596] EXT4-fs warning (device loop9): dx_probe:893: inode #2: comm syz.9.876: dx entry: limit 1024 != root limit 124 [ 603.460612][ T9596] EXT4-fs warning (device loop9): dx_probe:966: inode #2: comm syz.9.876: Corrupt directory, running e2fsck is recommended [ 603.626604][ T9596] EXT4-fs (loop9): Cannot turn on journaled quota: type 1: error -117 [ 603.635522][ T9596] EXT4-fs error (device loop9): ext4_xattr_ibody_find:2240: inode #15: comm syz.9.876: corrupted in-inode xattr: invalid ea_ino [ 603.817619][ T9596] EXT4-fs (loop9): Remounting filesystem read-only [ 603.857437][ T9596] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 603.971478][ T1777] hsr_slave_0: left promiscuous mode [ 604.114928][ T9596] EXT4-fs warning (device loop9): dx_probe:893: inode #2: comm syz.9.876: dx entry: limit 1024 != root limit 124 [ 604.128060][ T9596] EXT4-fs warning (device loop9): dx_probe:966: inode #2: comm syz.9.876: Corrupt directory, running e2fsck is recommended [ 604.459629][ T1777] hsr_slave_1: left promiscuous mode [ 604.508746][ T8805] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 604.532615][ T1777] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 604.540668][ T1777] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 604.565749][ T1777] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 604.575292][ T1777] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 604.760034][ T1777] veth1_macvtap: left promiscuous mode [ 604.765822][ T1777] veth0_macvtap: left promiscuous mode [ 604.772067][ T1777] veth1_vlan: left promiscuous mode [ 604.777847][ T1777] veth0_vlan: left promiscuous mode [ 605.131243][ T5794] Bluetooth: hci2: command tx timeout [ 605.238362][ T9622] loop3: detected capacity change from 0 to 1024 [ 605.249615][ T9622] EXT4-fs: Ignoring removed nomblk_io_submit option [ 605.286287][ T5835] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 605.310562][ T5835] hid-generic 0000:0000:0000.000F: hidraw0: HID v0.00 Device [syz1] on syz0 [ 605.364420][ T9622] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 605.829815][ T9622] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 606.042580][ T5863] kernel write not supported for file /uhid (pid: 5863 comm: kworker/1:5) [ 606.223520][ T1777] team0 (unregistering): Port device team_slave_1 removed [ 606.283888][ T1777] team0 (unregistering): Port device team_slave_0 removed [ 606.414156][ T9127] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 607.187933][ T5794] Bluetooth: hci2: command tx timeout [ 607.420887][ T9649] netlink: 4 bytes leftover after parsing attributes in process `syz.6.886'. [ 607.683070][ T9653] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 608.032989][ T9565] chnl_net:caif_netlink_parms(): no params data found [ 608.433630][ T56] bridge_slave_1: left allmulticast mode [ 608.441809][ T56] bridge_slave_1: left promiscuous mode [ 608.449877][ T56] bridge0: port 2(bridge_slave_1) entered disabled state [ 608.657583][ T56] bridge_slave_0: left allmulticast mode [ 608.663668][ T56] bridge_slave_0: left promiscuous mode [ 608.670488][ T56] bridge0: port 1(bridge_slave_0) entered disabled state [ 608.970469][ T9670] loop6: detected capacity change from 0 to 1024 [ 609.338859][ T5794] Bluetooth: hci2: command tx timeout [ 609.613536][ T9670] hfsplus: xattr search failed [ 609.741921][ T56] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 609.823556][ T56] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 609.873468][ T56] bond0 (unregistering): Released all slaves [ 610.636595][ T56] tipc: Left network mode [ 611.951460][ T9696] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 612.054481][ T9700] loop9: detected capacity change from 0 to 1024 [ 612.093151][ T9700] EXT4-fs (loop9): stripe (7) is not aligned with cluster size (4096), stripe is disabled [ 612.207970][ T9565] bridge0: port 1(bridge_slave_0) entered blocking state [ 612.215738][ T9565] bridge0: port 1(bridge_slave_0) entered disabled state [ 612.223775][ T9565] bridge_slave_0: entered allmulticast mode [ 612.224923][ T9700] EXT4-fs error (device loop9): ext4_read_block_bitmap_nowait:483: comm syz.9.903: Invalid block bitmap block 0 in block_group 0 [ 612.236284][ T9565] bridge_slave_0: entered promiscuous mode [ 612.468716][ T9700] Quota error (device loop9): write_blk: dquota write failed [ 612.476588][ T9700] Quota error (device loop9): qtree_write_dquot: Error -117 occurred while creating quota [ 612.491666][ T9700] EXT4-fs error (device loop9): ext4_acquire_dquot:6938: comm syz.9.903: Failed to acquire dquot type 0 [ 612.706291][ T9700] EXT4-fs error (device loop9): ext4_free_blocks:6589: comm syz.9.903: Freeing blocks not in datazone - block = 0, count = 4096 [ 612.908193][ T9700] EXT4-fs error (device loop9): ext4_read_inode_bitmap:139: comm syz.9.903: Invalid inode bitmap blk 0 in block_group 0 [ 612.930456][ T56] hsr_slave_0: left promiscuous mode [ 612.948788][ T5070] Quota error (device loop9): do_check_range: Getting block 0 out of range 1-8 [ 612.960595][ T5070] EXT4-fs error (device loop9): ext4_release_dquot:6961: comm kworker/u8:29: Failed to release dquot type 0 [ 612.987761][ T56] hsr_slave_1: left promiscuous mode [ 612.991727][ T9700] EXT4-fs error (device loop9) in ext4_free_inode:361: Corrupt filesystem [ 613.027831][ T56] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 613.035598][ T56] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 613.072942][ T9700] EXT4-fs (loop9): 1 orphan inode deleted [ 613.080049][ T56] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 613.080737][ T9700] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 613.088121][ T56] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 613.121812][ T44] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 613.226531][ T56] veth1_macvtap: left promiscuous mode [ 613.232496][ T56] veth0_macvtap: left promiscuous mode [ 613.238770][ T56] veth1_vlan: left promiscuous mode [ 613.244376][ T56] veth0_vlan: left promiscuous mode [ 613.400378][ T44] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 613.416736][ T44] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 613.427454][ T44] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 613.472841][ T44] usb 4-1: config 0 descriptor?? [ 613.501530][ T7965] usb 8-1: new low-speed USB device number 11 using dummy_hcd [ 613.776392][ T7965] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8D has invalid maxpacket 200, setting to 8 [ 613.787897][ T7965] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x5 is Bulk; changing to Interrupt [ 613.798332][ T7965] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 613.808760][ T7965] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x7 has an invalid bInterval 248, changing to 4 [ 613.823389][ T7965] usb 8-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 613.833932][ T7965] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 613.945796][ T7965] usb 8-1: config 0 descriptor?? [ 613.957796][ T9717] raw-gadget.1 gadget.7: fail, usb_ep_enable returned -22 [ 614.021408][ T9700] syz.9.903 (9700) used greatest stack depth: 4240 bytes left [ 614.082745][ T44] keytouch 0003:0926:3333.0010: fixing up Keytouch IEC report descriptor [ 614.113484][ T44] input: HID 0926:3333 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0926:3333.0010/input/input28 [ 614.281742][ T8805] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 614.293451][ T5835] usb 8-1: USB disconnect, device number 11 [ 614.575445][ T56] team0 (unregistering): Port device team_slave_1 removed [ 614.644728][ T44] keytouch 0003:0926:3333.0010: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.3-1/input0 [ 614.724670][ T56] team0 (unregistering): Port device team_slave_0 removed [ 614.749095][ T44] usb 4-1: USB disconnect, device number 3 [ 615.023035][ T7965] usb 7-1: new high-speed USB device number 9 using dummy_hcd [ 615.387974][ T7965] usb 7-1: Using ep0 maxpacket: 8 [ 615.431222][ T9565] bridge0: port 2(bridge_slave_1) entered blocking state [ 615.439486][ T9565] bridge0: port 2(bridge_slave_1) entered disabled state [ 615.448475][ T9565] bridge_slave_1: entered allmulticast mode [ 615.462947][ T9565] bridge_slave_1: entered promiscuous mode [ 615.610601][ T7965] usb 7-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 615.620153][ T7965] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 615.853008][ T7965] usb 7-1: config 0 descriptor?? [ 616.180944][ T9565] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 616.217656][ T9735] netlink: 20 bytes leftover after parsing attributes in process `syz.7.910'. [ 616.346189][ T9565] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 616.863467][ T9565] team0: Port device team_slave_0 added [ 616.938944][ T7965] asix 7-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 616.950051][ T7965] asix 7-1:0.0: probe with driver asix failed with error -71 [ 616.965208][ T9565] team0: Port device team_slave_1 added [ 617.063556][ T7965] usb 7-1: USB disconnect, device number 9 [ 617.381093][ T9565] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 617.388598][ T9565] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 617.419219][ T9565] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 617.551773][ T9565] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 617.560512][ T9565] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 617.588450][ T9565] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 617.898154][ T9752] loop3: detected capacity change from 0 to 1024 [ 617.925427][ T9752] EXT4-fs: Ignoring removed nobh option [ 617.931715][ T9752] EXT4-fs: Ignoring removed bh option [ 618.164575][ T9565] hsr_slave_0: entered promiscuous mode [ 618.179272][ T9752] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 618.309451][ T9565] hsr_slave_1: entered promiscuous mode [ 618.358859][ T9752] EXT4-fs error (device loop3): mb_free_blocks:1948: group 0, inode 15: block 129:freeing already freed block (bit 8); block bitmap corrupt. [ 618.363145][ T9565] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 618.381873][ T9565] Cannot create hsr debugfs directory [ 618.887227][ T9763] loop7: detected capacity change from 0 to 1024 [ 619.083646][ T9763] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 619.131360][ T9127] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 619.297637][ T9763] EXT4-fs error (device loop7): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 619.377883][ T9763] EXT4-fs (loop7): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 619.390688][ T9763] EXT4-fs (loop7): This should not happen!! Data will be lost [ 619.390688][ T9763] [ 619.400749][ T9763] EXT4-fs (loop7): Total free blocks count 0 [ 619.407175][ T9763] EXT4-fs (loop7): Free/Dirty block details [ 619.413302][ T9763] EXT4-fs (loop7): free_blocks=68451041280 [ 619.419498][ T9763] EXT4-fs (loop7): dirty_blocks=80 [ 619.424862][ T9763] EXT4-fs (loop7): Block reservation details [ 619.431287][ T9763] EXT4-fs (loop7): i_reserved_data_blocks=5 [ 620.098547][ T9778] dccp_xmit_packet: Payload too large (65475) for featneg. [ 620.227876][ T56] EXT4-fs (loop7): Delayed block allocation failed for inode 15 at logical offset 4 with max blocks 64 with error 28 [ 620.353229][ T9777] loop6: detected capacity change from 0 to 2048 [ 620.470953][ T9777] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 620.743699][ T9777] Process accounting resumed [ 620.786094][ T4501] EXT4-fs error (device loop6): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 620.846444][ T4501] EXT4-fs (loop6): Remounting filesystem read-only [ 621.332047][ T9565] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 621.708314][ T9565] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 621.725585][ T6706] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 621.813418][ T9565] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 621.822689][ T5845] usb 10-1: new high-speed USB device number 2 using dummy_hcd [ 621.958886][ T9565] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 622.037243][ T5845] usb 10-1: Using ep0 maxpacket: 16 [ 622.101697][ T5845] usb 10-1: config 0 has no interfaces? [ 622.108526][ T5845] usb 10-1: New USB device found, idVendor=0445, idProduct=5010, bcdDevice= 0.00 [ 622.121333][ T5845] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 622.178900][ T5845] usb 10-1: config 0 descriptor?? [ 622.462419][ T5845] usb 10-1: USB disconnect, device number 2 [ 622.853701][ T9813] netlink: 4 bytes leftover after parsing attributes in process `syz.3.931'. [ 624.030860][ T9565] 8021q: adding VLAN 0 to HW filter on device bond0 [ 624.334833][ T9565] 8021q: adding VLAN 0 to HW filter on device team0 [ 624.476935][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 624.484643][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 624.654457][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 624.662311][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 625.095821][ T9831] loop9: detected capacity change from 0 to 1024 [ 625.213093][ T9835] loop7: detected capacity change from 0 to 512 [ 625.298058][ T9835] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode [ 625.553658][ T9831] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 625.567799][ T9835] EXT4-fs (loop7): 1 truncate cleaned up [ 625.575309][ T9835] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 625.963360][ T9850] loop3: detected capacity change from 0 to 512 [ 626.150270][ T9831] EXT4-fs error (device loop9): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 626.179052][ T9831] EXT4-fs (loop9): Delayed block allocation failed for inode 15 at logical offset 21 with max blocks 44 with error 28 [ 626.191969][ T9831] EXT4-fs (loop9): This should not happen!! Data will be lost [ 626.191969][ T9831] [ 626.202239][ T9831] EXT4-fs (loop9): Total free blocks count 0 [ 626.212644][ T9831] EXT4-fs (loop9): Free/Dirty block details [ 626.220017][ T9831] EXT4-fs (loop9): free_blocks=68451041280 [ 626.226075][ T9831] EXT4-fs (loop9): dirty_blocks=80 [ 626.232414][ T9831] EXT4-fs (loop9): Block reservation details [ 626.238827][ T9831] EXT4-fs (loop9): i_reserved_data_blocks=5 [ 626.365606][ T9850] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 626.390296][ T9565] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 626.478697][ T9850] ext4 filesystem being mounted at /27/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 626.501151][ T6927] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 626.611562][ T29] audit: type=1800 audit(1735864926.987:43): pid=9850 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.940" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 626.651384][ T9565] veth0_vlan: entered promiscuous mode [ 626.687213][ T9565] veth1_vlan: entered promiscuous mode [ 626.780412][ T9565] veth0_macvtap: entered promiscuous mode [ 626.804492][ T9565] veth1_macvtap: entered promiscuous mode [ 626.862731][ T9565] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 626.873639][ T9565] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 626.883833][ T9565] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 626.894634][ T9565] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 626.905800][ T9565] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 626.918420][ T9565] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 626.938258][ T9565] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 626.957357][ T9565] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 626.968149][ T9565] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 626.978305][ T9565] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 626.989080][ T9565] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 626.999222][ T9565] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 627.010737][ T9565] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 627.025237][ T9565] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 627.050482][ T9565] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 627.059726][ T9565] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 627.068974][ T9565] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 627.078093][ T9565] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 627.120389][ T29] audit: type=1800 audit(1735864927.307:44): pid=9850 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.940" name="file2" dev="loop3" ino=16 res=0 errno=0 [ 627.261160][ T1845] EXT4-fs (loop9): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 628.520886][ T9127] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 632.007847][ T9919] netlink: 4 bytes leftover after parsing attributes in process `syz.6.953'. [ 632.997356][ T9932] loop7: detected capacity change from 0 to 2048 [ 633.216929][ T9932] UDF-fs: warning (device loop7): udf_load_vrs: No anchor found [ 633.224985][ T9932] UDF-fs: Scanning with blocksize 512 failed [ 633.460897][ T9932] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 633.780532][ T9944] loop6: detected capacity change from 0 to 4096 [ 633.846224][ T9944] EXT4-fs: Ignoring removed orlov option [ 634.437634][ T9944] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 634.758949][ T5070] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 634.767307][ T5070] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 634.899684][ T9944] EXT4-fs error (device loop6): ext4_get_first_dir_block:3559: inode #12: block 80: comm syz.6.958: bad entry in directory: rec_len is smaller than minimal - offset=12, inode=6, rec_len=0, size=4096 fake=0 [ 634.952606][ T7887] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 634.961023][ T7887] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 635.058320][ T9944] EXT4-fs (loop6): Remounting filesystem read-only [ 635.923937][ T6706] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 637.342581][ T5070] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 637.726247][ T5070] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 638.232278][ T5070] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 638.512787][ T5070] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 639.459198][ T5070] bridge_slave_1: left allmulticast mode [ 639.465131][ T5070] bridge_slave_1: left promiscuous mode [ 639.472159][ T5070] bridge0: port 2(bridge_slave_1) entered disabled state [ 639.640505][ T5070] bridge_slave_0: left allmulticast mode [ 639.646452][ T5070] bridge_slave_0: left promiscuous mode [ 639.653463][ T5070] bridge0: port 1(bridge_slave_0) entered disabled state [ 640.105085][ T5793] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 640.115275][ T5793] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 640.129256][ T5793] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 640.254665][ T5793] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 640.274970][ T5793] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 640.284412][ T5793] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 640.888666][ T5070] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 640.985879][ T5070] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 641.066550][ T5070] bond0 (unregistering): Released all slaves [ 642.354722][ T5070] hsr_slave_0: left promiscuous mode [ 642.390394][ T5794] Bluetooth: hci2: command tx timeout [ 642.409247][ T5070] hsr_slave_1: left promiscuous mode [ 642.442778][ T5070] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 642.451009][ T5070] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 642.513306][ T5070] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 642.521521][ T5070] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 642.628462][ T5070] veth1_macvtap: left promiscuous mode [ 642.634289][ T5070] veth0_macvtap: left promiscuous mode [ 642.640802][ T5070] veth1_vlan: left promiscuous mode [ 642.646394][ T5070] veth0_vlan: left promiscuous mode [ 643.588185][T10021] loop6: detected capacity change from 0 to 1024 [ 643.784496][T10023] loop9: detected capacity change from 0 to 2048 [ 643.906398][T10023] UDF-fs: error (device loop9): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 644.005980][T10023] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 644.480354][ T1777] hfsplus: b-tree write err: -5, ino 4 [ 644.495420][ T5793] Bluetooth: hci2: command tx timeout [ 644.648829][ T5070] team0 (unregistering): Port device team_slave_1 removed [ 644.865982][ T5070] team0 (unregistering): Port device team_slave_0 removed [ 645.130549][T10030] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input29 [ 645.833410][T10042] netlink: 240 bytes leftover after parsing attributes in process `syz.9.979'. [ 645.980608][T10041] netlink: 16 bytes leftover after parsing attributes in process `syz.7.980'. [ 646.316730][ T5794] Bluetooth: hci1: command 0x0406 tx timeout [ 646.578439][ T9988] chnl_net:caif_netlink_parms(): no params data found [ 646.665879][ T5793] Bluetooth: hci2: command tx timeout [ 647.341053][T10055] netlink: 'syz.6.981': attribute type 1 has an invalid length. [ 647.878445][T10056] bond2: entered allmulticast mode [ 647.889292][T10056] 8021q: adding VLAN 0 to HW filter on device bond2 [ 647.903301][T10056] bond1: (slave bond2): making interface the new active one [ 647.912895][T10056] bond1: (slave bond2): Enslaving as an active interface with an up link [ 648.245182][T10067] loop7: detected capacity change from 0 to 256 [ 648.767724][ T5793] Bluetooth: hci2: command tx timeout [ 648.834958][T10067] exFAT-fs (loop7): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d) [ 648.934043][ T9988] bridge0: port 1(bridge_slave_0) entered blocking state [ 648.946726][ T9988] bridge0: port 1(bridge_slave_0) entered disabled state [ 648.954801][ T9988] bridge_slave_0: entered allmulticast mode [ 648.964016][ T9988] bridge_slave_0: entered promiscuous mode [ 648.979220][ T9988] bridge0: port 2(bridge_slave_1) entered blocking state [ 648.987045][ T9988] bridge0: port 2(bridge_slave_1) entered disabled state [ 648.995002][ T9988] bridge_slave_1: entered allmulticast mode [ 649.004263][ T9988] bridge_slave_1: entered promiscuous mode [ 649.480179][ T1274] ieee802154 phy0 wpan0: encryption failed: -22 [ 649.488627][ T1274] ieee802154 phy1 wpan1: encryption failed: -22 [ 649.667135][ T5845] usb 7-1: new high-speed USB device number 10 using dummy_hcd [ 649.910711][ T5845] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 649.921332][ T5845] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 649.973448][ T5845] usb 7-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 649.983115][ T5845] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 649.993068][ T5845] usb 7-1: SerialNumber: syz [ 650.038487][ T9988] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 650.168898][ T9988] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 650.553631][ T5845] usb 7-1: 0:2 : does not exist [ 650.661621][ T9988] team0: Port device team_slave_0 added [ 650.710804][ T7965] IPVS: starting estimator thread 0... [ 650.758273][ T5845] usb 7-1: USB disconnect, device number 10 [ 650.780753][ T9988] team0: Port device team_slave_1 added [ 650.827515][T10096] IPVS: using max 240 ests per chain, 12000 per kthread [ 651.204859][ T9988] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 651.212411][ T9988] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 651.240332][ T9988] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 651.266312][ T5945] udevd[5945]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 651.381975][ T9988] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 651.389468][ T9988] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 651.415596][ C0] vkms_vblank_simulate: vblank timer overrun [ 651.439690][ T9988] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 652.079722][ T9988] hsr_slave_0: entered promiscuous mode [ 652.183221][ T9988] hsr_slave_1: entered promiscuous mode [ 652.277128][ T9988] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 652.284946][ T9988] Cannot create hsr debugfs directory [ 652.291865][ T7965] usb 10-1: new high-speed USB device number 3 using dummy_hcd [ 652.539025][ T7965] usb 10-1: Using ep0 maxpacket: 32 [ 652.593371][ T7965] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 652.604965][ T7965] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 652.616395][ T7965] usb 10-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 652.626046][ T7965] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 653.534919][ T7965] usb 10-1: config 0 descriptor?? [ 653.622667][ T7965] hub 10-1:0.0: USB hub found [ 653.806453][ T7965] hub 10-1:0.0: 1 port detected [ 653.864364][T10122] loop6: detected capacity change from 0 to 512 [ 654.310785][T10122] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 654.324114][T10122] ext4 filesystem being mounted at /200/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 654.655621][ T7965] hub 10-1:0.0: activate --> -90 [ 654.828931][T10132] loop7: detected capacity change from 0 to 256 [ 654.906236][T10132] exfat: Deprecated parameter 'utf8' [ 654.964448][ T5845] usb 10-1: USB disconnect, device number 3 [ 655.098446][ T6706] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 655.196540][T10132] exFAT-fs (loop7): failed to load upcase table (idx : 0x00010000, chksum : 0x5b52992a, utbl_chksum : 0xe619d30d) [ 655.368327][ T7965] usb 10-1-port1: config error [ 655.449707][ T9988] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 655.557861][ T9988] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 655.698418][ T9988] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 655.788842][ T9988] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 656.456123][ T9988] 8021q: adding VLAN 0 to HW filter on device bond0 [ 656.501628][ T9988] 8021q: adding VLAN 0 to HW filter on device team0 [ 656.550584][ T56] bridge0: port 1(bridge_slave_0) entered blocking state [ 656.558355][ T56] bridge0: port 1(bridge_slave_0) entered forwarding state [ 656.578927][ T56] bridge0: port 2(bridge_slave_1) entered blocking state [ 656.586624][ T56] bridge0: port 2(bridge_slave_1) entered forwarding state [ 656.795931][ T9988] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 656.807908][ T9988] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 658.296427][T10159] loop9: detected capacity change from 0 to 512 [ 658.371551][T10159] EXT4-fs (loop9): encrypted files will use data=ordered instead of data journaling mode [ 658.661300][ T9988] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 658.732862][T10159] EXT4-fs (loop9): 1 truncate cleaned up [ 658.740906][T10159] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 659.405339][ T8805] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 659.476365][ T9988] veth0_vlan: entered promiscuous mode [ 659.553280][ T9988] veth1_vlan: entered promiscuous mode [ 659.801150][T10175] loop9: detected capacity change from 0 to 512 [ 659.864591][T10175] EXT4-fs (loop9): encrypted files will use data=ordered instead of data journaling mode [ 659.964187][T10175] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a00ec019, mo2=0002] [ 659.973470][T10175] System zones: 1-12 [ 660.018406][T10175] EXT4-fs (loop9): 1 truncate cleaned up [ 660.025971][T10175] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 660.055404][ T9988] veth0_macvtap: entered promiscuous mode [ 660.159284][ T9988] veth1_macvtap: entered promiscuous mode [ 660.299820][T10175] loop9: detected capacity change from 512 to 64 [ 660.438732][ T9988] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 660.449657][ T9988] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 660.459967][ T9988] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 660.470916][ T9988] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 660.481332][ T9988] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 660.492189][ T9988] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 660.507067][ T9988] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 660.687285][ T5845] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 660.953638][ T9988] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 660.967423][ T9988] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 660.977635][ T9988] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 660.988920][ T9988] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 660.999022][ T9988] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 661.009850][ T9988] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 661.028208][ T9988] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 661.039641][ T5845] usb 4-1: Using ep0 maxpacket: 32 [ 661.135943][ T8805] EXT4-fs warning (device loop9): ext4_empty_dir:3124: inode #11: lblock 5: comm syz-executor: error -12 reading directory block [ 661.255778][ T8805] EXT4-fs warning (device loop9): ext4_empty_dir:3124: inode #11: lblock 5: comm syz-executor: error -12 reading directory block [ 661.352859][ T8805] EXT4-fs warning (device loop9): ext4_empty_dir:3124: inode #11: lblock 5: comm syz-executor: error -12 reading directory block [ 661.357303][ T5845] usb 4-1: config index 0 descriptor too short (expected 35577, got 27) [ 661.375408][ T5845] usb 4-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 661.384465][ T5845] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 661.393988][ T5845] usb 4-1: config 1 has no interface number 0 [ 661.400533][ T5845] usb 4-1: config 1 interface 1 altsetting 0 has an endpoint descriptor with address 0xA7, changing to 0x87 [ 661.412562][ T5845] usb 4-1: config 1 interface 1 altsetting 0 endpoint 0x87 has invalid maxpacket 32912, setting to 1024 [ 661.416041][ T8805] EXT4-fs warning (device loop9): ext4_empty_dir:3124: inode #11: lblock 5: comm syz-executor: error -12 reading directory block [ 661.424507][ T5845] usb 4-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 661.455568][ T5845] usb 4-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 661.461855][T10187] loop7: detected capacity change from 0 to 128 [ 661.465024][ T5845] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 661.535402][ T9988] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 661.550363][ T9988] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 661.560912][ T9988] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 661.570290][ T9988] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 661.615122][ T8805] EXT4-fs warning (device loop9): ext4_empty_dir:3124: inode #11: lblock 5: comm syz-executor: error -12 reading directory block [ 661.967937][ T5845] snd_usb_pod 4-1:1.1: Line 6 Pocket POD found [ 662.088509][ T8805] EXT4-fs warning (device loop9): ext4_empty_dir:3124: inode #11: lblock 5: comm syz-executor: error -12 reading directory block [ 662.115242][ T8805] EXT4-fs warning (device loop9): ext4_empty_dir:3124: inode #11: lblock 5: comm syz-executor: error -12 reading directory block [ 662.157451][ T8805] EXT4-fs warning (device loop9): ext4_empty_dir:3124: inode #11: lblock 5: comm syz-executor: error -12 reading directory block [ 662.174093][ T8805] EXT4-fs warning (device loop9): ext4_empty_dir:3124: inode #11: lblock 5: comm syz-executor: error -12 reading directory block [ 662.190044][ T8805] EXT4-fs warning (device loop9): ext4_empty_dir:3124: inode #11: lblock 5: comm syz-executor: error -12 reading directory block [ 662.281694][ T5845] snd_usb_pod 4-1:1.1: endpoint not available, using fallback values [ 662.290973][ T5845] snd_usb_pod 4-1:1.1: invalid control EP [ 662.297111][ T5845] snd_usb_pod 4-1:1.1: cannot start listening: -22 [ 662.304059][ T5845] snd_usb_pod 4-1:1.1: Line 6 Pocket POD now disconnected [ 662.316498][ T5845] snd_usb_pod 4-1:1.1: probe with driver snd_usb_pod failed with error -22 [ 663.157270][ T5863] usb 4-1: USB disconnect, device number 4 [ 663.271290][ T29] audit: type=1326 audit(1735864963.667:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10203 comm="syz.6.1015" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f26579 code=0x7ffc0000 [ 663.391809][ T29] audit: type=1326 audit(1735864963.717:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10203 comm="syz.6.1015" exe="/root/syz-executor" sig=0 arch=40000003 syscall=310 compat=1 ip=0xf7f26579 code=0x7ffc0000 [ 663.415098][ T29] audit: type=1326 audit(1735864963.737:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10203 comm="syz.6.1015" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f26579 code=0x7ffc0000 [ 663.439127][ T29] audit: type=1326 audit(1735864963.737:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10203 comm="syz.6.1015" exe="/root/syz-executor" sig=0 arch=40000003 syscall=5 compat=1 ip=0xf7f26579 code=0x7ffc0000 [ 663.461513][ T29] audit: type=1326 audit(1735864963.747:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10203 comm="syz.6.1015" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f26579 code=0x7ffc0000 [ 663.486705][ T29] audit: type=1326 audit(1735864963.747:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10203 comm="syz.6.1015" exe="/root/syz-executor" sig=0 arch=40000003 syscall=377 compat=1 ip=0xf7f26579 code=0x7ffc0000 [ 663.511686][ T29] audit: type=1326 audit(1735864963.747:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10203 comm="syz.6.1015" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f26579 code=0x7ffc0000 [ 663.859566][ T8805] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 663.933119][ T4501] netdevsim netdevsim9 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 664.152755][ T4501] netdevsim netdevsim9 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 664.663864][ T4501] netdevsim netdevsim9 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 664.821865][ T4501] netdevsim netdevsim9 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 665.758154][ T4501] bridge_slave_1: left allmulticast mode [ 665.764091][ T4501] bridge_slave_1: left promiscuous mode [ 665.770986][ T4501] bridge0: port 2(bridge_slave_1) entered disabled state [ 665.840701][ T4501] bridge_slave_0: left allmulticast mode [ 665.846734][ T4501] bridge_slave_0: left promiscuous mode [ 665.853928][ T4501] bridge0: port 1(bridge_slave_0) entered disabled state [ 666.927160][ T29] audit: type=1326 audit(1735864967.317:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10228 comm="syz.6.1020" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f26579 code=0x7ffc0000 [ 666.950366][ T29] audit: type=1326 audit(1735864967.317:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10228 comm="syz.6.1020" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f26579 code=0x7ffc0000 [ 667.010740][ T5794] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 667.011027][ T29] audit: type=1326 audit(1735864967.407:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10228 comm="syz.6.1020" exe="/root/syz-executor" sig=0 arch=40000003 syscall=168 compat=1 ip=0xf7f26579 code=0x7ffc0000 [ 667.019981][ T5794] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 667.127943][ T5794] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 667.262735][ T5794] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 667.419365][ T4501] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 667.564154][ T5794] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 667.573926][ T5794] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 667.647353][ T5845] usb 8-1: new high-speed USB device number 12 using dummy_hcd [ 667.658414][ T4501] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 667.741707][ T4501] bond0 (unregistering): Released all slaves [ 668.012984][ T5845] usb 8-1: Using ep0 maxpacket: 8 [ 668.114043][ T5845] usb 8-1: New USB device found, idVendor=2770, idProduct=9120, bcdDevice=6c.77 [ 668.123824][ T5845] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=239 [ 668.132506][ T5845] usb 8-1: Product: syz [ 668.137063][ T5845] usb 8-1: Manufacturer: syz [ 668.141922][ T5845] usb 8-1: SerialNumber: syz [ 668.225100][ T5845] usb 8-1: config 0 descriptor?? [ 668.265522][ T5845] gspca_main: sq905-2.14.0 probing 2770:9120 [ 668.485167][T10253] loop3: detected capacity change from 0 to 512 [ 668.952482][ T4501] hsr_slave_0: left promiscuous mode [ 668.990171][T10253] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2240: inode #15: comm syz.3.1024: corrupted in-inode xattr: invalid ea_ino [ 669.031449][ T4501] hsr_slave_1: left promiscuous mode [ 669.069070][ T4501] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 669.077101][ T4501] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 669.151671][T10253] EXT4-fs error (device loop3): ext4_orphan_get:1394: comm syz.3.1024: couldn't read orphan inode 15 (err -117) [ 669.167832][ T4501] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 669.175732][ T4501] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 669.301445][T10253] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 669.402548][ T4501] veth1_macvtap: left promiscuous mode [ 669.408719][ T4501] veth0_macvtap: left promiscuous mode [ 669.414644][ T4501] veth1_vlan: left promiscuous mode [ 669.420410][ T4501] veth0_vlan: left promiscuous mode [ 669.432573][ T5845] gspca_sq905: bulk read fail (-22) len 0/4 [ 669.439283][ T5845] sq905 8-1:0.0: probe with driver sq905 failed with error -5 [ 669.662035][ T5845] usb 8-1: USB disconnect, device number 12 [ 669.778472][ T5794] Bluetooth: hci1: command tx timeout [ 670.705942][ T4501] team0 (unregistering): Port device team_slave_1 removed [ 670.862103][ T4501] team0 (unregistering): Port device team_slave_0 removed [ 671.479259][ T9127] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 671.834540][ T5794] Bluetooth: hci1: command tx timeout [ 672.432562][ T56] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 672.440777][ T56] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 672.557554][T10233] chnl_net:caif_netlink_parms(): no params data found [ 672.638816][ T7903] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 672.647225][ T7903] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 673.907885][ T5794] Bluetooth: hci1: command tx timeout [ 674.038002][T10233] bridge0: port 1(bridge_slave_0) entered blocking state [ 674.045766][T10233] bridge0: port 1(bridge_slave_0) entered disabled state [ 674.053851][T10233] bridge_slave_0: entered allmulticast mode [ 674.063449][T10233] bridge_slave_0: entered promiscuous mode [ 674.313048][T10233] bridge0: port 2(bridge_slave_1) entered blocking state [ 674.326123][T10233] bridge0: port 2(bridge_slave_1) entered disabled state [ 674.336295][T10233] bridge_slave_1: entered allmulticast mode [ 674.353964][T10233] bridge_slave_1: entered promiscuous mode [ 674.519211][ T4630] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 674.536962][T10316] loop6: detected capacity change from 0 to 8 [ 674.709276][T10316] SQUASHFS error: Failed to read block 0x62b: -5 [ 674.715980][T10316] SQUASHFS error: Unable to read metadata cache entry [629] [ 674.723906][T10316] SQUASHFS error: Unable to read inode 0x11f [ 675.507164][T10233] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 675.576661][T10233] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 675.877577][ T4630] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 675.987382][ T5794] Bluetooth: hci1: command tx timeout [ 676.133494][T10233] team0: Port device team_slave_0 added [ 676.191388][ T4630] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 676.240975][T10233] team0: Port device team_slave_1 added [ 676.299161][ T4630] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 676.468898][T10233] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 676.476225][T10233] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 676.506534][T10233] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 676.585022][T10233] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 676.596106][T10233] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 676.623647][T10233] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 676.863884][ T4630] bridge_slave_1: left allmulticast mode [ 676.871899][ T4630] bridge_slave_1: left promiscuous mode [ 676.878667][ T4630] bridge0: port 2(bridge_slave_1) entered disabled state [ 676.978431][ T4630] bridge_slave_0: left allmulticast mode [ 676.984415][ T4630] bridge_slave_0: left promiscuous mode [ 676.991357][ T4630] bridge0: port 1(bridge_slave_0) entered disabled state [ 677.865018][ T4630] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 677.970630][ T4630] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 678.024665][ T4630] bond0 (unregistering): Released all slaves [ 678.429055][ T5793] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 678.735711][ T5793] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 678.760291][ T5793] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 678.783489][ T5793] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 678.800721][ T5793] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 678.810130][ T5793] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 678.933435][T10233] hsr_slave_0: entered promiscuous mode [ 679.040449][T10233] hsr_slave_1: entered promiscuous mode [ 679.098452][T10233] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 679.106285][T10233] Cannot create hsr debugfs directory [ 679.481837][T10357] loop7: detected capacity change from 0 to 64 [ 679.646197][ T4630] hsr_slave_0: left promiscuous mode [ 679.689544][ T4630] hsr_slave_1: left promiscuous mode [ 679.718610][ T4630] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 679.726415][ T4630] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 679.812100][ T4630] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 679.820131][ T4630] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 679.916690][ T4630] veth1_macvtap: left promiscuous mode [ 679.922657][ T4630] veth0_macvtap: left promiscuous mode [ 679.928710][ T4630] veth1_vlan: left promiscuous mode [ 679.934286][ T4630] veth0_vlan: left promiscuous mode [ 680.877499][ T5794] Bluetooth: hci2: command tx timeout [ 680.956547][T10367] Process accounting resumed [ 681.730341][ T4630] team0 (unregistering): Port device team_slave_1 removed [ 681.819908][ T4630] team0 (unregistering): Port device team_slave_0 removed [ 682.142746][T10381] netlink: 'syz.3.1050': attribute type 4 has an invalid length. [ 682.161659][ T5794] Bluetooth: hci0: command 0x0406 tx timeout [ 682.228388][T10385] netlink: 'syz.3.1050': attribute type 4 has an invalid length. [ 682.948013][ T5793] Bluetooth: hci2: command tx timeout [ 685.028386][ T5793] Bluetooth: hci2: command tx timeout [ 685.195368][T10415] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1062'. [ 685.262191][T10343] chnl_net:caif_netlink_parms(): no params data found [ 685.969204][T10233] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 686.077820][T10233] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 686.167723][T10233] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 686.279395][T10233] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 686.841094][T10343] bridge0: port 1(bridge_slave_0) entered blocking state [ 686.851005][T10343] bridge0: port 1(bridge_slave_0) entered disabled state [ 686.859120][T10343] bridge_slave_0: entered allmulticast mode [ 686.868426][T10343] bridge_slave_0: entered promiscuous mode [ 686.903180][T10343] bridge0: port 2(bridge_slave_1) entered blocking state [ 686.912116][T10343] bridge0: port 2(bridge_slave_1) entered disabled state [ 686.920288][T10343] bridge_slave_1: entered allmulticast mode [ 686.929572][T10343] bridge_slave_1: entered promiscuous mode [ 687.112944][ T5793] Bluetooth: hci2: command tx timeout [ 687.142211][T10442] loop7: detected capacity change from 0 to 1024 [ 687.209534][T10442] EXT4-fs: Ignoring removed i_version option [ 687.216014][T10442] EXT4-fs: Ignoring removed orlov option [ 687.223488][T10343] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 687.234385][T10442] EXT4-fs: Ignoring removed nomblk_io_submit option [ 687.248388][ T5835] usb 7-1: new high-speed USB device number 11 using dummy_hcd [ 687.296514][T10343] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 687.427836][ T5835] usb 7-1: Using ep0 maxpacket: 8 [ 687.517473][ T5835] usb 7-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a [ 687.527059][ T5835] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 687.535417][ T5835] usb 7-1: Product: syz [ 687.540242][ T5835] usb 7-1: Manufacturer: syz [ 687.545100][ T5835] usb 7-1: SerialNumber: syz [ 687.599016][T10343] team0: Port device team_slave_0 added [ 687.626130][T10442] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 687.687002][T10343] team0: Port device team_slave_1 added [ 687.721205][ T5835] usb 7-1: config 0 descriptor?? [ 687.778753][ T5835] gspca_main: sq930x-2.14.0 probing 2770:930c [ 687.996549][ T6927] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 688.105956][T10343] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 688.113632][T10343] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 688.140557][T10343] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 688.370080][T10343] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 688.377542][T10343] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 688.404111][T10343] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 688.786168][T10233] 8021q: adding VLAN 0 to HW filter on device bond0 [ 688.927514][ T9037] usb 8-1: new high-speed USB device number 13 using dummy_hcd [ 689.097347][ T9037] usb 8-1: Using ep0 maxpacket: 8 [ 689.113396][T10343] hsr_slave_0: entered promiscuous mode [ 689.124702][ T9037] usb 8-1: config index 0 descriptor too short (expected 301, got 45) [ 689.133583][ T9037] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 689.143990][ T9037] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 689.154300][T10343] hsr_slave_1: entered promiscuous mode [ 689.154338][ T9037] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 689.171824][ T9037] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 689.187456][ T9037] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 689.197806][ T9037] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 689.209372][T10343] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 689.217363][T10343] Cannot create hsr debugfs directory [ 689.538407][ T5835] gspca_sq930x: reg_w 0105 0c00 failed -71 [ 689.603051][ T9037] usb 8-1: usb_control_msg returned -32 [ 689.609215][ T9037] usbtmc 8-1:16.0: can't read capabilities [ 689.622969][T10233] 8021q: adding VLAN 0 to HW filter on device team0 [ 689.763305][ T7920] bridge0: port 1(bridge_slave_0) entered blocking state [ 689.771126][ T7920] bridge0: port 1(bridge_slave_0) entered forwarding state [ 689.786118][ T5835] gspca_sq930x: Sensor ov9630 not yet treated [ 689.793049][ T5835] sq930x 7-1:0.0: probe with driver sq930x failed with error -22 [ 689.895231][ T7920] bridge0: port 2(bridge_slave_1) entered blocking state [ 689.903048][ T7920] bridge0: port 2(bridge_slave_1) entered forwarding state [ 689.923236][ T5835] usb 7-1: USB disconnect, device number 11 [ 690.472286][T10470] usbtmc 8-1:16.0: CHECK_CLEAR_STATUS returned 0 [ 690.694027][T10471] loop3: detected capacity change from 0 to 128 [ 690.703425][T10416] usb 8-1: USB disconnect, device number 13 [ 690.947970][T10471] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 690.991869][T10471] ext4 filesystem being mounted at /53/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 692.186226][T10343] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 692.352110][ T9127] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 692.494052][T10488] mac80211_hwsim hwsim19 wlan1: entered promiscuous mode [ 692.502378][T10488] mac80211_hwsim hwsim19 wlan1: entered allmulticast mode [ 692.542683][T10343] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 692.648618][T10343] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 692.963459][T10343] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 693.120351][T10496] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1077'. [ 693.217709][T10233] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 693.385897][ T56] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 693.488178][T10502] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 693.495430][T10502] overlayfs: failed to set xattr on upper [ 693.502512][T10502] overlayfs: ...falling back to redirect_dir=nofollow. [ 693.509787][T10502] overlayfs: ...falling back to metacopy=off. [ 693.516179][T10502] overlayfs: ...falling back to uuid=null. [ 693.522322][T10502] overlayfs: maximum fs stacking depth exceeded [ 693.683555][ T56] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 693.821219][ T56] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 694.025164][ T56] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 694.708148][ T56] bridge_slave_1: left allmulticast mode [ 694.715057][ T56] bridge_slave_1: left promiscuous mode [ 694.723209][ T56] bridge0: port 2(bridge_slave_1) entered disabled state [ 694.783729][ T56] bridge_slave_0: left allmulticast mode [ 694.790238][ T56] bridge_slave_0: left promiscuous mode [ 694.796951][ T56] bridge0: port 1(bridge_slave_0) entered disabled state [ 695.469315][ T56] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 695.553222][ T56] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 695.589811][ T56] bond0 (unregistering): Released all slaves [ 695.651760][ T56] bond1 (unregistering): (slave bond2): Releasing backup interface [ 695.665829][ T56] bond1 (unregistering): Released all slaves [ 695.696320][ T56] bond2 (unregistering): Released all slaves [ 696.447442][T10343] 8021q: adding VLAN 0 to HW filter on device bond0 [ 696.465225][ T5794] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 696.477609][ T5794] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 696.491435][ T5794] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 696.531812][ T5794] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 696.560542][ T5794] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 696.572019][ T5794] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 696.667781][ T56] hsr_slave_0: left promiscuous mode [ 696.702866][ T56] hsr_slave_1: left promiscuous mode [ 696.719515][ T56] veth1_macvtap: left promiscuous mode [ 696.725393][ T56] veth0_macvtap: left promiscuous mode [ 696.732179][ T56] veth1_vlan: left promiscuous mode [ 696.737859][ T56] veth0_vlan: left promiscuous mode [ 697.321209][ T56] team0 (unregistering): Port device team_slave_1 removed [ 697.408290][ T56] team0 (unregistering): Port device team_slave_0 removed [ 697.518342][T10528] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1084'. [ 697.895138][T10343] 8021q: adding VLAN 0 to HW filter on device team0 [ 697.941138][T10528] netdevsim netdevsim3 netdevsim0: entered promiscuous mode [ 698.328995][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 698.336715][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 698.476888][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 698.484571][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 698.693293][ T5794] Bluetooth: hci4: command tx timeout [ 699.636641][T10233] veth0_vlan: entered promiscuous mode [ 700.082453][T10233] veth1_vlan: entered promiscuous mode [ 700.561925][T10522] chnl_net:caif_netlink_parms(): no params data found [ 700.588617][T10233] veth0_macvtap: entered promiscuous mode [ 700.716533][ T5794] Bluetooth: hci4: command tx timeout [ 700.801386][T10233] veth1_macvtap: entered promiscuous mode [ 701.022461][T10551] loop7: detected capacity change from 0 to 8 [ 701.367104][T10233] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 701.379938][T10233] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 701.390799][T10233] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 701.401678][T10233] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 701.416212][T10233] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 701.535825][T10233] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 701.547189][T10233] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 701.559063][T10233] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 701.570781][T10233] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 701.585982][T10233] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 701.608359][T10233] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 701.617621][T10233] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 701.626670][T10233] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 701.635914][T10233] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 701.760466][T10343] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 702.115766][T10343] veth0_vlan: entered promiscuous mode [ 702.280430][T10343] veth1_vlan: entered promiscuous mode [ 702.489474][T10343] veth0_macvtap: entered promiscuous mode [ 702.613728][T10343] veth1_macvtap: entered promiscuous mode [ 702.800750][ T5794] Bluetooth: hci4: command tx timeout [ 702.894996][T10343] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 702.907351][T10343] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 702.918549][T10343] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 702.930308][T10343] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 702.941390][T10343] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 702.953053][T10343] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 702.978208][T10343] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 702.987791][T10522] bridge0: port 1(bridge_slave_0) entered blocking state [ 702.995639][T10522] bridge0: port 1(bridge_slave_0) entered disabled state [ 703.003822][T10522] bridge_slave_0: entered allmulticast mode [ 703.015694][T10522] bridge_slave_0: entered promiscuous mode [ 703.241736][T10522] bridge0: port 2(bridge_slave_1) entered blocking state [ 703.252222][T10522] bridge0: port 2(bridge_slave_1) entered disabled state [ 703.260446][T10522] bridge_slave_1: entered allmulticast mode [ 703.269702][T10522] bridge_slave_1: entered promiscuous mode [ 703.307209][T10343] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 703.319437][T10343] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 703.329702][T10343] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 703.342151][T10343] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 703.352520][T10343] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 703.363660][T10343] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 703.378352][T10343] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 703.577269][T10343] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 703.586365][T10343] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 703.595676][T10343] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 703.604871][T10343] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 703.812952][T10522] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 703.931299][T10522] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 704.346973][T10522] team0: Port device team_slave_0 added [ 704.407009][T10522] team0: Port device team_slave_1 added [ 704.763112][T10522] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 704.771016][T10522] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 704.797681][T10522] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 704.876730][ T5794] Bluetooth: hci4: command tx timeout [ 704.911693][T10522] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 704.919879][T10522] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 704.947174][T10522] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 705.442678][T10522] hsr_slave_0: entered promiscuous mode [ 705.493355][T10522] hsr_slave_1: entered promiscuous mode [ 705.524807][T10522] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 705.532995][T10522] Cannot create hsr debugfs directory [ 706.378143][T10607] syz.3.1099 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 706.727446][ T25] usb 8-1: new high-speed USB device number 14 using dummy_hcd [ 706.917874][ T25] usb 8-1: Using ep0 maxpacket: 8 [ 707.006412][ T25] usb 8-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 707.016721][ T25] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 707.025566][ T25] usb 8-1: Product: syz [ 707.030188][ T25] usb 8-1: Manufacturer: syz [ 707.035029][ T25] usb 8-1: SerialNumber: syz [ 707.172456][ T25] usb 8-1: config 0 descriptor?? [ 707.443696][ T25] usb 8-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 708.265119][T10522] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 708.344046][T10522] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 708.357325][ T25] dvb_usb_rtl28xxu 8-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 708.373556][ T25] usb 8-1: USB disconnect, device number 14 [ 708.456100][T10522] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 708.552359][T10522] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 709.217322][ T1845] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 709.225301][ T1845] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 709.559282][ T1777] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 709.568014][ T1777] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 709.923856][T10522] 8021q: adding VLAN 0 to HW filter on device bond0 [ 710.156746][T10522] 8021q: adding VLAN 0 to HW filter on device team0 [ 710.213480][ T1845] bridge0: port 1(bridge_slave_0) entered blocking state [ 710.221288][ T1845] bridge0: port 1(bridge_slave_0) entered forwarding state [ 710.356084][ T1845] bridge0: port 2(bridge_slave_1) entered blocking state [ 710.363904][ T1845] bridge0: port 2(bridge_slave_1) entered forwarding state [ 710.824050][ T1274] ieee802154 phy0 wpan0: encryption failed: -22 [ 710.831275][ T1274] ieee802154 phy1 wpan1: encryption failed: -22 [ 711.245746][T10655] loop4: detected capacity change from 0 to 512 [ 711.636527][ T7920] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 711.645550][ T7920] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 711.809231][T10655] EXT4-fs error (device loop4): ext4_expand_extra_isize_ea:2813: inode #11: comm syz.4.1019: corrupted xattr block 95: invalid header [ 711.885328][T10655] EXT4-fs error (device loop4): ext4_validate_block_bitmap:432: comm syz.4.1019: bg 0: block 7: invalid block bitmap [ 711.905202][T10655] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6550: Corrupt filesystem [ 711.936648][T10655] EXT4-fs error (device loop4): ext4_xattr_delete_inode:2977: inode #11: comm syz.4.1019: corrupted xattr block 95: invalid header [ 712.038992][T10667] kvm: vcpu 1: requested lapic timer restore with starting count register 0x390=3150105819 (25200846552 ns) > initial count (8234761088 ns). Using initial count to start timer. [ 712.039996][T10655] EXT4-fs warning (device loop4): ext4_evict_inode:276: xattr delete (err -117) [ 712.074115][T10655] EXT4-fs (loop4): 1 orphan inode deleted [ 712.104804][T10655] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 712.549151][ T1777] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 712.557580][ T1777] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 712.883987][T10522] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 712.920114][T10233] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 713.821283][ T1845] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 714.472127][ T1845] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 714.600984][T10695] @: renamed from vlan0 (while UP) [ 714.838798][T10707] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1110'. [ 714.873600][ T1845] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 715.085163][ T1845] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 715.270466][T10522] veth0_vlan: entered promiscuous mode [ 715.367856][T10522] veth1_vlan: entered promiscuous mode [ 715.766531][T10522] veth0_macvtap: entered promiscuous mode [ 715.803048][ T1845] bridge_slave_1: left allmulticast mode [ 715.813466][ T1845] bridge_slave_1: left promiscuous mode [ 715.820262][ T1845] bridge0: port 2(bridge_slave_1) entered disabled state [ 715.943374][ T1845] bridge_slave_0: left allmulticast mode [ 715.951991][ T1845] bridge_slave_0: left promiscuous mode [ 715.958802][ T1845] bridge0: port 1(bridge_slave_0) entered disabled state [ 716.283673][ T5793] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 716.300555][ T5793] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 716.314630][ T5793] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 716.344821][ T5793] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 716.429301][ T5793] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 716.443254][ T5793] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 716.784857][ T1845] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 716.823688][ T1845] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 716.902547][ T1845] bond0 (unregistering): Released all slaves [ 717.100801][T10522] veth1_macvtap: entered promiscuous mode [ 717.350004][T10727] vivid-001: disconnect [ 717.509313][T10721] vivid-001: reconnect [ 717.738680][T10522] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 717.750289][T10522] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 717.762240][T10522] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 717.773471][T10522] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 717.785876][T10522] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 717.797008][T10522] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 717.807301][T10522] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 717.818110][T10522] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 717.839148][T10522] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 718.004825][ T1845] hsr_slave_0: left promiscuous mode [ 718.053792][ T1845] hsr_slave_1: left promiscuous mode [ 718.102494][ T1845] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 718.110956][ T1845] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 718.160980][ T1845] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 718.172135][ T1845] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 718.174320][T10732] loop7: detected capacity change from 0 to 2048 [ 718.263610][ T1845] veth1_macvtap: left promiscuous mode [ 718.272702][ T1845] veth0_macvtap: left promiscuous mode [ 718.278818][ T1845] veth1_vlan: left promiscuous mode [ 718.282259][T10732] UDF-fs: error (device loop7): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 718.284299][ T1845] veth0_vlan: left promiscuous mode [ 718.309257][T10735] loop3: detected capacity change from 0 to 16 [ 718.342572][T10735] erofs (device loop3): mounted with root inode @ nid 36. [ 718.370768][T10732] UDF-fs: error (device loop7): udf_read_tagged: tag checksum failed, block 160: 0xd2 != 0xd4 [ 718.462447][T10732] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 718.577350][ T5793] Bluetooth: hci2: command tx timeout [ 718.754980][T10735] overlayfs: failed to get metacopy (-117) [ 719.497208][ T1845] team0 (unregistering): Port device team_slave_1 removed [ 719.656678][ T1845] team0 (unregistering): Port device team_slave_0 removed [ 720.167315][T10522] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 720.178258][T10522] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 720.188530][T10522] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 720.199281][T10522] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 720.209501][T10522] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 720.223324][T10522] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 720.238756][T10522] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 720.452829][T10522] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 720.462559][T10522] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 720.473252][T10522] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 720.483798][T10522] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 720.667608][ T5793] Bluetooth: hci2: command tx timeout [ 721.156367][T10765] ip6erspan0: tun_chr_ioctl cmd 1074025680 [ 721.691995][T10719] chnl_net:caif_netlink_parms(): no params data found [ 721.840751][ T29] kauditd_printk_skb: 1 callbacks suppressed [ 721.840832][ T29] audit: type=1326 audit(1735865022.227:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10770 comm="syz.7.1128" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd3579 code=0x7ffc0000 [ 721.871455][ T29] audit: type=1326 audit(1735865022.227:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10770 comm="syz.7.1128" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd3579 code=0x7ffc0000 [ 721.894371][ T29] audit: type=1326 audit(1735865022.227:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10770 comm="syz.7.1128" exe="/root/syz-executor" sig=0 arch=40000003 syscall=261 compat=1 ip=0xf7fd3579 code=0x7ffc0000 [ 721.917117][ T29] audit: type=1326 audit(1735865022.227:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10770 comm="syz.7.1128" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd3579 code=0x7ffc0000 [ 721.939649][ T29] audit: type=1326 audit(1735865022.227:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10770 comm="syz.7.1128" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd3579 code=0x7ffc0000 [ 722.599324][T10781] loop7: detected capacity change from 0 to 512 [ 722.647407][T10781] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode [ 722.713742][ T5793] Bluetooth: hci2: command tx timeout [ 722.764758][T10781] EXT4-fs (loop7): 1 truncate cleaned up [ 722.774798][T10781] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 722.839179][ T29] audit: type=1800 audit(1735865023.227:61): pid=10781 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.1131" name="file1" dev="loop7" ino=15 res=0 errno=0 [ 722.883367][T10781] EXT4-fs error (device loop7): ext4_xattr_ibody_find:2240: inode #15: comm syz.7.1131: corrupted in-inode xattr: overlapping e_value [ 723.008694][T10781] EXT4-fs warning (device loop7): ext4_xattr_set_entry:1772: inode #15: comm syz.7.1131: unable to update i_inline_off [ 723.085524][T10793] EXT4-fs error (device loop7): ext4_xattr_ibody_find:2240: inode #15: comm syz.7.1131: corrupted in-inode xattr: overlapping e_value [ 723.541280][T10719] bridge0: port 1(bridge_slave_0) entered blocking state [ 723.550566][T10719] bridge0: port 1(bridge_slave_0) entered disabled state [ 723.558748][T10719] bridge_slave_0: entered allmulticast mode [ 723.568117][T10719] bridge_slave_0: entered promiscuous mode [ 723.686660][ T6927] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 723.753966][T10719] bridge0: port 2(bridge_slave_1) entered blocking state [ 723.761970][T10719] bridge0: port 2(bridge_slave_1) entered disabled state [ 723.772168][T10719] bridge_slave_1: entered allmulticast mode [ 723.781515][T10719] bridge_slave_1: entered promiscuous mode [ 723.817132][ T5837] usb 4-1: new full-speed USB device number 5 using dummy_hcd [ 724.143436][ T5837] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 724.155003][T10804] 9pnet: p9_errstr2errno: server reported unknown error @4gqS&ɩni!4~F!q#(\ [ 724.167171][ T5837] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 919, setting to 64 [ 724.178439][ T5837] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid maxpacket 1024, setting to 64 [ 724.386699][T10719] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 724.418150][ T5837] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 724.426312][T10719] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 724.428647][ T5837] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 724.446039][ T5837] usb 4-1: Product: syz [ 724.450604][ T5837] usb 4-1: Manufacturer: syz [ 724.455454][ T5837] usb 4-1: SerialNumber: syz [ 724.556084][T10800] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 724.812954][T10719] team0: Port device team_slave_0 added [ 724.827446][ T5793] Bluetooth: hci2: command tx timeout [ 724.841629][T10719] team0: Port device team_slave_1 added [ 725.081408][T10800] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 725.110886][T10719] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 725.118446][T10719] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 725.147997][T10719] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 725.223804][T10719] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 725.234526][T10719] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 725.262212][T10719] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 725.783226][T10800] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 725.842428][T10719] hsr_slave_0: entered promiscuous mode [ 725.940181][T10719] hsr_slave_1: entered promiscuous mode [ 725.989499][T10719] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 725.997580][T10719] Cannot create hsr debugfs directory [ 726.036611][ T5837] cdc_ncm 4-1:1.0: failed to get mac address [ 726.261787][ T5837] cdc_ncm 4-1:1.0: bind() failure [ 726.365671][ T5837] cdc_ncm 4-1:1.1: probe with driver cdc_ncm failed with error -71 [ 726.475571][ T5837] cdc_mbim 4-1:1.1: probe with driver cdc_mbim failed with error -71 [ 726.504288][T10831] loop4: detected capacity change from 0 to 512 [ 726.541814][T10831] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem [ 726.597179][ T5837] usbtest 4-1:1.1: probe with driver usbtest failed with error -71 [ 726.644285][ T5837] usb 4-1: USB disconnect, device number 5 [ 726.659653][T10831] EXT4-fs (loop4): invalid journal inode [ 726.668453][T10831] EXT4-fs (loop4): can't get journal size [ 726.783711][T10831] EXT4-fs (loop4): 1 truncate cleaned up [ 726.794611][T10831] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 727.578276][T10844] loop7: detected capacity change from 0 to 256 [ 727.609671][T10233] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 727.646578][T10844] exFAT-fs (loop7): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 727.862390][ T29] audit: type=1800 audit(1735865028.257:62): pid=10844 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.1143" name="file1" dev="loop7" ino=1048706 res=0 errno=0 [ 728.404400][ T56] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 728.413128][ T56] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 728.672679][T10719] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 729.124290][T10719] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 729.271353][T10859] loop3: detected capacity change from 0 to 2048 [ 729.578114][ T56] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 729.586330][ T56] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 729.609476][T10719] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 729.806955][T10859] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 729.820224][T10859] ext4 filesystem being mounted at /78/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 729.962926][T10719] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 730.023518][T10859] fs-verity: sha512 using implementation "sha512-generic" [ 730.055668][ T29] audit: type=1800 audit(1735865030.387:63): pid=10859 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1145" name="file0" dev="loop3" ino=13 res=0 errno=0 [ 730.291675][T10859] fs-verity (loop3, inode 13): Error -4 building Merkle tree [ 730.367857][ T29] audit: type=1800 audit(1735865030.747:64): pid=10871 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1145" name="file0" dev="loop3" ino=13 res=0 errno=0 [ 730.784076][ T9127] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 731.153413][T10719] 8021q: adding VLAN 0 to HW filter on device bond0 [ 731.544988][T10719] 8021q: adding VLAN 0 to HW filter on device team0 [ 731.693149][ T1777] bridge0: port 1(bridge_slave_0) entered blocking state [ 731.700944][ T1777] bridge0: port 1(bridge_slave_0) entered forwarding state [ 731.836327][ T1777] bridge0: port 2(bridge_slave_1) entered blocking state [ 731.844098][ T1777] bridge0: port 2(bridge_slave_1) entered forwarding state [ 734.260130][T10719] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 734.403713][T10719] veth0_vlan: entered promiscuous mode [ 734.765111][T10719] veth1_vlan: entered promiscuous mode [ 735.193832][T10719] veth0_macvtap: entered promiscuous mode [ 735.277721][T10719] veth1_macvtap: entered promiscuous mode [ 735.483795][T10719] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 735.494697][T10719] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 735.505023][T10719] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 735.515907][T10719] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 735.528029][T10719] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 735.540060][T10719] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 735.550735][T10719] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 735.561579][T10719] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 735.579658][T10719] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 735.636547][T10719] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 735.647553][T10719] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 735.659085][T10719] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 735.671812][T10719] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 735.685632][T10719] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 735.697582][T10719] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 735.707944][T10719] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 735.725499][T10719] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 735.740253][T10719] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 735.806604][T10719] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 735.815882][T10719] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 735.825118][T10719] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 735.834359][T10719] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 736.599174][ T5837] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 736.810227][ T5837] usb 4-1: Using ep0 maxpacket: 32 [ 736.911944][ T5837] usb 4-1: New USB device found, idVendor=1557, idProduct=8150, bcdDevice=29.ed [ 736.922020][ T5837] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 736.930461][ T5837] usb 4-1: Product: syz [ 736.934880][ T5837] usb 4-1: Manufacturer: syz [ 736.939955][ T5837] usb 4-1: SerialNumber: syz [ 737.070179][ T5837] usb 4-1: config 0 descriptor?? [ 737.494414][T10947] loop4: detected capacity change from 0 to 2048 [ 737.875783][T10947] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 738.027889][T10947] EXT4-fs (loop4): shut down requested (0) [ 738.522939][ T5837] (unnamed net_device) (uninitialized): Assigned a random MAC address: d6:4d:1f:53:a2:e9 [ 738.554979][ T5837] rtl8150 4-1:0.0: eth9: rtl8150 is detected [ 738.845873][ T5837] usb 4-1: USB disconnect, device number 6 [ 739.399772][T10233] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 741.679549][ C1] vxcan1: j1939_tp_rxtimer: 0xffff888020a1c000: rx timeout, send abort [ 741.689991][ C1] vxcan1: j1939_xtp_rx_abort_one: 0xffff888020a1c000: 0x3f000: (3) A timeout occurred and this is the connection abort to close the session. [ 742.408944][T11023] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 743.288728][T11037] loop4: detected capacity change from 0 to 512 [ 743.326422][T11037] EXT4-fs: Ignoring removed nomblk_io_submit option [ 743.362315][T11037] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 743.577994][ T5070] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 743.586190][ T5070] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 743.617150][T11037] EXT4-fs error (device loop4): ext4_get_branch:178: inode #11: block 4294967295: comm syz.4.1185: invalid block [ 743.675271][T11037] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #11: comm syz.4.1185: invalid indirect mapped block 4294967295 (level 1) [ 743.698072][T11037] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #11: comm syz.4.1185: invalid indirect mapped block 4294967295 (level 1) [ 743.775719][T11041] loop7: detected capacity change from 0 to 1024 [ 743.788785][T11037] EXT4-fs (loop4): 2 truncates cleaned up [ 743.796625][T11037] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 743.956532][T11041] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 744.051813][ T5070] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 744.060082][ T5070] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 744.306200][T11041] EXT4-fs error (device loop7): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 744.414126][T11041] EXT4-fs (loop7): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 744.428627][T11041] EXT4-fs (loop7): This should not happen!! Data will be lost [ 744.428627][T11041] [ 744.440652][T11041] EXT4-fs (loop7): Total free blocks count 0 [ 744.447059][T11041] EXT4-fs (loop7): Free/Dirty block details [ 744.453195][T11041] EXT4-fs (loop7): free_blocks=68451041280 [ 744.459434][T11041] EXT4-fs (loop7): dirty_blocks=80 [ 744.464774][T11041] EXT4-fs (loop7): Block reservation details [ 744.471373][T11041] EXT4-fs (loop7): i_reserved_data_blocks=5 [ 744.938386][T10233] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 745.778517][ T56] EXT4-fs (loop7): Delayed block allocation failed for inode 15 at logical offset 4 with max blocks 64 with error 28 [ 746.602717][ T1777] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 746.784409][ T1777] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 746.911592][ T1777] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 747.131216][ T1777] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 747.711657][ T1777] bridge_slave_1: left allmulticast mode [ 747.717951][ T1777] bridge_slave_1: left promiscuous mode [ 747.724551][ T1777] bridge0: port 2(bridge_slave_1) entered disabled state [ 747.840911][ T1777] bridge_slave_0: left allmulticast mode [ 747.847079][ T1777] bridge_slave_0: left promiscuous mode [ 747.853817][ T1777] bridge0: port 1(bridge_slave_0) entered disabled state [ 748.526408][ T1777] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 748.590480][ T1777] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 748.632125][ T1777] bond0 (unregistering): Released all slaves [ 749.114329][ T1777] hsr_slave_0: left promiscuous mode [ 749.137789][ T1777] hsr_slave_1: left promiscuous mode [ 749.148591][ T1777] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 749.156329][ T1777] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 749.197147][ T1777] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 749.204899][ T1777] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 749.275573][ T1777] veth1_macvtap: left promiscuous mode [ 749.281589][ T1777] veth0_macvtap: left promiscuous mode [ 749.288042][ T1777] veth1_vlan: left promiscuous mode [ 749.297748][ T1777] veth0_vlan: left promiscuous mode [ 749.886571][ T1777] team0 (unregistering): Port device team_slave_1 removed [ 749.991069][ T1777] team0 (unregistering): Port device team_slave_0 removed [ 751.641689][ T5794] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 751.657842][ T5794] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 751.678401][ T5794] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 751.767196][ T5794] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 751.784125][ T5794] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 751.794612][ T5794] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 753.628014][T11096] chnl_net:caif_netlink_parms(): no params data found [ 753.917008][ T5793] Bluetooth: hci2: command tx timeout [ 755.227144][T11096] bridge0: port 1(bridge_slave_0) entered blocking state [ 755.241835][T11096] bridge0: port 1(bridge_slave_0) entered disabled state [ 755.249883][T11096] bridge_slave_0: entered allmulticast mode [ 755.298109][T11147] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 755.330346][T11096] bridge_slave_0: entered promiscuous mode [ 755.428238][T11096] bridge0: port 2(bridge_slave_1) entered blocking state [ 755.436005][T11096] bridge0: port 2(bridge_slave_1) entered disabled state [ 755.451555][T11096] bridge_slave_1: entered allmulticast mode [ 755.460890][T11096] bridge_slave_1: entered promiscuous mode [ 755.478310][T11152] loop7: detected capacity change from 0 to 512 [ 755.558043][T11152] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode [ 755.664290][T11155] input: syz0 as /devices/virtual/input/input31 [ 755.713030][T11152] EXT4-fs error (device loop7): ext4_orphan_get:1415: comm syz.7.1210: bad orphan inode 131083 [ 755.820062][T11096] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 755.879415][T11152] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 755.969175][T11096] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 755.989740][ T5793] Bluetooth: hci2: command tx timeout [ 756.535260][T11161] loop4: detected capacity change from 0 to 128 [ 756.537817][T11096] team0: Port device team_slave_0 added [ 756.601338][T11161] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem [ 756.614766][ T6927] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 756.617402][T11096] team0: Port device team_slave_1 added [ 756.684986][T11161] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 756.703584][T11161] ext2 filesystem being mounted at /32/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 757.130617][T11096] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 757.138284][T11096] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 757.164850][T11096] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 757.322413][T11096] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 757.330114][T11096] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 757.358990][T11096] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 757.619874][T10233] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 758.067969][ T5793] Bluetooth: hci2: command tx timeout [ 758.148192][T11184] loop7: detected capacity change from 0 to 4096 [ 758.273300][T11096] hsr_slave_0: entered promiscuous mode [ 758.299562][T11189] NILFS (loop7): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 758.382713][T11096] hsr_slave_1: entered promiscuous mode [ 758.427180][ T29] audit: type=1800 audit(1735865058.817:65): pid=11184 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.1219" name="bus" dev="loop7" ino=18 res=0 errno=0 [ 758.459865][T11096] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 758.467805][T11096] Cannot create hsr debugfs directory [ 760.197637][ T5793] Bluetooth: hci2: command tx timeout [ 760.898668][T11222] loop7: detected capacity change from 0 to 128 [ 761.160257][T11228] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1233'. [ 761.179663][T11222] EXT4-fs (loop7): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 761.188095][T11096] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 761.338787][T11222] ext4 filesystem being mounted at /261/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 761.401199][T11096] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 761.515343][T11096] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 761.640722][T11096] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 761.961887][T11236] loop5: detected capacity change from 0 to 2048 [ 762.466465][T11236] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found [ 762.475678][T11236] UDF-fs: Scanning with blocksize 512 failed [ 762.647899][T11096] 8021q: adding VLAN 0 to HW filter on device bond0 [ 762.693512][T11096] 8021q: adding VLAN 0 to HW filter on device team0 [ 762.815653][ T56] bridge0: port 1(bridge_slave_0) entered blocking state [ 762.823427][ T56] bridge0: port 1(bridge_slave_0) entered forwarding state [ 762.839776][ T56] bridge0: port 2(bridge_slave_1) entered blocking state [ 762.847505][ T56] bridge0: port 2(bridge_slave_1) entered forwarding state [ 762.969053][T11096] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 762.980951][ T6927] EXT4-fs (loop7): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 763.177980][T11236] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 763.434901][ T29] audit: type=1800 audit(1735865063.817:66): pid=11236 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1232" name="file1" dev="loop5" ino=838 res=0 errno=0 [ 763.456130][ T29] audit: type=1800 audit(1735865063.827:67): pid=11236 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1232" name="file1" dev="loop5" ino=838 res=0 errno=0 [ 763.514714][T11250] loop3: detected capacity change from 0 to 764 [ 763.675256][T11250] Symlink component flag not implemented [ 763.713550][T11250] Symlink component flag not implemented (129) [ 763.788660][T11250] rock: directory entry would overflow storage [ 763.795256][T11250] rock: sig=0x4f50, size=4, remaining=3 [ 763.801370][T11250] iso9660: Corrupted directory entry in block 6 of inode 1792 [ 765.078592][ T5835] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 765.149259][T11096] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 765.247283][ T5835] usb 4-1: Using ep0 maxpacket: 8 [ 765.321572][ T5835] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 765.332191][ T5835] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 765.341273][ T5835] usb 4-1: Product: syz [ 765.345709][ T5835] usb 4-1: Manufacturer: syz [ 765.352551][ T5835] usb 4-1: SerialNumber: syz [ 765.552402][ T5835] usb 4-1: config 0 descriptor?? [ 765.660866][T11096] veth0_vlan: entered promiscuous mode [ 765.724604][T11096] veth1_vlan: entered promiscuous mode [ 765.924161][T11096] veth0_macvtap: entered promiscuous mode [ 765.946487][T11096] veth1_macvtap: entered promiscuous mode [ 766.004427][T11096] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 766.015282][T11096] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 766.025522][T11096] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 766.036309][T11096] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 766.046973][T11096] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 766.057938][T11096] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 766.068228][T11096] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 766.078964][T11096] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 766.098857][T11096] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 766.117962][T11096] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 766.128783][T11096] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 766.138937][T11096] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 766.149766][T11096] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 766.160065][T11096] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 766.171097][T11096] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 766.181294][T11096] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 766.196037][T11096] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 766.221611][T11096] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 766.242908][T11096] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 766.252153][T11096] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 766.261426][T11096] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 766.270663][T11096] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 766.367150][ T5845] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 766.719772][ T5835] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 766.879370][ T5845] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 766.889067][ T5845] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 766.972840][ T5845] usb 5-1: config 0 descriptor?? [ 767.000307][ T5835] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 767.042419][ T5845] cp210x 5-1:0.0: cp210x converter detected [ 767.060412][ T5835] usb 4-1: USB disconnect, device number 7 [ 767.706598][ T5845] cp210x 5-1:0.0: failed to get vendor val 0x370c size 73: -71 [ 767.716421][ T5845] cp210x 5-1:0.0: GPIO initialisation failed: -71 [ 767.775675][ T5845] usb 5-1: cp210x converter now attached to ttyUSB0 [ 767.904409][ T5845] usb 5-1: USB disconnect, device number 3 [ 767.949922][ T5845] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 767.961833][ T5845] cp210x 5-1:0.0: device disconnected [ 768.336172][T11287] loop7: detected capacity change from 0 to 2048 [ 768.527688][T11294] NILFS (loop7): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 768.687879][ T5845] IPVS: starting estimator thread 0... [ 768.688080][T11293] IPVS: wlc: UDP 224.0.0.2:0 - no destination available [ 768.807984][T11296] IPVS: using max 240 ests per chain, 12000 per kthread [ 768.867974][T11294] NILFS (loop7): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3) [ 768.879180][T11294] NILFS error (device loop7): nilfs_bmap_propagate: broken bmap (inode number=4) [ 769.011990][T11294] Remounting filesystem read-only [ 769.023472][T11287] NILFS (loop7): mounting fs with errors [ 769.116599][T11299] macvlan1: entered promiscuous mode [ 769.152794][T11299] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1252'. [ 769.179856][T11287] NILFS error (device loop7): nilfs_bmap_lookup_at_level: broken bmap (inode number=6) [ 769.192115][T11287] Remounting filesystem read-only [ 769.198155][T11287] NILFS (loop7): error -5 reading inode: ino=18 [ 769.204675][T11287] NILFS (loop7): cannot mark inode dirty (ino=18): error -5 loading inode block [ 769.214516][T11287] NILFS error (device loop7): nilfs_bmap_lookup_at_level: broken bmap (inode number=6) [ 769.224726][T11287] NILFS (loop7): error -5 reading inode: ino=18 [ 769.232127][T11287] NILFS (loop7): cannot mark inode dirty (ino=18): error -5 loading inode block [ 769.252399][T11287] NILFS error (device loop7): nilfs_bmap_lookup_at_level: broken bmap (inode number=6) [ 769.267070][T11287] NILFS (loop7): error -5 reading inode: ino=18 [ 769.273601][T11287] NILFS (loop7): cannot mark inode dirty (ino=18): error -5 loading inode block [ 769.286498][T11287] NILFS error (device loop7): nilfs_bmap_lookup_at_level: broken bmap (inode number=6) [ 769.296741][T11287] NILFS (loop7): error -5 reading inode: ino=18 [ 769.303450][T11287] NILFS (loop7): cannot mark inode dirty (ino=18): error -5 loading inode block [ 769.313646][T11287] NILFS error (device loop7): nilfs_bmap_lookup_at_level: broken bmap (inode number=6) [ 769.323921][T11287] NILFS (loop7): error -5 reading inode: ino=18 [ 769.330585][T11287] NILFS (loop7): cannot mark inode dirty (ino=18): error -5 loading inode block [ 769.374957][T11287] NILFS error (device loop7): nilfs_bmap_lookup_at_level: broken bmap (inode number=6) [ 769.385594][T11287] NILFS (loop7): error -5 reading inode: ino=18 [ 769.392430][T11287] NILFS (loop7): cannot mark inode dirty (ino=18): error -5 loading inode block [ 769.420844][T11287] NILFS error (device loop7): nilfs_bmap_lookup_at_level: broken bmap (inode number=6) [ 769.431854][T11287] NILFS (loop7): error -5 reading inode: ino=18 [ 769.438581][T11287] NILFS (loop7): cannot mark inode dirty (ino=18): error -5 loading inode block [ 769.523259][T11299] macvlan1 (unregistering): left promiscuous mode [ 769.835779][T11306] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1254'. [ 769.912641][ T6927] NILFS (loop7): disposed unprocessed dirty file(s) when stopping log writer [ 769.998224][ T6927] NILFS (loop7): disposed unprocessed dirty file(s) when detaching log writer [ 770.211265][T11311] loop4: detected capacity change from 0 to 512 [ 770.309606][T11311] EXT4-fs error (device loop4): mb_free_blocks:1948: group 0, inode 11: block 64:freeing already freed block (bit 63); block bitmap corrupt. [ 770.354399][T11311] EXT4-fs (loop4): 1 truncate cleaned up [ 770.362920][T11311] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 771.312519][T10233] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 771.487732][ T7965] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 771.899361][ T7965] usb 4-1: Using ep0 maxpacket: 8 [ 771.916070][ T7965] usb 4-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 771.930971][ T7965] usb 4-1: config 0 interface 0 has no altsetting 0 [ 771.939161][ T7965] usb 4-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice= 0.00 [ 771.948613][ T7965] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 772.062227][ T7965] usb 4-1: config 0 descriptor?? [ 772.273797][ T1274] ieee802154 phy0 wpan0: encryption failed: -22 [ 772.280899][ T1274] ieee802154 phy1 wpan1: encryption failed: -22 [ 772.940398][ T7965] apple 0003:05AC:0219.0011: report_id 41360 is invalid [ 772.953957][ T7965] apple 0003:05AC:0219.0011: item 0 2 1 8 parsing failed [ 772.968008][ T7965] apple 0003:05AC:0219.0011: parse failed [ 772.974397][ T7965] apple 0003:05AC:0219.0011: probe with driver apple failed with error -22 [ 773.370235][T11342] ALSA: seq fatal error: cannot create timer (-16) [ 773.395542][ T5845] usb 4-1: USB disconnect, device number 8 [ 773.686442][ T7920] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 773.694657][ T7920] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 773.923485][ T1777] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 773.931859][ T1777] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 774.359248][T11357] syz.5.1271[11357] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 774.359683][T11357] syz.5.1271[11357] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 774.408551][T11357] syz.5.1271[11357] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 776.120983][ T1777] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 776.383123][ T1777] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 776.679568][ T1777] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 779.340699][ T5794] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 779.359832][ T5794] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 779.369203][ T5794] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 779.383537][ T5794] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 779.394665][ T5794] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 779.499654][ T5794] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 780.153509][ T1777] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 781.128125][ T1777] bridge_slave_1: left allmulticast mode [ 781.134070][ T1777] bridge_slave_1: left promiscuous mode [ 781.146515][ T1777] bridge0: port 2(bridge_slave_1) entered disabled state [ 781.268612][ T1777] bridge_slave_0: left allmulticast mode [ 781.274581][ T1777] bridge_slave_0: left promiscuous mode [ 781.281395][ T1777] bridge0: port 1(bridge_slave_0) entered disabled state [ 781.813547][T11501] binder: 11500:11501 ioctl c0306201 200001c0 returned -14 [ 781.830145][ T5794] Bluetooth: hci2: command tx timeout [ 781.955864][ T1777] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 782.057713][ T1777] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 782.130551][ T1777] bond0 (unregistering): Released all slaves [ 782.938791][T11510] loop7: detected capacity change from 0 to 64 [ 783.008197][T11475] chnl_net:caif_netlink_parms(): no params data found [ 783.166444][ T1777] hsr_slave_0: left promiscuous mode [ 783.185559][ T1777] hsr_slave_1: left promiscuous mode [ 783.224645][ T1777] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 783.233205][ T1777] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 783.259185][ T1777] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 783.267514][ T1777] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 783.384640][ T1777] veth1_macvtap: left promiscuous mode [ 783.390856][ T1777] veth0_macvtap: left promiscuous mode [ 783.399441][ T1777] veth1_vlan: left promiscuous mode [ 783.405061][ T1777] veth0_vlan: left promiscuous mode [ 783.947811][ T5794] Bluetooth: hci2: command tx timeout [ 784.224073][T11528] loop7: detected capacity change from 0 to 256 [ 784.414505][T11528] exFAT-fs (loop7): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 784.565064][ T29] audit: type=1800 audit(1735865084.917:68): pid=11528 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.1293" name="file1" dev="loop7" ino=1048719 res=0 errno=0 [ 784.705204][ T1777] team0 (unregistering): Port device team_slave_1 removed [ 784.731619][ T1777] team0 (unregistering): Port device team_slave_0 removed [ 784.830821][T11528] exFAT-fs (loop7): error, invalid access to FAT (entry 0xffffffff) [ 784.840001][T11528] exFAT-fs (loop7): Filesystem has been set read-only [ 785.922932][T11529] ===================================================== [ 785.930623][T11529] BUG: KMSAN: uninit-value in ima_add_template_entry+0x52b/0x880 [ 785.938824][T11529] ima_add_template_entry+0x52b/0x880 [ 785.944429][T11529] ima_store_measurement+0x36b/0x8d0 [ 785.950079][T11529] process_measurement+0x2c13/0x3f30 [ 785.959293][T11529] ima_file_check+0x8e/0xd0 [ 785.964036][T11529] security_file_post_open+0xc6/0x540 [ 785.971139][T11529] path_openat+0x58cc/0x6200 [ 785.975956][T11529] do_filp_open+0x268/0x600 [ 785.980845][T11529] do_sys_openat2+0x1bf/0x2f0 [ 785.985731][T11529] __ia32_compat_sys_openat+0x298/0x300 [ 785.991659][T11529] ia32_sys_call+0x2fb4/0x4180 [ 785.996628][T11529] __do_fast_syscall_32+0xb0/0x110 [ 786.002075][T11529] do_fast_syscall_32+0x38/0x80 [ 786.007238][T11529] do_SYSENTER_32+0x1f/0x30 [ 786.011925][T11529] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 786.015642][ T5794] Bluetooth: hci2: command tx timeout [ 786.018578][T11529] [ 786.018602][T11529] [ 786.018602][T11529] [ 786.018637][T11529] Uninit was stored to memory at: [ 786.018835][T11529] sha256_transform_blocks+0x2dbf/0x2e90 [ 786.018977][T11529] sha256_update+0x2ff/0x340 [ 786.019098][T11529] crypto_sha256_update+0x37/0x60 [ 786.019244][T11529] crypto_shash_update+0x79/0xa0 [ 786.019385][T11529] ima_calc_file_hash+0x1804/0x3c90 [ 786.019531][T11529] ima_collect_measurement+0x464/0xd20 [ 786.019680][T11529] process_measurement+0x294a/0x3f30 [ 786.019815][T11529] ima_file_check+0x8e/0xd0 [ 786.019931][T11529] security_file_post_open+0xc6/0x540 [ 786.020061][T11529] path_openat+0x58cc/0x6200 [ 786.020192][T11529] do_filp_open+0x268/0x600 [ 786.105319][T11529] do_sys_openat2+0x1bf/0x2f0 [ 786.110356][T11529] __ia32_compat_sys_openat+0x298/0x300 [ 786.116138][T11529] ia32_sys_call+0x2fb4/0x4180 [ 786.121302][T11529] __do_fast_syscall_32+0xb0/0x110 [ 786.126669][T11529] do_fast_syscall_32+0x38/0x80 [ 786.131943][T11529] do_SYSENTER_32+0x1f/0x30 [ 786.136634][T11529] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 786.143397][T11529] [ 786.145817][T11529] Uninit was stored to memory at: [ 786.151886][T11529] sha256_transform_blocks+0x2dbf/0x2e90 [ 786.161477][T11529] sha256_update+0x2ff/0x340 [ 786.166308][T11529] crypto_sha256_update+0x37/0x60 [ 786.173027][T11529] crypto_shash_update+0x79/0xa0 [ 786.178509][T11529] ima_calc_file_hash+0x1804/0x3c90 [ 786.183950][T11529] ima_collect_measurement+0x464/0xd20 [ 786.189827][T11529] process_measurement+0x294a/0x3f30 [ 786.195342][T11529] ima_file_check+0x8e/0xd0 [ 786.200239][T11529] security_file_post_open+0xc6/0x540 [ 786.205856][T11529] path_openat+0x58cc/0x6200 [ 786.210899][T11529] do_filp_open+0x268/0x600 [ 786.215645][T11529] do_sys_openat2+0x1bf/0x2f0 SYZFAIL: failed to send rpc fd=3 want=56 sent=0 n=-1 (errno 32: Broken pipe) [ 786.220748][T11529] __ia32_compat_sys_openat+0x298/0x300 [ 786.226520][T11529] ia32_sys_call+0x2fb4/0x4180 [ 786.231679][T11529] __do_fast_syscall_32+0xb0/0x110 [ 786.237159][T11529] do_fast_syscall_32+0x38/0x80 [ 786.242195][T11529] do_SYSENTER_32+0x1f/0x30 [ 786.247055][T11529] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 786.253658][T11529] [ 786.256117][T11529] Uninit was stored to memory at: [ 786.265346][T11529] sha256_transform_blocks+0xf33/0x2e90 [ 786.272347][T11529] sha256_update+0x2ff/0x340 [ 786.277294][T11529] crypto_sha256_update+0x37/0x60 [ 786.282561][T11529] crypto_shash_update+0x79/0xa0 [ 786.287939][T11529] ima_calc_file_hash+0x1804/0x3c90 [ 786.293376][T11529] ima_collect_measurement+0x464/0xd20 [ 786.299322][T11529] process_measurement+0x294a/0x3f30 [ 786.304862][T11529] ima_file_check+0x8e/0xd0 [ 786.310338][T11529] security_file_post_open+0xc6/0x540 [ 786.315936][T11529] path_openat+0x58cc/0x6200 [ 786.320862][T11529] do_filp_open+0x268/0x600 [ 786.325593][T11529] do_sys_openat2+0x1bf/0x2f0 [ 786.330650][T11529] __ia32_compat_sys_openat+0x298/0x300 [ 786.336418][T11529] ia32_sys_call+0x2fb4/0x4180 [ 786.341605][T11529] __do_fast_syscall_32+0xb0/0x110 [ 786.347075][T11529] do_fast_syscall_32+0x38/0x80 [ 786.352133][T11529] do_SYSENTER_32+0x1f/0x30 [ 786.357102][T11529] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 786.367486][T11529] [ 786.371051][T11529] Uninit was stored to memory at: [ 786.376368][T11529] sha256_transform_blocks+0xf7d/0x2e90 [ 786.382357][T11529] sha256_update+0x2ff/0x340 [ 786.387293][T11529] crypto_sha256_update+0x37/0x60 [ 786.392556][T11529] crypto_shash_update+0x79/0xa0 [ 786.397921][T11529] ima_calc_file_hash+0x1804/0x3c90 [ 786.403360][T11529] ima_collect_measurement+0x464/0xd20 [ 786.409277][T11529] process_measurement+0x294a/0x3f30 [ 786.414805][T11529] ima_file_check+0x8e/0xd0 [ 786.419874][T11529] security_file_post_open+0xc6/0x540 [ 786.425480][T11529] path_openat+0x58cc/0x6200 [ 786.430481][T11529] do_filp_open+0x268/0x600 [ 786.435223][T11529] do_sys_openat2+0x1bf/0x2f0 [ 786.440293][T11529] __ia32_compat_sys_openat+0x298/0x300 [ 786.446062][T11529] ia32_sys_call+0x2fb4/0x4180 [ 786.451257][T11529] __do_fast_syscall_32+0xb0/0x110 [ 786.456592][T11529] do_fast_syscall_32+0x38/0x80 [ 786.461759][T11529] do_SYSENTER_32+0x1f/0x30 [ 786.470251][T11529] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 786.478205][T11529] [ 786.480654][T11529] Uninit was stored to memory at: [ 786.485964][T11529] sha256_transform_blocks+0xfb5/0x2e90 [ 786.491861][T11529] sha256_update+0x2ff/0x340 [ 786.496745][T11529] crypto_sha256_update+0x37/0x60 [ 786.502234][T11529] crypto_shash_update+0x79/0xa0 [ 786.507697][T11529] ima_calc_file_hash+0x1804/0x3c90 [ 786.513122][T11529] ima_collect_measurement+0x464/0xd20 [ 786.518937][T11529] process_measurement+0x294a/0x3f30 [ 786.524459][T11529] ima_file_check+0x8e/0xd0 [ 786.529355][T11529] security_file_post_open+0xc6/0x540 [ 786.534979][T11529] path_openat+0x58cc/0x6200 [ 786.539936][T11529] do_filp_open+0x268/0x600 [ 786.544665][T11529] do_sys_openat2+0x1bf/0x2f0 [ 786.549679][T11529] __ia32_compat_sys_openat+0x298/0x300 [ 786.555441][T11529] ia32_sys_call+0x2fb4/0x4180 [ 786.560602][T11529] __do_fast_syscall_32+0xb0/0x110 [ 786.565918][T11529] do_fast_syscall_32+0x38/0x80 [ 786.574819][T11529] do_SYSENTER_32+0x1f/0x30 [ 786.580741][T11529] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 786.587454][T11529] [ 786.589897][T11529] Uninit was stored to memory at: [ 786.595212][T11529] sha256_transform_blocks+0x2c35/0x2e90 [ 786.601315][T11529] sha256_update+0x2ff/0x340 [ 786.606161][T11529] crypto_sha256_update+0x37/0x60 [ 786.611573][T11529] crypto_shash_update+0x79/0xa0 [ 786.616737][T11529] ima_calc_file_hash+0x1804/0x3c90 [ 786.622312][T11529] ima_collect_measurement+0x464/0xd20 [ 786.628319][T11529] process_measurement+0x294a/0x3f30 [ 786.633870][T11529] ima_file_check+0x8e/0xd0 [ 786.638822][T11529] security_file_post_open+0xc6/0x540 [ 786.644439][T11529] path_openat+0x58cc/0x6200 [ 786.649468][T11529] do_filp_open+0x268/0x600 [ 786.654202][T11529] do_sys_openat2+0x1bf/0x2f0 [ 786.659285][T11529] __ia32_compat_sys_openat+0x298/0x300 [ 786.665086][T11529] ia32_sys_call+0x2fb4/0x4180 [ 786.673917][T11529] __do_fast_syscall_32+0xb0/0x110 [ 786.680446][T11529] do_fast_syscall_32+0x38/0x80 [ 786.685489][T11529] do_SYSENTER_32+0x1f/0x30 [ 786.690400][T11529] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 786.697094][T11529] [ 786.699528][T11529] Uninit was stored to memory at: [ 786.704869][T11529] _copy_to_iter+0x1248/0x2b30 [ 786.709967][T11529] copy_page_to_iter+0x419/0x880 [ 786.715111][T11529] filemap_read+0xc65/0x1560 [ 786.720029][T11529] generic_file_read_iter+0x136/0xad0 [ 786.725628][T11529] __kernel_read+0x726/0xd30 [ 786.730654][T11529] integrity_kernel_read+0x77/0x90 [ 786.735994][T11529] ima_calc_file_hash+0x1731/0x3c90 [ 786.741538][T11529] ima_collect_measurement+0x464/0xd20 [ 786.747609][T11529] process_measurement+0x294a/0x3f30 [ 786.753140][T11529] ima_file_check+0x8e/0xd0 [ 786.758052][T11529] security_file_post_open+0xc6/0x540 [ 786.763633][T11529] path_openat+0x58cc/0x6200 [ 786.768550][T11529] do_filp_open+0x268/0x600 [ 786.777026][T11529] do_sys_openat2+0x1bf/0x2f0 [ 786.781905][T11529] __ia32_compat_sys_openat+0x298/0x300 [ 786.788981][T11529] ia32_sys_call+0x2fb4/0x4180 [ 786.793944][T11529] __do_fast_syscall_32+0xb0/0x110 [ 786.799384][T11529] do_fast_syscall_32+0x38/0x80 [ 786.804415][T11529] do_SYSENTER_32+0x1f/0x30 [ 786.809208][T11529] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 786.815791][T11529] [ 786.818357][T11529] Uninit was created at: [ 786.822829][T11529] __alloc_pages_noprof+0x9a7/0xe00 [ 786.828400][T11529] alloc_pages_mpol_noprof+0x299/0x990 [ 786.834068][T11529] folio_alloc_noprof+0x1db/0x310 [ 786.839416][T11529] filemap_alloc_folio_noprof+0xa6/0x440 [ 786.845266][T11529] __filemap_get_folio+0xac4/0x1550 [ 786.851400][T11529] block_write_begin+0x6e/0x2b0 [ 786.856499][T11529] exfat_write_begin+0xfb/0x400 [ 786.861717][T11529] exfat_file_write_iter+0x771/0x12a0 [ 786.867421][T11529] do_iter_readv_writev+0x88a/0xa30 [ 786.872845][T11529] vfs_writev+0x56a/0x14f0 [ 786.881294][T11529] __se_compat_sys_pwritev2+0x282/0x480 [ 786.888278][T11529] __ia32_compat_sys_pwritev2+0x11d/0x1a0 [ 786.894224][T11529] ia32_sys_call+0x3587/0x4180 [ 786.899281][T11529] __do_fast_syscall_32+0xb0/0x110 [ 786.904586][T11529] do_fast_syscall_32+0x38/0x80 [ 786.909766][T11529] do_SYSENTER_32+0x1f/0x30 [ 786.914787][T11529] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 786.921477][T11529] [ 786.923915][T11529] CPU: 1 UID: 0 PID: 11529 Comm: syz.7.1293 Tainted: G W 6.13.0-rc5-syzkaller-00012-g0bc21e701a6f #0 [ 786.936540][T11529] Tainted: [W]=WARN [ 786.940638][T11529] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 786.951033][T11529] ===================================================== [ 786.958211][T11529] Disabling lock debugging due to kernel taint [ 786.964620][T11529] Kernel panic - not syncing: kmsan.panic set ... [ 786.971214][T11529] CPU: 1 UID: 0 PID: 11529 Comm: syz.7.1293 Tainted: G B W 6.13.0-rc5-syzkaller-00012-g0bc21e701a6f #0 [ 786.983699][T11529] Tainted: [B]=BAD_PAGE, [W]=WARN [ 786.988869][T11529] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 786.999064][T11529] Call Trace: [ 787.002460][T11529] [ 787.005493][T11529] dump_stack_lvl+0x216/0x2d0 [ 787.010406][T11529] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 787.016433][T11529] dump_stack+0x1e/0x24 [ 787.020809][T11529] panic+0x4e2/0xcf0 [ 787.024934][T11529] ? kmsan_get_metadata+0xd1/0x1c0 [ 787.030254][T11529] kmsan_report+0x2c7/0x2d0 [ 787.034923][T11529] ? crypto_shash_final+0x72/0xa0 [ 787.040190][T11529] ? ima_calc_field_array_hash_tfm+0x7d8/0x810 [ 787.046606][T11529] ? __msan_warning+0x95/0x120 [ 787.051598][T11529] ? ima_add_template_entry+0x52b/0x880 [ 787.057347][T11529] ? ima_store_measurement+0x36b/0x8d0 [ 787.063018][T11529] ? process_measurement+0x2c13/0x3f30 [ 787.068703][T11529] ? ima_file_check+0x8e/0xd0 [ 787.073586][T11529] ? security_file_post_open+0xc6/0x540 [ 787.079367][T11529] ? path_openat+0x58cc/0x6200 [ 787.084358][T11529] ? do_filp_open+0x268/0x600 [ 787.089236][T11529] ? do_sys_openat2+0x1bf/0x2f0 [ 787.094271][T11529] ? __ia32_compat_sys_openat+0x298/0x300 [ 787.100184][T11529] ? ia32_sys_call+0x2fb4/0x4180 [ 787.105299][T11529] ? __do_fast_syscall_32+0xb0/0x110 [ 787.110761][T11529] ? do_fast_syscall_32+0x38/0x80 [ 787.115956][T11529] ? do_SYSENTER_32+0x1f/0x30 [ 787.120796][T11529] ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 787.127576][T11529] ? kmsan_get_metadata+0x13e/0x1c0 [ 787.133040][T11529] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 787.139023][T11529] ? ima_add_template_entry+0x9b/0x880 [ 787.144728][T11529] ? filter_irq_stacks+0x60/0x1a0 [ 787.149973][T11529] ? stack_depot_save_flags+0x2c/0x750 [ 787.155663][T11529] ? kmsan_get_metadata+0x13e/0x1c0 [ 787.161110][T11529] ? kmsan_get_metadata+0x13e/0x1c0 [ 787.166600][T11529] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 787.172613][T11529] __msan_warning+0x95/0x120 [ 787.177445][T11529] ima_add_template_entry+0x52b/0x880 [ 787.183073][T11529] ? kmsan_get_metadata+0x13e/0x1c0 [ 787.188459][T11529] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 787.194526][T11529] ima_store_measurement+0x36b/0x8d0 [ 787.200094][T11529] process_measurement+0x2c13/0x3f30 [ 787.205645][T11529] ? filter_irq_stacks+0x60/0x1a0 [ 787.210862][T11529] ? kmsan_get_metadata+0x13e/0x1c0 [ 787.216258][T11529] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 787.222279][T11529] ? end_current_label_crit_section+0x124/0x2a0 [ 787.228761][T11529] ? kmsan_get_metadata+0x13e/0x1c0 [ 787.234135][T11529] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 787.240189][T11529] ima_file_check+0x8e/0xd0 [ 787.244952][T11529] security_file_post_open+0xc6/0x540 [ 787.250582][T11529] path_openat+0x58cc/0x6200 [ 787.255400][T11529] ? filter_irq_stacks+0x164/0x1a0 [ 787.260720][T11529] ? kmsan_get_metadata+0x13e/0x1c0 [ 787.266091][T11529] ? kmsan_get_metadata+0x13e/0x1c0 [ 787.271476][T11529] do_filp_open+0x268/0x600 [ 787.276215][T11529] do_sys_openat2+0x1bf/0x2f0 [ 787.281092][T11529] __ia32_compat_sys_openat+0x298/0x300 [ 787.286866][T11529] ia32_sys_call+0x2fb4/0x4180 [ 787.291812][T11529] __do_fast_syscall_32+0xb0/0x110 [ 787.297188][T11529] ? switch_fpu_return+0x17/0x20 [ 787.302292][T11529] do_fast_syscall_32+0x38/0x80 [ 787.307311][T11529] do_SYSENTER_32+0x1f/0x30 [ 787.311974][T11529] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 787.318539][T11529] RIP: 0023:0xf7fd3579 [ 787.322740][T11529] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 787.342544][T11529] RSP: 002b:00000000f510555c EFLAGS: 00000206 ORIG_RAX: 0000000000000127 [ 787.351140][T11529] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000020000040 [ 787.359268][T11529] RDX: 0000000000101042 RSI: 0000000000000000 RDI: 0000000000000000 [ 787.367390][T11529] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 787.375495][T11529] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 787.383604][T11529] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 787.391816][T11529] [ 787.395279][T11529] Kernel Offset: disabled [ 787.399667][T11529] Rebooting in 86400 seconds..