last executing test programs: 2m32.813117891s ago: executing program 2 (id=222): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000003c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0x401) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x0, r1}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000380)={0x1, 0x0, 0x0, &(0x7f0000000280)=""/233, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000780)={0x0, 0x1, 0x0, &(0x7f0000000700)=""/88, 0x0}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000140)) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x20000) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xb) r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r2, 0xaf01, 0x0) 2m31.981103728s ago: executing program 2 (id=224): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20004015}, 0x2404c8c0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000001540)={0xd, 0x20000000000000bb, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000756c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb714000008"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x20, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0xe, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x41100, 0x39, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000340)={0xa, 0x200008, 0x5, 0x1ffff}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a600000000000000500000014000500200100000000000000000300000000001c00090008000000", @ANYRES32=r0], 0x4c}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r1, &(0x7f00000002c0), 0x40000000000009f, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=ANY=[@ANYRES32=0x0, @ANYBLOB="b40200000000000008001b"], 0x28}}, 0x0) 2m30.232638869s ago: executing program 2 (id=228): ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000740)) sched_setscheduler(0x0, 0x6, &(0x7f0000000280)=0x6) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0x10, &(0x7f00000003c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1}, [@printk={@x, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x9}}, @map_idx={0x18, 0x2, 0x5, 0x0, 0x10}, @map_fd={0x18, 0x1}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffe}]}, &(0x7f0000000240)='GPL\x00', 0x7, 0x64, &(0x7f00000004c0)=""/100, 0x40f00, 0x1, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000540)={0x4, 0x10, 0x2}, 0x10, 0x0, 0xffffffffffffffff, 0x1, &(0x7f0000000580)=[0x1, 0xffffffffffffffff, 0xffffffffffffffff], &(0x7f00000005c0)=[{0x0, 0x5, 0xd, 0xc}]}, 0x94) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000006c0)={r1, 0x0, 0x0}, 0x10) unshare(0x6a040000) bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = syz_open_dev$vcsn(0x0, 0x4, 0x101040) write$cgroup_subtree(r2, 0x0, 0x0) syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301) openat$cgroup_pressure(0xffffffffffffffff, 0x0, 0x2, 0x0) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000480)=[{0x6, 0x0, 0x0, 0x4}]}) unshare(0x52010200) close_range(r3, 0xffffffffffffffff, 0x0) 2m26.492140441s ago: executing program 2 (id=231): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000740)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x1001a, &(0x7f0000000280)={[{@quota}, {@nolazytime}, {@barrier_val={'barrier', 0x3d, 0x3}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@block_validity}, {@jqfmt_vfsv1}]}, 0x1, 0x42e, &(0x7f0000000940)="$eJzs20tvG0UcAPD/rpOUvkgo5dEHECiIiEfSpAV64AICiQsSEhzKMSRpFeI2qAkSrSIICHFFlbgjjkh8Ak5wQcAJiSsfAFWqUC4tnIzW3k1sx3k4deKCfz9pk5ndcWb+3hl7dicbQM8azn4kEYci4o+IGKxlGwsM137dXlma+ntlaSqJSuXtv5JquVsrS1NF0eJ1B/PMSBqRfp7EiRb1Lly9NjdZLs9cyfNji5c+GFu4eu352UuTF2cuzlyeOHfu7Jnxl16ceKEjcWZtunX84/mTx9549/qbU+evv/fLd0kRf1McHTK82cGnKpUOV9ddh+vSSV8XG0JbShGRna7+6vgfjFKsnbzBeP2zrjYO2FWVSqVycOPDyxXgfyyJbrcA6I7iiz67/i22PZp63BVuvlK7AMrivp1vtSN9keZl+puubztpOCLOL//zdbbF7tyHAABo8EM2/3mu1fwvjQfryt2brw0NRcR9EXEkIu6PiKMR8UBEtexDEfFwm/U3L5Ksn/+kN3YU2DZl87+X87WtxvlfMfuLoVKeO1yNvz+5MFueOZ2/JyPRvy/Lj29Sx4+v/f7lRsfq53/ZltVfzAXzdtzo29f4munJxck7ibnezU8jjve1ij9ZXQlIIuJYRBzfYR2zz3x7cqNjW8e/iQ6sM1W+iXi6dv6Xoyn+QrL5+uTYPVGeOT1W9Ir1fv3ti7c2qv+O4u+A7PwfaNn/V+MfSurXaxfa+/v7tji+0/4/kLxTTQ/k+z6aXFy8Mh4xMNfYKar7J9bni/JZ/COnWo//I7H2TpyIiKwTPxIRj0bEY3nbH4+IJyLi1CYx/vzqk+/vPP7dlcU/3db5X0sMRPOe1onS3E/fN1Q61E782fk/W02N5Hu28/m3nXa135sBAADgvymNiEORpKOr6TQdHa39v/zROJCW5xcWn70w/+Hl6dozAkPRnxZ3ugbr7oeO55f1RX6iKX8mv2/8VWl/NT86NV+e7nbw0OMObjD+M3+Wut06YNd5Xgt6l/EPvcv4h95l/EPvajH+93ejHcDea/X9/0kX2gHsvabxb9kPeojrf+hdxj/0LuMfetLC/tj6IXkJiXWJSO+KZkjsUqLbn0wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACd8W8AAAD//9Oa5Js=") openat(0xffffffffffffff9c, &(0x7f0000000440)='./bus\x00', 0x141842, 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x3829410, 0x0) r0 = open(&(0x7f0000000240)='./bus\x00', 0x187102, 0x1) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2, 0x28011, r0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000000010008500000022000000850000002300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r1, 0x0, 0xe40, 0xe40, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x224e, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) 2m24.741898092s ago: executing program 2 (id=237): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x120}}, 0x0) sendmmsg$unix(r0, &(0x7f0000000000), 0x651, 0x0) 2m23.716833155s ago: executing program 2 (id=242): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0a000000040000000400000004"], 0x48) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000240)={r0, &(0x7f0000001600)}, 0x20) 2m22.091005906s ago: executing program 32 (id=242): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0a000000040000000400000004"], 0x48) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000240)={r0, &(0x7f0000001600)}, 0x20) 7.038203332s ago: executing program 4 (id=503): r0 = gettid() r1 = eventfd(0xffffffff) r2 = epoll_create1(0x80000) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000000)={0x40000001}) kcmp$KCMP_EPOLL_TFD(r0, r0, 0x7, r1, &(0x7f0000000080)={r2, r2, 0x10000}) 6.850471127s ago: executing program 4 (id=504): r0 = syz_usb_connect(0x0, 0x3d, &(0x7f0000000940)=ANY=[@ANYBLOB="12010000a6ff0540cdabeecdb9050000000109022b000100000000090400000201035100090503"], 0x0) syz_usb_ep_read(r0, 0x3, 0x0, 0x0) 4.746257427s ago: executing program 4 (id=511): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x6, 0xf, &(0x7f0000000140)=ANY=[@ANYBLOB="180000000500000000000000400000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014350d00b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000300)={r1, 0x0, 0xe, 0x0, &(0x7f0000000000)="3242703ecf43aa3a432bab0edab7", 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 4.58912656s ago: executing program 3 (id=513): socket$inet6_tcp(0xa, 0x1, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000240)='./file1\x00', 0x4000, &(0x7f0000000140), 0x2, 0xbb8, &(0x7f00000017c0)="$eJzs3M1rXFUbAPDn3kymaZv3nfTlRawbIyItiNOkkmKLYCsVNy4E3QoN6aSETD9IIjVpFhP9B0RdC24EtSgu7LobRbdutN0qLoQisVEQ0cidjyQ2mTS1M70x/f3gzD3nnpl5nmcuM/cemJkA7luD2U0asT8iTiURpeb+NCKK9V5fRK1xv6XF+bFfF+fHklhefumnJJKIuLk4P9Z6rqS53dsc9EXE188m8b831sednp2bHK1WK1PN8aGZsxcOTc/OPTFxdvRM5Uzl3PCRp0YOjxwZOjrSsVp/++74lV8eef6H2u8f/nH557ffT+J49Dfn1tbRKYMxuPKarFWIiNFOB8tJT7OetXUmhds8KO1yUgAAtJWuuYZ7IErRE6sXb6X4/JtckwMAAAA6YrknYhkAAADY4RLrfwAAANjhWt8DuLk4P9Zq+X4j4d66cSIiBhr1LzVbY6YQtfq2L3ojYs/NJNb+rDVpPOyuDUbE99ePfpK16NLvkDdTW4iIBzc6/km9/oH6r7jX159GxFAH4g/eMv431X+8A/Hzrh+A+9PVE40T2frzX7py/RMbnP8KG5y7/om8z3+t67+lddd/q/X3tLn+e3GLMS598O7FdnNZ/U9fee7jVsviZ9u7KuoO3FiIeKiwUf3JSv1Jm/pPbTFG6c+LlXZzede//F7Egdi4/pZk8/8nOjQ+Ua0MNW43jLHw1chH7eLnXX92/Pe0qb/1/0/tjv+FLcZ45eTJT9ftvL7a3bz+9Mdi8nK9V2zueW10ZmZqOKKYvLB+/+HNc2ndp/UcWf0HH938/b9R/dlnQq35OmRrgYXmNhu/fkvMZy5f+qxdPq31X57H/3Sb47+2/i8L64//m1uM8dgXbx1sN7d2/Zu1LH5rLQwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALWlE9EeSllf6aVouR+yNiP/HnrR6fnrm8fHzr547nc1FDERvOj5RrQxFRKkxTrLxcL2/Oj58y/jJiNgXEe+UdtfH5bHz1dN5Fw8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCKvRHRH0lajog0IpZKaVou550VAAAA0HEDeScAAAAAdJ31PwAAAOx81v8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB02b6Hr15LIqJ2bHe9ZYrNud5cMwO6Lc07ASA3PXknAOSmkHcCQG7ucI3vcgF2oOQ2831tZ3Z1PBcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtq8D+69eSyKidmx3vWWKzbneXDMDui3NOwEgNz2bTRbuXR7AvectDvcva3wguc183+p9an+f2dW1nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADYfvrrLUnLEVFs7iuXI/4TEQPRm4xPVCtDEfHfiPi21LsrGw/nnDMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACdNz07NzlarVamsk4azc7KHp3VTtJ4xWrbJR+du+wUY1uksU07eX8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACQh+nZucnRarUyNZ13JgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDepmfnJker1cpUFzt51wgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQH7+CgAA//9gfgp0") fsmount(0xffffffffffffffff, 0x1, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x0) syz_mount_image$ext4(&(0x7f0000000b00)='ext4\x00', &(0x7f0000000b40)='./file1\x00', 0x40, &(0x7f0000000b80)={[{@nouid32}, {@oldalloc}], [{@flag='nolazytime'}, {@fsmagic={'fsmagic', 0x3d, 0x36}}, {@subj_user={'subj_user', 0x3d, 'rcu_utilization\x00'}}, {@fowner_gt}, {@func={'func', 0x3d, 'MODULE_CHECK'}}, {@fowner_lt}]}, 0x1, 0x576, &(0x7f0000000140)="$eJzs3T1sG2UfAPD/neO3X3nf9JXeVwLUoQKkIlV1kn5AYWpXRKVKHZBYIHLcqIoTV7EDTZQh3StEBwSoS9lgYAQxMCAWRlYWEDNSRSOQmg5g5K80TZzglDouud9POvuee87+P8+d/499pzs5gMw62nhII56OiItJxMi6uqFoVx5trbe6slS8v7JUTKJev/RLEklE3FtZKnbWT9rPhyJiOSKeiohv8hHH081xqwuL0xPlcmmuXR6tzVwdrS4snrgyMzFVmirNnnrp5TNnT58ZPzm+/mX36+tL+Z319caPN9+98d2rt29++tmR5eL7E0mci+F23fp+PE6tbZKPcxuWn+5HsAFKBt0AHkmuneeNVPp/jESunfXd1Ed2tWlAn9X3RdSBjErkP2RU53dA4/i3M+3m748751sHII24q+2pVTPUOjcR+5vHJgd/TR46Mmkcbx7ezYayJy1fj4ixoaHNn/+k/fl7dGOPo4H01dfnWztq8/5P18af6DL+DHfOnf5NnfFvddP49yB+bovx72KPMX5/46ePtox/PeKZrvGTtfhJl/hpRLzVY/xbr395dqu6+scRx6J7/I5k+/PDo5evlEtjrceuMb46duSV7fp/cIv4rXO2+5tfM922f5fT2l198e3nzy5vE/+F57bf/922/4GIeK/H+P+998lrW9XduZ7cbfwK2On+TyIft3uM/+K5oz/0uCoAAAAAAAAAALADafNatiQtrM2naaHQuof3f3EwLVeqteOXK/Ozk61r3g5HPu1caTXSKieN8nj7etxO+eSG8qlcO2DuQLNcKFbKkwPuOwAAAAAAAAAAAAAAAAAAADwpDm24//+3XPP+/41/Vw3sVVv/5Tew18l/yK6H8z8ZWDuA3ef7HzKrLv8hu+Q/ZJf8h+yS/5Bd8h+yS/5Ddsl/AAAAAAAAAAAAAAAAAAAAAAAAAADoi4sXLjSm+v2VpWKjPDm0MD9defvEZKk6XZiZLxaKlbmrhalKZapcKhQrM3/1fkmlcnUsZuevjdZK1dpodWHxzZnK/GznP0VL+b73CAAAAAAAAAAAAAAAAAAAAP55hptTkhYiIm3Op2mhEPHviDicRHL5Srk0FhH/iYjvc/l9jfL4oBsNAAAAAAAAAAAAAAAAAAAAe0x1YXF6olwuzWVkZmgnK0fE8uNtRuMdd/yqfHtfPSnb0EwWZgY8MAEAAAAAAAAAAAAAAAAAQAY9uOm311f80d8GAQAAAAAAAAAAAAAAAAAAQCalPycR0ZiOjTw/vLH2X8lqrvkcEe/cuvTBtYlabW68sfzu2vLah+3lJwfRfqBXnTzt5DEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwQHVhcXqiXC7N9XFm0H0EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeBR/BgAA///eANcP") quotactl$Q_SETQUOTA(0xffffffff80000800, &(0x7f0000000000)=@loop={'/dev/loop', 0x0}, 0x0, 0x0) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2241, 0x0) write$tun(r1, &(0x7f0000000040)=ANY=[], 0x1043) write$P9_RREADLINK(r0, &(0x7f00000002c0)={0x10, 0x17, 0x2, {0x7, './file0'}}, 0x10) 4.414194563s ago: executing program 4 (id=514): mremap(&(0x7f0000daa000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f0000ffd000/0x3000)=nil) remap_file_pages(&(0x7f000057a000/0x1000)=nil, 0x1000, 0x0, 0x1, 0x0) syz_mount_image$ext4(&(0x7f0000000b80)='ext4\x00', &(0x7f0000000340)='./file1\x00', 0x1210010, &(0x7f00000003c0)={[{@grpquota}]}, 0x41, 0xbac, &(0x7f00000017c0)="$eJzs3M1rXOUaAPDnnEy+c5v0crn3tggGpCqK07QpFbpqXYsKunDZmExKyPTDJIIJXaR1ry5EXBSkf4Lg3m5cCS7qQutfUMQiRTdtFyNnPtKxk5nGdGaOSX8/eHPe97wn8zxPTmfOe2BOA3hqTWc/0ohDEXE2iZis708jYqjaG4nYrB13/+7l+awlUam8/VsSSUTcu3t5vvFaSX07Xh+MRMTN15L490etcVfXN5bnyuXSSn18dO38paOr6xuvLJ2fO1c6V7pwYvbVE7MnZ2e7WOvtS+998cwPbzx/9frHM29+fuC7JE7HRH2uuY5umY7prb9Js0JEzHU7WE4G6vU015kUckwIAICO0qY13H9jMgbi4eJtMr79MdfkAAAAgK6oDERUAAAAgH0ucf8PAAAA+1zjewD37l6eb7R8v5HQX3fORMRUrf7G8821mUJsVrcjMRgRY78n0fxYa1L7tSc2nUX6+vtS1qJHzyF3snklIv6/3flPqvVPVZ/ibq0/jYiZLsSffmS8l+o/3YX4edcPwNPpxpnahaz1+pdurX9im+tfYZtr127kff1rrP/ut6z/HtY/0Gb999YOYxx+8NLNdnPN6793P/l5IYufbZ+oqL/hzpWIw4Xt6k+26k/a1H92hzHG529fazeX1Z/V22j9rr9yPeJIdTXXWn9D0un/Jzq6uFQuzdR+bvP66yc7x28+/1nL4jfuBfohO/9jsbvzf2mHMab+9+uhdnOPrz/9ZSh5p9obqu/5cG5tbeVYxFDyeuv+451zaRzTeI2s/hef6/z+367+7DNhs/53yP71XKlvs/HVR2KOHzn+1e7r762s/oVdnv9Pdxjjy2+uvd9uLu/6AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANgb0oiYiCQtbvXTtFiMGI+I/8RYWr64uvby4sUPLixkcxFTMZguLpVLMxExWRsn2fhYtf9wfPyR8WxEHIyIzyZHq+Pi/MXyQt7FAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsGU8IiYiSYsRkUbEH5NpWizmnRUAAADQdVN5JwAAAAD0nPt/AAAA2P9a7v8LfxmN9DMXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9qWDz964lUTE5qnRassM1ecGc80M6LV0Z4eN9ToPoP8G8k4AyE2hqV+pVCo5pgL0mXt8IHnM/EjbmeGu5wIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAP9cLh27cSiJi89RotWWG6nODuWYG9FqadwJAbgY6TSaP3QHsYYW8EwBy4x4fqK3sH1RqWudH2v7m8BNHBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGDvmKi2JC1GRFrtp2mxGPGviJiKwWRxqVyaiYgDEfHT5OBwNj6Wd9IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB03er6xvJcuVxa0dHR6WJnNPoWa7T+Zm5zzHD7qQ6dnD+YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADIxer6xvJcuVxaWc07EwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACBvq+sby3Plcmmlh528awQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID9/BgAA///GyAmy") r0 = socket$nl_generic(0x10, 0x3, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4000) r3 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) write$P9_RGETLOCK(r2, &(0x7f00000000c0)=ANY=[], 0xffffff6a) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x84000) tee(r1, r4, 0xfffffffffffffc01, 0x0) tee(r1, r4, 0x60000000000, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0xfffffffffffffffb, 0x0) read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, 0x0) fchmodat(0xffffffffffffff9c, 0x0, 0xfffffffb) socket$igmp(0x2, 0x3, 0x2) mprotect(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) 4.408324524s ago: executing program 0 (id=515): syz_mount_image$ext4(&(0x7f0000000440)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x200000, &(0x7f0000000480)={[{@dioread_nolock}, {@inode_readahead_blks}, {@resgid}, {@nojournal_checksum}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@nodelalloc}, {@errors_remount}, {@grpid}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x343}}, {@grpid}, {@barrier_val={'barrier', 0x3d, 0x7}}, {@min_batch_time={'min_batch_time', 0x3d, 0xa00}}], [{@subj_user={'subj_user', 0x3d, '('}}, {@obj_user={'obj_user', 0x3d, 'uid>'}}, {@uid_gt}, {@appraise_type}]}, 0xfd, 0x588, &(0x7f0000000680)="$eJzs3d9rW1UcAPDvTZP96rQdjKE+yGAPTsbStfXHBGHzUXQ40PcZ2qyMpsto0rHWgduDe/FFhiDiQPwDfN/j8B/wrxi4wZBR9EGFyk1vuq7Nj7bLTF0+H8h2Ts5Nzv3m3u/NOfcmTQAD62j6Ty7i1Yj4JokYWdeWj6zx6Opyy4+vT6W3JFZWPv09iTMbnivJ/h/OKq9ExC9fRZzIbe63trg0W6pUyvNZfaw+d2Wstrh08tJcaaY8U748MTl5+u3Jiffefadnsb55/s/vP7n34emvjy1/9/PDQ7eTOBsHs7Y0rh50cWN95Wjpn6xUiLMbFhzvQWe7SdLvFWBHhrI8L0R6DBiJoSzrgRfflxGxAgyoRP7DgGqOA5pz+x7Ng/83Hn2wOgHaHH9+9dxI7GvMjQ4sJ0/NjNL57mgP+k/7GH1w5/bdB3duR+fzEPu71AG25cbNiDiVz28+/iXZ8W/nTjVOHne2sY9Be/+BfrqXjn+SGxGb8j+3Nv6JFuOf4Ra5uxPd8z/3sAfdtJWO/95vOf5dO3SNDmW1lxpjvkJy8VKlfCoiXo6I41HYm9Y7Xc85vXx/pV1bGv/dbPyX3tL+m2PBbD0e5vc+/ZjpUr30LDGv9+hmxGstx7/J2vZPWmz/9PU4v8U+jpTvvN6urXv8z9fKTxFvtNz+T65oJZ2vT4419oex5l6x2R+3jvzarv9+x59u/wOd4x9N1l+vrW2/jx/3/VVu17bT/X9P8lmjvCe771qpXp8fj9iTfJwf3nj/xJPHNuvN5dP4jx9rnf+d9v908vX5FuO/dfhW20W7xv/3ukn6U25usffO0vint7X9t1+4/9EXP+w4/sb2f6tROp7ds5Xj31ZX8FleOwAAAAAAANhtchFxMJJcca2cyxWLhUbb4TiQq1Rr9RMXqwuXp6PxXdnRKOSaV7pH1n0eYjz7PGyzPrGhPhkRhyLi26H9jXpxqlqZ7nfwAAAAAAAAAAAAAAAAAAAAsEsMt/z+/2rbb0P9XjvguWv8sMHefq8F0A9df/K/F7/0BOxKXfMfeGFtP/+dGYAXhfd/GFzyHwaX/IfBtdX8L4w85xUB/nPe/2FwyX8AAAAAAAAAAAAAAAAAAAAAAAAAAADoqfPnzqW3leXH16fS+vTVxYXZ6tWT0+XabHFuYao4VZ2/UpypVmcq5eJUda7b81Wq1SvjE7FwbaxertXHaotLF+aqC5frFy7NlWbKF8oFf2wYAAAAAAAAAAAAAAAAAAAANqktLs2WKpXyvELbwpno5RMmu++VP5Ot0o4ent8tUSj0tNDHgxIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAbPBvAAAA///YBDOu") 4.375207357s ago: executing program 1 (id=516): socket$nl_xfrm(0x10, 0x3, 0x6) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socketpair$unix(0x1, 0x5, 0x0, 0x0) r2 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDFONTOP_SET(r2, 0x4b72, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x5, 0x200, &(0x7f0000003c40)="1ae19337aa151f36ae49bb3f8cb95c5bf840d4f1e55efaaf098d47a70eb36a73090000000000001b0f4743f490c585108c1331c7749299a25a705f5096cb268cbc6070d680e1be250700000000000000472471ff550c0010000007f3c7b61abe4162256004ea8ca5e5b5f379c6eb3257eda08f7e6959090000004d13184d382747e035b4722525e00ade86b4c6d1e157c75d15c1f961ebc0a64d7f2a73f8979fcecacaa64f9b9069ebcc1d5b471edbc4f6c7f1b98ae74e909aa6f25b7fa77bf9cd4ed36d5c53dc519d11c3cc1c22a3b86cf3c645413f4afbcea0c99ded703699d2bb6a4a663b99b6069da5aaf64785a5887c31261d4b9e57ee07000000def6f255ca26108f11f02047d47f2d0fec30f7e92482f71496e184214a4e0c5fdc48b0af0c0478940016d8f0990a0e1090fd515380aae83c5eaeed338701574b64200a16ef2811fadcf1e0f49a514df529061e09ce45e3da03a03fe9b4a6bcfa7d04594e4f6d0714a2e14ea127ab37d64a5e0db630cd4f4a2e6c985a542ff20a9b2193f265f93a258a88dd6c9d6a926dd23d32425849c5d9210007660a617f22133b6cb5087f4c6057942aa18193172bd995fa70a1f949b196f2e2a3c175858575713be5ee3f7f4dcecc98123f9ded3afdebe13d79a7f7fcb2469ae0ac503111401612df7ee995f74fb97a63bf62d61f78c062f959119ab50c1f706a930121ebcd53ccb93d158186ed360750ca8e728150d988844b9a5cff46591ccaff416e5a8c25f9555da5ca6fdf75b86ea6171b046b856168f403b5253a5cc393430a09a4489a0895571e597ac8846f945ffb372a88d3a25978b463dc961416c80c55773f917020751ed51cfd73c1e06fbadd156d56bedc117af95d242d6dccbe2ce34dccd6005e944afa92b22ec9a698469c6edc06caa2cfcd61912607d459b4c28ebea9745bcd4697d75c9601fd333d3cd797963a3c71b7cc5fdc756da8d97207936e5f53b53b732533c2722e03002293517966611602f297de6ff5408777b7a93c45cee3ee5c5601a4e94266b295ea7a86812a7ab8896ec5ea1b12643e1844b185734528399e62bceb8700cc6cd491e4a4430d0a3ba329a5a2fa170fd0b1cc4ba8294de988cd35df2cd7344aa8a9f3432b96fb889c02f484f635a0cc3466a3c2733d45f176931b2db18dba54991a9553cedb7f585786388d4042dbae1c95b769e3d4e036e8afea0a04c04f542b152ca1fd1f8efee60425c5a122fd1b90e98635284abd9f217d9e19cb2a64b354c9d79509cc47d7305114990148a7291cb0fe2d1c773a6664b66ae04aa62c534d072ae54c2ca0d5962cc58945d8924abfc4d5af922462507430d8f2c17479a6678b0b3700000000000000000000000000000000000000000000f800"}) 3.937549672s ago: executing program 1 (id=517): syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000040)='./file1\x00', 0x1008801, &(0x7f0000000080)=ANY=[@ANYRES16, @ANYRES16, @ANYBLOB="a7ed7daea7adfa0d24ad3278b21993733698dec7893cac0f2f2a8d0701819d20dbdf7cb81adeac1fa197403b20cd8ef2e8faa1c28501132d27d63f894ebdb87ef68f5a152f6606f94bee9c5c6e5bdc6033f944c9499aedcbabd7f90a57b465339b807279e9e4dd1cd8513df48bc6ff29041782f80ac3e9621fd168f700de1e08a57d7a5d729aa847fb89dfbc800bf2d07b48979b44ef163baefecbaaddbec9fcf37a9a38173f55ee3a34f15b2d0e5a6caae17b4dcb9a98389b537d7fc95ef0178728c8d5"], 0x2, 0x1e5, &(0x7f0000000700)="$eJzsmbGLE0EUxr+Z3UvOQxQbCxsLDzzR2+xuVK654gRLQbgTtQzeekQ3iSQrJAHBYGNjaSHY+g9YWKSysLOz1UIFwcKU1iMzO9mdZLOauBbBez/I7DezM2/mvd18zYIgiEPL1y8/Pz+7srV3AcBRrKOsx79b6RxuzP/04uH559tXX77++Opd89ij4XQ8BkCI+fe3AbzdsYDHx1VfiMnV6/q6B57oG+A4p/VNMDjjs4p0dQCG23r4nqFbR7QIA3anFe7frYeBKxtPNr5sqoCYON9owLAPYFVvwYzzdXr9+7UQaMciDMZiRYz3ydxaVPypfqMdjm2jBPJ53Xr6ZCD7jh53jfp54PC0roJhV+stlOE4TloSI/9TdhrfyuRfMEkUr9FMcWLzHwf8fwUr+AQBLEEW8wk2PSL/0MnIydHwfXbVt2U5/F8IZVwAMrc+rIXhtQKRS9oEcl+J2D+YDZw1/MmGnfhHJWo8qHR6/c16o3YQHARN369edi+67iW/oowobn/jf6vKn9aM+Cs5c0ushG4titpeF4jaXtL349Zw3N03rR9qDVf+x7FxJo4hXxWVdnn2Hkz/uLpKtWHlHp4gCIIgCIIgCIIgCIIgCGIhToPFH8LiD1UiB/+6mv0rAAD//90/aw8=") prlimit64(0x0, 0xe, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) r2 = socket$unix(0x1, 0x2, 0x0) bind$unix(r2, &(0x7f0000000100)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r3 = socket$unix(0x1, 0x2, 0x0) connect$unix(r3, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) writev(r3, &(0x7f0000000200)=[{&(0x7f0000000000)="f1", 0x1}, {&(0x7f0000000280)="11ee3dec6af06104dece5b925da23a2a04e879d98a501dda567921b96395ebae08aaf246663bc6a144533a299bfbee9a8528955a733f44eb44ff8ef42f159e9ba8d3bd8c917e59325eb5728283b3d33bad7e0b097af6c96cd0c0a932e120b417f14d5f789b7e34256a8a2fd6c13f442ecc1f9258e64c14b9566be001349c40552d5b0fe8c0704f51650ed41627841ca6d494206b3c2f05cae8b62884f4c27a2d342056c64f2653f8236e74272e347c6c65620179b9a4dbc91aada4614fcee4654e460240b74598819557d657ce50b4c998fbc71a", 0xd4}], 0x2) r4 = gettid() sigaltstack(&(0x7f0000000000)={0x0, 0x180000001, 0xffffffffffffff73}, 0x0) tkill(r4, 0x21) setsockopt$SO_TIMESTAMP(r2, 0x1, 0x23, &(0x7f0000000080)=0x6, 0x26) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f00000000c0)=0x3f9, 0x4) recvmmsg(r2, &(0x7f0000000300), 0x40000000000049e, 0x1000000000fe, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = socket$inet_udp(0x2, 0x2, 0x0) close(r7) r8 = socket(0x28, 0x5, 0x0) r9 = socket(0x28, 0x5, 0x0) bind$vsock_stream(r9, &(0x7f0000000040)={0x28, 0x0, 0x0, @local}, 0x10) listen(r9, 0x0) connect$vsock_stream(r8, &(0x7f0000000080)={0x28, 0x0, 0x0, @local}, 0x10) write$binfmt_misc(r6, &(0x7f0000000000), 0xfffffecc) splice(r5, 0x0, r7, 0x0, 0x200000000622c, 0x0) syz_emit_vhci(0x0, 0x0) 3.485469898s ago: executing program 0 (id=518): bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x15, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB], &(0x7f00000002c0)='syzkaller\x00', 0x5, 0xc3, &(0x7f0000000300)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_reuseport, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x94) munmap(&(0x7f0000001000/0x4000)=nil, 0x4000) r0 = gettid() r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) getpid() prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) io_getevents(0x0, 0x7, 0x0, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) socket$netlink(0x10, 0x3, 0x10) timer_create(0x0, &(0x7f00000002c0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)=0x0) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSETMODE(r4, 0x4b63, 0x4) timer_settime(r3, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) openat$rtc(0xffffffffffffff9c, &(0x7f0000000100), 0x40200, 0x0) r5 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) ioctl$UI_SET_EVBIT(r5, 0x40045564, 0x15) ioctl$UI_SET_EVBIT(r5, 0x40045564, 0x3) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x5, 0x16, &(0x7f0000000240)=ANY=[], 0x0}, 0x94) 3.238409249s ago: executing program 3 (id=519): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000540)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000000)={0x3c, r0, 0x801, 0x0, 0x3, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_IDX={0x5}, @NL80211_KEY_CIPHER={0x8, 0x3, 0xfac02}, @NL80211_KEY_DATA_WEP40={0x9, 0x1, "f8ff00fa08"}]}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) 2.9716099s ago: executing program 0 (id=520): bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000001180)=ANY=[@ANYBLOB="61154c000000000061138c0000000000bfa00000000000001503000008004e002d35010000000000950041000000000069163a0000000000bf67000000000000352005000fff07206706000005000000160302000ee60060bf500000000000000f650000000000006507f9ff0100000007070000cddfffff1e75000000000000bf54000000000000070400000400f9ff3d4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd3997f9c9c4f6f3be4b369289aa6812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe01c5473d51b546cad3f1d5ab2af27546e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc8da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc2300000008ac86d8a297dff0445a15f21dce4de9f29eff65aadc841848c9b562a31e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076ebae3f55c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20cecac4d03723f1c932c9a6aa57f1ad2e99e0e67ab93716d20000009fbb0f53acbb40b4f8e2739670b31562ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000000000000000000000000004000bc00f679629709e7e78f4ddc211bc3ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253880800000000000000690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc401000000cc43010000207b40407d000000210000000000000000005f37d83f84e98a523d80bd970d703f37ca364a601ae899a56715a0a62a34c6c94cce6994521629ab028acfc1d926a0f6a5489af8dc2f17923f3c40dfd1970a55c22fe3a5ac000000f4000000000000000000000000c1eb2d91fb79ea00000000000000bb0d00000000000000000000e4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e190deae46e26c596f84eba9000000000000003cc3aa39ee4b1386bab561cda886fa642994cacd473b543ccb5f0d7b63924f17c67b13631d22a11dc3c6939628950000000000000001c7205a6b068fff496d2da7d632bd1f61b007e1ff5f1be19637302f3b41eae50509fd05d12f6186f117b062df67d3a63f3265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b30410856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089dad7a8710e0254f1b11cced7bc3c8da0c44d2ebf9f6f3ff3be4d1458077c2253b0c7c7a0a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631dbaa74f22bad050e9856b48ae3a03a497c37758537650fe6db88aa3c41fdc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0afa1e1c758a0079b747067312e9815a21cb3f1f8150d999d788535a4d3114dbc7e2bf2402a75fd7a55733360040855ed5d1c0d634fb9fb38f84d9d87b27f8a5d91217b728f13e3ee20e69e0ffb2780b1a7af137ff7b4ff010404faf0a4da65396174b4563d54b52f06c870edf0c5d744b5272b44c23488b2bdbff947c4dfa108cbb88202ee1192b81f428a5b3c299848649e1a6bff52f657a67463d7dbf85ae9321fc2b517dc4a29b9b5a8ded5de8206c812439ab129ae818837ee1562078fc524a3baf49a0be9bb7d958d5e87c6c09bf71a894bad62934782cc308e936d7637e07c4a2a3bc87b0da23c00d9ef418cf19e7a8c4c328be0ce95798adc2dca871073f6bd61dc18402cde8b0100010000000000abc86b94f8cbde4d470667bee722a6a2af483ad0d3415ed0f9db059acaba9eaea93f811d434e00000000000000000000d154ba10a8e51489a614e69722bac30000000000000000000000000000c5dfd188ff555285b9743d3aac000583f42d168613151d681a2f71373f20d92c9048407c91fabecfe8b3f2d545ffffffff00000000a1cfc4336324c86f3dcb43e9a58208077e90f6ec1c7ac756f61dcc372cdd30b82507489f0bbfbd3c3f21752e81319c0161e154ceb16e00bc7f5a6962dff317f4d014786e432817064874d69a39cb0da31bcc5f81894d8a80756447322207b4007dff12eb95066cc6bc256f0a12282224d718b06ca80b57aa183dd0c3eee45891441f2b89b4c67aa9882281393954972046974f18df232cd7fca610e33f51c2d062020f403d85ff36c26e2f6bd1d82f4d3ceb3472d9a77e0057a3bfe697d9ab7585f4a1b381343d2cf857689232f4fc5135790662dc1419a374be9d7b3e5be2886d23add90d862f1a682ff11c798e338af3e5bb0f9d3952b15bf3e0c618c89d20ca1e18a031397693bf3cfbd8417e5b55e641c898c280356f2da222d5d68919d98158578dcf18efa404e508bcbbb8cfcf70086821ebdf34c9a1dff45af873df904c2bdbef81f246d26f4b40df949e12bdac18533d4e11c608cc31d60cb591c40a7b386fa1c753336d7220a35118d4919b45eff32aab684ee54c0a263c806aabac2f66cb052f847c62c6691de14e97aa7e9dc8ecf0cd50540246d2b746e41e5b4e2c095039dfe0f71db6265f7580d098be40ef36faee5d1695830d4242a23e541e6ce9fa1998d8961ef4fe3c8e8fbb566f148c8befc229614a4b7f80d237b8abc6fc0407de31d6e5532f360d379f20f054692b47207922fe6c14eba96c9a7ae906abc1ae1ae8c4fae92883cfa1978a04bb000000000000000000000000000000884efcecca45ea4ab2ec097668456a6ff12854997f5aed737d5205ace5c0b64f87ef10784d0479cb44ca077e0c4ce6ff880e2ce3de63853a9740e9233683bfc8636bee293aeeb680b399a296e6f44c07b5fc5d9d359af007f23004a7acb6df23664ea209620b4fe0f4df81c33bd8ca2335cb4b50881937379b45a301175c3e8eb32970564ec8e25c46ee3bae079faedaad94276cfa251be8256c4c37fc84a25c3a2feb39e94a5266a10716d4a3cef499fa176018054e9149a1c9d20a809ce3"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffffd2}, 0x54) 2.950628622s ago: executing program 4 (id=521): r0 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x57e, 0x200e, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x3, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x8, 0x1, {0x22, 0x7}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0x81, 0x0, 0x1}}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000000c0)={0x24, 0x0, 0x0, &(0x7f0000000000)={0x0, 0x22, 0x8, {[@local=@item_4={0x3, 0x2, 0xa, "00000600"}, @main=@item_012={0x2, 0x0, 0xa, 'JU'}]}}, 0x0}, 0x0) 2.761284377s ago: executing program 1 (id=522): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x6, 0xf, &(0x7f0000000140)=ANY=[@ANYBLOB="180000000500000000000000400000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014350d00b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000300)={r1, 0x0, 0xe, 0x0, &(0x7f0000000000)="3242703ecf43aa3a432bab0edab7", 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 2.410406215s ago: executing program 1 (id=523): r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/rcu_normal', 0x109000, 0x0) read$msr(r0, &(0x7f00000000c0)=""/179, 0xb3) 2.406843586s ago: executing program 0 (id=524): r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0x7, 0x0, 0xfffffffffffffffc) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) getsockopt$MRT(0xffffffffffffffff, 0x0, 0xcf, 0x0, 0x0) 2.320009413s ago: executing program 3 (id=525): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x9, 0x4, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, [@generic={0x3, 0x6, 0x8, 0x80, 0x5}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xd}, 0x94) 2.237162539s ago: executing program 1 (id=526): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x800001000088}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000eb210c8a8f699868900faffffffa96f004b00000000000000"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10) r1 = syz_open_dev$sndpcmp(&(0x7f0000002000), 0x5d5d, 0x0) ioctl$SNDRV_PCM_IOCTL_HW_PARAMS(r1, 0xc2604111, &(0x7f0000002040)={0x0, [[0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0xfffffffc]], '\x00', [{0xfffffffe}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x3}]}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000032680)=""/102400, 0x19000) ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000001880)={'wg0\x00', 0x0}) r4 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000fc0), 0xffffffffffffffff) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) recvfrom$inet6(r5, &(0x7f0000001140)=""/254, 0xfe, 0x21, &(0x7f0000000040)={0xa, 0x4e22, 0xfffffff7, @mcast1, 0x2}, 0x1c) pipe2$9p(&(0x7f00000027c0), 0x0) r6 = socket$netlink(0x10, 0x3, 0xc) bind$netlink(r6, &(0x7f0000000000)={0x10, 0x0, 0x25dfdbfc, 0x8d98a1f4925e50fb}, 0xc) r7 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r7, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r8 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r8, &(0x7f0000002c80)={0xa, 0x14e24}, 0x1c) connect$inet6(r8, &(0x7f00000002c0)={0xa, 0x4e24}, 0x1c) sendmmsg(r8, &(0x7f00000092c0), 0x4ff, 0x0) sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, &(0x7f0000000b80)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f0000000340)=ANY=[@ANYBLOB="96839607cd7f87e0e203ce596c3408b8932e95a432846e30a75ee1c164dd20fe72832f9e651d7899e2418a256959a947d86c000000e24ca806d06c0be6815759203520c049f7eb9326dadfdc86613b7b4a091ba67540efe790d31f54be4e13f60d62271eb09eb31425b5cf4fb430c6cd02115ed06046432e3890afc4c70971917b90032e4fde05888c3797aaf7f64452c0ed9de6f8f4d6f6b3acf2c419e6833b597944b5ad40bc9c9895f13dc31fadc2b447b4a4bce7503d0d5d0ee1f38312e4572cb6b82d6cd806f65b1ec5", @ANYRES16=r4, @ANYBLOB="290a00000000fedbdf250100000008000100", @ANYRES32=r3, @ANYBLOB="1400020077673200"/20], 0x30}}, 0x0) 2.098212431s ago: executing program 3 (id=527): r0 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f00000001c0)='ns/cgroup\x00') setns(r0, 0x2000000) ioctl$UFFDIO_POISON(0xffffffffffffffff, 0xc020aa08, 0x0) 1.768358297s ago: executing program 3 (id=528): r0 = msgget$private(0x0, 0x480) msgrcv(r0, 0x0, 0x0, 0x1, 0x3000) r1 = syz_open_procfs(0x0, &(0x7f0000000140)='net/dev\x00') r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, r3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) read$FUSE(r1, &(0x7f0000000180)={0x2020}, 0x2020) r7 = socket$netlink(0x10, 0x3, 0x0) getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f00000001c0)={0x0, 0x0}, &(0x7f0000000080)=0xc) sendmsg$netlink(r7, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000000c00)=[{&(0x7f00000002c0)={0x2c, 0x2c, 0x1, 0x0, 0x0, "", [@typed={0x8, 0x0, 0x0, 0x0, @uid=r8}, @nested={0x9, 0x2, 0x0, 0x1, [@generic="976b640868"]}, @nested={0x5, 0x1, 0x0, 0x1, [@generic="13"]}]}, 0x2c}], 0x1}, 0xcc000) 1.547667715s ago: executing program 0 (id=529): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0xb}, 0x48) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='ext4_ext_remove_space_done\x00', r1}, 0x10) syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f00000005c0)='./file1\x00', 0x18000, &(0x7f0000000000), 0x80, 0x62d, &(0x7f0000000c40)="$eJzs3c9rHNcdAPDvzEqyZauVXUqpTUsFPdhQvJZcU7c92e6hPhhqqA8h5GBhSY7w+geWDLZjsAw5JJBACLmG4Ev+gZBr0DXkFgKJbzkHnBCc5JAEb5jZWWuz2rU3kla78Xw+MDNv3szue98dvZ03MzuaAEprKhulEfsi4lwSMdmybCIaC6eK9R5+fft8NiRRr///qySSIq+5/qNiujsbJY3XfHwy4neV9eUu3bx1cbZWb7gTcXj50tXDSzdvHVq8NHth/sL85Zkj/zx6bPpfMx9uTZy7i+mp0//70+svv/iPhU9qh5I4HmdHX5qLtji2ylTj040sxNb8kYg4liU6fC6wnSrF3+NoRPwhJqOSzzVMxuJrA60c0Ff1SmP/VB+rA6WTxKBrAAxGsx/QPLbvx3HwMHtwIhvf6BD/SHH0vjM/Ntr1MGk5MspyI/ZsQfkrEfHj7f1vZ0N0OQ8xsgXldC3/bkT8sdP2T/L49+SRZvGnkba8LktPF+c2svr9ZxN1SFrSvf393dlEaT/3S+Jv3Q5Z/MeLaZZ/ssv7P+0Uz1TbfNnaHwCDsXqi2JFnHZFY2/9lPcNm/yfa+z/19/NrQ+37ro3ovv9Lt+Ddny7v/4102v839/c783142tYPS2Ll2zOd33K0PePzV0+92a38qZb+XzZk5Tf7gj3YdNfwwd2I/W3xv5J/9Mnj7Z906P9mq5zrsYz/fvrlqW7LNhn/ptXvRRzoePyz1ivNUm3XJ5NoXp88OnN4YbE2P90Ydyzjg49eeLdb+YOOP9v+u7rE/6Ttn+Vd7bGM987cu9RI7Vi3bOKp8adfjCVn89RYPl5rXmPJ6WKVxuTG7PLytSNPrktznXw604j/4F87t/8u8ecHH+PNr8weXH3u4sNuyza5/R/Ve1yxmyz+uQ1u/zd6LOO756//uduy9fGvnZMY32hQAAAAAAAAUFJpfg02SauP02laLS68/T52pbUrS8t/W7hy/fJcxMH895CjafNK92RjPsnmZ4rfwzbnj7TN/z0i9kbEW5XxfL56/kptbtDBAwAAAAAAAAAAAAAAAAAAwJDYXdz//6h4Htg3lTStVgddK2Db9PMBc8Bw0/6hvPL2vz3PWwOGjP0/lFfH9u9LAUpBU4fy0v6hvLR/KC/tH8pL+4fy6t7+1y252++6AAAAAABbZu9fVu+PRMTKv8fzITNWLBsdaM2AftPGobwqg64AMDCPL/C7/R9Kp6f+//fFPwfsf3WAAUg6Zeadg/qTG/9qx1cCAAAAAAAAAAAAAH1wYN/q/cT9/1BKbvuD8trY/f+Vjb8UGBqd/vW/x4FAOTjGh5Lr4STAzm4L3P8PAAAAAAAAAAAAANtmIh+StFr8DHgi0rRajfhNROyJ0WRhsTY/HRG/jYjPKqM7svmZQVcaAAAAAAAAAAAAAAAAAAAAnjFLN29dnK3V5q+1Jn5Yl/NsJ5pPPB2W+rQmIul7EWm05YxHxDDE3p/ESEtOErGSbfmteOdk838/MQyfT5EY8BcTAAAAAAAAAAAAAAAAAACUUMu9x53tf2ebawQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA22/t+f/9Sww6RgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg1+mnAAAA//+EYjvS") 426.096186ms ago: executing program 3 (id=530): openat$vnet(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000500), 0x8200, 0x0) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @pix_mp={0x7, 0xfffffffe, 0x30314247, 0x0, 0x8, [{}, {}, {0x6}, {}, {}, {0x80000001}, {0x0, 0x40000000}, {0x0, 0xfffffffe}], 0x0, 0x0, 0x4, 0x2, 0x3}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x2, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sendmsg$IPSET_CMD_DESTROY(0xffffffffffffffff, 0x0, 0x0) read$msr(r1, &(0x7f0000019540)=""/102392, 0x18ff8) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[@ANYBLOB="14080000", @ANYRES16=r3, @ANYBLOB="0700000000000000000002000000"], 0x14}}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$RDMA_NLDEV_CMD_NEWLINK(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)=ANY=[], 0x38}, 0x1, 0x0, 0x0, 0x8000}, 0x4040) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$inet_udplite(0x2, 0x2, 0x88) prctl$PR_SET_SECUREBITS(0x1c, 0x1d) syz_open_dev$usbfs(&(0x7f0000000480), 0xd, 0x141341) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000340)={'bridge0\x00', 0x0}) r7 = socket(0x10, 0x80002, 0x0) connect$inet6(r7, 0x0, 0x0) sendmsg$nl_route(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[], 0x44}}, 0x0) write$binfmt_aout(0xffffffffffffffff, &(0x7f0000000340)=ANY=[], 0xff2e) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)=0x19) sendmsg$nl_route_sched(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x1, 0x2000000, 0x0, {0x0, 0x0, 0x0, r6, {}, {}, {0x9}}}, 0x24}}, 0x0) 198.441964ms ago: executing program 1 (id=531): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r3, &(0x7f00000007c0)={0x400000000000000, 0x0, &(0x7f0000000700)={&(0x7f0000001900)=ANY=[@ANYBLOB="020f000015000000000000000000040005000500000000000a00000000000000000000000000000000432e0000000000000000000000000008001200000002000000f1edc4ea00000600000000000000000000000000000000000000000000000000000000000000fc01000000000000000000000000810005000600000000000a00000000000000ff0200000000000000000000000000010000000000000000010018"], 0xa8}}, 0x40080) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x10, &(0x7f0000000480)={[{@grpjquota, 0x4a}, {@debug}, {@jqfmt_vfsold}, {@noblock_validity}, {@nolazytime}, {@usrjquota, 0x22}], [], 0x2c}, 0x84, 0x4c2, &(0x7f0000000980)="$eJzs3DtvHEUcAPD/rh+JSYxNeOYBMQSExcOOnWdBAwIpDRIIhEJpbCcKcRIUGymJLGwQCiXKJwBKJD4BFTQIqEC0IFqEFCE3CRRo0d7tOWff+fyIz0dyv5909uzu7M7Mzoy9M6O9ANrWQP4jidgZEb9GRF95c2mEgfKvmwuz438vzI4nkWVv/JWU4t1YmB2vRK2ct6PYGEwj0o+T2Fsn3enLV86OTU1NXiy2h2fOvTc8ffnK82fOjZ2ePD15fvT48cOHeo4dHT2yKeXszfO654ML+3afePvaq+Mnr73zw1d5frPi+PaaM/rXmUJHzZ6BGFh6L6s8tc6r/9/1VoWTzhZmhHXJW21eXV2l/t8XHXGr8vrilY9amjmgqbIsy7bV7F38XzafVUuS8gnAXSLRpaFNVf7R31jIR6qz49Xj+XZw/cUojYDyct8sPuUjnZHmY/j+8tioWR6IiJPz/3yWf2LZfAoAQDN8kz//PFd+7qh8ykfSeKgq3r3F2lB/RNwXEbsi4v7i+eXBiFLchyPikSVXn1s1/YFl27XPPz/3bLhwa5A//71QrG0tff5LK1H6O4qt3lL5u5JTZ6YmDxb3ZDC6tuXbI7WXXpxW+/blXz5dKf2Bque//JOnX3kWLPLxZ+eyCbqJsZmx2y13xfUPS1N6c7XlTxZXAvKRwe6I2LOB6+f37MwzX+6re7ByixuWv4FNWGfKvoh4ulz/87Gs/LnuIlR/fXLk2NHRI8PbY2ry4HClVdT68aerrxXBmqHE6vXfXHn937PY/su/y0cWVy77k+r12un1p3H1t09WHNNstP13J2+Wwt3FvktjMzMXRyK6k/na/aO3zr001rMkfl7+wQP1+/+uiH8/L87bGxF5I340Ih6LiP1F3h+PiCci4kCD8n//0pPv1qv7tZW/ufLyT9T9+7dS/a8/0HH2u69XSn9t9X+4FBos9kyMzdQu1y+z1gzezr0DAACAO8X+iNgZSTpUTMftjDQdGorYsTiDMj3z7KkL75+fKL8j0B9daWWmq69qPnSkmBvOt/OzRqu28+OHSvPGWZZlPaXtofELU72tLTq0vR0r9P/cH7WvtAB3m3Wto630RhtwR9r4Onq2qfkAtp73taF96f/Qvtbc/5v5JhzQEvX6/1zEzRZkBdhi9fr/Wy3IB7D1jP+hfen/0L5q+3/aknwAW+p23utvFNh1okGcpLM5ia4cSKPxtwD0R6zvgr+nEZuTw45NLWnPGup0e2xGWpGuGqezwRcxvF57w/PoW9Qk0q1tfo0D2yJilda72NjmKoErzc5Yq/8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAbI7/AgAA//+7BdPO") syz_mount_image$hfsplus(&(0x7f0000000040), &(0x7f00000004c0)='./file1\x00', 0x1804810, &(0x7f0000000140)=ANY=[], 0xfb, 0x69d, &(0x7f0000000640)="$eJzs3c1vHGcdB/DvrDd2Ni0hSZM2oEq1GgkQEYkTKy3mQkAI5VBVVTlwthKnseKkxXGRWyHi8HrtoX9AOeSCOCFx4hKpcOBCb70hH5GQuJQD4cKimZ211971Zt0mXpt+PtHs8zrPPPObl32xognwuXXlbJoPUuTK2VdWy/L6/dml9fuztzr5V5tJppKsJWW2kaT4d7vd/jC5nBQbwxTb0j7vL869/vEn63/vlJr1UvVvDFtvm7rf2rbqtW7ddJKJOv0Mtox39TOPV2zM/HKSM3UKY3coSXuLH/3l6Y2WHq1Bax/ekzkCT1bRed/scyw5Ul/o5eeA7jtvY29nN7qpEftt/wQBAAAAB031HbjZV72l5osP8zCrxdE9nBYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcaGubz/8v6qXRzU+n6D7/f7KuS53fX17YXfcHT2oeAAAAAAAAALCHXniYh1nN0W65XVR/83+xKpysXp/K27mThSznXFYzn5WsZDkXkhzrGWhydX5lZapbGrbmxUFrLl98xES7Q7cew04DAAAAAAAAwP+fn+XK5t//AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgPyiSiU6S4l5P9bE0mkkOJ5ksK9aSj7r5g+zBuCcAAAAAe2AqeZjVHO2W20VOJnm2+g3gcN7O7axkMStZykKuVb8LdL71N9bvzy6t35+9VS79437nn7uaRjViOr89DN7y6apHK9ezWNWcy9W8maVcS6Nas3S6nk931G3zulfOqfh27eXRZnatTss9f69O+9zd1c7uZJc/phyrInKoE5GJZKaeWxmN490jM/gI7fLobNlSFnIhjY3Jnty2pcmtO7M15ptDNoZt70idlvvzq51iPhadSPy33bGQiz1n37PDY5589Q+/++FMnd8/uzSaiTptV6+t/nNiticSz40SiRtLt2/euH7n7EGLRJ+ZKhKnNspX8v38IGczndeynMX8OPNZyUKm870qN18f/KLnkt8hUpe3lF571Ewm6zO0c7B2N6cXq3WPZjGv5s1cy0Jeqv5dzIW8nEu5lLmeI3xq+BGurvpG/1VfaX9h4OTPfK3OtJL8uk73hzKux3viunnWz1TxPr6lZjNKJ0aI0oB74zDNL9eZchs/f9SNdE9tj8SFnkg8MzwSv6luK3eWbt9cvjH/1mibO/FenSmvo18m0/vnRlKeLyfKg1WVpracHWXbMxttW+NVtp3caGv0tZ3KH9NsdreymLUdr9TJ+jNc/0gXq7bnBrbNVm2ne9oGfd4CYN878vUjk61/tP7a+qD1i9aN1iuHvzv1zannJ3PoT4e+1ZyZ+Erj+eL3+SA/3fz+DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfHp33nn35vzS0sLytky73b770eCmETPd59V8ytW3Z7pPhRqhc6b/9lTZdUDTRNp3d2h6UpkvPZ3s1bb2b+Y/7Xa7ril26PPbP28P1FTGFLr6OX/tfRG6MWXGdksC9sj5lVtvnb/zzrvfWLw1/8bCGwu35y5dmpuZu/TS7Pnri0sLM53Xcc8SeBI23/THPRMAAAAAAAAAAABgVI/5/wysDWoa9z4CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB9uVs2k+SJELM+dmyvL6/dmlcunmN3s2kzSSFD9Jig+Ty+ksOdYzXLHTdt5fnHv940/W/9XuqMer+jeGrTeatXrJdJKJTnrvcY13tU6HKobtQrGxh2XAznQDB+P2vwAAAP//eL8QGw==") link(0x0, 0x0) syz_mount_image$iso9660(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x2000c12, &(0x7f0000000680)={[{@hide}, {@dmode={'dmode', 0x3d, 0x9}}, {@session={'session', 0x3d, 0x23}}, {@utf8}, {@map_acorn}, {@check_strict}, {@mode={'mode', 0x3d, 0xc9}}, {@cruft}, {@map_off}, {@check_strict}, {@overriderock}, {@block={'block', 0x3d, 0x200}}, {@cruft}, {@nocompress}, {@cruft}, {@session={'session', 0x3d, 0x2e}}, {@gid}, {@sbsector={'sbsector', 0x3d, 0x3}}]}, 0x1, 0xa2f, &(0x7f00000018c0)="$eJzs3c1vXFdfB/DvHduJH/chydOGUqK2nqQkdVvj2A5NiLooiT1JXPyCbEdqxKIpjYOiGAotSG2F1FRCrFqBBGIBu4oVq0rdUBaoGwQ7umKBhPovVKzCyujOjO2xPeNxjGO76edjzcx9+d1zfnfuy/HM3JkTflxWjm8YW1mp33Y5fvMf9yFjDrGrk99/+dUX5e2zBzmSnrxe/FPSn6Sa9CZ5LumbmJyfm+lS0P3kdpJvkyLJ0TQed+R2ir/Mz9fHv03x92W9HR3Zacl0s8JP2kHvfwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcBgVE5Ojo2PFkUzN3ny72pBUt5iYnJ8rsrKydc7qMg3f1Hv9Lr7pWm9SlLf096929f3cyfXZzyapnsnzjbHn6x2Spz+fPPXsiTee6a2sLt8pm/+Xozsv9sOPP7n/7vLy0gdt5xbFHmZ1yDT2keu12amFuamZK9dr1amFuerlixdHz9+4tlC9NjVdW7i1sFibqU7M164szs1XhyZeqY5dvnyhWhu5NXdz9vrkyHRtdeKlXx8fHb1YfWvkd2pX5hfmZs+/NbIwcWNqenpq9no9ppxdxlwqd8TfnlqsLtauzFSrd+8tL13YlFlPNu2/ZdBYt/Upg8a7BY2Pjo+PjY2Pj33W7D17bcLF1y+/fml0tHd0k2yJeEw7LYfLzzpv5r0/icMuVRrtfzKdqczmZt5Ote3fRCYzn7nMdJjftNr+nz1f27batLT/zVa+t2X+qfLuTF5sjvZ3aP875LJ/fx/m43yS+3k3y1nOUj448Iz29+96apnNVBYyl6nM5Ep9SrU5pZrLuZiLGc07uZHBLKQ31zKV6dSykFtZyGJq9T1qIvOp5UoWM5f5VDOUibySasZyOZdzIdXUMpJbmcvNzOZ6JnOlXsrd3Ks/7xe2yXEtaGwnQePbBG1pzB+5/a9t/ueEJ1Bl2638GM7isDsrzfb/SPfQoYn9SAgAAADYc7/67zl28ul/+++kyAv1z+WvTU3XRg86LQAAAGAP1S/Xe7586CuHXkjh9T8AAAA8aYr6d+yKJAMZbAytfhPKmwAAAADwhKh//v9iisH1CV7/AwAAwBOm+2/sd40ohld//rd6p/F4pxnRGCsGrk1N10Ym5qbfGMu5+q8M1L9psKW0nqToq3/94NWcbkSdHmg8DqyXWNbZX0aNjbwxlldzprkiQy+VDy8NtYkcb0S+3Ih8uTWyJxsiL5SRAPCkO7NNe7zT9v/VDDcihk/Vm/zeUxva4J56yzqqZQWAw2Ktj53/bXZp1qb9b0a82Kn9/41tXv+XEU/n7mDjkoKRvJf3s5w7GU7zioPBdqWu9kbQuAxhuMu7AQPNSxa+u1TJ8Jb3A/rX1rU1dinjGW77jkBLucVqDhcacT2PZxsAwH47s207vNb+927X/g9v//q/pc11SSEAHAZrPdg/6sDgzoMPeh0BgI200gAAAAAAAAAAAAAAAAAAAAAAAAAAALD3dvQD/v9xLlleXkp221lAm4Hv/vWff6ljzOdPJf2PkuH2A5XsTc6Hf6AnyUHV/mYeealyGx+Wp87AxoEDPjEBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwL4qkp930SnI0yWiS8/uf1ePz4KAT2CvV3S1WPMzDfJRje50OAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBPXfP3/ytpPD7VmJTeSnI2ye0kv3vQOT6K/i7zH+5THofPH9TvW37/v5L0ZaVIb2Ozp+ibmJyfmyl3heJoOf/7L7/6orx1LPLT1YGtvSqUBZQ1bOhcollDy5S+jUv9or7UwOTSh/f/5P0/qk5ere+YVxevTU/OXJ//rfXAZ4uvG10gtHaDsJrvn539l79qmXykWfnX5Zq2t7nea/V6J7fW+yvtlu5Q7w7cW14aL2tarL29+Kd/WGmd9XROJy8NJUMba/r98tahptObn8+Nih+KvyiO5W9zu779y2ejWCnKTXS8vv4/u3tveWnkvfeX76zl9Om9j1oKOJHBJHc2HmVdchqsn0/aqu91lb6y1tF6UHl3skt522opcWz9ed2wDr+o7zIDj7QO1c7rUNfleW9mdGFzRivlQfLXf/xMzm27pY+2KfFclxrbKn4o/qu4kf/Mn7f0/1Ept//ZtD062xRRj2zZU1rnbTi8KmfX13y8dcY7m8vseFTyGHye38tvrm3/Ssv5v7mtOhw3a+ejN1smdjhuVg+tbY6Llhq3HBdN3Y6LrUfqPxzf0qKsqx9GJze1SM2zT6dlmnmebER1yPOX81rSe+qRziivdTmjdFt+t8f/3xVD+Z880P8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABw+BVJT7vpleRskhNJjpfj1WRlc8yDXdRXGSh2k+ae2U3OPz5FxxUtHuZhPsqx/c4IAAAAAAAAgMfj6uT3X371RXmrfx7fk1+rNOdUk94kJ4q/6ZuYnJ+b6VJQX3J79SP9/vYhHSbndnn38/Xxb8ux57rUd7CXDwDAj9r/BQAA//+CGm1g") r4 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x18) getdents(r4, &(0x7f0000001fc0)=""/184, 0xb8) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f0000000140), 0xfc, 0x594, &(0x7f00000009c0)="$eJzs3ctrG9caAPBv5Eecx712IIR7syiGLJqSRo7tPlLoIl2WNjTQ7ltjy8ZYjoIlh9gNNFk0m25KKJTSQB/77rsM/Qf6VwTaQCjBtJRsXEYexaot2ZYjW471+4Gic2YmOufTzHd8RiMxAXSt4fSfXMT/I+LLJGKwbl1vZCuH17ZbeXJrMn0ksbr64R9JJNmy2vZJ9nw8q/wvIn75POJ8bnO76aKJYrGwkNVHKvPXR8pLyxdm5ydmCjOFa2Pj45deHx9768032hbrK1f/+uaDB+9e+uLsytc/PTp5L4nLcSJbVx/Hc7hdXxmO4ew96YvLGzYcbUNjB0nS6Q6wKz1ZnvdFOgYMRk+W9Q2tDu5n14A99lma1kCXSuQ/dKnaPGAlvo/Izu87OyPZX4/fWTsBqn22sR5/79pnIzFQPTc6tpL868woPd8dakP7aRs//37/XvqI9n0OAbCt23ci4mJv7+bxL8nGv927uINtNrbRyvh3pPUuAXUepPOfVxvNf3LP5j/RYP5zvEHu7sb2+Z971IZmmkrnf29H4/gzQz1Z7T/VOV9fMj1bLKRj238j4lz0HZmeLZ5pcImr5pPcysPVZivr53/pI22/NhfM+vGod8NANzVRmXiuoOs8vhNxpuH8N4n+6vNAda67cf+n8V7dYRunC/dfarZu+/j31uoPES833P/rV7SSra9PjlSPh5HaUbHZn3dP/9qs/U7Hn+7/Y1vHP5SWykvLc9XrteXW2/hu4Gmh2brdHv/9yUfVcn+27OZEpbJwO6I/eX/z8rH1/1urV59H1+I/d3br8a/R8X80Tewdxn/31N36TQdai39vpfFPtbT/Wy88fO/Tb5u1v7P9/1q1dC5bspPxb6cdfJ73DgAAAAAAAA6aXESciCSXf1bO5fL5te93nIpjuWKpXDk/XVq8NhXV38oORV9uerZY6I213wrXvg8xmn0ftlYf21Afj4iTEfFVz9FqPT9ZKk51OngAAAAAAAAAAAAAAAAAAAA4II5HDDT6/X/qt55Nm7vlChw2W9zyGzjkmud/tqYdd3oCDqT1/P97w22BgcPO/B+6l/yH7tUg/wc70Q9g//n7D91L/kOXSuQ/dLNW8v/HK3vYEQAAAAAAAAAAAAAAAAAAAAAAAAAAADgcrl65kj5WV57cmkzrUzeWFudKNy5MFcpz+fnFyfxkaeF6fqZUmikW8pOl+e1er1gqXR8di8WbI5VCuTJSXlr+eL60eO1pdl/RQt++RAUAAAAAAAAAAAAAAAAAAAAvlvLS8txEsVhYUHjRC7nOtN7bhtc5slBe6o8D8B4qPCt0emQCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgHX/BAAA//82kEGu") 157.683197ms ago: executing program 4 (id=532): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x800001000088}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) readv(r0, &(0x7f0000000200)=[{&(0x7f0000003140)=""/4096, 0x8}], 0xe) 0s ago: executing program 0 (id=533): syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) keyctl$dh_compute(0x17, &(0x7f0000000000), 0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)={'sha1-ssse3\x00'}}) syz_usb_connect$hid(0x5, 0x0, 0x0, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x18, 0x0, 0x500) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='veno\x00', 0x5) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) sendmmsg(r1, &(0x7f000000bec0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f000000aa40)=[{0xc, 0x1}], 0xc}}], 0x2, 0x40840) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) add_key(&(0x7f00000013c0)='big_key\x00', &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000100)='[', 0xfe95, 0xffffffffffffffff) request_key(0x0, &(0x7f0000001400)={'syz', 0x0}, &(0x7f0000000000)='/\x00', 0x0) connect$unix(r2, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$packet(0x11, 0x2, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, &(0x7f00000001c0)={'batadv0\x00', 0x0}) sendto$packet(r4, &(0x7f0000000000)="10", 0x5e0, 0x20008040, &(0x7f0000000080)={0x11, 0x8100, r5, 0x1, 0x6, 0x6, @broadcast}, 0x14) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4c, 0x9, 0x6, 0x0, 0x3}, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f00000002c0)={@fallback, 0xffffffffffffffff, 0x2f, 0x5}, 0x20) r6 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301) ioctl$USBDEVFS_DISCONNECT_CLAIM(r6, 0x8108551b, &(0x7f0000000380)={0x0, 0x0, "5a77bd318786aeb879ca62cdab2a0000000086d85b25a5665a3247e500f61681905db88235f8a5447dd2a2ed6e91626f068881e50f6853772b21a100efb76cba37ff3111d6847e8b9398a646717af75fc008daefba68e6222103472bc55704cdb72b4b996ed831f3b802549db3a8ffff7d34171113d806726615380fe65a6a0a72e1ac2b60bd6276fd8bb6363d10f70da60fd53ded22c87eb2be010e4a62fb73c33424b437bb192c9d06ea6ed04983fe5c5ca033dfce0a82575ef14eee686be0fc58e384f93a13f4e8bbf599394baea3a9ca1864f0a35d6cc38fca32ad6b39905a9727d2001457df7be7e1aefe363590d1f600"}) ioctl$USBDEVFS_CLEAR_HALT(r6, 0xc0105502, &(0x7f0000000300)={0x1, 0x1}) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000002bc0)={0x0, 0x0, &(0x7f0000002b80)={&(0x7f0000002980)=@dellink={0x34, 0x11, 0x1, 0x70bd27, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0xc0, 0x1400}, [@IFLA_ALT_IFNAME={0x14, 0x35, 'wg2\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0x40000100}, 0x40004) r8 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0xcc540, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) preadv2(r8, 0x0, 0x0, 0x0, 0x0, 0x0) connect$bt_l2cap(0xffffffffffffffff, 0x0, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.140' (ED25519) to the list of known hosts. [ 80.992074][ T5777] cgroup: Unknown subsys name 'net' [ 81.127930][ T5777] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 82.884764][ T5777] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 84.520930][ T5789] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 84.539625][ T5789] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 84.558797][ T5789] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 84.567037][ T5789] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 84.579236][ T5789] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 84.588895][ T5789] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 84.619287][ T5104] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 84.639465][ T50] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 84.648046][ T50] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 84.657023][ T50] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 84.665245][ T50] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 84.689792][ T5797] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 84.698262][ T5797] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 84.706289][ T5797] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 84.729234][ T50] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 84.741349][ T50] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 84.753133][ T5789] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 84.760978][ T5789] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 84.761248][ T5797] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 84.787910][ T5797] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 84.796263][ T5797] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 84.816189][ T5797] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 84.824742][ T5797] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 84.838881][ T5797] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 85.217441][ T5786] chnl_net:caif_netlink_parms(): no params data found [ 85.332888][ T5798] chnl_net:caif_netlink_parms(): no params data found [ 85.420996][ T5790] chnl_net:caif_netlink_parms(): no params data found [ 85.504980][ T5786] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.512751][ T5786] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.520869][ T5786] bridge_slave_0: entered allmulticast mode [ 85.528387][ T5786] bridge_slave_0: entered promiscuous mode [ 85.559303][ T5786] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.566570][ T5786] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.574779][ T5786] bridge_slave_1: entered allmulticast mode [ 85.581925][ T5786] bridge_slave_1: entered promiscuous mode [ 85.638870][ T5794] chnl_net:caif_netlink_parms(): no params data found [ 85.661223][ T5786] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 85.673486][ T5786] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 85.724981][ T5798] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.732845][ T5798] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.741005][ T5798] bridge_slave_0: entered allmulticast mode [ 85.748246][ T5798] bridge_slave_0: entered promiscuous mode [ 85.794148][ T5798] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.801587][ T5798] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.809576][ T5798] bridge_slave_1: entered allmulticast mode [ 85.816835][ T5798] bridge_slave_1: entered promiscuous mode [ 85.852503][ T5786] team0: Port device team_slave_0 added [ 85.861452][ T5786] team0: Port device team_slave_1 added [ 85.878222][ T5790] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.885760][ T5790] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.893211][ T5790] bridge_slave_0: entered allmulticast mode [ 85.900825][ T5790] bridge_slave_0: entered promiscuous mode [ 85.937953][ T5790] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.945453][ T5790] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.953220][ T5790] bridge_slave_1: entered allmulticast mode [ 85.960941][ T5790] bridge_slave_1: entered promiscuous mode [ 85.996077][ T5798] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.046443][ T5786] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 86.054062][ T5786] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.081927][ T5786] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 86.096076][ T5786] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 86.103293][ T5786] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.129970][ T5786] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 86.144333][ T5798] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.169847][ T5790] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.179378][ T5794] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.186978][ T5794] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.195356][ T5794] bridge_slave_0: entered allmulticast mode [ 86.203008][ T5794] bridge_slave_0: entered promiscuous mode [ 86.217545][ T5794] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.225135][ T5794] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.232651][ T5794] bridge_slave_1: entered allmulticast mode [ 86.239847][ T5794] bridge_slave_1: entered promiscuous mode [ 86.261927][ T5790] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.308049][ T5798] team0: Port device team_slave_0 added [ 86.369973][ T5798] team0: Port device team_slave_1 added [ 86.379908][ T5794] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.392834][ T5790] team0: Port device team_slave_0 added [ 86.403642][ T5790] team0: Port device team_slave_1 added [ 86.415078][ T5786] hsr_slave_0: entered promiscuous mode [ 86.422509][ T5786] hsr_slave_1: entered promiscuous mode [ 86.458384][ T5794] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.543362][ T5790] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 86.550664][ T5790] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.577507][ T5790] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 86.590426][ T5798] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 86.597496][ T5798] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.623916][ T5798] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 86.652297][ T5790] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 86.659911][ T5790] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.686489][ T5790] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 86.690389][ T50] Bluetooth: hci0: command tx timeout [ 86.719408][ T5798] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 86.726438][ T5798] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.754193][ T50] Bluetooth: hci1: command tx timeout [ 86.754248][ T5798] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 86.774858][ T5794] team0: Port device team_slave_0 added [ 86.785168][ T5794] team0: Port device team_slave_1 added [ 86.828599][ T50] Bluetooth: hci2: command tx timeout [ 86.859520][ T5790] hsr_slave_0: entered promiscuous mode [ 86.866840][ T5790] hsr_slave_1: entered promiscuous mode [ 86.874098][ T5790] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 86.882749][ T5790] Cannot create hsr debugfs directory [ 86.908961][ T50] Bluetooth: hci3: command tx timeout [ 86.920816][ T5794] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 86.927904][ T5794] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.954375][ T5794] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 86.967485][ T5794] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 86.974519][ T5794] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.001184][ T5794] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.093612][ T5798] hsr_slave_0: entered promiscuous mode [ 87.100992][ T5798] hsr_slave_1: entered promiscuous mode [ 87.107304][ T5798] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 87.115596][ T5798] Cannot create hsr debugfs directory [ 87.294699][ T5794] hsr_slave_0: entered promiscuous mode [ 87.301625][ T5794] hsr_slave_1: entered promiscuous mode [ 87.308279][ T5794] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 87.317294][ T5794] Cannot create hsr debugfs directory [ 87.602334][ T5786] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 87.629795][ T5786] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 87.644709][ T5786] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 87.659094][ T5786] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 87.762924][ T5790] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 87.797865][ T5790] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 87.823728][ T5790] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 87.866881][ T5790] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 87.941335][ T5798] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 87.956344][ T5798] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 87.967460][ T5798] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 87.978199][ T5798] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 88.075729][ T5794] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 88.092675][ T5794] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 88.105366][ T5794] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 88.117534][ T5794] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 88.166761][ T5786] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.241427][ T5786] 8021q: adding VLAN 0 to HW filter on device team0 [ 88.313730][ T1070] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.321284][ T1070] bridge0: port 1(bridge_slave_0) entered forwarding state [ 88.338383][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.345914][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.394691][ T5798] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.418181][ T5790] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.484062][ T5798] 8021q: adding VLAN 0 to HW filter on device team0 [ 88.506400][ T5790] 8021q: adding VLAN 0 to HW filter on device team0 [ 88.543863][ T1070] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.551329][ T1070] bridge0: port 1(bridge_slave_0) entered forwarding state [ 88.562002][ T1070] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.569348][ T1070] bridge0: port 1(bridge_slave_0) entered forwarding state [ 88.584669][ T1144] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.592067][ T1144] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.614144][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.621463][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.640423][ T5794] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.748786][ T50] Bluetooth: hci0: command tx timeout [ 88.753599][ T5794] 8021q: adding VLAN 0 to HW filter on device team0 [ 88.793302][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.801278][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 88.829569][ T50] Bluetooth: hci1: command tx timeout [ 88.882483][ T1070] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.889825][ T1070] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.910672][ T50] Bluetooth: hci2: command tx timeout [ 88.988719][ T50] Bluetooth: hci3: command tx timeout [ 89.048311][ T5786] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.231347][ T5786] veth0_vlan: entered promiscuous mode [ 89.286044][ T5786] veth1_vlan: entered promiscuous mode [ 89.376894][ T5790] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.405293][ T5786] veth0_macvtap: entered promiscuous mode [ 89.425980][ T5798] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.454151][ T5786] veth1_macvtap: entered promiscuous mode [ 89.533489][ T5786] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 89.568284][ T5786] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 89.584736][ T5794] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.604124][ T5786] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.614915][ T5786] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.625068][ T5786] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.634838][ T5786] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.701726][ T5798] veth0_vlan: entered promiscuous mode [ 89.716255][ T5790] veth0_vlan: entered promiscuous mode [ 89.774855][ T5798] veth1_vlan: entered promiscuous mode [ 89.792239][ T5790] veth1_vlan: entered promiscuous mode [ 89.838407][ T1144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.857227][ T1144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.900174][ T1130] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.908847][ T1130] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.934961][ T5794] veth0_vlan: entered promiscuous mode [ 89.977883][ T5790] veth0_macvtap: entered promiscuous mode [ 90.003035][ T5790] veth1_macvtap: entered promiscuous mode [ 90.012331][ T5798] veth0_macvtap: entered promiscuous mode [ 90.026106][ T5798] veth1_macvtap: entered promiscuous mode [ 90.040774][ T5794] veth1_vlan: entered promiscuous mode [ 90.065244][ T5798] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 90.078084][ T5798] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.093112][ T5798] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.179803][ T5798] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 90.196248][ T5798] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.211576][ T5798] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 90.242088][ T5790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 90.254915][ T5790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.266776][ T5790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 90.277902][ T5790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.290080][ T5790] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.306392][ T5790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 90.319326][ T5790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.333968][ T5790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 90.345539][ T5790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.358264][ T5790] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 90.383721][ T5798] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.393289][ T5798] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.408115][ T5798] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.438392][ T5798] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.454283][ T5794] veth0_macvtap: entered promiscuous mode [ 90.467982][ T5790] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.478289][ T5790] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.491249][ T5790] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.500304][ T5790] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.519308][ T5794] veth1_macvtap: entered promiscuous mode [ 90.555450][ T5794] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 90.566629][ T5794] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.576857][ T5794] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 90.587838][ T5794] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.604635][ T5794] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 90.615473][ T5794] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.627540][ T5794] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.661230][ T5794] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 90.674124][ T5794] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.685284][ T5794] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 90.696716][ T5794] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.707944][ T5794] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 90.718800][ T5794] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.733037][ T5794] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 90.782981][ T5794] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.794247][ T5794] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.804835][ T5794] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.813979][ T5794] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.829799][ T50] Bluetooth: hci0: command tx timeout [ 90.908831][ T50] Bluetooth: hci1: command tx timeout [ 90.989536][ T50] Bluetooth: hci2: command tx timeout [ 91.045143][ T1144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.082067][ T1144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.112136][ T50] Bluetooth: hci3: command tx timeout [ 91.271812][ T1130] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.282219][ T1130] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.079772][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.087681][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.197337][ T1144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.236741][ T1144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.266619][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.293223][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.354229][ T23] cfg80211: failed to load regulatory.db [ 92.395166][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.412096][ T5891] syz.0.9[5891]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 92.425629][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.445139][ T5891] loop0: detected capacity change from 0 to 512 [ 92.538008][ T5891] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #13: comm syz.0.9: invalid indirect mapped block 10 (level 1) [ 92.653299][ T5891] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #13: comm syz.0.9: invalid indirect mapped block 8 (level 1) [ 92.699864][ T5891] EXT4-fs (loop0): 1 truncate cleaned up [ 92.724568][ T5891] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 92.818671][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 93.022682][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 93.031439][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 93.078562][ T0] NOHZ tick-stop error: local softirq work is pending, handler #82!!! [ 93.125082][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 93.125890][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 93.133825][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 93.227011][ T0] NOHZ tick-stop error: local softirq work is pending, handler #182!!! [ 93.227517][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 93.244608][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 94.872387][ T50] Bluetooth: hci0: command tx timeout [ 94.872516][ T5104] Bluetooth: hci2: command tx timeout [ 94.878007][ T50] Bluetooth: hci3: command tx timeout [ 94.883493][ T5797] Bluetooth: hci1: command tx timeout [ 95.294887][ T5786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 95.717245][ T5919] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 97.824368][ T5928] netlink: 4 bytes leftover after parsing attributes in process `syz.1.14'. [ 97.837959][ T5928] bridge_slave_1: left allmulticast mode [ 97.856168][ T5928] bridge_slave_1: left promiscuous mode [ 97.876286][ T5928] bridge0: port 2(bridge_slave_1) entered disabled state [ 97.953535][ T5928] bridge_slave_0: left allmulticast mode [ 97.961456][ T5928] bridge_slave_0: left promiscuous mode [ 97.979087][ T5928] bridge0: port 1(bridge_slave_0) entered disabled state [ 98.346280][ T5933] loop2: detected capacity change from 0 to 512 [ 98.484898][ T5933] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 98.698221][ T5933] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 98.767242][ T5933] ext4 filesystem being mounted at /1/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 99.177367][ T5941] netlink: 4 bytes leftover after parsing attributes in process `syz.3.17'. [ 100.649331][ T5947] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 100.676334][ T5946] loop1: detected capacity change from 0 to 1024 [ 100.695228][ T5946] ======================================================= [ 100.695228][ T5946] WARNING: The mand mount option has been deprecated and [ 100.695228][ T5946] and is ignored by this kernel. Remove the mand [ 100.695228][ T5946] option from the mount to silence this warning. [ 100.695228][ T5946] ======================================================= [ 100.730749][ C1] vkms_vblank_simulate: vblank timer overrun [ 100.755034][ T5946] EXT4-fs: Ignoring removed oldalloc option [ 100.796498][ T5946] EXT4-fs: Ignoring removed orlov option [ 100.815906][ T5948] loop0: detected capacity change from 0 to 128 [ 100.951775][ T5946] EXT4-fs (loop1): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 100.989922][ T5948] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 101.041024][ T5946] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 101.047663][ T5948] ext4 filesystem being mounted at /10/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 101.208925][ T5957] netlink: 312 bytes leftover after parsing attributes in process `syz.3.21'. [ 101.209960][ T5790] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 102.115132][ T5946] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:4031: comm syz.1.20: Allocating blocks 481-513 which overlap fs metadata [ 102.199435][ T5968] netlink: 8 bytes leftover after parsing attributes in process `syz.2.22'. [ 102.343621][ T5794] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 102.382294][ T5971] fuse: Unknown parameter 'fd0x0000000000000003' [ 102.483443][ T5786] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 104.231386][ T5979] loop1: detected capacity change from 0 to 256 [ 105.793173][ T5985] loop0: detected capacity change from 0 to 1024 [ 107.812913][ T48] hfsplus: b-tree write err: -5, ino 4 [ 108.335021][ T5999] loop0: detected capacity change from 0 to 8 [ 108.755137][ T5999] SQUASHFS error: zlib decompression failed, data probably corrupt [ 108.765982][ T5999] SQUASHFS error: Failed to read block 0x9b: -5 [ 108.772714][ T5999] SQUASHFS error: Unable to read metadata cache entry [99] [ 108.780567][ T5999] SQUASHFS error: Unable to read inode 0x127 [ 110.119003][ T6006] fuse: Unknown parameter 'fd0x0000000000000003' [ 112.742058][ T6018] netlink: 4 bytes leftover after parsing attributes in process `syz.1.28'. [ 114.119887][ T6025] loop3: detected capacity change from 0 to 256 [ 114.181355][ T6025] exfat: Unknown parameter '"' [ 114.324034][ T5796] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 114.369108][ T5825] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 115.190400][ T5825] usb 3-1: Using ep0 maxpacket: 16 [ 115.261450][ T5825] usb 3-1: config 0 has an invalid interface number: 105 but max is 0 [ 115.281585][ T5825] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 115.322161][ T6034] loop0: detected capacity change from 0 to 128 [ 115.338594][ T5825] usb 3-1: config 0 has no interface number 0 [ 115.368102][ T5825] usb 3-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28 [ 115.437669][ T5825] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 115.446395][ T5825] usb 3-1: Product: syz [ 115.453119][ T5825] usb 3-1: Manufacturer: syz [ 115.457783][ T5825] usb 3-1: SerialNumber: syz [ 115.474892][ T5825] usb 3-1: config 0 descriptor?? [ 115.529071][ T5825] usb 3-1: Found UVC 0.00 device syz (046d:08f3) [ 115.535745][ T5825] usb 3-1: No valid video chain found. [ 115.552000][ T6038] loop1: detected capacity change from 0 to 764 [ 115.650888][ T6040] syz.0.43: attempt to access beyond end of device [ 115.650888][ T6040] loop0: rw=2049, sector=145, nr_sectors = 464 limit=128 [ 115.920510][ T5825] usb 3-1: USB disconnect, device number 2 [ 116.957747][ T6047] fuse: Unknown parameter 'fd0x0000000000000003' [ 116.964928][ T6051] loop2: detected capacity change from 0 to 512 [ 116.980480][ T6051] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 117.079191][ T6051] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 117.208928][ T6051] EXT4-fs error (device loop2): ext4_validate_block_bitmap:439: comm syz.2.48: bg 0: block 384: padding at end of block bitmap is not set [ 117.331419][ T6051] EXT4-fs (loop2): Remounting filesystem read-only [ 117.371427][ T6051] EXT4-fs (loop2): 1 truncate cleaned up [ 117.422265][ T6051] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 117.659751][ T6063] netlink: 8 bytes leftover after parsing attributes in process `syz.3.51'. [ 119.051885][ T5790] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 119.248884][ T6066] netlink: 4 bytes leftover after parsing attributes in process `syz.0.49'. [ 119.271704][ T6066] bridge_slave_1: left allmulticast mode [ 119.277485][ T6066] bridge_slave_1: left promiscuous mode [ 119.306887][ T6066] bridge0: port 2(bridge_slave_1) entered disabled state [ 120.601205][ T6066] bridge_slave_0: left allmulticast mode [ 120.606917][ T6066] bridge_slave_0: left promiscuous mode [ 120.709305][ T6066] bridge0: port 1(bridge_slave_0) entered disabled state [ 125.072338][ T28] audit: type=1326 audit(1756497079.078:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6104 comm="syz.0.63" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa411f8ebe9 code=0x7ffc0000 [ 125.142946][ T28] audit: type=1326 audit(1756497079.108:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6104 comm="syz.0.63" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa411f8ebe9 code=0x7ffc0000 [ 125.174401][ T6105] loop0: detected capacity change from 0 to 128 [ 125.232557][ T28] audit: type=1326 audit(1756497079.118:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6104 comm="syz.0.63" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa411f8ebe9 code=0x7ffc0000 [ 125.268114][ T28] audit: type=1326 audit(1756497079.118:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6104 comm="syz.0.63" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa411f8ebe9 code=0x7ffc0000 [ 125.292524][ T28] audit: type=1326 audit(1756497079.118:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6104 comm="syz.0.63" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa411f8ebe9 code=0x7ffc0000 [ 125.315443][ T28] audit: type=1326 audit(1756497079.118:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6104 comm="syz.0.63" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fa411f8ebe9 code=0x7ffc0000 [ 125.362772][ T5796] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 125.458896][ T28] audit: type=1326 audit(1756497079.118:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6104 comm="syz.0.63" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa411f8ebe9 code=0x7ffc0000 [ 125.489506][ T6111] netlink: 4 bytes leftover after parsing attributes in process `syz.1.65'. [ 125.578696][ T28] audit: type=1326 audit(1756497079.148:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6104 comm="syz.0.63" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa411f8ebe9 code=0x7ffc0000 [ 125.683997][ T28] audit: type=1326 audit(1756497079.148:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6104 comm="syz.0.63" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa411f8ebe9 code=0x7ffc0000 [ 125.798984][ T28] audit: type=1326 audit(1756497079.148:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6104 comm="syz.0.63" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7fa411f8ebe9 code=0x7ffc0000 [ 127.056036][ T6125] loop0: detected capacity change from 0 to 128 [ 132.288655][ T6142] loop2: detected capacity change from 0 to 1024 [ 132.412349][ T5796] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 133.314629][ T1282] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.338571][ T1282] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.521606][ T6157] loop1: detected capacity change from 0 to 1024 [ 134.565699][ T6164] loop2: detected capacity change from 0 to 256 [ 134.586336][ T6164] exfat: Deprecated parameter 'namecase' [ 134.650935][ T6164] exFAT-fs (loop2): Medium has reported failures. Some data may be lost. [ 134.662290][ T6166] tmpfs: Bad value for 'uid' [ 134.695811][ T6164] exFAT-fs (loop2): Invalid exboot-signature(sector = 1): 0xaa000000 [ 134.720275][ T6164] exFAT-fs (loop2): Invalid boot checksum (boot checksum : 0x1119abd0, checksum : 0x1219aba6) [ 134.734972][ T6164] exFAT-fs (loop2): invalid boot region [ 136.469454][ T6164] exFAT-fs (loop2): failed to recognize exfat type [ 138.544488][ T6184] netlink: 4 bytes leftover after parsing attributes in process `syz.1.87'. [ 141.275667][ T6196] loop3: detected capacity change from 0 to 8 [ 141.439432][ T6196] SQUASHFS error: Failed to read block 0x4de: -5 [ 141.463803][ T6196] SQUASHFS error: Failed to read block 0x4de: -5 [ 141.482157][ T28] kauditd_printk_skb: 59 callbacks suppressed [ 141.482173][ T28] audit: type=1800 audit(1756497095.488:71): pid=6196 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.85" name="file1" dev="loop3" ino=5 res=0 errno=0 [ 143.358437][ C1] sched: RT throttling activated [ 145.097491][ T6222] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 146.084005][ T6223] loop3: detected capacity change from 0 to 1764 [ 146.118023][ T28] audit: type=1326 audit(1756497100.118:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6226 comm="syz.0.104" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa411f8ebe9 code=0x7ffc0000 [ 146.230599][ T6229] netlink: 4 bytes leftover after parsing attributes in process `syz.1.103'. [ 146.242171][ T28] audit: type=1326 audit(1756497100.118:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6226 comm="syz.0.104" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa411f8ebe9 code=0x7ffc0000 [ 146.355136][ T28] audit: type=1326 audit(1756497100.158:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6226 comm="syz.0.104" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7fa411f8ebe9 code=0x7ffc0000 [ 146.458073][ T28] audit: type=1326 audit(1756497100.158:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6226 comm="syz.0.104" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa411f8ebe9 code=0x7ffc0000 [ 147.514849][ T28] audit: type=1326 audit(1756497100.158:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6226 comm="syz.0.104" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa411f8ebe9 code=0x7ffc0000 [ 147.573761][ T28] audit: type=1326 audit(1756497100.158:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6226 comm="syz.0.104" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7fa411f8ebe9 code=0x7ffc0000 [ 147.619646][ T6237] loop3: detected capacity change from 0 to 256 [ 147.657505][ T6237] FAT-fs (loop3): Invalid FSINFO signature: 0x00fffff8, 0x00000000 (sector = 1) [ 147.669706][ T28] audit: type=1326 audit(1756497100.158:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6226 comm="syz.0.104" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa411f8ebe9 code=0x7ffc0000 [ 147.724271][ T50] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201' [ 147.735866][ T50] CPU: 1 PID: 50 Comm: kworker/u5:0 Not tainted syzkaller #0 [ 147.743332][ T50] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 147.753671][ T50] Workqueue: hci3 hci_rx_work [ 147.758517][ T50] Call Trace: [ 147.761858][ T50] [ 147.764820][ T50] dump_stack_lvl+0x16c/0x230 [ 147.769666][ T50] ? show_regs_print_info+0x20/0x20 [ 147.775344][ T50] ? load_image+0x3b0/0x3b0 [ 147.779889][ T50] sysfs_create_dir_ns+0x256/0x280 [ 147.785049][ T50] ? hci_rx_work+0x43a/0xd80 [ 147.789680][ T50] ? sysfs_warn_dup+0xa0/0xa0 [ 147.794395][ T50] ? do_raw_spin_unlock+0x121/0x230 [ 147.799714][ T50] kobject_add_internal+0x6b8/0xc70 [ 147.804938][ T50] kobject_add+0x156/0x220 [ 147.809390][ T50] ? __rwlock_init+0x150/0x150 [ 147.814195][ T50] ? kobject_init+0x1e0/0x1e0 [ 147.818892][ T50] ? _raw_spin_unlock+0x28/0x40 [ 147.823828][ T50] ? get_device_parent+0x366/0x390 [ 147.829063][ T50] device_add+0x408/0xc20 [ 147.833602][ T50] hci_conn_add_sysfs+0xd5/0x1e0 [ 147.838572][ T50] le_conn_complete_evt+0xc37/0x1220 [ 147.843925][ T50] ? hci_event_packet+0x4a7/0x1210 [ 147.849098][ T50] ? hci_le_big_info_adv_report_evt+0x8e0/0x8e0 [ 147.855349][ T50] ? __copy_skb_header+0xa7/0x550 [ 147.860478][ T50] ? __mutex_unlock_slowpath+0x1a2/0x6a0 [ 147.866236][ T50] ? skb_pull_data+0xfb/0x200 [ 147.870948][ T50] hci_le_conn_complete_evt+0x187/0x440 [ 147.876516][ T50] ? hci_remote_host_features_evt+0x160/0x160 [ 147.882609][ T50] hci_event_packet+0x795/0x1210 [ 147.887570][ T50] ? bis_list+0x290/0x290 [ 147.891923][ T50] ? lockdep_hardirqs_on+0x98/0x150 [ 147.897262][ T50] ? hci_send_to_monitor+0xd7/0x4f0 [ 147.902483][ T50] hci_rx_work+0x43a/0xd80 [ 147.906921][ T50] ? process_scheduled_works+0x957/0x15b0 [ 147.912655][ T50] process_scheduled_works+0xa45/0x15b0 [ 147.918253][ T50] ? assign_work+0x400/0x400 [ 147.923056][ T50] ? assign_work+0x39e/0x400 [ 147.927695][ T50] worker_thread+0xa55/0xfc0 [ 147.932392][ T50] kthread+0x2fa/0x390 [ 147.936498][ T50] ? pr_cont_work+0x560/0x560 [ 147.941197][ T50] ? kthread_blkcg+0xd0/0xd0 [ 147.945801][ T50] ret_from_fork+0x48/0x80 [ 147.950465][ T50] ? kthread_blkcg+0xd0/0xd0 [ 147.955188][ T50] ret_from_fork_asm+0x11/0x20 [ 147.960179][ T50] [ 147.964867][ T50] kobject: kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 147.979435][ T50] Bluetooth: hci3: failed to register connection device [ 148.030177][ T28] audit: type=1326 audit(1756497100.158:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6226 comm="syz.0.104" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa411f8ebe9 code=0x7ffc0000 [ 148.053382][ T28] audit: type=1326 audit(1756497100.158:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6226 comm="syz.0.104" exe="/root/syz-executor" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7fa411f8ebe9 code=0x7ffc0000 [ 148.083339][ T28] audit: type=1326 audit(1756497100.158:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6226 comm="syz.0.104" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa411f8ebe9 code=0x7ffc0000 [ 149.298951][ T28] audit: type=1326 audit(1756497100.158:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6226 comm="syz.0.104" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa411f8ebe9 code=0x7ffc0000 [ 149.378748][ T28] audit: type=1326 audit(1756497100.158:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6226 comm="syz.0.104" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fa411f8ebe9 code=0x7ffc0000 [ 149.479530][ T28] audit: type=1326 audit(1756497100.158:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6226 comm="syz.0.104" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa411f8ebe9 code=0x7ffc0000 [ 149.554246][ T28] audit: type=1326 audit(1756497100.158:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6226 comm="syz.0.104" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa411f8ebe9 code=0x7ffc0000 [ 152.269493][ T50] Bluetooth: hci3: command tx timeout [ 152.877402][ T6269] loop2: detected capacity change from 0 to 1024 [ 152.991607][ T6269] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (51269!=20869) [ 154.709609][ T6269] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 154.848712][ T6269] EXT4-fs error (device loop2): ext4_get_journal_inode:5807: inode #32: comm syz.2.116: iget: special inode unallocated [ 154.916193][ T6269] EXT4-fs (loop2): no journal found [ 154.968702][ T6269] EXT4-fs (loop2): can't get journal size [ 155.004556][ T6269] EXT4-fs (loop2): filesystem is read-only [ 155.050657][ T6269] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 155.182811][ T6269] EXT4-fs (loop2): shut down requested (2) [ 156.927673][ T50] Bluetooth: hci3: command 0x0406 tx timeout [ 156.980116][ T5790] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 158.058747][ T6289] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 158.134207][ T6292] netlink: 4 bytes leftover after parsing attributes in process `syz.2.122'. [ 158.157577][ T6292] bridge_slave_1: left allmulticast mode [ 158.174339][ T6292] bridge_slave_1: left promiscuous mode [ 158.186726][ T6295] loop1: detected capacity change from 0 to 512 [ 158.230287][ T6295] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 158.264481][ T6292] bridge0: port 2(bridge_slave_1) entered disabled state [ 158.304687][ T6295] EXT4-fs error (device loop1): ext4_orphan_get:1399: inode #17: comm syz.1.120: iget: bad i_size value: -6917529027641081756 [ 158.356058][ T6295] EXT4-fs error (device loop1): ext4_orphan_get:1404: comm syz.1.120: couldn't read orphan inode 17 (err -117) [ 158.374029][ T6292] bridge_slave_0: left allmulticast mode [ 158.391742][ T6292] bridge_slave_0: left promiscuous mode [ 158.393594][ T6295] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 158.418809][ T6292] bridge0: port 1(bridge_slave_0) entered disabled state [ 158.730828][ T6295] EXT4-fs error (device loop1): ext4_validate_block_bitmap:439: comm syz.1.120: bg 0: block 65: padding at end of block bitmap is not set [ 158.769596][ T6295] __quota_error: 9 callbacks suppressed [ 158.769653][ T6295] Quota error (device loop1): write_blk: dquota write failed [ 158.865060][ T6295] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 158.883390][ T6295] EXT4-fs error (device loop1): ext4_acquire_dquot:6940: comm syz.1.120: Failed to acquire dquot type 0 [ 159.043389][ T5794] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 160.470908][ T5797] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201' [ 160.481599][ T5797] CPU: 0 PID: 5797 Comm: kworker/u5:4 Not tainted syzkaller #0 [ 160.489217][ T5797] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 160.499315][ T5797] Workqueue: hci0 hci_rx_work [ 160.504096][ T5797] Call Trace: [ 160.507422][ T5797] [ 160.510391][ T5797] dump_stack_lvl+0x16c/0x230 [ 160.515216][ T5797] ? show_regs_print_info+0x20/0x20 [ 160.520654][ T5797] ? load_image+0x3b0/0x3b0 [ 160.525214][ T5797] sysfs_create_dir_ns+0x256/0x280 [ 160.530484][ T5797] ? hci_rx_work+0x43a/0xd80 [ 160.535139][ T5797] ? sysfs_warn_dup+0xa0/0xa0 [ 160.539906][ T5797] ? do_raw_spin_unlock+0x121/0x230 [ 160.545174][ T5797] kobject_add_internal+0x6b8/0xc70 [ 160.550450][ T5797] kobject_add+0x156/0x220 [ 160.554929][ T5797] ? __rwlock_init+0x150/0x150 [ 160.559763][ T5797] ? kobject_init+0x1e0/0x1e0 [ 160.564542][ T5797] ? _raw_spin_unlock+0x28/0x40 [ 160.569730][ T5797] ? get_device_parent+0x366/0x390 [ 160.574947][ T5797] device_add+0x408/0xc20 [ 160.580047][ T5797] hci_conn_add_sysfs+0xd5/0x1e0 [ 160.585085][ T5797] le_conn_complete_evt+0xc37/0x1220 [ 160.590694][ T5797] ? hci_event_packet+0x4a7/0x1210 [ 160.596078][ T5797] ? hci_le_big_info_adv_report_evt+0x8e0/0x8e0 [ 160.602387][ T5797] ? __copy_skb_header+0xa7/0x550 [ 160.607497][ T5797] ? __mutex_unlock_slowpath+0x1a2/0x6a0 [ 160.613289][ T5797] ? skb_pull_data+0xfb/0x200 [ 160.618034][ T5797] hci_le_conn_complete_evt+0x187/0x440 [ 160.623705][ T5797] ? hci_remote_host_features_evt+0x160/0x160 [ 160.629917][ T5797] hci_event_packet+0x795/0x1210 [ 160.634927][ T5797] ? bis_list+0x290/0x290 [ 160.639374][ T5797] ? lockdep_hardirqs_on+0x98/0x150 [ 160.644859][ T5797] ? hci_send_to_monitor+0xd7/0x4f0 [ 160.650269][ T5797] hci_rx_work+0x43a/0xd80 [ 160.654744][ T5797] ? process_scheduled_works+0x957/0x15b0 [ 160.660479][ T5797] process_scheduled_works+0xa45/0x15b0 [ 160.666058][ T5797] ? assign_work+0x400/0x400 [ 160.670669][ T5797] ? assign_work+0x39e/0x400 [ 160.675387][ T5797] worker_thread+0xa55/0xfc0 [ 160.679992][ T5797] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 160.685921][ T5797] ? _raw_spin_unlock+0x40/0x40 [ 160.690807][ T5797] ? _raw_spin_unlock_irqrestore+0x86/0x110 [ 160.696921][ T5797] kthread+0x2fa/0x390 [ 160.701109][ T5797] ? pr_cont_work+0x560/0x560 [ 160.705928][ T5797] ? kthread_blkcg+0xd0/0xd0 [ 160.710577][ T5797] ret_from_fork+0x48/0x80 [ 160.715140][ T5797] ? kthread_blkcg+0xd0/0xd0 [ 160.719920][ T5797] ret_from_fork_asm+0x11/0x20 [ 160.725364][ T5797] [ 160.736383][ T5797] kobject: kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 160.750829][ T5797] Bluetooth: hci0: failed to register connection device [ 161.806824][ T6318] loop1: detected capacity change from 0 to 256 [ 162.320670][ C0] vkms_vblank_simulate: vblank timer overrun [ 162.435467][ C0] vkms_vblank_simulate: vblank timer overrun [ 163.607316][ T6318] FAT-fs (loop1): Invalid FSINFO signature: 0x00fffff8, 0x00000000 (sector = 1) [ 163.666444][ T5797] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201' [ 163.676543][ T5797] CPU: 0 PID: 5797 Comm: kworker/u5:4 Not tainted syzkaller #0 [ 163.684205][ T5797] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 163.694443][ T5797] Workqueue: hci2 hci_rx_work [ 163.699291][ T5797] Call Trace: [ 163.701050][ T6324] loop3: detected capacity change from 0 to 1024 [ 163.702611][ T5797] [ 163.711956][ T5797] dump_stack_lvl+0x16c/0x230 [ 163.717048][ T5797] ? show_regs_print_info+0x20/0x20 [ 163.722381][ T5797] ? load_image+0x3b0/0x3b0 [ 163.726960][ T5797] sysfs_create_dir_ns+0x256/0x280 [ 163.732395][ T5797] ? hci_rx_work+0x43a/0xd80 [ 163.733470][ T50] Bluetooth: hci3: unexpected event for opcode 0x0000 [ 163.737016][ T5797] ? sysfs_warn_dup+0xa0/0xa0 [ 163.748529][ T5797] ? do_raw_spin_unlock+0x121/0x230 [ 163.753789][ T5797] kobject_add_internal+0x6b8/0xc70 [ 163.759236][ T5797] kobject_add+0x156/0x220 [ 163.763739][ T5797] ? __rwlock_init+0x150/0x150 [ 163.768576][ T5797] ? kobject_init+0x1e0/0x1e0 [ 163.773509][ T5797] ? _raw_spin_unlock+0x28/0x40 [ 163.778437][ T5797] ? get_device_parent+0x366/0x390 [ 163.783614][ T5797] device_add+0x408/0xc20 [ 163.788001][ T5797] hci_conn_add_sysfs+0xd5/0x1e0 [ 163.793094][ T5797] le_conn_complete_evt+0xc37/0x1220 [ 163.798525][ T5797] ? hci_event_packet+0x4a7/0x1210 [ 163.803673][ T5797] ? hci_le_big_info_adv_report_evt+0x8e0/0x8e0 [ 163.809941][ T5797] ? __copy_skb_header+0xa7/0x550 [ 163.815009][ T5797] ? __mutex_unlock_slowpath+0x1a2/0x6a0 [ 163.820675][ T5797] ? skb_pull_data+0xfb/0x200 [ 163.825422][ T5797] hci_le_conn_complete_evt+0x187/0x440 [ 163.831084][ T5797] ? hci_remote_host_features_evt+0x160/0x160 [ 163.837210][ T5797] hci_event_packet+0x795/0x1210 [ 163.842215][ T5797] ? bis_list+0x290/0x290 [ 163.846564][ T5797] ? lockdep_hardirqs_on+0x98/0x150 [ 163.851790][ T5797] ? hci_send_to_monitor+0xd7/0x4f0 [ 163.857021][ T5797] hci_rx_work+0x43a/0xd80 [ 163.861492][ T5797] ? process_scheduled_works+0x957/0x15b0 [ 163.867227][ T5797] process_scheduled_works+0xa45/0x15b0 [ 163.872824][ T5797] ? assign_work+0x400/0x400 [ 163.877452][ T5797] ? assign_work+0x39e/0x400 [ 163.882282][ T5797] worker_thread+0xa55/0xfc0 [ 163.886909][ T5797] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 163.892845][ T5797] ? _raw_spin_unlock+0x40/0x40 [ 163.897812][ T5797] ? _raw_spin_unlock_irqrestore+0x86/0x110 [ 163.903764][ T5797] kthread+0x2fa/0x390 [ 163.907939][ T5797] ? pr_cont_work+0x560/0x560 [ 163.912645][ T5797] ? kthread_blkcg+0xd0/0xd0 [ 163.917283][ T5797] ret_from_fork+0x48/0x80 [ 163.921717][ T5797] ? kthread_blkcg+0xd0/0xd0 [ 163.926336][ T5797] ret_from_fork_asm+0x11/0x20 [ 163.931139][ T5797] [ 163.934246][ C0] vkms_vblank_simulate: vblank timer overrun [ 163.953390][ T5797] kobject: kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 163.967646][ T5797] Bluetooth: hci2: failed to register connection device [ 164.415142][ T6331] loop1: detected capacity change from 0 to 128 [ 167.790096][ T5797] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 167.799789][ T5797] Bluetooth: hci3: Injecting HCI hardware error event [ 167.811225][ T50] Bluetooth: hci3: hardware error 0x00 [ 169.111512][ T6353] loop2: detected capacity change from 0 to 256 [ 169.155617][ T6353] FAT-fs (loop2): Invalid FSINFO signature: 0x00fffff8, 0x00000000 (sector = 1) [ 169.230657][ T5789] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201' [ 169.241758][ T5789] CPU: 1 PID: 5789 Comm: kworker/u5:2 Not tainted syzkaller #0 [ 169.249389][ T5789] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 169.259514][ T5789] Workqueue: hci1 hci_rx_work [ 169.264343][ T5789] Call Trace: [ 169.267769][ T5789] [ 169.270864][ T5789] dump_stack_lvl+0x16c/0x230 [ 169.275578][ T5789] ? show_regs_print_info+0x20/0x20 [ 169.280884][ T5789] ? load_image+0x3b0/0x3b0 [ 169.285433][ T5789] sysfs_create_dir_ns+0x256/0x280 [ 169.290576][ T5789] ? hci_rx_work+0x43a/0xd80 [ 169.295186][ T5789] ? sysfs_warn_dup+0xa0/0xa0 [ 169.299894][ T5789] ? do_raw_spin_unlock+0x121/0x230 [ 169.305146][ T5789] kobject_add_internal+0x6b8/0xc70 [ 169.310404][ T5789] kobject_add+0x156/0x220 [ 169.314873][ T5789] ? __rwlock_init+0x150/0x150 [ 169.319750][ T5789] ? kobject_init+0x1e0/0x1e0 [ 169.324462][ T5789] ? _raw_spin_unlock+0x28/0x40 [ 169.329358][ T5789] ? get_device_parent+0x366/0x390 [ 169.334535][ T5789] device_add+0x408/0xc20 [ 169.338919][ T5789] hci_conn_add_sysfs+0xd5/0x1e0 [ 169.343931][ T5789] le_conn_complete_evt+0xc37/0x1220 [ 169.349276][ T5789] ? hci_event_packet+0x4a7/0x1210 [ 169.354435][ T5789] ? hci_le_big_info_adv_report_evt+0x8e0/0x8e0 [ 169.360704][ T5789] ? __copy_skb_header+0xa7/0x550 [ 169.365838][ T5789] ? __mutex_unlock_slowpath+0x1a2/0x6a0 [ 169.371803][ T5789] ? skb_pull_data+0xfb/0x200 [ 169.376597][ T5789] hci_le_conn_complete_evt+0x187/0x440 [ 169.382253][ T5789] ? hci_remote_host_features_evt+0x160/0x160 [ 169.388367][ T5789] hci_event_packet+0x795/0x1210 [ 169.393367][ T5789] ? bis_list+0x290/0x290 [ 169.397728][ T5789] ? lockdep_hardirqs_on+0x98/0x150 [ 169.402995][ T5789] ? hci_send_to_monitor+0xd7/0x4f0 [ 169.408216][ T5789] hci_rx_work+0x43a/0xd80 [ 169.412687][ T5789] ? process_scheduled_works+0x957/0x15b0 [ 169.418472][ T5789] process_scheduled_works+0xa45/0x15b0 [ 169.424107][ T5789] ? assign_work+0x400/0x400 [ 169.428783][ T5789] ? assign_work+0x39e/0x400 [ 169.433425][ T5789] worker_thread+0xa55/0xfc0 [ 169.438267][ T5789] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 169.444197][ T5789] ? _raw_spin_unlock+0x40/0x40 [ 169.449120][ T5789] ? _raw_spin_unlock_irqrestore+0x86/0x110 [ 169.455165][ T5789] kthread+0x2fa/0x390 [ 169.459258][ T5789] ? pr_cont_work+0x560/0x560 [ 169.464068][ T5789] ? kthread_blkcg+0xd0/0xd0 [ 169.468692][ T5789] ret_from_fork+0x48/0x80 [ 169.473228][ T5789] ? kthread_blkcg+0xd0/0xd0 [ 169.477920][ T5789] ret_from_fork_asm+0x11/0x20 [ 169.482853][ T5789] [ 169.488014][ T5789] kobject: kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 169.502385][ T5789] Bluetooth: hci1: failed to register connection device [ 169.540664][ T6356] loop1: detected capacity change from 0 to 1024 [ 169.555146][ T6357] loop3: detected capacity change from 0 to 128 [ 169.599285][ T6356] EXT4-fs: Ignoring removed oldalloc option [ 169.681913][ T6356] EXT4-fs: Ignoring removed orlov option [ 169.710525][ T6356] EXT4-fs (loop1): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 169.753342][ T6356] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 169.890690][ T50] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 170.229114][ T50] Bluetooth: hci2: command 0x0406 tx timeout [ 170.279427][ T6363] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 172.370951][ T6379] loop3: detected capacity change from 0 to 1024 [ 174.266542][ T5794] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 174.337854][ T6387] loop3: detected capacity change from 0 to 512 [ 174.361012][ T6387] EXT4-fs: Ignoring removed nobh option [ 174.449719][ T6387] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 174.621019][ T6387] EXT4-fs error (device loop3): ext4_orphan_get:1399: inode #15: comm syz.3.151: iget: bad i_size value: 38620345925642 [ 174.707415][ T6387] EXT4-fs error (device loop3): ext4_orphan_get:1404: comm syz.3.151: couldn't read orphan inode 15 (err -117) [ 174.729910][ T6387] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 174.822143][ T6387] EXT4-fs error (device loop3): ext4_lookup:1858: inode #15: comm syz.3.151: iget: bad i_size value: 38620345925642 [ 174.837905][ T6391] netlink: 12 bytes leftover after parsing attributes in process `syz.1.152'. [ 174.855690][ T6391] netlink: 20 bytes leftover after parsing attributes in process `syz.1.152'. [ 174.868119][ T6387] EXT4-fs error (device loop3): ext4_lookup:1858: inode #15: comm syz.3.151: iget: bad i_size value: 38620345925642 [ 174.934276][ T5798] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 174.978053][ T6397] loop1: detected capacity change from 0 to 2048 [ 175.046240][ T6397] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 175.063859][ T6399] loop3: detected capacity change from 0 to 128 [ 177.038573][ T50] Bluetooth: hci1: command 0x0406 tx timeout [ 177.139249][ T6414] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 177.146931][ T6414] IPv6: NLM_F_CREATE should be set when creating new route [ 178.240661][ T6424] loop1: detected capacity change from 0 to 1024 [ 178.514909][ T6430] netlink: 12 bytes leftover after parsing attributes in process `syz.3.163'. [ 179.228616][ T5797] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 179.237404][ T5797] Bluetooth: hci0: Injecting HCI hardware error event [ 179.246635][ T50] Bluetooth: hci2: unexpected event for opcode 0x0000 [ 179.257990][ T6432] loop1: detected capacity change from 0 to 1024 [ 179.261393][ T50] Bluetooth: hci0: hardware error 0x00 [ 179.326768][ T6432] syz.1.164: attempt to access beyond end of device [ 179.326768][ T6432] loop1: rw=2049, sector=5778, nr_sectors = 2 limit=1024 [ 179.428766][ T6432] Buffer I/O error on dev loop1, logical block 2889, lost async page write [ 179.487835][ T6432] syz.1.164: attempt to access beyond end of device [ 179.487835][ T6432] loop1: rw=2049, sector=393216, nr_sectors = 2 limit=1024 [ 179.508739][ T6432] Buffer I/O error on dev loop1, logical block 196608, lost async page write [ 179.528581][ T6432] syz.1.164: attempt to access beyond end of device [ 179.528581][ T6432] loop1: rw=2049, sector=393218, nr_sectors = 2 limit=1024 [ 179.546689][ T6432] Buffer I/O error on dev loop1, logical block 196609, lost async page write [ 179.565132][ T6432] syz.1.164: attempt to access beyond end of device [ 179.565132][ T6432] loop1: rw=2049, sector=393220, nr_sectors = 2 limit=1024 [ 179.582507][ T6432] Buffer I/O error on dev loop1, logical block 196610, lost async page write [ 179.593400][ T6432] syz.1.164: attempt to access beyond end of device [ 179.593400][ T6432] loop1: rw=2049, sector=393222, nr_sectors = 8 limit=1024 [ 180.088953][ T6442] loop2: detected capacity change from 0 to 128 [ 180.187437][ T6442] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x00067272 (sector = 1) [ 180.501742][ T6442] FAT-fs (loop2): FAT read failed (blocknr 128) [ 181.825875][ T50] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 182.242212][ T42] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x00067272 (sector = 1) [ 182.708307][ T6459] loop3: detected capacity change from 0 to 512 [ 182.717166][ T6458] netlink: 12 bytes leftover after parsing attributes in process `syz.1.172'. [ 182.741999][ T6458] netlink: 16 bytes leftover after parsing attributes in process `syz.1.172'. [ 182.824917][ T5796] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 183.065006][ T6463] loop3: detected capacity change from 0 to 256 [ 183.092098][ T6463] FAT-fs (loop3): Invalid FSINFO signature: 0x00fffff8, 0x00000000 (sector = 1) [ 183.308840][ T50] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 183.317581][ T50] Bluetooth: hci2: Injecting HCI hardware error event [ 183.326074][ T50] Bluetooth: hci2: hardware error 0x00 [ 185.269322][ T6475] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 185.276750][ T6475] IPv6: NLM_F_CREATE should be set when creating new route [ 187.233754][ T50] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 188.594673][ T6502] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 188.601992][ T6502] IPv6: NLM_F_CREATE should be set when creating new route [ 192.629798][ T6515] loop3: detected capacity change from 0 to 1024 [ 192.741359][ T6515] syz.3.181: attempt to access beyond end of device [ 192.741359][ T6515] loop3: rw=2049, sector=5778, nr_sectors = 2 limit=1024 [ 192.798474][ T6515] Buffer I/O error on dev loop3, logical block 2889, lost async page write [ 192.807204][ T6515] syz.3.181: attempt to access beyond end of device [ 192.807204][ T6515] loop3: rw=2049, sector=393216, nr_sectors = 2 limit=1024 [ 192.890451][ T6515] Buffer I/O error on dev loop3, logical block 196608, lost async page write [ 192.952490][ T6515] syz.3.181: attempt to access beyond end of device [ 192.952490][ T6515] loop3: rw=2049, sector=393218, nr_sectors = 2 limit=1024 [ 193.003387][ T6515] Buffer I/O error on dev loop3, logical block 196609, lost async page write [ 193.032211][ T6515] syz.3.181: attempt to access beyond end of device [ 193.032211][ T6515] loop3: rw=2049, sector=393220, nr_sectors = 2 limit=1024 [ 193.108586][ T6515] Buffer I/O error on dev loop3, logical block 196610, lost async page write [ 193.119911][ T6515] syz.3.181: attempt to access beyond end of device [ 193.119911][ T6515] loop3: rw=2049, sector=393222, nr_sectors = 8 limit=1024 [ 194.364048][ T6531] Driver unsupported XDP return value 0 on prog (id 25) dev N/A, expect packet loss! [ 194.619398][ T6535] loop3: detected capacity change from 0 to 256 [ 194.753329][ T1282] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.759833][ T1282] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.925520][ T6533] loop3: detected capacity change from 0 to 512 [ 194.963289][ T6533] ext2: Unknown parameter 'smackfsroot' [ 199.651766][ T6554] loop1: detected capacity change from 0 to 128 [ 199.798719][ T28] audit: type=1800 audit(1756497153.798:95): pid=6554 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.202" name="file1" dev="loop1" ino=1048612 res=0 errno=0 [ 199.834867][ T6554] FAT-fs (loop1): error, invalid FAT chain (i_pos 548, last_block 8) [ 199.890739][ T6554] FAT-fs (loop1): Filesystem has been set read-only [ 199.927525][ T6554] FAT-fs (loop1): error, corrupted file size (i_pos 548, 522) [ 199.978340][ T50] Bluetooth: Wrong link type (-71) [ 200.001503][ T6556] loop2: detected capacity change from 0 to 1024 [ 203.893585][ T6568] loop1: detected capacity change from 0 to 1024 [ 203.999948][ T6568] EXT4-fs: Ignoring removed oldalloc option [ 204.038607][ T6568] EXT4-fs: Ignoring removed orlov option [ 204.130574][ T6568] EXT4-fs (loop1): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 204.449833][ T6568] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 205.280215][ T6568] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:4031: comm syz.1.205: Allocating blocks 481-513 which overlap fs metadata [ 206.498270][ T5794] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 207.216993][ T5797] Bluetooth: hci1: command 0x0406 tx timeout [ 208.822945][ T6600] loop1: detected capacity change from 0 to 1024 [ 208.839786][ T6601] loop2: detected capacity change from 0 to 256 [ 208.955867][ T6601] FAT-fs (loop2): Invalid FSINFO signature: 0x00fffff8, 0x00000000 (sector = 1) [ 209.059546][ T6600] EXT4-fs: Ignoring removed mblk_io_submit option [ 209.165702][ T50] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection [ 209.359636][ T6600] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 209.631174][ T6600] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1215: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 209.885239][ T6600] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 210.489349][ T6600] EXT4-fs (loop1): This should not happen!! Data will be lost [ 210.489349][ T6600] [ 210.588538][ T5797] Bluetooth: hci1: command 0x0406 tx timeout [ 210.608484][ T6600] EXT4-fs (loop1): Total free blocks count 0 [ 210.668697][ T6600] EXT4-fs (loop1): Free/Dirty block details [ 210.773807][ T6600] EXT4-fs (loop1): free_blocks=68451041280 [ 210.849119][ T6600] EXT4-fs (loop1): dirty_blocks=16 [ 210.878710][ T6600] EXT4-fs (loop1): Block reservation details [ 210.989145][ T6600] EXT4-fs (loop1): i_reserved_data_blocks=1 [ 211.314484][ T5794] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 212.783296][ T6629] loop3: detected capacity change from 0 to 1024 [ 213.074621][ T6629] EXT4-fs: Ignoring removed oldalloc option [ 213.165909][ T6629] EXT4-fs: Ignoring removed orlov option [ 213.242848][ T6629] EXT4-fs (loop3): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 213.372460][ T6629] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 213.476811][ T6637] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 213.484806][ T6637] IPv6: NLM_F_CREATE should be set when creating new route [ 213.644048][ T50] Bluetooth: hci1: command 0x0406 tx timeout [ 214.954008][ T6629] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4031: comm syz.3.221: Allocating blocks 481-513 which overlap fs metadata [ 215.869305][ T6652] loop1: detected capacity change from 0 to 256 [ 216.888586][ T28] audit: type=1326 audit(1756497170.888:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6649 comm="syz.2.228" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f87b638ebe9 code=0x0 [ 216.910372][ C0] vkms_vblank_simulate: vblank timer overrun [ 217.026027][ T5798] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 217.086339][ T28] audit: type=1326 audit(1756497171.088:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6655 comm="syz.0.227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa411f8ebe9 code=0x7ffc0000 [ 217.108765][ C0] vkms_vblank_simulate: vblank timer overrun [ 217.209467][ T28] audit: type=1326 audit(1756497171.118:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6655 comm="syz.0.227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa411f2ade9 code=0x7ffc0000 [ 217.295309][ T28] audit: type=1326 audit(1756497171.118:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6655 comm="syz.0.227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa411f8ebe9 code=0x7ffc0000 [ 217.391130][ T28] audit: type=1326 audit(1756497171.148:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6655 comm="syz.0.227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa411f2ade9 code=0x7ffc0000 [ 217.482204][ T28] audit: type=1326 audit(1756497171.148:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6655 comm="syz.0.227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa411f2ade9 code=0x7ffc0000 [ 217.536484][ T28] audit: type=1326 audit(1756497171.148:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6655 comm="syz.0.227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa411f2ade9 code=0x7ffc0000 [ 217.558820][ C0] vkms_vblank_simulate: vblank timer overrun [ 217.614052][ T28] audit: type=1326 audit(1756497171.148:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6655 comm="syz.0.227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa411f2ade9 code=0x7ffc0000 [ 217.688512][ T28] audit: type=1326 audit(1756497171.148:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6655 comm="syz.0.227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa411f2ade9 code=0x7ffc0000 [ 217.710773][ C0] vkms_vblank_simulate: vblank timer overrun [ 217.947825][ T28] audit: type=1326 audit(1756497171.148:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6655 comm="syz.0.227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa411f2ade9 code=0x7ffc0000 [ 218.882420][ T6665] loop2: detected capacity change from 0 to 512 [ 218.919665][ T6665] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 218.970419][ T6665] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2867: Unable to expand inode 11. Delete some EAs or run e2fsck. [ 219.038689][ T6665] EXT4-fs (loop2): 1 truncate cleaned up [ 219.045752][ T6665] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 220.439595][ T5790] EXT4-fs error (device loop2): ext4_map_blocks:608: inode #2: block 13: comm syz-executor: lblock 0 mapped to illegal pblock 13 (length 1) [ 220.485359][ T5790] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5902: Corrupt filesystem [ 220.548562][ T5790] EXT4-fs error (device loop2): ext4_dirty_inode:6106: inode #2: comm syz-executor: mark_inode_dirty error [ 220.675643][ T6682] loop3: detected capacity change from 0 to 256 [ 220.754596][ T5790] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 220.793035][ T6682] FAT-fs (loop3): Invalid FSINFO signature: 0x00fffff8, 0x00000000 (sector = 1) [ 223.184191][ T6699] loop1: detected capacity change from 0 to 128 [ 223.616807][ T11] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 225.066128][ T11] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 225.147416][ T50] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 225.157116][ T50] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 225.165821][ T50] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 225.348802][ T50] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 225.369378][ T50] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 225.378703][ T50] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 225.806347][ T6720] loop3: detected capacity change from 0 to 1024 [ 226.355724][ T11] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 226.821106][ T11] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 226.846521][ T6722] loop3: detected capacity change from 0 to 1024 [ 227.480743][ T5797] Bluetooth: hci1: command tx timeout [ 227.785986][ T28] kauditd_printk_skb: 59 callbacks suppressed [ 227.786000][ T28] audit: type=1326 audit(1756497181.788:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6725 comm="syz.3.254" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4a0138ebe9 code=0x0 [ 227.888336][ T6728] capability: warning: `syz.3.254' uses deprecated v2 capabilities in a way that may be insecure [ 228.227242][ T6715] chnl_net:caif_netlink_parms(): no params data found [ 229.549508][ T5797] Bluetooth: hci1: command tx timeout [ 230.311305][ T6767] loop3: detected capacity change from 0 to 256 [ 230.329281][ T6767] FAT-fs (loop3): Invalid FSINFO signature: 0x00fffff8, 0x00000000 (sector = 1) [ 230.407670][ T6715] bridge0: port 1(bridge_slave_0) entered blocking state [ 230.439874][ T6715] bridge0: port 1(bridge_slave_0) entered disabled state [ 230.483627][ T6715] bridge_slave_0: entered allmulticast mode [ 230.500880][ T6715] bridge_slave_0: entered promiscuous mode [ 230.516657][ T6715] bridge0: port 2(bridge_slave_1) entered blocking state [ 230.533457][ T6715] bridge0: port 2(bridge_slave_1) entered disabled state [ 230.556242][ T6715] bridge_slave_1: entered allmulticast mode [ 230.563565][ T6715] bridge_slave_1: entered promiscuous mode [ 230.780105][ T6715] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 230.866715][ T6715] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 231.082462][ T6715] team0: Port device team_slave_0 added [ 231.145552][ T6715] team0: Port device team_slave_1 added [ 231.420484][ T6715] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 231.456137][ T6715] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 233.198003][ T5797] Bluetooth: hci1: command tx timeout [ 233.243535][ T6715] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 233.261398][ T6715] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 233.268728][ T6715] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 233.299632][ T6715] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 233.580621][ T6715] hsr_slave_0: entered promiscuous mode [ 233.608168][ T6715] hsr_slave_1: entered promiscuous mode [ 233.649539][ T6715] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 233.657269][ T6715] Cannot create hsr debugfs directory [ 234.061520][ T6792] loop1: detected capacity change from 0 to 8 [ 234.105269][ T6792] SQUASHFS error: Failed to read block 0x4de: -5 [ 234.139065][ T6792] SQUASHFS error: Failed to read block 0x4de: -5 [ 234.174443][ T28] audit: type=1800 audit(1756497188.148:166): pid=6792 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.270" name="file1" dev="loop1" ino=5 res=0 errno=0 [ 234.251970][ T6792] SQUASHFS error: zlib decompression failed, data probably corrupt [ 234.266143][ T6792] SQUASHFS error: Failed to read block 0x4de: -5 [ 234.288086][ T6792] SQUASHFS error: Failed to read block 0x4de: -5 [ 234.311263][ T6792] SQUASHFS error: Failed to read block 0x4de: -5 [ 234.751301][ T6792] SQUASHFS error: Failed to read block 0x4de: -5 [ 234.881301][ T6792] SQUASHFS error: Failed to read block 0x4de: -5 [ 234.887870][ T6792] SQUASHFS error: Failed to read block 0x4de: -5 [ 235.190256][ T6792] SQUASHFS error: Failed to read block 0x4de: -5 [ 235.198008][ T6792] SQUASHFS error: Failed to read block 0x4de: -5 [ 235.205098][ T6792] SQUASHFS error: Failed to read block 0x4de: -5 [ 235.211800][ T6792] SQUASHFS error: Failed to read block 0x4de: -5 [ 235.218615][ T6792] SQUASHFS error: Failed to read block 0x4de: -5 [ 235.225355][ T6792] SQUASHFS error: Failed to read block 0x4de: -5 [ 235.232115][ T5797] Bluetooth: hci1: command tx timeout [ 235.249655][ T6792] SQUASHFS error: Failed to read block 0x4de: -5 [ 235.257183][ T6792] SQUASHFS error: Failed to read block 0x4de: -5 [ 235.264560][ T6792] SQUASHFS error: Failed to read block 0x4de: -5 [ 235.272291][ T6792] SQUASHFS error: Failed to read block 0x4de: -5 [ 235.279241][ T6792] SQUASHFS error: Failed to read block 0x4de: -5 [ 235.285740][ T6792] SQUASHFS error: Failed to read block 0x4de: -5 [ 235.292469][ T6792] SQUASHFS error: Failed to read block 0x4de: -5 [ 235.299304][ T6792] SQUASHFS error: Failed to read block 0x4de: -5 [ 235.306486][ T6792] SQUASHFS error: Failed to read block 0x535f2: -5 [ 235.630590][ T6802] loop1: detected capacity change from 0 to 1024 [ 235.669586][ T6802] EXT4-fs: Ignoring removed oldalloc option [ 235.696982][ T6802] EXT4-fs: Ignoring removed orlov option [ 235.717860][ T11] hsr_slave_0: left promiscuous mode [ 235.730784][ T6802] EXT4-fs (loop1): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 235.750021][ T11] hsr_slave_1: left promiscuous mode [ 235.766790][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 235.798735][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 235.830065][ T6802] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 235.888681][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 235.896253][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 236.122423][ T11] veth1_macvtap: left promiscuous mode [ 236.236680][ T11] veth0_macvtap: left promiscuous mode [ 236.330721][ T11] veth1_vlan: left promiscuous mode [ 236.420019][ T11] veth0_vlan: left promiscuous mode [ 236.530429][ T6810] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:4031: comm syz.1.271: Allocating blocks 257-513 which overlap fs metadata [ 236.778564][ T5794] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 237.064111][ T6818] loop1: detected capacity change from 0 to 1024 [ 241.453455][ T11] team0 (unregistering): Port device team_slave_1 removed [ 241.596201][ T11] team0 (unregistering): Port device team_slave_0 removed [ 241.691431][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 241.787355][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 242.335898][ T6839] loop1: detected capacity change from 0 to 1024 [ 242.349510][ T6839] EXT4-fs: Ignoring removed oldalloc option [ 242.355683][ T6839] EXT4-fs: Ignoring removed orlov option [ 242.387599][ T6839] EXT4-fs (loop1): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 242.435195][ T6839] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 243.295381][ T5794] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 244.438995][ T11] bond0 (unregistering): Released all slaves [ 244.889732][ T5912] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 246.501407][ T6860] loop3: detected capacity change from 0 to 256 [ 246.745512][ T5912] usb 2-1: Using ep0 maxpacket: 8 [ 246.776095][ T5912] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 246.833028][ T5912] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 246.876126][ T5912] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 246.913290][ T5912] usb 2-1: Product: syz [ 246.924450][ T5912] usb 2-1: Manufacturer: syz [ 246.935561][ T5912] usb 2-1: SerialNumber: syz [ 246.946399][ T6715] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 246.983632][ T5912] cdc_ether 2-1:1.0: skipping garbage [ 247.009732][ T6715] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 247.016751][ T5912] cdc_ether 2-1:1.0: skipping garbage [ 247.028826][ T5912] usb 2-1: bad CDC descriptors [ 247.062633][ T6715] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 247.106319][ T6715] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 247.809513][ C0] vkms_vblank_simulate: vblank timer overrun [ 249.584727][ T6715] 8021q: adding VLAN 0 to HW filter on device bond0 [ 249.748586][ T5907] usb 2-1: USB disconnect, device number 2 [ 249.845734][ T6715] 8021q: adding VLAN 0 to HW filter on device team0 [ 250.251830][ T6938] bridge0: port 1(bridge_slave_0) entered blocking state [ 250.259846][ T6938] bridge0: port 1(bridge_slave_0) entered forwarding state [ 250.321002][ T6938] bridge0: port 2(bridge_slave_1) entered blocking state [ 250.328217][ T6938] bridge0: port 2(bridge_slave_1) entered forwarding state [ 251.272455][ T5907] kernel write not supported for file bpf-prog (pid: 5907 comm: kworker/0:4) [ 251.321181][ T6715] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 255.762595][ T6715] veth0_vlan: entered promiscuous mode [ 255.867502][ T6715] veth1_vlan: entered promiscuous mode [ 256.033549][ T6715] veth0_macvtap: entered promiscuous mode [ 256.070243][ T6715] veth1_macvtap: entered promiscuous mode [ 256.185404][ T6715] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 256.204403][ T1282] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.211606][ T1282] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.232671][ T6715] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 256.244730][ T6715] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 256.256612][ T6715] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 256.268036][ T6715] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 256.279612][ T6715] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 256.297961][ T6715] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 256.347424][ T6715] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 256.361624][ T6715] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 256.387383][ T6715] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 256.408430][ T6715] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 256.418905][ T6715] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 256.445999][ T6715] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 256.459544][ T6715] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 256.502679][ T6715] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 256.523470][ T6715] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 256.532771][ T6715] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 256.541821][ T6715] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 256.680746][ T7002] loop1: detected capacity change from 0 to 1024 [ 256.707181][ T7002] EXT4-fs: Ignoring removed oldalloc option [ 256.708813][ T5907] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 256.724611][ T7002] EXT4-fs: Ignoring removed orlov option [ 256.739475][ T6931] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 256.753823][ T6931] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 256.770548][ T7002] EXT4-fs (loop1): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 256.807067][ T1117] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 256.819082][ T1117] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 256.843258][ T7002] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 256.980160][ T5907] usb 4-1: config 1 has an invalid descriptor of length 24, skipping remainder of the config [ 257.455724][ T5907] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 257.488676][ T5907] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 257.545427][ T5907] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 257.545485][ T5907] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 257.545507][ T5907] usb 4-1: Product: syz [ 257.545522][ T5907] usb 4-1: Manufacturer: syz [ 257.545538][ T5907] usb 4-1: SerialNumber: syz [ 257.597203][ T5907] cdc_ncm 4-1:1.0: skipping garbage [ 257.610449][ T7002] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:4031: comm syz.1.294: Allocating blocks 481-513 which overlap fs metadata [ 257.668029][ T5794] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 257.669037][ T5907] cdc_ncm 4-1:1.0: CDC Union missing and no IAD found [ 257.734769][ T5907] cdc_ncm 4-1:1.0: bind() failure [ 257.851311][ T7019] netlink: 16 bytes leftover after parsing attributes in process `syz.0.298'. [ 257.865800][ T5826] usb 4-1: USB disconnect, device number 2 [ 260.653220][ T7035] loop1: detected capacity change from 0 to 2048 [ 260.848664][ T7035] UDF-fs: error (device loop1): udf_process_sequence: Primary Volume Descriptor not found! [ 260.896559][ T7035] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 261.873591][ T28] audit: type=1326 audit(1756497215.658:167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7033 comm="syz.1.301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb2d38ebe9 code=0x7ffc0000 [ 262.172764][ T28] audit: type=1326 audit(1756497215.658:168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7033 comm="syz.1.301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb2d38ebe9 code=0x7ffc0000 [ 262.196134][ C1] vkms_vblank_simulate: vblank timer overrun [ 262.258468][ T28] audit: type=1326 audit(1756497215.658:169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7033 comm="syz.1.301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb2d38ebe9 code=0x7ffc0000 [ 262.360748][ T28] audit: type=1326 audit(1756497215.658:170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7033 comm="syz.1.301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb2d38ebe9 code=0x7ffc0000 [ 262.448469][ T28] audit: type=1326 audit(1756497215.658:171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7033 comm="syz.1.301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb2d38ebe9 code=0x7ffc0000 [ 262.476500][ T7048] loop4: detected capacity change from 0 to 1024 [ 262.504521][ T7048] EXT4-fs: Ignoring removed oldalloc option [ 262.558920][ T7048] EXT4-fs: Ignoring removed orlov option [ 262.607588][ T7048] EXT4-fs (loop4): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 262.684867][ T7048] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 262.785502][ T7057] syz_tun: entered allmulticast mode [ 262.794714][ T7057] netlink: 4 bytes leftover after parsing attributes in process `syz.3.306'. [ 263.231421][ T7057] syz_tun (unregistering): left allmulticast mode [ 263.453858][ T7048] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:4031: comm syz.4.305: Allocating blocks 257-513 which overlap fs metadata [ 263.709897][ T6715] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 263.937227][ T7070] mmap: syz.4.310 (7070) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 263.995973][ T7073] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 264.006763][ T7073] netlink: 8 bytes leftover after parsing attributes in process `syz.3.311'. [ 264.147355][ T7070] loop4: detected capacity change from 0 to 4096 [ 264.243365][ T7070] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 264.326844][ T28] audit: type=1326 audit(1756497218.328:172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7081 comm="syz.0.302" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa411f8ebe9 code=0x7ffc0000 [ 264.397765][ T28] audit: type=1326 audit(1756497218.358:173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7081 comm="syz.0.302" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa411f8ebe9 code=0x7ffc0000 [ 264.578695][ T9] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 264.871872][ T9] usb 4-1: unable to get BOS descriptor or descriptor too short [ 264.911959][ T9] usb 4-1: config 4 has an invalid interface number: 64 but max is 0 [ 264.924702][ T28] audit: type=1326 audit(1756497218.378:174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7081 comm="syz.0.302" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7fa411f8ebe9 code=0x7ffc0000 [ 264.946951][ C0] vkms_vblank_simulate: vblank timer overrun [ 265.048560][ T9] usb 4-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 265.060197][ T9] usb 4-1: config 4 has no interface number 0 [ 265.066383][ T9] usb 4-1: config 4 interface 64 has no altsetting 0 [ 265.077682][ T9] usb 4-1: New USB device found, idVendor=0421, idProduct=042f, bcdDevice=22.37 [ 265.098867][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 265.128333][ T28] audit: type=1326 audit(1756497218.378:175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7081 comm="syz.0.302" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa411f8ebe9 code=0x7ffc0000 [ 265.175558][ T9] usb 4-1: Product: syz [ 265.180469][ T9] usb 4-1: Manufacturer: syz [ 265.198429][ T9] usb 4-1: SerialNumber: syz [ 265.232342][ T28] audit: type=1326 audit(1756497218.378:176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7081 comm="syz.0.302" exe="/root/syz-executor" sig=0 arch=c000003e syscall=173 compat=0 ip=0x7fa411f8ebe9 code=0x7ffc0000 [ 265.333923][ T6715] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 266.138913][ T9] usb 4-1: bad CDC descriptors [ 266.219209][ T9] usb 4-1: bad CDC descriptors [ 266.310518][ T9] usb 4-1: USB disconnect, device number 3 [ 266.460121][ T7099] loop4: detected capacity change from 0 to 256 [ 266.467523][ T7099] exfat: Deprecated parameter 'utf8' [ 266.525232][ T7105] loop3: detected capacity change from 0 to 512 [ 266.571506][ T7105] EXT4-fs: Ignoring removed orlov option [ 266.584082][ T7099] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d) [ 266.633539][ T7105] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem [ 266.740432][ T7105] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8002c119, mo2=0002] [ 266.780749][ T7105] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2244: inode #15: comm syz.3.317: corrupted in-inode xattr: e_value size too large [ 266.849962][ T7105] EXT4-fs error (device loop3): ext4_orphan_get:1404: comm syz.3.317: couldn't read orphan inode 15 (err -117) [ 266.916180][ T7105] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 266.968716][ T7117] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 267.014373][ T7117] netlink: 8 bytes leftover after parsing attributes in process `syz.0.320'. [ 267.333351][ T7120] loop4: detected capacity change from 0 to 4096 [ 267.396985][ T7120] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 267.526744][ T5798] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 271.289126][ T6715] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 271.885255][ T7162] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 271.910084][ T7162] netlink: 8 bytes leftover after parsing attributes in process `syz.3.333'. [ 272.566267][ T7174] loop3: detected capacity change from 0 to 1024 [ 274.594366][ T7196] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 274.601728][ T7196] IPv6: NLM_F_CREATE should be set when creating new route [ 274.626727][ T7196] netlink: 8 bytes leftover after parsing attributes in process `syz.4.343'. [ 275.466707][ T5833] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 276.389660][ T5833] usb 5-1: Using ep0 maxpacket: 8 [ 276.412692][ T5833] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 276.567500][ T5833] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 276.609443][ T5833] usb 5-1: New USB device found, idVendor=046d, idProduct=c20e, bcdDevice= 0.00 [ 276.660554][ T5833] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 276.712635][ T5833] usb 5-1: config 0 descriptor?? [ 277.066463][ T28] kauditd_printk_skb: 7 callbacks suppressed [ 277.066478][ T28] audit: type=1326 audit(1756497231.068:184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7222 comm="syz.1.351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb2d38ebe9 code=0x7ffc0000 [ 277.135969][ T28] audit: type=1326 audit(1756497231.068:185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7222 comm="syz.1.351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fbb2d32ade9 code=0x7ffc0000 [ 277.175015][ T28] audit: type=1326 audit(1756497231.068:186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7222 comm="syz.1.351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb2d38ebe9 code=0x7ffc0000 [ 277.228330][ T5833] logitech 0003:046D:C20E.0001: rdesc size test failed for formula gp [ 277.246660][ T28] audit: type=1326 audit(1756497231.108:187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7222 comm="syz.1.351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fbb2d32ade9 code=0x7ffc0000 [ 277.270588][ T5833] logitech 0003:046D:C20E.0001: item fetching failed at offset 10/11 [ 277.307567][ T5833] logitech 0003:046D:C20E.0001: parse failed [ 277.328845][ T5833] logitech: probe of 0003:046D:C20E.0001 failed with error -22 [ 277.347100][ T28] audit: type=1326 audit(1756497231.108:188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7222 comm="syz.1.351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb2d38ebe9 code=0x7ffc0000 [ 277.420220][ T9] usb 5-1: USB disconnect, device number 2 [ 277.428842][ T28] audit: type=1326 audit(1756497231.108:189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7222 comm="syz.1.351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fbb2d32ade9 code=0x7ffc0000 [ 277.481842][ T7235] loop3: detected capacity change from 0 to 128 [ 277.505330][ T28] audit: type=1326 audit(1756497231.108:190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7222 comm="syz.1.351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fbb2d32ade9 code=0x7ffc0000 [ 277.532445][ T7235] EXT4-fs: Ignoring removed nobh option [ 277.576074][ T28] audit: type=1326 audit(1756497231.108:191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7222 comm="syz.1.351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb2d38ebe9 code=0x7ffc0000 [ 277.598944][ T28] audit: type=1326 audit(1756497231.108:192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7222 comm="syz.1.351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb2d38ebe9 code=0x7ffc0000 [ 277.622137][ T28] audit: type=1326 audit(1756497231.108:193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7222 comm="syz.1.351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fbb2d32ade9 code=0x7ffc0000 [ 277.664481][ T7235] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 277.711025][ T7238] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 277.752711][ T7235] ext4 filesystem being mounted at /92/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 277.786727][ T7238] netlink: 8 bytes leftover after parsing attributes in process `syz.1.353'. [ 277.980402][ T5798] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 278.465990][ T7264] loop3: detected capacity change from 0 to 1024 [ 279.546967][ T7279] loop1: detected capacity change from 0 to 256 [ 279.659263][ T7284] loop4: detected capacity change from 0 to 16 [ 279.703718][ T7279] binder: 7277:7279 ioctl 40086607 2000000001c0 returned -22 [ 279.732113][ T7284] erofs: (device loop4): mounted with root inode @ nid 36. [ 279.843640][ T7287] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 279.869754][ T7287] netlink: 8 bytes leftover after parsing attributes in process `syz.0.369'. [ 284.862855][ T7322] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 284.888608][ T7322] netlink: 8 bytes leftover after parsing attributes in process `syz.1.379'. [ 291.052389][ T7371] usb usb8: usbfs: process 7371 (syz.3.387) did not claim interface 1 before use [ 291.346834][ T7371] loop3: detected capacity change from 0 to 512 [ 292.420971][ T7371] EXT4-fs (loop3): orphan cleanup on readonly fs [ 292.428108][ T7371] EXT4-fs error (device loop3): ext4_quota_enable:7131: comm syz.3.387: inode #218103808: comm syz.3.387: iget: illegal inode # [ 292.443805][ T7371] EXT4-fs error (device loop3): ext4_quota_enable:7134: comm syz.3.387: Bad quota inode: 218103808, type: 2 [ 292.455911][ T7371] EXT4-fs warning (device loop3): ext4_enable_quotas:7175: Failed to enable quota tracking (type=2, err=-117, ino=218103808). Please run e2fsck to fix. [ 292.477193][ T7371] EXT4-fs (loop3): Cannot turn on quotas: error -117 [ 292.484891][ T7371] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 292.617317][ T5798] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 292.854516][ T7374] loop1: detected capacity change from 0 to 8192 [ 296.911442][ T7387] syz.0.391 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 297.021134][ T28] kauditd_printk_skb: 15 callbacks suppressed [ 297.021150][ T28] audit: type=1326 audit(1756497247.948:209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7373 comm="syz.1.389" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb2d38ebe9 code=0x7ffc0000 [ 297.088571][ T28] audit: type=1326 audit(1756497247.948:210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7373 comm="syz.1.389" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb2d38ebe9 code=0x7ffc0000 [ 297.115584][ T28] audit: type=1326 audit(1756497247.948:211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7373 comm="syz.1.389" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7fbb2d38ebe9 code=0x7ffc0000 [ 297.318835][ T28] audit: type=1326 audit(1756497247.958:212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7373 comm="syz.1.389" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb2d38ebe9 code=0x7ffc0000 [ 297.373786][ T28] audit: type=1326 audit(1756497247.958:213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7373 comm="syz.1.389" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb2d38ebe9 code=0x7ffc0000 [ 297.739101][ T28] audit: type=1326 audit(1756497247.968:214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7373 comm="syz.1.389" exe="/root/syz-executor" sig=0 arch=c000003e syscall=263 compat=0 ip=0x7fbb2d38ebe9 code=0x7ffc0000 [ 297.775316][ T28] audit: type=1326 audit(1756497247.968:215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7373 comm="syz.1.389" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb2d38ebe9 code=0x7ffc0000 [ 297.821886][ T28] audit: type=1326 audit(1756497247.968:216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7373 comm="syz.1.389" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb2d38ebe9 code=0x7ffc0000 [ 298.219379][ T7399] loop1: detected capacity change from 0 to 1024 [ 298.931801][ T7401] loop4: detected capacity change from 0 to 4096 [ 298.982972][ T7401] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 299.082344][ T7407] loop1: detected capacity change from 0 to 128 [ 299.170977][ T7407] FAT-fs (loop1): Directory bread(block 32) failed [ 299.177836][ T7407] FAT-fs (loop1): Directory bread(block 33) failed [ 299.217857][ T7407] FAT-fs (loop1): Directory bread(block 34) failed [ 299.245471][ T7407] FAT-fs (loop1): Directory bread(block 35) failed [ 299.260937][ T7407] FAT-fs (loop1): Directory bread(block 36) failed [ 299.267731][ T7407] FAT-fs (loop1): Directory bread(block 37) failed [ 299.275179][ T7407] FAT-fs (loop1): Directory bread(block 38) failed [ 299.283017][ T7407] FAT-fs (loop1): Directory bread(block 39) failed [ 299.290689][ T7407] FAT-fs (loop1): Directory bread(block 40) failed [ 299.297458][ T7407] FAT-fs (loop1): Directory bread(block 41) failed [ 299.659924][ T6715] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 306.648481][ T5907] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 306.828812][ T5907] usb 4-1: device descriptor read/64, error -71 [ 307.098512][ T5907] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 311.628097][ T7515] loop3: detected capacity change from 0 to 4096 [ 311.671231][ T7515] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 311.825337][ T7519] loop4: detected capacity change from 0 to 256 [ 311.843341][ T7519] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x89cb6648, utbl_chksum : 0xe619d30d) [ 313.069733][ T5798] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 313.480216][ T7536] loop3: detected capacity change from 0 to 512 [ 313.529257][ T7536] EXT4-fs: Ignoring removed nobh option [ 313.891095][ T7536] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 314.245288][ T7536] EXT4-fs error (device loop3): ext4_orphan_get:1399: inode #15: comm syz.3.421: iget: bad i_size value: 38620345925642 [ 314.319758][ T7536] EXT4-fs error (device loop3): ext4_orphan_get:1404: comm syz.3.421: couldn't read orphan inode 15 (err -117) [ 314.417843][ T7536] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 314.504585][ T7545] loop4: detected capacity change from 0 to 1024 [ 314.540516][ T7545] EXT4-fs: Ignoring removed oldalloc option [ 314.546637][ T7545] EXT4-fs: Ignoring removed orlov option [ 314.564605][ T7536] EXT4-fs error (device loop3): ext4_find_dest_de:2115: inode #12: block 7: comm syz.3.421: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=4278190093, rec_len=255, size=56 fake=0 [ 314.601561][ T7545] EXT4-fs (loop4): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 314.742594][ T7545] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 314.959935][ T5798] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 315.177170][ T7551] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:4031: comm syz.4.423: Allocating blocks 481-513 which overlap fs metadata [ 315.660221][ T6715] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 315.879186][ T7559] loop3: detected capacity change from 0 to 1024 [ 318.038679][ T1282] ieee802154 phy0 wpan0: encryption failed: -22 [ 318.045090][ T1282] ieee802154 phy1 wpan1: encryption failed: -22 [ 320.316543][ T7581] loop1: detected capacity change from 0 to 1024 [ 320.374986][ T7585] loop3: detected capacity change from 0 to 1024 [ 320.568108][ T7585] hfsplus: found bad thread record in catalog [ 320.602914][ T7585] hfsplus: catalog searching failed [ 320.729416][ T1130] hfsplus: found bad thread record in catalog [ 320.736194][ T1130] hfsplus: found bad thread record in catalog [ 321.140935][ T7595] loop3: detected capacity change from 0 to 1024 [ 321.170793][ T7595] EXT4-fs: Ignoring removed oldalloc option [ 321.177137][ T7595] EXT4-fs: Ignoring removed orlov option [ 321.258115][ T7595] EXT4-fs (loop3): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 321.294402][ T7595] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 322.139795][ T7595] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4031: comm syz.3.433: Allocating blocks 481-513 which overlap fs metadata [ 322.326113][ T5798] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 322.701422][ T7615] Device name cannot be null; rc = [-22] [ 324.245819][ T7612] loop4: detected capacity change from 0 to 4096 [ 324.443538][ T7612] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 324.796162][ T6715] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 326.011845][ T7634] loop3: detected capacity change from 0 to 256 [ 328.604255][ T7659] loop4: detected capacity change from 0 to 1024 [ 328.608157][ T7661] Bluetooth: MGMT ver 1.22 [ 328.642103][ T7659] EXT4-fs: Ignoring removed oldalloc option [ 328.664370][ T7659] EXT4-fs: Ignoring removed orlov option [ 328.771240][ T7659] EXT4-fs (loop4): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 329.107194][ T7659] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 330.106004][ T7659] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:4031: comm syz.4.444: Allocating blocks 257-513 which overlap fs metadata [ 330.531549][ T6715] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 330.557192][ T7685] loop1: detected capacity change from 0 to 1024 [ 330.878558][ T5833] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 331.808498][ T5833] usb 4-1: Using ep0 maxpacket: 16 [ 331.834787][ T5833] usb 4-1: config 0 interface 0 altsetting 16 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 331.868719][ T5833] usb 4-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0 [ 331.897925][ T5833] usb 4-1: config 0 interface 0 altsetting 16 has 1 endpoint descriptor, different from the interface descriptor's value: 28 [ 331.939829][ T5833] usb 4-1: config 0 interface 0 has no altsetting 0 [ 331.968518][ T5833] usb 4-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 331.986261][ T5833] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 332.016574][ T7697] loop1: detected capacity change from 0 to 256 [ 332.176882][ T5833] usb 4-1: config 0 descriptor?? [ 332.601000][ T7697] FAT-fs (loop1): Invalid FSINFO signature: 0x00fffff8, 0x00000000 (sector = 1) [ 332.733668][ T5833] hid (null): global environment stack underflow [ 332.880170][ T5833] hid (null): unknown global tag 0xc [ 333.398514][ T54] usb 4-1: USB disconnect, device number 6 [ 334.437061][ T7716] syz.3.457: attempt to access beyond end of device [ 334.437061][ T7716] loop3: rw=0, sector=64, nr_sectors = 1 limit=0 [ 334.454028][ T7716] syz.3.457: attempt to access beyond end of device [ 334.454028][ T7716] loop3: rw=0, sector=256, nr_sectors = 1 limit=0 [ 334.467926][ T7716] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 335.548612][ T7716] syz.3.457: attempt to access beyond end of device [ 335.548612][ T7716] loop3: rw=0, sector=512, nr_sectors = 1 limit=0 [ 335.561592][ T7716] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=512, location=512 [ 335.571542][ T7716] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found [ 335.579508][ T7716] UDF-fs: Scanning with blocksize 512 failed [ 335.586711][ T7716] syz.3.457: attempt to access beyond end of device [ 335.586711][ T7716] loop3: rw=0, sector=64, nr_sectors = 2 limit=0 [ 335.798783][ T7716] syz.3.457: attempt to access beyond end of device [ 335.798783][ T7716] loop3: rw=0, sector=512, nr_sectors = 2 limit=0 [ 335.811835][ T7716] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 335.822359][ T7716] syz.3.457: attempt to access beyond end of device [ 335.822359][ T7716] loop3: rw=0, sector=1024, nr_sectors = 2 limit=0 [ 335.877364][ T7716] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=512, location=512 [ 335.887095][ T7716] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found [ 335.894790][ T7716] UDF-fs: Scanning with blocksize 1024 failed [ 335.901368][ T7716] syz.3.457: attempt to access beyond end of device [ 335.901368][ T7716] loop3: rw=0, sector=64, nr_sectors = 4 limit=0 [ 335.914452][ T7716] syz.3.457: attempt to access beyond end of device [ 335.914452][ T7716] loop3: rw=0, sector=1024, nr_sectors = 4 limit=0 [ 335.927996][ T7716] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 335.937752][ T7716] syz.3.457: attempt to access beyond end of device [ 335.937752][ T7716] loop3: rw=0, sector=2048, nr_sectors = 4 limit=0 [ 335.951653][ T7716] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=512, location=512 [ 335.961376][ T7716] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found [ 335.969216][ T7716] UDF-fs: Scanning with blocksize 2048 failed [ 335.975972][ T7716] syz.3.457: attempt to access beyond end of device [ 335.975972][ T7716] loop3: rw=0, sector=64, nr_sectors = 8 limit=0 [ 335.989316][ T7716] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 335.999125][ T7716] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=512, location=512 [ 336.008943][ T7716] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found [ 336.017083][ T7716] UDF-fs: Scanning with blocksize 4096 failed [ 336.023769][ T7716] UDF-fs: warning (device loop3): udf_fill_super: No partition found (1) [ 336.189373][ T5797] Bluetooth: Wrong link type (-71) [ 336.213257][ T7715] loop4: detected capacity change from 0 to 1024 [ 337.946131][ T7726] loop1: detected capacity change from 0 to 256 [ 338.025326][ T7726] FAT-fs (loop1): Invalid FSINFO signature: 0x00fffff8, 0x00000000 (sector = 1) [ 338.591505][ T7731] loop3: detected capacity change from 0 to 1024 [ 345.869000][ T7762] loop3: detected capacity change from 0 to 256 [ 346.008460][ T7762] FAT-fs (loop3): Invalid FSINFO signature: 0x00fffff8, 0x00000000 (sector = 1) [ 346.628710][ T7764] netlink: 4 bytes leftover after parsing attributes in process `syz.0.474'. [ 346.739463][ T7766] loop1: detected capacity change from 0 to 1024 [ 346.863733][ T7766] EXT4-fs: Ignoring removed oldalloc option [ 346.929558][ T7766] EXT4-fs: Ignoring removed orlov option [ 346.938145][ T7766] EXT4-fs (loop1): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 347.058814][ T7766] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 348.109989][ T5794] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 348.518196][ T7783] netlink: 136 bytes leftover after parsing attributes in process `syz.3.479'. [ 348.608435][ T5791] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 348.818454][ T5791] usb 2-1: Using ep0 maxpacket: 16 [ 348.831825][ T5791] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 348.873733][ T5791] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 348.918487][ T5791] usb 2-1: config 0 interface 0 has no altsetting 0 [ 348.926488][ T5791] usb 2-1: New USB device found, idVendor=05ac, idProduct=0247, bcdDevice= 0.00 [ 348.958421][ T5791] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 348.973880][ T5791] usb 2-1: config 0 descriptor?? [ 349.029186][ T5797] Bluetooth: Wrong link type (-71) [ 349.177612][ T7786] loop4: detected capacity change from 0 to 1024 [ 349.189539][ T7788] loop3: detected capacity change from 0 to 512 [ 349.520738][ T5791] apple 0003:05AC:0247.0003: unknown main item tag 0x0 [ 349.540106][ T7788] EXT4-fs error (device loop3): ext4_orphan_get:1399: inode #15: comm syz.3.480: casefold flag without casefold feature [ 349.568958][ T7788] EXT4-fs error (device loop3): ext4_orphan_get:1404: comm syz.3.480: couldn't read orphan inode 15 (err -117) [ 349.598478][ T5791] apple 0003:05AC:0247.0003: unknown main item tag 0x0 [ 349.610053][ T7788] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 349.620079][ T5791] apple 0003:05AC:0247.0003: unknown main item tag 0x0 [ 349.657518][ T5791] apple 0003:05AC:0247.0003: unknown main item tag 0x0 [ 349.667880][ T5791] apple 0003:05AC:0247.0003: unknown main item tag 0x0 [ 349.698621][ T5791] apple 0003:05AC:0247.0003: unknown main item tag 0x0 [ 349.730427][ T5791] apple 0003:05AC:0247.0003: unknown main item tag 0x0 [ 349.737390][ T5791] apple 0003:05AC:0247.0003: unknown main item tag 0x0 [ 349.778691][ T5791] apple 0003:05AC:0247.0003: unknown main item tag 0x0 [ 349.785979][ T5791] apple 0003:05AC:0247.0003: unknown main item tag 0x0 [ 349.838172][ T5791] apple 0003:05AC:0247.0003: unknown main item tag 0x0 [ 349.882949][ T5791] apple 0003:05AC:0247.0003: unknown main item tag 0x0 [ 349.914056][ T5791] apple 0003:05AC:0247.0003: unknown main item tag 0x0 [ 349.931403][ T5791] apple 0003:05AC:0247.0003: unknown main item tag 0x0 [ 349.968264][ T5791] apple 0003:05AC:0247.0003: unknown main item tag 0x0 [ 350.005176][ T5791] apple 0003:05AC:0247.0003: unknown main item tag 0x0 [ 350.019913][ T5791] apple 0003:05AC:0247.0003: unknown main item tag 0x0 [ 350.063071][ T5791] apple 0003:05AC:0247.0003: unknown main item tag 0x0 [ 350.077003][ T5791] apple 0003:05AC:0247.0003: unknown main item tag 0x0 [ 350.092058][ T5791] apple 0003:05AC:0247.0003: unknown main item tag 0x0 [ 350.129068][ T5791] apple 0003:05AC:0247.0003: unknown main item tag 0x0 [ 350.138784][ T5791] apple 0003:05AC:0247.0003: unknown main item tag 0x0 [ 350.161341][ T5791] apple 0003:05AC:0247.0003: unknown main item tag 0x0 [ 350.168291][ T5791] apple 0003:05AC:0247.0003: unknown main item tag 0x0 [ 352.177812][ T5791] apple 0003:05AC:0247.0003: unknown main item tag 0x0 [ 352.184845][ T5791] apple 0003:05AC:0247.0003: unknown main item tag 0x0 [ 352.759215][ T5791] apple 0003:05AC:0247.0003: unknown main item tag 0x0 [ 352.766191][ T5791] apple 0003:05AC:0247.0003: unknown main item tag 0x0 [ 352.773187][ T5791] apple 0003:05AC:0247.0003: unknown main item tag 0x0 [ 352.808488][ T5791] apple 0003:05AC:0247.0003: unknown main item tag 0x0 [ 352.855771][ T5791] apple 0003:05AC:0247.0003: unknown main item tag 0x0 [ 352.913992][ T5791] apple 0003:05AC:0247.0003: unknown main item tag 0x0 [ 352.928416][ T5791] apple 0003:05AC:0247.0003: unknown main item tag 0x0 [ 352.958836][ T5791] apple 0003:05AC:0247.0003: unknown main item tag 0x0 [ 352.965987][ T5791] apple 0003:05AC:0247.0003: unknown main item tag 0x0 [ 353.004760][ T5791] apple 0003:05AC:0247.0003: unknown main item tag 0x0 [ 353.035335][ T5791] apple 0003:05AC:0247.0003: unknown main item tag 0x0 [ 353.054119][ T5791] apple 0003:05AC:0247.0003: unknown main item tag 0x0 [ 353.098393][ T5791] apple 0003:05AC:0247.0003: unknown main item tag 0x0 [ 353.105353][ T5791] apple 0003:05AC:0247.0003: unknown main item tag 0x0 [ 353.158480][ T5791] apple 0003:05AC:0247.0003: unknown main item tag 0x0 [ 353.165528][ T5791] apple 0003:05AC:0247.0003: unknown main item tag 0x0 [ 353.218786][ T5791] apple 0003:05AC:0247.0003: unknown main item tag 0x0 [ 353.226748][ T5791] apple 0003:05AC:0247.0003: unknown main item tag 0x0 [ 353.288439][ T5791] apple 0003:05AC:0247.0003: unknown main item tag 0x0 [ 353.295498][ T5791] apple 0003:05AC:0247.0003: unknown main item tag 0x0 [ 353.329627][ T7802] loop4: detected capacity change from 0 to 4096 [ 353.350495][ T5791] apple 0003:05AC:0247.0003: unknown main item tag 0x0 [ 353.357468][ T5791] apple 0003:05AC:0247.0003: unknown main item tag 0x0 [ 353.544641][ T5791] apple 0003:05AC:0247.0003: unknown main item tag 0x0 [ 353.560374][ T7802] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 353.588530][ T5791] apple 0003:05AC:0247.0003: unknown main item tag 0x0 [ 353.595718][ T5791] apple 0003:05AC:0247.0003: unknown main item tag 0x0 [ 353.632112][ T5791] apple 0003:05AC:0247.0003: unknown main item tag 0x0 [ 353.663275][ T5791] apple 0003:05AC:0247.0003: unknown main item tag 0x0 [ 353.678397][ T5791] apple 0003:05AC:0247.0003: unknown main item tag 0x0 [ 353.698508][ T5791] apple 0003:05AC:0247.0003: unknown main item tag 0x0 [ 353.728713][ T5791] apple 0003:05AC:0247.0003: unknown main item tag 0x0 [ 353.767264][ T5791] apple 0003:05AC:0247.0003: unknown main item tag 0x0 [ 353.792480][ T5791] apple 0003:05AC:0247.0003: unknown main item tag 0x0 [ 353.818498][ T5791] apple 0003:05AC:0247.0003: collection stack underflow [ 353.867590][ T5791] apple 0003:05AC:0247.0003: item 0 0 0 12 parsing failed [ 353.919427][ T5791] apple 0003:05AC:0247.0003: parse failed [ 353.945855][ T5791] apple: probe of 0003:05AC:0247.0003 failed with error -22 [ 354.026200][ T5791] usb 2-1: USB disconnect, device number 3 [ 354.822552][ T6715] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 355.175263][ T7819] loop4: detected capacity change from 0 to 16 [ 355.227270][ T7819] erofs: (device loop4): mounted with root inode @ nid 36. [ 355.567352][ T5797] Bluetooth: Wrong link type (-71) [ 355.573544][ T5797] Bluetooth: hci1: link tx timeout [ 355.582148][ T5797] Bluetooth: hci1: killing stalled connection 10:aa:aa:aa:aa:aa [ 355.655809][ T7825] loop1: detected capacity change from 0 to 256 [ 355.787046][ T7825] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x204dac4c, utbl_chksum : 0xe619d30d) [ 357.069953][ T5798] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 357.291648][ T7841] loop1: detected capacity change from 0 to 1024 [ 357.422541][ T7844] loop4: detected capacity change from 0 to 128 [ 357.630273][ T5797] Bluetooth: hci1: command 0x0406 tx timeout [ 357.816061][ T7846] loop3: detected capacity change from 0 to 1024 [ 358.758518][ T5791] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 358.971041][ T5791] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 359.008868][ T5791] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 359.019266][ T5791] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 359.032649][ T5791] usb 5-1: New USB device found, idVendor=abcd, idProduct=cdee, bcdDevice= 5.b9 [ 359.042372][ T5791] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 359.053974][ T5791] usb 5-1: config 0 descriptor?? [ 359.071239][ T5791] gspca_main: spca561-2.14.0 probing abcd:cdee [ 359.275407][ T5791] spca561: probe of 5-1:0.0 failed with error -22 [ 359.313069][ T5791] usb 5-1: Quirk or no altest; falling back to MIDI 1.0 [ 359.338608][ T5791] usb 5-1: MIDIStreaming interface descriptor not found [ 359.884781][ T5791] usb 5-1: USB disconnect, device number 3 [ 360.381077][ T7878] udevd[7878]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 360.906327][ T7890] loop4: detected capacity change from 0 to 4096 [ 360.914281][ T7888] loop3: detected capacity change from 0 to 4096 [ 361.146832][ T7890] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 361.379959][ T7888] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 361.484316][ T7900] loop1: detected capacity change from 0 to 16 [ 361.535566][ T7900] erofs: Unknown parameter 'ÿÿÿÿ§í}®§­ú$­2x²“s6˜Þlj<¬/* Ûß|¸Þ¬¡—@; ÍŽòèú¡Â…-'Ö?‰N½¸~öZ/fùKîœ\n[Ü`3ùDÉIšíË«×ù [ 361.535566][ T7900] W´e3›€ryéäÝØQ' [ 361.578293][ T7888] EXT4-fs error (device loop3): __ext4_get_inode_loc:4483: comm syz.3.513: Invalid inode table block 0 in block_group 0 [ 361.667831][ T7888] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5902: Corrupt filesystem [ 361.689715][ T7888] EXT4-fs error (device loop3): ext4_dirty_inode:6106: inode #15: comm syz.3.513: mark_inode_dirty error [ 361.951414][ T6914] EXT4-fs error (device loop3): __ext4_get_inode_loc:4483: comm kworker/u4:13: Invalid inode table block 0 in block_group 0 [ 362.009540][ T5798] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 362.105546][ T5798] EXT4-fs error (device loop3): __ext4_get_inode_loc:4483: comm syz-executor: Invalid inode table block 0 in block_group 0 [ 362.172069][ T5798] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5902: Corrupt filesystem [ 362.220742][ T5798] EXT4-fs error (device loop3): ext4_quota_off:7224: inode #4: comm syz-executor: mark_inode_dirty error [ 362.231449][ T6715] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 362.306559][ T5798] EXT4-fs error (device loop3): __ext4_get_inode_loc:4483: comm syz-executor: Invalid inode table block 0 in block_group 0 [ 362.345400][ T5798] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5902: Corrupt filesystem [ 362.462635][ T5798] EXT4-fs error (device loop3): ext4_quota_off:7224: inode #3: comm syz-executor: mark_inode_dirty error [ 362.848505][ T5907] usb 5-1: new full-speed USB device number 4 using dummy_hcd [ 363.280323][ T5907] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 363.298706][ T5907] usb 5-1: New USB device found, idVendor=057e, idProduct=200e, bcdDevice= 0.00 [ 363.310839][ T5907] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 363.329267][ T5907] usb 5-1: config 0 descriptor?? [ 364.142436][ T5907] nintendo 0003:057E:200E.0004: item fetching failed at offset 5/7 [ 364.170020][ T5907] nintendo 0003:057E:200E.0004: HID parse failed [ 364.679797][ T5907] nintendo 0003:057E:200E.0004: probe - fail = -22 [ 364.686603][ T5907] nintendo: probe of 0003:057E:200E.0004 failed with error -22 [ 364.701361][ T5907] usb 5-1: USB disconnect, device number 4 [ 365.072756][ T7940] netlink: 4 bytes leftover after parsing attributes in process `syz.3.530'. [ 365.097192][ T7940] bridge_slave_1: left allmulticast mode [ 365.116639][ T7940] bridge_slave_1: left promiscuous mode [ 365.134562][ T7940] bridge0: port 2(bridge_slave_1) entered disabled state [ 472.658294][ C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 472.665476][ C1] rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P6931/1:b..l [ 472.673782][ C1] rcu: (detected by 1, t=10502 jiffies, g=26905, q=118 ncpus=2) [ 472.681605][ C1] task:kworker/u4:20 state:R running task stack:22728 pid:6931 ppid:2 flags:0x00004000 [ 472.693339][ C1] Workqueue: bat_events batadv_nc_worker [ 472.699187][ C1] Call Trace: [ 472.702575][ C1] [ 472.705592][ C1] __schedule+0x14d2/0x44d0 [ 472.710256][ C1] ? __bfs+0x571/0x5c0 [ 472.714370][ C1] ? asan.module_dtor+0x20/0x20 [ 472.719333][ C1] ? mark_lock+0x94/0x320 [ 472.723892][ C1] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 472.729895][ C1] ? preempt_schedule_irq+0xaa/0x140 [ 472.735223][ C1] preempt_schedule_irq+0xb5/0x140 [ 472.740455][ C1] ? preempt_schedule_notrace+0x110/0x110 [ 472.746204][ C1] ? rcu_irq_exit_check_preempt+0xdf/0x210 [ 472.752028][ C1] irqentry_exit+0x67/0x70 [ 472.756550][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 472.762546][ C1] RIP: 0010:lock_acquire+0x1f2/0x410 [ 472.767857][ C1] Code: 00 9c 8f 84 24 80 00 00 00 f6 84 24 81 00 00 00 02 0f 85 f5 00 00 00 41 f7 c6 00 02 00 00 74 01 fb 48 c7 44 24 60 0e 36 e0 45 <4b> c7 04 3c 00 00 00 00 66 43 c7 44 3c 09 00 00 43 c6 44 3c 0b 00 [ 472.787497][ C1] RSP: 0018:ffffc90004aefa40 EFLAGS: 00000206 [ 472.793594][ C1] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 3c837099abf2ac00 [ 472.801662][ C1] RDX: 0000000000000000 RSI: ffffffff8aaacba0 RDI: ffffffff8afc7040 [ 472.809927][ C1] RBP: ffffc90004aefb48 R08: dffffc0000000000 R09: 1ffffffff21b4aa0 [ 472.818092][ C1] R10: dffffc0000000000 R11: fffffbfff21b4aa1 R12: 1ffff9200095df54 [ 472.826103][ C1] R13: ffffffff8cd2fbe0 R14: 0000000000000246 R15: dffffc0000000000 [ 472.834111][ C1] ? batadv_nc_worker+0xd2/0x610 [ 472.839071][ C1] ? read_lock_is_recursive+0x20/0x20 [ 472.844536][ C1] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 472.850615][ C1] ? batadv_nc_worker+0xd2/0x610 [ 472.855584][ C1] batadv_nc_worker+0xef/0x610 [ 472.860368][ C1] ? batadv_nc_worker+0xd2/0x610 [ 472.865328][ C1] ? process_scheduled_works+0x957/0x15b0 [ 472.871166][ C1] process_scheduled_works+0xa45/0x15b0 [ 472.876752][ C1] ? assign_work+0x400/0x400 [ 472.881540][ C1] ? assign_work+0x39e/0x400 [ 472.886226][ C1] worker_thread+0xa55/0xfc0 [ 472.890873][ C1] kthread+0x2fa/0x390 [ 472.895110][ C1] ? pr_cont_work+0x560/0x560 [ 472.899838][ C1] ? kthread_blkcg+0xd0/0xd0 [ 472.904648][ C1] ret_from_fork+0x48/0x80 [ 472.909110][ C1] ? kthread_blkcg+0xd0/0xd0 [ 472.913746][ C1] ret_from_fork_asm+0x11/0x20 [ 472.918659][ C1] [ 472.921766][ C1] rcu: rcu_preempt kthread starved for 10379 jiffies! g26905 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0 [ 472.933241][ C1] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 472.943395][ C1] rcu: RCU grace-period kthread stack dump: [ 472.949308][ C1] task:rcu_preempt state:R running task stack:26568 pid:17 ppid:2 flags:0x00004000 [ 472.960375][ C1] Call Trace: [ 472.963682][ C1] [ 472.966737][ C1] __schedule+0x14d2/0x44d0 [ 472.971295][ C1] ? asan.module_dtor+0x20/0x20 [ 472.976282][ C1] ? enqueue_timer+0x225/0x530 [ 472.981092][ C1] ? __mod_timer+0x984/0xdb0 [ 472.985835][ C1] schedule+0xbd/0x170 [ 472.989945][ C1] schedule_timeout+0x160/0x280 [ 472.994830][ C1] ? console_conditional_schedule+0x40/0x40 [ 473.001022][ C1] ? _raw_spin_unlock_irqrestore+0x86/0x110 [ 473.007108][ C1] ? update_process_times+0x1b0/0x1b0 [ 473.012531][ C1] ? prepare_to_swait_event+0x339/0x360 [ 473.018108][ C1] rcu_gp_fqs_loop+0x302/0x1560 [ 473.022991][ C1] ? dyntick_save_progress_counter+0x2b0/0x2b0 [ 473.029177][ C1] ? lockdep_hardirqs_on+0x98/0x150 [ 473.034411][ C1] ? rcu_gp_init+0x1510/0x1510 [ 473.039374][ C1] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 473.045575][ C1] ? finish_swait+0xc7/0x1d0 [ 473.050193][ C1] rcu_gp_kthread+0x99/0x380 [ 473.054821][ C1] ? rcu_report_qs_rsp+0x1a0/0x1a0 [ 473.059953][ C1] ? __kthread_parkme+0x7a/0x1c0 [ 473.064996][ C1] ? __kthread_parkme+0x162/0x1c0 [ 473.070058][ C1] kthread+0x2fa/0x390 [ 473.074261][ C1] ? rcu_report_qs_rsp+0x1a0/0x1a0 [ 473.079669][ C1] ? kthread_blkcg+0xd0/0xd0 [ 473.084368][ C1] ret_from_fork+0x48/0x80 [ 473.088805][ C1] ? kthread_blkcg+0xd0/0xd0 [ 473.093494][ C1] ret_from_fork_asm+0x11/0x20 [ 473.098383][ C1] [ 473.101456][ C1] rcu: Stack dump where RCU GP kthread last ran: [ 473.107974][ C1] Sending NMI from CPU 1 to CPUs 0: [ 473.113226][ C0] NMI backtrace for cpu 0 [ 473.113236][ C0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted syzkaller #0 [ 473.113251][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 473.113261][ C0] RIP: 0010:pv_native_safe_halt+0x13/0x20 [ 473.113291][ C0] Code: cc cc cc cc cc cc cc f3 0f 1e fa 0f 0b 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 66 90 0f 00 2d a3 36 3a 00 f3 0f 1e fa fb f4 cc cc cc cc cc cc cc cc cc cc cc cc 66 0f 1f 00 55 41 57 41 56 [ 473.113304][ C0] RSP: 0018:ffffffff8ca07d80 EFLAGS: 000002c6 [ 473.113319][ C0] RAX: b50bbb89fe4a8200 RBX: ffffffff8161923b RCX: b50bbb89fe4a8200 [ 473.113331][ C0] RDX: 0000000000000001 RSI: ffffffff8aaaba20 RDI: ffffffff8afc7040 [ 473.113342][ C0] RBP: ffffffff8ca07eb8 R08: ffff8880b8e36d4b R09: 1ffff110171c6da9 [ 473.113354][ C0] R10: dffffc0000000000 R11: ffffed10171c6daa R12: ffffffff8e4a8f28 [ 473.113367][ C0] R13: 0000000000000000 R14: 0000000000000000 R15: 1ffffffff1952670 [ 473.113377][ C0] FS: 0000000000000000(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 [ 473.113391][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 473.113403][ C0] CR2: 0000558087502a38 CR3: 000000000cb30000 CR4: 00000000003506f0 [ 473.113426][ C0] Call Trace: [ 473.113435][ C0] [ 473.113442][ C0] default_idle+0x13/0x20 [ 473.113468][ C0] default_idle_call+0x6c/0xa0 [ 473.113496][ C0] do_idle+0x1eb/0x510 [ 473.113519][ C0] ? idle_inject_timer_fn+0x60/0x60 [ 473.113538][ C0] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 473.113563][ C0] cpu_startup_entry+0x43/0x60 [ 473.113582][ C0] rest_init+0x2e2/0x300 [ 473.113596][ C0] ? time_init+0x40/0x40 [ 473.113622][ C0] arch_call_rest_init+0xe/0x10 [ 473.113639][ C0] start_kernel+0x459/0x4e0 [ 473.113656][ C0] x86_64_start_reservations+0x2a/0x30 [ 473.113682][ C0] x86_64_start_kernel+0x60/0x60 [ 473.113707][ C0] secondary_startup_64_no_verify+0x179/0x17b [ 473.113750][ C0]