last executing test programs: 32.512361863s ago: executing program 2: r0 = syz_io_uring_setup(0x24fa, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0x46b9, &(0x7f0000000200), &(0x7f0000000000)=0x0, &(0x7f0000000180)) r3 = socket$can_bcm(0x1d, 0x2, 0x2) syz_io_uring_submit(r2, r1, &(0x7f0000000040)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000300)=@hci={0x1f, 0x0, 0x2}}) io_uring_enter(r0, 0xa3d, 0x0, 0x0, 0x0, 0x0) 32.211623716s ago: executing program 2: syz_mount_image$ext4(&(0x7f0000000880)='ext2\x00', &(0x7f0000000500)='./file1\x00', 0x21000e, &(0x7f0000000380), 0xfe, 0x518, &(0x7f00000008c0)="$eJzs3U1vI2cdAPD/TOIl201JChxKpb6IFu1WsPamoW3EoS0CcasEKvclSrxRtE4cxU67iSqUFR8ACSGoxIkTFyQ+ABLqR0BIlegdAQIh2MKBAzBoxuM0a8abrNYvafL7SY/9zGPP/P+Psx4/87IzAVxYz0XEGxExExEvRsRC2Z6WJQ57JX/fR/feXctL3vzW35JIyraIonrkSjnbXO+pUmf/4PZqq9XcLacb3a2dRmf/4Prm1upGc6O5vby89MrKqysvr9wYST/zfr32jT/9+Ac//+Zrv/7yO7+/+Zdr38uT/nr5er9fo1N8evFh8VjLP4sjsxGxO9pgUzNT9qc27UQAADiVfJT6mYj4QjH+X4iZYjRXGBzSzU0+OwAAAGAUstfn499JRAYAAACcW69HxHwkab08F2A+0rRe753D+7l4LG21O90v3Wrvba/nr0UsRi29tdlq3ijPqV2MWpJPLxX1j6dfGphejognIuJHC5eL6fpau7U+7Z0fAAAAcEFcGdj+/+dCb/sfAAAAOGcWp50AAAAAMHbDtv+TCecBAAAAjI/j/wAAAHCufevNN/OS9e9/vf72/t7t9tvX15ud2/WtvbX6Wnt3p77Rbm8U1+zbOml5rXZ75ysRe3ca3Wan2+jsH9zcau9td29uun8gAAAATMsTz77/YRIRh1+9XJTcpfxhZsgMzhWAcyN9mDf/cXx5AJM37Gf+FC6NMg9g8mannQAwPYfTTgCYtvsu9VExKDh+8s59+wx+M76cAACA0br6+erj//kmQG3ayQFj9VDH/4Fz5RGO/wOfcI7/w8VVe6gRwN0xZgJMy0m3+hh68Y6q4/+VZwZn2YnLAgAAxmq+KM+m9fJY4Hykab0e8XjxX/1rya3NVvNGRHw6In63UPtUPr1UzJm4PSAAAAAAAAAAAAAAAAAAAAAAAAAAnFKWJZEBAAAA51pE+uekvP/X1YUX5gf3D1xK/rUQ5S293vnpWz+5s9rt7i7l7X8/au++V7a/NI09GAAAAHARzT7w1f52en87HgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABG6aN77671yyTj/vVrEbFYFX825ornuahFxGP/SGL22HxJRMyMIP7h3Yh4sip+kqcVi2UWg/HTiLg8mfhPZ1lWGf/KCOLDRfZ+vv55o+r7l8ZzxXP193+2LI9q+PovPVr/zQxZ/z1+yhhPffDLxtD4dyOemq1e//TjJ0PiP1+1wIoP5bvfOTj4v8bewiP7WcTVyt+f5L5Yje7WTqOzf3B9c2t1o7nR3F5eXnpl5dWVl1duNG5ttprlY2Uff/j0r/470PSfrKfofwyJv3hC/1/IK7VjjdlgmDLYB3fufbZXrQ0sooh/7fnqv/+TD4if/5v4Yvk7kL9+tV8/7NWPe+YXv32mMrEy/vqQ/p/09782bKEDXvz29/9wyrcCABPQ2T+4vdpqNXfHXnkvy7JJxTp9JdIzkcYZqPRHd2MLMXdWeqpyUmUUe7YAAICz5uNB/7QzAQAAAAAAAAAAAAAAAAAAgIursx/puC8nNhjzcDpdBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4oP8FAAD//67x3Ks=") r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0) getdents(r0, 0x0, 0x0) 31.105957905s ago: executing program 2: r0 = syz_io_uring_setup(0x24fa, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0x46b9, &(0x7f0000000200), &(0x7f0000000000)=0x0, &(0x7f0000000180)) r3 = socket$can_bcm(0x1d, 0x2, 0x2) syz_io_uring_submit(r2, r1, &(0x7f0000000040)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000300)=@hci={0x1f, 0x0, 0x2}}) io_uring_enter(r0, 0xa3d, 0x0, 0x0, 0x0, 0x0) 30.313491046s ago: executing program 2: syz_emit_ethernet(0x5a, &(0x7f0000000800)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x4c, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010102, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x6, 0xe, 0x0, 0x0, 0x0, 0x0, {[@md5sig={0x13, 0x12, "a5aa9a0f0d5813c200ef722e3486ebd9"}, @md5sig={0x1d, 0x12, "910000000000006f00"}]}}}}}}}, 0x0) 30.094886046s ago: executing program 2: openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x123042, 0x0) r0 = userfaultfd(0x1) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000480)) r1 = fcntl$dupfd(r0, 0x0, r0) r2 = dup(r1) r3 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000140)='.\x00', &(0x7f0000000080), 0x0, &(0x7f00000003c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) 10.253097742s ago: executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4) bind$inet6(r0, &(0x7f0000000600)={0xa, 0x4e22}, 0x1c) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4) bind$inet6(r1, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) 10.104521673s ago: executing program 1: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=@framed={{}, [@printk={@p, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x83000000}, {0x85, 0x0, 0x0, 0x71}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000111e6ca5b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000020000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x19, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x25b45}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000000)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x61}, @printk={@p, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x9b}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r2, 0x0, 0xe40, 0xe40, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00`', &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000002c0)='ext4_remove_blocks\x00', r1}, 0x10) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.current\x00', 0x275a, 0x0) write$cgroup_int(r3, &(0x7f0000000100), 0x1001) ioctl$SIOCSIFHWADDR(r3, 0x4030582b, &(0x7f0000000280)={'lo\x00', @link_local={0x1, 0x80, 0xc2, 0xc}}) r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x17, 0xf, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r4}, {}, {0x7, 0x0, 0xb, 0x6}, {0x85, 0x0, 0x0, 0x65}, {0x4}}, {{0x5, 0x0, 0x3}}, [], {{0x7, 0x1, 0x3, 0x8}, {0x6, 0x0, 0x5, 0x8}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 9.801643119s ago: executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x44, 0x9, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x1f}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x10}]}, @NFT_MSG_NEWSETELEM={0x50, 0xc, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x24, 0x3, 0x0, 0x1, [{0x20, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0x4}, @NFTA_SET_ELEM_TIMEOUT={0xc}, @NFTA_SET_ELEM_EXPIRATION={0xc}]}]}]}], {0x14, 0x10}}, 0xdc}}, 0x0) 9.593644606s ago: executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000400)=0x2, 0x4) write$binfmt_script(r0, &(0x7f0000000300), 0xfe7f) recvmmsg(r0, &(0x7f0000010bc0)=[{{0x0, 0x0, &(0x7f0000001100)=[{&(0x7f0000001040)=""/191, 0xbf}], 0x1}}], 0x1, 0x2, 0x0) 9.259402667s ago: executing program 1: r0 = socket(0x2b, 0x1, 0x0) listen(r0, 0x0) r1 = dup(r0) recvmmsg(r1, &(0x7f0000002400)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 9.034662049s ago: executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4) bind$inet6(r0, &(0x7f0000000600)={0xa, 0x4e22}, 0x1c) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4) bind$inet6(r1, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) 7.357950081s ago: executing program 5: r0 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f0000000040)={0x2, @pix={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb}}) r1 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000440)=@base={0x12, 0x6, 0x8, 0x2}, 0x48) r2 = open(&(0x7f0000000200)='./bus\x00', 0x0, 0x0) r3 = io_uring_setup(0x559a, &(0x7f0000000140)={0x0, 0x0, 0x400}) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) io_uring_setup(0x0, &(0x7f00000000c0)={0x0, 0x0, 0x22, 0x0, 0x0, 0x0, r3}) ioctl$BLKROSET(r2, 0x125d, &(0x7f0000000080)=0x3f) socket$netlink(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, &(0x7f0000000280)={0x0}) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, &(0x7f0000000000), 0x4) setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000dc0)={0x0, 0x0, 0x209}, 0x20) setsockopt$packet_int(r4, 0x107, 0x0, 0x0, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000300)={'bridge0\x00'}) sendto$packet(r4, &(0x7f0000000180), 0x0, 0x0, &(0x7f0000000140), 0x14) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000001c0)={r1, &(0x7f0000000080), 0x0}, 0x20) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x8413, &(0x7f0000000080)={[{@noload}, {@discard}, {@nogrpid}, {@noblock_validity}]}, 0x0, 0x50e, &(0x7f0000000a40)="$eJzs3c9rHG0dAPDvbLJ5myZ9k1c96Au+b7WVtGh3k4a2wUOtIHoqqPVeY7IJIZtsyW7aJhSb4h8giKjgSS9eBP8AQQpePIpQ0LOiooi2elDQjuzubJomu0nedJtNk88HpvP8mNnv82w7s/PMTGcCOLFuZNPzNE0vRsRIVp7LpoaNiLMR8ezpg5n6lESa3vp7EklW1losbXgrhpqrND7gq1+K+EayM251bX1xulwurWT5Ym3pTrG6tn5pYWl6vjRfWp6cnLg6dW3qytT4q3RvbihLnImI61/48/e+/ZMvXv/FZ+794fZfL3wzabb5YWzrxwfUv1tls+v5OLWlrP5drhww2FHUvzUxuL91HmX/RAAAOFz149IPRcQnI+JijETf7oezAAAAwBso/dxw/DdpXbvbYaBDOQAAAPAGyUXEcCS5Qna/73DkcoVCNO7h/UiczpUr1dqn5yqry7P1uojRyOfmFsql8exe4dHIJ/X8RCP9In95W34yIt6JiO+ODDbyhZlKebbXJz8AAADghBjaNv7/10hz/A8AAAAcM6O9bgAAAADw2hn/AwAAwPFn/A8AAADH2pdv3qxPaev917N311YXK3cvzZaqi4Wl1ZnCTGXlTmG+UplvPLNvadcP23x14PLq/WKtVK0Vq2vrt5cqq8u12wsvvQIbAAAAOETvvP/4d0lEbHx2sDHVDWyp/0/2noCeNRB4bTZP2UWSzQd2LvT7t5vzPx1So4BD0dfrBgA909/rBgA9k+91A4CeS/ao73jzzq+z+Se62x4AAKD7xj7W+fp/btc1N3avBo48GzGcXK7/w8nVuP7f5pa/thwswLGSdwQAJ94rX//fk/9DBAAAvTbcmJJcITu9Nxy5XKEQcabxWoB8MrdQLo1HxNsR8duR/Fv1/ERjzWTPMQMAAAAAAAAAAAAAAAAAAAAAAAAA0JSmSaQAAADAsRaR+0vyy+az/MdGzg9vPz8wkPx7JLJXhN774a3v35+u1VYm6uX/2Cyv/SArv9yLMxgAAADAdq1xemscDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADd9Ozpg5nWdJhx//b5iBhtF78/TjXmpyIfEaf/mUT/lvWSiOjrQvyNRxHx0Xbxk3qzNkO2iz/4+uPHaPYttIs/1IX4cJI9ru9/brTb/nJxtjFvv/31R7yUP6jO+7/Y3P/1ddj+z+wzxrtPflbsGP9RxLv97fc/rfhJh/jn9hn/619bX+9Ul/4oYqzt70/yUqxibelOsbq2fmlhaXq+NF9anpycuDp1berK1HhxbqFcyv5sG+M7H//58936f7pD/NE9+n9+n/3/35P7Tz/cTObbxb9wrk38X/04W2Jn/Fz22/epLF2vH2ulN5rprd776W/e263/sx36v9ff/4V99v/iV771x30uCgAcgura+uJ0uVxaObaJ+ij9CDRD4ggmHu6sej8O/IFpmqb1beoVGpYcPHp3EslmSa/3TAAAQLe9OPrvdUsAAAAAAAAAAAAAAAAAAADg5DqM54ptj7mxmUq68QhtAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICu+H8AAAD//zh76TQ=") 7.020611313s ago: executing program 5: mlockall(0x1) mlockall(0x0) mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x0, &(0x7f0000ffd000/0x1000)=nil) setresuid(0x0, 0xee00, 0x0) semget$private(0x0, 0x0, 0x0) mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil) mremap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x3000, 0x3, &(0x7f0000ff5000/0x3000)=nil) mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x0, &(0x7f0000ffd000/0x1000)=nil) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) 3.653671179s ago: executing program 5: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f0000000580)=[@in6={0xa, 0x0, 0x0, @private1}]}, &(0x7f0000000180)=0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x7c, &(0x7f0000000000)={r3}, 0x14) 3.350132183s ago: executing program 3: r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x12, 0x8, &(0x7f0000000740)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0x31}}]}, &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000080)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xee01, 0xee00}}, './file0\x00'}) r2 = syz_usb_connect(0x0, 0x24, &(0x7f0000004200)={{0x12, 0x1, 0x0, 0xe2, 0x79, 0x3b, 0x10, 0x5d1, 0x2001, 0x900, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x4d, 0x2f, 0x9c}}]}}]}}, 0x0) syz_usb_control_io(r2, 0x0, 0x0) syz_usb_control_io$printer(r2, 0x0, &(0x7f0000000b40)={0x34, &(0x7f00000007c0)={0x0, 0x0, 0x2, "b81a"}, 0x0, 0x0, 0x0, 0x0, 0x0}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00'}, 0x10) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f00000007c0)='./file0\x00', 0x3004000, &(0x7f0000000100)={[], [{@obj_role}, {@fowner_eq={'fowner', 0x3d, r1}}, {@obj_role={'obj_role', 0x3d, 'GPL\x00'}}, {@fowner_lt={'fowner<', r1}}, {@dont_hash}, {@uid_lt={'uid<', 0xee00}}, {@fowner_eq={'fowner', 0x3d, r1}}, {@dont_measure}, {@seclabel}]}, 0x1, 0x790, &(0x7f0000001740)="$eJzs3c9rHFUcAPDvTHaT/k4qClZRAx5aEPPLgj9QaMGjiKCevDQkaSnd/qCJYEOEFrEnjwXBiwiCF2+KF0FKT4p46UX6H0ilSBBaxUNkprPJttlNds1upnU/H5jkvXm7+95k+c6bHy/zAuhbo9mPNOJARFxMIoaL9UlEVPNUJeLI3dfdWV6a+Wt5aSaJlZW3/0jy19xeXpqJhvdkdhdv2xER168l8cjA+nrnLyyemq7V5s4X+fGF0+fG5y8sPn/y9PSJuRNzZ6ampl6eOjz54sRU17b1o6d+/uafy29+/Om+G1d+v/7dviSOxJ6irHE7umU0Rlf/Jo0qEfF6tysryUCxPWnDuqRSYoPoSNrwHT4ewzEQa1/ecFz7ttTGAQA9sZItAECfSfT/ANBn6tcBbi8vzdSXcq9IANvl1tHIb9RncX+nWO6WVOJI/ntHPg5g159JNN7WTepjB7Yo+4yv36t+ni3Ro/vwQHMXL+U3/pv0/0ke/yP5KJ718T8QUewftub+fYj4h+2zlfh/qwv1i38AAAAAAADonqtHI+KlZvf/0tXxP9Hk/t9QREx0of7N7/+lN7tQDdDEraMRrxbP9rl3/N/qE11GBorc3oh4LKrJ8ZO1uSz290XEoagOZfnJ5h+f7zLevTz5Q6v6G8f/ZUtWf30sYNGOm5Whe98zO70wvdXtBiJuXYp4otIs/pPV/j9pMf73WJt1fL/01dOtyjaPf6BXVr6IONi0/197cl2y8fP5xvPjgfH6UcF6i8de+7BV/W3F/9q/KQFdlPX/uzaO/5Gk8Xmd853X8cntic9alf3X4//B5J38qaKDxboPphcWzk9GDCZvrF/fvUeIwkOtHg/1eMni/9Czzc//Nzr+r0bEuTbr/PLH6q+tykbzSHX8D2XI4n+2o/6/88TfvzzZclfRXv9/OO/TDxVrXP+DjbUboGW3EwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuimNiD2RpGOr6TQdG4vYHRGPxq60dnZ+4bnjZ98/M5uVRYxENT1+sjY3ERHDd/NJlp/M02v5qfvyL0TE/oi4MrQzz4/NnK3Nlr3xAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFDY3WL+/8xvQ2W3DgDomR1lNwAA2Hb6fwDoP/p/AOg/Hff/P+3tTUMAgG3j/B8A+o/+HwAAAAAAAAAAAAAAAAAAAAAAAAB6av8zV28kEXHxlZ35khksyqqltgzotbTsBgClGSi7AUBpKu28KElWzwmA/w/n+ECySXnrKUJcQQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoH8cPNDu/P9tzRQKPETM3gf9y/z/0L8c1UP/Mv8/YP5/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADY3PyFxVPTtdrceYluJyoPRjMehMRQRDwAzZDoIFH2ngkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIfBvwEAAP//snoPXw==") r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="440000001a00010000000000000000000a000000", @ANYRES32=0x0, @ANYBLOB="0000000014000100c37a2345000000000000ffff000000001400030007"], 0x44}}, 0x0) 3.235098438s ago: executing program 0: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) syz_usb_connect$hid(0xf63067478e218e8, 0x36, &(0x7f0000000cc0)=ANY=[], 0x0) writev(r1, &(0x7f0000000240)=[{&(0x7f0000000800)='9', 0x1}], 0x1) 2.633015626s ago: executing program 5: syz_mount_image$minix(&(0x7f00000000c0), &(0x7f0000000040)='./file2\x00', 0x1200808, &(0x7f0000000100)=ANY=[@ANYRES64=0x0, @ANYRES16, @ANYRES64, @ANYRESOCT, @ANYRES8, @ANYRES16], 0x1, 0x1e5, &(0x7f0000000400)="$eJzs20tu00Acx/HfJGkSQ4HyXCCkILGADUmaikqsWs7BqmrTqsIFhNkkQsJcAM7AObgMB4AFO1YY+ZGm9aM1E9y0zfez8Xh+/dvjuu6MolgAFtamHsrIqBnuPGivfLltStU1qx4YgMoFyfZPYMOxqgJwXtR/p3uSFYA/n/EAOCs/X0jfJf349WFb9eyqPsz9SV5rZfNP0v1Gkpu2nPT64qv0eFJvrmTrG/E2zq/mHv/Jo8n5l3VN13VDK7qpW8aXifKdw/p7VmsgAAAWjVH3tLwr1QvSePLOrgqmlrT7LTurTzW1u+8OB6fka4V5K8q722/cnRPOAiBPrdTzX6wePX/9wrwR5avJXttukAAq4Y3GLbnu8J03Cif5qDF+teX+U8OxqirTMJUdOb/RTPUEHyUd9mzaHjnQsR7n6O+543VmH7yJP6VROnLKlNeUF720GMZGNlqSNNtNMb5V+fJn5V7XbI0NlfrhTs69sG60zuiP/3hj3v+ZAFSt9/7gbc8bjZ/uH2ztDfeGrwf9/vP1Z2ur64NetLLvnby+B3BxTSd9Hfk2EAAAAAAAAAAAAAAAuEju6G64Sb+2CwAAAOAS+m/vDDVU+LrVvK8RAAAAAAAAAAAAAAAAAIDL5m8AAAD//3E6Bko=") truncate(&(0x7f0000000600)='./file2\x00', 0x8800000) newfstatat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', &(0x7f00000001c0), 0x0) 2.479262992s ago: executing program 3: sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000800)=[{{&(0x7f0000000000)={0xa, 0x0, 0x0, @private2}, 0x1c, 0x0}}], 0x1, 0x0) r0 = socket(0x2000000015, 0x80005, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) recvfrom$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000040)={0xa, 0x0, 0x0, @private2}, 0x20000000) 2.048284908s ago: executing program 3: r0 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f0000000040)={0x2, @pix={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb}}) r1 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000440)=@base={0x12, 0x6, 0x8, 0x2}, 0x48) r2 = open(&(0x7f0000000200)='./bus\x00', 0x0, 0x0) r3 = io_uring_setup(0x559a, &(0x7f0000000140)={0x0, 0x0, 0x400}) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) io_uring_setup(0x0, &(0x7f00000000c0)={0x0, 0x0, 0x22, 0x0, 0x0, 0x0, r3}) ioctl$BLKROSET(r2, 0x125d, &(0x7f0000000080)=0x3f) socket$netlink(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, &(0x7f0000000280)={0x0}) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, &(0x7f0000000000), 0x4) setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000dc0)={0x0, 0x0, 0x209}, 0x20) setsockopt$packet_int(r4, 0x107, 0x0, 0x0, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000300)={'bridge0\x00'}) sendto$packet(r4, &(0x7f0000000180), 0x0, 0x0, &(0x7f0000000140), 0x14) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000001c0)={r1, &(0x7f0000000080), 0x0}, 0x20) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x8413, &(0x7f0000000080)={[{@noload}, {@discard}, {@nogrpid}, {@noblock_validity}]}, 0x0, 0x50e, &(0x7f0000000a40)="$eJzs3c9rHG0dAPDvbLJ5myZ9k1c96Au+b7WVtGh3k4a2wUOtIHoqqPVeY7IJIZtsyW7aJhSb4h8giKjgSS9eBP8AQQpePIpQ0LOiooi2elDQjuzubJomu0nedJtNk88HpvP8mNnv82w7s/PMTGcCOLFuZNPzNE0vRsRIVp7LpoaNiLMR8ezpg5n6lESa3vp7EklW1losbXgrhpqrND7gq1+K+EayM251bX1xulwurWT5Ym3pTrG6tn5pYWl6vjRfWp6cnLg6dW3qytT4q3RvbihLnImI61/48/e+/ZMvXv/FZ+794fZfL3wzabb5YWzrxwfUv1tls+v5OLWlrP5drhww2FHUvzUxuL91HmX/RAAAOFz149IPRcQnI+JijETf7oezAAAAwBso/dxw/DdpXbvbYaBDOQAAAPAGyUXEcCS5Qna/73DkcoVCNO7h/UiczpUr1dqn5yqry7P1uojRyOfmFsql8exe4dHIJ/X8RCP9In95W34yIt6JiO+ODDbyhZlKebbXJz8AAADghBjaNv7/10hz/A8AAAAcM6O9bgAAAADw2hn/AwAAwPFn/A8AAADH2pdv3qxPaev917N311YXK3cvzZaqi4Wl1ZnCTGXlTmG+UplvPLNvadcP23x14PLq/WKtVK0Vq2vrt5cqq8u12wsvvQIbAAAAOETvvP/4d0lEbHx2sDHVDWyp/0/2noCeNRB4bTZP2UWSzQd2LvT7t5vzPx1So4BD0dfrBgA909/rBgA9k+91A4CeS/ao73jzzq+z+Se62x4AAKD7xj7W+fp/btc1N3avBo48GzGcXK7/w8nVuP7f5pa/thwswLGSdwQAJ94rX//fk/9DBAAAvTbcmJJcITu9Nxy5XKEQcabxWoB8MrdQLo1HxNsR8duR/Fv1/ERjzWTPMQMAAAAAAAAAAAAAAAAAAAAAAAAA0JSmSaQAAADAsRaR+0vyy+az/MdGzg9vPz8wkPx7JLJXhN774a3v35+u1VYm6uX/2Cyv/SArv9yLMxgAAADAdq1xemscDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADd9Ozpg5nWdJhx//b5iBhtF78/TjXmpyIfEaf/mUT/lvWSiOjrQvyNRxHx0Xbxk3qzNkO2iz/4+uPHaPYttIs/1IX4cJI9ru9/brTb/nJxtjFvv/31R7yUP6jO+7/Y3P/1ddj+z+wzxrtPflbsGP9RxLv97fc/rfhJh/jn9hn/619bX+9Ul/4oYqzt70/yUqxibelOsbq2fmlhaXq+NF9anpycuDp1berK1HhxbqFcyv5sG+M7H//58936f7pD/NE9+n9+n/3/35P7Tz/cTObbxb9wrk38X/04W2Jn/Fz22/epLF2vH2ulN5rprd776W/e263/sx36v9ff/4V99v/iV771x30uCgAcgura+uJ0uVxaObaJ+ij9CDRD4ggmHu6sej8O/IFpmqb1beoVGpYcPHp3EslmSa/3TAAAQLe9OPrvdUsAAAAAAAAAAAAAAAAAAADg5DqM54ptj7mxmUq68QhtAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICu+H8AAAD//zh76TQ=") 2.040814725s ago: executing program 4: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x8, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r0}, &(0x7f0000000080), &(0x7f0000000200)}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r2, &(0x7f0000000040)=@pppol2tp={0x18, 0x1, {0x0, r1, {0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x4}}, 0x26) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev, 0x3}, 0x1c) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$tipc(r4, &(0x7f0000003280)={0x0, 0x0, 0x0}, 0x0) sendmsg$tipc(r4, &(0x7f0000000e40)={0x0, 0x0, 0x0}, 0x0) setsockopt$sock_attach_bpf(r3, 0x1, 0x21, &(0x7f0000000040), 0x4) unshare(0x400) r5 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$RNDADDTOENTCNT(r5, 0x40045201, &(0x7f00000001c0)=0xffffffff) sendmsg$tipc(r4, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0) r6 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r7}, 0x10) sendmsg$tipc(r3, &(0x7f0000001180)={0x0, 0x0, 0x0}, 0x0) sendmmsg$inet6(r1, &(0x7f0000003a40)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000003640)=[{0x0}, {0x0}, {&(0x7f0000003300)="f8", 0x1}, {&(0x7f0000003540)}], 0x4, &(0x7f00000037c0)=[@tclass={{0x14}}], 0x18}}], 0x3, 0x4000001) 1.978953438s ago: executing program 5: socket$nl_route(0x10, 0x3, 0x0) socket(0x0, 0x803, 0x0) ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, &(0x7f0000000140)={0xffffffffffffffff, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "3a280a05a59fc768d5b4db0f1a9c98277afe8d9338364ba7a2b3bd8b221b24ecb4e1df6dad2e34905f0101d1be5fc322de3b576b708510054635e0d93924b8b4", "6a588528551db5d9ac7718bb76b2137f2dc09faca249808f541ba51d8e68d45a5e2457be5c13d221b580e1d93e09c8cd04f287d17f5b791ef68c406003f20814", "79da99b7cefddf6d76277bd44f7b742daf84f5d07d391a3c169dc6e96507d14a"}}) r0 = socket(0x2, 0x3, 0xee) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socketpair(0x0, 0x0, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x11, 0xd, 0x0, 0x0) socketpair(0x25, 0x0, 0x0, &(0x7f0000000080)) setsockopt$inet6_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x11, 0xd, 0x0, 0x0) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/fs/cgroup', 0x22000, 0x149) r3 = signalfd4(0xffffffffffffffff, &(0x7f0000000040), 0x8, 0x0) setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, 0x0, 0x0) faccessat2(r2, &(0x7f0000000000)='.\x00', 0x5, 0x0) mq_open(0x0, 0x0, 0x64, &(0x7f0000000040)={0x0, 0x0, 0x2, 0x1000}) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000002c0)={@private1={0xfc, 0x1, '\x00', 0x5}, @loopback, @mcast2, 0x0, 0x8400, 0x80, 0x0, 0x10000, 0x83000004}) ioctl$RNDCLEARPOOL(0xffffffffffffffff, 0x5206, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000340)='mountinfo\x00') r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000380)) epoll_wait(r3, &(0x7f00000003c0)=[{}, {}, {}, {}], 0x4, 0x10002) ioctl$sock_inet6_udp_SIOCINQ(r0, 0x8935, &(0x7f0000000180)) 1.851223568s ago: executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x8, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r0}, &(0x7f0000000080), &(0x7f0000000200)}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r2, &(0x7f0000000040)=@pppol2tp={0x18, 0x1, {0x0, r1, {0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x4}}, 0x26) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev, 0x3}, 0x1c) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$tipc(r4, &(0x7f0000003280)={0x0, 0x0, 0x0}, 0x0) sendmsg$tipc(r4, &(0x7f0000000e40)={0x0, 0x0, 0x0}, 0x0) setsockopt$sock_attach_bpf(r3, 0x1, 0x21, &(0x7f0000000040), 0x4) unshare(0x400) r5 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$RNDADDTOENTCNT(r5, 0x40045201, &(0x7f00000001c0)=0xffffffff) sendmsg$tipc(r4, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0) r6 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r7}, 0x10) sendmsg$tipc(r3, &(0x7f0000001180)={0x0, 0x0, 0x0}, 0x0) sendmmsg$inet6(r1, &(0x7f0000003a40)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000003640)=[{0x0}, {0x0}, {&(0x7f0000003300)="f8", 0x1}, {&(0x7f0000003540)}], 0x4, &(0x7f00000037c0)=[@tclass={{0x14}}], 0x18}}], 0x3, 0x4000001) 1.806069414s ago: executing program 4: r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000000500)=ANY=[@ANYBLOB="18080000c8000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000054000000bca90000000000003509010000000000950000000000000075090300020000007b9a00fe00000000b509000000000000c39a04fee1000000bf8700000000000007080000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018290000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000007000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 1.634186322s ago: executing program 4: r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x12, 0x8, &(0x7f0000000740)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0x39}}]}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 1.585926612s ago: executing program 3: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x6) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@base={0x13, 0x10, 0x2}, 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x7, &(0x7f0000000680)=@framed={{0x18, 0x8}, [@map_fd={0x18, 0x0, 0x1, 0x0, r1}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}]}, &(0x7f0000000000)='GPL\x00', 0x4, 0xea, &(0x7f0000000340)=""/234}, 0x23) 1.509385209s ago: executing program 4: syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000380)='./bus\x00', 0x104, &(0x7f0000000280)={[{@errors_remount}, {@nodelalloc}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x2e}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x4000}}, {@block_validity}, {@quota}]}, 0x3, 0x465, &(0x7f0000000ec0)="$eJzs3MtvVNUfAPDvvdOBH69fK+KDh1pFY+OjpQWVhQs1mrjQxMQNLmtbCFKooTURQhSNwaUhcW9cmvgXuMKNUVcmstS9ISGGjehqzJ25l3kwM0zLtIPM55Nces69Z3rOd849M+few20AQ2s8+yeJ2B4Rv0XEaC3bXGC89uP6tXNzf187N5dEpfL2n0m13F/Xzs0VRYvXbcszE2lE+lkSe9vUu3zm7InZxcWF03l+auXk+1PLZ84+e/zk7LGFYwunZg4fPnRw+oXnZ57rS5z3ZG3d89HSvt2vv3PxzbkjF9/96dukiL8ljj4Z73bwiUqlz9UN1o6GdDIywIawKqWIyLqrXB3/o1GKeueNxmufDrRxwLqq5DocPl8B7mJJDLoFwGAUX/TZ9W+xbdzsY/Cuvly7AMrivp5vtSMjkUbtwqjccn3bT+MRceT8P19lW6zPfQgAgCaXsvnPM+3mf2nc31Du//na0Fi+lrIzIu6NiF0RcV9EtewDEfHgKutvXSS5ef6TXllTYD3K5n8v5mtbzfO/tCgyVspzO6qZcnL0+OLCgfw9mYjy5iw/3aWO71/99YtOxxrnf9mW1V/MBfN2XBnZ3Pya+dmV2duJudHVTyL2jLSLP7mxEpBExO6I2LPGOo4/9c2+Tsda468k3X7TS83ZPqwzVb6OeLLW/+ejJf5C0n19cup/sbhwYKo4K2728y8X3upU/637v3z7QXaR9f/Wtuf/jfjHksb12uXV13Hh9887XtNMrun8r+/YlP/8cHZl5fR0xKbkjVqjG/fP1F9b5IvyWfwT+9uP/51Rfyf2RkR2Ej8UEQ9HxCN53z0aEY9FxP4u8f/4yuPvdTp26/5fX1n88y39P9Zc5PLlpv6vJzZF6572idKJH75r+o0NFfT2+XeomprI9/Ty+ddLu9Z2NgMAAMB/TxoR2yNJJ2+k03RysvZ/+HfF1nRxaXnl6aNLH5yarz0jMBbltLjTVbsfXLsfOp1f1hf5mZb8wfy+8ZelLdX85NzS4vygg4cht63D+M/8URp064B153ktGF7GPwwv4x+Gl/EPw6vN+N8yiHYAG6/d9//H9WRldCMbA2yolvFf8jfcYHgY6zC8jH8YXo3jv+vz98DdZHlL3PoheYmeE+WIuAOasQGJSO+IZvQnkfQ2Ci5FxJqq2D7oAFefGPQnEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQH/8GwAA//+6b+Sz") bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000079000000090000000000000018110000", @ANYRES32, @ANYBLOB], 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x1e, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000070018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xff7e}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000002c0)='mm_page_alloc\x00', r1}, 0x10) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r3, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018400110800395032303030"], 0x15) r4 = dup(r3) write$FUSE_BMAP(r4, &(0x7f0000000080)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r4, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r3]) lchown(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r5 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0) getdents64(r5, 0x0, 0x1100) 1.414339428s ago: executing program 0: syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000380)='./bus\x00', 0x104, &(0x7f0000000280)={[{@errors_remount}, {@nodelalloc}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x2e}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x4000}}, {@block_validity}, {@quota}]}, 0x3, 0x465, &(0x7f0000000ec0)="$eJzs3MtvVNUfAPDvvdOBH69fK+KDh1pFY+OjpQWVhQs1mrjQxMQNLmtbCFKooTURQhSNwaUhcW9cmvgXuMKNUVcmstS9ISGGjehqzJ25l3kwM0zLtIPM55Nces69Z3rOd849M+few20AQ2s8+yeJ2B4Rv0XEaC3bXGC89uP6tXNzf187N5dEpfL2n0m13F/Xzs0VRYvXbcszE2lE+lkSe9vUu3zm7InZxcWF03l+auXk+1PLZ84+e/zk7LGFYwunZg4fPnRw+oXnZ57rS5z3ZG3d89HSvt2vv3PxzbkjF9/96dukiL8ljj4Z73bwiUqlz9UN1o6GdDIywIawKqWIyLqrXB3/o1GKeueNxmufDrRxwLqq5DocPl8B7mJJDLoFwGAUX/TZ9W+xbdzsY/Cuvly7AMrivp5vtSMjkUbtwqjccn3bT+MRceT8P19lW6zPfQgAgCaXsvnPM+3mf2nc31Du//na0Fi+lrIzIu6NiF0RcV9EtewDEfHgKutvXSS5ef6TXllTYD3K5n8v5mtbzfO/tCgyVspzO6qZcnL0+OLCgfw9mYjy5iw/3aWO71/99YtOxxrnf9mW1V/MBfN2XBnZ3Pya+dmV2duJudHVTyL2jLSLP7mxEpBExO6I2LPGOo4/9c2+Tsda468k3X7TS83ZPqwzVb6OeLLW/+ejJf5C0n19cup/sbhwYKo4K2728y8X3upU/637v3z7QXaR9f/Wtuf/jfjHksb12uXV13Hh9887XtNMrun8r+/YlP/8cHZl5fR0xKbkjVqjG/fP1F9b5IvyWfwT+9uP/51Rfyf2RkR2Ej8UEQ9HxCN53z0aEY9FxP4u8f/4yuPvdTp26/5fX1n88y39P9Zc5PLlpv6vJzZF6572idKJH75r+o0NFfT2+XeomprI9/Ty+ddLu9Z2NgMAAMB/TxoR2yNJJ2+k03RysvZ/+HfF1nRxaXnl6aNLH5yarz0jMBbltLjTVbsfXLsfOp1f1hf5mZb8wfy+8ZelLdX85NzS4vygg4cht63D+M/8URp064B153ktGF7GPwwv4x+Gl/EPw6vN+N8yiHYAG6/d9//H9WRldCMbA2yolvFf8jfcYHgY6zC8jH8YXo3jv+vz98DdZHlL3PoheYmeE+WIuAOasQGJSO+IZvQnkfQ2Ci5FxJqq2D7oAFefGPQnEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQH/8GwAA//+6b+Sz") bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000079000000090000000000000018110000", @ANYRES32, @ANYBLOB], 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x1e, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000070018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xff7e}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000002c0)='mm_page_alloc\x00', r1}, 0x10) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r3, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018400110800395032303030"], 0x15) r4 = dup(r3) write$FUSE_BMAP(r4, &(0x7f0000000080)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r4, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r3]) lchown(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r5 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0) getdents64(r5, 0x0, 0x1100) 1.403599855s ago: executing program 5: r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x12, 0x8, &(0x7f0000000740)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0x31}}]}, &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000080)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xee01, 0xee00}}, './file0\x00'}) r2 = syz_usb_connect(0x0, 0x24, &(0x7f0000004200)={{0x12, 0x1, 0x0, 0xe2, 0x79, 0x3b, 0x10, 0x5d1, 0x2001, 0x900, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x4d, 0x2f, 0x9c}}]}}]}}, 0x0) syz_usb_control_io(r2, 0x0, 0x0) syz_usb_control_io$printer(r2, 0x0, &(0x7f0000000b40)={0x34, &(0x7f00000007c0)={0x0, 0x0, 0x2, "b81a"}, 0x0, 0x0, 0x0, 0x0, 0x0}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00'}, 0x10) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f00000007c0)='./file0\x00', 0x3004000, &(0x7f0000000100)={[], [{@obj_role}, {@fowner_eq={'fowner', 0x3d, r1}}, {@obj_role={'obj_role', 0x3d, 'GPL\x00'}}, {@fowner_lt={'fowner<', r1}}, {@dont_hash}, {@uid_lt={'uid<', 0xee00}}, {@fowner_eq={'fowner', 0x3d, r1}}, {@dont_measure}, {@seclabel}]}, 0x1, 0x790, &(0x7f0000001740)="$eJzs3c9rHFUcAPDvTHaT/k4qClZRAx5aEPPLgj9QaMGjiKCevDQkaSnd/qCJYEOEFrEnjwXBiwiCF2+KF0FKT4p46UX6H0ilSBBaxUNkprPJttlNds1upnU/H5jkvXm7+95k+c6bHy/zAuhbo9mPNOJARFxMIoaL9UlEVPNUJeLI3dfdWV6a+Wt5aSaJlZW3/0jy19xeXpqJhvdkdhdv2xER168l8cjA+nrnLyyemq7V5s4X+fGF0+fG5y8sPn/y9PSJuRNzZ6ampl6eOjz54sRU17b1o6d+/uafy29+/Om+G1d+v/7dviSOxJ6irHE7umU0Rlf/Jo0qEfF6tysryUCxPWnDuqRSYoPoSNrwHT4ewzEQa1/ecFz7ttTGAQA9sZItAECfSfT/ANBn6tcBbi8vzdSXcq9IANvl1tHIb9RncX+nWO6WVOJI/ntHPg5g159JNN7WTepjB7Yo+4yv36t+ni3Ro/vwQHMXL+U3/pv0/0ke/yP5KJ718T8QUewftub+fYj4h+2zlfh/qwv1i38AAAAAAADonqtHI+KlZvf/0tXxP9Hk/t9QREx0of7N7/+lN7tQDdDEraMRrxbP9rl3/N/qE11GBorc3oh4LKrJ8ZO1uSz290XEoagOZfnJ5h+f7zLevTz5Q6v6G8f/ZUtWf30sYNGOm5Whe98zO70wvdXtBiJuXYp4otIs/pPV/j9pMf73WJt1fL/01dOtyjaPf6BXVr6IONi0/197cl2y8fP5xvPjgfH6UcF6i8de+7BV/W3F/9q/KQFdlPX/uzaO/5Gk8Xmd853X8cntic9alf3X4//B5J38qaKDxboPphcWzk9GDCZvrF/fvUeIwkOtHg/1eMni/9Czzc//Nzr+r0bEuTbr/PLH6q+tykbzSHX8D2XI4n+2o/6/88TfvzzZclfRXv9/OO/TDxVrXP+DjbUboGW3EwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuimNiD2RpGOr6TQdG4vYHRGPxq60dnZ+4bnjZ98/M5uVRYxENT1+sjY3ERHDd/NJlp/M02v5qfvyL0TE/oi4MrQzz4/NnK3Nlr3xAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFDY3WL+/8xvQ2W3DgDomR1lNwAA2Hb6fwDoP/p/AOg/Hff/P+3tTUMAgG3j/B8A+o/+HwAAAAAAAAAAAAAAAAAAAAAAAAB6av8zV28kEXHxlZ35khksyqqltgzotbTsBgClGSi7AUBpKu28KElWzwmA/w/n+ECySXnrKUJcQQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoH8cPNDu/P9tzRQKPETM3gf9y/z/0L8c1UP/Mv8/YP5/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADY3PyFxVPTtdrceYluJyoPRjMehMRQRDwAzZDoIFH2ngkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIfBvwEAAP//snoPXw==") r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="440000001a00010000000000000000000a000000", @ANYRES32=0x0, @ANYBLOB="0000000014000100c37a2345000000000000ffff000000001400030007"], 0x44}}, 0x0) 1.402822578s ago: executing program 3: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xffffff0a, &(0x7f0000000080)=[{&(0x7f0000000040)="c018030023000b63d25a80648c2594f90124fc60100c024002000009053582c137153e370248078000f01700d1bd", 0x33fe0}], 0x1}, 0x0) recvmsg(r0, &(0x7f0000001e00)={0x0, 0x0, 0x0}, 0x0) 1.246161569s ago: executing program 0: syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000140)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2000042, &(0x7f0000000400), 0x7, 0x4f7, &(0x7f0000000bc0)="$eJzs3c1vG2kZAPBnHHs32QacXTgsK7Fb+qEUQZ2k6UfEobQSH6dKiHJPQ+JEUZy4Spy2iSpw/wIQqgCJEycuSPwBSKh/AkKqBDcOnEAVpPTABRmNP9rUsUPSunab/H7SdN5533qe57Hj6byeaRzAsXUyIq5FxFBEnI2IfLM/01yi2ljSv/d05/58uiRRq938ZxJJs699nyeaD0t9/7sRP0z2xt3Y2l6ZK5WK6y93b59fXp1bKi4V16anpy7PXJm5NDN5wEqS7H6joxFx9VvPfv6T33zn6h++fvdvs/8496M0rVvN8U519EKj9FwMtzqqbyLK4KQ/N9l6hQAAvAvORMRHEXEqIr4a+RiKfU+jAQAAgHdQ7Zuj77eaAAAAwNGUqd8bm2QKzft9RyOTKRQa9/B+MT7IlMobla8tljfXFhr30I5FLrO4XCpONu8VHotckm5P1dsvti+0bU9HxIcR8TA/km7XxwAAAID+ONE2/3+Wb8z/AQAAgCPGxXgAAAA4+sz/AQAA4Ogz/wcAAIAj7Xs3bqRL7enO/fr3ACzc2dpcKd85v1DcWCmsbs4X5svrtwtL5fJSqVgY+v/7K5XLty/G2ua9iUp2ozKxsbU9u1reXKvM1r/Xe7b4UR9qAgAAAF724WeP/pJERPUbI/Ul9V5zLDfQzIC3SJJt67j1lQFlAvTEAT7Sf9nJzTeTCNB37f+m11X7nwfQf+b4QNLe0XZiMNzlVCH+ePhYnXcEAAC8aeNfcv0fjqvMoBMABuang04AGBifxcPxlTv8HYDAEbPn+n+b4W4DB77+X6sdKiEAAKDnRhur+v/4ydS3M5lC4fllwWRxuVScjIjPR8Sf87n30+2pAeYLAAAAAAAAAAAAAAAAAAAAAAAAAO+iWi2JGgAAAHCkRWT+njS//2s8f2a0/fOB95L/5OvriLj7q5u/uDdXqaxPpf3/et5f+WWz/8IgPsEAAACA4yi372hrnt6axwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABALz3duT/fWvoZ98n1GImxTvGzMVxfD0cuIj74dxLZXY9LImKoB/GrDyJGOtafpGnFWDOL9viZaDyuF/Hj41eLf6IH8eE4e3Q9Iq51ev9l4mR93fn9l20ur+vJ9fqbvGP81vFvqMvx73O7d5TpHuOTx7+b6Br/QcQn2c7Hn1b8pEv80wes8dYPtre7jdV+HTHe5fi7O9ZEZfX2xMbW9vnl1bmlYjbWpqenLs9cmbk0MzmxuFwqNv/sGONnX/599WHX+htP3O74rTrHGhn+uFv9Zw5Y/38f39v5QqOZ2xs/4tzpzq//x/V15+c//Zk423zZ0/HxVrvaaO/26W//9Gm33NL4C12e/8brn691q//cwcrfUzMAMFgbW9src6VScb0PjVMXe7fDpE85a3RpDL8dafS78e3X3k/rdPh19vPXntWVzhk6Dw34wAQAAPTci5P+QWcCAAAAAAAAAAAAAAAAAAAAx9cr/fKwzw73qPaY1cGUCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwr/8FAAD///S5yB4=") 1.051563333s ago: executing program 4: syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x1008002, &(0x7f0000000380)={[{@discard}, {@barrier}, {@resuid}, {@nodiscard}, {@minixdf}, {@errors_remount}, {@usrquota}, {@data_err_abort}, {@resuid}]}, 0x1, 0x5f2, &(0x7f0000000600)="$eJzs3c9vVNUeAPDvnU5LS3mvhby893ABTYyBRGlpAUOMC9ga0uCPuHFjpQWRAg2t0aIJJcGNiXFjjIkrF+LeP0CJbFnpyoUbV4aEqGFp4pg7M7d02jstnf64DffzSaY995y5Ped2+u0998w5dwIoraH0SyVif0TMJBEDycJiWTWahUON5z3888Nz6SOJWu3V35NImnnZ85Pm9/7mzr0R8eMPSezrWlnv7Pz1SxPT01PXmtsjc5dnRmbnrx+5eHniwtSFqStjz4+dPHH8xMnRox0d142cvDO33nlv4OPxN77+8q9k9JtfxpM4FS81n7j0ODbLUAzVfyfJyqL+k5tdWUG6mn8nS1/ipFpgg1iX7PXrjoj/xUB0xaMXbyA+ernQxgFbqpZE1ICSSsQ/lFTWD8iu7ZdfB1cK6ZUA2+HB6cYAwMr4rzbGBqO3Pjaw+2ESS4d1kojobGSu1Z6IuHd3/Nb5u+O3YovG4YB8Czcj4v958Z/U438wemOwHv+VlvhP+wVnm9/T/Fc6rH/5ULH4h+3TiP/eVeM/2sT/m0vi/60O6x96lHy7ryX++zo9JAAAAAAAACitO6cj4rm89/8ri/N/Imf+T39EnNqE+oeWba98/79yfxOqAXI8OB3xYs7838Z6zvrs38GuZupf9fkA3cn5i9NTRyPi3xFxOLp3pdujq9Rx5JN9X7QrG2rO/8seaf33mnMBGyr3q7ta95mcmJvY6HEDEQ9uRjyVO/83WTz/Jznn//T/wcxj1rHvmdtn25WtHf/AVql9FXEod/3Po7tWJKvfn2Ok3h8YyXoFKx344NPv2tXfafxX48C3nR0xkEnP/7tXj//BZOn9embXX8ex+WqtXVmn/f+e5LX6JUpPM+/9ibm5a6MRPcmZrjS3JX9s/W2GJ1EWD1m8pPF/+OnVx//y+v99EbGw7Gcnf7SuKc789+/+X9u1Z2P9/80YgYTySuN/cl3n//Unxm4Pft+u/sc7/x+vn+sPN3OM/0HD51mY9rTm54RjNa9ou9sLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAE+CSkTsiaQyvJiuVIaHI/oj4j+xuzJ9dXbu2fNX370ymZbVP/+/kn3S70BjO8k+/39wyfbYsu1jEbE3Ij7r6qtvD5+7Oj1Z9MEDAAAAAAAAAAAAAAAAAADADtHfZv1/6reuolsHbLlq0Q0ACpMT/z8V0Q5g+zn/Q3mJfygv8Q/lJf6hvMQ/lJf4h/IS/1Be4h8AAAAAAJ4oew/e+TmJiIUX+uqPVE+zrLvQlgFbrVJ0A4DCuMUPlJepP1BervGBZI3y3rY7rbXnambObWBnAAAAAAAAAAAAACidQ/ut/4eysv4fysv6fyivbP3/wYLbAWw/1/hArLGSP3f9/5p7AQAAAAAAAAAAAACbaXb++qWJ6empazsg0VdsM17fEb+EbU3UarUb6V/BTmlPkYmIDf+cbCr8TjicnES21u/x9irufxIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANDqnwAAAP//QF8kpg==") openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) 1.048039587s ago: executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000600)={{0x14}, [@NFT_MSG_NEWRULE={0x54, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x28, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_DREG={0x8}, @NFTA_EXTHDR_OP={0x8, 0x6, 0x1, 0x0, 0x3}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x7c}}, 0x0) 962.467894ms ago: executing program 0: socket$inet6(0xa, 0x3, 0x7) socket$inet6(0xa, 0x0, 0x7) r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000005c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r0, 0x3ba0, &(0x7f00000000c0)={0x48, 0x2, r1}) ioctl$IOMMU_VFIO_IOAS$SET(r0, 0x3b88, &(0x7f0000000000)={0xc, r1}) bpf$MAP_CREATE(0x0, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) syz_mount_image$bfs(&(0x7f00000000c0), &(0x7f0000000100)='./file0\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="a9210eac786cefd45963a092cda05a08544da347cdcd251c1b318644d97a8c44494e09d23402e1269eb4b137f68fa771cc28fa363a99aa5b0839862ea5c531d15f11c6c4c75de70286d59fc4c7"], 0x1, 0x8a, &(0x7f0000000180)="$eJzszqENAkEUBNDhDKhrAEEH1wOlECQ4FISEimiFEugAgcUcYsGsxCy5vJf8n0zGzO11XaZPxksyVg7H026zLz9MUpdknmSRZNWX/FiXbvbp78/z9nut9wIAAL/rMtR5aDYGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4A+9AwAA///rYCNS") unshare(0x4040600) sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, 0x0, 0x0) r2 = bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_LOOKUP_ELEM(0x4, &(0x7f00000000c0)={r2, &(0x7f0000000340), 0x0}, 0x20) ioctl$IOMMU_VFIO_SET_IOMMU(r0, 0x3b66, 0x1) r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f0000000040)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f00000003c0)={0x28, 0x0, r4, 0x0, &(0x7f0000ffd000/0x3000)=nil, 0x3000}) renameat2(0xffffffffffffff9c, 0x0, 0xffffffffffffffff, 0x0, 0x0) sendmsg$IPVS_CMD_GET_INFO(0xffffffffffffffff, 0x0, 0x0) inotify_init1(0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000180)={'wlan0\x00'}) r6 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff) r7 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000340)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r6, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000000)=ANY=[@ANYBLOB="98030000", @ANYRES16, @ANYBLOB="010028057000fcdbdf253b0000000800", @ANYRES32=r8, @ANYBLOB="04008e00080057001b0a000004"], 0x398}}, 0x0) 691.470801ms ago: executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=@framed, &(0x7f0000000100)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10) r1 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) read$dsp(r1, &(0x7f00000000c0)=""/108, 0x6c) ioctl$SNDCTL_DSP_SETFMT(r1, 0xc0045005, &(0x7f0000000a00)=0x8000) 553.316261ms ago: executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) socket$nl_route(0x10, 0x3, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64-generic\x00'}, 0x58) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001280)={0x18, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB="1800000000"], &(0x7f00000005c0)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='contention_end\x00'}, 0x10) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000000), 0xffffff6a) ioctl$FS_IOC_RESVSP(r2, 0x4030582b, &(0x7f00000001c0)={0x1100, 0x0, 0x80000000, 0x2a45}) openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r3 = openat$random(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) dup(r3) syz_open_procfs(0x0, 0x0) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) ioctl$FIBMAP(r2, 0x1, &(0x7f0000000080)) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) 0s ago: executing program 2: mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000000000)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) kernel console output (not intermixed with test programs): [ 526.301274][ T8] usb 6-1: SerialNumber: syz [ 526.358692][T13213] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 526.377437][ T8] cdc_acm 6-1:1.0: probe with driver cdc_acm failed with error -12 [ 526.471965][T13072] 8021q: adding VLAN 0 to HW filter on device team0 [ 526.484980][T13185] loop2: detected capacity change from 0 to 32768 [ 526.502671][T13185] btrfs: Deprecated parameter 'usebackuproot' [ 526.517233][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 526.524492][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 526.544674][T13185] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 526.574245][T13185] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor.2 (13185) [ 526.649902][ T5179] bridge0: port 2(bridge_slave_1) entered blocking state [ 526.657170][ T5179] bridge0: port 2(bridge_slave_1) entered forwarding state [ 526.687490][T13185] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 526.703009][T13185] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 526.711743][T13185] BTRFS info (device loop2): disk space caching is enabled [ 527.002269][ T11] BTRFS warning (device loop2): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0xc926492d level 0 [ 527.050123][T13185] BTRFS error (device loop2): failed to load root extent [ 527.058263][T13185] BTRFS warning (device loop2): try to load backup roots slot 1 [ 527.066426][ T11] BTRFS warning (device loop2): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x80379423 level 0 [ 527.067731][T13240] overlayfs: missing 'lowerdir' [ 527.080565][T13185] BTRFS warning (device loop2): couldn't read tree root [ 527.092464][T13185] BTRFS warning (device loop2): try to load backup roots slot 2 [ 527.108786][ T11] BTRFS error (device loop2): level verify failed on logical 5255168 mirror 1 wanted 0 found 1 [ 527.144311][T13185] BTRFS warning (device loop2): couldn't read tree root [ 527.151846][T13185] BTRFS warning (device loop2): try to load backup roots slot 3 [ 527.193362][ T5190] usb 6-1: USB disconnect, device number 7 [ 527.247798][T13185] BTRFS info (device loop2): rebuilding free space tree [ 527.300300][T13185] BTRFS info (device loop2): disabling free space tree [ 527.323434][T13185] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 527.343071][T13185] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 527.781102][T11513] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 527.859771][T13072] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 527.895463][T13260] netlink: 'syz-executor.3': attribute type 1 has an invalid length. [ 527.952918][T13260] netlink: 'syz-executor.3': attribute type 2 has an invalid length. [ 528.063302][T13264] loop1: detected capacity change from 0 to 1024 [ 528.085002][T13264] hfsplus: invalid uid specified [ 528.101581][T13264] hfsplus: unable to parse mount options [ 528.108914][T13072] veth0_vlan: entered promiscuous mode [ 528.163143][ T53] Bluetooth: hci6: command tx timeout [ 528.185207][T13072] veth1_vlan: entered promiscuous mode [ 528.304104][T13272] fuse: Bad value for 'fd' [ 528.395166][T13264] loop1: detected capacity change from 0 to 2048 [ 528.488433][T13272] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 528.777505][T13274] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 528.906935][T13072] veth0_macvtap: entered promiscuous mode [ 529.155399][T13278] loop2: detected capacity change from 0 to 512 [ 529.163840][T13278] EXT4-fs: Ignoring removed orlov option [ 529.169649][T13278] EXT4-fs: Ignoring removed nomblk_io_submit option [ 529.219543][T13278] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 529.221851][T13072] veth1_macvtap: entered promiscuous mode [ 529.309723][T13278] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 529.323189][T13278] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=c040e128, mo2=0002] [ 529.331972][T13278] EXT4-fs (loop2): orphan cleanup on readonly fs [ 529.375505][T13072] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 529.387507][T13278] Quota error (device loop2): v2_read_header: Failed header read: expected=8 got=0 [ 529.400498][T13278] EXT4-fs warning (device loop2): ext4_enable_quotas:7078: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 529.410182][T13072] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 529.441692][T13278] EXT4-fs (loop2): Cannot turn on quotas: error -22 [ 529.461153][T13072] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 529.507583][T13072] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 529.523635][T13278] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz-executor.2: bg 0: block 40: padding at end of block bitmap is not set [ 529.539285][T13072] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 529.586381][T13278] EXT4-fs (loop2): Remounting filesystem read-only [ 529.592245][T13072] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 529.609020][T13278] EXT4-fs (loop2): 1 truncate cleaned up [ 529.631559][T13278] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 529.633355][T13072] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 529.657555][T13292] loop4: detected capacity change from 0 to 256 [ 529.706952][T13072] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 529.722053][T13292] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d) [ 529.745324][T13072] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 529.794797][T13072] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 529.804394][T13294] overlayfs: missing 'lowerdir' [ 529.805692][T13296] x_tables: duplicate underflow at hook 4 [ 529.838661][T13072] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 529.872407][T13072] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 529.896183][T13072] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 529.953486][T13072] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 529.985311][T13072] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 530.014081][T13072] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 530.017262][T13267] loop5: detected capacity change from 0 to 32768 [ 530.035113][T13072] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 530.057527][T13072] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 530.093195][T13072] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 530.124736][T13072] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 530.159792][T13072] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 530.191291][T13072] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 530.227736][T13072] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 530.289586][T13267] XFS (loop5): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 530.315180][T13072] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 530.343513][T13072] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 530.443771][T13072] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 530.582506][T13072] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 530.630866][T13072] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 530.644152][T13321] loop4: detected capacity change from 0 to 64 [ 530.693108][T13072] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 530.701885][T13072] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 530.724964][T13323] netlink: 'syz-executor.1': attribute type 29 has an invalid length. [ 530.769562][T13323] netlink: 'syz-executor.1': attribute type 29 has an invalid length. [ 530.966971][T11513] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 531.723798][T13325] netlink: 'syz-executor.1': attribute type 29 has an invalid length. [ 531.745922][T13267] XFS (loop5): Ending clean mount [ 532.096303][T13267] XFS (loop5): Quotacheck needed: Please wait. [ 532.860917][T13267] XFS (loop5): Quotacheck: Done. [ 532.937189][T11421] XFS (loop5): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 533.072101][ T2478] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 533.075809][T13337] netlink: 'syz-executor.3': attribute type 1 has an invalid length. [ 533.091161][T13337] netlink: 'syz-executor.3': attribute type 2 has an invalid length. [ 533.469544][ T2478] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 533.894837][ T2478] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 534.027399][T13361] loop1: detected capacity change from 0 to 64 [ 534.349717][ T2478] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 535.145198][ T5120] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 535.160060][ T5120] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 535.169465][ T5120] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 535.178112][ T5120] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 535.186625][ T5120] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 535.194307][ T5120] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 535.400090][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 535.452988][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 535.515357][ T29] audit: type=1804 audit(1716910182.519:2346): pid=13382 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="bus" dev="sda1" ino=1966 res=1 errno=0 [ 535.722769][ T2478] bridge_slave_1: left allmulticast mode [ 535.744167][ T2478] bridge_slave_1: left promiscuous mode [ 535.761058][ T2478] bridge0: port 2(bridge_slave_1) entered disabled state [ 535.814581][ T2478] bridge_slave_0: left allmulticast mode [ 535.829173][ T2478] bridge_slave_0: left promiscuous mode [ 535.847893][ T2478] bridge0: port 1(bridge_slave_0) entered disabled state [ 535.862089][ T5190] libceph: connect (1)[c::]:6789 error -101 [ 535.900605][ T5190] libceph: mon0 (1)[c::]:6789 connect error [ 536.047265][T13368] loop4: detected capacity change from 0 to 32768 [ 536.076476][T13368] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor.4 (13368) [ 536.120933][T13368] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 536.136081][T13368] BTRFS info (device loop4): using sha256 (sha256-ni) checksum algorithm [ 536.148501][T13368] BTRFS info (device loop4): using free-space-tree [ 536.260595][ T5178] libceph: connect (1)[c::]:6789 error -101 [ 536.293058][ T5178] libceph: mon0 (1)[c::]:6789 connect error [ 536.318182][T11413] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 536.620300][T13392] ceph: No mds server is up or the cluster is laggy [ 536.809998][T13397] loop1: detected capacity change from 0 to 40427 [ 536.837624][T13397] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 536.846346][T13397] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 536.899406][T13397] F2FS-fs (loop1): Found nat_bits in checkpoint [ 537.050041][T13397] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 537.071463][T13397] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 537.285780][ T53] Bluetooth: hci5: command tx timeout [ 537.486918][ T29] audit: type=1800 audit(1716910184.489:2347): pid=13432 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file1" dev="loop1" ino=10 res=0 errno=0 [ 537.534839][ T2478] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 537.558968][ T2478] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 537.574393][ T2478] bond0 (unregistering): Released all slaves [ 537.600347][ T62] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 537.622834][ T62] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 538.487965][ T2478] hsr_slave_0: left promiscuous mode [ 538.509813][ T2478] hsr_slave_1: left promiscuous mode [ 538.528613][T13397] syz-executor.1 (13397): drop_caches: 2 [ 538.556791][ T2478] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 538.576281][ T2478] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 538.610453][ T2478] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 538.628737][ T2478] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 538.766152][ T2478] veth1_macvtap: left promiscuous mode [ 538.772192][ T2478] veth0_macvtap: left promiscuous mode [ 538.800965][ T2478] veth1_vlan: left promiscuous mode [ 538.823052][ T2478] veth0_vlan: left promiscuous mode [ 539.364090][ T53] Bluetooth: hci5: command tx timeout [ 540.238777][T13497] loop4: detected capacity change from 0 to 2048 [ 540.329016][T13497] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 540.351476][T13497] ext4 filesystem being mounted at /root/syzkaller-testdir3845080076/syzkaller.z0xDcf/131/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 540.479229][T11413] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 540.973664][ T2478] team0 (unregistering): Port device team_slave_1 removed [ 541.065949][ T2478] team0 (unregistering): Port device team_slave_0 removed [ 541.450560][ T53] Bluetooth: hci5: command tx timeout [ 541.800756][T13510] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 541.999348][T13496] vti0: entered promiscuous mode [ 542.015724][T13496] vti0: entered allmulticast mode [ 542.032376][T13373] chnl_net:caif_netlink_parms(): no params data found [ 542.550769][T13373] bridge0: port 1(bridge_slave_0) entered blocking state [ 542.568851][T13373] bridge0: port 1(bridge_slave_0) entered disabled state [ 542.617865][T13373] bridge_slave_0: entered allmulticast mode [ 542.643351][T13373] bridge_slave_0: entered promiscuous mode [ 542.703297][T13373] bridge0: port 2(bridge_slave_1) entered blocking state [ 542.763295][T13373] bridge0: port 2(bridge_slave_1) entered disabled state [ 542.771016][T13373] bridge_slave_1: entered allmulticast mode [ 542.772275][T13539] loop1: detected capacity change from 0 to 1024 [ 542.807907][T13373] bridge_slave_1: entered promiscuous mode [ 542.879786][T13539] syz-executor.1: attempt to access beyond end of device [ 542.879786][T13539] loop1: rw=2057, sector=262, nr_sectors = 65274 limit=1024 [ 542.902177][T13539] syz-executor.1: attempt to access beyond end of device [ 542.902177][T13539] loop1: rw=1, sector=262, nr_sectors = 2048 limit=1024 [ 542.941188][T13542] vti0: entered promiscuous mode [ 542.967923][T13542] vti0: entered allmulticast mode [ 542.996430][T13539] syz-executor.1: attempt to access beyond end of device [ 542.996430][T13539] loop1: rw=1, sector=2310, nr_sectors = 2048 limit=1024 [ 543.046902][T13539] syz-executor.1: attempt to access beyond end of device [ 543.046902][T13539] loop1: rw=1, sector=4358, nr_sectors = 2048 limit=1024 [ 543.068556][T13539] syz-executor.1: attempt to access beyond end of device [ 543.068556][T13539] loop1: rw=1, sector=6406, nr_sectors = 2048 limit=1024 [ 543.103537][T13373] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 543.132015][T13539] syz-executor.1: attempt to access beyond end of device [ 543.132015][T13539] loop1: rw=1, sector=8454, nr_sectors = 2048 limit=1024 [ 543.151447][T13373] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 543.165406][ T29] audit: type=1326 audit(1716910190.169:2348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13547 comm="syz-executor.4" exe="/root/syz-executor.4" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff39fc7cee9 code=0x0 [ 543.253020][T13539] syz-executor.1: attempt to access beyond end of device [ 543.253020][T13539] loop1: rw=1, sector=10502, nr_sectors = 2048 limit=1024 [ 543.295471][T13539] syz-executor.1: attempt to access beyond end of device [ 543.295471][T13539] loop1: rw=1, sector=12550, nr_sectors = 2048 limit=1024 [ 543.330198][T13539] syz-executor.1: attempt to access beyond end of device [ 543.330198][T13539] loop1: rw=1, sector=14598, nr_sectors = 2048 limit=1024 [ 543.353609][T13539] syz-executor.1: attempt to access beyond end of device [ 543.353609][T13539] loop1: rw=1, sector=16646, nr_sectors = 2048 limit=1024 [ 543.397943][T13373] team0: Port device team_slave_0 added [ 543.421145][T13373] team0: Port device team_slave_1 added [ 543.457464][ T29] audit: type=1800 audit(1716910190.459:2349): pid=13559 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=1973 res=0 errno=0 [ 543.515818][ T29] audit: type=1800 audit(1716910190.479:2350): pid=13559 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=1973 res=0 errno=0 [ 543.523725][ T53] Bluetooth: hci5: command tx timeout [ 543.624421][T13373] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 543.631863][T13539] loop1: detected capacity change from 0 to 1024 [ 543.661783][T13373] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 543.738705][T13373] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 543.782090][T13373] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 543.805284][T13373] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 543.894718][T13373] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 544.150390][T13373] hsr_slave_0: entered promiscuous mode [ 544.226314][T13373] hsr_slave_1: entered promiscuous mode [ 544.241455][T13373] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 544.257442][T13582] loop1: detected capacity change from 0 to 512 [ 544.267037][T13373] Cannot create hsr debugfs directory [ 544.281674][T13582] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=8002c128, mo2=0102] [ 544.309517][T13582] EXT4-fs (loop1): orphan cleanup on readonly fs [ 544.328713][T13583] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 544.361954][T13582] Quota error (device loop1): find_tree_dqentry: Cycle in quota tree detected: block 3 index 0 [ 544.415845][T13582] Quota error (device loop1): qtree_read_dquot: Can't read quota structure for id 0 [ 544.473177][T13582] EXT4-fs error (device loop1): ext4_acquire_dquot:6860: comm syz-executor.1: Failed to acquire dquot type 1 [ 544.510218][T13582] EXT4-fs (loop1): Remounting filesystem read-only [ 544.539419][T13582] EXT4-fs (loop1): 1 orphan inode deleted [ 544.561895][T13582] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 544.606075][ T29] audit: type=1326 audit(1716910191.609:2351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13595 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc86c87cee9 code=0x7ffc0000 [ 544.667364][T13582] netlink: 'syz-executor.1': attribute type 1 has an invalid length. [ 544.668526][ T29] audit: type=1326 audit(1716910191.609:2352): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13595 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc86c87cee9 code=0x7ffc0000 [ 544.728168][T13600] loop5: detected capacity change from 0 to 1024 [ 544.762940][ T29] audit: type=1326 audit(1716910191.609:2353): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13595 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc86c87cee9 code=0x7ffc0000 [ 544.827862][ T29] audit: type=1326 audit(1716910191.609:2354): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13595 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc86c87cee9 code=0x7ffc0000 [ 544.831739][T12663] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 544.895318][ T29] audit: type=1326 audit(1716910191.609:2355): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13595 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc86c87cee9 code=0x7ffc0000 [ 545.095247][T13600] loop5: detected capacity change from 0 to 1024 [ 545.935670][T13373] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 545.974344][T13373] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 546.017014][T13373] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 546.048251][T13373] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 546.315314][T13640] loop1: detected capacity change from 0 to 1024 [ 546.401438][T13644] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 546.402724][T13373] 8021q: adding VLAN 0 to HW filter on device bond0 [ 546.517227][T13640] loop1: detected capacity change from 0 to 1024 [ 546.517911][T13373] 8021q: adding VLAN 0 to HW filter on device team0 [ 546.548004][ T5174] bridge0: port 1(bridge_slave_0) entered blocking state [ 546.555329][ T5174] bridge0: port 1(bridge_slave_0) entered forwarding state [ 546.575670][T13643] hub 6-0:1.0: USB hub found [ 546.586747][T13643] hub 6-0:1.0: 1 port detected [ 546.635451][ T5174] bridge0: port 2(bridge_slave_1) entered blocking state [ 546.642749][ T5174] bridge0: port 2(bridge_slave_1) entered forwarding state [ 546.740383][T13373] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 546.800185][T13647] usb usb2: check_ctrlrecip: process 13647 (syz-executor.0) requesting ep 01 but needs 81 [ 546.841614][T13647] usb usb2: usbfs: process 13647 (syz-executor.0) did not claim interface 0 before use [ 547.073263][T13652] loop4: detected capacity change from 0 to 2048 [ 547.120257][T13621] loop5: detected capacity change from 0 to 40427 [ 547.163408][T13621] F2FS-fs (loop5): Invalid Fs Meta Ino: node(0) meta(2) root(0) [ 547.172361][T13652] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 547.181098][T13621] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 547.196933][T13621] F2FS-fs (loop5): invalid crc value [ 547.223278][T13652] ext4 filesystem being mounted at /root/syzkaller-testdir3845080076/syzkaller.z0xDcf/145/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 547.253160][T13621] F2FS-fs (loop5): Found nat_bits in checkpoint [ 547.426648][T11413] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 547.435193][T13373] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 547.551917][T13621] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 547.575759][T13621] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e4 [ 547.637470][T13373] veth0_vlan: entered promiscuous mode [ 547.697319][T13373] veth1_vlan: entered promiscuous mode [ 547.699004][T13676] loop4: detected capacity change from 0 to 512 [ 547.722524][T13677] loop1: detected capacity change from 0 to 512 [ 547.769742][T13676] EXT4-fs (loop4): orphan cleanup on readonly fs [ 547.822354][T13373] veth0_macvtap: entered promiscuous mode [ 547.847591][T13676] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz-executor.4: bg 0: block 248: padding at end of block bitmap is not set [ 547.913333][T13677] EXT4-fs (loop1): orphan cleanup on readonly fs [ 547.929489][T13373] veth1_macvtap: entered promiscuous mode [ 547.953595][T11421] bio_check_eod: 89 callbacks suppressed [ 547.953623][T11421] syz-executor.5: attempt to access beyond end of device [ 547.953623][T11421] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 547.964615][T13677] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz-executor.1: bg 0: block 248: padding at end of block bitmap is not set [ 547.981316][T11421] F2FS-fs (loop5): Stopped filesystem due to reason: 3 [ 548.024200][T13676] EXT4-fs error (device loop4): ext4_acquire_dquot:6860: comm syz-executor.4: Failed to acquire dquot type 1 [ 548.045450][T13373] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 548.077137][T13676] EXT4-fs (loop4): 1 truncate cleaned up [ 548.094840][T13373] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 548.105376][T13677] EXT4-fs error (device loop1): ext4_acquire_dquot:6860: comm syz-executor.1: Failed to acquire dquot type 1 [ 548.115341][T13676] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 548.133418][T13677] EXT4-fs (loop1): 1 truncate cleaned up [ 548.141565][T13373] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 548.164863][T13677] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 548.180888][T13373] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 548.204131][T13373] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 548.227154][T13373] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 548.254587][T13373] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 548.268869][T13373] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 548.279906][T13373] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 548.295435][T13373] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 548.305885][T13373] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 548.316681][T13373] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 548.330331][T13373] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 548.370882][T13373] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 548.399285][T13373] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 548.420759][T13373] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 548.440652][T13373] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 548.462277][T13373] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 548.484487][ T5174] usb 5-1: new full-speed USB device number 9 using dummy_hcd [ 548.493038][T13373] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 548.516077][T13373] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 548.540651][T13373] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 548.550788][ T5178] usb 2-1: new full-speed USB device number 9 using dummy_hcd [ 548.570893][T13373] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 548.597948][T13373] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 548.617698][T13373] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 548.637168][T13373] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 548.659633][T13373] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 548.677117][ T5174] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 4 [ 548.684609][T13373] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 548.698769][T13373] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 548.711072][ T5174] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 3323, setting to 1023 [ 548.711167][T13373] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 548.729652][ T5174] usb 5-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 548.740310][ T5174] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 548.742159][T13373] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 548.766751][ T5178] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 4 [ 548.781323][ T5178] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 3323, setting to 1023 [ 548.793033][ T5174] usb 5-1: Product: syz [ 548.807254][ T5174] usb 5-1: Manufacturer: syz [ 548.832982][ T5174] usb 5-1: SerialNumber: syz [ 548.835012][ T5178] usb 2-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 548.844250][ T5174] usb 5-1: config 0 descriptor?? [ 548.866309][ T5178] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 548.884618][ T5178] usb 2-1: Product: syz [ 548.887774][ T5174] input: syz syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input21 [ 548.889017][ T5178] usb 2-1: Manufacturer: syz [ 548.950013][ T5178] usb 2-1: SerialNumber: syz [ 548.977423][ T5178] usb 2-1: config 0 descriptor?? [ 549.001196][ T5178] input: syz syz as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input22 [ 549.081238][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 549.097109][ T5178] usb 5-1: USB disconnect, device number 9 [ 549.121814][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 549.223985][ T5190] usb 2-1: USB disconnect, device number 9 [ 549.249271][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 549.265983][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 549.664576][ T29] kauditd_printk_skb: 51 callbacks suppressed [ 549.664601][ T29] audit: type=1800 audit(1716910196.659:2403): pid=13705 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="bus" dev="sda1" ino=1942 res=0 errno=0 [ 549.688786][T13705] loop5: detected capacity change from 0 to 1024 [ 549.709575][ T29] audit: type=1800 audit(1716910196.659:2404): pid=13705 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="bus" dev="sda1" ino=1942 res=0 errno=0 [ 549.747106][T11413] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 549.825774][T12663] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 549.992082][T13713] RDS: rds_bind could not find a transport for ::4000:20:0:0, load rds_tcp or rds_rdma? [ 550.175161][T13724] netlink: 209852 bytes leftover after parsing attributes in process `syz-executor.3'. [ 550.197879][T13724] openvswitch: netlink: Tunnel attr 8192 out of range max 16 [ 550.603514][T13742] binder: 13739:13742 ioctl c0046209 0 returned -22 [ 550.667789][T13744] netlink: 400 bytes leftover after parsing attributes in process `syz-executor.0'. [ 550.701394][ T29] audit: type=1800 audit(1716910197.689:2405): pid=13746 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=1978 res=0 errno=0 [ 550.727149][T13744] caif0 speed is unknown, defaulting to 1000 [ 550.738609][T13743] netlink: 400 bytes leftover after parsing attributes in process `syz-executor.4'. [ 550.781771][T13744] caif0 speed is unknown, defaulting to 1000 [ 550.789538][T13743] rdma_rxe: rxe_newlink: failed to add caif0 [ 550.804157][T13746] loop1: detected capacity change from 0 to 1024 [ 550.812924][ T29] audit: type=1800 audit(1716910197.729:2406): pid=13746 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=1978 res=0 errno=0 [ 550.830448][T13744] caif0 speed is unknown, defaulting to 1000 [ 551.767231][T13744] infiniband syz0: set down [ 551.776582][ T5178] caif0 speed is unknown, defaulting to 1000 [ 551.796647][T13744] infiniband syz0: added caif0 [ 551.839219][T13744] syz0: rxe_create_cq: returned err = -12 [ 551.864089][T13744] infiniband syz0: Couldn't create ib_mad CQ [ 551.885950][T13744] infiniband syz0: Couldn't open port 1 [ 552.017350][T13774] binder: 13773:13774 ioctl c0046209 0 returned -22 [ 552.060776][T13744] RDS/IB: syz0: added [ 552.094808][T13744] smc: adding ib device syz0 with port count 1 [ 552.113419][T13744] smc: ib device syz0 port 1 has pnetid [ 552.125255][ T5190] caif0 speed is unknown, defaulting to 1000 [ 552.157936][T13744] caif0 speed is unknown, defaulting to 1000 [ 552.238028][ T29] audit: type=1804 audit(1716910199.239:2407): pid=13777 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir3493257445/syzkaller.UEXHBL/52/bus/file0" dev="overlay" ino=1961 res=1 errno=0 [ 552.981058][T13744] caif0 speed is unknown, defaulting to 1000 [ 553.080427][T13785] loop5: detected capacity change from 0 to 512 [ 553.119381][T13785] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=8002c128, mo2=0102] [ 553.154051][T13785] EXT4-fs (loop5): orphan cleanup on readonly fs [ 553.169331][T13785] Quota error (device loop5): find_tree_dqentry: Cycle in quota tree detected: block 3 index 0 [ 553.233132][T13785] Quota error (device loop5): qtree_read_dquot: Can't read quota structure for id 0 [ 553.298192][T13785] EXT4-fs error (device loop5): ext4_acquire_dquot:6860: comm syz-executor.5: Failed to acquire dquot type 1 [ 553.353184][T13785] EXT4-fs (loop5): Remounting filesystem read-only [ 553.365926][T13785] EXT4-fs (loop5): 1 orphan inode deleted [ 553.394078][T13785] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 553.513057][T13785] netlink: 'syz-executor.5': attribute type 1 has an invalid length. [ 553.524490][T13781] loop4: detected capacity change from 0 to 32768 [ 553.558196][T13781] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor.4 (13781) [ 553.636978][T13781] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 553.669802][T11421] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 553.688520][T13781] BTRFS info (device loop4): using sha256 (sha256-ni) checksum algorithm [ 553.740683][T13781] BTRFS info (device loop4): using free-space-tree [ 553.859584][T13783] loop1: detected capacity change from 0 to 32768 [ 553.890823][T13744] caif0 speed is unknown, defaulting to 1000 [ 553.916412][T13783] bcachefs (/dev/loop1): error reading default superblock: checksum error, type crc32c_nonzero: got 2859f616 should be 29d2fb78 [ 554.101651][T13783] bcachefs (1e246536-b1b3-4f86-83c2-3dfcc2979a4c): filesystem UUID already open [ 554.154355][T13783] bcachefs (1e246536-b1b3-4f86-83c2-3dfcc2979a4c): shutdown complete [ 554.579320][T11413] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 554.769230][T13817] loop5: detected capacity change from 0 to 512 [ 554.803772][T13744] caif0 speed is unknown, defaulting to 1000 [ 554.924236][T13817] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=8002c128, mo2=0102] [ 554.950117][T13817] EXT4-fs (loop5): orphan cleanup on readonly fs [ 555.011732][T13817] Quota error (device loop5): find_tree_dqentry: Cycle in quota tree detected: block 3 index 0 [ 555.033057][T13817] Quota error (device loop5): qtree_read_dquot: Can't read quota structure for id 0 [ 555.074635][T13817] EXT4-fs error (device loop5): ext4_acquire_dquot:6860: comm syz-executor.5: Failed to acquire dquot type 1 [ 555.144738][T13817] EXT4-fs (loop5): Remounting filesystem read-only [ 555.183313][T13817] EXT4-fs (loop5): 1 orphan inode deleted [ 555.191220][T13817] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 555.260959][T13817] netlink: 'syz-executor.5': attribute type 1 has an invalid length. [ 555.410687][T11421] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 555.754318][T13744] caif0 speed is unknown, defaulting to 1000 [ 556.055324][T13831] netlink: 400 bytes leftover after parsing attributes in process `syz-executor.5'. [ 556.132873][T13833] binder: 13832:13833 ioctl c0046209 0 returned -22 [ 556.479065][T13835] loop1: detected capacity change from 0 to 2048 [ 556.481435][T13744] caif0 speed is unknown, defaulting to 1000 [ 556.570223][T13835] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 557.326521][T13744] caif0 speed is unknown, defaulting to 1000 [ 557.501440][T12663] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 557.893424][T13831] rdma_rxe: rxe_newlink: failed to add caif0 [ 557.919134][ T5120] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 557.938809][ T5120] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 557.960326][ T5120] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 557.982626][ T5120] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 558.018422][ T5120] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 558.031347][ T5120] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 558.389638][ T12] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 558.722228][ T12] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 558.817687][T13841] caif0 speed is unknown, defaulting to 1000 [ 559.040715][ T12] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 559.101469][ T29] audit: type=1804 audit(1716910206.099:2408): pid=13861 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir293694475/syzkaller.n66s33/25/cgroup.controllers" dev="sda1" ino=1967 res=1 errno=0 [ 559.345704][T13850] loop5: detected capacity change from 0 to 32768 [ 559.368944][ T12] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 559.382299][T13850] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop5 (7:5) scanned by syz-executor.5 (13850) [ 559.425134][T13850] BTRFS info (device loop5): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 559.462414][T13850] BTRFS info (device loop5): using sha256 (sha256-ni) checksum algorithm [ 559.492946][T13850] BTRFS info (device loop5): using free-space-tree [ 559.613020][ T5179] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 559.719959][T13873] 9pnet_fd: Insufficient options for proto=fd [ 559.815293][ T5179] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 559.833231][ T5179] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 559.843356][ T5179] usb 2-1: New USB device found, idVendor=05ac, idProduct=022a, bcdDevice=10.00 [ 559.852565][ T5179] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 559.865019][ T5179] usb 2-1: config 0 descriptor?? [ 560.083364][ T53] Bluetooth: hci3: command tx timeout [ 560.119388][ T5179] appletouch 2-1:0.0: Failed to read mode from device. [ 560.134063][ T12] bridge_slave_1: left allmulticast mode [ 560.140092][ T5179] appletouch 2-1:0.0: probe with driver appletouch failed with error -5 [ 560.148826][ T12] bridge_slave_1: left promiscuous mode [ 560.155878][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 560.166783][ T5179] usb 2-1: USB disconnect, device number 10 [ 560.190715][ T12] bridge_slave_0: left allmulticast mode [ 560.214359][ T12] bridge_slave_0: left promiscuous mode [ 560.221331][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 560.230054][T11421] BTRFS info (device loop5): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 560.277038][T13865] loop2: detected capacity change from 0 to 32768 [ 560.347918][T13865] ERROR: (device loop2): dbAllocNext: Corrupt dmap page [ 560.347918][T13865] [ 560.397948][T13865] ialloc: diAlloc returned -5! [ 560.885024][ T29] audit: type=1326 audit(1716910207.879:2409): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13893 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f997ac7cee9 code=0x7ffc0000 [ 560.999987][ T29] audit: type=1326 audit(1716910207.879:2410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13893 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=79 compat=0 ip=0x7f997ac7cee9 code=0x7ffc0000 [ 561.123390][ T29] audit: type=1326 audit(1716910207.879:2411): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13893 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f997ac7cee9 code=0x7ffc0000 [ 562.163027][ T53] Bluetooth: hci3: command tx timeout [ 562.509025][T13899] loop5: detected capacity change from 0 to 32768 [ 562.575693][ T1242] ieee802154 phy0 wpan0: encryption failed: -22 [ 562.582143][ T1242] ieee802154 phy1 wpan1: encryption failed: -22 [ 562.605643][T13899] loop5: p1 p9 p11 [ 562.990251][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 563.021806][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 563.061256][ T12] bond0 (unregistering): Released all slaves [ 563.105264][ T29] audit: type=1804 audit(1716910210.109:2412): pid=13912 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir293694475/syzkaller.n66s33/27/cgroup.controllers" dev="sda1" ino=1973 res=1 errno=0 [ 563.442185][T13841] chnl_net:caif_netlink_parms(): no params data found [ 564.243030][ T53] Bluetooth: hci3: command tx timeout [ 564.451230][T13927] dccp_close: ABORT with 8 bytes unread [ 564.451271][T13841] bridge0: port 1(bridge_slave_0) entered blocking state [ 564.495366][T13841] bridge0: port 1(bridge_slave_0) entered disabled state [ 564.532873][T13841] bridge_slave_0: entered allmulticast mode [ 564.540683][T13841] bridge_slave_0: entered promiscuous mode [ 564.630618][ T29] audit: type=1326 audit(1716910211.629:2413): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13929 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f738827cee9 code=0x7ffc0000 [ 564.671667][ T12] hsr_slave_0: left promiscuous mode [ 564.708084][ T12] hsr_slave_1: left promiscuous mode [ 564.742690][ T29] audit: type=1326 audit(1716910211.659:2414): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13929 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f738827cee9 code=0x7ffc0000 [ 564.766291][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 564.789055][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 564.823067][ T29] audit: type=1326 audit(1716910211.659:2415): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13929 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=79 compat=0 ip=0x7f738827cee9 code=0x7ffc0000 [ 564.849445][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 564.863046][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 564.905900][ T29] audit: type=1326 audit(1716910211.659:2416): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13929 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f738827cee9 code=0x7ffc0000 [ 564.961876][ T12] veth1_macvtap: left promiscuous mode [ 564.968857][ T29] audit: type=1326 audit(1716910211.659:2417): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13929 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f738827cee9 code=0x7ffc0000 [ 565.008600][ T12] veth0_macvtap: left promiscuous mode [ 565.027592][ T12] veth1_vlan: left promiscuous mode [ 565.043768][ T12] veth0_vlan: left promiscuous mode [ 566.323170][ T53] Bluetooth: hci3: command tx timeout [ 566.397371][T13944] loop1: detected capacity change from 0 to 512 [ 566.465662][T13944] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem [ 566.597487][T13944] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2234: inode #15: comm syz-executor.1: corrupted in-inode xattr: e_value out of bounds [ 566.735677][T13944] EXT4-fs (loop1): Remounting filesystem read-only [ 566.756867][T13944] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 566.951396][T12663] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 567.309962][ T29] audit: type=1804 audit(1716910214.309:2418): pid=13954 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir293694475/syzkaller.n66s33/33/cgroup.controllers" dev="sda1" ino=1965 res=1 errno=0 [ 567.672496][T13943] loop5: detected capacity change from 0 to 32768 [ 567.774638][T13943] loop5: p1 p9 p11 [ 568.585960][ T12] team0 (unregistering): Port device team_slave_1 removed [ 568.892298][ T12] team0 (unregistering): Port device team_slave_0 removed [ 568.989538][ T29] audit: type=1326 audit(1716910215.989:2419): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13964 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f738827cee9 code=0x7ffc0000 [ 569.060929][ T29] audit: type=1326 audit(1716910215.989:2420): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13964 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f738827cee9 code=0x7ffc0000 [ 569.140997][ T29] audit: type=1326 audit(1716910216.019:2421): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13964 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=79 compat=0 ip=0x7f738827cee9 code=0x7ffc0000 [ 569.175331][ T29] audit: type=1326 audit(1716910216.019:2422): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13964 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f738827cee9 code=0x7ffc0000 [ 569.211731][ T29] audit: type=1326 audit(1716910216.019:2423): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13964 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f738827cee9 code=0x7ffc0000 [ 571.349966][T13975] loop2: detected capacity change from 0 to 32768 [ 571.498678][T13975] ERROR: (device loop2): dbAllocNext: Corrupt dmap page [ 571.498678][T13975] [ 571.527673][T13975] ialloc: diAlloc returned -5! [ 571.593913][T13841] bridge0: port 2(bridge_slave_1) entered blocking state [ 571.601152][T13841] bridge0: port 2(bridge_slave_1) entered disabled state [ 571.645420][T13841] bridge_slave_1: entered allmulticast mode [ 571.671603][T13841] bridge_slave_1: entered promiscuous mode [ 571.833091][ T29] audit: type=1326 audit(1716910218.829:2424): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13986 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f738827cee9 code=0x7ffc0000 [ 571.933137][ T29] audit: type=1326 audit(1716910218.829:2425): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13986 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f738827cee9 code=0x7ffc0000 [ 571.996852][ T29] audit: type=1326 audit(1716910218.829:2426): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13986 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=79 compat=0 ip=0x7f738827cee9 code=0x7ffc0000 [ 572.130798][ T29] audit: type=1326 audit(1716910218.829:2427): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13986 comm="syz-executor.5" exe="/root/syz-executor.5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f738827cee9 code=0x7ffc0000 [ 572.179767][T13841] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 572.259895][T13841] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 572.427024][T13841] team0: Port device team_slave_0 added [ 572.479316][T13841] team0: Port device team_slave_1 added [ 572.762976][T14006] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.5'. [ 572.835482][T13841] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 572.842482][T13841] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 572.899752][T13841] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 572.954768][T13841] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 572.987821][T13841] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 573.085590][T13841] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 573.679046][T13841] hsr_slave_0: entered promiscuous mode [ 573.735611][T13841] hsr_slave_1: entered promiscuous mode [ 573.769915][T13841] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 573.823965][T13841] Cannot create hsr debugfs directory [ 573.955497][ T5120] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 573.970559][ T5120] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 573.981957][ T5120] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 573.997602][ T5120] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 574.023371][ T5120] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 574.042412][ T5120] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 574.232942][ T8] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 574.459218][ T8] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 255, changing to 11 [ 574.564711][ T8] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xFF has invalid maxpacket 59391, setting to 1024 [ 574.623220][ T8] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 574.687985][ T8] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 574.731077][ T8] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 574.797058][ T8] usb 1-1: config 0 descriptor?? [ 574.830320][ T12] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 574.847521][T14029] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 575.076419][T14029] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 575.093434][T14029] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 575.358021][ T5120] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 575.374496][ T5120] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 575.386317][ T5120] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 575.396155][ T8] plantronics 0003:047F:FFFF.0006: unknown main item tag 0xd [ 575.409447][ T12] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 575.421774][ T8] plantronics 0003:047F:FFFF.0006: No inputs registered, leaving [ 575.435443][ T5120] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 575.443936][ T5120] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 575.451556][ T5120] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 575.525442][T14030] caif0 speed is unknown, defaulting to 1000 [ 575.539719][ T8] plantronics 0003:047F:FFFF.0006: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 575.654116][ T12] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 575.721732][ T5174] usb 1-1: USB disconnect, device number 5 [ 575.936505][ T12] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 576.083204][ T53] Bluetooth: hci0: command tx timeout [ 576.088255][T14035] caif0 speed is unknown, defaulting to 1000 [ 576.435095][ T5178] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 576.490649][ T12] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 576.647045][ T5178] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 576.659985][ T5178] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 576.661645][ T12] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 576.677332][ T5178] usb 6-1: New USB device found, idVendor=05ac, idProduct=022a, bcdDevice=10.00 [ 576.694571][ T5178] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 576.709333][ T5178] usb 6-1: config 0 descriptor?? [ 576.783331][ T5190] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 576.812672][ T12] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 576.942415][ T5178] appletouch 6-1:0.0: Failed to read mode from device. [ 576.969162][ T5178] appletouch 6-1:0.0: probe with driver appletouch failed with error -5 [ 576.986703][ T12] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 576.987191][ T5178] usb 6-1: USB disconnect, device number 8 [ 577.006483][ T5190] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 255, changing to 11 [ 577.024318][ T5190] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xFF has invalid maxpacket 59391, setting to 1024 [ 577.039155][ T5190] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 577.052584][ T5190] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 577.062055][ T5190] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 577.092112][T14030] chnl_net:caif_netlink_parms(): no params data found [ 577.104750][ T5190] usb 1-1: config 0 descriptor?? [ 577.110655][T14049] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 577.196567][T13841] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 577.248980][T13841] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 577.261498][T13841] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 577.294906][T13841] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 577.327311][T14049] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 577.350045][T14049] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 577.517105][T14030] bridge0: port 1(bridge_slave_0) entered blocking state [ 577.524736][ T53] Bluetooth: hci5: command tx timeout [ 577.547624][T14030] bridge0: port 1(bridge_slave_0) entered disabled state [ 577.556699][T14030] bridge_slave_0: entered allmulticast mode [ 577.575849][T14030] bridge_slave_0: entered promiscuous mode [ 577.585460][ T5190] plantronics 0003:047F:FFFF.0007: unknown main item tag 0xd [ 577.605277][ T5190] plantronics 0003:047F:FFFF.0007: No inputs registered, leaving [ 577.629069][ T5190] plantronics 0003:047F:FFFF.0007: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 577.696217][T14030] bridge0: port 2(bridge_slave_1) entered blocking state [ 577.714323][T14030] bridge0: port 2(bridge_slave_1) entered disabled state [ 577.721772][T14030] bridge_slave_1: entered allmulticast mode [ 577.753696][T14030] bridge_slave_1: entered promiscuous mode [ 577.784657][T14068] loop5: detected capacity change from 0 to 1024 [ 577.807482][T14070] overlayfs: failed to clone upperpath [ 577.829486][T14068] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a843c118, mo2=0002] [ 577.841224][T14068] System zones: 0-1, 3-12 [ 577.856852][T14068] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 577.893379][ T5174] usb 1-1: USB disconnect, device number 6 [ 578.058139][ T12] bridge_slave_1: left allmulticast mode [ 578.068404][ T12] bridge_slave_1: left promiscuous mode [ 578.078811][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 578.099822][ T12] bridge_slave_0: left allmulticast mode [ 578.108160][ T12] bridge_slave_0: left promiscuous mode [ 578.114503][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 578.134414][ T12] bridge_slave_1: left allmulticast mode [ 578.156395][ T12] bridge_slave_1: left promiscuous mode [ 578.163681][ T53] Bluetooth: hci0: command tx timeout [ 578.171963][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 578.188207][ T12] bridge_slave_0: left allmulticast mode [ 578.197921][ T12] bridge_slave_0: left promiscuous mode [ 578.205868][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 578.656945][T11421] EXT4-fs error (device loop5): ext4_readdir:260: inode #2: block 16: comm syz-executor.5: path /root/syzkaller-testdir1309093064/syzkaller.fgwLTn/126/file1: bad entry in directory: rec_len is smaller than minimal - offset=60, inode=21519, rec_len=0, size=1024 fake=0 [ 579.083357][T11421] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 579.314375][ T5179] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 579.505871][T14092] loop5: detected capacity change from 0 to 256 [ 579.515663][ T5179] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 255, changing to 11 [ 579.556960][ T5179] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xFF has invalid maxpacket 59391, setting to 1024 [ 579.590794][ T5179] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 579.610732][ T53] Bluetooth: hci5: command tx timeout [ 579.620933][ T5179] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 579.646301][ T5179] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 579.683433][ T5179] usb 1-1: config 0 descriptor?? [ 579.689256][T14082] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 579.904105][T14082] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 579.916370][T14082] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 580.145520][ T5179] plantronics 0003:047F:FFFF.0008: unknown main item tag 0xd [ 580.171757][ T5179] plantronics 0003:047F:FFFF.0008: No inputs registered, leaving [ 580.215424][ T5179] plantronics 0003:047F:FFFF.0008: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 580.244857][ T53] Bluetooth: hci0: command tx timeout [ 580.372584][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 580.399352][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 580.427308][ T5174] usb 1-1: USB disconnect, device number 7 [ 580.447236][ T12] bond0 (unregistering): Released all slaves [ 580.561180][ C0] vkms_vblank_simulate: vblank timer overrun [ 580.593194][ C0] vkms_vblank_simulate: vblank timer overrun [ 580.911316][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 580.926064][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 580.942335][ T12] bond0 (unregistering): Released all slaves [ 580.980758][T14030] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 581.112056][T14030] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 581.289973][T14118] loop5: detected capacity change from 0 to 1024 [ 581.330482][T14118] EXT4-fs: Ignoring removed orlov option [ 581.355530][T14118] EXT4-fs (loop5): Test dummy encryption mode enabled [ 581.355596][T14035] chnl_net:caif_netlink_parms(): no params data found [ 581.375627][T14118] EXT4-fs (loop5): stripe (7) is not aligned with cluster size (16), stripe is disabled [ 581.446560][T14118] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 581.488837][T14030] team0: Port device team_slave_0 added [ 581.649263][T14030] team0: Port device team_slave_1 added [ 581.683070][ T53] Bluetooth: hci5: command tx timeout [ 581.793590][T14118] fscrypt: AES-256-CBC-CTS using implementation "cts-cbc-aes-aesni" [ 582.034444][T14030] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 582.057264][T14030] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 582.114662][T14030] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 582.196571][T14030] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 582.243870][T14118] fscrypt: AES-256-XTS using implementation "xts-aes-vaes-avx2" [ 582.245559][T14030] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 582.312917][T14030] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 582.324388][ T53] Bluetooth: hci0: command tx timeout [ 582.395316][T11421] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 582.673846][T14035] bridge0: port 1(bridge_slave_0) entered blocking state [ 582.685123][T14035] bridge0: port 1(bridge_slave_0) entered disabled state [ 582.700792][T14035] bridge_slave_0: entered allmulticast mode [ 582.721429][T14035] bridge_slave_0: entered promiscuous mode [ 583.062219][T14035] bridge0: port 2(bridge_slave_1) entered blocking state [ 583.351667][T14035] bridge0: port 2(bridge_slave_1) entered disabled state [ 583.463339][T14035] bridge_slave_1: entered allmulticast mode [ 583.718529][T14035] bridge_slave_1: entered promiscuous mode [ 583.760307][T13841] 8021q: adding VLAN 0 to HW filter on device bond0 [ 583.767810][ T53] Bluetooth: hci5: command tx timeout [ 584.014401][T14030] hsr_slave_0: entered promiscuous mode [ 584.022748][T14030] hsr_slave_1: entered promiscuous mode [ 584.048659][T14030] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 584.080024][T14030] Cannot create hsr debugfs directory [ 584.280566][T14170] netlink: 92 bytes leftover after parsing attributes in process `syz-executor.3'. [ 584.342354][T14165] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.5'. [ 584.361754][T13841] 8021q: adding VLAN 0 to HW filter on device team0 [ 584.461469][T14035] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 584.526842][T14035] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 584.767305][T14035] team0: Port device team_slave_0 added [ 584.914560][ T57] bridge0: port 1(bridge_slave_0) entered blocking state [ 584.922135][ T57] bridge0: port 1(bridge_slave_0) entered forwarding state [ 584.969115][ T12] hsr_slave_0: left promiscuous mode [ 585.023690][ T12] hsr_slave_1: left promiscuous mode [ 585.065143][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 585.072638][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 585.145387][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 585.167968][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 585.263632][ T12] hsr_slave_0: left promiscuous mode [ 585.293872][ T12] hsr_slave_1: left promiscuous mode [ 585.314539][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 585.322332][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 585.373529][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 585.382898][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 585.546854][ T12] veth1_macvtap: left promiscuous mode [ 585.552629][ T12] veth0_macvtap: left promiscuous mode [ 585.569503][ T12] veth1_vlan: left promiscuous mode [ 585.580501][ T12] veth0_vlan: left promiscuous mode [ 585.599899][ T12] veth1_macvtap: left promiscuous mode [ 585.623178][ T12] veth0_macvtap: left promiscuous mode [ 585.646874][ T12] veth1_vlan: left promiscuous mode [ 585.653387][ T12] veth0_vlan: left promiscuous mode [ 587.666909][ T12] team0 (unregistering): Port device team_slave_1 removed [ 587.844361][ T12] team0 (unregistering): Port device team_slave_0 removed [ 590.348269][ T12] team0 (unregistering): Port device team_slave_1 removed [ 590.422458][ T12] team0 (unregistering): Port device team_slave_0 removed [ 591.314391][T14035] team0: Port device team_slave_1 added [ 591.368120][T14198] netlink: 763 bytes leftover after parsing attributes in process `syz-executor.3'. [ 591.439994][ T5190] bridge0: port 2(bridge_slave_1) entered blocking state [ 591.447268][ T5190] bridge0: port 2(bridge_slave_1) entered forwarding state [ 591.629648][T14035] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 591.644023][T14035] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 591.708601][T14035] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 591.747185][T14035] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 591.833015][T14035] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 591.882197][T14035] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 592.034747][T14035] hsr_slave_0: entered promiscuous mode [ 592.517307][T14035] hsr_slave_1: entered promiscuous mode [ 592.656347][T14035] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 592.673832][T14035] Cannot create hsr debugfs directory [ 592.796346][T14214] bridge0: port 2(bridge_slave_1) entered disabled state [ 592.804553][T14214] bridge0: port 1(bridge_slave_0) entered disabled state [ 592.953111][T14216] bridge0: port 2(bridge_slave_1) entered blocking state [ 592.960396][T14216] bridge0: port 2(bridge_slave_1) entered forwarding state [ 592.967987][T14216] bridge0: port 1(bridge_slave_0) entered blocking state [ 592.975244][T14216] bridge0: port 1(bridge_slave_0) entered forwarding state [ 593.013743][T14216] bridge0: entered promiscuous mode [ 593.019235][T14216] bridge0: entered allmulticast mode [ 594.036140][T13841] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 594.082208][T13841] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 595.823188][T14030] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 595.944621][T14030] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 595.971102][T14030] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 596.001477][T14030] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 596.040525][T14250] netlink: 763 bytes leftover after parsing attributes in process `syz-executor.5'. [ 596.111329][T14252] xt_hashlimit: max too large, truncated to 1048576 [ 596.135246][T14252] xt_hashlimit: overflow, try lower: 0/0 [ 596.161951][T13841] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 596.263134][ T5134] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 596.348246][T14260] bridge0: port 2(bridge_slave_1) entered blocking state [ 596.355531][T14260] bridge0: port 2(bridge_slave_1) entered listening state [ 596.363072][T14260] bridge0: port 1(bridge_slave_0) entered blocking state [ 596.370288][T14260] bridge0: port 1(bridge_slave_0) entered listening state [ 596.383346][T14260] bridge0: entered promiscuous mode [ 596.396755][T14260] bridge0: entered allmulticast mode [ 596.474323][T14263] 9pnet_fd: Insufficient options for proto=fd [ 596.495024][ T5134] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 596.523236][ T5134] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 596.536701][ T5134] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 596.546181][ T5134] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 596.557420][ T5134] usb 1-1: config 0 descriptor?? [ 596.661949][T14267] loop5: detected capacity change from 0 to 128 [ 596.691420][T14267] FAT-fs (loop5): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1) [ 596.718949][T14035] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 596.759074][ T29] kauditd_printk_skb: 1 callbacks suppressed [ 596.759097][ T29] audit: type=1800 audit(1716910243.759:2429): pid=14267 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="bus" dev="loop5" ino=1048788 res=0 errno=0 [ 596.774467][T14035] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 596.910881][ T29] audit: type=1804 audit(1716910243.909:2430): pid=14273 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir1309093064/syzkaller.fgwLTn/141/file0/bus" dev="loop5" ino=1048788 res=1 errno=0 [ 596.912025][T14030] 8021q: adding VLAN 0 to HW filter on device bond0 [ 597.011177][T14035] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 597.011437][ T5134] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0 [ 597.050036][T14273] syz-executor.5: attempt to access beyond end of device [ 597.050036][T14273] loop5: rw=0, sector=97, nr_sectors = 48 limit=128 [ 597.059449][ T5134] plantronics 0003:047F:FFFF.0009: No inputs registered, leaving [ 597.098177][ T5134] plantronics 0003:047F:FFFF.0009: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 597.113062][T14035] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 597.207186][ T62] FAT-fs (loop5): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1) [ 597.229503][T14030] 8021q: adding VLAN 0 to HW filter on device team0 [ 597.315997][ T5175] bridge0: port 1(bridge_slave_0) entered blocking state [ 597.323366][ T5175] bridge0: port 1(bridge_slave_0) entered forwarding state [ 597.326202][ T57] usb 1-1: USB disconnect, device number 8 [ 597.414746][ T5178] bridge0: port 2(bridge_slave_1) entered blocking state [ 597.422050][ T5178] bridge0: port 2(bridge_slave_1) entered forwarding state [ 597.492336][T13841] veth0_vlan: entered promiscuous mode [ 597.622455][T13841] veth1_vlan: entered promiscuous mode [ 597.792172][T14035] 8021q: adding VLAN 0 to HW filter on device bond0 [ 597.794964][T14296] xt_hashlimit: max too large, truncated to 1048576 [ 597.807800][T14296] xt_hashlimit: overflow, try lower: 0/0 [ 597.949386][T14035] 8021q: adding VLAN 0 to HW filter on device team0 [ 597.996205][T13841] veth0_macvtap: entered promiscuous mode [ 598.040165][ T5175] bridge0: port 1(bridge_slave_0) entered blocking state [ 598.047535][ T5175] bridge0: port 1(bridge_slave_0) entered forwarding state [ 598.096174][ T5175] bridge0: port 2(bridge_slave_1) entered blocking state [ 598.103464][ T5175] bridge0: port 2(bridge_slave_1) entered forwarding state [ 598.168196][T13841] veth1_macvtap: entered promiscuous mode [ 598.236781][T14304] loop5: detected capacity change from 0 to 1024 [ 598.277659][T13841] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 598.319213][T13841] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 598.348592][T13841] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 598.390359][T13841] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 598.433101][T13841] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 598.443711][T13841] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 598.462838][T13841] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 598.483069][T13841] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 598.504274][T13841] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 598.658311][T13841] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 598.676514][T13841] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 598.697432][T13841] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 598.720662][T13841] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 598.739827][T13841] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 598.787291][T13841] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 598.803450][T13841] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 598.840145][T13841] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 598.871287][T13841] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 598.969982][T13841] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 598.990220][T13841] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 599.009845][T13841] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 599.022452][T13841] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 599.124346][T14030] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 599.465831][ T5134] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 599.481177][ T5134] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 599.560726][T14030] veth0_vlan: entered promiscuous mode [ 599.682158][ T25] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 599.704112][T14030] veth1_vlan: entered promiscuous mode [ 599.712599][ T25] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 599.828132][T14035] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 599.952033][T14030] veth0_macvtap: entered promiscuous mode [ 600.012279][T14030] veth1_macvtap: entered promiscuous mode [ 600.165235][T14030] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 600.203674][T14030] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 600.236307][T14313] loop5: detected capacity change from 0 to 32768 [ 600.241277][T14030] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 600.269121][T14030] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 600.282587][T14341] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 600.285737][T14030] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 600.319169][ T29] audit: type=1804 audit(1716910247.319:2431): pid=14338 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="memory.events" dev="sda1" ino=1967 res=1 errno=0 [ 600.328524][T14030] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 600.351591][ T29] audit: type=1800 audit(1716910247.319:2432): pid=14338 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="memory.events" dev="sda1" ino=1967 res=0 errno=0 [ 600.389111][T14313] XFS (loop5): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 600.404275][T14030] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 600.433385][T14030] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 600.460696][T14030] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 600.482727][T14347] loop4: detected capacity change from 0 to 1024 [ 600.491461][T14030] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 600.506587][T14030] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 600.573838][T14035] veth0_vlan: entered promiscuous mode [ 600.605180][T14030] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 600.615829][T14030] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 600.626828][T14030] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 600.639706][T14030] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 600.661129][T14030] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 600.673165][T14030] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 600.674746][T14313] XFS (loop5): Ending clean mount [ 600.683642][T14030] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 600.699615][T14030] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 600.702567][T14313] XFS (loop5): Quotacheck needed: Please wait. [ 600.710470][T14030] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 600.729115][T14030] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 600.770834][T14030] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 600.819184][T14313] XFS (loop5): Quotacheck: Done. [ 600.830509][T14030] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 600.854820][T14357] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 600.868671][T14030] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 600.916070][T14030] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 600.945683][T14030] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 600.989324][T14035] veth1_vlan: entered promiscuous mode [ 601.029166][T14362] loop4: detected capacity change from 0 to 2048 [ 601.046056][T11421] XFS (loop5): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 601.056916][T14362] EXT4-fs: Ignoring removed nobh option [ 601.090787][T14362] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 601.245043][T14362] EXT4-fs error (device loop4): ext4_validate_block_bitmap:432: comm syz-executor.4: bg 0: block 2: invalid block bitmap [ 601.277985][T14362] EXT4-fs (loop4): Remounting filesystem read-only [ 601.358224][T14035] veth0_macvtap: entered promiscuous mode [ 601.426257][T13841] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 601.442898][ T5134] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 601.450831][ T5134] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 601.528530][T14035] veth1_macvtap: entered promiscuous mode [ 601.697757][T14375] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 601.756232][T14035] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 601.782992][ T8] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 601.790873][ T8] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 601.792616][T14035] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 601.828332][T14035] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 601.865085][T14035] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 601.898396][T14384] loop5: detected capacity change from 0 to 1024 [ 601.910477][T14035] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 601.940762][T14035] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 601.964311][T14035] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 601.980912][T14035] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 601.993674][T14035] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 602.010011][T14035] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 602.032932][T14035] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 602.062847][T14035] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 602.088158][T14035] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 602.167265][T14035] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 602.180592][T14035] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 602.190915][T14035] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 602.202961][T14035] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 602.228631][T14035] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 602.281508][T14035] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 602.302215][T14035] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 602.324294][T14035] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 602.345162][T14035] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 602.380964][T14035] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 602.411952][T14035] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 602.437854][T14035] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 602.476090][T14035] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 602.512432][T14035] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 602.543079][T14035] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 602.567685][T14035] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 602.609770][T14035] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 603.018631][T11026] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 603.056141][T11026] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 603.074324][T14420] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 603.205813][ T62] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 603.226364][ T62] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 603.351847][T14424] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 603.693045][ T5179] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 603.898966][ T5179] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 603.939102][ T5179] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 603.975406][ T5179] usb 3-1: New USB device found, idVendor=05ac, idProduct=022a, bcdDevice=10.00 [ 604.007932][ T5179] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 604.041319][ T5179] usb 3-1: config 0 descriptor?? [ 604.246004][ T29] audit: type=1800 audit(1716910251.249:2433): pid=14445 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=1956 res=0 errno=0 [ 604.319224][ T29] audit: type=1804 audit(1716910251.269:2434): pid=14445 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir293694475/syzkaller.n66s33/84/bus" dev="sda1" ino=1956 res=1 errno=0 [ 604.444128][T14449] x_tables: duplicate underflow at hook 3 [ 604.472428][ T5179] appletouch 3-1:0.0: Geyser mode initialized. [ 604.513836][ T5179] input: appletouch as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input28 [ 604.620687][T14452] loop5: detected capacity change from 0 to 1024 [ 604.662275][T14452] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 604.747416][ T25] usb 3-1: USB disconnect, device number 5 [ 604.777698][T14452] EXT4-fs (loop5): Online resizing not supported with bigalloc [ 604.858475][ T25] appletouch 3-1:0.0: input: appletouch disconnected [ 604.902259][T11421] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 605.235897][T14467] loop5: detected capacity change from 0 to 4096 [ 605.254064][T14467] ntfs3: loop5: Different NTFS sector size (2048) and media sector size (512). [ 605.338463][T14467] ntfs3: loop5: Mark volume as dirty due to NTFS errors [ 606.450668][ T62] ntfs3: loop5: ino=5, ntfs3_write_inode failed, -22. [ 607.261367][T14509] loop5: detected capacity change from 0 to 512 [ 607.291267][T14509] EXT4-fs (loop5): Cannot turn on journaled quota: type 0: error -2 [ 607.299980][T14509] EXT4-fs (loop5): Cannot turn on journaled quota: type 1: error -2 [ 607.334931][T14509] EXT4-fs (loop5): 1 truncate cleaned up [ 607.342177][T14509] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 608.149398][T11421] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 608.353658][T14530] x_tables: duplicate underflow at hook 3 [ 608.472037][T14533] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 608.654734][ T5174] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 608.855545][ T5174] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 608.884766][ T5174] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 608.940170][ T5174] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 609.001157][ T5174] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 609.062336][ T5174] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 609.102079][ T5174] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 609.140940][ T5174] usb 5-1: Product: syz [ 609.160155][ T5174] usb 5-1: Manufacturer: syz [ 609.198725][ T5174] cdc_wdm 5-1:1.0: probe with driver cdc_wdm failed with error -22 [ 609.452929][ T57] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 609.663458][ T57] usb 3-1: Using ep0 maxpacket: 8 [ 609.702203][ T57] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 609.729585][ T57] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 609.777889][ T57] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 609.805752][ T57] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 609.850839][ T57] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 609.895671][ T57] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 610.010759][T14562] loop5: detected capacity change from 0 to 512 [ 610.043465][T14562] EXT4-fs (loop5): Cannot turn on journaled quota: type 0: error -2 [ 610.051614][T14562] EXT4-fs (loop5): Cannot turn on journaled quota: type 1: error -2 [ 610.065484][T14562] EXT4-fs (loop5): 1 truncate cleaned up [ 610.073930][T14562] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 610.163055][ T57] usb 3-1: GET_CAPABILITIES returned 0 [ 610.189814][ T57] usbtmc 3-1:16.0: can't read capabilities [ 610.942224][T11421] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 611.858554][ C0] bridge0: port 1(bridge_slave_0) entered learning state [ 611.868118][ C0] bridge0: port 2(bridge_slave_1) entered learning state [ 611.926123][ T5174] usb 3-1: USB disconnect, device number 6 [ 612.174764][T14575] loop1: detected capacity change from 0 to 32768 [ 612.237714][T14575] ERROR: (device loop1): xtTruncate_pmap: XT_GETPAGE: xtree page corrupt [ 612.237714][T14575] [ 612.263414][T14575] ERROR: (device loop1): remounting filesystem as read-only [ 612.283113][T14575] ERROR: (device loop1): jfs_unlink: [ 612.283113][T14575] [ 612.319958][ T5174] usb 5-1: USB disconnect, device number 10 [ 612.361671][T14030] ERROR: (device loop1): xtTruncate: XT_GETPAGE: xtree page corrupt [ 612.361671][T14030] [ 612.991903][T14621] loop5: detected capacity change from 0 to 512 [ 613.034644][T14621] EXT4-fs (loop5): couldn't mount as ext2 due to feature incompatibilities [ 613.100948][T14626] loop2: detected capacity change from 0 to 512 [ 613.171706][T14626] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 613.192885][ T57] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 613.214138][T14626] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem [ 613.241525][T14629] binder: 14628:14629 ioctl 4018620d 0 returned -22 [ 613.385276][T14626] EXT4-fs (loop2): warning: checktime reached, running e2fsck is recommended [ 613.416692][T14626] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042c01c, mo2=0002] [ 613.447699][T14626] System zones: 0-2, 18-18, 34-34 [ 613.539116][T14626] EXT4-fs warning (device loop2): ext4_update_dynamic_rev:1137: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 613.592190][T14626] EXT4-fs (loop2): 1 truncate cleaned up [ 613.614886][T14626] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 613.665276][T14641] loop5: detected capacity change from 0 to 1024 [ 613.699722][T14641] hfsplus: invalid extent btree flag [ 613.708982][T14641] hfsplus: failed to load extents file [ 613.833794][T14626] EXT4-fs error (device loop2): ext4_readdir:260: inode #12: block 13: comm syz-executor.2: path /root/syzkaller-testdir3056371176/syzkaller.Y8DRuC/13/file1/file0: bad entry in directory: rec_len is too small for name_len - offset=0, inode=12, rec_len=12, size=4096 fake=0 [ 614.272895][T14653] loop5: detected capacity change from 0 to 128 [ 614.284194][T14035] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 614.376538][T14653] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 614.454520][T14653] ext4 filesystem being mounted at /root/syzkaller-testdir1309093064/syzkaller.fgwLTn/174/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 614.791596][T11421] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 615.398741][T14672] loop1: detected capacity change from 0 to 4096 [ 615.430911][T14672] ntfs3: loop1: Different NTFS sector size (2048) and media sector size (512). [ 615.538624][T14682] loop5: detected capacity change from 0 to 512 [ 615.579383][T14682] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended [ 615.589109][T14682] EXT4-fs (loop5): mounting ext2 file system using the ext4 subsystem [ 615.614674][T14682] EXT4-fs (loop5): warning: checktime reached, running e2fsck is recommended [ 615.653609][T14682] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042c01c, mo2=0002] [ 615.661903][T14682] System zones: 0-2, 18-18, 34-34 [ 615.705120][T14682] EXT4-fs warning (device loop5): ext4_update_dynamic_rev:1137: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 615.734790][T14672] ntfs3: loop1: ino=5, "/" directory corrupted [ 615.792280][T14682] EXT4-fs (loop5): 1 truncate cleaned up [ 615.798523][T14672] ntfs3: loop1: Mark volume as dirty due to NTFS errors [ 615.804917][T14682] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 615.894349][T14682] EXT4-fs error (device loop5): ext4_readdir:260: inode #12: block 13: comm syz-executor.5: path /root/syzkaller-testdir1309093064/syzkaller.fgwLTn/177/file1/file0: bad entry in directory: rec_len is too small for name_len - offset=0, inode=12, rec_len=12, size=4096 fake=0 [ 616.059937][T11421] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 616.190026][T14694] overlayfs: failed to clone lowerpath [ 616.367317][T14701] loop4: detected capacity change from 0 to 128 [ 616.423600][T14701] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 616.438588][T14697] loop1: detected capacity change from 0 to 4096 [ 616.450887][T14697] ntfs3: loop1: Different NTFS sector size (4096) and media sector size (512). [ 616.460263][T14701] ext4 filesystem being mounted at /root/syzkaller-testdir1353739990/syzkaller.3AWFML/41/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 616.496559][ C0] vkms_vblank_simulate: vblank timer overrun [ 616.619750][T13841] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 616.788790][ T57] usb 1-1: device descriptor read/all, error -71 [ 617.041665][T14715] loop4: detected capacity change from 0 to 256 [ 617.485934][T14729] loop1: detected capacity change from 0 to 256 [ 617.552216][T14738] netlink: 277 bytes leftover after parsing attributes in process `syz-executor.4'. [ 617.783570][ T5179] usb 6-1: new full-speed USB device number 9 using dummy_hcd [ 618.035066][ T5179] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 618.062474][ T5179] usb 6-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 618.087918][ T5179] usb 6-1: config 1 has no interface number 1 [ 618.094762][ T5179] usb 6-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 4 [ 618.110736][ T5179] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 618.121756][ T5179] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 618.153203][ T5179] usb 6-1: Product: syz [ 618.166947][ T5179] usb 6-1: Manufacturer: syz [ 618.189755][ T5179] usb 6-1: SerialNumber: syz [ 618.345621][T14763] loop1: detected capacity change from 0 to 128 [ 618.400251][T14763] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 618.423273][ T5179] usb 6-1: 2:1 : no or invalid class specific endpoint descriptor [ 618.431331][ T5179] usb 6-1: 2:1 : format type 0 is detected, processed as PCM [ 618.463450][T14765] loop4: detected capacity change from 0 to 1024 [ 618.486241][ T5179] usb 6-1: USB disconnect, device number 9 [ 618.500162][T14763] ext4 filesystem being mounted at /root/syzkaller-testdir3343695200/syzkaller.NDymfn/20/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 618.552691][T14765] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 618.615215][T14765] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003] [ 618.670478][T14765] System zones: 0-1, 3-36 [ 618.687110][T14765] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 618.772917][T14765] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2234: inode #15: comm syz-executor.4: corrupted in-inode xattr: ea_inode specified without ea_inode feature enabled [ 618.842191][T14030] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 619.094493][T14772] loop1: detected capacity change from 0 to 1024 [ 619.125757][T14772] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 619.165973][T14772] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003] [ 619.203165][T14772] System zones: 0-1, 3-36 [ 619.226440][T14772] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 619.260977][T14774] loop5: detected capacity change from 0 to 256 [ 619.278381][T13841] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 619.323520][T14772] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2234: inode #15: comm syz-executor.1: corrupted in-inode xattr: ea_inode specified without ea_inode feature enabled [ 619.539909][T14778] loop4: detected capacity change from 0 to 1024 [ 619.577937][T14778] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 619.684341][T14778] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003] [ 619.692702][T14778] System zones: 0-1, 3-36 [ 619.714746][T14778] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 619.806599][T14778] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2234: inode #15: comm syz-executor.4: corrupted in-inode xattr: ea_inode specified without ea_inode feature enabled [ 619.948953][T14030] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 620.178722][ T29] audit: type=1804 audit(1716910267.159:2435): pid=14762 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir293694475/syzkaller.n66s33/104/bus" dev="sda1" ino=1956 res=1 errno=0 [ 620.281306][ T29] audit: type=1804 audit(1716910267.209:2436): pid=14762 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir293694475/syzkaller.n66s33/104/bus" dev="sda1" ino=1956 res=1 errno=0 [ 620.567371][T13841] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 620.618408][T14799] loop5: detected capacity change from 0 to 256 [ 620.951450][T14807] netlink: 'syz-executor.4': attribute type 2 has an invalid length. [ 620.968708][T14807] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 622.010859][T14811] loop5: detected capacity change from 0 to 1024 [ 622.051496][T14811] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 622.123095][T14811] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003] [ 622.160006][T14811] System zones: 0-1, 3-36 [ 622.185299][T14811] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 622.334597][T14811] EXT4-fs error (device loop5): ext4_xattr_ibody_find:2234: inode #15: comm syz-executor.5: corrupted in-inode xattr: ea_inode specified without ea_inode feature enabled [ 622.503905][T14827] loop4: detected capacity change from 0 to 512 [ 622.572911][T14827] EXT4-fs warning (device loop4): dx_probe:877: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 622.585261][T14827] EXT4-fs warning (device loop4): dx_probe:880: Enable large directory feature to access it [ 622.596718][T14827] EXT4-fs warning (device loop4): dx_probe:965: inode #2: comm syz-executor.4: Corrupt directory, running e2fsck is recommended [ 622.639001][T14827] EXT4-fs (loop4): Cannot turn on journaled quota: type 1: error -2 [ 622.658897][T14827] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2234: inode #15: comm syz-executor.4: corrupted in-inode xattr: invalid ea_ino [ 622.715208][T14827] EXT4-fs (loop4): Remounting filesystem read-only [ 622.755155][T14827] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 622.812218][T11421] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 622.970760][T13841] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 623.024489][ T29] audit: type=1804 audit(1716910270.019:2437): pid=14831 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="file0" dev="sda1" ino=1957 res=1 errno=0 [ 623.199678][T14839] loop4: detected capacity change from 0 to 512 [ 623.232689][T14839] EXT4-fs warning (device loop4): dx_probe:877: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 623.273022][T14839] EXT4-fs warning (device loop4): dx_probe:880: Enable large directory feature to access it [ 623.292196][T14839] EXT4-fs warning (device loop4): dx_probe:965: inode #2: comm syz-executor.4: Corrupt directory, running e2fsck is recommended [ 623.344180][ T29] audit: type=1326 audit(1716910270.349:2438): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14841 comm="syz-executor.5" exe="/root/syz-executor.5" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f738827cee9 code=0x0 [ 623.372107][T14839] EXT4-fs (loop4): Cannot turn on journaled quota: type 1: error -2 [ 623.393372][T14839] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2234: inode #15: comm syz-executor.4: corrupted in-inode xattr: invalid ea_ino [ 623.413400][T14839] EXT4-fs (loop4): Remounting filesystem read-only [ 623.424631][T14839] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 623.526868][T13841] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 623.539751][T14847] netlink: 'syz-executor.3': attribute type 2 has an invalid length. [ 623.564206][T14847] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 623.695792][T14848] loop5: detected capacity change from 0 to 4096 [ 623.728384][T14848] ntfs3: loop5: Different NTFS sector size (4096) and media sector size (512). [ 623.818541][ T29] audit: type=1804 audit(1716910270.819:2439): pid=14852 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="file0" dev="sda1" ino=1977 res=1 errno=0 [ 623.950252][T14856] netlink: 'syz-executor.4': attribute type 64 has an invalid length. [ 624.016066][ T1242] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.025269][ T1242] ieee802154 phy1 wpan1: encryption failed: -22 [ 624.115648][ T29] audit: type=1804 audit(1716910271.119:2440): pid=14821 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir293694475/syzkaller.n66s33/110/bus" dev="sda1" ino=1976 res=1 errno=0 [ 624.153337][ T29] audit: type=1804 audit(1716910271.119:2441): pid=14821 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir293694475/syzkaller.n66s33/110/bus" dev="sda1" ino=1976 res=1 errno=0 [ 624.302528][T14866] loop5: detected capacity change from 0 to 512 [ 624.357528][T14866] EXT4-fs warning (device loop5): dx_probe:877: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 624.392381][T14844] loop1: detected capacity change from 0 to 32768 [ 624.401363][T14866] EXT4-fs warning (device loop5): dx_probe:880: Enable large directory feature to access it [ 624.411896][T14866] EXT4-fs warning (device loop5): dx_probe:965: inode #2: comm syz-executor.5: Corrupt directory, running e2fsck is recommended [ 624.425820][T14844] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor.1 (14844) [ 624.445806][T14866] EXT4-fs (loop5): Cannot turn on journaled quota: type 1: error -2 [ 624.456219][T14866] EXT4-fs error (device loop5): ext4_xattr_ibody_find:2234: inode #15: comm syz-executor.5: corrupted in-inode xattr: invalid ea_ino [ 624.472460][T14866] EXT4-fs (loop5): Remounting filesystem read-only [ 624.483942][ T5174] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 624.488707][T14866] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 624.510098][T14844] BTRFS info (device loop1): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 624.528600][T14844] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [ 624.542044][T14844] BTRFS info (device loop1): using free-space-tree [ 624.634696][T11421] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 624.640944][ T29] audit: type=1326 audit(1716910271.639:2442): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14887 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc86c87cee9 code=0x0 [ 624.702845][ T5174] usb 5-1: Using ep0 maxpacket: 8 [ 624.715501][ T5174] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 624.725476][ T5174] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 624.736033][ T5174] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 624.756857][ T5174] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 624.777712][ T5174] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 624.790397][ T5174] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 625.025682][T14902] loop5: detected capacity change from 0 to 8 [ 625.032166][ T5174] usb 5-1: GET_CAPABILITIES returned 0 [ 625.042201][ T5174] usbtmc 5-1:16.0: can't read capabilities [ 625.090124][ T29] audit: type=1804 audit(1716910272.089:2443): pid=14898 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir293694475/syzkaller.n66s33/113/file0" dev="sda1" ino=1965 res=1 errno=0 [ 625.146409][T14902] SQUASHFS error: lzo decompression failed, data probably corrupt [ 625.168897][T14902] SQUASHFS error: Failed to read block 0x91: -5 [ 625.198485][T14902] SQUASHFS error: Unable to read metadata cache entry [8f] [ 625.220924][T14902] SQUASHFS error: Unable to read inode 0x11f [ 625.255868][T14030] BTRFS info (device loop1): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 625.535216][T14905] netlink: 'syz-executor.5': attribute type 64 has an invalid length. [ 626.820804][ T5174] usb 5-1: USB disconnect, device number 11 [ 627.213662][ C0] bridge0: port 2(bridge_slave_1) entered forwarding state [ 627.220935][ C0] bridge0: topology change detected, propagating [ 627.228021][ C0] bridge0: port 1(bridge_slave_0) entered forwarding state [ 627.235291][ C0] bridge0: topology change detected, propagating [ 628.055289][ T29] audit: type=1326 audit(1716910275.059:2444): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14926 comm="syz-executor.5" exe="/root/syz-executor.5" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f738827cee9 code=0x0 [ 628.103582][T14930] loop1: detected capacity change from 0 to 1764 [ 628.128285][T14931] netlink: 'syz-executor.4': attribute type 8 has an invalid length. [ 628.157718][T14931] netlink: 199836 bytes leftover after parsing attributes in process `syz-executor.4'. [ 628.338416][T14933] loop5: detected capacity change from 0 to 512 [ 628.375435][T14933] EXT4-fs error (device loop5): ext4_orphan_get:1420: comm syz-executor.5: bad orphan inode 17 [ 628.397692][T14935] loop4: detected capacity change from 0 to 2048 [ 628.407041][T14933] ext4_test_bit(bit=16, block=4) = 1 [ 628.419502][T14933] is_bad_inode(inode)=0 [ 628.422730][T14935] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found [ 628.431631][T14935] UDF-fs: Scanning with blocksize 512 failed [ 628.450207][T14933] NEXT_ORPHAN(inode)=0 [ 628.452102][T14935] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 628.469643][T14933] max_ino=32 [ 628.489712][T14933] i_nlink=1 [ 628.526676][T14933] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 628.693310][T14941] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 628.715244][T14943] overlayfs: failed to clone upperpath [ 628.773446][T11421] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 629.096793][T14956] loop4: detected capacity change from 0 to 512 [ 629.133194][T14956] EXT4-fs warning (device loop4): dx_probe:877: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 629.151777][T14956] EXT4-fs warning (device loop4): dx_probe:880: Enable large directory feature to access it [ 629.173970][T14956] EXT4-fs warning (device loop4): dx_probe:965: inode #2: comm syz-executor.4: Corrupt directory, running e2fsck is recommended [ 629.249314][T14956] EXT4-fs (loop4): Cannot turn on journaled quota: type 1: error -2 [ 629.307028][T14956] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2234: inode #15: comm syz-executor.4: corrupted in-inode xattr: invalid ea_ino [ 629.375511][T14956] EXT4-fs (loop4): Remounting filesystem read-only [ 629.394470][T14956] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 629.568916][T13841] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 629.657174][T14967] netlink: 'syz-executor.1': attribute type 1 has an invalid length. [ 630.262418][T14957] loop5: detected capacity change from 0 to 32768 [ 630.350115][T14957] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop5 (7:5) scanned by syz-executor.5 (14957) [ 630.418184][T14957] BTRFS info (device loop5): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 630.442947][T14957] BTRFS info (device loop5): using sha256 (sha256-ni) checksum algorithm [ 630.451466][T14957] BTRFS info (device loop5): using free-space-tree [ 630.475665][T14989] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 630.532906][T14989] CIFS mount error: No usable UNC path provided in device string! [ 630.532906][T14989] [ 630.544387][T14989] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 630.625249][T14999] netlink: 'syz-executor.4': attribute type 1 has an invalid length. [ 630.636022][T14999] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 630.855781][T11421] BTRFS info (device loop5): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 630.934276][T15020] netlink: 'syz-executor.3': attribute type 1 has an invalid length. [ 630.967135][T15019] netlink: 'syz-executor.4': attribute type 1 has an invalid length. [ 631.011998][T15022] loop1: detected capacity change from 0 to 256 [ 631.066856][T15022] FAT-fs (loop1): Directory bread(block 64) failed [ 631.066907][T15022] FAT-fs (loop1): Directory bread(block 65) failed [ 631.067067][T15022] FAT-fs (loop1): Directory bread(block 66) failed [ 631.067185][T15022] FAT-fs (loop1): Directory bread(block 67) failed [ 631.067299][T15022] FAT-fs (loop1): Directory bread(block 68) failed [ 631.067335][T15022] FAT-fs (loop1): Directory bread(block 69) failed [ 631.067442][T15022] FAT-fs (loop1): Directory bread(block 70) failed [ 631.067477][T15022] FAT-fs (loop1): Directory bread(block 71) failed [ 631.067582][T15022] FAT-fs (loop1): Directory bread(block 72) failed [ 631.067618][T15022] FAT-fs (loop1): Directory bread(block 73) failed [ 631.607463][T15033] loop1: detected capacity change from 0 to 256 [ 631.614139][T15033] exfat: Unknown parameter '0xffffffffffffffff' [ 631.650138][T15034] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.3'. [ 631.650181][T15034] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.3'. [ 631.796003][T15036] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 631.796114][T15036] TCP: tcp_parse_options: Illegal window scaling value 31 > 14 received [ 631.830471][T15038] xt_l2tp: v2 doesn't support IP mode [ 631.834826][ T29] audit: type=1326 audit(1716910278.829:2445): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15037 comm="syz-executor.3" exe="/root/syz-executor.3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0a6387cee9 code=0x0 [ 632.365807][T15054] fuse: Bad value for 'fd' [ 632.383729][T15054] Bluetooth: MGMT ver 1.22 [ 632.476111][T15058] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 632.890620][T15043] loop5: detected capacity change from 0 to 32768 [ 632.951639][T15070] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.4'. [ 632.951677][T15070] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.4'. [ 633.026792][T15043] XFS (loop5): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 633.058080][T15075] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 633.198712][T15043] XFS (loop5): Ending clean mount [ 633.257160][T15043] XFS (loop5): Quotacheck needed: Please wait. [ 633.351042][T15088] xt_l2tp: v2 doesn't support IP mode [ 633.369888][T15090] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 633.380559][T15090] TCP: tcp_parse_options: Illegal window scaling value 31 > 14 received [ 633.382938][ T29] audit: type=1326 audit(1716910280.369:2446): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15085 comm="syz-executor.1" exe="/root/syz-executor.1" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2730c7cee9 code=0x0 [ 633.432015][T15043] XFS (loop5): Quotacheck: Done. [ 633.545728][ T29] audit: type=1326 audit(1716910280.549:2447): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15092 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a6387cee9 code=0x7ffc0000 [ 633.568725][ C0] vkms_vblank_simulate: vblank timer overrun [ 633.623299][ T29] audit: type=1326 audit(1716910280.549:2448): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15092 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a6387cee9 code=0x7ffc0000 [ 633.704616][ T29] audit: type=1326 audit(1716910280.549:2449): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15092 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=297 compat=0 ip=0x7f0a6387cee9 code=0x7ffc0000 [ 633.786352][T11421] XFS (loop5): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 633.801587][ T29] audit: type=1326 audit(1716910280.549:2450): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15092 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a6387cee9 code=0x7ffc0000 [ 633.856028][T15100] netlink: 'syz-executor.4': attribute type 1 has an invalid length. [ 633.905969][ T29] audit: type=1326 audit(1716910280.549:2451): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15092 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a6387cee9 code=0x7ffc0000 [ 633.942443][ T29] audit: type=1804 audit(1716910280.589:2452): pid=15043 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir1309093064/syzkaller.fgwLTn/207/file0/bus" dev="loop5" ino=9291 res=1 errno=0 [ 633.968490][ C0] vkms_vblank_simulate: vblank timer overrun [ 633.976861][ T29] audit: type=1804 audit(1716910280.599:2453): pid=15043 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir1309093064/syzkaller.fgwLTn/207/file0/bus" dev="loop5" ino=9291 res=1 errno=0 [ 634.002225][ C0] vkms_vblank_simulate: vblank timer overrun [ 634.347897][T15119] netlink: 'syz-executor.3': attribute type 1 has an invalid length. [ 635.531753][T15153] netlink: 'syz-executor.3': attribute type 1 has an invalid length. [ 635.680674][T15159] netlink: 'syz-executor.4': attribute type 1 has an invalid length. [ 635.735754][ T29] audit: type=1326 audit(1716910282.739:2454): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15162 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a6387cee9 code=0x7ffc0000 [ 635.735922][ T29] audit: type=1326 audit(1716910282.739:2455): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15162 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a6387cee9 code=0x7ffc0000 [ 636.558203][T15191] loop5: detected capacity change from 0 to 512 [ 637.898189][ T5120] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 637.915975][ T5120] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 637.935112][ T5120] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 637.938618][T15216] loop4: detected capacity change from 0 to 512 [ 637.968701][ T5120] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 637.976838][ T5120] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 637.989647][ T5120] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 638.010110][T15219] loop5: detected capacity change from 0 to 512 [ 638.075648][ T1054] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 638.346517][T15224] fuse: Bad value for 'fd' [ 638.347142][ T1054] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 638.372018][T15224] Bluetooth: MGMT ver 1.22 [ 638.426759][T15215] caif0 speed is unknown, defaulting to 1000 [ 638.617627][ T1054] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 638.829885][ T1054] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 638.873485][ T5178] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 639.064149][ T5178] usb 5-1: Using ep0 maxpacket: 16 [ 639.102669][ T5178] usb 5-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 9.00 [ 639.142934][ T5178] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 639.159802][ T5178] usb 5-1: Product: syz [ 639.174721][ T5178] usb 5-1: Manufacturer: syz [ 639.184996][ T5178] usb 5-1: SerialNumber: syz [ 639.205940][ T5178] usb 5-1: config 0 descriptor?? [ 639.219776][ T5178] ftdi_sio 5-1:0.0: FTDI USB Serial Device converter detected [ 639.247727][ T5178] usb 5-1: Detected FT232H [ 639.295813][ T1054] bridge_slave_1: left allmulticast mode [ 639.317431][ T1054] bridge_slave_1: left promiscuous mode [ 639.344294][ T1054] bridge0: port 2(bridge_slave_1) entered disabled state [ 639.403884][ T1054] bridge_slave_0: left allmulticast mode [ 639.413191][ T1054] bridge_slave_0: left promiscuous mode [ 639.431745][ T5178] ftdi_sio ttyUSB0: Unable to read latency timer: -32 [ 639.433517][ T1054] bridge0: port 1(bridge_slave_0) entered disabled state [ 639.721727][T15228] loop4: detected capacity change from 0 to 2048 [ 639.747975][T15228] ext4: Unknown parameter 'obj_role' [ 639.928951][T15228] netlink: 'syz-executor.4': attribute type 3 has an invalid length. [ 639.966024][ T5178] ftdi_sio 5-1:0.0: GPIO initialisation failed: -71 [ 640.016872][ T5178] usb 5-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 640.049023][ T5178] usb 5-1: USB disconnect, device number 12 [ 640.071421][ T5178] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 640.099812][ T53] Bluetooth: hci0: command tx timeout [ 640.125540][ T5178] ftdi_sio 5-1:0.0: device disconnected [ 640.886754][T15256] loop4: detected capacity change from 0 to 64 [ 641.237664][T15260] loop4: detected capacity change from 0 to 512 [ 641.339162][ T1054] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 641.382066][ T1054] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 641.405838][ T1054] bond0 (unregistering): Released all slaves [ 641.509646][T15267] loop4: detected capacity change from 0 to 512 [ 641.528070][T15249] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 641.529697][T15267] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 641.622456][T15265] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 641.651014][T15267] EXT4-fs error (device loop4): ext4_orphan_get:1394: inode #17: comm syz-executor.4: casefold flag without casefold feature [ 641.673599][T15267] EXT4-fs (loop4): Remounting filesystem read-only [ 641.689445][T15267] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 642.010312][T13841] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 642.086990][T15285] random: crng reseeded on system resumption [ 642.126702][T15215] chnl_net:caif_netlink_parms(): no params data found [ 642.129606][T15283] netlink: 'syz-executor.3': attribute type 3 has an invalid length. [ 642.163545][ T53] Bluetooth: hci0: command tx timeout [ 642.528902][ T1054] hsr_slave_0: left promiscuous mode [ 642.548941][ T1054] hsr_slave_1: left promiscuous mode [ 642.653148][ T1054] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 642.739445][ T1054] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 642.794974][ T1054] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 642.803094][ T1054] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 642.984406][T15298] loop5: detected capacity change from 0 to 64 [ 643.199934][ T1054] veth1_macvtap: left promiscuous mode [ 643.215336][ T1054] veth0_macvtap: left promiscuous mode [ 643.225568][ T1054] veth1_vlan: left promiscuous mode [ 643.231029][ T1054] veth0_vlan: left promiscuous mode [ 643.840146][T15321] loop4: detected capacity change from 0 to 512 [ 643.890081][T15321] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 643.958320][T15321] EXT4-fs error (device loop4): ext4_orphan_get:1394: inode #17: comm syz-executor.4: casefold flag without casefold feature [ 643.972446][T15321] EXT4-fs (loop4): Remounting filesystem read-only [ 643.995354][T15321] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 644.183277][ T25] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 644.210626][T13841] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 644.248380][ T53] Bluetooth: hci0: command tx timeout [ 644.373450][ T25] usb 6-1: Using ep0 maxpacket: 16 [ 644.380332][T15339] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 644.387991][T15340] loop4: detected capacity change from 0 to 1024 [ 644.403766][ T25] usb 6-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 9.00 [ 644.417867][ T25] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 644.435652][T15340] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 644.444903][ T25] usb 6-1: Product: syz [ 644.461294][T15340] EXT4-fs error (device loop4): ext4_lookup:1858: inode #2: comm syz-executor.4: deleted inode referenced: 12 [ 644.464231][ T25] usb 6-1: Manufacturer: syz [ 644.478650][T15340] EXT4-fs (loop4): Remounting filesystem read-only [ 644.533886][T13841] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 644.542952][ T25] usb 6-1: SerialNumber: syz [ 644.571677][ T25] usb 6-1: config 0 descriptor?? [ 644.589294][ T25] ftdi_sio 6-1:0.0: FTDI USB Serial Device converter detected [ 644.619742][ T25] usb 6-1: Detected FT232H [ 644.790693][ T25] ftdi_sio ttyUSB0: Unable to read latency timer: -32 [ 645.170153][ T30] INFO: task kworker/1:1:45 blocked for more than 143 seconds. [ 645.237038][T15327] loop5: detected capacity change from 0 to 2048 [ 645.249436][ T30] Not tainted 6.10.0-rc1-syzkaller-00013-g2bfcfd584ff5 #0 2024/05/28 15:31:32 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF [ 645.336461][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 645.346136][T15327] ext4: Unknown parameter 'obj_role' [ 645.416373][ T30] task:kworker/1:1 state:D stack:22896 pid:45 tgid:45 ppid:2 flags:0x00004000 [ 645.426777][ T30] Workqueue: events_long bch2_fs_read_only_work [ 645.433157][ T30] Call Trace: [ 645.436528][ T30] [ 645.439552][ T30] __schedule+0x17e8/0x4a20 [ 645.444407][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 645.450155][ T30] ? __pfx___schedule+0x10/0x10 [ 645.455156][ T30] ? __pfx_lock_release+0x10/0x10 [ 645.460297][ T30] ? do_raw_spin_lock+0x14f/0x370 [ 645.465454][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 645.472123][ T30] ? kthread_data+0x52/0xd0 [ 645.476764][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 645.482509][ T30] ? wq_worker_sleeping+0x66/0x240 [ 645.494640][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 645.528193][ T30] ? schedule+0x90/0x320 [ 645.552787][ T30] schedule+0x14b/0x320 [ 645.593153][ T30] journal_quiesce+0x205/0x2e0 [ 645.598025][ T30] ? bch2_fs_journal_stop+0xdd/0x520 [ 645.623098][ T30] ? __pfx_journal_quiesce+0x10/0x10 [ 645.628483][ T30] ? __pfx_autoremove_wake_function+0x10/0x10 [ 645.661460][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 645.673028][ T30] bch2_fs_journal_stop+0x33b/0x520 [ 645.679216][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 645.738207][ T30] ? __pfx_bch2_fs_journal_stop+0x10/0x10 [ 645.755524][ T30] ? __pfx___bch2_print+0x10/0x10 [ 645.768186][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 645.783460][ T30] ? __bch2_btree_flush_all+0x6dc/0x700 [ 645.796872][ T30] ? __bch2_btree_flush_all+0x6f/0x700 [ 645.812945][ T30] __bch2_fs_read_only+0x30c/0x430 [ 645.820435][ T30] bch2_fs_read_only+0xb52/0x1210 [ 645.844687][ T30] ? __pfx_bch2_fs_read_only+0x10/0x10 [ 645.850261][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 645.862779][ T30] ? __down_write_common+0x162/0x200 [ 645.868141][ T30] ? __pfx___down_write_common+0x10/0x10 [ 645.882795][ T30] ? process_scheduled_works+0x945/0x1830 [ 645.888591][ T30] bch2_fs_read_only_work+0x2d/0x40 [ 645.902329][ T30] process_scheduled_works+0xa2e/0x1830 [ 645.908170][ T30] ? __pfx_process_scheduled_works+0x10/0x10 [ 645.922804][ T30] ? assign_work+0x364/0x3d0 [ 645.927474][ T30] worker_thread+0x86d/0xd70 [ 645.932110][ T30] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 645.953934][ T30] ? __kthread_parkme+0x169/0x1d0 [ 645.959053][ T30] ? __pfx_worker_thread+0x10/0x10 [ 645.993054][ T30] kthread+0x2f2/0x390 [ 645.997223][ T30] ? __pfx_worker_thread+0x10/0x10 [ 646.002374][ T30] ? __pfx_kthread+0x10/0x10 [ 646.012805][ T30] ret_from_fork+0x4d/0x80 [ 646.017295][ T30] ? __pfx_kthread+0x10/0x10 [ 646.021932][ T30] ret_from_fork_asm+0x1a/0x30 [ 646.042813][ T30] [ 646.053127][ T30] INFO: task syz-executor.0:12405 blocked for more than 144 seconds. [ 646.061274][ T30] Not tainted 6.10.0-rc1-syzkaller-00013-g2bfcfd584ff5 #0 [ 646.123508][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 646.132259][ T30] task:syz-executor.0 state:D stack:17552 pid:12405 tgid:12404 ppid:11397 flags:0x00004006 [ 646.182840][ T30] Call Trace: [ 646.187153][ T30] [ 646.190125][ T30] __schedule+0x17e8/0x4a20 [ 646.212907][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 646.218645][ T30] ? __pfx___schedule+0x10/0x10 [ 646.232848][ T30] ? __pfx_lock_release+0x10/0x10 [ 646.237958][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 646.252864][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 646.259364][ T30] ? _raw_spin_lock_irq+0xdf/0x120 [ 646.284011][ T30] ? schedule+0x90/0x320 [ 646.289337][ T30] schedule+0x14b/0x320 [ 646.293700][ T30] schedule_preempt_disabled+0x13/0x30 [ 646.299202][ T30] rwsem_down_write_slowpath+0xeeb/0x13b0 [ 646.332800][ T5120] Bluetooth: hci0: command tx timeout [ 646.342796][ T30] ? rwsem_down_write_slowpath+0xa06/0x13b0 [ 646.348820][ T30] ? __pfx_rwsem_down_write_slowpath+0x10/0x10 [ 646.362927][ T30] ? __pfx_lock_acquire+0x10/0x10 [ 646.368036][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 646.373770][ T30] __down_write_common+0x1af/0x200 [ 646.378945][ T30] ? __pfx___bch2_print+0x10/0x10 [ 646.384082][ T30] ? __pfx___down_write_common+0x10/0x10 [ 646.389773][ T30] __bch2_fs_stop+0xfd/0x540 [ 646.396663][ T30] ? __pfx_up_write+0x10/0x10 [ 646.401395][ T30] ? __pfx___bch2_fs_stop+0x10/0x10 [ 646.406662][ T30] ? llist_reverse_order+0x72/0x90 [ 646.411818][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 646.417530][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 646.423234][ T30] ? bch2_fs_start+0x2c7/0x5b0 [ 646.428043][ T30] bch2_fs_open+0xb4f/0xdf0 [ 646.432614][ T30] ? __pfx_bch2_fs_open+0x10/0x10 [ 646.437755][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 646.444506][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 646.450185][ T30] ? __pfx_bch2_test_super+0x10/0x10 [ 646.455570][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 646.461243][ T30] ? sget+0x2b8/0x620 [ 646.465304][ T30] ? __pfx_bch2_noset_super+0x10/0x10 [ 646.470723][ T30] bch2_mount+0x71d/0x1310 [ 646.475249][ T30] ? __pfx_bch2_mount+0x10/0x10 [ 646.480252][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 646.486111][ T30] ? aa_get_newest_label+0xff/0x6f0 [ 646.491339][ T30] ? vfs_parse_fs_string+0x190/0x230 [ 646.497659][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 646.504622][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 646.510299][ T30] ? kfree+0x4e/0x360 [ 646.514384][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 646.520144][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 646.525840][ T30] ? vfs_parse_fs_string+0x190/0x230 [ 646.531168][ T30] legacy_get_tree+0xf0/0x190 [ 646.536023][ T30] ? __pfx_bch2_mount+0x10/0x10 [ 646.540915][ T30] vfs_get_tree+0x92/0x2a0 [ 646.552776][ T30] do_new_mount+0x2be/0xb40 [ 646.557327][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 646.580990][ T5120] Bluetooth: hci6: command 0x0406 tx timeout [ 646.587317][ T30] ? __pfx_do_new_mount+0x10/0x10 [ 646.592393][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 646.607632][ T30] __se_sys_mount+0x2d9/0x3c0 [ 646.612443][ T30] ? __pfx___se_sys_mount+0x10/0x10 [ 646.617917][ T30] ? exc_page_fault+0x590/0x8c0 [ 646.633152][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 646.638871][ T30] ? srso_alias_return_thunk+0x5/0xfbef5 [ 646.644694][ T30] ? __x64_sys_mount+0x20/0xc0 [ 646.649504][ T30] do_syscall_64+0xf3/0x230 [ 646.654084][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 646.660016][ T30] RIP: 0033:0x7fd84227e5ea [ 646.664500][ T30] RSP: 002b:00007fd842f82ef8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 646.673008][ T30] RAX: ffffffffffffffda RBX: 00007fd842f82f80 RCX: 00007fd84227e5ea [ 646.681012][ T30] RDX: 0000000020005d80 RSI: 0000000020005dc0 RDI: 00007fd842f82f40 [ 646.689051][ T30] RBP: 0000000020005d80 R08: 00007fd842f82f80 R09: 0000000000000400 [ 646.697091][ T30] R10: 0000000000000400 R11: 0000000000000206 R12: 0000000020005dc0 [ 646.706207][ T30] R13: 00007fd842f82f40 R14: 0000000000005e05 R15: 0000000020005e00 [ 646.714281][ T30] [ 646.717445][ T30] [ 646.717445][ T30] Showing all locks held in the system: [ 646.725400][ T30] 6 locks held by kworker/1:0/25: [ 646.730507][ T30] #0: ffff8880186da948 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 646.743187][ T30] #1: ffffc900001f7d00 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 646.755179][ T30] #2: ffff8880239a3190 (&dev->mutex){....}-{3:3}, at: hub_event+0x1fe/0x5150 [ 646.764709][ T30] #3: ffff88807e7cc190 (&dev->mutex){....}-{3:3}, at: __device_attach+0x8e/0x520 [ 646.774246][ T30] #4: ffff888064cfd160 (&dev->mutex){....}-{3:3}, at: __device_attach+0x8e/0x520 [ 646.783918][ T30] #5: ffff88802cb76638 (&dev->mutex){....}-{3:3}, at: __device_attach+0x8e/0x520 [ 646.793307][ T30] 1 lock held by khungtaskd/30: [ 646.798174][ T30] #0: ffffffff8e333f60 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 [