last executing test programs: 2m20.831952718s ago: executing program 1 (id=67): unshare(0x22020600) r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000d40)={&(0x7f0000000b00)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@union]}}, 0x0, 0x26, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000200)={r0, 0x20, 0xfffffffffffffffe}, 0x10) 2m20.06081833s ago: executing program 1 (id=68): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_IBSS(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000005c0)={0x3c, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0x5, 0x34, @random="c4"}, @chandef_params=[@NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x2}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x980}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x36}]]}, 0x3c}}, 0x0) (fail_nth: 6) 2m18.882588675s ago: executing program 1 (id=74): syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="ffffffffffffffffffffffff86dd6060626000102c00fe8000000000000000000000000000bbfe8000000000000000000000000000aa11000001"], 0x0) syz_emit_ethernet(0xe7, &(0x7f0000000180)={@local, @empty, @val={@val={0x88a8, 0x1, 0x1, 0x1}, {0x8100, 0x0, 0x1, 0x2}}, {@x25={0x805, {0x1, 0x3, 0xe2, "a65f4e55df8137a49721654f0aac16f7a1dc2394b846892c08c6944d66e199428f2e50a3b4e9aaf1957e735c6d17f480e0609c0e26b39102bf5545bbe6219a855af9558fcad9f32a001da417426ade15979ca265f1b1cf437e1e7fc1bb352d0a683a8f01149b9520f32e9fbf0f6c1d9d419f30ebf3a281baa7e6ef1da20e002eed1dd1d3bb953a5b6c9a8d4e1dfc730ecb6f14db1fd754f8e0c83def28d782536291d242a1f188448ab38a0429a328f73bdeabec96cfdc86dffee86ec635ba666cea79a6202567ad90880829b09a"}}}}, &(0x7f0000000140)={0x1, 0x4, [0xf1e, 0x8c7, 0xe7f, 0xc1b]}) syz_emit_ethernet(0x138, &(0x7f0000000000)=ANY=[], 0x0) 2m18.396519473s ago: executing program 1 (id=75): syz_mount_image$udf(&(0x7f00000000c0), &(0x7f0000000180)='./file0\x00', 0x3810082, &(0x7f0000000440)={[{@dmode={'dmode', 0x3d, 0x5}}, {@gid}, {@dmode={'dmode', 0x3d, 0x4}}, {@rootdir={'rootdir', 0x3d, 0x401}}, {@iocharset={'iocharset', 0x3d, 'cp1251'}}, {@gid_forget}, {@volume={'volume', 0x3d, 0x1}}, {@iocharset={'iocharset', 0x3d, 'cp857'}}, {@longad}]}, 0x1, 0xc32, &(0x7f0000001a40)="$eJzs3U1sXNd9N+D/uRyKI/l9KyZ2FCeNi0lbpLJiufqKqViFO6pptgFkWQjF7AJwJI7UgSmSIKlGNtKC6aaLLgIURRdZEWiNAikaGE0RdMm0LpBsvCiy6opoYSMoumCLAFkFLO6dM9KQIm1GFCVKeh6b+s3ce86dc+4Z3ysLOvcEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABDxe6+dP3EyPexWAAAP0sXxr5445f4PAE+Uy/7/HwAAAAAAAAAAAAAA9rsURTwdKeYurqXJ6n1X/UJn8OatidGxrasdTFXNgap8+VM/eer0mS+9NHK2lxc6Mx9R/377bLwxfvl849XZG3Pz7YWF9lRjYqZzdXaqveMj7Lb+ZseqE9C48ebNqWvXFhqnXjy9Yfet4Q+HnjoyfG7k+ePP9cpOjI6Njd8pUu8vX7vnhnRtN8PjQBRxPFK88L2fplZEFLH7c1F/sGO/2cGqE8eqTkyMjlUdme60ZhbLnZd6J6KIaPRVavbO0dZjEbXBB9qH7TUjlsrmlw0+VnZvfK4137oy3W5cas0vdhY7szOXUre1ZX8aUcTZFLEcEatDdx9uMIqoRYrvHF5LVyJioHcevlhNDN6+HcUe9nEHynY2BiOWi0dgzPaxoSji9Ujxs/eOxtV8namuNV+IeL3MH0S8U+YrEan8YpyJ+GCL7xGPploU8efl+J9bS1PV9aB3XbnwtcZXZq7N9pXtXVd+yfvDXVeKh3R/OLgpH4x9fm2qRxGt6oq/lu79NzsAAAAAAAAAAAAAAAAA3G8Ho4jPRIrX/u2PqnnFUc1LP3xu5PeH/3//nPFnP+Y4ZdkXI2Kp2Nmc3AN5YuCldCmlhzyX+ElWjyL+OM//+9bDbgwAAAAAAAAAAAAAAAAAAMATrYifRIqX3z+alqN/TfHOzPXG5daV6e6qsL21f3trpq+vr683UjebOSdzLuVczrmSczVnFLl+zmbOyZxLOZdzruRczRkDuX7OZs7JnEs5l3Ou5FzNGbVcP2cz52TOpZzLOVdyruaMfbJ2LwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA46SIIn4RKb79jbUUKSKaEZPRzZWhh906AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKA0lIr4fqRo/EHz9rZaRKTq366j5S9nonmgzE9Gc6TMV6J5PmerylrzWw+h/ezOYCrix5FiqP7u7QHP4z/YfXf7axDvfPPOu8/WujnQ2zn84dBTRw6fGxn7tWe3e522asCxC52Zm7caE6NjY+N9m2v50z/Zt204f25xf7pORCy89fabrenp9vy9vyi/Aruo/gi9SLUnpadeVC+iti+a8XD6zhOgvP9/ECl++/1/793wu/f/evy/7rvbd/j4+Z/cuf+/vPlAO7z/1zbXy/f/8p6+1f3/6b5tL+ffjQzWIuqLN+YGj0TUF956+3jnRut6+3p75syJE18eGfny6RODByLq1zrT7b5X9+V0AQAAAAAAAAAAAAAAADw4qYjfjRStH6+lRkTcquZrDZ8bef74cwMxUM232jBv+43xy+cbr87emJtvLyy0pxoTM52rs1PtnX5cvZruNTE6tied+VgH97j9B+uvzs69Nd+5/oeLW+4/VD9/ZWFxvnV1691xMIqIZv+WY1WDJ0bHqkZPd1ozVdVLW06m/+UNpiL+I1JcPdNIn8/b8vz/zTP8N8z/X9p8oD2a//+Jvm3lZ6ZUxM8jxW/9xbPx+aqdh+Kuc5bL/U2kOHb2c7lcHCjL9drQfa5Ad2ZgWfZ/IsU//GJj2d58yKfvlD254xP7iCjH/3Ck+P6ffTd+PW/b+PyHrcf/0OYD7dH4P9O37dCG5xXsuuvk8T8eKV55+t34jbzto57/0Xv2xtFc+PbzOfZo/D/Vt204f+5v3p+uAwAAAAAAAAAAPNIGUxF/Gyl+OFZLL+VtO/n7f1ObD7RHf//r033bpu7PekUf+2LXJxUAAAAA9onBVMRPIsX1xXdvz6HeOP+7b/7n79yZ/zmaNu2t/pzvV6rnBtzPP//rN5w/d3L33QYAAAAAAAAAAAAAAAAAAIB9JaUiXsrrqU9W8/mntl1PfSVSvPZfL+Ry6UhZrrcO/HD1a/3i7Mzx89PTs1dbi60r0+3G+Fzrarus+0ykWPvrz+W6RbW+em+9+e4a73fWYp+PFGN/1yvbXYu9tzb5M72yS+2TZdlPRIr//PuNZXvrWH/qznFPlWX/KlJ8/Z+2LnvkTtnTZdnvRooffb3RK3uoLNt7Puqn75R98epssQejAgAAAAAAAAAAAAAAAAAAwJNmMBXxp5Hiv28s357Ln9f/H+x7W3nnm33r/W9yq1rnf7ha/3+71/ey/n/1XIGl7T4VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeTymKeDtSzF1cSytD5fuu+oXOzM1bE6NjW1c7mKqaA1X58qd+8tTpM196aeRsLz+6/v32mXhj/PL5xquzN+bm2wsL7anGxEzn6uxUe8dH2G39zY5VJ6Bx482bU9euLTROvXh6w+5bwx8OPXVk+NzI88ef65WdGB0bG+8rUxu850+/S9pm+4Eo4i8jxQvf+2n64VBEEbs/Fx/z3dlrB6tOHKs6MTE6VnVkutOaWSx3XuqdiCKi0Vep2TtHD2AsdqUZsVQ2v2zwsbJ743Ot+daV6XbjUmt+sbPYmZ25lLqtLfvTiCLOpojliFgduvtwg1HEm5HiO4fX0j8PRQz0zsMXL45/9cSp7dtR7GEfd6BsZ2MwYrn4qDHbosNsMBRF/GOk+Nl7R+NfhiJq0f2JL0S8XuYPIt6J7nin8otxJuIDp/WxUYsi/rcc/3Nr6b2h8nrQu65c+FrjKzPXZvvK9q4rj/z94UHa5/eTehTxo+qKv5b+1X/XAAAAAAAAAAAAAAAAAPtIEb8aKV5+/2iq5gffnlPcmbneuNy6Mt2d1teb+9ebM72+vr7eSN1s5pzMuZRzOedKztWcUeT6OZtl1tfXJ/P7pZzLOVdyruaMgVw/ZzPnZM6lnMs5V3Ku5oxarp+zmXMy51LO5ZwrOVdzxj6ZuwcAAAAAAAAAAAAAAAAAADxeiuqfFN/+xlpaH6rWlx7o7VuxHuhj7/8CAAD//0pa+Ck=") mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000200)={[{@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) syz_mount_image$udf(&(0x7f00000000c0), &(0x7f0000000180)='./file0\x00', 0x3810082, &(0x7f0000000440)={[{@dmode={'dmode', 0x3d, 0x5}}, {@gid}, {@dmode={'dmode', 0x3d, 0x4}}, {@rootdir={'rootdir', 0x3d, 0x401}}, {@iocharset={'iocharset', 0x3d, 'cp1251'}}, {@gid_forget}, {@volume={'volume', 0x3d, 0x1}}, {@iocharset={'iocharset', 0x3d, 'cp857'}}, {@longad}]}, 0x1, 0xc32, &(0x7f0000001a40)="$eJzs3U1sXNd9N+D/uRyKI/l9KyZ2FCeNi0lbpLJiufqKqViFO6pptgFkWQjF7AJwJI7UgSmSIKlGNtKC6aaLLgIURRdZEWiNAikaGE0RdMm0LpBsvCiy6opoYSMoumCLAFkFLO6dM9KQIm1GFCVKeh6b+s3ce86dc+4Z3ysLOvcEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABDxe6+dP3EyPexWAAAP0sXxr5445f4PAE+Uy/7/HwAAAAAAAAAAAAAA9rsURTwdKeYurqXJ6n1X/UJn8OatidGxrasdTFXNgap8+VM/eer0mS+9NHK2lxc6Mx9R/377bLwxfvl849XZG3Pz7YWF9lRjYqZzdXaqveMj7Lb+ZseqE9C48ebNqWvXFhqnXjy9Yfet4Q+HnjoyfG7k+ePP9cpOjI6Njd8pUu8vX7vnhnRtN8PjQBRxPFK88L2fplZEFLH7c1F/sGO/2cGqE8eqTkyMjlUdme60ZhbLnZd6J6KIaPRVavbO0dZjEbXBB9qH7TUjlsrmlw0+VnZvfK4137oy3W5cas0vdhY7szOXUre1ZX8aUcTZFLEcEatDdx9uMIqoRYrvHF5LVyJioHcevlhNDN6+HcUe9nEHynY2BiOWi0dgzPaxoSji9Ujxs/eOxtV8namuNV+IeL3MH0S8U+YrEan8YpyJ+GCL7xGPploU8efl+J9bS1PV9aB3XbnwtcZXZq7N9pXtXVd+yfvDXVeKh3R/OLgpH4x9fm2qRxGt6oq/lu79NzsAAAAAAAAAAAAAAAAA3G8Ho4jPRIrX/u2PqnnFUc1LP3xu5PeH/3//nPFnP+Y4ZdkXI2Kp2Nmc3AN5YuCldCmlhzyX+ElWjyL+OM//+9bDbgwAAAAAAAAAAAAAAAAAAMATrYifRIqX3z+alqN/TfHOzPXG5daV6e6qsL21f3trpq+vr683UjebOSdzLuVczrmSczVnFLl+zmbOyZxLOZdzruRczRkDuX7OZs7JnEs5l3Ou5FzNGbVcP2cz52TOpZzLOVdyruaMfbJ2LwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA46SIIn4RKb79jbUUKSKaEZPRzZWhh906AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKA0lIr4fqRo/EHz9rZaRKTq366j5S9nonmgzE9Gc6TMV6J5PmerylrzWw+h/ezOYCrix5FiqP7u7QHP4z/YfXf7axDvfPPOu8/WujnQ2zn84dBTRw6fGxn7tWe3e522asCxC52Zm7caE6NjY+N9m2v50z/Zt204f25xf7pORCy89fabrenp9vy9vyi/Aruo/gi9SLUnpadeVC+iti+a8XD6zhOgvP9/ECl++/1/793wu/f/evy/7rvbd/j4+Z/cuf+/vPlAO7z/1zbXy/f/8p6+1f3/6b5tL+ffjQzWIuqLN+YGj0TUF956+3jnRut6+3p75syJE18eGfny6RODByLq1zrT7b5X9+V0AQAAAAAAAAAAAAAAADw4qYjfjRStH6+lRkTcquZrDZ8bef74cwMxUM232jBv+43xy+cbr87emJtvLyy0pxoTM52rs1PtnX5cvZruNTE6tied+VgH97j9B+uvzs69Nd+5/oeLW+4/VD9/ZWFxvnV1691xMIqIZv+WY1WDJ0bHqkZPd1ozVdVLW06m/+UNpiL+I1JcPdNIn8/b8vz/zTP8N8z/X9p8oD2a//+Jvm3lZ6ZUxM8jxW/9xbPx+aqdh+Kuc5bL/U2kOHb2c7lcHCjL9drQfa5Ad2ZgWfZ/IsU//GJj2d58yKfvlD254xP7iCjH/3Ck+P6ffTd+PW/b+PyHrcf/0OYD7dH4P9O37dCG5xXsuuvk8T8eKV55+t34jbzto57/0Xv2xtFc+PbzOfZo/D/Vt204f+5v3p+uAwAAAAAAAAAAPNIGUxF/Gyl+OFZLL+VtO/n7f1ObD7RHf//r033bpu7PekUf+2LXJxUAAAAA9onBVMRPIsX1xXdvz6HeOP+7b/7n79yZ/zmaNu2t/pzvV6rnBtzPP//rN5w/d3L33QYAAAAAAAAAAAAAAAAAAIB9JaUiXsrrqU9W8/mntl1PfSVSvPZfL+Ry6UhZrrcO/HD1a/3i7Mzx89PTs1dbi60r0+3G+Fzrarus+0ykWPvrz+W6RbW+em+9+e4a73fWYp+PFGN/1yvbXYu9tzb5M72yS+2TZdlPRIr//PuNZXvrWH/qznFPlWX/KlJ8/Z+2LnvkTtnTZdnvRooffb3RK3uoLNt7Puqn75R98epssQejAgAAAAAAAAAAAAAAAAAAwJNmMBXxp5Hiv28s357Ln9f/H+x7W3nnm33r/W9yq1rnf7ha/3+71/ey/n/1XIGl7T4VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeTymKeDtSzF1cSytD5fuu+oXOzM1bE6NjW1c7mKqaA1X58qd+8tTpM196aeRsLz+6/v32mXhj/PL5xquzN+bm2wsL7anGxEzn6uxUe8dH2G39zY5VJ6Bx482bU9euLTROvXh6w+5bwx8OPXVk+NzI88ef65WdGB0bG+8rUxu850+/S9pm+4Eo4i8jxQvf+2n64VBEEbs/Fx/z3dlrB6tOHKs6MTE6VnVkutOaWSx3XuqdiCKi0Vep2TtHD2AsdqUZsVQ2v2zwsbJ743Ot+daV6XbjUmt+sbPYmZ25lLqtLfvTiCLOpojliFgduvtwg1HEm5HiO4fX0j8PRQz0zsMXL45/9cSp7dtR7GEfd6BsZ2MwYrn4qDHbosNsMBRF/GOk+Nl7R+NfhiJq0f2JL0S8XuYPIt6J7nin8otxJuIDp/WxUYsi/rcc/3Nr6b2h8nrQu65c+FrjKzPXZvvK9q4rj/z94UHa5/eTehTxo+qKv5b+1X/XAAAAAAAAAAAAAAAAAPtIEb8aKV5+/2iq5gffnlPcmbneuNy6Mt2d1teb+9ebM72+vr7eSN1s5pzMuZRzOedKztWcUeT6OZtl1tfXJ/P7pZzLOVdyruaMgVw/ZzPnZM6lnMs5V3Ku5oxarp+zmXMy51LO5ZwrOVdzxj6ZuwcAAAAAAAAAAAAAAAAAADxeiuqfFN/+xlpaH6rWlx7o7VuxHuhj7/8CAAD//0pa+Ck=") (async) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) (async) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) (async) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000200)={[{@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) (async) 2m16.799819767s ago: executing program 1 (id=82): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r1, 0x0, 0x30, 0xe1515f8735398fb, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000002c0)=[0x45c], 0x0, 0x0, 0x20ec, 0x1}}, 0x40) prlimit64(0x0, 0x6, &(0x7f0000000140), 0x0) setreuid(0xee01, 0x0) pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) setuid(0xee01) syz_mount_image$squashfs(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x810, &(0x7f0000000000)=ANY=[], 0xff, 0x1d8, &(0x7f0000000480)="$eJzKKC4sZmdgYPj7sSaZQYABDBgZeBguMDAysDAwMKgzQsQYmCDUeij/BZSeCZW2YWRg6GdkYGiGii+E0hW3tNetYWY4c9JTV2uZLDNDq6c2M1jslB9YTC61x8hNcjE7AzNDaOqRRcWVVdmJOTmpJxgWMlSAjDjNzMBy3f6aSrMEp8MfeQ6HJE0HHaYjPh5ZMxpLOCdJaYqxsWUqnD3zQX4dm8YRhkcrmDfWeeY11hWmTs1Ly0uqyqrKmsfAtHFmY2dj48qJdVFpfqsYW1JcNjV1MjI5bFET2MxsqD7JRnuCYfuqh0kOrD0efs2njJVepzJfMl5YJHVqRdXMCV+UZjMafme4w1O2QkJDw0niioRFgwnDkTrbBleGilusDAwMaQphjElqbGJtW87MCWHmZ3NboNCSfIIp9CjH0pkSFgeEqk7+tNR865DIBg2rw8d51hT0CRodl2BwWij4X4ah4lZyQkNDmcZapqW2C74UafyV8Fpt7JTB4G7PtAwWoCwNIHIllCfLUHGLhSEheYWHjqamUUpyQsMmhYQktwJDZYatLAyrBRoYkKJNhYGBYTsjLG4h4BqMMQpGwSgYBaNgFIyCUTAKRsEoGAWjYEQAQAAAAP//mjCM7Q==") 2m15.350190997s ago: executing program 1 (id=88): set_mempolicy(0x6005, &(0x7f0000000080)=0xfffffffffffffffd, 0x4) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', &(0x7f0000000080)=@ethtool_channels={0x3d, 0x5, 0x0, 0x0, 0x0, 0x2, 0x1, 0x5, 0x4}}) sendmsg$IEEE802154_DISASSOCIATE_REQ(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x48, r1, 0x10, 0x70bd2d, 0x25dfdbfc, {}, [@IEEE802154_ATTR_COORD_HW_ADDR={0xc, 0x9, {0xaaaaaaaaaaaa0302}}, @IEEE802154_ATTR_COORD_SHORT_ADDR={0x6, 0x8, 0xfffe}, @IEEE802154_ATTR_COORD_SHORT_ADDR={0x6, 0x8, 0xffff}, @IEEE802154_ATTR_COORD_SHORT_ADDR={0x6, 0x8, 0xaaa1}, @IEEE802154_ATTR_REASON={0x5, 0x12, 0x7f}, @IEEE802154_ATTR_COORD_SHORT_ADDR={0x6}]}, 0x48}, 0x1, 0x0, 0x0, 0x40080}, 0x4000800) setsockopt$packet_rx_ring(r2, 0x107, 0x5, &(0x7f0000000180)=@req={0x100, 0x7, 0x0, 0x9}, 0x10) syz_emit_ethernet(0x46, &(0x7f0000000b00)=ANY=[@ANYBLOB="aaaaaaaaaaaaaeaaaaaaaaaa86dd604a00a600100000fc000000000000000000000000000000fe8000000000000000000000000000bb00010000000000000502000031020000"], 0x0) 2m12.45028412s ago: executing program 32 (id=88): set_mempolicy(0x6005, &(0x7f0000000080)=0xfffffffffffffffd, 0x4) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', &(0x7f0000000080)=@ethtool_channels={0x3d, 0x5, 0x0, 0x0, 0x0, 0x2, 0x1, 0x5, 0x4}}) sendmsg$IEEE802154_DISASSOCIATE_REQ(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x48, r1, 0x10, 0x70bd2d, 0x25dfdbfc, {}, [@IEEE802154_ATTR_COORD_HW_ADDR={0xc, 0x9, {0xaaaaaaaaaaaa0302}}, @IEEE802154_ATTR_COORD_SHORT_ADDR={0x6, 0x8, 0xfffe}, @IEEE802154_ATTR_COORD_SHORT_ADDR={0x6, 0x8, 0xffff}, @IEEE802154_ATTR_COORD_SHORT_ADDR={0x6, 0x8, 0xaaa1}, @IEEE802154_ATTR_REASON={0x5, 0x12, 0x7f}, @IEEE802154_ATTR_COORD_SHORT_ADDR={0x6}]}, 0x48}, 0x1, 0x0, 0x0, 0x40080}, 0x4000800) setsockopt$packet_rx_ring(r2, 0x107, 0x5, &(0x7f0000000180)=@req={0x100, 0x7, 0x0, 0x9}, 0x10) syz_emit_ethernet(0x46, &(0x7f0000000b00)=ANY=[@ANYBLOB="aaaaaaaaaaaaaeaaaaaaaaaa86dd604a00a600100000fc000000000000000000000000000000fe8000000000000000000000000000bb00010000000000000502000031020000"], 0x0) 8.237706077s ago: executing program 4 (id=526): prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) getpgrp(0x0) chown(&(0x7f0000000680)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) 7.981718124s ago: executing program 3 (id=528): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @void, @value}, 0x94) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) r1 = socket$inet_udp(0x2, 0x2, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000200)={'geneve1\x00', 0x0}) getpeername$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000300)=0x14) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000000440)={'tunl0\x00', &(0x7f0000000400)={'syztnl0\x00', r3, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @remote}}}}) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r1, 0x89f3, &(0x7f00000001c0)={'syztnl0\x00', &(0x7f0000000380)={'tunl0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x15, 0x4, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x0, 0x0, @remote, @dev, {[@cipso={0x86, 0x12, 0x0, [{0x0, 0xc, "7e7f8a2c555e900c99c6"}]}, @rr={0x7, 0x17, 0x0, [@multicast2, @remote, @initdev={0xac, 0x1e, 0x0, 0x0}, @private, @dev]}, @end, @rr={0x7, 0x13, 0x0, [@remote, @dev, @dev, @multicast1]}]}}}}}) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0x0, 0x0, &(0x7f0000000040)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x11, 0x5, &(0x7f0000000040)=ANY=[], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r5, 0x0, 0x10}, 0x18) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x18) r6 = syz_open_procfs(0x0, &(0x7f0000000180)='pagemap\x00') pread64(r6, &(0x7f0000001240)=""/102400, 0x200000, 0x0) socketpair$unix(0x1, 0x1, 0x0, 0x0) r7 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r8 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r7}, 0x8) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) write$nci(r8, &(0x7f0000001580)=@NCI_OP_CORE_INIT_RSP={0x0, 0x1, 0x2, 0x1, 0x81, {{0x1, 0x81, 0xaa, "9ecadce1031295a6edd0d66c44d1e01eab80c74b9513bcf671354f5acd41bcad01e67c6c908b6c21efed1d466953e8f4b0abfe937c492b1f297a426273ed1d04bbcb4e2799f2b71765408beb47f8b20c71b6f3890ab8d50a7acad9815c3df035faaca370e83022ac679b381807dec54b62884f98306e865af75b88a212ed7a0a1995e4199d6508ee55b5c6236c3bed8447cc21dd1ed8a00a29560f98ea6190d828d4ba618bbea3f96599"}, {0x0, 0x3, 0x9, 0xc, 0x5, 0x7}}}, 0xbe) r9 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_STAT_SET(r9, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000980)=ANY=[@ANYBLOB="28000000101401"], 0x28}, 0x1, 0x0, 0x0, 0x24044836}, 0x2000c8d4) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r11 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB], &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r11}, 0x10) sendmsg$tipc(r10, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0) 6.60177476s ago: executing program 0 (id=533): r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TIOCSTI(r0, 0x5412, 0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TIOCL_GETMOUSEREPORTING(r1, 0x5412, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) r2 = socket(0x2a, 0x2, 0x0) getsockname$packet(r2, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r4, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r5}, 0x10) sendmsg$nl_route_sched(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x78, 0x24, 0xf0b, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}, {0x5}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0xff, 0xec2, 0x5, 0x2, 0x400}, 0x10000, 0x1, 0x7ff, 0x6, 0xe, 0x14, 0x1f, 0x1b, 0x6, 0x2, {0x6, 0x19d, 0xa9, 0x8, 0x7743, 0xfd1}}}}]}, 0x78}}, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000014c0)=@newtfilter={0x38, 0x2c, 0xd27, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, r3, {0xfff2}, {}, {0x8, 0xb}}, [@filter_kind_options=@f_matchall={{0xd}, {0x4}}]}, 0x38}}, 0x4000) r6 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r6, &(0x7f00000002c0), 0x40000000000009f, 0x0) 5.137988766s ago: executing program 0 (id=537): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000019007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000280)='kfree\x00', r1}, 0x10) unshare(0x2040400) r2 = fsopen(&(0x7f0000000040)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0) unshare(0x2000400) fsmount(r2, 0x0, 0x0) 4.582983078s ago: executing program 0 (id=539): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000240), 0xffffffffffffffff) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f0000000400)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_NEW_SEC_LEVEL(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000080)={0x38, r1, 0x1, 0x70bd2b, 0x25dfdbfd, {}, [@NL802154_ATTR_SEC_LEVEL={0x1c, 0x2d, 0x0, 0x1, [@NL802154_SECLEVEL_ATTR_FRAME={0x8, 0x2, 0x3}, @NL802154_SECLEVEL_ATTR_DEV_OVERRIDE={0x5, 0x4, 0x1}, @NL802154_SECLEVEL_ATTR_LEVELS={0x5, 0x1, 0x8}]}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r3}]}, 0x38}, 0x1, 0x0, 0x0, 0x60008842}, 0x84) 3.827017342s ago: executing program 4 (id=541): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = socket(0x10, 0x3, 0x0) sendto$inet6(r2, &(0x7f0000000100)="c10e000018001f06b9409b0dffff110d0207be040205060506100a044300040018000000fac8388827a685a168d9a44604094565360c648dcaaf6c26c291214549932fde4a460c89b6ec0cff3959547f509058ba86c902fc3a10004a320c0400160012000a00000000000000000000080756ede4ccbe5880", 0xec1, 0x0, 0x0, 0x9e5e111c47e3504f) 3.525347314s ago: executing program 5 (id=542): syz_mount_image$vfat(&(0x7f0000000180), &(0x7f0000000940)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2604010, &(0x7f0000000500)=ANY=[@ANYRES32=0x0, @ANYRESOCT], 0x1, 0x2ed, &(0x7f0000000d00)="$eJzs3EtPE10cx/F/S7mVB9rFE40mhhPd6GYC1bWxMZAYm0iQGi+JyQBTnXRsSafB1BiBlUuNL8IFcemORHkDbNzpxo07NiYuZGEcMzd6oUBRaLl8P0kzhznn154pB/KfSTvrd18/yedsLaeXJdqnJCIisiGSlKiEIsHW3ROJSJ1FuTTw4/O52/fu30xnMmOTSo2npy6nlFJDwx+ePu8Phq30ylry4fr31Le1U2tn1n9PPTZtZdqqUCwrXU0Xv5b1actQs6ad15SasAzdNpRZsI2S31/0+3NWcW6uovTC7GB8rmTYttILFZU3KqpcVOVSRemPdLOgNE1Tg3E5yWItjcouT07q6do9wzsHlmraM381MbRdqZTWu0Skf0tPdrkjEwIAAB3VWP9H3ZJ+p/pfeuryu9T/786vlgfuvB8K6v+Vnmb1/5Uv/nMF9X/1yQ+8/t9aER19kT2M3Vr/4/gIV7db/8eDv1/P0gPH8RrU/wAAAAAAAAAAAAAAAAAAAAAAHAUbjpNwHCcRbsNHr4j0iUj4c6fniYOxx99/pLX7CuCoqH5xLzYkYr2cz85n/W0wYFVELDFkRBLyy1sPAbcdfhdQuZLy0VoI8gvz2S6vJ50T08uPSkKSjXnHGb+RGRtVvvp8t8Rr8ylJyP/N86mm+R65eKEmr0lCPs1IUSyZ9dZ1Nf9iVKnrtzIN+X5vHAAAAAAAx4GmNjU9f9e07fr9/Ob5ddPrA/759YibNmNSn4/JWS4mAQAAAADQFnblWV63LKPUrPHf9l11jWgLY9reiCz6R9hqKvwsQ0fm7L64+2hl8JIcgrc32tJUGxvDImKpf3318LLRdmNkYp+ONLrXJXH6zduf+/c+X4317XKk+9V41binu93/hwAAAAAcvGrRH+651tkJAQAAAAAAAAAAAAAAAAAAAAAAAAAAAABwArXjXnGdPkYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgsPgTAAD//wCVDfw=") r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) sendto$inet6(r0, 0x0, 0x0, 0x240988c0, &(0x7f0000000240)={0xa, 0x4e20, 0x0, @mcast1, 0x7}, 0x1c) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r1}, 0x38) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2d, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r2, 0x0, 0x80000000000}, 0x18) sendto$inet6(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvfrom(r0, 0x0, 0x0, 0x40010101, 0x0, 0x0) 3.185962676s ago: executing program 0 (id=543): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000040000009900000001"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r2) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x14, r3, 0x9c3fa077fa966179, 0x0, 0x0, {{0x7e}, {@void, @void}}}, 0x14}}, 0x4000054) 3.169529687s ago: executing program 4 (id=544): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000000)='sched_switch\x00', r0, 0x0, 0xffffffffffffffff}, 0x18) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000020000000c00"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xd, &(0x7f0000000900)=ANY=[@ANYBLOB="180100001700000000000000ff000000850000006d00000018110000", @ANYRES32=r1, @ANYBLOB], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x6, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1b, &(0x7f0000000100)={@remote}, 0x14) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00'}, 0x10) syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000580)='./file1\x00', 0x8205, &(0x7f0000000480)={[{@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x5}}, {@prjquota}, {@minixdf}, {@errors_remount}, {@abort}, {@noblock_validity}, {@barrier}, {@journal_dev={'journal_dev', 0x3d, 0xf35}}]}, 0x1, 0x618, &(0x7f0000000640)="$eJzs3c9rHG0dAPDvzCYxed9oWpFii2LAQwvS/KjFqqe2F3soWLAHEQ8NTVJDN21oUrC1YAoeFBREvIr04j/gXYpXbyKoN89CFYl4UOnKzM60a3Y32ebN7mwznw/M9plnZvd5vjv7dJ5nNs9OALU1nz2kEWcj4k4SMdexbTbaG+eL/fb+8exutiTRan3j70kkRV65/+vi3w+zhyRiOiJ+fz3ik43ucrefPL2/0my1fT9icWdza3H7ydOLG5sr99burT1YvvTly1eWvrJ8eflY4izjunHz65/5yQ++86X1PzQvJnE1bk9+bzX2xXFc5mM+XhchduZPRMSVLNHjfXnflCEkFdeDo2kUn8fJiDgTc9HI19rmYuPHlVYOGKpWI6IF1FSi/UNNlf2Acmw/jHHwOHt1rT0A6o5/on1tJKbzsdEHe0nHyKg93j11DOVnZfz32blfZEv0uQ4xcQzl9LP7PCI+3Sv+JK/bqfwqThZ/GmnH87L0UkRMFe/FYOP/ya6c+X3ro/78vUv8ncchi/9q8W+Wf/2I5VcdPwD19PJacSLfzdbenv+ynmHZ/4ke/Z/ZHueuo6j6/Ne//1ee76fza+Tpvn5Y1t+51fsluzo5f/nRjZ/1K7+z/5ctWfllX3AUXj2POLcv/h/mHb3kzfFPehz/bJc7A5bxtT/+7Ua/bVXH33oRcb7n+OdtjzZLLe5sbpV5+76fXFzfaK4ttR97lvGb3337V/3Krzr+7PhHn/HfQcc/y9sasIxf33qx2W/b7KHxp3+dSm7nqaki57srOzuPliOmkpvFLh35lw6uS7lP+RpZ/Bc+37v994q/KCo/0Lv/9270t/XN+3v99hv4+HcPnTKvWweHe6gs/tU+n//Djv9PByzjX996/Nl9WTNl4qD4Z7pfKtl95wgBAAAAAACgPtL8O9gkXXiTTtOFhfYc3k/FB2nz4fbOF9YfPn6wGnEh/3vIybT8pnuuvZ5k68vF38OW65f2rX8xIk5HxM8bM/n6wt2HzdWqgwcAAAAAAAAAAAAAAAAAAIAx8WEx/7+8T/U/G+35/wPZOTPk2gFDN8wbzAHjTfuH+srbf1p1LYAqOP9DfWn/UF/aP9SX9g/1pf1DfWn/UF/aP9SX9g8AAAAAJ9Lpz738cxIRu1+dyZfMVLFtstKaAcP27m18fij1AEavMdKnAePkzVf/pv9D7QzU//938eOAw68OUIGkV2beOWgd3Phf9nwmAAAAAAAAAAAAADAE58+a/w91lcZvq64CUJHuifxn9wac6Oc3AOA956f/ob4+0hjfBQI4EQ6bxT/db4P5/wAAAAAAAAAAAAAwMrP5kqQLxS1AZyNNFxYiPh4Rp2IyWd9ori1FxCci4k+NyY9l68tVVxoAAAAAAAAAAAAAAAAAAABOmO0nT++vNJtrjzoT/+nKOdmJ8i6o41KfzkQkoy90JiLGIfbhJCY6cpKI3ezIj0XFHm3HWFQjzatR8X9MAAAAAAAAAAAAAAAAAABQQx1zj3s798sR1wgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAARu/t/f+PnkgOeZ2qYwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3k//CwAA//9vNjw9") r2 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDFONTOP_SET(r2, 0x4b72, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x1e, 0x200, &(0x7f0000000880)="1ae19337aa151f36ae49bb3f8cb95c5bf840d4f1e55efaaf098d47a70eb36a73090000000000001b0f4743f490c585108c1331c7749299a25a705f5096cb268cbc6070d680e1be250700000000000000472471ff550c0010000007f3c7b61abe4162256004ea8ca5e5b5f379c6eb3257eda08f7e6959090000004d13184d382747e035b4722525e00ade86b4c6d1e157c75d15c1f961ebc0a64d7f2a73f8979fcecacaa64f9b9069ebcc1d5b471edbc4f6c7f1b98ae74e909aa6f25b7fa77bf9cd4ed36d5c53dc519d11c3cc1c22a3b86cf3c645413f4afbcea0c99ded703699d2bb6a4a663b99b6069da5aaf64785a5887c31261d4b9e57ee07000000def6f255ca26108f11f02047d47f2d0fec30f7e92482f71496e184214a4e0c5fdc48b0af0c0478940016d8f0990a0e1090fd515380aae83c5eaeed338701574b64200a16ef2811fadcf1e0f49a514df529061e09ce45e3da03a03fe9b4a6bcfa7d04594e4f6d0714a2e14ea127ab37d64a5e0db630cd4f4a2e6c985a542ff20a9b2193f265f93a258a88dd6c9d6a926dd23d32425849c5d9210007660a617f22133b6cb5087f4c6057942aa18193172bd995fa70a1f949b196f2e2a3c175858575713be5ee3f7f4dcecc98123f9ded3afdebe13d79a7f7fcb2469ae0ac503111401612df7ee995f74fb97a63bf62d61f78c062f959119ab50c1f706a930121ebcd53ccb93d158186ed360750ca8e728150d988844b9a5cff46591ccaff416e5a8c25f9555da5ca6fdf75b86ea6171b046b856168f403b5253a5cc393430a09a4489a0895571e597ac8846f945ffb372a88d3a25978b463dc961416c80c55773f917020751ed51cfd73c1e06fbadd156d56bedc117af95d242d6dccbe2ce34dccd6005e944afa92b22ec9a698469c6edc06caa2cfcd61912607d459b4c28ebea9745bcd4697d75c9601fd333d3cd797963a3c71b7cc5fdc756da8d97207936e5f53b53b732533c2722e03002293517966611602f297de6ff5408777b7a93c45cee3ee5c5601a4e94266b295ea7a86812a7ab8896ec5ea1b12643e1844b185734528399e62bceb8700cc6cd491e4a4430d0a3ba329a5a2fa170fd0b1cc4ba8294de988cd35df2cd7344aa8a9f3432b96fb889c02f484f635a0cc3466a3c2733d45f176931b2db18dba54991a9553cedb7f585786388d4042dbae1c95b769e3d4e036e8afea0a04c04f542b152ca1fd1f8efee60425c5a122fd1b90e98635284abd9f217d9e19cb2a64b354c9d79509cc47d7305114990148a7291cb0fe2d1c773a6664b66ae04aa62c534d072ae54c2ca0d5962cc58945d8924abfc4d5af922462507430d8f2c17479a6678b0b3700000000000000000000000000000000000000000000f800"}) 3.103105611s ago: executing program 2 (id=545): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000002305"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) write$tun(r0, &(0x7f0000000140)={@val={0x3, 0x800}, @val={0x1, 0x0, 0x0, 0x0, 0x14}, @ipv4=@icmp={{0x5, 0x4, 0x0, 0x0, 0x8016, 0x1400, 0x0, 0x0, 0x1, 0x0, @private=0xa010100, @local}, @dest_unreach={0x4, 0x0, 0x0, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, 0x0, @local, @loopback}}}}, 0xfdef) 2.751214753s ago: executing program 3 (id=546): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={{0x14}, [@NFT_MSG_NEWSET={0x44, 0x12, 0xa, 0x9, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_SET_POLICY={0x8, 0x8, 0x1, 0x0, 0x1}]}], {0x14}}, 0x6c}, 0x1, 0x0, 0x0, 0x890}, 0x0) sendmsg$NFT_MSG_GETOBJ(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)={0x34, 0x13, 0xa, 0x3, 0x0, 0x0, {0x2}, [@NFTA_OBJ_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_OBJ_TABLE={0x9, 0x1, 'syz0\x00'}]}, 0x34}}, 0x0) 2.694174366s ago: executing program 5 (id=547): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff}, 0x18) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000400)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) set_robust_list(0x0, 0x0) 2.434686989s ago: executing program 2 (id=548): r0 = socket(0x8000000010, 0x2, 0x0) write(r0, &(0x7f00000002c0)="fc0000001c000704ab5b2509b868030002ab087a0100000001481093210001c0f0030584050060100000000000039815fa2c53c28648000000b9d95662537a00bc000c00f0ff7f0000b400600033d44000040560916a0033f436313012dafd5a32e273fc83ab82d710f74cec184406f90d435ef8b29d3ef3d92c94170e5bba2e177312e081bea05d3a021e8ca062914a46ccfc510bb73c9463cdc8363ae4f5df77bc4cfd6239ec2a0f0d1bcae5fa0f5f9dcdd51af51af8502943283f4bb102b2b8f5566791cf190201ded815b2ccd243f395ed94e0ad91bd6433802e0784f2013cd1890058a10000c880ac801fe4af000049f0d4796f0000090548de", 0xfc) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000200)={0x2, 0xce21, @multicast2}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="0e00000004000000080000000300000000000000", @ANYRES32, @ANYBLOB="ffffffff00"/20, @ANYRES32=0x0, @ANYRES64, @ANYBLOB="000000000000f3de5881c847660a0000000000090000000000000000"], 0x50) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) io_submit(0x0, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x15, 0x500, 0x0, 0x1, 0x0, 0xffffffffffffffff, &(0x7f0000000000), 0x1a00001a}]) ioctl$sock_inet_SIOCSARP(r1, 0x8955, &(0x7f0000000180)={{0x2, 0x4e24, @remote}, {0x20000010304}, 0x0, {0x2, 0x0, @multicast1=0xe000cc02}}) 2.245473666s ago: executing program 3 (id=549): bpf$PROG_LOAD(0x5, 0x0, 0x0) prctl$PR_SET_NAME(0xf, &(0x7f0000000140)='+}[@\x00') prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) clock_gettime(0x0, &(0x7f0000003100)) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$l2tp(0x0, 0xffffffffffffffff) sendmsg$L2TP_CMD_SESSION_DELETE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYRES16=r1, @ANYBLOB="01002cbd7000fedbdf2506"], 0x14}, 0x1, 0x0, 0x0, 0x4000000}, 0x20000000) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x4008090) 1.977421456s ago: executing program 5 (id=550): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000c40)=@base={0x9, 0x4, 0x7fe2, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r1}, 0x18) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7fc00101}]}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r2, 0xc0502100, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r2, 0xc0502100, &(0x7f00000004c0)={0x0}) r4 = socket$key(0xf, 0x3, 0x2) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r2, 0x40182103, &(0x7f0000000000)={r3, 0x3, r4}) r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0xfd, 0x0, 0x7fff0000}]}) close_range(r5, 0xffffffffffffffff, 0x0) 1.969905202s ago: executing program 0 (id=551): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x6, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70200001400001cb7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r2, 0x0, 0x10002}, 0x18) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000880)={{r0}, 0x0, 0x0}, 0x20) 1.962291005s ago: executing program 4 (id=552): r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, 0x0, 0x26, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x6, 0x3, &(0x7f0000000200)=@raw=[@exit, @ldst, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffe}], &(0x7f0000000280)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, r0, 0xc, 0x0, 0x0, 0x7ffffff, &(0x7f00000004c0), 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 1.643080235s ago: executing program 2 (id=553): socket$packet(0x11, 0x2, 0x300) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) syz_emit_ethernet(0x86, &(0x7f0000000500)={@local, @multicast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x78, 0x0, 0x2, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x0, 0x64, 0x0, @wg=@response={0x2, 0x0, 0x0, "8442a08597d3b2f44ac89b1b52cc6728d6697d4cebc8f2f062c6f91f224aaacc", "99bd3410936eefeb3ea898dafab974aa", {"96deb200000000000000000000ac1d00", "f838a300b01b0e19ecdf00b20600"}}}}}}}, 0x0) syz_emit_ethernet(0x32, &(0x7f0000000340)={@random="e90c630faca2", @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0xe000, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x0, 0x10, 0x0, @opaque='\x00\x00\x00\x00\x00\x00\x00\x00'}}}}}, 0x0) 1.456762799s ago: executing program 3 (id=554): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000b80)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000b40)={&(0x7f0000000600)='kfree\x00', r0}, 0x10) r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x4) r2 = inotify_init() inotify_add_watch(r2, &(0x7f00000000c0)='.\x00', 0xe0000011) close_range(r1, 0xffffffffffffffff, 0x0) 1.352299571s ago: executing program 4 (id=555): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0xffffffffffffffff, 0x87, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0}, 0x0, &(0x7f00000002c0)}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x2008002, &(0x7f0000000080), 0x1, 0x54e, &(0x7f00000014c0)="$eJzs3c9vHFcdAPDvjH+sm6ZxAj1ABSRAIaAou/Gmjape2lxAqKqEqDggDqmxN5bJbjZk16U2kXD/hiKBxAn+BA5IHJB64sCNIxIHhFQOSAEsUIwE0qKZHf+ovcaLd73bej8faTLz5s3M973Ys+/t2/W8ACbWlYjYjIjZiHgzIuaL/UmxxKvdJTvuydajpe2tR0tJdDpv/C3J87N9+QmlvWs+XVxzLiK+8dWI7ySH47bWN+4t1uu1h0W60m48qLTWN66vNhZXaiu1+9XqrYVbN166+WJ1aHW93PjF46+svvbNX//q0+//bvPLP8iKdb7I263HkHWrPrMbJzMdEa+dRrAxmCrWs2MuByeTRsTHIuJz+f0/H1P5bycAcJZ1OvPRmd+fBgDOujQfA0vSckSkadEJKHfH8J6Nc2m92Wpfu9tcu7/cHSu7GDPp3dV67cal0h++lx88k2TphTwvz8/T1QPpmxFxKSJ+VHoqT5eXmvXl8XR5AGDiPb2//Y+If5bStFzu69Qen+oBAB8Zc+MuAAAwctp/AJg82n8AmDx9tP/Fh/2bp14WAGA0/r/3/xdOrRwAwOgY/weAyaP9B4CJ8vXXX8+Wznbx/Ovlt9bX7jXfur5ca90rN9aWykvNhw/KK83mSv7MnsZx16s3mw8WXoi1tyvtWqtdaa1v3Gk01+637+TP9b5TmxlJrQCA/+XS5fd+n0TE5stP5Uvsm8tBWw1nWzruAgBjMzXIyToI8JFmti+YXH014Xkn4benXhZgPHo+zHuu5+YH/aS7erefIL5nBB8qVz/Z//i/OZ7hbDH+D5PrZOP/rwy9HMDoGf+HydXpJAfn/J/dzQIAzqQBvsLX+eGwOiHAWB03mfdxn/8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAJDofEd+NJC3nc4Gn2b9puRzxTERcjJnk7mq9diMiLsTliJgpZemFcRcaABhQ+pekmP/r6vzz5w/mzib/KuXriPj+T9/48duL7fbDhWz/33f3l3amD6vunTfAvIIAwJDl7Xe1WO97I/9k69HSzjLK8jy+Hf8ppiJe2t56lC/dnOnIdkbM5X2Jc/9IYro4Zy4inouIqSHE33wnIj7Rq/5JPjZysZj5dH/8KGI/M9L46Qfip3led511vj4+hLLApHnvdkS82uv+S+NKvu59/8/lr1CDe3y7e7Gd177tffGni0hTPeJn9/yVfmO88JuvHdrZme/mvRPx3HSv+Mlu/OSI+M/3Gf+Pn/rMu68ckdf5WcTV6B1/f6xKu/Gg0lrfuL7aWFyprdTuV6u3Fm7deOnmi9VKPkZd2RmpPuyvL1+7cFTZsvqfOyL+XM/6z+6e+4U+6//zf7/57c/uJUsH43/p871//s/2jN+VtYlf7DP+4rlfHjl9dxZ/+Yj6H/fzv9Zn/Pf/vLHc56EAwAi01jfuLdbrtYcDbWTvQodxnUMbWRH7O3inuzhY0D/FadTihBszp/W/euob07t9xeFe+VvZFXtkpX3+kpxkIx16LQbaeDKqWON7TQJGY++mH3dJAAAAAAAAAAAAAACAo4ziT5fGXUcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADOrv8GAAD//xxkzKw=") open(&(0x7f0000000040)='.\x00', 0x418601, 0x8) 1.258686003s ago: executing program 3 (id=556): r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x2002) readv(r0, &(0x7f0000000780)=[{&(0x7f0000000140)=""/27, 0x1b}], 0x1) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000006"], 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, 0x0) connect$can_bcm(r1, &(0x7f00000000c0), 0x10) sendmsg$can_bcm(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)=ANY=[@ANYBLOB="0100000003ec"], 0x20000600}, 0x1, 0x0, 0x0, 0x40000}, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0xffffffffffffffff, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x8, 0x7ffc0002}]}) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000010000000800000008"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000400000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) ioctl$SIOCX25SCALLUSERDATA(0xffffffffffffffff, 0x89e5, &(0x7f0000000280)={0x7f, "6b07cc22862a97a898f500ff7b99ae3cee892df263840aa592234e7d3a5746e2aec3455615241ca74fce1021f434299d61d061f5565d4402526994ee4dde8f4c293112f8b596e59129f809970aae1e9f1c876b62cc996f9bf35c0d8240c8df779498f1fe612744903c269b6f7a8dd3f2fb118a3ed444339c1c030214897d7c57"}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000480)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f00000007c0)=@deltaction={0xd0, 0x31, 0x200, 0x70bd26, 0x25dfdbff, {}, [@TCA_ACT_TAB={0x4}, @TCA_ACT_TAB={0x5c, 0x1, [{0xc, 0x0, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x1}}, {0xc, 0x11, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x5}}, {0xc, 0x19, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'bpf\x00'}}, {0xc, 0x3, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x21}}, {0xc, 0x6, 0x0, 0x0, @TCA_ACT_INDEX={0x8}}, {0xc, 0x1e, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x10001}}, {0x10, 0x5, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'mirred\x00'}}]}, @TCA_ACT_TAB={0x5c, 0x1, [{0x10, 0x18, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'sample\x00'}}, {0xc, 0xc, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0xde}}, {0x10, 0x1b, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'gact\x00'}}, {0x10, 0x8, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'mirred\x00'}}, {0xc, 0xe, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ife\x00'}}, {0x10, 0x19, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'skbmod\x00'}}]}]}, 0xd0}, 0x1, 0x0, 0x0, 0x800}, 0x20000084) shmctl$IPC_RMID(0x0, 0x0) 1.129901727s ago: executing program 5 (id=557): openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000020000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000600459e850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000900), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x1000, &(0x7f0000000600)={0xffffffffffffffff}, 0x106, 0x4}}, 0x20) write$RDMA_USER_CM_CMD_BIND_IP(r0, &(0x7f0000000580)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x0, 0x7, @empty, 0xfffffffe}, r1}}, 0x30) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f00000004c0)={0x7, 0x8, 0xfa00, {r1, 0xd4}}, 0x10) write$RDMA_USER_CM_CMD_DESTROY_ID(r0, &(0x7f0000000080)={0x1, 0x10, 0xfa00, {&(0x7f0000000000), r1}}, 0x18) 1.129572837s ago: executing program 0 (id=558): bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[], 0x48) r1 = gettid() timer_create(0x7, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)=0x0) timer_settime(r2, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$ptp0(0xffffffffffffff9c, 0x0, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x4011) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$PTP_EXTTS_REQUEST2(r4, 0x40103d0b, 0x0) fcntl$lock(r3, 0x6, &(0x7f0000002000)={0x1}) fcntl$lock(r3, 0x26, &(0x7f00000031c0)) openat$tun(0xffffffffffffff9c, 0x0, 0x78241, 0x0) ioctl$BTRFS_IOC_RM_DEV(r0, 0x5000940b, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) 995.063756ms ago: executing program 5 (id=559): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={{0x14}, [@NFT_MSG_NEWSET={0x44, 0x12, 0xa, 0x9, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_SET_POLICY={0x8, 0x8, 0x1, 0x0, 0x1}]}], {0x14}}, 0x6c}, 0x1, 0x0, 0x0, 0x890}, 0x0) sendmsg$NFT_MSG_GETOBJ(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)={0x34, 0x13, 0xa, 0x3, 0x0, 0x0, {0x2}, [@NFTA_OBJ_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_OBJ_TABLE={0x9, 0x1, 'syz0\x00'}]}, 0x34}}, 0x0) 963.324878ms ago: executing program 2 (id=560): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=@base={0x19, 0x4, 0x8, 0x6, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r0}, &(0x7f0000000080), &(0x7f0000000200)=r1}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0) 694.202186ms ago: executing program 2 (id=561): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) r2 = syz_open_dev$rtc(&(0x7f0000000140), 0x0, 0x0) ioctl$RTC_UIE_ON(r2, 0x7003) ioctl$RTC_WKALM_SET(r2, 0x4028700f, &(0x7f0000000000)={0x1, 0x0, {0x0, 0x0, 0x16, 0x16, 0x0, 0x8000}}) r3 = socket$inet6_udp(0xa, 0x2, 0x0) dup3(r3, r2, 0x0) 584.841908ms ago: executing program 5 (id=562): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000001c0), 0x100, 0x0) socket(0x10, 0x3, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x18) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_mount_image$ext4(&(0x7f00000000c0)='ext2\x00', &(0x7f0000000100)='./file0\x00', 0x2000000, &(0x7f0000000180), 0x1, 0x520, &(0x7f00000010c0)="$eJzs3d1rLGcZAPBnNtmer+iu2otaaHuwlZyiZzdpbBu8aCuIdwWl3h9Dsgkhm2zIbupJKJqD9woi2tteeSMI3grS/0BRCnovKkrRUwV7oY7M7OTkZLub5JD9oMnvB2/mnZmdeZ53kn3n85wJ4NK6GRGvRcRURDwfEZVieqkocdAt2ec+uP/WclaSSNM3/p5EUkzLPpYUJXOjWOxqd5D7d3o8bntvf2Op2WzsFOP1zuZ2vb23f3t9c2mtsdbYWliYf2nx5cUXF+eG0s6sXa989S8//sFPv/bKr7747T/e+dut72T5zhTzD9sxbN1tUs62xQPTEbEzimATMFW0pzzpRAAAOJPsGP/TEfG5/Pi/ElP50dzZJCPNDAAAABiW9NWZ+E8SkQIAAAAXVil/BjYp1YpnAWaiVKrVus/wPh7XS81Wu/OF1dbu1kr3WdlqlEur683GXPFMbTXKSTY+n9ePxl94MJ4cPHy94UeVa/n82nKruTK5yx4AAABwqdzoOf//V6V7/n+Ce2NLDgAAABie6lE1rUwyEQAAAGBkqh+Z8s5E8gAAAABG56Pn/wAAAMAF8vXXX89Kmr//uhqx8ube7kbrzdsrjfZGbXN3ubbc2tmurbVaa830SsTmaetrtlrbX4qt3bv1TqPdqbf39u9stna3OnfWj70CGwAAABijTz3z7h+SiDj48rW8ZB7LfkwNWMCzAnBhlB7lw38eXR7A+A3azQMX3/SkEwAmptwdJJPOA5ic0zqAgQ/v/Gb4uQAAAKMx+9n+9/+nj64NABfUI93/By4U9//h8nL/Hy6vsiMAuPRGf/8/TU9dFwAAMFIzeUlKteJe4EyUPky7ohrlZHW92ZiLiE9GxO8r5SvZ+Hy+ZOIfDQAAAAAAAAAAAAAAAAAAAAAAAADAGaVpEikAAABwoUWU/poU7/+arTw303t94LHkw0o+zN8O8MZP7i51Ojvz2fR/FNMjOm8X0194lCsP3jwOAAAAo3J4nn54Hg8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAw/TB/beWD8vxOaWRxn3/KxFR7Rd/Oq7mw6tRjojr/0xi+nChZyKSiJgaQvyDexHxRL/4SZZWVIssjsUvtsq1PIuRx38qTdPv9ot/49zR4XJ7N+t/Xuv3/SvFzXzY//s/XZTzGtz/lR70f1N94mc9zyfOsP4rEfHkez+vD54b8eR0//7nMH4yIP6z/VbZZ6N865v7+4PyS9+JmD3a/3z/eISjWr2zuV1v7+3fXt9cWmusNbYWFuZfWnx58cXFufrqerNR/Owb44dP/fJ/g+K/fy/iet/9X7f/faj9S73tfy6rlAet+ch/37t7/zN5rZL2rCKPf+vZ/r//J47HP7Zps7+Jzxf7gWz+7GH9oFt/2NM/++3TJ7V/ZUD7T/v93+pZ16D98fPf+N6fTtxAAMBYtff2N5aazcbOyCtvp2k6plj5gci42nXuyuMfn1Tbe7/4Xbfyau+smye0Ir0y7j82lXNXenuKX4+/cwIAAIbq6KB/0pkAAAAAAAAAAAAAAAAAAADA5TWO/06sN+bBZJoKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHCi/wcAAP//rgHbtw==") pipe(0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) bind$bt_hci(0xffffffffffffffff, 0x0, 0x0) socket$packet(0x11, 0x3, 0x300) socket$inet6_sctp(0xa, 0x5, 0x84) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGSOFTCAR(r0, 0x5412, &(0x7f0000001100)) 415.609388ms ago: executing program 4 (id=563): r0 = socket(0x8000000010, 0x2, 0x0) write(r0, &(0x7f00000002c0)="fc0000001c000704ab5b2509b868030002ab087a0100000001481093210001c0f0030584050060100000000000039815fa2c53c28648000000b9d95662537a00bc000c00f0ff7f0000b400600033d44000040560916a0033f436313012dafd5a32e273fc83ab82d710f74cec184406f90d435ef8b29d3ef3d92c94170e5bba2e177312e081bea05d3a021e8ca062914a46ccfc510bb73c9463cdc8363ae4f5df77bc4cfd6239ec2a0f0d1bcae5fa0f5f9dcdd51af51af8502943283f4bb102b2b8f5566791cf190201ded815b2ccd243f395ed94e0ad91bd6433802e0784f2013cd1890058a10000c880ac801fe4af000049f0d4796f0000090548de", 0xfc) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000200)={0x2, 0xce21, @multicast2}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="0e00000004000000080000000300000000000000", @ANYRES32, @ANYBLOB="ffffffff00"/20, @ANYRES32=0x0, @ANYRES64, @ANYBLOB="000000000000f3de5881c847660a0000000000090000000000000000"], 0x50) io_submit(0x0, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x15, 0x500, 0x0, 0x1, 0x0, 0xffffffffffffffff, &(0x7f0000000000), 0x1a00001a}]) ioctl$sock_inet_SIOCSARP(r1, 0x8955, &(0x7f0000000180)={{0x2, 0x4e24, @remote}, {0x20000010304}, 0x0, {0x2, 0x0, @multicast1=0xe000cc02}}) 102.787401ms ago: executing program 2 (id=564): r0 = socket(0x2a, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000680)=@newqdisc={0x24}, 0x24}}, 0x0) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000540)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000400)=@newtfilter={0x58, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0xffe0}, {}, {0x2}}, [@filter_kind_options=@f_flow={{0x9}, {0x28, 0x2, [@TCA_FLOW_EMATCHES={0x24, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x18, 0x2, 0x0, 0x1, [@TCF_EM_CANID={0x14, 0x1, 0x0, 0x0, {{0x5, 0x7, 0x200}, {{0x4, 0x0, 0x1}, {0x0, 0x0, 0x0, 0x1}}}}]}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x95b2}}]}]}}]}, 0x58}}, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000440)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x6, 0x0, @remote, @local, {[], {{0xfffd, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x5, 0xc2}}}}}}}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 0s ago: executing program 3 (id=565): r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, 0x0, 0x26, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x6, 0x3, &(0x7f0000000200)=@raw=[@exit, @ldst, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffe}], &(0x7f0000000280)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, r0, 0xc, 0x0, 0x0, 0x7ffffff, &(0x7f00000004c0), 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) kernel console output (not intermixed with test programs): b 1-1: SerialNumber: syz [ 260.352379][ T1901] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 260.375816][ T6093] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 260.424465][ T44] cdc_acm 1-1:1.0: Control and data interfaces are not separated! [ 260.437107][ T44] cdc_acm 1-1:1.0: probe with driver cdc_acm failed with error -12 [ 260.656811][ T6102] fuse: Bad value for 'fd' [ 260.725819][ T1901] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 260.736429][ T1901] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 260.746475][ T1901] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 260.797626][ T1901] usb 2-1: config 0 descriptor?? [ 260.832618][ T10] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 260.859449][ T1901] pwc: Askey VC010 type 2 USB webcam detected. [ 261.026607][ T44] usb 1-1: USB disconnect, device number 3 [ 261.042413][ T10] usb 4-1: Using ep0 maxpacket: 32 [ 261.147570][ T10] usb 4-1: config 2 has an invalid interface number: 15 but max is 0 [ 261.156567][ T10] usb 4-1: config 2 descriptor has 1 excess byte, ignoring [ 261.164517][ T10] usb 4-1: config 2 has 2 interfaces, different from the descriptor's value: 1 [ 261.174065][ T10] usb 4-1: config 2 has no interface number 1 [ 261.180606][ T10] usb 4-1: config 2 interface 15 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 261.194552][ T10] usb 4-1: config 2 interface 0 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 9 [ 261.208165][ T10] usb 4-1: config 2 interface 0 has no altsetting 0 [ 261.216943][ T6105] loop4: detected capacity change from 0 to 1764 [ 261.240168][ T6105] iso9660: Unknown parameter 'cruf' [ 261.281559][ T1901] pwc: recv_control_msg error -32 req 02 val 2b00 [ 261.306240][ T1901] pwc: recv_control_msg error -32 req 02 val 2700 [ 261.318339][ T10] usb 4-1: New USB device found, idVendor=0471, idProduct=0312, bcdDevice=94.69 [ 261.333112][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 261.341401][ T10] usb 4-1: Product: syz [ 261.348786][ T10] usb 4-1: Manufacturer: syz [ 261.353966][ T10] usb 4-1: SerialNumber: syz [ 261.364056][ T1901] pwc: recv_control_msg error -32 req 02 val 2c00 [ 261.407743][ T1901] pwc: recv_control_msg error -32 req 04 val 1000 [ 261.440811][ T10] pwc: Philips PCVC750K (ToUCam Pro Scan) USB webcam detected. [ 261.457108][ T1901] pwc: recv_control_msg error -32 req 04 val 1300 [ 261.474381][ T1901] pwc: recv_control_msg error -32 req 04 val 1400 [ 261.491336][ T1901] pwc: recv_control_msg error -32 req 02 val 2000 [ 261.536636][ T1901] pwc: recv_control_msg error -32 req 02 val 2100 [ 261.573248][ T6110] loop2: detected capacity change from 0 to 512 [ 261.800912][ T6113] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 261.811560][ T6113] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 261.883519][ T6115] FAULT_INJECTION: forcing a failure. [ 261.883519][ T6115] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 261.897099][ T6115] CPU: 0 UID: 0 PID: 6115 Comm: syz.4.47 Not tainted 6.13.0-rc5-syzkaller-00004-gccb98ccef0e5 #0 [ 261.907900][ T6115] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 261.918281][ T6115] Call Trace: [ 261.921733][ T6115] [ 261.924835][ T6115] dump_stack_lvl+0x216/0x2d0 [ 261.929818][ T6115] dump_stack+0x1e/0x24 [ 261.934250][ T6115] should_fail_ex+0x748/0x7f0 [ 261.939227][ T6115] should_fail+0x2a/0x40 [ 261.943763][ T6115] should_fail_usercopy+0x2e/0x40 [ 261.949093][ T6115] _copy_from_user+0x35/0x110 [ 261.954060][ T6115] __sys_bpf+0x2dc/0xd90 [ 261.958602][ T6115] __x64_sys_bpf+0xa0/0xe0 [ 261.963281][ T6115] x64_sys_call+0x329c/0x3c30 [ 261.968263][ T6115] do_syscall_64+0xcd/0x1e0 [ 261.973017][ T6115] ? clear_bhb_loop+0x25/0x80 [ 261.977991][ T6115] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 261.984183][ T6115] RIP: 0033:0x7fec8d185d29 [ 261.988819][ T6115] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 262.008721][ T6115] RSP: 002b:00007fec8df42038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 262.017441][ T6115] RAX: ffffffffffffffda RBX: 00007fec8d375fa0 RCX: 00007fec8d185d29 [ 262.025650][ T6115] RDX: 0000000000000010 RSI: 0000000020000200 RDI: 000000000000000f [ 262.033843][ T6115] RBP: 00007fec8df42090 R08: 0000000000000000 R09: 0000000000000000 [ 262.042046][ T6115] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 262.050249][ T6115] R13: 0000000000000000 R14: 00007fec8d375fa0 R15: 00007fff44038c48 [ 262.058486][ T6115] [ 262.070996][ T1901] pwc: recv_control_msg error -32 req 02 val 2500 [ 262.078932][ T10] pwc: Failed to set LED on/off time (-71) [ 262.136229][ T10] pwc: send_video_command error -71 [ 262.141851][ T10] pwc: Failed to set video mode VGA@30 fps; return code = -71 [ 262.150285][ T10] Philips webcam 4-1:2.0: probe with driver Philips webcam failed with error -71 [ 262.202828][ T10] usb 4-1: USB disconnect, device number 2 [ 262.311084][ T1901] pwc: recv_control_msg error -71 req 02 val 2400 [ 262.398833][ T6121] netlink: 8 bytes leftover after parsing attributes in process `syz.0.48'. [ 262.581251][ T1901] pwc: recv_control_msg error -71 req 02 val 2600 [ 262.644253][ T1901] pwc: recv_control_msg error -71 req 02 val 2900 [ 262.666071][ T6110] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 262.679288][ T6110] ext4 filesystem being mounted at /8/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 262.684090][ T1901] pwc: recv_control_msg error -71 req 02 val 2800 [ 262.753323][ T1901] pwc: recv_control_msg error -71 req 04 val 1100 [ 262.814175][ T1901] pwc: recv_control_msg error -71 req 04 val 1200 [ 262.871720][ T1901] pwc: Registered as video103. [ 262.880474][ T1901] input: PWC snapshot button as /devices/platform/dummy_hcd.1/usb2/2-1/input/input5 [ 262.918529][ T6121] loop0: detected capacity change from 0 to 16 [ 262.935024][ T6121] erofs: Unknown parameter 'ÿÿÿÿÿÿœôS2òç/¾b*üDObê hÄ*w³Rþ [ 262.935024][ T6121] ýß±ÌùÀùè™êšçÃZ+ ' [ 263.024262][ T6110] netlink: 'syz.2.46': attribute type 2 has an invalid length. [ 263.032384][ T6110] netlink: 'syz.2.46': attribute type 1 has an invalid length. [ 263.040186][ T6110] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.46'. [ 263.095856][ T1901] usb 2-1: USB disconnect, device number 2 [ 263.104694][ T6121] pim6reg: entered allmulticast mode [ 263.235821][ T6130] pim6reg: left allmulticast mode [ 263.262842][ T6133] overlayfs: option "volatile" is meaningless in a non-upper mount, ignoring it. [ 263.277536][ T6133] overlayfs: option "uuid=on" requires an upper fs, falling back to uuid=null. [ 263.288525][ T6133] overlayfs: missing 'lowerdir' [ 263.296122][ T6138] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 263.306778][ T6138] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 263.321875][ T6131] overlayfs: option "volatile" is meaningless in a non-upper mount, ignoring it. [ 263.331520][ T6131] overlayfs: option "uuid=on" requires an upper fs, falling back to uuid=null. [ 263.341264][ T6131] overlayfs: missing 'lowerdir' [ 263.370027][ T6121] netlink: 8 bytes leftover after parsing attributes in process `syz.0.48'. [ 263.471465][ T5785] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 263.522418][ T44] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 264.132350][ T6145] loop2: detected capacity change from 0 to 512 [ 264.242719][ T6145] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 264.256443][ T6145] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 264.407842][ T6156] FAULT_INJECTION: forcing a failure. [ 264.407842][ T6156] name failslab, interval 1, probability 0, space 0, times 0 [ 264.421015][ T6156] CPU: 0 UID: 0 PID: 6156 Comm: syz.0.53 Not tainted 6.13.0-rc5-syzkaller-00004-gccb98ccef0e5 #0 [ 264.431845][ T6156] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 264.442146][ T6156] Call Trace: [ 264.445617][ T6156] [ 264.448735][ T6156] dump_stack_lvl+0x216/0x2d0 [ 264.453750][ T6156] dump_stack+0x1e/0x24 [ 264.458295][ T6156] should_fail_ex+0x748/0x7f0 [ 264.463355][ T6156] should_failslab+0x17f/0x210 [ 264.468426][ T6156] kmem_cache_alloc_noprof+0xee/0xe10 [ 264.474137][ T6156] ? skb_clone+0x303/0x550 [ 264.478859][ T6156] ? kmsan_get_metadata+0x13e/0x1c0 [ 264.484361][ T6156] skb_clone+0x303/0x550 [ 264.488925][ T6156] __netlink_deliver_tap+0x5f6/0xd30 [ 264.494545][ T6156] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 264.500762][ T6156] netlink_unicast+0x1103/0x1260 [ 264.506038][ T6156] netlink_sendmsg+0x10da/0x11e0 [ 264.511330][ T6156] ? __pfx_netlink_sendmsg+0x10/0x10 [ 264.516956][ T6156] ? __pfx_netlink_sendmsg+0x10/0x10 [ 264.522615][ T6156] __sock_sendmsg+0x30f/0x380 [ 264.527628][ T6156] ____sys_sendmsg+0x877/0xb60 [ 264.532732][ T6156] ___sys_sendmsg+0x28d/0x3c0 [ 264.537723][ T6156] ? __rcu_read_unlock+0x7b/0xe0 [ 264.542978][ T6156] ? __fget_files+0x42b/0x500 [ 264.547946][ T6156] ? kmsan_get_metadata+0x13e/0x1c0 [ 264.553437][ T6156] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 264.559548][ T6156] __x64_sys_sendmsg+0x212/0x3c0 [ 264.564810][ T6156] ? kmsan_get_metadata+0x13e/0x1c0 [ 264.570302][ T6156] x64_sys_call+0x2ed6/0x3c30 [ 264.575325][ T6156] do_syscall_64+0xcd/0x1e0 [ 264.580114][ T6156] ? clear_bhb_loop+0x25/0x80 [ 264.585124][ T6156] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 264.591355][ T6156] RIP: 0033:0x7f65e8d85d29 [ 264.596028][ T6156] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 264.613245][ T6145] EXT4-fs (loop2): 1 orphan inode deleted [ 264.615823][ T6156] RSP: 002b:00007f65e9b17038 EFLAGS: 00000246 [ 264.621600][ T6145] EXT4-fs (loop2): 1 truncate cleaned up [ 264.623837][ T6145] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 264.627883][ T6156] ORIG_RAX: 000000000000002e [ 264.627946][ T6156] RAX: ffffffffffffffda RBX: 00007f65e8f76080 RCX: 00007f65e8d85d29 [ 264.658773][ T6156] RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000003 [ 264.667007][ T6156] RBP: 00007f65e9b17090 R08: 0000000000000000 R09: 0000000000000000 [ 264.675237][ T6156] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 264.683470][ T6156] R13: 0000000000000000 R14: 00007f65e8f76080 R15: 00007fff5cf4ff48 [ 264.691711][ T6156] [ 264.974992][ T6145] EXT4-fs error (device loop2): ext4_lookup:1813: inode #15: comm syz.2.52: iget: bad extra_isize 46 (inode size 256) [ 265.071255][ T6145] EXT4-fs (loop2): Remounting filesystem read-only [ 265.236019][ T6164] loop1: detected capacity change from 0 to 8 [ 265.309017][ T6164] ======================================================= [ 265.309017][ T6164] WARNING: The mand mount option has been deprecated and [ 265.309017][ T6164] and is ignored by this kernel. Remove the mand [ 265.309017][ T6164] option from the mount to silence this warning. [ 265.309017][ T6164] ======================================================= [ 265.469438][ T6164] SQUASHFS error: Unable to read inode 0x11f [ 265.631979][ T5785] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 265.826122][ T6171] FAULT_INJECTION: forcing a failure. [ 265.826122][ T6171] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 265.843804][ T6171] CPU: 1 UID: 0 PID: 6171 Comm: syz.4.60 Not tainted 6.13.0-rc5-syzkaller-00004-gccb98ccef0e5 #0 [ 265.854623][ T6171] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 265.864932][ T6171] Call Trace: [ 265.868397][ T6171] [ 265.871513][ T6171] dump_stack_lvl+0x216/0x2d0 [ 265.876514][ T6171] dump_stack+0x1e/0x24 [ 265.880965][ T6171] should_fail_ex+0x748/0x7f0 [ 265.885966][ T6171] should_fail+0x2a/0x40 [ 265.887734][ T6168] netlink: 'syz.0.58': attribute type 3 has an invalid length. [ 265.890430][ T6171] should_fail_usercopy+0x2e/0x40 [ 265.903445][ T6171] _copy_from_user+0x35/0x110 [ 265.908445][ T6171] btf_get_info_by_fd+0xe3/0xa90 [ 265.913713][ T6171] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 265.919821][ T6171] bpf_obj_get_info_by_fd+0x19ff/0x6440 [ 265.925679][ T6171] ? kmsan_get_metadata+0x13e/0x1c0 [ 265.931161][ T6171] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 265.937270][ T6171] ? kmsan_get_metadata+0x13e/0x1c0 [ 265.942745][ T6171] ? kmsan_get_metadata+0x13e/0x1c0 [ 265.948238][ T6171] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 265.954435][ T6171] ? kmsan_get_metadata+0x13e/0x1c0 [ 265.959916][ T6171] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 265.966017][ T6171] ? should_fail_ex+0x19a/0x7f0 [ 265.971179][ T6171] ? stack_depot_save_flags+0x2c/0x750 [ 265.976951][ T6171] ? kmsan_get_metadata+0x13e/0x1c0 [ 265.982458][ T6171] ? kmsan_internal_set_shadow_origin+0x69/0x100 [ 265.989157][ T6171] __sys_bpf+0x9e2/0xd90 [ 265.993745][ T6171] __x64_sys_bpf+0xa0/0xe0 [ 265.998471][ T6171] x64_sys_call+0x329c/0x3c30 [ 266.003484][ T6171] do_syscall_64+0xcd/0x1e0 [ 266.008280][ T6171] ? clear_bhb_loop+0x25/0x80 [ 266.013289][ T6171] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 266.019507][ T6171] RIP: 0033:0x7fec8d185d29 [ 266.024266][ T6171] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 266.044274][ T6171] RSP: 002b:00007fec8df42038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 266.052999][ T6171] RAX: ffffffffffffffda RBX: 00007fec8d375fa0 RCX: 00007fec8d185d29 [ 266.061226][ T6171] RDX: 0000000000000010 RSI: 0000000020000200 RDI: 000000000000000f [ 266.069432][ T6171] RBP: 00007fec8df42090 R08: 0000000000000000 R09: 0000000000000000 [ 266.077643][ T6171] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 266.085842][ T6171] R13: 0000000000000000 R14: 00007fec8d375fa0 R15: 00007fff44038c48 [ 266.094073][ T6171] [ 266.497863][ T6178] binder: BINDER_SET_CONTEXT_MGR already set [ 266.504346][ T6178] binder: 6177:6178 ioctl 4018620d 20000040 returned -16 [ 266.518073][ T6178] loop3: detected capacity change from 0 to 16 [ 266.949169][ T6181] loop3: detected capacity change from 0 to 1024 [ 267.143625][ T44] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 267.143680][ T6186] netlink: 4 bytes leftover after parsing attributes in process `syz.2.66'. [ 267.143819][ T6186] bridge_slave_1: left allmulticast mode [ 267.175062][ T6186] bridge_slave_1: left promiscuous mode [ 267.181801][ T6186] bridge0: port 2(bridge_slave_1) entered disabled state [ 267.209086][ T6181] hfsplus: invalid btree flag [ 267.229406][ T6181] hfsplus: failed to load catalog file [ 267.360640][ T44] usb 5-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 267.364460][ T6186] bridge_slave_0: left allmulticast mode [ 267.374249][ T44] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 267.391742][ T6186] bridge_slave_0: left promiscuous mode [ 267.398850][ T6186] bridge0: port 1(bridge_slave_0) entered disabled state [ 267.422378][ T44] usb 5-1: config 0 descriptor?? [ 267.722592][ T44] [drm] vendor descriptor length:6 data:06 5f 05 af ef 69 00 00 00 00 00 [ 267.731414][ T44] [drm:udl_init] *ERROR* Unrecognized vendor firmware descriptor [ 267.921613][ T44] [drm:udl_init] *ERROR* Selecting channel failed [ 267.952571][ T44] [drm] Initialized udl 0.0.1 for 5-1:0.0 on minor 2 [ 267.959548][ T44] [drm] Initialized udl on minor 2 [ 267.967703][ T44] udl 5-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 267.977701][ T44] udl 5-1:0.0: [drm] Cannot find any crtc or sizes [ 267.996576][ T1882] udl 5-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 268.023104][ T1882] udl 5-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 268.031671][ T1882] udl 5-1:0.0: [drm] Cannot find any crtc or sizes [ 268.093824][ T6191] FAULT_INJECTION: forcing a failure. [ 268.093824][ T6191] name failslab, interval 1, probability 0, space 0, times 0 [ 268.106942][ T6191] CPU: 0 UID: 0 PID: 6191 Comm: syz.1.68 Not tainted 6.13.0-rc5-syzkaller-00004-gccb98ccef0e5 #0 [ 268.117753][ T6191] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 268.128067][ T6191] Call Trace: [ 268.131550][ T6191] [ 268.134675][ T6191] dump_stack_lvl+0x216/0x2d0 [ 268.139686][ T6191] dump_stack+0x1e/0x24 [ 268.144144][ T6191] should_fail_ex+0x748/0x7f0 [ 268.149158][ T6191] should_failslab+0x17f/0x210 [ 268.154229][ T6191] __kmalloc_noprof+0x176/0x1230 [ 268.159498][ T6191] ? filter_irq_stacks+0x60/0x1a0 [ 268.164838][ T6191] ? genl_family_rcv_msg_attrs_parse+0x114/0x430 [ 268.171493][ T6191] ? kmsan_get_metadata+0x13e/0x1c0 [ 268.176998][ T6191] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 268.183128][ T6191] genl_family_rcv_msg_attrs_parse+0x114/0x430 [ 268.189609][ T6191] ? genl_rcv_msg+0xc4e/0x12c0 [ 268.194666][ T6191] genl_rcv_msg+0xc83/0x12c0 [ 268.199552][ T6191] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 268.205251][ T6191] ? __pfx_nl80211_join_ibss+0x10/0x10 [ 268.211032][ T6191] ? __pfx_nl80211_post_doit+0x10/0x10 [ 268.216830][ T6191] ? stack_depot_save_flags+0x2c/0x750 [ 268.222602][ T6191] ? kmsan_get_metadata+0x13e/0x1c0 [ 268.228111][ T6191] netlink_rcv_skb+0x375/0x650 [ 268.233234][ T6191] ? __pfx_genl_rcv_msg+0x10/0x10 [ 268.238545][ T6191] ? __pfx_genl_rcv+0x10/0x10 [ 268.243502][ T6191] genl_rcv+0x40/0x60 [ 268.247757][ T6191] netlink_unicast+0xf52/0x1260 [ 268.252929][ T6191] netlink_sendmsg+0x10da/0x11e0 [ 268.258217][ T6191] ? __pfx_netlink_sendmsg+0x10/0x10 [ 268.263817][ T6191] ? __pfx_netlink_sendmsg+0x10/0x10 [ 268.267293][ T6197] loop3: detected capacity change from 0 to 164 [ 268.269339][ T6191] __sock_sendmsg+0x30f/0x380 [ 268.269525][ T6191] ____sys_sendmsg+0x877/0xb60 [ 268.269703][ T6191] ___sys_sendmsg+0x28d/0x3c0 [ 268.290571][ T6191] ? __rcu_read_unlock+0x7b/0xe0 [ 268.295843][ T6191] ? __fget_files+0x42b/0x500 [ 268.299326][ T6198] loop2: detected capacity change from 0 to 164 [ 268.300725][ T6191] ? kmsan_get_metadata+0x13e/0x1c0 [ 268.312507][ T6191] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 268.318617][ T6191] __x64_sys_sendmsg+0x212/0x3c0 [ 268.323871][ T6191] ? kmsan_get_metadata+0x13e/0x1c0 [ 268.329374][ T6191] x64_sys_call+0x2ed6/0x3c30 [ 268.334391][ T6191] do_syscall_64+0xcd/0x1e0 [ 268.339191][ T6191] ? clear_bhb_loop+0x25/0x80 [ 268.344200][ T6191] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 268.350417][ T6191] RIP: 0033:0x7f4fbcf85d29 [ 268.355130][ T6191] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 268.357907][ T44] usb 5-1: USB disconnect, device number 2 [ 268.374948][ T6191] RSP: 002b:00007f4fbde24038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 268.375094][ T6191] RAX: ffffffffffffffda RBX: 00007f4fbd175fa0 RCX: 00007f4fbcf85d29 [ 268.375196][ T6191] RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000003 [ 268.375294][ T6191] RBP: 00007f4fbde24090 R08: 0000000000000000 R09: 0000000000000000 [ 268.375385][ T6191] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 268.375476][ T6191] R13: 0000000000000000 R14: 00007f4fbd175fa0 R15: 00007ffd79fd1c18 [ 268.375599][ T6191] [ 268.653268][ T6197] isofs_fill_super: get root inode failed [ 269.194678][ T6213] netlink: 32 bytes leftover after parsing attributes in process `syz.4.73'. [ 269.462914][ T6211] netlink: 'syz.2.72': attribute type 10 has an invalid length. [ 269.470825][ T6211] netlink: 2 bytes leftover after parsing attributes in process `syz.2.72'. [ 269.480206][ T6211] team0: entered promiscuous mode [ 269.485824][ T6211] team_slave_0: entered promiscuous mode [ 269.492793][ T6211] team_slave_1: entered promiscuous mode [ 269.561287][ T6213] loop4: detected capacity change from 0 to 164 [ 269.573253][ T6219] FAULT_INJECTION: forcing a failure. [ 269.573253][ T6219] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 269.587013][ T6219] CPU: 0 UID: 0 PID: 6219 Comm: syz.3.76 Not tainted 6.13.0-rc5-syzkaller-00004-gccb98ccef0e5 #0 [ 269.597824][ T6219] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 269.608141][ T6219] Call Trace: [ 269.611621][ T6219] [ 269.614756][ T6219] dump_stack_lvl+0x216/0x2d0 [ 269.619764][ T6219] dump_stack+0x1e/0x24 [ 269.624229][ T6219] should_fail_ex+0x748/0x7f0 [ 269.629238][ T6219] should_fail+0x2a/0x40 [ 269.633787][ T6219] should_fail_usercopy+0x2e/0x40 [ 269.639141][ T6219] _copy_to_user+0x34/0x120 [ 269.643964][ T6219] simple_read_from_buffer+0x199/0x340 [ 269.649767][ T6219] proc_fail_nth_read+0x1e5/0x2c0 [ 269.655098][ T6219] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 269.660936][ T6219] vfs_read+0x29d/0xf50 [ 269.665399][ T6219] ? stack_depot_save_flags+0x2c/0x750 [ 269.671171][ T6219] ? kmsan_get_metadata+0x13e/0x1c0 [ 269.676660][ T6219] ? kmsan_internal_set_shadow_origin+0x69/0x100 [ 269.683357][ T6219] ksys_read+0x240/0x4b0 [ 269.687917][ T6219] ? kmsan_get_metadata+0x13e/0x1c0 [ 269.693390][ T6219] __x64_sys_read+0x93/0xe0 [ 269.698185][ T6219] x64_sys_call+0x314c/0x3c30 [ 269.703169][ T6219] do_syscall_64+0xcd/0x1e0 [ 269.707928][ T6219] ? clear_bhb_loop+0x25/0x80 [ 269.712908][ T6219] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 269.719096][ T6219] RIP: 0033:0x7f33b378473c [ 269.723741][ T6219] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 269.743649][ T6219] RSP: 002b:00007f33b4631030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 269.752363][ T6219] RAX: ffffffffffffffda RBX: 00007f33b3975fa0 RCX: 00007f33b378473c [ 269.760567][ T6219] RDX: 000000000000000f RSI: 00007f33b46310a0 RDI: 0000000000000004 [ 269.768757][ T6219] RBP: 00007f33b4631090 R08: 0000000000000000 R09: 0000000000000000 [ 269.776960][ T6219] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 269.785152][ T6219] R13: 0000000000000000 R14: 00007f33b3975fa0 R15: 00007ffec5caa978 [ 269.793377][ T6219] [ 269.958209][ T6218] loop1: detected capacity change from 0 to 2048 [ 269.999439][ T6213] rock: corrupted directory entry. extent=41, offset=65536, size=8 [ 270.045496][ T6213] netlink: 96 bytes leftover after parsing attributes in process `syz.4.73'. [ 270.077457][ T6218] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 270.327125][ T6218] overlayfs: upper fs needs to support d_type. [ 270.519109][ T6226] netlink: 'syz.0.78': attribute type 4 has an invalid length. [ 270.555346][ T6218] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 270.562969][ T6218] overlayfs: failed to set xattr on upper [ 270.569072][ T6218] overlayfs: ...falling back to redirect_dir=nofollow. [ 270.576372][ T6218] overlayfs: ...falling back to index=off. [ 270.582880][ T6218] overlayfs: ...falling back to uuid=null. [ 270.892491][ T1901] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 270.913592][ T6225] batadv_slave_1: mtu less than device minimum [ 271.030694][ T5794] UDF-fs: error (device loop1): udf_read_inode: (ino 1317) failed !bh [ 271.039628][ T1901] usb 3-1: device descriptor read/64, error -71 [ 271.076374][ T5794] UDF-fs: error (device loop1): udf_read_inode: (ino 1317) failed !bh [ 271.276704][ C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 271.336993][ T1901] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 271.507264][ T6248] FAULT_INJECTION: forcing a failure. [ 271.507264][ T6248] name failslab, interval 1, probability 0, space 0, times 0 [ 271.520746][ T6248] CPU: 0 UID: 0 PID: 6248 Comm: syz.0.84 Not tainted 6.13.0-rc5-syzkaller-00004-gccb98ccef0e5 #0 [ 271.531552][ T6248] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 271.541836][ T6248] Call Trace: [ 271.545285][ T6248] [ 271.548387][ T6248] dump_stack_lvl+0x216/0x2d0 [ 271.553364][ T6248] dump_stack+0x1e/0x24 [ 271.557825][ T6248] should_fail_ex+0x748/0x7f0 [ 271.562821][ T6248] should_failslab+0x17f/0x210 [ 271.567861][ T6248] kmem_cache_alloc_node_noprof+0xf4/0xe00 [ 271.573981][ T6248] ? __alloc_skb+0x1e9/0x7b0 [ 271.578828][ T6248] ? kmsan_get_metadata+0x13e/0x1c0 [ 271.584298][ T6248] __alloc_skb+0x1e9/0x7b0 [ 271.588980][ T6248] netlink_ack+0x281/0xe80 [ 271.593691][ T6248] ? kmsan_get_metadata+0x13e/0x1c0 [ 271.599155][ T6248] netlink_rcv_skb+0x510/0x650 [ 271.604219][ T6248] ? __pfx_genl_rcv_msg+0x10/0x10 [ 271.609502][ T6248] ? __pfx_genl_rcv+0x10/0x10 [ 271.614425][ T6248] genl_rcv+0x40/0x60 [ 271.618659][ T6248] netlink_unicast+0xf52/0x1260 [ 271.623801][ T6248] netlink_sendmsg+0x10da/0x11e0 [ 271.629045][ T6248] ? __pfx_netlink_sendmsg+0x10/0x10 [ 271.634618][ T6248] ? __pfx_netlink_sendmsg+0x10/0x10 [ 271.640190][ T6248] __sock_sendmsg+0x30f/0x380 [ 271.645167][ T6248] ____sys_sendmsg+0x877/0xb60 [ 271.650221][ T6248] ___sys_sendmsg+0x28d/0x3c0 [ 271.655178][ T6248] ? __rcu_read_unlock+0x7b/0xe0 [ 271.660420][ T6248] ? __fget_files+0x42b/0x500 [ 271.665367][ T6248] ? kmsan_get_metadata+0x13e/0x1c0 [ 271.670825][ T6248] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 271.676912][ T6248] __x64_sys_sendmsg+0x212/0x3c0 [ 271.682139][ T6248] ? kmsan_get_metadata+0x13e/0x1c0 [ 271.687617][ T6248] x64_sys_call+0x2ed6/0x3c30 [ 271.692599][ T6248] do_syscall_64+0xcd/0x1e0 [ 271.697358][ T6248] ? clear_bhb_loop+0x25/0x80 [ 271.702333][ T6248] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 271.708535][ T6248] RIP: 0033:0x7f65e8d85d29 [ 271.713177][ T6248] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 271.733083][ T6248] RSP: 002b:00007f65e9b38038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 271.741812][ T6248] RAX: ffffffffffffffda RBX: 00007f65e8f75fa0 RCX: 00007f65e8d85d29 [ 271.750025][ T6248] RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000003 [ 271.758219][ T6248] RBP: 00007f65e9b38090 R08: 0000000000000000 R09: 0000000000000000 [ 271.766414][ T6248] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 271.774623][ T6248] R13: 0000000000000000 R14: 00007f65e8f75fa0 R15: 00007fff5cf4ff48 [ 271.782855][ T6248] [ 271.850717][ T1901] usb 3-1: device descriptor read/64, error -71 [ 271.964564][ T1901] usb usb3-port1: attempt power cycle [ 272.245065][ T4215] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 272.352698][ T1901] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 272.405740][ T1901] usb 3-1: device descriptor read/8, error -71 [ 272.407195][ T4215] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 272.570105][ T6259] loop0: detected capacity change from 0 to 16 [ 272.595874][ T10] usb 4-1: new full-speed USB device number 4 using dummy_hcd [ 272.635024][ T4215] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 272.653286][ T1901] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 272.663820][ T5787] Bluetooth: hci4: command tx timeout [ 272.699120][ T1901] usb 3-1: device descriptor read/8, error -71 [ 272.786719][ T10] usb 4-1: config 1 has an invalid descriptor of length 255, skipping remainder of the config [ 272.803192][ T10] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 272.834086][ T1901] usb usb3-port1: unable to enumerate USB device [ 272.876788][ T4215] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 272.918834][ T10] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 272.929446][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 272.938062][ T10] usb 4-1: Product: syz [ 272.942592][ T10] usb 4-1: Manufacturer: syz [ 272.947453][ T10] usb 4-1: SerialNumber: syz [ 273.421788][ T4215] bridge_slave_1: left allmulticast mode [ 273.427972][ T4215] bridge_slave_1: left promiscuous mode [ 273.435212][ T4215] bridge0: port 2(bridge_slave_1) entered disabled state [ 273.522447][ T6254] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 273.532470][ T6254] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 273.584054][ T4215] bridge_slave_0: left allmulticast mode [ 273.590165][ T4215] bridge_slave_0: left promiscuous mode [ 273.597613][ T4215] bridge0: port 1(bridge_slave_0) entered disabled state [ 274.161764][ T4215] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 274.190358][ T4215] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 274.215370][ T4215] bond0 (unregistering): Released all slaves [ 274.242351][ T6253] netlink: 'syz.3.86': attribute type 7 has an invalid length. [ 274.278970][ T10] usb 4-1: 0:2 : does not exist [ 274.393521][ T10] usb 4-1: 5:0: failed to get current value for ch 0 (-22) [ 274.531177][ T10] usb 4-1: USB disconnect, device number 4 [ 274.811841][ T5958] udevd[5958]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 275.030081][ T4215] hsr_slave_0: left promiscuous mode [ 275.070636][ T4215] hsr_slave_1: left promiscuous mode [ 275.107763][ T4215] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 275.115682][ T4215] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 275.186589][ T4215] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 275.194655][ T4215] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 275.243175][ T4215] veth1_macvtap: left promiscuous mode [ 275.248971][ T4215] veth0_macvtap: left promiscuous mode [ 275.258923][ T4215] veth1_vlan: left promiscuous mode [ 275.264777][ T4215] veth0_vlan: left promiscuous mode [ 275.677575][ T6275] loop3: detected capacity change from 0 to 256 [ 276.251683][ T10] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 276.417801][ T6273] input: syz0 as /devices/virtual/input/input6 [ 276.533892][ T10] usb 5-1: Using ep0 maxpacket: 8 [ 276.562577][ T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid wMaxPacketSize 0 [ 276.572867][ T10] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 0 [ 276.586312][ T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 276.597504][ T10] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 276.723964][ T10] usb 5-1: New USB device found, idVendor=0586, idProduct=1000, bcdDevice= 5.2a [ 276.734372][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 276.744401][ T10] usb 5-1: Product: syz [ 276.748801][ T10] usb 5-1: Manufacturer: syz [ 276.754624][ T10] usb 5-1: SerialNumber: syz [ 276.835469][ T10] usb 5-1: config 0 descriptor?? [ 276.866822][ T10] omninet 5-1:0.0: ZyXEL - omni.net usb converter detected [ 276.881119][ T5085] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 276.907553][ T10] usb 5-1: ZyXEL - omni.net usb converter now attached to ttyUSB0 [ 276.925401][ T5085] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 276.938349][ T5085] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 276.963953][ T5085] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 277.035339][ T5085] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 277.098440][ T4215] team0 (unregistering): Port device team_slave_1 removed [ 277.119371][ T5085] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 277.221662][ T4215] team0 (unregistering): Port device team_slave_0 removed [ 277.440246][ T6273] syz.0.90 (6273) used greatest stack depth: 4472 bytes left [ 278.218738][ T1882] usb 5-1: USB disconnect, device number 3 [ 278.255277][ T1882] omninet ttyUSB0: ZyXEL - omni.net usb converter now disconnected from ttyUSB0 [ 278.268732][ T1882] omninet 5-1:0.0: device disconnected [ 278.772564][ T6316] loop2: detected capacity change from 0 to 1024 [ 278.804338][ T6316] EXT4-fs: quotafile must be on filesystem root [ 279.255531][ T5085] Bluetooth: hci3: command tx timeout [ 279.481745][ T6328] mmap: syz.2.100 (6328) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 279.535755][ T6327] loop3: detected capacity change from 0 to 512 [ 279.563916][ T6327] EXT4-fs: Ignoring removed nobh option [ 279.602577][ T10] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 279.684434][ T6294] chnl_net:caif_netlink_parms(): no params data found [ 279.809912][ T6327] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 279.823678][ T6327] ext4 filesystem being mounted at /24/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 279.887374][ T10] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 279.896894][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 279.910707][ T10] usb 1-1: config 0 descriptor?? [ 279.926604][ T10] cp210x 1-1:0.0: cp210x converter detected [ 280.182322][ T6334] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm ext4lazyinit: bg 0: block 224: padding at end of block bitmap is not set [ 280.212565][ T6334] EXT4-fs (loop3): Remounting filesystem read-only [ 280.327437][ T10] cp210x 1-1:0.0: failed to get vendor val 0x370b size 1: -71 [ 280.335409][ T10] cp210x 1-1:0.0: querying part number failed [ 280.430719][ T10] usb 1-1: cp210x converter now attached to ttyUSB0 [ 280.580055][ T10] usb 1-1: USB disconnect, device number 4 [ 280.724212][ T10] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 280.734888][ T10] cp210x 1-1:0.0: device disconnected [ 280.765026][ T1284] ieee802154 phy0 wpan0: encryption failed: -22 [ 280.772266][ T1284] ieee802154 phy1 wpan1: encryption failed: -22 [ 280.862917][ T1901] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 281.011699][ T6352] xt_CT: You must specify a L4 protocol and not use inversions on it [ 281.082305][ T1901] usb 4-1: Using ep0 maxpacket: 8 [ 281.155232][ T1901] usb 4-1: config 0 has an invalid interface number: 52 but max is 0 [ 281.165815][ T1901] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 281.176468][ T1901] usb 4-1: config 0 has no interface number 0 [ 281.183046][ T1901] usb 4-1: config 0 interface 52 altsetting 1 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 281.198174][ T1901] usb 4-1: config 0 interface 52 altsetting 1 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 281.210679][ T1901] usb 4-1: config 0 interface 52 altsetting 1 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 281.222599][ T1901] usb 4-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 281.235942][ T1901] usb 4-1: config 0 interface 52 has no altsetting 0 [ 281.243156][ T1901] usb 4-1: New USB device found, idVendor=06cb, idProduct=0007, bcdDevice= 8.00 [ 281.252633][ T1901] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 281.388032][ T5085] Bluetooth: hci3: command tx timeout [ 281.390777][ T1901] usb 4-1: config 0 descriptor?? [ 281.529141][ T6294] bridge0: port 1(bridge_slave_0) entered blocking state [ 281.537092][ T6294] bridge0: port 1(bridge_slave_0) entered disabled state [ 281.545944][ T6294] bridge_slave_0: entered allmulticast mode [ 281.555047][ T6294] bridge_slave_0: entered promiscuous mode [ 281.637882][ T6294] bridge0: port 2(bridge_slave_1) entered blocking state [ 281.645810][ T6294] bridge0: port 2(bridge_slave_1) entered disabled state [ 281.653801][ T6294] bridge_slave_1: entered allmulticast mode [ 281.663651][ T6294] bridge_slave_1: entered promiscuous mode [ 282.173378][ T6294] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 282.200936][ T6356] loop2: detected capacity change from 0 to 2048 [ 282.288844][ T1901] input: USB Synaptics Device 06cb:0007 (Stick) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.52/input/input7 [ 282.329221][ T6294] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 282.669451][ T6356] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [ 282.678431][ T6356] UDF-fs: Scanning with blocksize 512 failed [ 283.005272][ T6294] team0: Port device team_slave_0 added [ 283.073468][ T1901] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 283.131178][ T6294] team0: Port device team_slave_1 added [ 283.199592][ T6356] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 283.221463][ T6368] netlink: 16 bytes leftover after parsing attributes in process `syz.0.108'. [ 283.335794][ T1901] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 283.350606][ T1901] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0 [ 283.362702][ T1901] usb 5-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 283.462906][ T1901] usb 5-1: New USB device found, idVendor=2294, idProduct=425a, bcdDevice=d1.41 [ 283.472437][ T1901] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 283.472871][ T5085] Bluetooth: hci3: command tx timeout [ 283.480612][ T1901] usb 5-1: Product: syz [ 283.480726][ T1901] usb 5-1: Manufacturer: syz [ 283.497117][ T1901] usb 5-1: SerialNumber: syz [ 283.528760][ T6294] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 283.536083][ T6294] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 283.566164][ T6294] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 283.600543][ T6294] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 283.607905][ T6294] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 283.634388][ T6294] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 283.721362][ T1901] usb 5-1: config 0 descriptor?? [ 283.849071][ T1901] usb 5-1: ucan: probing device on interface #0 [ 283.860707][ T1901] usb 5-1: ucan: invalid EP count (1) [ 283.869981][ T1901] usb 5-1: ucan: probe failed; try to update the device firmware [ 284.026551][ T6364] loop4: detected capacity change from 0 to 128 [ 284.108088][ T1882] usb 4-1: USB disconnect, device number 5 [ 284.145595][ T6364] VFS: Found a Xenix FS (block size = 512) on device loop4 [ 284.178885][ T6364] sysv_free_block: trying to free block not in datazone [ 284.229707][ T6364] sysv_free_inode: inode 0,1,2 or nonexistent inode [ 284.406595][ T5790] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 284.723758][ T1882] usb 5-1: USB disconnect, device number 4 [ 284.966138][ T6294] hsr_slave_0: entered promiscuous mode [ 285.020388][ T6294] hsr_slave_1: entered promiscuous mode [ 285.061863][ T6294] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 285.070827][ T6294] Cannot create hsr debugfs directory [ 285.413479][ T6389] loop2: detected capacity change from 0 to 1024 [ 285.549927][ T5085] Bluetooth: hci3: command tx timeout [ 285.587668][ T6389] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869) [ 285.601368][ T6389] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 285.613470][ T6389] EXT4-fs (loop2): can't mount with data=, fs mounted w/o journal [ 286.364028][ T6395] loop3: detected capacity change from 0 to 2048 [ 286.403443][ T6395] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=3424, location=3424 [ 286.519012][ T6395] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 286.757352][ T6294] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 286.813012][ T6294] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 287.024187][ T6405] FAULT_INJECTION: forcing a failure. [ 287.024187][ T6405] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 287.042409][ T6405] CPU: 1 UID: 0 PID: 6405 Comm: syz.4.116 Not tainted 6.13.0-rc5-syzkaller-00004-gccb98ccef0e5 #0 [ 287.053337][ T6405] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 287.063734][ T6405] Call Trace: [ 287.067275][ T6405] [ 287.070396][ T6405] dump_stack_lvl+0x216/0x2d0 [ 287.075410][ T6405] dump_stack+0x1e/0x24 [ 287.079884][ T6405] should_fail_ex+0x748/0x7f0 [ 287.084894][ T6405] should_fail+0x2a/0x40 [ 287.089440][ T6405] should_fail_usercopy+0x2e/0x40 [ 287.094786][ T6405] _copy_to_user+0x34/0x120 [ 287.099711][ T6405] simple_read_from_buffer+0x199/0x340 [ 287.105521][ T6405] proc_fail_nth_read+0x1e5/0x2c0 [ 287.110860][ T6405] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 287.116990][ T6405] vfs_read+0x29d/0xf50 [ 287.121478][ T6405] ? stack_depot_save_flags+0x2c/0x750 [ 287.127265][ T6405] ? kmsan_get_metadata+0x13e/0x1c0 [ 287.132840][ T6405] ? kmsan_internal_set_shadow_origin+0x69/0x100 [ 287.139538][ T6405] ksys_read+0x240/0x4b0 [ 287.144095][ T6405] ? kmsan_get_metadata+0x13e/0x1c0 [ 287.149687][ T6405] __x64_sys_read+0x93/0xe0 [ 287.154609][ T6405] x64_sys_call+0x314c/0x3c30 [ 287.159638][ T6405] do_syscall_64+0xcd/0x1e0 [ 287.164427][ T6405] ? clear_bhb_loop+0x25/0x80 [ 287.169442][ T6405] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 287.175662][ T6405] RIP: 0033:0x7fec8d18473c [ 287.180331][ T6405] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 287.200259][ T6405] RSP: 002b:00007fec8df42030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 287.209022][ T6405] RAX: ffffffffffffffda RBX: 00007fec8d375fa0 RCX: 00007fec8d18473c [ 287.217288][ T6405] RDX: 000000000000000f RSI: 00007fec8df420a0 RDI: 0000000000000004 [ 287.225528][ T6405] RBP: 00007fec8df42090 R08: 0000000000000000 R09: 0000000000000000 [ 287.233749][ T6405] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 287.241967][ T6405] R13: 0000000000000000 R14: 00007fec8d375fa0 R15: 00007fff44038c48 [ 287.250220][ T6405] [ 287.265298][ T6294] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 287.446217][ T6294] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 287.863088][ T1882] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 288.032966][ T1882] usb 4-1: device descriptor read/64, error -71 [ 288.127733][ T6422] loop4: detected capacity change from 0 to 256 [ 288.385249][ T6422] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x9112d3fb, utbl_chksum : 0xe619d30d) [ 288.404120][ T1882] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 288.511887][ T6422] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 288.571670][ T1882] usb 4-1: device descriptor read/64, error -71 [ 288.604573][ T6422] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 288.627706][ T6294] 8021q: adding VLAN 0 to HW filter on device bond0 [ 288.679871][ T6428] loop2: detected capacity change from 0 to 256 [ 288.700381][ T1882] usb usb4-port1: attempt power cycle [ 288.778663][ T6294] 8021q: adding VLAN 0 to HW filter on device team0 [ 288.864939][ T4931] bridge0: port 1(bridge_slave_0) entered blocking state [ 288.872975][ T4931] bridge0: port 1(bridge_slave_0) entered forwarding state [ 288.928437][ T6428] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x4ca973fa, utbl_chksum : 0xe619d30d) [ 288.992871][ T4931] bridge0: port 2(bridge_slave_1) entered blocking state [ 289.000956][ T4931] bridge0: port 2(bridge_slave_1) entered forwarding state [ 289.127203][ T1882] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 289.206038][ T1882] usb 4-1: device descriptor read/8, error -71 [ 289.207658][ T6433] loop4: detected capacity change from 0 to 1764 [ 289.502443][ T1882] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 289.574412][ T1882] usb 4-1: device descriptor read/8, error -71 [ 289.722930][ T1882] usb usb4-port1: unable to enumerate USB device [ 289.995850][ T6433] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 291.172539][ T1882] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 291.273054][ T10] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 291.296852][ T6294] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 291.484217][ T10] usb 5-1: Using ep0 maxpacket: 8 [ 291.669124][ T1882] usb 4-1: Using ep0 maxpacket: 16 [ 291.753026][ T1882] usb 4-1: config 0 has an invalid interface number: 39 but max is 0 [ 291.761614][ T1882] usb 4-1: config 0 has no interface number 0 [ 291.779726][ T10] usb 5-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c [ 291.784345][ T1882] usb 4-1: config 0 has an invalid interface number: 39 but max is 0 [ 291.789329][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 291.798665][ T1882] usb 4-1: config 0 has no interface number 0 [ 291.806257][ T10] usb 5-1: Product: syz [ 291.817621][ T10] usb 5-1: Manufacturer: syz [ 291.823378][ T10] usb 5-1: SerialNumber: syz [ 291.846080][ T1882] usb 4-1: config 0 has an invalid interface number: 39 but max is 0 [ 291.855209][ T1882] usb 4-1: config 0 has no interface number 0 [ 291.909354][ T1882] usb 4-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=70.6d [ 291.919158][ T1882] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 291.927591][ T1882] usb 4-1: Product: syz [ 291.930515][ T10] usb 5-1: config 0 descriptor?? [ 291.931910][ T1882] usb 4-1: Manufacturer: syz [ 291.932137][ T1882] usb 4-1: SerialNumber: syz [ 291.962723][ T10] gspca_main: se401-2.14.0 probing 047d:5003 [ 292.486934][ T1882] usb 4-1: config 0 descriptor?? [ 292.550999][ T10] gspca_se401: write req failed req 0x57 val 0x00 error -71 [ 292.563926][ T10] se401 5-1:0.0: probe with driver se401 failed with error -71 [ 292.568091][ T1882] i2c-tiny-usb 4-1:0.39: version 70.6d found at bus 004 address 010 [ 292.679175][ T10] usb 5-1: USB disconnect, device number 5 [ 292.758725][ T6451] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 292.771830][ T6451] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 292.911576][ T6451] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 292.922477][ T6451] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 292.934295][ T6476] netlink: 12 bytes leftover after parsing attributes in process `syz.0.133'. [ 293.206488][ T1882] (null): failure setting delay to 10us [ 293.212661][ T1882] i2c-tiny-usb 4-1:0.39: probe with driver i2c-tiny-usb failed with error -5 [ 293.369552][ T1882] usb 4-1: USB disconnect, device number 10 [ 294.148146][ T6294] veth0_vlan: entered promiscuous mode [ 294.361411][ T6294] veth1_vlan: entered promiscuous mode [ 294.764096][ T6294] veth0_macvtap: entered promiscuous mode [ 294.966277][ T6294] veth1_macvtap: entered promiscuous mode [ 295.180687][ T6294] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 295.193054][ T6294] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 295.204508][ T6294] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 295.215419][ T6294] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 295.230140][ T6294] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 295.242095][ T6294] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 295.252263][ T6294] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 295.263166][ T6294] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 295.277966][ T6294] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 295.343296][ T6504] netlink: 'syz.3.140': attribute type 1 has an invalid length. [ 295.351273][ T6504] netlink: 'syz.3.140': attribute type 2 has an invalid length. [ 295.361953][ T6504] A link change request failed with some changes committed already. Interface macvlan0 may have been left with an inconsistent configuration, please check. [ 295.397440][ T6505] loop4: detected capacity change from 0 to 512 [ 295.478627][ T6505] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem [ 295.515166][ T6294] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 295.531800][ T6294] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 295.546254][ T6294] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 295.560735][ T6294] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 295.571235][ T6294] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 295.582244][ T6294] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 295.592496][ T6294] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 295.603355][ T6294] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 295.618100][ T6294] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 295.650151][ T6294] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 295.659416][ T6294] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 295.668993][ T6294] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 295.678283][ T6294] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 295.679656][ T6505] EXT4-fs (loop4): invalid journal inode [ 295.693589][ T6505] EXT4-fs (loop4): can't get journal size [ 295.973378][ T6505] EXT4-fs (loop4): 1 truncate cleaned up [ 295.980977][ T6505] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 296.439083][ T6519] loop0: detected capacity change from 0 to 1024 [ 296.950232][ T6519] hfsplus: found bad thread record in catalog [ 297.639656][ T6519] hfsplus: xattr searching failed [ 297.712776][ T29] kauditd_printk_skb: 36 callbacks suppressed [ 297.712861][ T29] audit: type=1800 audit(1869929412.262:48): pid=6519 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.143" name="file1" dev="loop0" ino=3 res=0 errno=0 [ 297.741992][ T6519] hfsplus: xattr searching failed [ 297.761022][ T6519] hfsplus: xattr searching failed [ 297.815226][ T29] audit: type=1800 audit(1869929412.362:49): pid=6519 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.143" name="file1" dev="loop0" ino=3 res=0 errno=0 [ 297.840076][ T6519] hfsplus: xattr searching failed [ 298.455085][ T6550] netlink: 36 bytes leftover after parsing attributes in process `syz.2.146'. [ 298.464545][ T6550] netlink: 44 bytes leftover after parsing attributes in process `syz.2.146'. [ 298.483091][ T29] audit: type=1326 audit(1869929413.052:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6542 comm="syz.2.146" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb344985d29 code=0x7ffc0000 [ 298.508911][ T29] audit: type=1326 audit(1869929413.052:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6542 comm="syz.2.146" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb344985d29 code=0x7ffc0000 [ 299.367363][ T6559] fuse: Bad value for 'fd' [ 299.657012][ T6545] hfsplus: b-tree write err: -5, ino 3 [ 299.910804][ T5803] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 300.689910][ T6566] loop3: detected capacity change from 0 to 2048 [ 303.240614][ T6580] loop0: detected capacity change from 0 to 128 [ 303.954993][ T6580] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 304.043161][ T6580] ext4 filesystem being mounted at /38/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 304.109040][ T6591] loop3: detected capacity change from 0 to 256 [ 304.315382][ T6591] evm: overlay not supported [ 304.504531][ T5074] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 304.513193][ T5074] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 304.522607][ T25] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 304.718850][ T25] usb 3-1: Using ep0 maxpacket: 16 [ 304.740022][ T5786] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 304.746152][ T25] usb 3-1: config 0 has an invalid interface number: 68 but max is 0 [ 304.759050][ T25] usb 3-1: config 0 has no interface number 0 [ 304.765919][ T25] usb 3-1: config 0 interface 68 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 1023 [ 304.799571][ T1882] usb 4-1: new full-speed USB device number 11 using dummy_hcd [ 304.809518][ T3904] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 304.817883][ T3904] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 304.938576][ T25] usb 3-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=dc.c4 [ 304.952953][ T25] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 304.961252][ T25] usb 3-1: Product: syz [ 304.967397][ T25] usb 3-1: Manufacturer: syz [ 304.972431][ T25] usb 3-1: SerialNumber: syz [ 305.028625][ T25] usb 3-1: config 0 descriptor?? [ 305.036962][ T6598] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 305.099452][ T1882] usb 4-1: New USB device found, idVendor=2040, idProduct=9301, bcdDevice=e4.fb [ 305.109154][ T1882] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 305.192651][ T1882] usb 4-1: config 0 descriptor?? [ 305.245889][ T25] usb 3-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 305.295443][ T1882] dvb-usb: found a 'Hauppauge WinTV-NOVA-T usb2' in warm state. [ 305.303756][ T1882] dvb-usb: bulk message failed: -22 (3/0) [ 305.322379][ T1882] dvb-usb: will use the device's hardware PID filter (table count: 32). [ 305.337324][ T1882] dvbdev: DVB: registering new adapter (Hauppauge WinTV-NOVA-T usb2) [ 305.346079][ T1882] usb 4-1: media controller created [ 305.351875][ T1882] dvb-usb: bulk message failed: -22 (5/0) [ 305.358311][ T1882] dvb-usb: MAC address reading failed. [ 305.383532][ T1882] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 305.597716][ T6615] netlink: 4 bytes leftover after parsing attributes in process `syz.0.158'. [ 305.607451][ T6615] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 305.615440][ T6615] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 305.704144][ T1882] dvb-usb: bulk message failed: -22 (6/0) [ 305.711072][ T6615] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 305.711389][ T1882] dvb-usb: bulk message failed: -22 (6/0) [ 305.720854][ T6615] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 305.725425][ T1882] dvb-usb: no frontend was attached by 'Hauppauge WinTV-NOVA-T usb2' [ 305.742527][ T3904] usb 3-1: Failed to submit usb control message: -71 [ 305.749537][ T3904] usb 3-1: unable to send the bmi data to the device: -71 [ 305.749744][ T10] usb 3-1: USB disconnect, device number 6 [ 305.757193][ T3904] usb 3-1: unable to get target info from device [ 305.757312][ T3904] usb 3-1: could not get target info (-71) [ 305.780604][ T3904] usb 3-1: could not probe fw (-71) [ 305.891444][ T1882] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input9 [ 305.991537][ T1882] dvb-usb: schedule remote query interval to 100 msecs. [ 305.999175][ T1882] dvb-usb: Hauppauge WinTV-NOVA-T usb2 successfully initialized and connected. [ 306.102402][ T25] dvb-usb: bulk message failed: -22 (2/0) [ 306.108426][ T25] dvb-usb: error while querying for an remote control event. [ 306.140027][ T1882] usb 4-1: USB disconnect, device number 11 [ 306.816867][ T1882] dvb-usb: Hauppauge WinTV-NOVA-T usb2 successfully deinitialized and disconnected. [ 307.554304][ T6632] netlink: 64 bytes leftover after parsing attributes in process `syz.5.162'. [ 307.899437][ T6630] loop2: detected capacity change from 0 to 32768 [ 307.911558][ T6630] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.160 (6630) [ 307.946926][ T6630] BTRFS info (device loop2): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 307.957943][ T6630] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [ 307.968376][ T6630] BTRFS info (device loop2): using free-space-tree [ 308.356139][ T29] audit: type=1326 audit(1869929422.882:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6650 comm="syz.5.166" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8661585d29 code=0x7ffc0000 [ 308.379093][ T29] audit: type=1326 audit(1869929422.892:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6650 comm="syz.5.166" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8661585d29 code=0x7ffc0000 [ 308.401564][ C0] vkms_vblank_simulate: vblank timer overrun [ 308.408856][ T29] audit: type=1326 audit(1869929422.892:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6650 comm="syz.5.166" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8661585d29 code=0x7ffc0000 [ 308.432730][ T29] audit: type=1326 audit(1869929422.892:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6650 comm="syz.5.166" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8661585d29 code=0x7ffc0000 [ 308.459163][ T29] audit: type=1326 audit(1869929422.892:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6650 comm="syz.5.166" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8661585d29 code=0x7ffc0000 [ 308.484297][ T29] audit: type=1326 audit(1869929422.902:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6650 comm="syz.5.166" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8661585d29 code=0x7ffc0000 [ 308.507768][ T29] audit: type=1326 audit(1869929422.902:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6650 comm="syz.5.166" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8661585d29 code=0x7ffc0000 [ 308.534091][ T29] audit: type=1326 audit(1869929422.902:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6650 comm="syz.5.166" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8661585d29 code=0x7ffc0000 [ 308.558157][ T29] audit: type=1326 audit(1869929422.902:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6650 comm="syz.5.166" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8661585d29 code=0x7ffc0000 [ 308.580974][ T29] audit: type=1326 audit(1869929422.902:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6650 comm="syz.5.166" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8661585d29 code=0x7ffc0000 [ 308.603392][ C0] vkms_vblank_simulate: vblank timer overrun [ 308.870921][ T10] usb 4-1: new full-speed USB device number 12 using dummy_hcd [ 309.290555][ T10] usb 4-1: not running at top speed; connect to a high speed hub [ 309.499211][ T10] usb 4-1: config 7 has an invalid interface number: 199 but max is 1 [ 309.507964][ T10] usb 4-1: config 7 has an invalid interface number: 210 but max is 1 [ 309.516692][ T10] usb 4-1: config 7 has no interface number 0 [ 309.523221][ T10] usb 4-1: config 7 has no interface number 1 [ 309.529594][ T10] usb 4-1: config 7 interface 210 altsetting 15 has an invalid descriptor for endpoint zero, skipping [ 309.541467][ T10] usb 4-1: config 7 interface 210 altsetting 15 endpoint 0x3 has invalid maxpacket 1024, setting to 64 [ 309.559924][ T10] usb 4-1: config 7 interface 199 has no altsetting 0 [ 309.571068][ T10] usb 4-1: config 7 interface 210 has no altsetting 0 [ 309.586438][ T6630] BTRFS info (device loop2): rebuilding free space tree [ 309.673296][ T10] usb 4-1: language id specifier not provided by device, defaulting to English [ 309.693388][ T10] usb 4-1: New USB device found, idVendor=0bb4, idProduct=0a7e, bcdDevice=9a.b7 [ 309.703110][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 309.711379][ T10] usb 4-1: Product: 㔚ㅤⷉ髑îŸÂ¤é…㇕䄘墯ꎲ৛迡㺙✣ϫ⥀ðŒŒè“¿ä¢ƒç¢£ê…즉䱺䒚筰渀益æ„ⓥᱽ袣쟺㭃ᣨáŒæŠá²ˆé®Ð…Ÿç·â»¤ï›¯á¯ŒÚºì´¬êŠ§ä‹³å‚’ඪ嵶â¦î›žêš½ï™½é§±æ¢²á£™â¬¯é¦´äº‚㹨æ°í˜½âœŠë»®å¬‘éžê±ä‰¾ê£œî£¨ê™¶è«‘溲ä©æµ°äœ¸è’¤êž‡æ„·à¤™â®¨ç«€éƒá¯‚줤ížÉ¼ç·ï¬¸á£µà¥ŒåŒ¼å—扎汆톈ୠ᥺㵂ï¾é…¯ê¡•â›– [ 309.743360][ C0] vkms_vblank_simulate: vblank timer overrun [ 309.749874][ T10] usb 4-1: Manufacturer: 㛱톘೭㶩視䃽໣Ў竲켪뜮溊铦â¿ê¢¢ï¬…î‡é«„âŸï¼¸ì‘ꤺ臀꼧嗚▤䌄芜微屨è¸Äµé¾”阊Š鈡힫ᢉ뇻꺓ᣴ瀔ᒞ屸ï嫜쟣ê¦ï­™è¾© [ 309.772764][ T10] usb 4-1: SerialNumber: 穂ᔛ칎é°ê‡ŽíŸ£â‡”á½±è®â°¦î½´ä€ ìŠ­ç’—뉊嫴༎찷圶欦䃓栥강턾唔îŒæ¼ ì¦–ë„­ [ 310.586984][ T6680] syz.0.175: attempt to access beyond end of device [ 310.586984][ T6680] loop0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 310.610672][ T10] usb 4-1: can't set config #7, error -71 [ 310.686059][ T10] usb 4-1: USB disconnect, device number 12 [ 310.711044][ T5785] BTRFS info (device loop2): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 311.406475][ T6696] loop0: detected capacity change from 0 to 128 [ 311.764104][ T6693] loop5: detected capacity change from 0 to 512 [ 312.382756][ T6693] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 312.395977][ T6693] ext4 filesystem being mounted at /6/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 312.694087][ T6693] syz.5.179 (6693) used greatest stack depth: 4400 bytes left [ 313.338395][ T6294] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 314.301442][ T29] kauditd_printk_skb: 13 callbacks suppressed [ 314.301522][ T29] audit: type=1326 audit(1869929428.872:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6736 comm="syz.2.191" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb344985d29 code=0x7ffc0000 [ 314.332444][ T29] audit: type=1326 audit(1869929428.872:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6736 comm="syz.2.191" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb344985d29 code=0x7ffc0000 [ 314.356873][ T29] audit: type=1326 audit(1869929428.912:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6736 comm="syz.2.191" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb344985d29 code=0x7ffc0000 [ 314.382650][ T29] audit: type=1326 audit(1869929428.912:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6736 comm="syz.2.191" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb344985d29 code=0x7ffc0000 [ 314.408916][ T29] audit: type=1326 audit(1869929428.912:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6736 comm="syz.2.191" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb344985d29 code=0x7ffc0000 [ 314.689118][ T29] audit: type=1326 audit(1869929429.172:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6736 comm="syz.2.191" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb344985d29 code=0x7ffc0000 [ 314.712796][ T29] audit: type=1326 audit(1869929429.172:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6736 comm="syz.2.191" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb344985d29 code=0x7ffc0000 [ 314.736585][ T29] audit: type=1326 audit(1869929429.182:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6736 comm="syz.2.191" exe="/root/syz-executor" sig=0 arch=c000003e syscall=162 compat=0 ip=0x7fb344985d29 code=0x7ffc0000 [ 314.786895][ T6745] netdevsim netdevsim4 netdevsim0: entered promiscuous mode [ 315.034407][ T29] audit: type=1326 audit(1869929429.512:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6736 comm="syz.2.191" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb344985d29 code=0x7ffc0000 [ 316.033507][ T6765] netlink: 8 bytes leftover after parsing attributes in process `syz.3.200'. [ 316.179727][ T29] audit: type=1107 audit(1869929430.792:84): pid=6763 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='Ei r‘Cy‹BÏ´´d)&tgÍ7xܵ½]¶¤Íd´ðKE‰í¾¹õ®hþÚ§ò= ­nÓ³†nÆ÷±Ó¼‰!DyMšI¥†-¶~ÚÄÅtƒ¤u}‘‰%°|ë€+¡ÿ4ÄœÒ(' [ 316.509424][ T6770] netlink: '+}[@': attribute type 4 has an invalid length. [ 317.345018][ T6786] netlink: 'syz.0.209': attribute type 12 has an invalid length. [ 317.501519][ T6787] netlink: 4 bytes leftover after parsing attributes in process `syz.3.208'. [ 317.580811][ T6785] 9pnet_fd: Insufficient options for proto=fd [ 317.756455][ T6792] netlink: 48 bytes leftover after parsing attributes in process `syz.5.207'. [ 317.823427][ T6785] netlink: 'syz.5.207': attribute type 10 has an invalid length. [ 317.832969][ T6785] bridge0: port 2(bridge_slave_1) entered disabled state [ 317.842985][ T6785] bridge0: port 1(bridge_slave_0) entered disabled state [ 317.872528][ T6785] bridge0: port 2(bridge_slave_1) entered blocking state [ 317.880523][ T6785] bridge0: port 2(bridge_slave_1) entered forwarding state [ 317.889427][ T6785] bridge0: port 1(bridge_slave_0) entered blocking state [ 317.897414][ T6785] bridge0: port 1(bridge_slave_0) entered forwarding state [ 317.916606][ T6785] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 318.116631][ T6796] loop2: detected capacity change from 0 to 256 [ 318.223248][ T6796] FAT-fs (loop2): Invalid FSINFO signature: 0x00fffff8, 0x00000000 (sector = 1) [ 318.233040][ T6796] FAT-fs (loop2): bogus number of directory entries (1) [ 318.240239][ T6796] FAT-fs (loop2): Can't find a valid FAT filesystem [ 318.645242][ T6786] loop0: detected capacity change from 0 to 8192 [ 319.551027][ T6814] netlink: 'syz.2.215': attribute type 39 has an invalid length. [ 320.871925][ T6836] netlink: 64 bytes leftover after parsing attributes in process `syz.3.223'. [ 320.961848][ T6830] debugfs: Directory 'ttyS3' with parent 'caif_serial' already present! [ 321.307181][ T6828] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 321.888153][ T6848] loop0: detected capacity change from 0 to 8192 [ 323.131456][ T29] audit: type=1326 audit(1869929437.732:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6863 comm="syz.2.232" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb344985d29 code=0x7ffc0000 [ 323.154352][ T29] audit: type=1326 audit(1869929437.742:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6863 comm="syz.2.232" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb344985d29 code=0x7ffc0000 [ 323.238017][ T6866] netlink: 36 bytes leftover after parsing attributes in process `syz.0.233'. [ 323.432257][ T29] audit: type=1326 audit(1869929437.822:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6863 comm="syz.2.232" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb344985d29 code=0x7ffc0000 [ 323.455604][ T29] audit: type=1326 audit(1869929437.822:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6863 comm="syz.2.232" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb344985d29 code=0x7ffc0000 [ 323.478500][ T29] audit: type=1326 audit(1869929437.832:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6863 comm="syz.2.232" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb344985d29 code=0x7ffc0000 [ 323.504876][ T29] audit: type=1326 audit(1869929437.832:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6863 comm="syz.2.232" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb344985d29 code=0x7ffc0000 [ 323.528673][ T29] audit: type=1326 audit(1869929437.842:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6863 comm="syz.2.232" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb344985d29 code=0x7ffc0000 [ 323.552872][ T29] audit: type=1326 audit(1869929437.842:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6863 comm="syz.2.232" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb344985d29 code=0x7ffc0000 [ 323.575993][ T29] audit: type=1326 audit(1869929437.852:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6863 comm="syz.2.232" exe="/root/syz-executor" sig=0 arch=c000003e syscall=271 compat=0 ip=0x7fb344985d29 code=0x7ffc0000 [ 323.603652][ T29] audit: type=1326 audit(1869929437.922:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6863 comm="syz.2.232" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb344985d29 code=0x7ffc0000 [ 323.765317][ T6873] openvswitch: netlink: Message has 348 unknown bytes. [ 324.867488][ T6885] loop5: detected capacity change from 0 to 512 [ 324.929245][ T6885] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (57259!=33349) [ 325.046311][ T6885] EXT4-fs (loop5): orphan cleanup on readonly fs [ 325.115774][ T6885] EXT4-fs error (device loop5): ext4_read_block_bitmap_nowait:517: comm syz.5.240: Block bitmap for bg 0 marked uninitialized [ 325.170451][ T6889] xt_CT: You must specify a L4 protocol and not use inversions on it [ 325.197951][ T6885] EXT4-fs error (device loop5) in ext4_mb_clear_bb:6550: Corrupt filesystem [ 325.284619][ T6885] EXT4-fs (loop5): 1 orphan inode deleted [ 325.292536][ T6885] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 325.680100][ T6894] loop3: detected capacity change from 0 to 1024 [ 325.880352][ T6294] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 325.905031][ T6894] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 326.024317][ T6894] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 326.598973][ T5790] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 327.249654][ T6909] loop3: detected capacity change from 0 to 512 [ 328.008331][ T6909] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 328.021687][ T6909] ext4 filesystem being mounted at /54/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 328.625552][ T6924] loop5: detected capacity change from 0 to 512 [ 328.635304][ T6909] 8021q: adding VLAN 0 to HW filter on device bond0 [ 328.644298][ T6909] bond0: (slave sit0): The slave device specified does not support setting the MAC address [ 328.657752][ T6909] bond0: (slave sit0): Error -95 calling set_mac_address [ 328.732622][ T6924] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 328.828155][ T6924] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 328.841635][ T6924] ext4 filesystem being mounted at /20/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 329.212820][ T29] kauditd_printk_skb: 6 callbacks suppressed [ 329.212900][ T29] audit: type=1800 audit(1869929443.822:101): pid=6919 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.247" name="file1" dev="loop5" ino=15 res=0 errno=0 [ 329.243895][ T29] audit: type=1800 audit(1869929443.822:102): pid=6923 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.247" name="file1" dev="loop5" ino=15 res=0 errno=0 [ 329.878357][ T6940] netlink: 28 bytes leftover after parsing attributes in process `syz.4.253'. [ 329.954233][ T5790] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 329.961328][ T6938] loop2: detected capacity change from 0 to 1024 [ 329.989998][ T6294] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 330.111966][ T6939] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 330.128036][ T6938] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 330.396085][ T29] audit: type=1326 audit(1869929444.992:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6946 comm="syz.5.254" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8661585d29 code=0x7ffc0000 [ 330.419475][ T29] audit: type=1326 audit(1869929445.002:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6946 comm="syz.5.254" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8661585d29 code=0x7ffc0000 [ 330.442876][ T29] audit: type=1326 audit(1869929445.002:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6946 comm="syz.5.254" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8661585d29 code=0x7ffc0000 [ 330.468642][ T29] audit: type=1326 audit(1869929445.002:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6946 comm="syz.5.254" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8661585d29 code=0x7ffc0000 [ 330.492713][ T29] audit: type=1326 audit(1869929445.002:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6946 comm="syz.5.254" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8661585d29 code=0x7ffc0000 [ 330.515612][ T29] audit: type=1326 audit(1869929445.012:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6946 comm="syz.5.254" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8661585d29 code=0x7ffc0000 [ 330.538354][ T29] audit: type=1326 audit(1869929445.042:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6946 comm="syz.5.254" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8661585d29 code=0x7ffc0000 [ 330.564831][ T29] audit: type=1326 audit(1869929445.042:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6946 comm="syz.5.254" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8661585d29 code=0x7ffc0000 [ 331.065166][ T6950] netlink: 4 bytes leftover after parsing attributes in process `syz.2.252'. [ 331.805297][ T6939] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 332.125418][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 332.132267][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 332.419113][ T6939] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 332.579427][ T5785] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 332.704189][ T6939] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 333.121254][ T6939] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 333.152692][ T6939] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 333.180299][ T6939] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 333.353271][ T6939] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 333.669386][ T6976] loop2: detected capacity change from 0 to 8192 [ 334.251915][ T6989] loop3: detected capacity change from 0 to 2048 [ 334.261112][ T6989] EXT4-fs: Ignoring removed nobh option [ 334.753378][ T6989] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 334.838089][ T7000] loop4: detected capacity change from 0 to 512 [ 334.919240][ T29] kauditd_printk_skb: 20 callbacks suppressed [ 334.919323][ T29] audit: type=1800 audit(1869929449.502:131): pid=6989 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.266" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 334.997490][ T7002] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 335.048821][ T7002] EXT4-fs (loop3): Delayed block allocation failed for inode 19 at logical offset 10 with max blocks 1 with error 28 [ 335.050990][ T7000] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2240: inode #15: comm syz.4.268: corrupted in-inode xattr: invalid ea_ino [ 335.067141][ T7002] EXT4-fs (loop3): This should not happen!! Data will be lost [ 335.067141][ T7002] [ 335.091176][ T7002] EXT4-fs (loop3): Total free blocks count 0 [ 335.097624][ T7002] EXT4-fs (loop3): Free/Dirty block details [ 335.103863][ T7002] EXT4-fs (loop3): free_blocks=2415919104 [ 335.109841][ T7002] EXT4-fs (loop3): dirty_blocks=16 [ 335.116987][ T7002] EXT4-fs (loop3): Block reservation details [ 335.123451][ T7002] EXT4-fs (loop3): i_reserved_data_blocks=1 [ 335.170192][ T7000] EXT4-fs error (device loop4): ext4_orphan_get:1394: comm syz.4.268: couldn't read orphan inode 15 (err -117) [ 335.217172][ T6989] EXT4-fs (loop3): shut down requested (0) [ 335.263287][ T7000] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 335.599644][ T7000] EXT4-fs error (device loop4): ext4_inlinedir_to_tree:1404: inode #12: block 7: comm syz.4.268: path /54/file1/file0: bad entry in directory: rec_len % 4 != 0 - offset=259, inode=4278190093, rec_len=255, size=60 fake=0 [ 335.695224][ T7012] loop5: detected capacity change from 0 to 512 [ 335.745487][ T7010] program syz.2.272 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 335.760693][ T7008] loop0: detected capacity change from 0 to 1024 [ 335.809545][ T7012] EXT4-fs error (device loop5): ext4_orphan_get:1389: inode #15: comm syz.5.270: casefold flag without casefold feature [ 335.870607][ T7012] EXT4-fs error (device loop5): ext4_orphan_get:1394: comm syz.5.270: couldn't read orphan inode 15 (err -117) [ 335.870678][ T7000] EXT4-fs error (device loop4): ext4_inlinedir_to_tree:1404: inode #12: block 7: comm syz.4.268: path /54/file1/file0: bad entry in directory: rec_len % 4 != 0 - offset=259, inode=4278190093, rec_len=255, size=60 fake=0 [ 335.898878][ T7012] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 335.951526][ T7012] EXT4-fs error (device loop5): ext4_add_entry:2444: inode #2: comm syz.5.270: Directory hole found for htree leaf block 0 [ 336.025680][ T7008] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 336.365385][ T7008] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 336.715262][ T7026] process 'syz.2.276' launched './file0' with NULL argv: empty string added [ 336.727303][ T5803] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 336.845279][ T5786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 336.857235][ T6294] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 337.425483][ T7035] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 337.536660][ T7042] loop5: detected capacity change from 0 to 512 [ 337.684371][ T7035] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 337.837002][ T7042] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 337.851078][ T7042] ext4 filesystem being mounted at /27/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 337.998745][ T7035] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 338.168785][ T29] audit: type=1326 audit(1869929452.752:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7051 comm="syz.0.281" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65e8d85d29 code=0x7ffc0000 [ 338.191668][ T29] audit: type=1326 audit(1869929452.752:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7051 comm="syz.0.281" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65e8d85d29 code=0x7ffc0000 [ 338.214491][ T29] audit: type=1326 audit(1869929452.752:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7051 comm="syz.0.281" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f65e8d85d29 code=0x7ffc0000 [ 338.240551][ T29] audit: type=1326 audit(1869929452.752:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7051 comm="syz.0.281" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65e8d85d29 code=0x7ffc0000 [ 338.264285][ T29] audit: type=1326 audit(1869929452.762:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7051 comm="syz.0.281" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65e8d85d29 code=0x7ffc0000 [ 338.287231][ T29] audit: type=1326 audit(1869929452.762:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7051 comm="syz.0.281" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f65e8d85d29 code=0x7ffc0000 [ 338.309973][ T29] audit: type=1326 audit(1869929452.762:138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7051 comm="syz.0.281" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65e8d85d29 code=0x7ffc0000 [ 338.336050][ T29] audit: type=1326 audit(1869929452.762:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7051 comm="syz.0.281" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65e8d85d29 code=0x7ffc0000 [ 338.359886][ T29] audit: type=1326 audit(1869929452.762:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7051 comm="syz.0.281" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f65e8d85d29 code=0x7ffc0000 [ 338.514434][ T7035] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 338.889811][ T7035] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 338.918306][ T7035] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 338.956528][ T7035] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 338.984941][ T7035] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 339.064222][ T7060] loop0: detected capacity change from 0 to 2048 [ 339.120487][ T6294] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 339.282694][ T7063] loop3: detected capacity change from 0 to 256 [ 340.575791][ T7060] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 341.344521][ T7049] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 281 free clusters [ 341.751872][ T5786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 342.136201][ T1284] ieee802154 phy1 wpan1: encryption failed: -22 [ 343.032899][ T7105] netlink: 3 bytes leftover after parsing attributes in process `syz.3.297'. [ 343.047823][ T7105] 0ªX¹¦À: renamed from caif0 [ 343.434442][ T7105] 0ªX¹¦À: entered allmulticast mode [ 343.439912][ T7105] A link change request failed with some changes committed already. Interface 60ªX¹¦À may have been left with an inconsistent configuration, please check. [ 343.467532][ T7111] netlink: 16 bytes leftover after parsing attributes in process `+}[@'. [ 343.563627][ T7116] loop3: detected capacity change from 0 to 512 [ 343.615233][ T7116] EXT4-fs: Ignoring removed oldalloc option [ 344.048414][ T7116] EXT4-fs error (device loop3): ext4_xattr_inode_iget:436: comm syz.3.297: Parent and EA inode have the same ino 15 [ 344.212846][ T7116] EXT4-fs (loop3): Remounting filesystem read-only [ 344.220085][ T7116] EXT4-fs warning (device loop3): ext4_expand_extra_isize_ea:2863: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 344.233637][ T7116] EXT4-fs warning (device loop3): ext4_evict_inode:259: couldn't mark inode dirty (err -5) [ 344.244298][ T7116] EXT4-fs (loop3): 1 orphan inode deleted [ 344.251860][ T7116] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 344.322393][ T7112] loop2: detected capacity change from 0 to 512 [ 344.450896][ T7112] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.298: bg 0: block 248: padding at end of block bitmap is not set [ 344.649833][ T5790] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 344.663563][ T7112] __quota_error: 40 callbacks suppressed [ 344.663651][ T7112] Quota error (device loop2): write_blk: dquota write failed [ 344.683463][ T7112] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 344.694020][ T7112] EXT4-fs error (device loop2): ext4_acquire_dquot:6938: comm syz.2.298: Failed to acquire dquot type 1 [ 344.821018][ T7112] EXT4-fs (loop2): 1 truncate cleaned up [ 344.831740][ T7112] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 344.845773][ T7112] ext4 filesystem being mounted at /60/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 345.098430][ T7134] tipc: Started in network mode [ 345.103902][ T7134] tipc: Node identity 2e376682e7c9, cluster identity 4711 [ 345.112296][ T7134] tipc: Enabled bearer , priority 0 [ 345.320240][ T7134] syzkaller0: entered promiscuous mode [ 345.326229][ T7134] syzkaller0: entered allmulticast mode [ 345.334740][ T7134] tipc: Resetting bearer [ 345.404613][ T7112] syz.2.298 (7112) used greatest stack depth: 3888 bytes left [ 345.561491][ T7120] loop0: detected capacity change from 0 to 8192 [ 345.571583][ T7120] vfat: Unknown parameter 'ÿÿÿÿÿÿÿÿÿÿÿÿ' [ 345.662635][ T5785] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 345.680067][ T7132] tipc: Resetting bearer [ 345.859221][ T7132] tipc: Disabling bearer [ 346.102644][ T25] tipc: Node number set to 3388892802 [ 347.055107][ T7156] netlink: 16 bytes leftover after parsing attributes in process `syz.4.309'. [ 348.175887][ T29] audit: type=1326 audit(1869929462.792:181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7166 comm="syz.5.312" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8661585d29 code=0x7ffc0000 [ 348.292265][ T29] audit: type=1326 audit(1869929462.822:182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7166 comm="syz.5.312" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f8661585d29 code=0x7ffc0000 [ 348.315489][ T29] audit: type=1326 audit(1869929462.822:183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7166 comm="syz.5.312" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8661585d29 code=0x7ffc0000 [ 348.338259][ T29] audit: type=1326 audit(1869929462.842:184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7166 comm="syz.5.312" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f8661585d29 code=0x7ffc0000 [ 348.361126][ T29] audit: type=1326 audit(1869929462.852:185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7166 comm="syz.5.312" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8661585d29 code=0x7ffc0000 [ 348.387520][ T29] audit: type=1326 audit(1869929462.872:186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7166 comm="syz.5.312" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f8661585d29 code=0x7ffc0000 [ 348.411050][ T29] audit: type=1326 audit(1869929462.872:187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7166 comm="syz.5.312" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8661585d29 code=0x7ffc0000 [ 349.003609][ T29] audit: type=1326 audit(1869929463.252:188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7173 comm="syz.3.311" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f33b3785d29 code=0x7ffc0000 [ 349.463639][ T5085] Bluetooth: hci2: command 0x0406 tx timeout [ 349.470318][ T5799] Bluetooth: hci1: command 0x0406 tx timeout [ 349.479299][ T5787] Bluetooth: hci0: command 0x0406 tx timeout [ 350.550942][ T7205] bond0: entered promiscuous mode [ 350.556770][ T7205] bond_slave_0: entered promiscuous mode [ 350.563970][ T7205] bond_slave_1: entered promiscuous mode [ 350.573231][ T7205] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 350.607124][ T7205] bond0: left promiscuous mode [ 350.612534][ T7205] bond_slave_0: left promiscuous mode [ 350.625968][ T7205] bond_slave_1: left promiscuous mode [ 351.202973][ T29] kauditd_printk_skb: 37 callbacks suppressed [ 351.203050][ T29] audit: type=1326 audit(1869929465.812:226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7213 comm="syz.4.326" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec8d185d29 code=0x7ffc0000 [ 351.235775][ T29] audit: type=1326 audit(1869929465.812:227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7213 comm="syz.4.326" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fec8d185d29 code=0x7ffc0000 [ 351.259671][ T29] audit: type=1326 audit(1869929465.822:228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7213 comm="syz.4.326" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec8d185d29 code=0x7ffc0000 [ 351.282443][ T29] audit: type=1326 audit(1869929465.822:229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7213 comm="syz.4.326" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fec8d185d29 code=0x7ffc0000 [ 351.305674][ T29] audit: type=1326 audit(1869929465.822:230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7213 comm="syz.4.326" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec8d185d29 code=0x7ffc0000 [ 351.328626][ T29] audit: type=1326 audit(1869929465.822:231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7213 comm="syz.4.326" exe="/root/syz-executor" sig=0 arch=c000003e syscall=279 compat=0 ip=0x7fec8d185d29 code=0x7ffc0000 [ 352.414529][ T29] audit: type=1326 audit(1869929466.952:232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7220 comm="syz.5.328" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8661585d29 code=0x7ffc0000 [ 352.437721][ T29] audit: type=1326 audit(1869929466.952:233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7220 comm="syz.5.328" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8661585d29 code=0x7ffc0000 [ 352.463797][ T29] audit: type=1326 audit(1869929467.012:234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7220 comm="syz.5.328" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8661585d29 code=0x7ffc0000 [ 353.811949][ T29] audit: type=1326 audit(1869929467.702:235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7220 comm="syz.5.328" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8661585d29 code=0x7ffc0000 [ 356.120402][ T7240] netlink: 76 bytes leftover after parsing attributes in process `syz.2.334'. [ 356.220764][ T7242] loop3: detected capacity change from 0 to 512 [ 356.561712][ T7242] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 356.575268][ T7242] ext4 filesystem being mounted at /71/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 357.539768][ T7253] netlink: 'syz.2.337': attribute type 3 has an invalid length. [ 357.670543][ T5790] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 357.738086][ T7254] netlink: 96 bytes leftover after parsing attributes in process `syz.5.336'. [ 358.822723][ T7261] vxcan1: tx address claim with dlc 3 [ 358.934690][ T7260] loop2: detected capacity change from 0 to 512 [ 359.055198][ T7260] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 359.267517][ T7260] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 359.281070][ T7260] ext4 filesystem being mounted at /70/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 359.805431][ T29] kauditd_printk_skb: 6 callbacks suppressed [ 359.805511][ T29] audit: type=1800 audit(1869929474.392:242): pid=7267 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.340" name="bus" dev="loop2" ino=18 res=0 errno=0 [ 359.835824][ T29] audit: type=1800 audit(1869929474.422:243): pid=7268 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.340" name="bus" dev="loop2" ino=18 res=0 errno=0 [ 360.250097][ T7272] @: renamed from vlan0 (while UP) [ 360.436255][ T7273] loop5: detected capacity change from 0 to 164 [ 360.588467][ T7273] Unable to read rock-ridge attributes [ 360.697650][ T7273] Unable to read rock-ridge attributes [ 360.743798][ T5785] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 360.834467][ T7273] iso9660: Corrupted directory entry in block 4 of inode 1792 [ 364.314930][ T29] audit: type=1326 audit(1869929478.842:244): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7289 comm="syz.3.339" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f33b3785d29 code=0x7ffc0000 [ 364.341590][ T29] audit: type=1326 audit(1869929478.852:245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7289 comm="syz.3.339" exe="/root/syz-executor" sig=0 arch=c000003e syscall=68 compat=0 ip=0x7f33b3785d29 code=0x7ffc0000 [ 364.365441][ T29] audit: type=1326 audit(1869929478.852:246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7289 comm="syz.3.339" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f33b3785d29 code=0x7ffc0000 [ 364.388219][ T29] audit: type=1326 audit(1869929478.852:247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7289 comm="syz.3.339" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f33b3785d29 code=0x7ffc0000 [ 364.410738][ T29] audit: type=1326 audit(1869929478.852:248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7289 comm="syz.3.339" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f33b3785d29 code=0x7ffc0000 [ 364.433742][ T29] audit: type=1326 audit(1869929478.872:249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7289 comm="syz.3.339" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7f33b3785d29 code=0x7ffc0000 [ 364.459666][ T29] audit: type=1326 audit(1869929478.872:250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7289 comm="syz.3.339" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f33b3785d29 code=0x7ffc0000 [ 364.483594][ T29] audit: type=1326 audit(1869929478.872:251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7289 comm="syz.3.339" exe="/root/syz-executor" sig=0 arch=c000003e syscall=47 compat=0 ip=0x7f33b3785d29 code=0x7ffc0000 [ 364.842573][ T29] kauditd_printk_skb: 21 callbacks suppressed [ 364.842649][ T29] audit: type=1326 audit(1869929479.452:273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7289 comm="syz.3.339" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7f33b3785db7 code=0x7ffc0000 [ 364.877872][ T7290] loop3: detected capacity change from 0 to 512 [ 364.910165][ T7302] syz.5.350[7302] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 364.910596][ T7302] syz.5.350[7302] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 364.948686][ T7302] syz.5.350[7302] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 364.976892][ T29] audit: type=1326 audit(1869929479.492:274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7289 comm="syz.3.339" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f33b3784690 code=0x7ffc0000 [ 365.011884][ T29] audit: type=1326 audit(1869929479.492:275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7289 comm="syz.3.339" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f33b378592b code=0x7ffc0000 [ 365.034713][ T29] audit: type=1326 audit(1869929479.642:276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7289 comm="syz.3.339" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f33b378498a code=0x7ffc0000 [ 365.060638][ T29] audit: type=1326 audit(1869929479.642:277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7289 comm="syz.3.339" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f33b378498a code=0x7ffc0000 [ 365.084387][ T29] audit: type=1326 audit(1869929479.642:278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7289 comm="syz.3.339" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f33b3784597 code=0x7ffc0000 [ 365.107105][ T29] audit: type=1326 audit(1869929479.642:279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7289 comm="syz.3.339" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f33b37874ca code=0x7ffc0000 [ 365.210412][ T7290] EXT4-fs warning (device loop3): ext4_enable_quotas:7156: Failed to enable quota tracking (type=0, err=-13, ino=3). Please run e2fsck to fix. [ 365.300474][ T7290] EXT4-fs (loop3): mount failed [ 365.378439][ T7307] netlink: 4 bytes leftover after parsing attributes in process `syz.2.352'. [ 365.451714][ T29] audit: type=1326 audit(1869929480.042:280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7289 comm="syz.3.339" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f33b3784690 code=0x7ffc0000 [ 365.481157][ T29] audit: type=1326 audit(1869929480.042:281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7289 comm="syz.3.339" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f33b378592b code=0x7ffc0000 [ 365.508051][ T29] audit: type=1326 audit(1869929480.042:282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7289 comm="syz.3.339" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f33b378498a code=0x7ffc0000 [ 365.771102][ T7307] veth0_macvtap: left promiscuous mode [ 367.197278][ T7320] loop5: detected capacity change from 0 to 4096 [ 367.772728][ T7320] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 368.523310][ T7345] netlink: 24 bytes leftover after parsing attributes in process `syz.2.361'. [ 368.532613][ T7345] netlink: 264 bytes leftover after parsing attributes in process `syz.2.361'. [ 368.545922][ T7345] netlink: 72 bytes leftover after parsing attributes in process `syz.2.361'. [ 368.831803][ T6294] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 372.762329][ T29] kauditd_printk_skb: 3 callbacks suppressed [ 372.762412][ T29] audit: type=1326 audit(1869929487.192:286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7387 comm="syz.0.376" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65e8d85d29 code=0x7ffc0000 [ 372.795350][ T29] audit: type=1326 audit(1869929487.192:287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7387 comm="syz.0.376" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f65e8d85d29 code=0x7ffc0000 [ 372.835967][ T29] audit: type=1326 audit(1869929487.192:288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7387 comm="syz.0.376" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65e8d85d29 code=0x7ffc0000 [ 372.870113][ T29] audit: type=1326 audit(1869929487.202:289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7387 comm="syz.0.376" exe="/root/syz-executor" sig=0 arch=c000003e syscall=129 compat=0 ip=0x7f65e8d85d29 code=0x7ffc0000 [ 372.896705][ T29] audit: type=1326 audit(1869929487.202:290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7387 comm="syz.0.376" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f65e8d7cce7 code=0x7ffc0000 [ 372.922167][ T29] audit: type=1326 audit(1869929487.202:291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7387 comm="syz.0.376" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f65e8d21f29 code=0x7ffc0000 [ 372.950356][ T29] audit: type=1326 audit(1869929487.202:292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7387 comm="syz.0.376" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65e8d85d29 code=0x7ffc0000 [ 374.325088][ T7420] loop4: detected capacity change from 0 to 512 [ 374.498581][ T7420] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 374.597042][ T7420] EXT4-fs (loop4): orphan cleanup on readonly fs [ 374.675514][ T7420] Quota error (device loop4): v2_read_file_info: Block with free entry 1 out of range (1, 6). [ 374.691831][ T7420] EXT4-fs warning (device loop4): ext4_enable_quotas:7156: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 374.761281][ T7420] EXT4-fs (loop4): Cannot turn on quotas: error -117 [ 374.863790][ T7420] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.387: bg 0: block 40: padding at end of block bitmap is not set [ 374.899849][ T7420] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6550: Corrupt filesystem [ 374.911796][ T7420] EXT4-fs (loop4): 1 truncate cleaned up [ 374.922425][ T7420] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 375.125346][ T7434] loop5: detected capacity change from 0 to 512 [ 375.137351][ T7434] EXT4-fs: Ignoring removed oldalloc option [ 375.147244][ T7434] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 375.301698][ T7420] netlink: 12 bytes leftover after parsing attributes in process `syz.4.387'. [ 375.311065][ T7420] netlink: 32 bytes leftover after parsing attributes in process `syz.4.387'. [ 375.392983][ T7443] loop0: detected capacity change from 0 to 764 [ 375.410507][ T7434] EXT4-fs (loop5): 1 truncate cleaned up [ 375.419951][ T7434] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 375.568381][ T7443] Symlink component flag not implemented [ 375.582746][ T7443] Symlink component flag not implemented (101) [ 375.620924][ T7434] IPv6: Can't replace route, no match found [ 376.135797][ T5803] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 376.168376][ T6294] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 376.481288][ T7452] loop2: detected capacity change from 0 to 1764 [ 376.977499][ T7461] netlink: 2 bytes leftover after parsing attributes in process `syz.0.401'. [ 379.364950][ T7500] loop0: detected capacity change from 0 to 4096 [ 379.415093][ T7500] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 380.121095][ T5786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 380.195393][ T7519] syz.5.421[7519] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 380.195817][ T7519] syz.5.421[7519] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 380.275434][ T7519] syz.5.421[7519] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 380.361764][ T7519] loop5: detected capacity change from 0 to 128 [ 381.086544][ T7526] loop0: detected capacity change from 0 to 512 [ 381.169040][ T7526] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 381.263165][ T7526] EXT4-fs (loop0): 1 truncate cleaned up [ 381.271052][ T7526] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 381.279506][ T7536] loop5: detected capacity change from 0 to 1024 [ 381.411085][ T7541] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 381.417145][ T7536] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 381.757510][ T5786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 382.812471][ T5074] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 382.952697][ T5074] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 382.968071][ T5074] EXT4-fs (loop5): This should not happen!! Data will be lost [ 382.968071][ T5074] [ 382.981734][ T5074] EXT4-fs (loop5): Total free blocks count 0 [ 382.992162][ T5074] EXT4-fs (loop5): Free/Dirty block details [ 382.998305][ T5074] EXT4-fs (loop5): free_blocks=68451041280 [ 383.007186][ T5074] EXT4-fs (loop5): dirty_blocks=704 [ 383.012745][ T5074] EXT4-fs (loop5): Block reservation details [ 383.018955][ T5074] EXT4-fs (loop5): i_reserved_data_blocks=44 [ 383.279383][ T1205] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 36 with max blocks 684 with error 28 [ 384.009036][ T7592] netlink: 4 bytes leftover after parsing attributes in process `syz.5.432'. [ 384.367522][ T29] audit: type=1326 audit(1869929498.982:293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7595 comm="syz.4.440" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec8d185d29 code=0x7ffc0000 [ 384.393318][ T29] audit: type=1326 audit(1869929498.982:294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7595 comm="syz.4.440" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec8d185d29 code=0x7ffc0000 [ 384.422960][ T29] audit: type=1326 audit(1869929498.982:295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7595 comm="syz.4.440" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fec8d185d29 code=0x7ffc0000 [ 384.449318][ T29] audit: type=1326 audit(1869929498.982:296): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7595 comm="syz.4.440" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec8d185d29 code=0x7ffc0000 [ 384.475173][ T29] audit: type=1326 audit(1869929498.982:297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7595 comm="syz.4.440" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec8d185d29 code=0x7ffc0000 [ 384.500670][ T29] audit: type=1326 audit(1869929498.982:298): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7595 comm="syz.4.440" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fec8d185d29 code=0x7ffc0000 [ 384.530721][ T29] audit: type=1326 audit(1869929498.982:299): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7595 comm="syz.4.440" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec8d185d29 code=0x7ffc0000 [ 384.556307][ T29] audit: type=1326 audit(1869929498.982:300): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7595 comm="syz.4.440" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fec8d185d29 code=0x7ffc0000 [ 384.581793][ T29] audit: type=1326 audit(1869929499.032:301): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7595 comm="syz.4.440" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec8d185d29 code=0x7ffc0000 [ 384.609367][ T29] audit: type=1326 audit(1869929499.032:302): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7595 comm="syz.4.440" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fec8d185d29 code=0x7ffc0000 [ 384.610173][ T7599] capability: warning: `syz.3.439' uses 32-bit capabilities (legacy support in use) [ 385.580556][ T7616] loop5: detected capacity change from 0 to 128 [ 385.964470][ T7623] kernel read not supported for file /eth0 (pid: 7623 comm: syz.0.448) [ 386.801097][ T7635] loop3: detected capacity change from 0 to 128 [ 386.843015][ T7635] FAT-fs (loop3): bogus number of reserved sectors [ 386.849814][ T7635] FAT-fs (loop3): This doesn't look like a DOS 1.x volume; DOS 2.x BPB is non-zero [ 386.862628][ T7635] FAT-fs (loop3): Can't find a valid FAT filesystem [ 387.050334][ T7640] loop4: detected capacity change from 0 to 512 [ 387.161676][ T7640] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2240: inode #15: comm syz.4.453: corrupted in-inode xattr: invalid ea_ino [ 387.245731][ T7640] EXT4-fs error (device loop4): ext4_orphan_get:1394: comm syz.4.453: couldn't read orphan inode 15 (err -117) [ 387.288149][ T7640] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 387.301705][ T7643] loop5: detected capacity change from 0 to 2048 [ 387.389982][ T7643] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 387.698925][ T6294] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 388.328621][ T5803] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 388.646270][ T7677] loop4: detected capacity change from 0 to 512 [ 388.655446][ T7677] journal_path: Non-blockdev passed as './file1' [ 388.662821][ T7677] EXT4-fs: error: could not find journal device path [ 388.696763][ T7677] x_tables: ip_tables: bpf.1 match: invalid size 528 (kernel) != (user) 544 [ 388.799675][ T7680] @: renamed from bond0 (while UP) [ 389.445062][ T29] kauditd_printk_skb: 19 callbacks suppressed [ 389.445139][ T29] audit: type=1326 audit(1869929504.052:322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7690 comm="syz.2.469" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb344985d29 code=0x7ffc0000 [ 389.474745][ T29] audit: type=1326 audit(1869929504.062:323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7690 comm="syz.2.469" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb344985d29 code=0x7ffc0000 [ 389.656713][ T29] audit: type=1326 audit(1869929504.272:324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7690 comm="syz.2.469" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb344985d29 code=0x7ffc0000 [ 389.771734][ T29] audit: type=1326 audit(1869929504.342:325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7690 comm="syz.2.469" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb344985d29 code=0x7ffc0000 [ 389.797567][ T29] audit: type=1326 audit(1869929504.342:326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7690 comm="syz.2.469" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb344985d29 code=0x7ffc0000 [ 389.854296][ T29] audit: type=1326 audit(1869929504.442:327): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7690 comm="syz.2.469" exe="/root/syz-executor" sig=0 arch=c000003e syscall=172 compat=0 ip=0x7fb344985d29 code=0x7ffc0000 [ 389.879893][ T29] audit: type=1326 audit(1869929504.442:328): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7690 comm="syz.2.469" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb344985d29 code=0x7ffc0000 [ 389.905885][ T29] audit: type=1326 audit(1869929504.452:329): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7690 comm="syz.2.469" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb344985d29 code=0x7ffc0000 [ 390.258980][ T7703] loop4: detected capacity change from 0 to 512 [ 390.279380][ T7703] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 390.318198][ T7703] EXT4-fs (loop4): 1 truncate cleaned up [ 390.326401][ T7703] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 390.401204][ T7703] futex_wake_op: syz.4.475 tries to shift op by -1; fix this program [ 390.785702][ T5803] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 390.916964][ T7716] netlink: 16 bytes leftover after parsing attributes in process `syz.3.480'. [ 391.276391][ T7720] tmpfs: Bad value for 'mpol' [ 391.915457][ T7729] smc: net device bond0 applied user defined pnetid SYZ0 [ 391.925038][ T7729] smc: net device bond0 erased user defined pnetid SYZ0 [ 393.091185][ T7741] loop4: detected capacity change from 0 to 764 [ 393.155803][ T7741] rock: directory entry would overflow storage [ 393.162629][ T7741] rock: sig=0x4654, size=5, remaining=4 [ 394.485218][ T7754] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 394.746775][ T10] page_pool_release_retry() stalled pool shutdown: id 31, 1 inflight 60 sec [ 395.001360][ T7752] netlink: 64 bytes leftover after parsing attributes in process `syz.0.494'. [ 395.387071][ T5787] Bluetooth: hci4: command 0x0406 tx timeout [ 396.256875][ T7757] loop3: detected capacity change from 0 to 8192 [ 396.294152][ T7772] loop4: detected capacity change from 0 to 512 [ 396.447708][ T7772] EXT4-fs error (device loop4): ext4_orphan_get:1389: inode #15: comm syz.4.500: casefold flag without casefold feature [ 396.461945][ T7772] EXT4-fs error (device loop4): ext4_orphan_get:1394: comm syz.4.500: couldn't read orphan inode 15 (err -117) [ 396.515300][ T7772] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 396.716323][ T29] audit: type=1326 audit(1869929511.332:330): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7780 comm="syz.0.503" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65e8d85d29 code=0x7ffc0000 [ 396.741785][ T29] audit: type=1326 audit(1869929511.332:331): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7780 comm="syz.0.503" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65e8d85d29 code=0x7ffc0000 [ 396.861077][ T7781] loop2: detected capacity change from 0 to 1024 [ 396.889443][ T29] audit: type=1326 audit(1869929511.382:332): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7780 comm="syz.0.503" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f65e8d85d29 code=0x7ffc0000 [ 396.905355][ T7781] EXT4-fs: Ignoring removed i_version option [ 396.918054][ T29] audit: type=1326 audit(1869929511.382:333): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7780 comm="syz.0.503" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65e8d85d29 code=0x7ffc0000 [ 396.919756][ T7781] EXT4-fs: Ignoring removed bh option [ 396.945755][ T29] audit: type=1326 audit(1869929511.382:334): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7780 comm="syz.0.503" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65e8d85d29 code=0x7ffc0000 [ 396.973377][ T29] audit: type=1326 audit(1869929511.392:335): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7780 comm="syz.0.503" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f65e8d85d29 code=0x7ffc0000 [ 396.998903][ T29] audit: type=1326 audit(1869929511.392:336): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7780 comm="syz.0.503" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65e8d85d29 code=0x7ffc0000 [ 397.027304][ T29] audit: type=1326 audit(1869929511.392:337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7780 comm="syz.0.503" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65e8d85d29 code=0x7ffc0000 [ 397.053876][ T29] audit: type=1326 audit(1869929511.422:338): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7780 comm="syz.0.503" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f65e8d85d29 code=0x7ffc0000 [ 397.079497][ T29] audit: type=1326 audit(1869929511.422:339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7780 comm="syz.0.503" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65e8d85d29 code=0x7ffc0000 [ 397.214855][ T5803] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 397.221218][ T7781] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 397.583116][ T7794] openvswitch: netlink: Message has 348 unknown bytes. [ 397.692852][ T7795] loop5: detected capacity change from 0 to 1024 [ 397.725075][ T7795] EXT4-fs: Ignoring removed nobh option [ 397.730951][ T7795] EXT4-fs: Ignoring removed bh option [ 397.781872][ T7795] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 397.891049][ T5785] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 398.531594][ T6294] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 398.703015][ T7816] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 399.038994][ T7820] syz.0.520[7820] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 399.039439][ T7820] syz.0.520[7820] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 399.108204][ T7826] netlink: 'syz.4.523': attribute type 12 has an invalid length. [ 399.110904][ T7820] syz.0.520[7820] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 399.317266][ T7830] 9pnet: Unknown protocol version 9 [ 399.346040][ T7827] loop0: detected capacity change from 0 to 2048 [ 399.375681][ T7827] EXT4-fs: Ignoring removed mblk_io_submit option [ 400.319055][ T7827] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 400.400255][ T7846] netlink: 104 bytes leftover after parsing attributes in process `syz.5.530'. [ 400.477098][ T7820] Process accounting resumed [ 400.534474][ T7820] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.520: bg 0: block 234: padding at end of block bitmap is not set [ 400.595211][ T7820] EXT4-fs (loop0): Remounting filesystem read-only [ 401.106538][ T5786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 401.496583][ T7853] netlink: 24 bytes leftover after parsing attributes in process `syz.3.528'. [ 402.044257][ T7860] loop5: detected capacity change from 0 to 164 [ 402.675210][ T7863] netlink: 'syz.2.536': attribute type 12 has an invalid length. [ 403.141708][ T7868] loop2: detected capacity change from 0 to 512 [ 403.228917][ T7868] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 403.616997][ T1284] ieee802154 phy1 wpan1: encryption failed: -22 [ 403.713029][ T7868] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 404.015934][ T7868] EXT4-fs error (device loop2): ext4_do_update_inode:5153: inode #2: comm syz.2.538: corrupted inode contents [ 404.064541][ T7868] EXT4-fs error (device loop2): ext4_dirty_inode:6041: inode #2: comm syz.2.538: mark_inode_dirty error [ 404.103943][ T7868] EXT4-fs error (device loop2): ext4_do_update_inode:5153: inode #2: comm syz.2.538: corrupted inode contents [ 404.118857][ T7880] netlink: 'syz.4.541': attribute type 4 has an invalid length. [ 404.128212][ T7880] netlink: 3657 bytes leftover after parsing attributes in process `syz.4.541'. [ 404.436073][ T7885] loop5: detected capacity change from 0 to 128 [ 404.508094][ T7885] FAT-fs (loop5): bread failed, FSINFO block (sector = 257) [ 404.596128][ T5785] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 404.895885][ T7893] syzkaller1: entered promiscuous mode [ 404.901661][ T7893] syzkaller1: entered allmulticast mode [ 404.905416][ T7892] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 404.917379][ T7892] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 404.937417][ T7888] loop4: detected capacity change from 0 to 1024 [ 404.988206][ T7888] EXT4-fs: Project quota feature not enabled. Cannot enable project quota enforcement. [ 405.360431][ T29] kauditd_printk_skb: 15 callbacks suppressed [ 405.360510][ T29] audit: type=1326 audit(1869929519.972:355): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7896 comm="syz.5.547" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8661585d29 code=0x7ffc0000 [ 405.455803][ T29] audit: type=1326 audit(1869929520.022:356): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7896 comm="syz.5.547" exe="/root/syz-executor" sig=0 arch=c000003e syscall=273 compat=0 ip=0x7f8661585d29 code=0x7ffc0000 [ 405.481754][ T29] audit: type=1326 audit(1869929520.022:357): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7896 comm="syz.5.547" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8661585d29 code=0x7ffc0000 [ 405.568949][ T7899] netlink: 'syz.2.548': attribute type 12 has an invalid length. [ 405.792730][ T29] audit: type=1326 audit(1869929520.392:358): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7900 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f33b3785d29 code=0x7ffc0000 [ 405.814708][ C1] vkms_vblank_simulate: vblank timer overrun [ 405.826289][ T29] audit: type=1326 audit(1869929520.392:359): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7900 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=228 compat=0 ip=0x7f33b3785d29 code=0x7ffc0000 [ 405.848250][ C1] vkms_vblank_simulate: vblank timer overrun [ 405.854957][ T29] audit: type=1326 audit(1869929520.392:360): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7900 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f33b3785d29 code=0x7ffc0000 [ 405.877420][ T29] audit: type=1326 audit(1869929520.412:361): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7900 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f33b3785d29 code=0x7ffc0000 [ 405.900178][ T29] audit: type=1326 audit(1869929520.412:362): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7900 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f33b3785d29 code=0x7ffc0000 [ 405.925991][ T29] audit: type=1326 audit(1869929520.432:363): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7900 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f33b3787c47 code=0x7ffc0000 [ 405.947828][ C1] vkms_vblank_simulate: vblank timer overrun [ 405.955864][ T29] audit: type=1326 audit(1869929520.432:364): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7900 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f33b3785d29 code=0x7ffc0000 [ 405.977962][ C1] vkms_vblank_simulate: vblank timer overrun [ 406.796599][ T7918] loop4: detected capacity change from 0 to 512 [ 406.814532][ T7918] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 406.879221][ T7918] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 407.216248][ T7933] rtc_cmos 00:00: Alarms can be up to one day in the future [ 407.217078][ T5803] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 407.310869][ T1882] rtc_cmos 00:00: Alarms can be up to one day in the future [ 407.319127][ T1882] rtc_cmos 00:00: Alarms can be up to one day in the future [ 407.327420][ T1882] rtc_cmos 00:00: Alarms can be up to one day in the future [ 407.335475][ T1882] rtc_cmos 00:00: Alarms can be up to one day in the future [ 407.343181][ T1882] rtc rtc0: __rtc_set_alarm: err=-22 [ 407.365582][ T7932] loop5: detected capacity change from 0 to 512 [ 407.409151][ T7932] EXT4-fs (loop5): mounting ext2 file system using the ext4 subsystem [ 407.456317][ T7932] EXT4-fs error (device loop5): ext4_orphan_get:1389: inode #15: comm syz.5.562: iget: bad i_size value: -67835469387268086 [ 407.476663][ T7932] EXT4-fs error (device loop5): ext4_orphan_get:1394: comm syz.5.562: couldn't read orphan inode 15 (err -117) [ 407.511834][ T7932] EXT4-fs (loop5): mounted filesystem f7ff0000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 407.528106][ T7932] ext2 filesystem being mounted at /84/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 407.631393][ T7936] netlink: 'syz.4.563': attribute type 12 has an invalid length. [ 407.690334][ T5074] ===================================================== [ 407.707022][ T5074] BUG: KMSAN: uninit-value in n_tty_receive_buf_closing+0x539/0xb40 [ 407.716277][ T5074] n_tty_receive_buf_closing+0x539/0xb40 [ 407.725116][ T5074] n_tty_receive_buf_common+0x196b/0x2490 [ 407.731077][ T5074] n_tty_receive_buf2+0x4c/0x60 [ 407.736281][ T5074] tty_ldisc_receive_buf+0xd0/0x290 [ 407.742253][ T5074] tty_port_default_receive_buf+0xdf/0x190 [ 407.748318][ T5074] flush_to_ldisc+0x473/0xdb0 [ 407.756369][ T5074] process_scheduled_works+0xae0/0x1c40 [ 407.766395][ T5074] worker_thread+0xea7/0x14f0 [ 407.771321][ T5074] kthread+0x3e2/0x540 [ 407.776877][ T5074] ret_from_fork+0x6d/0x90 [ 407.781601][ T5074] ret_from_fork_asm+0x1a/0x30 [ 407.789567][ T5074] [ 407.793679][ T5074] Uninit was created at: [ 407.798211][ T5074] __kmalloc_noprof+0x923/0x1230 [ 407.806319][ T5074] __tty_buffer_request_room+0x36e/0x6d0 [ 407.812326][ T5074] __tty_insert_flip_string_flags+0x140/0x570 [ 407.818638][ T5074] uart_insert_char+0x39e/0xa10 [ 407.826517][ T5074] serial8250_read_char+0x1a7/0x5d0 [ 407.832233][ T5074] serial8250_handle_irq+0x970/0x1130 [ 407.837811][ T5074] serial8250_default_handle_irq+0x120/0x2b0 [ 407.846932][ T5074] serial8250_interrupt+0xc5/0x360 [ 407.852964][ T5074] __handle_irq_event_percpu+0x118/0xca0 [ 407.862925][ T5074] handle_irq_event+0xef/0x2c0 [ 407.868045][ T5074] handle_edge_irq+0x340/0xfb0 [ 407.877066][ T5074] __common_interrupt+0x97/0x1f0 [ 407.882528][ T5074] common_interrupt+0x4c/0xb0 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 407.887429][ T5074] asm_common_interrupt+0x2b/0x40 [ 407.895610][ T5074] [ 407.898053][ T5074] CPU: 0 UID: 0 PID: 5074 Comm: kworker/u8:32 Not tainted 6.13.0-rc5-syzkaller-00004-gccb98ccef0e5 #0 [ 407.909373][ T5074] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 407.922627][ T5074] Workqueue: events_unbound flush_to_ldisc [ 407.928707][ T5074] ===================================================== [ 407.936857][ T5074] Disabling lock debugging due to kernel taint [ 407.946267][ T5074] Kernel panic - not syncing: kmsan.panic set ... [ 407.952853][ T5074] CPU: 0 UID: 0 PID: 5074 Comm: kworker/u8:32 Tainted: G B 6.13.0-rc5-syzkaller-00004-gccb98ccef0e5 #0 [ 407.965496][ T5074] Tainted: [B]=BAD_PAGE [ 407.969763][ T5074] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 407.979980][ T5074] Workqueue: events_unbound flush_to_ldisc [ 407.986012][ T5074] Call Trace: [ 407.989403][ T5074] [ 407.992501][ T5074] dump_stack_lvl+0x216/0x2d0 [ 407.997392][ T5074] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 408.003390][ T5074] dump_stack+0x1e/0x24 [ 408.007758][ T5074] panic+0x4e2/0xcf0 [ 408.011838][ T5074] ? kmsan_get_metadata+0x111/0x1c0 [ 408.017224][ T5074] kmsan_report+0x2c7/0x2d0 [ 408.021986][ T5074] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 408.027966][ T5074] ? __msan_warning+0x95/0x120 [ 408.032971][ T5074] ? n_tty_receive_buf_closing+0x539/0xb40 [ 408.038967][ T5074] ? n_tty_receive_buf_common+0x196b/0x2490 [ 408.045044][ T5074] ? n_tty_receive_buf2+0x4c/0x60 [ 408.050242][ T5074] ? tty_ldisc_receive_buf+0xd0/0x290 [ 408.055831][ T5074] ? tty_port_default_receive_buf+0xdf/0x190 [ 408.062039][ T5074] ? flush_to_ldisc+0x473/0xdb0 [ 408.067113][ T5074] ? process_scheduled_works+0xae0/0x1c40 [ 408.073067][ T5074] ? worker_thread+0xea7/0x14f0 [ 408.078139][ T5074] ? kthread+0x3e2/0x540 [ 408.082547][ T5074] ? ret_from_fork+0x6d/0x90 [ 408.087323][ T5074] ? ret_from_fork_asm+0x1a/0x30 [ 408.092572][ T5074] ? is_last_task_frame+0x5d/0x450 [ 408.097881][ T5074] ? kmsan_get_metadata+0x13e/0x1c0 [ 408.103259][ T5074] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 408.109242][ T5074] ? kmsan_get_metadata+0x13e/0x1c0 [ 408.114629][ T5074] ? kmsan_get_metadata+0x13e/0x1c0 [ 408.120004][ T5074] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 408.126006][ T5074] ? ret_from_fork+0x6d/0x90 [ 408.130827][ T5074] ? kmsan_get_metadata+0x13e/0x1c0 [ 408.136199][ T5074] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 408.142193][ T5074] ? kmsan_get_metadata+0x13e/0x1c0 [ 408.147576][ T5074] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 408.153571][ T5074] __msan_warning+0x95/0x120 [ 408.158374][ T5074] n_tty_receive_buf_closing+0x539/0xb40 [ 408.164232][ T5074] n_tty_receive_buf_common+0x196b/0x2490 [ 408.170202][ T5074] n_tty_receive_buf2+0x4c/0x60 [ 408.175232][ T5074] ? __pfx_n_tty_receive_buf2+0x10/0x10 [ 408.180958][ T5074] tty_ldisc_receive_buf+0xd0/0x290 [ 408.186391][ T5074] tty_port_default_receive_buf+0xdf/0x190 [ 408.192446][ T5074] flush_to_ldisc+0x473/0xdb0 [ 408.197355][ T5074] ? __pfx_tty_port_default_receive_buf+0x10/0x10 [ 408.204181][ T5074] ? __pfx_flush_to_ldisc+0x10/0x10 [ 408.209592][ T5074] process_scheduled_works+0xae0/0x1c40 [ 408.215392][ T5074] worker_thread+0xea7/0x14f0 [ 408.220296][ T5074] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 408.226395][ T5074] kthread+0x3e2/0x540 [ 408.230638][ T5074] ? __pfx_worker_thread+0x10/0x10 [ 408.235985][ T5074] ? __pfx_kthread+0x10/0x10 [ 408.240751][ T5074] ret_from_fork+0x6d/0x90 [ 408.245369][ T5074] ? __pfx_kthread+0x10/0x10 [ 408.250155][ T5074] ret_from_fork_asm+0x1a/0x30 [ 408.255176][ T5074] [ 408.258468][ T5074] Kernel Offset: disabled [ 408.262853][ T5074] Rebooting in 86400 seconds..