last executing test programs: 4m11.54876637s ago: executing program 4 (id=1335): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="140100000000b2000500000000000000850000007b00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xffffff44, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000140)='contention_end\x00', r0}, 0x10) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)=0x11) 4m10.071732634s ago: executing program 4 (id=1340): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000000)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r2, @ANYBLOB="2900330080000000ffffffffffff080211"], 0x48}, 0x1, 0x0, 0x0, 0x44800}, 0x0) 4m9.00658106s ago: executing program 4 (id=1343): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$pppl2tp(0x18, 0x1, 0x1) syz_mount_image$hfs(&(0x7f0000000000), &(0x7f0000000080)='./file1\x00', 0x4490, &(0x7f0000002cc0)=ANY=[], 0xfd, 0x299, &(0x7f00000000c0)="$eJzs3T9v00AYx/HfOUkbaFXcPwgJMRUqISGhtCyIpRLKyMbChIAmSBVRkaBIwEJhRrwAmBlZeQGMTIgZia0TE1O2oDtfiJPYcUhInbTfjxTLse+x73w2d49RFQE4sW5Wf368dmg/RiqoIOmGFEgqS0VJZ3Wu/Gxvf3e/Ua8NOlDBRdiPURRp+srs7NWTQm2ci/BC+62oxfg2TEb5hw7yrgPy557+BIE0759Ot7985DWbiJaXdz1yY5pq6rmW8q4HACBffvwP/Di/6OfvQSBt+GHfjf+/2wEzPmts5l2BCfuSsT82/rss68OhXZ5xuzr5nkvh7P6gnSWOUpc5RXdW1wTTZGWVri7BqYe7jfrVnceNWqA32vZKnWJrblmLbt22eG1f9x96PSE3HWDYtpf6tiy4NpRsG7bi9Y8VWR3njKMwX803c9eEeq/a3/lfsWVsN7meCnt6ytb/U72SfkTXyjnZVlZSWrnsTnLen8Eb2MqCUjISte+oZXW/IAjddR5QTxe10hMV9c5mRtRqYtRWRtRab1Tnbk6PnDTzztwx6/qlz6rG5v+BvdobynwyozYbVzK6CpWB7Sm6kqEbT/xTd3AhsWQwTqvwj97qga5r6emLl4/uNxr1J8d2xT6JYx7HDkXT0pxo5ZXvxRHDNV44K8Ou2Iucy9nb487ox8nlXyUcsU6np5W4dSVxM/83c1zYeZdpGTv/i+UrFTdZs4uwe54+H4/NfIEeO+JmSm6w4pan0zO4Lsa9elhIz+CGzbkuXpYuDXPGSOjrOX22RwkyVX3XPd7/AwAAAAAAAAAAAAAAAAAAzJr/9ycHZaXtyruNAAAAAAAAAAAAAAAAAAAAAADMuqn7/d/bir7x+7/AxP0JAAD//3N1e/M=") r2 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_ADDFB2(r2, 0xc06864b8, &(0x7f0000000580)={0x0, 0xc1, 0x80, 0x20203843, 0x0, [0x2], [0x80ffff]}) r3 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0300000004000000040000000a00", @ANYBLOB], 0x48) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={0x0, r7, 0x0, 0x1ff}, 0x18) write$binfmt_misc(0xffffffffffffffff, 0x0, 0x0) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0) r8 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000005c0)={{r3}, 0x0, &(0x7f0000000580)=r8}, 0x20) bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000007c0)={r3, &(0x7f0000000780)}, 0x20) ioctl$SIOCSIFMTU(r1, 0x89f3, &(0x7f0000000040)={'bond0\x00'}) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x10) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000940)={&(0x7f0000000240)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [@NFT_MSG_NEWRULE={0x4c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x20, 0x4, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, @inner={{0xa}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_INNER_FLAGS={0x8, 0x3, 0x1, 0x0, 0x7}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0x74}}, 0x0) 4m5.837832237s ago: executing program 4 (id=1348): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r3, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg$unix(r2, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x100}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r5, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg$unix(r4, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000900), 0x100}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r7, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg(r6, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001dc0)=""/4096, 0x1000}, 0x0) listen(0xffffffffffffffff, 0x0) stat(0x0, 0x0) socket$caif_stream(0x25, 0x1, 0x2) 4m4.991063804s ago: executing program 4 (id=1350): mkdir(&(0x7f0000000400)='./file1\x00', 0xa2) mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x2b) mount(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f00000004c0)='cgroup2\x00', 0x0, 0x0) pipe2$9p(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) dup(r0) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000580)=ANY=[]) r1 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) ioctl$AUTOFS_IOC_PROTOSUBVER(r1, 0x40049366, 0x0) 4m4.17434531s ago: executing program 4 (id=1356): r0 = syz_open_dev$sg(0x0, 0x0, 0x2) ioctl$SG_NEXT_CMD_LEN(r0, 0x2283, 0x0) prctl$PR_MCE_KILL(0x43, 0x0, 0x300) syz_mount_image$hfsplus(&(0x7f0000000140), &(0x7f0000000080)='./bus\x00', 0x810484, &(0x7f0000000340)=ANY=[@ANYRES64=0x0, @ANYRES64, @ANYRES8, @ANYRES64, @ANYRES16=0x0, @ANYRES16, @ANYRESDEC=0x0], 0x1, 0x675, &(0x7f0000001280)="$eJzs3U9sHFcdB/DvrDd2NpTUTZM2RZUSNRIgIhI7JgVXQgSEUA4VqtoDNyQrcRorm7Q4LnIrRMP/aw/hiFQOPsEJiXukcuECtx7xsRKCSy+YC4tmdtbe2ruOHWyvUz6faPzemzfz3u/9dnZnd63IAf5vXT2f5oMUuXr+5eWyvboy015dmbndqyeZSNJImlVRpPhXp9P5ILmS7pbnkhT1cMWwee4vzL764cerH3VbzXqrjm9sd97O3Ku3nE0yVpeb3H7U8a4NHm/D0YcNV6yvsEzYuV7iYNSOJOlU/nG/u+cHf35ivadPa9DZD73ygcdA0b1vbjGZHKuf6OX7gO5dsXvPfqzdG3UAAAAAcACeXMtalnN81HEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA46T4SmusLOqt0aufTdH7+//j9b7U9cOiWI9qFx7sRyQAAAAAAAAAcMDOrGUtyznea3eK6nf+L1SNk9XPz+St3M18FnMhy5nLUpaymOkkk30DjS/PLS0tTvefOTH4zEsDz7z0kEAn6rK1RwsHAAAAAAAAgE+Xn+bqxu//AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgMCiSsW5RbSd79ck0mkkmesfdS/6aZHy00f7vHow6AAAAADgAT65lLcs53mt3iuoz/zPV5/6jeSt3spSFLKWd+VyvvgvofupvrK7MtFdXZm6X29Zxv/nPXYVRjZjudw+DZz5dHdHKjSxUey7kWt5IO9fTqM4sne7FMziun5QxFd+o7TCy63VZrvy9utzi3V0tdphdfpkyWWXkyHpGpurYymw8tX0mdvnobJ5pOo31YE9ummnTIs48Ss6P1WW5nl8Oy/lIbM7Epb6r75ntc5584Y+//97N9p1bN2/cPX94lrQzY3XZqX62tmZipi8Tz3Yz8P3XPo2Z2GKqysSp9fbVfCev5XzO5pUsZiE/zFyWMp+z+XZVm6uv56Lv+9Qh18yVT7ReeVgk4/UV2n2wdhfTC9W5x7OQ7+aNXM98Xqz+Xcp0vprLuZzZvkf41A5eaRtDnvWdzw4M/twX60orya/q8nAo8/pUX177X3Mnq77+PRtZOrH396Pm5+pKOcfP6vJw2JyJ6b5MPL19Jn5bvazcbd+5tXhz7s2dTXfivbpSPo9+cajuEuX1cqJ8sKrWJ6+Osu/pgX3TVd/J9b7Glr5Tvb6//ebXL1XHDHumjtfv4Zpfn91yxyr7nh04y0zVd7qvb9D7LQAOvWNfOjbe+nvrL633Wz9v3Wy9fPRbE1+beH48R/505KXm1NjnG88Xf8j7+fHG538AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAODR3X37nVtz7fb84qZKM513h3TtS+U/Q7qKJHs4V+/PmQ095sieL/C5J5KDyeHWyniSA590YOXfnU6n3lMchni2r3RKE+ns+1zNJIO6zow+CSN+YQL23cWl229evPv2O19euD33+vzr83dmL1+enZq9/OLMxRsL7fmp7s9RRwnsh42b/qgjAQAAAAAAAAAAAHbqIP47wfDZjx7kUgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDH1NXzaT5IkempC1Nle3Vlpl1uvfrGkc0kjSTFj5Lig+RKulsm+4Yrhs1zf2H21Q8/Xv1oY6xm7/jGduftzL16y9kkY3W5V+Nd28l4v9uus1hfYZmwc73Ewaj9NwAA//8CiAVm") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) add_key(&(0x7f0000000340)='dns_resolver\x00', 0x0, &(0x7f0000000580)="fb9c", 0x2, 0x0) unlink(&(0x7f0000000280)='./file1\x00') r5 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$SOCK_DIAG_BY_FAMILY(r5, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000180)={0x14, 0x14, 0x1, 0x0, 0x0, {0x28}}, 0x14}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(r6, 0x8946, &(0x7f0000000040)={'netdevsim0\x00', &(0x7f00000000c0)=@ethtool_drvinfo={0x3, "dabb6386f6d73094a90d1fdb507195e485f544228032f04eff6b7454b702570f", "6aabb3257fbc4eb5a702000000a9b0bfed5a88511bfa36cd4d6206598017dffa", "3323b7b8cd277c616d9206e6fd2d56ff18c6adb2b5f90e30b32158c846051324", "193d5bf82fba97515dda05e0637ba9fbf81e49d4f1b5508a4c956379155801bc", "d87badb8a826b9f7474cf73cc0ade30d0cd9c5a00f9025f55d18c2764e77d3fe", "14d3094839a1d8e1ef22cffc"}}) r7 = socket(0x10, 0x803, 0x0) ioctl$BTRFS_IOC_BALANCE_CTL(r3, 0x40049421, 0x2) sendmsg$nl_route(r7, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x38}}, 0x0) 3m48.259562466s ago: executing program 32 (id=1356): r0 = syz_open_dev$sg(0x0, 0x0, 0x2) ioctl$SG_NEXT_CMD_LEN(r0, 0x2283, 0x0) prctl$PR_MCE_KILL(0x43, 0x0, 0x300) syz_mount_image$hfsplus(&(0x7f0000000140), &(0x7f0000000080)='./bus\x00', 0x810484, &(0x7f0000000340)=ANY=[@ANYRES64=0x0, @ANYRES64, @ANYRES8, @ANYRES64, @ANYRES16=0x0, @ANYRES16, @ANYRESDEC=0x0], 0x1, 0x675, &(0x7f0000001280)="$eJzs3U9sHFcdB/DvrDd2NpTUTZM2RZUSNRIgIhI7JgVXQgSEUA4VqtoDNyQrcRorm7Q4LnIrRMP/aw/hiFQOPsEJiXukcuECtx7xsRKCSy+YC4tmdtbe2ruOHWyvUz6faPzemzfz3u/9dnZnd63IAf5vXT2f5oMUuXr+5eWyvboy015dmbndqyeZSNJImlVRpPhXp9P5ILmS7pbnkhT1cMWwee4vzL764cerH3VbzXqrjm9sd97O3Ku3nE0yVpeb3H7U8a4NHm/D0YcNV6yvsEzYuV7iYNSOJOlU/nG/u+cHf35ivadPa9DZD73ygcdA0b1vbjGZHKuf6OX7gO5dsXvPfqzdG3UAAAAAcACeXMtalnN81HEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA46T4SmusLOqt0aufTdH7+//j9b7U9cOiWI9qFx7sRyQAAAAAAAAAcMDOrGUtyznea3eK6nf+L1SNk9XPz+St3M18FnMhy5nLUpaymOkkk30DjS/PLS0tTvefOTH4zEsDz7z0kEAn6rK1RwsHAAAAAAAAgE+Xn+bqxu//AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgMCiSsW5RbSd79ck0mkkmesfdS/6aZHy00f7vHow6AAAAADgAT65lLcs53mt3iuoz/zPV5/6jeSt3spSFLKWd+VyvvgvofupvrK7MtFdXZm6X29Zxv/nPXYVRjZjudw+DZz5dHdHKjSxUey7kWt5IO9fTqM4sne7FMziun5QxFd+o7TCy63VZrvy9utzi3V0tdphdfpkyWWXkyHpGpurYymw8tX0mdvnobJ5pOo31YE9ummnTIs48Ss6P1WW5nl8Oy/lIbM7Epb6r75ntc5584Y+//97N9p1bN2/cPX94lrQzY3XZqX62tmZipi8Tz3Yz8P3XPo2Z2GKqysSp9fbVfCev5XzO5pUsZiE/zFyWMp+z+XZVm6uv56Lv+9Qh18yVT7ReeVgk4/UV2n2wdhfTC9W5x7OQ7+aNXM98Xqz+Xcp0vprLuZzZvkf41A5eaRtDnvWdzw4M/twX60orya/q8nAo8/pUX177X3Mnq77+PRtZOrH396Pm5+pKOcfP6vJw2JyJ6b5MPL19Jn5bvazcbd+5tXhz7s2dTXfivbpSPo9+cajuEuX1cqJ8sKrWJ6+Osu/pgX3TVd/J9b7Glr5Tvb6//ebXL1XHDHumjtfv4Zpfn91yxyr7nh04y0zVd7qvb9D7LQAOvWNfOjbe+nvrL633Wz9v3Wy9fPRbE1+beH48R/505KXm1NjnG88Xf8j7+fHG538AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAODR3X37nVtz7fb84qZKM513h3TtS+U/Q7qKJHs4V+/PmQ095sieL/C5J5KDyeHWyniSA590YOXfnU6n3lMchni2r3RKE+ns+1zNJIO6zow+CSN+YQL23cWl229evPv2O19euD33+vzr83dmL1+enZq9/OLMxRsL7fmp7s9RRwnsh42b/qgjAQAAAAAAAAAAAHbqIP47wfDZjx7kUgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDH1NXzaT5IkempC1Nle3Vlpl1uvfrGkc0kjSTFj5Lig+RKulsm+4Yrhs1zf2H21Q8/Xv1oY6xm7/jGduftzL16y9kkY3W5V+Nd28l4v9uus1hfYZmwc73Ewaj9NwAA//8CiAVm") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) add_key(&(0x7f0000000340)='dns_resolver\x00', 0x0, &(0x7f0000000580)="fb9c", 0x2, 0x0) unlink(&(0x7f0000000280)='./file1\x00') r5 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$SOCK_DIAG_BY_FAMILY(r5, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000180)={0x14, 0x14, 0x1, 0x0, 0x0, {0x28}}, 0x14}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(r6, 0x8946, &(0x7f0000000040)={'netdevsim0\x00', &(0x7f00000000c0)=@ethtool_drvinfo={0x3, "dabb6386f6d73094a90d1fdb507195e485f544228032f04eff6b7454b702570f", "6aabb3257fbc4eb5a702000000a9b0bfed5a88511bfa36cd4d6206598017dffa", "3323b7b8cd277c616d9206e6fd2d56ff18c6adb2b5f90e30b32158c846051324", "193d5bf82fba97515dda05e0637ba9fbf81e49d4f1b5508a4c956379155801bc", "d87badb8a826b9f7474cf73cc0ade30d0cd9c5a00f9025f55d18c2764e77d3fe", "14d3094839a1d8e1ef22cffc"}}) r7 = socket(0x10, 0x803, 0x0) ioctl$BTRFS_IOC_BALANCE_CTL(r3, 0x40049421, 0x2) sendmsg$nl_route(r7, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x38}}, 0x0) 16.905611398s ago: executing program 0 (id=1816): setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000000)={0x6, @local, 0x0, 0x0, 'lblcr\x00'}, 0x2c) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r1, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) shmat(0x0, &(0x7f0000ffc000/0x2000)=nil, 0x4000) shmat(0x0, &(0x7f0000ff9000/0x1000)=nil, 0x5000) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000fff000/0x1000)=nil) r3 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r3, &(0x7f0000000080), 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) ioctl$F2FS_IOC_MOVE_RANGE(r4, 0x541b, &(0x7f0000000240)={0xffffffffffffffff}) close_range(r5, 0xffffffffffffffff, 0x0) 15.321749312s ago: executing program 0 (id=1821): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x40000000000011a, 0x44000) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_genetlink_get_family_id$nbd(0x0, 0xffffffffffffffff) socket(0x2, 0x80805, 0x0) r3 = syz_open_dev$vim2m(&(0x7f0000000080), 0x1, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r3, 0xc0145608, &(0x7f00000000c0)={0x2, 0x1, 0x1}) ioctl$vim2m_VIDIOC_STREAMOFF(r3, 0x40045612, &(0x7f0000000000)=0x1) ioctl$vim2m_VIDIOC_QBUF(r3, 0xc058560f, &(0x7f0000000140)=@multiplanar_mmap={0x0, 0x1, 0x4, 0x0, 0x0, {0x0, 0x2710}, {}, 0x0, 0x1, {0x0}}) ppoll(&(0x7f00000001c0)=[{r3, 0x40}], 0x1, &(0x7f0000000240)={0x0, 0x989680}, 0x0, 0x0) 11.107060425s ago: executing program 5 (id=1834): r0 = socket$nl_generic(0x10, 0x3, 0x10) socket$unix(0x1, 0x2, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)={0x50, r1, 0x1, 0x70bd28, 0x25dfdbfd, {{}, {@void, @val={0x8}, @val={0xc, 0x99, {0x7ff, 0x70}}}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'syzkaller0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x7}, @NL80211_ATTR_MESH_ID={0xa}]}, 0x50}, 0x1, 0x0, 0x0, 0x91}, 0x24044884) 10.821649044s ago: executing program 5 (id=1836): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f00000010c0)=0x5, 0x4) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000000)=@req={0x5, 0x1, 0x80, 0x22f9}, 0x10) bpf$MAP_CREATE(0x0, 0x0, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @local, 0xb}, 0x1c) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_LINKMODES_GET(r1, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x1, 0xa60d000000000000}, 0x0) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) syz_genetlink_get_family_id$nfc(0x0, 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r3 = getpid() sched_setscheduler(r3, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) preadv2(r2, 0x0, 0x0, 0x10884000, 0x0, 0xd) 10.775216823s ago: executing program 1 (id=1837): r0 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x2a82) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='cpuset.effective_cpus\x00', 0x275a, 0x0) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000005c0)={r1, 0x800, {0x2a00, 0x80010000, 0x0, 0x5, 0x0, 0x0, 0x0, 0x1, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd6447a4b4e00d9683dda1af1ea09de2b7fb0a0100000000000000000300", "2809e8dbe108598904004ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dac00000000000000000000002000", "90be8b1c5512406c7f00", [0x4, 0x40000000000000]}}) r2 = syz_open_dev$loop(&(0x7f0000000000), 0x1, 0x28002) ioctl$LOOP_CONFIGURE(r2, 0x4c0a, &(0x7f0000000480)={r0, 0x0, {0x2a00, 0x80010000, 0x0, 0x0, 0x6, 0x0, 0x0, 0x5, 0x6, "fee8a2ab78fc17ffffffffffffff7fa7bd64c6a4b4e00d9693dda1af1ea80000000000000000b70000deff0000000000000000000040000000000800", "2809e8dbe108038948224ad54afac11d875397bdb22d0000b420a1a93c7540f4767f9e01177d3dd40600000061ac00", "90be8b1c55f96400", [0x7fd, 0x10000000000000]}}) 10.684463453s ago: executing program 2 (id=1838): userfaultfd(0x1) socket$nl_netfilter(0x10, 0x3, 0xc) syz_init_net_socket$rose(0xb, 0x5, 0x0) socket$inet6(0xa, 0x8000000000080001, 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$ARPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x60, &(0x7f00000001c0)={'filter\x00', 0x5, 0x4, 0x3f0, 0x110, 0x0, 0x0, 0x308, 0x308, 0x220, 0x4, 0x0, {[{{@uncond, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @empty, @private, @empty}}}, {{@uncond, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @empty, @local, @private}}}, {{@uncond, 0xc0, 0xe8}, @unspec=@STANDARD={0x28}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x440) fsopen(0x0, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) creat(&(0x7f0000000000)='./bus\x00', 0x0) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, 0x0, 0x0) mount(&(0x7f0000000040), &(0x7f00000001c0)='./bus\x00', &(0x7f0000000140)='ubifs\x00', 0x8800, 0x0) openat$nullb(0xffffffffffffff9c, 0x0, 0x166640, 0x0) socket$key(0xf, 0x3, 0x2) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000680), 0xe0c81) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000040)={0x0, 0xff, 0x60, {0x0, 0x2}}) socket$nl_netfilter(0x10, 0x3, 0xc) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) creat(&(0x7f00000001c0)='./file0\x00', 0x0) socket$inet_udp(0x2, 0x2, 0x0) syz_io_uring_setup(0x950, &(0x7f0000000600)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000001c0)) write$UHID_CREATE2(r3, &(0x7f00000001c0)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_WRITE_FIXED={0x5, 0x14, 0x4004, @fd_index=0x9, 0x10000, 0x2, 0x2, 0x61bb8bc12b344fa0}) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$kcm(0xa, 0x6, 0x0) 10.498045862s ago: executing program 1 (id=1839): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x40000000000011a, 0x44000) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_genetlink_get_family_id$nbd(0x0, 0xffffffffffffffff) socket(0x2, 0x80805, 0x0) r3 = syz_open_dev$vim2m(&(0x7f0000000080), 0x1, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r3, 0xc0145608, &(0x7f00000000c0)={0x2, 0x1, 0x1}) ioctl$vim2m_VIDIOC_STREAMOFF(r3, 0x40045612, &(0x7f0000000000)=0x1) ioctl$vim2m_VIDIOC_QBUF(r3, 0xc058560f, &(0x7f0000000140)=@multiplanar_mmap={0x0, 0x1, 0x4, 0x0, 0x0, {0x0, 0x2710}, {}, 0x0, 0x1, {0x0}}) ppoll(&(0x7f00000001c0)=[{r3, 0x40}], 0x1, &(0x7f0000000240)={0x0, 0x989680}, 0x0, 0x0) 10.436738122s ago: executing program 2 (id=1840): setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, 0x0, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(0xffffffffffffffff, 0x10e, 0x4, 0x0, 0x0) r0 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r0, &(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{0x42}}}, 0x10) r1 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x0, 0x3}, 0x10) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000180)={0x42}, 0x10) sendmsg$tipc(r1, &(0x7f0000000540)={&(0x7f0000000200)=@name, 0x10, 0x0}, 0x0) 10.424654622s ago: executing program 3 (id=1841): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8e}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000300)=@file={0x0, './file0/file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5910fae9d6dcd3292ea54c7b6ef915d564c90c200", 0x18) 8.579179174s ago: executing program 3 (id=1842): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c2", 0x17) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000000000)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000170100000200000000000000000000001800000000000000170100"], 0x30, 0x48844}], 0x1, 0x4800) 8.271089483s ago: executing program 1 (id=1843): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$TCFLSH(r1, 0x400455c8, 0x2) socket$nl_netfilter(0x10, 0x3, 0xc) mkdir(0x0, 0x0) mknod$loop(0x0, 0xfff, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000040)={0x54c1}, 0x8) add_key(&(0x7f0000000040)='pkcs7_test\x00', 0x0, &(0x7f00000000c0), 0x0, 0xfffffffffffffffe) openat$procfs(0xffffffffffffff9c, &(0x7f0000000280)='/proc/consoles\x00', 0x0, 0x0) read$msr(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5412, &(0x7f0000000140)=0xffffffc0) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000040)) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x14) 8.250986893s ago: executing program 3 (id=1844): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000000)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r2, @ANYBLOB="2900330080000000ffffffffffff0802"], 0x48}, 0x1, 0x0, 0x0, 0x44800}, 0x0) 8.166537333s ago: executing program 0 (id=1845): socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = memfd_create(&(0x7f0000000080)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea\x7f\x8cZ7`_4t\xcda\x9b\x11\x11\x0e\xa1\xcf\x00'/51, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, 0x0, 0x0) ftruncate(r1, 0x1000006) r6 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r6, 0x6, 0x0, 0x0, 0x0) r7 = fsmount(r6, 0x0, 0x0) r8 = openat$cgroup_ro(r7, 0x0, 0x300, 0x0) open_by_handle_at(r8, 0x0, 0x100040) ioctl$UDMABUF_CREATE(r8, 0x40187542, 0x0) recvmsg(r0, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00) 7.44111766s ago: executing program 2 (id=1846): r0 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_ADD_MFC(r0, 0x29, 0xcc, &(0x7f0000000000)={{0xa, 0x0, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}, 0x809}, {0xa, 0x0, 0x0, @empty}, 0x2, {[0x0, 0x1, 0xfffffffe]}}, 0x5c) setsockopt$MRT6_ADD_MFC(r0, 0x29, 0xcc, 0x0, 0x0) setsockopt$MRT6_ADD_MFC(r0, 0x29, 0xcc, &(0x7f0000000000)={{0xa, 0x0, 0x0, @private2}, {0xa, 0x0, 0x0, @empty}}, 0x5c) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x0, 0x0) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000008002b000000000000000018040000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000003c0)='sched_switch\x00', r4}, 0x10) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x4008af20, &(0x7f0000000040)={0x1}) ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4008af03, &(0x7f0000000900)) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0xe, 0x4, 0x4, 0x3, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r6 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x13, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x5}, {{0x18, 0x1, 0x1, 0x0, r5}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {{0x5, 0x0, 0x3}, {0x95, 0x0, 0x0, 0x700}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9, 0xfe00}, {0x6, 0x0, 0x6, 0x9, 0x0, 0x0, 0xffffffff}, {0x3, 0x3, 0x6, 0xa, 0xa, 0xfff0, 0x50}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {0x5, 0x0, 0xd, 0x0}, {0x18, 0x2, 0x2, 0x0, r6}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x5, 0x1, 0x5, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0x0, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/syz0\x00', 0x1ff) r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0) syz_clone3(&(0x7f00000000c0)={0x200000400, 0x0, 0x0, 0x0, {0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, {r7}}, 0x58) setsockopt$MRT6_FLUSH(r0, 0x29, 0xd4, &(0x7f0000000140)=0xf, 0x4) ioperm(0x10000, 0x5, 0x8) 6.840927247s ago: executing program 3 (id=1847): syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000240)='./file0\x00', 0x804, &(0x7f0000000440)=ANY=[@ANYBLOB="73686f72746e696d653d77696e39352c73686f72746e616d653d6c6f7765722c757466383d312c73686f727466616d653d77696e39352c73686f72746e616d653d6d697865642c757466383d302c726f6469722c757466383d302c6e6f636173652c636f6484706167653d3836322c636865636b3d7374726963742c757466383d302c73686f72746e616d653d6c6f7765722c696f636861727365743d69736f383835392d362c73686f72746e616d653d77696e39352c73686f72746e616d653d77696e6e742c00"], 0x1, 0x27b, &(0x7f0000000640)="$eJzs3cFqK1UYAOB/mqRJdJEsXInQAV24Kq1P0CIVxIKgZKEutNgUpAmFFgJVMXblE/gEPo8b8QV8AC93d7u43LmkM0nTyyQlvWlT7v2+TQ//+f85/5kZ2tWc/vBB//jw5Ozo4tf/otFIYm0nduIyiXasxdjvUerfJ+VxAOCRu8yyeJrl6nno/GZGbUZlde3emwMA7sX03/9V9wIAPIyvv/n2i939/b2v0rQR0f9j0Eki/5nP7x7FT9GLbmxFK55HZBP5+LPP9/eimo6046P+cNAZVfa//7u4/u7/EVf129GKdnn9dpqbqh8OOrV4p1h/pxfdL/+KVrxXXv9JSX101uPjD6f634xW/PNjnEQvDovexvW/bafpp9mfz375bhQd1SfDQac+ySuyKw/6YAAAAAAAAAAAAAAAAAAAAAAAeKNtphPtm+fvjA/+nzM/53yg4dT5PFtpmmZJnn9dX433q1Fd5d4BAAAAAAAAAAAAAAAAAADgsTg7//n4oNfrni51MP6sv2QqXtyM1CPi7mttLFoVlaK1XhKx2Fq1qF9V3p5cWXAXzVE/3dOkGst7BMkk0pye2oh8rVGkmQ+mIq+9eiOuBuO36/ggue3hNspekiUMspLXrzKzav3VSLPYQUlyc87q6+/eqeesNWMqiYja5GbOv05tuffw4X4HAQAAAAAAAAAAAAAAAAAAueuPfksmL1bQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACswPX//19gMCyKZ+VkldGgGkVkxVsEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgLfAyAAD//0MUZ+o=") prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) r0 = socket$unix(0x1, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x1}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x12, 0xffffffffffffffff, 0x0) mlock(&(0x7f0000002000/0x2000)=nil, 0x2000) getpeername(r0, 0x0, 0x0) mq_open(&(0x7f0000000040)='!selinuxsel\xad\"\x0e\xabx\xb8\xc9\xa8x\x00', 0x6e93ebbbcc0884f2, 0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$ethtool(0x0, r4) ioctl$ifreq_SIOCGIFINDEX_wireguard(r4, 0x8933, &(0x7f0000000580)={'wg1\x00', 0x0}) sendmsg$ETHTOOL_MSG_LINKINFO_SET(r4, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="0100e8ffffff00000000260000002000018008000100", @ANYRES32=r6, @ANYBLOB="14000200776731"], 0x34}}, 0x0) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='new default user:syz 000040'], 0x2a, 0xfffffffffffffffc) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe) syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000740)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xc000, &(0x7f00000006c0), 0x2, 0x246, &(0x7f0000000ac0)="$eJzs3T9oM2UcB/DvXRJf+75BXnURxD8gIloor5vg8rooFKQUEUGFioiL0gq1xa1xcnHQWaWTSxE3q6N0KS6K4FS1Q10ELQ4WBx0iybVS24ja1Jz0Ph+43l3vee73HLnvkyyXBGisq0muJ2klmU7SSVIcb3B3tVw93F2f2l5I+v0nfiqG7ar9ylG/K0l6SR5KslUWeamdrG4+s/fLzmP3vbnSuff9zaenJnqRh/b3dh8/eG/ujY9mH1z94qsf5opcT/dP13X+ihH/axfJLf9Fsf+Jol33CPgn5l/78OtB7m9Ncs8w/52UqV68t5Zv2OrkgXf/qu/bP355+yTHCpy/fr8zeA/s9YHGKZN0U5QzSartspyZqT7Df9O6XL68tPzq9ItLK4sv1D1TAeelm+w++smlj6+cyP/3rSr/wMU1yP+T8xvfDrYPWnWPBpiIO6rVIP/Tz63dH/mHxpF/aC75h+aSf2gu+Yfmkn9oLvmHC6xztNEbeVj+obnkH5pL/qG5jucfAGiW/qW6n0AG6lL3/AMAAAAAAAAAAAAAAAAAAJy2PrW9cLRMquZn7yT7jyRpj6rfGv4ecXLj8O/ln4tBsz8UVbexPHvXmCcY0wc1P31903f11v/8znrrry0mvdeTXGu3T99/xeH9d3Y3/83xzvNjFviXihP7Dz812fon/bZRb/3ZneTTwfxzbdT8U+a24Xr0/NM9/hXLZ/TKr2OeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIn5PQAA//8PK23M") pread64(0xffffffffffffffff, 0x0, 0x0, 0x4) 6.256493735s ago: executing program 0 (id=1848): r0 = socket$netlink(0x10, 0x3, 0x4) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r1, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r1, 0x0, 0x0, 0x0, &(0x7f0000000040)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000000900)=[@in={0x2, 0x4e23, @loopback}], 0x10) sendto$inet6(r2, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000140)="480000001400190d09004beafd0d8c560a84476080ffe00600000000590000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed5e00000000000000", 0x40b}], 0x1) 5.743197963s ago: executing program 5 (id=1849): r0 = socket$nl_generic(0x10, 0x3, 0x10) socket$unix(0x1, 0x2, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)={0x50, r1, 0x1, 0x70bd28, 0x25dfdbfd, {{}, {@void, @val={0x8}, @val={0xc, 0x99, {0x7ff, 0x70}}}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'syzkaller0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x7}, @NL80211_ATTR_MESH_ID={0xa}]}, 0x50}, 0x1, 0x0, 0x0, 0x91}, 0x24044884) 5.734154493s ago: executing program 2 (id=1850): socket$nl_generic(0x10, 0x3, 0x10) socket$netlink(0x10, 0x3, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f000000a200)='afs_cell\x00', r0}, 0x10) fsopen(&(0x7f0000000040)='afs\x00', 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x862b01) socket$packet(0x11, 0x2, 0x300) r2 = syz_io_uring_setup(0x10d, &(0x7f0000000200)={0x0, 0xfffffffc, 0x0, 0x1}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r6, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) recvmsg$unix(r5, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x100}, 0x0) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r7, &(0x7f0000000180)=ANY=[], 0x118) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_WRITE={0x17, 0x10, 0x4007, @fd_index=0x8000000, 0x2, 0x0}) io_uring_enter(r2, 0x3f70, 0x0, 0x0, 0x0, 0x0) 4.661838819s ago: executing program 1 (id=1851): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0x8, 0x4}, 0x8, 0x10, &(0x7f0000000240)={0x3, 0x4, 0x3, 0x6}, 0x10, 0x0, 0x0, 0x0, &(0x7f00000016c0), 0x0, 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r0 = syz_clone(0x800c000, &(0x7f0000001480)="627807434619734911420e123cb6f44fb54d82f86f3720b1d5ecd9651a9fcb2a1c358b9cd99a9da0b00953486764e0c7d13faa0d43ad3164e14aa9d4eafc2ae39ce2be18d63433b7dfc78608200e69639ab1530087488555d6d92591d54b3a4b2d398d9c826367e94ff87e48b5c84c384e4da2242cd7402f8ed7ca62f2bc83f74a833985f857aea120980634d28db59881240ddcdb80ae6800e45e612019d9a17a04", 0xa2, 0x0, 0x0, 0x0) kcmp(r0, 0x0, 0x2, 0xffffffffffffffff, 0xffffffffffffffff) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000580)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a6c000000060a0904000000000000000002000000400004803c0001800e000100696d6d656469617465000000280002801c000280180002800900020073797a320000000008000180fffffffc08000140000000000900010073797a30000000000900020073797a320000000014000000110001"], 0x94}}, 0x0) r5 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000100), 0x802, 0x0) write$UHID_CREATE2(r5, &(0x7f0000000500)=ANY=[@ANYBLOB="0b00000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0x119) writev(r5, &(0x7f00000002c0)=[{&(0x7f0000000040)='\b\x00\x00\x00', 0x4}, {0x0, 0x18}], 0x2) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$TIPC_CMD_ENABLE_BEARER(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)={0x38, r7, 0x1, 0x0, 0x0, {{}, {}, {0x1c, 0x17, {0x0, 0x0, @l2={'eth', 0x3a, 'syzkaller0\x00'}}}}}, 0x38}}, 0x0) 4.528235818s ago: executing program 5 (id=1852): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x88, 0x30, 0x1, 0x0, 0x0, {}, [{0x74, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9a, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ife={0x2c, 0x1, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0x88}, 0x1, 0x0, 0x0, 0x804}, 0x0) syz_genetlink_get_family_id$nfc(0x0, 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0xfeff0000) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000140)="1c0000005e007f029e3b47", 0xb}], 0x1}, 0x0) openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000001400000018"], 0x44}}, 0x0) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) ioctl$FS_IOC_GETFSLABEL(r2, 0x400452c8, &(0x7f0000000100)) 4.303000327s ago: executing program 3 (id=1853): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[@ANYBLOB='\x00\x00\x00'], &(0x7f0000000100)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0x8, 0x4}, 0x8, 0x10, &(0x7f0000000240)={0x3, 0x4, 0x3, 0x6}, 0x10, 0x0, 0x0, 0x3, 0x0, &(0x7f0000000340)=[{0x0, 0x1, 0xa, 0xb}, {0x2, 0x2, 0xf, 0x7}, {0x0, 0x5, 0x5, 0x9}], 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r1 = syz_clone(0x800c000, &(0x7f0000001480), 0x0, 0x0, 0x0, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$TOKEN_CREATE(0x24, 0x0, 0x0) mount(&(0x7f0000000140)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f00000000c0)='minix\x00', 0x208000, 0x0) wait4(r1, 0x0, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) creat(&(0x7f00000002c0)='./file0\x00', 0x0) open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) creat(&(0x7f00000001c0)='./file0\x00', 0x0) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r5, 0x0, 0x30, 0xe1515f8735398fb, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000002c0)=[0x45c], 0x0, 0x0, 0x1, 0x1}}, 0x3c) mprotect(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x2) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) 4.292142597s ago: executing program 2 (id=1854): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c2", 0x17) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000000000)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000170100000200000000000000000000001800000000000000170100"], 0x30, 0x48844}], 0x1, 0x4800) 4.181462967s ago: executing program 5 (id=1855): r0 = fcntl$getown(0xffffffffffffffff, 0x9) ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000000280)={0x7fffffff, 0x0, {r0}, {}, 0xfffffffffffffff7, 0xf}) syz_clone3(&(0x7f0000000880)={0xa800c300, &(0x7f0000000300), &(0x7f0000000400)=0x0, &(0x7f0000000440), {0x32}, 0x0, 0x0, 0x0, &(0x7f0000000580)=[r0], 0x1}, 0x58) prlimit64(r1, 0xe, &(0x7f0000000140)={0x7, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) accept4$bt_l2cap(0xffffffffffffffff, 0x0, 0x0, 0x0) pipe2(&(0x7f00000003c0), 0x84000) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$bind(0x0, &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) 2.808642042s ago: executing program 5 (id=1856): socket$inet_udp(0x2, 0x2, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000003, 0x12, 0xffffffffffffffff, 0x29354000) r0 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0) ioctl$KDFONTOP_SET_DEF(0xffffffffffffffff, 0x4b72, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f0000000100)={0x80002, 0x1, 0x6}) r1 = syz_open_dev$dri(0x0, 0xd21, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f00000004c0)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) socket$inet_udp(0x2, 0x2, 0x0) ioctl$DRM_IOCTL_MODE_GETCRTC(0xffffffffffffffff, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x0, r2, 0x0}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$DRM_IOCTL_MODE_GETFB2(r1, 0xc06864ce, &(0x7f0000000440)={r3}) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, 0x0, 0x0) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000000)) close_range(r0, 0xffffffffffffffff, 0x0) r7 = socket(0x10, 0x3, 0x0) sendmsg$nl_generic(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1400000016001d0a"], 0x14}}, 0x0) syz_genetlink_get_family_id$SEG6(&(0x7f0000000240), r7) syz_genetlink_get_family_id$wireguard(&(0x7f0000000100), r7) 2.080628188s ago: executing program 2 (id=1857): r0 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, 0x0) r1 = openat$audio(0xffffffffffffff9c, 0x0, 0x88602, 0x0) ioctl$SNDCTL_DSP_GETODELAY(r1, 0x80045017, 0x0) r2 = syz_open_dev$sndpcmp(&(0x7f0000000080), 0x0, 0xa2c65) write$snddsp(r2, &(0x7f0000000200)="a38d", 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setscheduler(r3, 0x1, &(0x7f00000003c0)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r6 = syz_open_dev$usbfs(0x0, 0x76, 0x101b01) ioctl$USBDEVFS_DISCONNECT_CLAIM(r6, 0x8108551b, &(0x7f0000002600)={0x0, 0x0, "5a77bd318786aeb879ca62cdab2a02fa560186d85b25a5665a3247e500f61681905db88235f8a5447dd2a2ed6e91626f068881e50f68530c2b21a100efb76cba37ff3111d6847e0c7f719e169a596e5fc008daefba68f6222103472bc55704cdb72b4b996ed82ccb1eaae27969d008ba7d34171113d806726615380fe65a6a0a72e19c2b60bd6276fd8bb6363d10f70da60fd53ded22c87eb2be010e4a62fb73c33424b437bb192c9d06ea6ed04983fe5c5ca033dfce0a82575ef14eee686be0fc58e384f93a13e4e8bbf599394baea3a9ca1864f0a35d6cc38fca32ad6b39905a9727d2001457df7be7e1aefe3635b2ee97c143f28def4b73905ca14d90d1f6"}) ioctl$USBDEVFS_ALLOW_SUSPEND(r6, 0x5522) r7 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r7, 0x0, 0x0) connect$vsock_stream(r7, &(0x7f0000000100), 0x10) connect$vsock_stream(r7, &(0x7f0000002240)={0x28, 0x0, 0x0, @hyper}, 0x10) ioctl$USBDEVFS_SETINTERFACE(r6, 0x80045510, &(0x7f0000000000)) 2.055130828s ago: executing program 1 (id=1858): mknod$loop(&(0x7f0000000340)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000100)=@nullb, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000080)='nilfs2\x00', 0x0, 0x0) 2.054229968s ago: executing program 0 (id=1859): socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = memfd_create(&(0x7f0000000080)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea\x7f\x8cZ7`_4t\xcda\x9b\x11\x11\x0e\xa1\xcf\x00'/51, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, 0x0, 0x0) ftruncate(r1, 0x1000006) r6 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r6, 0x6, 0x0, 0x0, 0x0) r7 = fsmount(r6, 0x0, 0x0) r8 = openat$cgroup_ro(r7, 0x0, 0x300, 0x0) open_by_handle_at(r8, 0x0, 0x100040) ioctl$UDMABUF_CREATE(r8, 0x40187542, 0x0) recvmsg(r0, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00) 1.036635154s ago: executing program 3 (id=1860): ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x7, 0x0, {{0x14, 0x4, 0x0, 0x0, 0x50, 0x64, 0x0, 0x0, 0x0, 0x0, @broadcast, @remote, {[@lsrr={0x83, 0x7, 0x42, [@remote]}, @timestamp_prespec={0x44, 0x24, 0x0, 0x3, 0x8, [{@dev}, {@multicast2, 0x7}, {@rand_addr=0x64010101}, {@broadcast, 0x52b1}]}, @noop, @noop, @ra={0x94, 0x4}, @rr={0x7, 0xb, 0x0, [@remote, @private=0xa010102]}]}}}}}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000240), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r2, 0x0) r3 = dup(r1) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000}) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_RUN(r4, 0xae80, 0x0) sendto$inet6(0xffffffffffffffff, &(0x7f0000000b00)="484b8c81fad69547a8940aea8068bc35c2f55dbfd920484a5a804c81cee2244729597c1750546305ea77a97011c3f4acd76067097de1666eee8f65420cd0632f00285a233659768c3e2aece6ebb69946652d6f9fff7c8b626ce32800e823afc1d77d9a41f177e41494894cfcfa449988be35b0227f5d3b9caddea1a10086a990aa8862b4a00f5ae95d637aecd806344d7d7cee8a290838a35440fae6a00ecaa4f1cac9380dd2c173475d8b3a0052b2894c449751e3a8af8c93dee7b656a3da4f5ec841483bc27962a63dacb57c2e83d252f66748ad153d68a6029c0f4326135b13a96b9e0be0940053227f0397eb884516b12171298639d3a60e678925a2d2ff09b90128323a61107669619ceb9f8f74f23acb05026f743dd626922974a27d9e6d3c82797b6620c50afb5292b2c6a540fbb77353191db5364dda4d16e3c25255b9f218571b328feb82d36967107dd8d6b9b0cdb4bb6cba9a1cb964edd2552fa9627b486a828c7bcd980a3a08dd5f5fb6ce6e3df28ae34c1be8c0e0636ad03dc26cd55392d2c2867bdc6f699c75910e1970d41fa3228cccb6187abf8a4d4cf8ef3fdbf5c874be43cb72069eda859d7615d60d667f28116976f452654f48b7bb2929d5d4a926af7c4877df47758d58a8d4fce23bbe5ba6ccd0f8f84f2ca8abb6436980069e40647e3a85fe4a04d1e167fb438785b31d5580c8f4991c0358b2b1bcc9362bb702b58a5b0503e75da4ab501c0863d398a01fde3646f1b4fd38f5dde83d872ac5724339b6742985f9fac7d9f6ffa8ff58a0c76355ca4c0194eb06d2a5d185bdd0392cb17be46fa18ffef4ec56f66eaadb00ad658806eb74b24d9d9620224532c88a50b3622f27a4e4568e8bf29ebf3b228acbd6d54de58c09ea02a689104a868e46ede837939131f1265f7d1522d4dfd0733931740b42b2756dd8c10f41cbf856fd99190be10560ab41e6925d1caf7bf5440020afae9b0686fd355f4d93704f57f70d26fd00414f5f93e23f7a5edaf85307624b2927198148fb36e8535c5e97dcceb68f293373e42732dcf933bf580a2fa67908d37b80e5eb129c8658c60dbf9386dfc8c7257fd41d550b3bfd0060870e5fb1421e3aedba3e007ffbaee54aab0e5b19818473f3a7302bbcc82fdea4d0d8dab0abe0b81139c81f0d22eca06b460a3935c8b6784a4f997f744be857f3f7e75673ff578a4bf9c732d1f3f50ff797dd1562bedcf268885f51dc12885bee4b3538fe8e8989c2501987d32df82f2039b788ab90e1d0a0773ed08f43a240839ea0acfc243611e0a714b378b436073b2cfa020324b34775a9c2f345af7ac00f7fb3c2b73436c445f232017090f4d96519fd81c0ceb9bae9a3e4e65cec2ebbd163d93b44280ebee0a4b930d0a5ab4fb26cca168ddd289890b6f7da0a4f59277b01b9689b6ca8a3f3fd32732bcc380fb4207feee9447bd9195a6b8988b25c662c8de8a4f056bd198ace1dd4113465d3d40aaebddbfab9fe82624796a953f790200907b527e97a7cc31f4fdce1ff31afe443113d59ea31de03150aaa86086673251e6460b9fdbc50944da84b3130151e82aaf99de0ce055b72a89e7282eefc59e38f37fcf39904cea665c0552fc5501086b3be7871b502b30ebb4be060ca2da12e79d97eec005b2dd2346345a3351428fe54d7cc5d7708a6b36fa608a0cfaaa5b1162ca7688b2b9ebb27f6608966d2bff2d70a04751a635d692948c18c632eb31487a4c858951c9e46f38de68ce5fc78425fa9c7237bbb9fefd2ca19ade5c8802e82df034701e96b4a0623cf9b19912420d2fe5282a64dae039e3e180589e9e88baa65800f99f316e0a057a0e9d645cdb58484f5cbee56fe69ea61ff148b923fcb281110090521d37fca5e7d7ffcb05627fdd7bd45511ded61ea522cd515be8aba14e98a45", 0x556, 0x0, 0x0, 0x0) 138.908221ms ago: executing program 0 (id=1861): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='contention_end\x00', r0}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x107, 0x2, &(0x7f00000000c0), 0x10) 0s ago: executing program 1 (id=1862): sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4000015) sched_setaffinity(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x10000000000001, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8) syz_open_dev$dri(0x0, 0x6, 0x719700) mkdir(&(0x7f0000005740)='./file0\x00', 0x3b) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='ntfs\x00', 0x24d808, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0, 0x2c) getdents(r1, &(0x7f0000000300)=""/132, 0x84) socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000900)={&(0x7f0000000400)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="1242ffff040000000000000000000037660b6aff000000000000000000000000000000000000000002000020", @ANYRES32, @ANYRES32], 0x254}}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) r2 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$VIDIOC_EXPBUF(r2, 0x2, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}) r4 = openat$dma_heap(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r4, 0xc0184800, &(0x7f0000000040)={0x1, r3}) mount$9p_fd(0x0, 0x0, &(0x7f0000000200), 0x400, 0x0) kernel console output (not intermixed with test programs): [ 465.554487][ C0] vkms_vblank_simulate: vblank timer overrun [ 465.572969][ T4265] kobject_add_internal failed for hci4:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 465.586307][ T4265] Bluetooth: hci4: failed to register connection device [ 466.409669][ T7571] netlink: 4 bytes leftover after parsing attributes in process `syz.0.908'. [ 469.411578][ T7] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 469.865833][ T7] usb 2-1: Using ep0 maxpacket: 8 [ 469.885584][ T7] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 469.954110][ T7] usb 2-1: config 0 has no interfaces? [ 470.010172][ T7] usb 2-1: string descriptor 0 read error: -71 [ 470.051588][ T7] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 470.107737][ T7] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 470.162417][ T7] usb 2-1: config 0 descriptor?? [ 470.191651][ T7] usb 2-1: can't set config #0, error -71 [ 470.328146][ T7] usb 2-1: USB disconnect, device number 14 [ 470.509188][ T7606] loop3: detected capacity change from 0 to 8 [ 470.534900][ T7606] SQUASHFS error: lzo decompression failed, data probably corrupt [ 470.584822][ T7606] SQUASHFS error: Failed to read block 0x91: -5 [ 470.591249][ T7606] SQUASHFS error: Unable to read metadata cache entry [8f] [ 470.606835][ T7606] SQUASHFS error: Unable to read inode 0x11f [ 475.291827][ T7] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 475.315650][ T7655] loop2: detected capacity change from 0 to 8 [ 475.354054][ T7655] SQUASHFS error: lzo decompression failed, data probably corrupt [ 475.354865][ T7654] netlink: 4 bytes leftover after parsing attributes in process `syz.1.934'. [ 475.371611][ T7655] SQUASHFS error: Failed to read block 0x91: -5 [ 475.377897][ T7655] SQUASHFS error: Unable to read metadata cache entry [8f] [ 475.407067][ T7655] SQUASHFS error: Unable to read inode 0x11f [ 475.814398][ T7] usb 5-1: Using ep0 maxpacket: 8 [ 475.843248][ T7] usb 5-1: device descriptor read/all, error -71 [ 476.352623][ T7666] loop3: detected capacity change from 0 to 1024 [ 477.213565][ T7679] device ipvlan0 entered promiscuous mode [ 479.027459][ T7689] loop4: detected capacity change from 0 to 512 [ 479.142655][ T7689] EXT4-fs: Ignoring removed mblk_io_submit option [ 479.149189][ T7689] EXT4-fs: inline encryption not supported [ 479.272922][ T7689] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 479.454778][ T7689] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8803e01c, mo2=0002] [ 479.484723][ T7689] EXT4-fs (loop4): orphan cleanup on readonly fs [ 479.542640][ T7689] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz.4.951: bg 0: block 361: padding at end of block bitmap is not set [ 479.577468][ T7696] capability: warning: `syz.2.953' uses 32-bit capabilities (legacy support in use) [ 479.639252][ T7689] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6170: Corrupt filesystem [ 479.727595][ T7689] EXT4-fs error (device loop4): ext4_clear_blocks:883: inode #11: comm syz.4.951: attempt to clear invalid blocks 33619980 len 1 [ 479.812151][ T7689] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #11: comm syz.4.951: invalid indirect mapped block 1811939328 (level 0) [ 479.952212][ T7689] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #11: comm syz.4.951: invalid indirect mapped block 2185560079 (level 1) [ 480.021158][ T7689] EXT4-fs (loop4): 1 truncate cleaned up [ 480.041941][ T7689] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 481.325941][ T4400] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 481.393430][ T7712] loop1: detected capacity change from 0 to 8 [ 481.407526][ T7712] SQUASHFS error: lzo decompression failed, data probably corrupt [ 481.439477][ T7712] SQUASHFS error: Failed to read block 0x91: -5 [ 481.456307][ T7712] SQUASHFS error: Unable to read metadata cache entry [8f] [ 481.475529][ T7712] SQUASHFS error: Unable to read inode 0x11f [ 481.545975][ T4400] usb 3-1: Using ep0 maxpacket: 8 [ 481.553339][ T4400] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 481.591066][ T4400] usb 3-1: config 0 has no interfaces? [ 481.609809][ T4400] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 481.629389][ T4400] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 481.637840][ T4400] usb 3-1: Product: syz [ 481.662725][ T4400] usb 3-1: Manufacturer: syz [ 481.682020][ T4400] usb 3-1: SerialNumber: syz [ 481.716714][ T4400] usb 3-1: config 0 descriptor?? [ 482.527997][ T9] hfsplus: b-tree write err: -5, ino 8 [ 482.626740][ T4248] EXT4-fs (loop4): unmounting filesystem. [ 482.720691][ T7725] loop0: detected capacity change from 0 to 8 [ 483.720301][ T4400] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 483.929026][ T7] usb 3-1: USB disconnect, device number 16 [ 484.021581][ T4400] usb 2-1: Using ep0 maxpacket: 32 [ 484.025706][ T4400] usb 2-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 484.030855][ T4400] usb 2-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=58.16 [ 484.030907][ T4400] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 484.030947][ T4400] usb 2-1: Product: syz [ 484.030982][ T4400] usb 2-1: Manufacturer: syz [ 484.031016][ T4400] usb 2-1: SerialNumber: syz [ 484.608599][ T4400] usb 2-1: config 0 descriptor?? [ 484.910311][ T4400] usb 2-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 486.452687][ T4414] usb 2-1: Failed to submit usb control message: -110 [ 486.460018][ T4414] usb 2-1: unable to send the bmi data to the device: -110 [ 486.554805][ T4414] usb 2-1: unable to get target info from device [ 486.561251][ T4414] usb 2-1: could not get target info (-110) [ 486.602999][ T4414] usb 2-1: could not probe fw (-110) [ 486.732780][ T7760] loop0: detected capacity change from 0 to 8 [ 486.741628][ T7758] loop3: detected capacity change from 0 to 1024 [ 486.770281][ T7760] SQUASHFS error: lzo decompression failed, data probably corrupt [ 486.807575][ T7760] SQUASHFS error: Failed to read block 0x91: -5 [ 486.831569][ T7760] SQUASHFS error: Unable to read metadata cache entry [8f] [ 486.857345][ T7760] SQUASHFS error: Unable to read inode 0x11f [ 486.983804][ T7762] netlink: 4 bytes leftover after parsing attributes in process `syz.2.967'. [ 488.671307][ T4849] hfsplus: b-tree write err: -5, ino 8 [ 488.720586][ T4398] usb 2-1: USB disconnect, device number 15 [ 489.097070][ T7785] netlink: 4 bytes leftover after parsing attributes in process `syz.1.978'. [ 489.883511][ T7790] loop1: detected capacity change from 0 to 64 [ 489.942769][ T7790] hfs: get root inode failed [ 490.223024][ T4349] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 490.497682][ T7799] loop3: detected capacity change from 0 to 8 [ 490.536028][ T7799] SQUASHFS error: lzo decompression failed, data probably corrupt [ 490.547503][ T7799] SQUASHFS error: Failed to read block 0x91: -5 [ 490.567365][ T7799] SQUASHFS error: Unable to read metadata cache entry [8f] [ 490.581848][ T7799] SQUASHFS error: Unable to read inode 0x11f [ 491.578576][ T7809] loop0: detected capacity change from 0 to 64 [ 491.629702][ T7809] hfs: get root inode failed [ 492.323053][ T7815] loop2: detected capacity change from 0 to 512 [ 492.610849][ T7815] EXT4-fs: Ignoring removed mblk_io_submit option [ 493.022398][ T7815] EXT4-fs: inline encryption not supported [ 493.300412][ T7815] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 494.368791][ T7815] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8803e01c, mo2=0002] [ 494.413387][ T7815] EXT4-fs (loop2): orphan cleanup on readonly fs [ 494.496889][ T7815] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.985: bg 0: block 361: padding at end of block bitmap is not set [ 494.728148][ T7815] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6170: Corrupt filesystem [ 494.776426][ T7815] EXT4-fs error (device loop2): ext4_clear_blocks:883: inode #11: comm syz.2.985: attempt to clear invalid blocks 33619980 len 1 [ 495.006317][ T7815] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.985: invalid indirect mapped block 1811939328 (level 0) [ 495.225703][ T7815] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.985: invalid indirect mapped block 2185560079 (level 1) [ 495.598293][ T7815] EXT4-fs (loop2): 1 truncate cleaned up [ 495.625088][ T7815] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 495.826660][ T4263] EXT4-fs (loop2): unmounting filesystem. [ 498.032449][ T7860] netlink: 4 bytes leftover after parsing attributes in process `syz.1.994'. [ 498.321224][ T7865] loop3: detected capacity change from 0 to 8 [ 498.365003][ T7865] SQUASHFS error: lzo decompression failed, data probably corrupt [ 498.399819][ T7864] loop2: detected capacity change from 0 to 64 [ 498.421064][ T7865] SQUASHFS error: Failed to read block 0x91: -5 [ 498.428652][ T7865] SQUASHFS error: Unable to read metadata cache entry [8f] [ 498.442442][ T7865] SQUASHFS error: Unable to read inode 0x11f [ 498.463466][ T7864] hfs: get root inode failed [ 498.811719][ T7] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 499.821788][ T7] usb 5-1: Using ep0 maxpacket: 8 [ 499.863047][ T7] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 500.076228][ T7] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 500.105138][ T7] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 500.149844][ T7] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 500.176191][ T4265] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 500.186612][ T26] audit: type=1326 audit(1734385433.361:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7880 comm="syz.3.1002" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9f3f185d19 code=0x0 [ 500.208261][ C0] vkms_vblank_simulate: vblank timer overrun [ 500.215228][ T7] usb 5-1: Product: syz [ 500.219426][ T7] usb 5-1: Manufacturer: syz [ 500.224238][ T7] usb 5-1: SerialNumber: syz [ 500.242056][ T7] usb 5-1: config 0 descriptor?? [ 500.726174][ T7892] loop0: detected capacity change from 0 to 1024 [ 502.477856][ T1274] ieee802154 phy0 wpan0: encryption failed: -22 [ 502.517529][ T1274] ieee802154 phy1 wpan1: encryption failed: -22 [ 503.055814][ T7086] usb 5-1: USB disconnect, device number 14 [ 503.190286][ T7910] loop4: detected capacity change from 0 to 8 [ 503.199727][ T7910] SQUASHFS error: lzo decompression failed, data probably corrupt [ 503.241809][ T7910] SQUASHFS error: Failed to read block 0x91: -5 [ 503.256488][ T7910] SQUASHFS error: Unable to read metadata cache entry [8f] [ 503.271086][ T7910] SQUASHFS error: Unable to read inode 0x11f [ 503.279315][ T7913] loop3: detected capacity change from 0 to 64 [ 503.347631][ T7913] hfs: get root inode failed [ 503.672275][ T4349] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 504.593801][ T4361] hfsplus: b-tree write err: -5, ino 8 [ 504.905436][ T4265] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 504.921767][ T26] audit: type=1326 audit(1734385438.091:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7925 comm="syz.3.1016" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9f3f185d19 code=0x0 [ 505.257239][ T7936] device team_slave_0 entered promiscuous mode [ 506.196637][ T7942] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1019'. [ 507.524114][ T7] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 507.541965][ T7956] loop2: detected capacity change from 0 to 8 [ 508.013763][ T7956] SQUASHFS error: lzo decompression failed, data probably corrupt [ 508.017563][ T7959] loop4: detected capacity change from 0 to 64 [ 508.041852][ T7956] SQUASHFS error: Failed to read block 0x91: -5 [ 508.052962][ T7959] hfs: get root inode failed [ 508.073097][ T7956] SQUASHFS error: Unable to read metadata cache entry [8f] [ 508.091699][ T7956] SQUASHFS error: Unable to read inode 0x11f [ 508.125396][ T4349] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 508.301669][ T7] usb 4-1: Using ep0 maxpacket: 8 [ 508.332899][ T7] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 508.546902][ T7] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 508.574488][ T7] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 508.592420][ T7] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 508.600500][ T7] usb 4-1: Product: syz [ 508.602200][ T7963] loop0: detected capacity change from 0 to 1024 [ 508.618805][ T7] usb 4-1: Manufacturer: syz [ 508.635524][ T7] usb 4-1: SerialNumber: syz [ 509.153623][ T7971] loop1: detected capacity change from 0 to 8 [ 509.281564][ T7] usb 4-1: config 0 descriptor?? [ 509.324251][ T7929] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201' [ 509.335038][ T7929] CPU: 0 PID: 7929 Comm: kworker/u5:0 Tainted: G W 6.1.120-syzkaller-00773-g52f863f820fd #0 [ 509.346552][ T7929] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 509.356754][ T7929] Workqueue: hci1 hci_rx_work [ 509.361493][ T7929] Call Trace: [ 509.364801][ T7929] [ 509.367763][ T7929] dump_stack_lvl+0x1e3/0x2cb [ 509.372511][ T7929] ? nf_tcp_handle_invalid+0x642/0x642 [ 509.378031][ T7929] ? panic+0x764/0x764 [ 509.378379][ T26] audit: type=1326 audit(1734385442.551:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7972 comm="syz.4.1029" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f802bb85d19 code=0x0 [ 509.382134][ T7929] sysfs_create_dir_ns+0x2c6/0x390 [ 509.382207][ T7929] ? sysfs_warn_dup+0xa0/0xa0 [ 509.403862][ C1] vkms_vblank_simulate: vblank timer overrun [ 509.408950][ T7929] kobject_add_internal+0x6df/0xd10 [ 509.424938][ T7929] kobject_add+0x14e/0x210 [ 509.429383][ T7929] ? device_add+0x3c2/0xfd0 [ 509.433929][ T7929] ? kobject_init+0x1d0/0x1d0 [ 509.438652][ T7929] ? __raw_spin_lock_init+0x41/0x100 [ 509.443973][ T7929] ? get_device_parent+0x128/0x400 [ 509.449117][ T7929] device_add+0x476/0xfd0 [ 509.453482][ T7929] hci_conn_add_sysfs+0xe4/0x1f0 [ 509.458461][ T7929] le_conn_complete_evt+0xcc6/0x1320 [ 509.463769][ T7929] ? trace_contention_end+0x61/0x170 [ 509.469246][ T7929] ? hci_le_big_info_adv_report_evt+0x390/0x390 [ 509.475499][ T7929] ? __mutex_unlock_slowpath+0x218/0x750 [ 509.481263][ T7929] ? mutex_unlock+0x10/0x10 [ 509.485791][ T7929] ? skb_pull_data+0x10e/0x220 [ 509.490782][ T7929] hci_le_conn_complete_evt+0x188/0x410 [ 509.496429][ T7929] hci_event_packet+0xa40/0x1510 [ 509.501461][ T7929] ? hci_remote_host_features_evt+0x210/0x210 [ 509.507778][ T7929] ? bis_list+0x290/0x290 [ 509.512143][ T7929] ? do_raw_spin_unlock+0x137/0x8a0 [ 509.517422][ T7929] ? kcov_remote_start+0x4ae/0x7c0 [ 509.522610][ T7929] ? lockdep_hardirqs_on+0x90/0x130 [ 509.528303][ T7929] ? hci_send_to_monitor+0x99/0x4d0 [ 509.533603][ T7929] hci_rx_work+0x3a6/0xd10 [ 509.538109][ T7929] ? process_one_work+0x7a9/0x11d0 [ 509.543373][ T7929] process_one_work+0x8a9/0x11d0 [ 509.548395][ T7929] ? worker_detach_from_pool+0x260/0x260 [ 509.554098][ T7929] ? _raw_spin_lock_irqsave+0x120/0x120 [ 509.559745][ T7929] ? kthread_data+0x4e/0xc0 [ 509.564324][ T7929] ? wq_worker_running+0x97/0x190 [ 509.569466][ T7929] worker_thread+0xa47/0x1200 [ 509.574223][ T7929] ? _raw_spin_unlock+0x40/0x40 [ 509.579135][ T7929] ? release_firmware_map_entry+0x186/0x186 [ 509.585169][ T7929] ? _raw_spin_unlock+0x40/0x40 [ 509.590109][ T7929] kthread+0x28d/0x320 [ 509.594248][ T7929] ? worker_clr_flags+0x190/0x190 [ 509.599324][ T7929] ? kthread_blkcg+0xd0/0xd0 [ 509.603953][ T7929] ret_from_fork+0x1f/0x30 [ 509.608455][ T7929] [ 509.622007][ T7929] kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 509.637276][ T7929] Bluetooth: hci1: failed to register connection device [ 510.830166][ T4398] usb 4-1: USB disconnect, device number 12 [ 511.071846][ T4402] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 511.321907][ T4402] usb 5-1: Using ep0 maxpacket: 8 [ 511.348916][ T4402] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 511.397131][ T4402] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 511.432805][ T4402] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 511.531293][ T4402] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 511.531706][ T4402] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 511.531734][ T4402] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 511.961962][ T4402] usb 5-1: GET_CAPABILITIES returned 0 [ 511.962004][ T4402] usbtmc 5-1:16.0: can't read capabilities [ 512.154686][ T8003] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1036'. [ 512.684922][ C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 512.686302][ C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 512.686539][ C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 512.686589][ C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 512.686633][ C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 512.686676][ C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 512.686724][ C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 512.745555][ C1] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 512.745617][ C1] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 512.745855][ C1] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 512.745899][ C1] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 512.745942][ C1] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 512.745982][ C1] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 512.746193][ C1] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 512.746234][ C1] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 512.746271][ C1] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 512.780409][ T4402] usb 5-1: USB disconnect, device number 15 [ 513.491386][ T8010] loop4: detected capacity change from 0 to 64 [ 513.542938][ T8010] hfs: get root inode failed [ 516.226388][ T5203] hfsplus: b-tree write err: -5, ino 8 [ 516.481902][ T4397] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 517.353428][ T4397] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 221, changing to 11 [ 517.392782][ T4397] usb 4-1: New USB device found, idVendor=056a, idProduct=033e, bcdDevice= 0.00 [ 517.522895][ T4397] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 517.879911][ T4397] usb 4-1: config 0 descriptor?? [ 519.098138][ T8050] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1048'. [ 519.205609][ T4397] wacom 0003:056A:033E.0002: item fetching failed at offset 0/3 [ 519.338310][ T4397] wacom 0003:056A:033E.0002: parse failed [ 519.364811][ T4397] wacom: probe of 0003:056A:033E.0002 failed with error -22 [ 519.455403][ T4397] usb 4-1: USB disconnect, device number 13 [ 521.595441][ T8063] loop2: detected capacity change from 0 to 64 [ 522.593510][ T8063] hfs: get root inode failed [ 522.626359][ T8069] loop3: detected capacity change from 0 to 8 [ 522.740034][ T4349] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 523.469429][ T8077] overlayfs: failed to resolve './file1': -2 [ 524.008176][ T8089] loop2: detected capacity change from 0 to 256 [ 524.202277][ T8089] FAT-fs (loop2): Unrecognized mount option "shortnime=win95" or missing value [ 526.239629][ T8095] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1061'. [ 527.467812][ T8105] loop4: detected capacity change from 0 to 512 [ 528.254852][ T8105] EXT4-fs: Ignoring removed mblk_io_submit option [ 528.457072][ T8105] EXT4-fs: inline encryption not supported [ 528.499289][ T8105] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 528.792919][ T8105] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8803e01c, mo2=0002] [ 528.842620][ T8105] EXT4-fs (loop4): orphan cleanup on readonly fs [ 528.923156][ T8105] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz.4.1066: bg 0: block 361: padding at end of block bitmap is not set [ 529.021905][ T8118] overlayfs: failed to resolve './file1': -2 [ 529.042949][ T8105] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6170: Corrupt filesystem [ 529.103451][ T8105] EXT4-fs error (device loop4): ext4_clear_blocks:883: inode #11: comm syz.4.1066: attempt to clear invalid blocks 33619980 len 1 [ 529.251367][ T8105] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #11: comm syz.4.1066: invalid indirect mapped block 1811939328 (level 0) [ 529.405418][ T8105] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #11: comm syz.4.1066: invalid indirect mapped block 2185560079 (level 1) [ 529.435523][ T8105] EXT4-fs (loop4): 1 truncate cleaned up [ 529.441756][ T8105] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 529.528978][ T8123] loop0: detected capacity change from 0 to 64 [ 529.743065][ T8123] hfs: get root inode failed [ 531.833334][ T4248] EXT4-fs (loop4): unmounting filesystem. [ 533.543411][ T8143] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1077'. [ 533.963854][ T8146] loop0: detected capacity change from 0 to 256 [ 534.185706][ T8146] FAT-fs (loop0): Unrecognized mount option "shortnime=win95" or missing value [ 535.711251][ T8165] overlayfs: failed to resolve './file1': -2 [ 536.131346][ T8167] loop3: detected capacity change from 0 to 512 [ 536.192026][ T8167] EXT4-fs: Ignoring removed mblk_io_submit option [ 536.198587][ T8167] EXT4-fs: inline encryption not supported [ 536.203875][ T8170] loop1: detected capacity change from 0 to 64 [ 536.222394][ T8167] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 536.234240][ T8170] hfs: get root inode failed [ 536.263908][ T8167] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8803e01c, mo2=0002] [ 536.273460][ T8167] EXT4-fs (loop3): orphan cleanup on readonly fs [ 536.283041][ T8167] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz.3.1084: bg 0: block 361: padding at end of block bitmap is not set [ 536.309230][ T4349] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 536.319385][ T8167] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6170: Corrupt filesystem [ 536.430646][ T8167] EXT4-fs error (device loop3): ext4_clear_blocks:883: inode #11: comm syz.3.1084: attempt to clear invalid blocks 33619980 len 1 [ 536.520703][ T8167] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz.3.1084: invalid indirect mapped block 1811939328 (level 0) [ 536.796782][ T8167] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz.3.1084: invalid indirect mapped block 2185560079 (level 1) [ 537.159478][ T8167] EXT4-fs (loop3): 1 truncate cleaned up [ 537.189412][ T8167] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 538.949668][ T8187] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1089'. [ 539.346465][ T4257] EXT4-fs (loop3): unmounting filesystem. [ 541.760844][ T8206] loop0: detected capacity change from 0 to 256 [ 541.768283][ T8206] FAT-fs (loop0): Unrecognized mount option "shortnime=win95" or missing value [ 542.424593][ T8214] loop0: detected capacity change from 0 to 128 [ 542.979254][ T8214] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 543.256691][ T8214] ext4 filesystem being mounted at /223/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 544.058828][ T8239] binder: 8237:8239 ioctl c0306201 20000080 returned -14 [ 544.615953][ T8241] loop4: detected capacity change from 0 to 256 [ 544.712366][ T8241] FAT-fs (loop4): Unrecognized mount option "shortnime=win95" or missing value [ 544.780048][ T4349] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 546.689686][ T4254] EXT4-fs (loop0): unmounting filesystem. [ 549.520683][ T8282] loop3: detected capacity change from 0 to 256 [ 550.751861][ T4398] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 550.776187][ T8282] FAT-fs (loop3): Unrecognized mount option "shortnime=win95" or missing value [ 551.241701][ T4398] usb 1-1: Using ep0 maxpacket: 32 [ 551.252652][ T4398] usb 1-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 551.276758][ T4349] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 551.279865][ T4398] usb 1-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=58.16 [ 551.279900][ T4398] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 551.279931][ T4398] usb 1-1: Product: syz [ 551.279948][ T4398] usb 1-1: Manufacturer: syz [ 551.279965][ T4398] usb 1-1: SerialNumber: syz [ 551.281987][ T4398] usb 1-1: config 0 descriptor?? [ 551.850954][ T4398] usb 1-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 552.274823][ T8298] loop3: detected capacity change from 0 to 128 [ 552.869999][ T8298] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 552.872950][ T7969] usb 1-1: Failed to submit usb control message: -110 [ 552.873238][ T7969] usb 1-1: unable to send the bmi data to the device: -110 [ 552.873355][ T7969] usb 1-1: unable to get target info from device [ 552.873419][ T7969] usb 1-1: could not get target info (-110) [ 552.873439][ T7969] usb 1-1: could not probe fw (-110) [ 552.908028][ T8298] ext4 filesystem being mounted at /225/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 553.345054][ T8188] usb 1-1: USB disconnect, device number 9 [ 553.453451][ C0] vkms_vblank_simulate: vblank timer overrun [ 554.417482][ T8319] loop1: detected capacity change from 0 to 1024 [ 556.369233][ T8327] binder: 8326:8327 ioctl c0306201 20000080 returned -14 [ 556.788995][ T8331] hfsplus: xattr search failed [ 558.003785][ T4257] EXT4-fs (loop3): unmounting filesystem. [ 559.371668][ T4293] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 559.571621][ T4293] usb 2-1: Using ep0 maxpacket: 32 [ 559.583356][ T4293] usb 2-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 559.727324][ T4293] usb 2-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=58.16 [ 559.747298][ T4293] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 559.770438][ T4293] usb 2-1: Product: syz [ 559.784247][ T4293] usb 2-1: Manufacturer: syz [ 559.789068][ T4293] usb 2-1: SerialNumber: syz [ 559.800187][ T4293] usb 2-1: config 0 descriptor?? [ 559.928056][ T4293] usb 2-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 561.199229][ T56] usb 2-1: Failed to submit usb control message: -110 [ 561.377472][ T56] usb 2-1: unable to send the bmi data to the device: -110 [ 561.641728][ T56] usb 2-1: unable to get target info from device [ 561.648351][ T56] usb 2-1: could not get target info (-110) [ 561.655224][ T56] usb 2-1: could not probe fw (-110) [ 561.814143][ T8371] loop4: detected capacity change from 0 to 1024 [ 562.876267][ T4296] usb 2-1: USB disconnect, device number 16 [ 562.922195][ T1274] ieee802154 phy0 wpan0: encryption failed: -22 [ 562.928598][ T1274] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.053072][ T32] hfsplus: b-tree write err: -5, ino 8 [ 563.128645][ T8381] loop3: detected capacity change from 0 to 256 [ 563.137246][ T8381] FAT-fs (loop3): Unrecognized mount option "shortnime=win95" or missing value [ 563.327400][ T8385] fuse: Unknown parameter 'fd0x0000000000000003' [ 563.542409][ T22] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 563.564465][ T8387] loop3: detected capacity change from 0 to 128 [ 563.749805][ T8387] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 563.842349][ T8387] ext4 filesystem being mounted at /230/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 563.874307][ C1] vkms_vblank_simulate: vblank timer overrun [ 563.881247][ T22] usb 5-1: Using ep0 maxpacket: 8 [ 563.935626][ T22] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 564.069165][ T22] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 564.259067][ T22] usb 5-1: Product: syz [ 564.358487][ T22] usb 5-1: Manufacturer: syz [ 564.665817][ T22] usb 5-1: SerialNumber: syz [ 564.688131][ T22] usb 5-1: config 0 descriptor?? [ 564.927751][ T22] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 565.133918][ T22] dvb_usb_rtl28xxu: probe of 5-1:0.0 failed with error -32 [ 565.568187][ T8408] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1148'. [ 565.601552][ T8408] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 565.609023][ T8408] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 565.653548][ T8408] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 565.753599][ T8408] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 566.494399][ T4296] usb 5-1: USB disconnect, device number 16 [ 567.189994][ T4257] EXT4-fs (loop3): unmounting filesystem. [ 567.349458][ T8434] fuse: Unknown parameter 'fd0x0000000000000003' [ 567.451713][ T4294] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 567.701614][ T4294] usb 3-1: Using ep0 maxpacket: 32 [ 567.710058][ T4294] usb 3-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 567.741595][ T7929] block nbd0: Receive control failed (result -32) [ 567.750756][ T8424] block nbd0: shutting down sockets [ 568.545089][ T4294] usb 3-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=58.16 [ 568.663942][ T4294] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 569.181509][ T4294] usb 3-1: Product: syz [ 569.193825][ T4294] usb 3-1: Manufacturer: syz [ 569.198608][ T4294] usb 3-1: SerialNumber: syz [ 569.288517][ T4294] usb 3-1: config 0 descriptor?? [ 569.664544][ T4294] usb 3-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 569.941816][ T129] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 570.834129][ T8467] loop4: detected capacity change from 0 to 256 [ 570.880431][ T22] usb 3-1: USB disconnect, device number 17 [ 570.897516][ T8467] FAT-fs (loop4): Unrecognized mount option "shortnime=win95" or missing value [ 571.602854][ T129] usb 1-1: Using ep0 maxpacket: 8 [ 571.611745][ T4338] usb 3-1: Failed to submit usb control message: -71 [ 571.622674][ T4338] usb 3-1: unable to send the bmi data to the device: -71 [ 571.643258][ T129] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 571.717184][ T4338] usb 3-1: unable to get target info from device [ 571.754344][ T4338] usb 3-1: could not get target info (-71) [ 571.790857][ T4338] usb 3-1: could not probe fw (-71) [ 571.873521][ T129] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 571.881675][ T129] usb 1-1: Product: syz [ 571.886283][ T129] usb 1-1: Manufacturer: syz [ 571.891103][ T129] usb 1-1: SerialNumber: syz [ 571.904526][ T129] usb 1-1: config 0 descriptor?? [ 572.116702][ T129] usb 1-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 572.485693][ T8481] loop4: detected capacity change from 0 to 128 [ 573.393057][ T129] dvb_usb_rtl28xxu: probe of 1-1:0.0 failed with error -32 [ 573.474604][ T8481] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 573.484151][ T8481] ext4 filesystem being mounted at /215/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 573.767050][ T8494] overlayfs: missing 'lowerdir' [ 573.823541][ T8492] loop2: detected capacity change from 0 to 256 [ 573.850187][ T8492] FAT-fs (loop2): Unrecognized mount option "shortnime=win95" or missing value [ 574.284103][ T4248] EXT4-fs (loop4): unmounting filesystem. [ 574.358780][ T8501] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1172'. [ 574.831854][ T129] usb 1-1: USB disconnect, device number 10 [ 575.471481][ T8188] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 575.660980][ T8521] loop2: detected capacity change from 0 to 128 [ 575.683469][ T8188] usb 2-1: Using ep0 maxpacket: 32 [ 575.695152][ T8188] usb 2-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 575.728674][ T8521] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 575.740804][ T8521] ext4 filesystem being mounted at /255/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 575.828324][ T8188] usb 2-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=58.16 [ 575.911303][ T8188] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 575.935987][ T8188] usb 2-1: Product: syz [ 575.940237][ T8188] usb 2-1: Manufacturer: syz [ 575.970442][ T8188] usb 2-1: SerialNumber: syz [ 575.996928][ T8188] usb 2-1: config 0 descriptor?? [ 576.051863][ T8188] usb 2-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 577.327903][ T5203] usb 2-1: Failed to submit usb control message: -110 [ 577.346306][ T5203] usb 2-1: unable to send the bmi data to the device: -110 [ 577.353714][ T5203] usb 2-1: unable to get target info from device [ 577.360087][ T5203] usb 2-1: could not get target info (-110) [ 577.366913][ T5203] usb 2-1: could not probe fw (-110) [ 577.638867][ T8541] overlayfs: missing 'lowerdir' [ 578.377039][ T8548] loop4: detected capacity change from 0 to 256 [ 578.403732][ T8548] FAT-fs (loop4): Unrecognized mount option "shortnime=win95" or missing value [ 579.185816][ T4263] EXT4-fs (loop2): unmounting filesystem. [ 579.671714][ T4398] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 579.866333][ T4398] usb 1-1: Using ep0 maxpacket: 8 [ 579.876446][ T4398] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 579.905110][ T4398] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 579.929558][ T4398] usb 1-1: Product: syz [ 579.944772][ T4398] usb 1-1: Manufacturer: syz [ 579.958553][ T4398] usb 1-1: SerialNumber: syz [ 579.986462][ T4398] usb 1-1: config 0 descriptor?? [ 580.042515][ T4349] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 580.184399][ T8562] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1187'. [ 580.223404][ T4398] usb 1-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 580.298943][ T4294] usb 2-1: USB disconnect, device number 17 [ 580.437925][ T4398] dvb_usb_rtl28xxu: probe of 1-1:0.0 failed with error -32 [ 581.439838][ T8571] loop4: detected capacity change from 0 to 128 [ 581.996234][ T8571] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 581.999562][ T8578] overlayfs: missing 'lowerdir' [ 582.005858][ T8571] ext4 filesystem being mounted at /221/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 582.517839][ T4401] usb 1-1: USB disconnect, device number 11 [ 582.696592][ T8590] loop3: detected capacity change from 0 to 256 [ 582.708178][ T7929] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201' [ 582.709002][ T8590] FAT-fs (loop3): Unrecognized mount option "shortnime=win95" or missing value [ 582.717823][ T7929] CPU: 1 PID: 7929 Comm: kworker/u5:0 Tainted: G W 6.1.120-syzkaller-00773-g52f863f820fd #0 [ 582.717894][ T7929] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 582.717910][ T7929] Workqueue: hci2 hci_rx_work [ 582.753163][ T7929] Call Trace: [ 582.756478][ T7929] [ 582.759627][ T7929] dump_stack_lvl+0x1e3/0x2cb [ 582.764406][ T7929] ? nf_tcp_handle_invalid+0x642/0x642 [ 582.769900][ T7929] ? panic+0x764/0x764 [ 582.773995][ T7929] sysfs_create_dir_ns+0x2c6/0x390 [ 582.779117][ T7929] ? sysfs_warn_dup+0xa0/0xa0 [ 582.783811][ T7929] kobject_add_internal+0x6df/0xd10 [ 582.789042][ T7929] kobject_add+0x14e/0x210 [ 582.793473][ T7929] ? device_add+0x3c2/0xfd0 [ 582.797998][ T7929] ? kobject_init+0x1d0/0x1d0 [ 582.802703][ T7929] ? __raw_spin_lock_init+0x41/0x100 [ 582.808091][ T7929] ? get_device_parent+0x128/0x400 [ 582.813225][ T7929] device_add+0x476/0xfd0 [ 582.818245][ T7929] hci_conn_add_sysfs+0xe4/0x1f0 [ 582.823199][ T7929] le_conn_complete_evt+0xcc6/0x1320 [ 582.828503][ T7929] ? trace_contention_end+0x61/0x170 [ 582.833813][ T7929] ? hci_le_big_info_adv_report_evt+0x390/0x390 [ 582.840153][ T7929] ? __mutex_unlock_slowpath+0x218/0x750 [ 582.845807][ T7929] ? mutex_unlock+0x10/0x10 [ 582.850323][ T7929] ? skb_pull_data+0x10e/0x220 [ 582.855220][ T7929] hci_le_conn_complete_evt+0x188/0x410 [ 582.860802][ T7929] hci_event_packet+0xa40/0x1510 [ 582.865760][ T7929] ? hci_remote_host_features_evt+0x210/0x210 [ 582.871849][ T7929] ? bis_list+0x290/0x290 [ 582.876185][ T7929] ? do_raw_spin_unlock+0x137/0x8a0 [ 582.881452][ T7929] ? kcov_remote_start+0x4ae/0x7c0 [ 582.886581][ T7929] ? lockdep_hardirqs_on+0x90/0x130 [ 582.891796][ T7929] ? hci_send_to_monitor+0x99/0x4d0 [ 582.897094][ T7929] hci_rx_work+0x3a6/0xd10 [ 582.901535][ T7929] ? process_one_work+0x7a9/0x11d0 [ 582.906660][ T7929] process_one_work+0x8a9/0x11d0 [ 582.911621][ T7929] ? worker_detach_from_pool+0x260/0x260 [ 582.917276][ T7929] ? _raw_spin_lock_irqsave+0x120/0x120 [ 582.922839][ T7929] ? kthread_data+0x4e/0xc0 [ 582.927362][ T7929] ? wq_worker_running+0x97/0x190 [ 582.932482][ T7929] worker_thread+0xa47/0x1200 [ 582.937174][ T7929] ? _raw_spin_unlock+0x40/0x40 [ 582.942212][ T7929] ? release_firmware_map_entry+0x186/0x186 [ 582.948114][ T7929] ? _raw_spin_unlock+0x40/0x40 [ 582.952987][ T7929] kthread+0x28d/0x320 [ 582.957089][ T7929] ? worker_clr_flags+0x190/0x190 [ 582.962126][ T7929] ? kthread_blkcg+0xd0/0xd0 [ 582.966728][ T7929] ret_from_fork+0x1f/0x30 [ 582.971170][ T7929] [ 582.974984][ T26] audit: type=1326 audit(1734385515.891:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8587 comm="syz.0.1196" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3f62b85d19 code=0x0 [ 582.981964][ T7929] kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 583.010596][ T7929] Bluetooth: hci2: failed to register connection device [ 583.066645][ T4248] EXT4-fs (loop4): unmounting filesystem. [ 583.433225][ T8600] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1202'. [ 583.785623][ T8608] overlayfs: missing 'lowerdir' [ 584.935231][ T8621] loop3: detected capacity change from 0 to 128 [ 584.980265][ T8621] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 585.011874][ T8621] ext4 filesystem being mounted at /245/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 585.181520][ T4397] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 585.193895][ T8629] loop4: detected capacity change from 0 to 256 [ 585.225469][ T8629] FAT-fs (loop4): Unrecognized mount option "shortnime=win95" or missing value [ 585.371636][ T4397] usb 1-1: Using ep0 maxpacket: 8 [ 585.405695][ T4397] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 585.442496][ T4397] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 585.473223][ T4397] usb 1-1: Product: syz [ 585.477608][ T4397] usb 1-1: Manufacturer: syz [ 585.495922][ T4397] usb 1-1: SerialNumber: syz [ 585.572740][ T4397] usb 1-1: config 0 descriptor?? [ 585.837737][ T4397] usb 1-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 586.450531][ T4397] dvb_usb_rtl28xxu: probe of 1-1:0.0 failed with error -32 [ 586.615679][ T8639] loop4: detected capacity change from 0 to 128 [ 586.700592][ T8639] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 586.711897][ T8639] ext4 filesystem being mounted at /226/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 587.056072][ T4248] EXT4-fs (loop4): unmounting filesystem. [ 587.258205][ T4257] EXT4-fs (loop3): unmounting filesystem. [ 587.463512][ T8651] overlayfs: missing 'lowerdir' [ 588.173875][ T22] usb 1-1: USB disconnect, device number 12 [ 590.575796][ T8674] loop2: detected capacity change from 0 to 256 [ 590.620885][ T8674] FAT-fs (loop2): Unrecognized mount option "shortnime=win95" or missing value [ 591.735687][ T8687] loop1: detected capacity change from 0 to 256 [ 591.866912][ T8687] FAT-fs (loop1): Unrecognized mount option "shortnime=win95" or missing value [ 594.815026][ T8703] overlayfs: missing 'lowerdir' [ 595.700601][ T4401] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 596.781536][ T4401] usb 1-1: Using ep0 maxpacket: 8 [ 596.790751][ T4401] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 596.811455][ T4401] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 596.819499][ T4401] usb 1-1: Product: syz [ 596.831500][ T4401] usb 1-1: Manufacturer: syz [ 596.836157][ T4401] usb 1-1: SerialNumber: syz [ 596.852802][ T4401] usb 1-1: config 0 descriptor?? [ 597.066617][ T4401] usb 1-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 597.819493][ T4401] dvb_usb_rtl28xxu: probe of 1-1:0.0 failed with error -32 [ 597.907023][ T8733] loop4: detected capacity change from 0 to 1024 [ 598.258126][ T8741] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1240'. [ 598.803164][ T8742] hfsplus: xattr search failed [ 599.295636][ T8747] loop3: detected capacity change from 0 to 256 [ 599.342229][ T129] usb 1-1: USB disconnect, device number 13 [ 599.399534][ T8747] FAT-fs (loop3): Unrecognized mount option "shortnime=win95" or missing value [ 603.746369][ T4401] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 603.954036][ T4401] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 603.976987][ T4401] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 603.996357][ T4401] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 604.028024][ T4401] usb 1-1: config 0 descriptor?? [ 604.269780][ T4401] usbhid 1-1:0.0: can't add hid device: -71 [ 604.280558][ T4401] usbhid: probe of 1-1:0.0 failed with error -71 [ 604.319259][ T4401] usb 1-1: USB disconnect, device number 14 [ 605.128412][ T4401] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 605.243733][ T8800] lo speed is unknown, defaulting to 1000 [ 605.331532][ T4401] usb 1-1: Using ep0 maxpacket: 32 [ 605.340443][ T4401] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 605.379055][ T4401] usb 1-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40 [ 605.399108][ T4401] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 605.451331][ T4401] usb 1-1: config 0 descriptor?? [ 605.479053][ T4401] ldusb 1-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 605.507615][ T8811] loop4: detected capacity change from 0 to 256 [ 605.525860][ T4401] ldusb 1-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 605.667873][ T8811] FAT-fs (loop4): Unrecognized mount option "shortnime=win95" or missing value [ 606.310130][ T4294] usb 1-1: USB disconnect, device number 15 [ 606.529089][ T4353] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 606.577342][ T4294] ldusb 1-1:0.0: LD USB Device #0 now disconnected [ 609.580413][ T8843] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1271'. [ 609.618205][ T8843] netdevsim netdevsim1 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0 [ 609.661584][ T8843] netdevsim netdevsim1 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0 [ 609.680860][ T8843] netdevsim netdevsim1 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0 [ 609.721522][ T8843] netdevsim netdevsim1 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0 [ 611.395918][ T8861] loop4: detected capacity change from 0 to 1024 [ 612.100458][ T8870] overlayfs: missing 'lowerdir' [ 612.655265][ T8877] loop3: detected capacity change from 0 to 256 [ 612.719613][ T8877] FAT-fs (loop3): Unrecognized mount option "shortnime=win95" or missing value [ 613.381117][ T8886] loop3: detected capacity change from 0 to 128 [ 615.346211][ T8886] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 615.355361][ T8886] ext4 filesystem being mounted at /257/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 615.767590][ T4257] EXT4-fs (loop3): unmounting filesystem. [ 615.957592][ T8899] loop1: detected capacity change from 0 to 64 [ 616.309559][ T8899] hfs: get root inode failed [ 616.556106][ T4349] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 618.183950][ T4340] hfsplus: b-tree write err: -5, ino 8 [ 618.674353][ T8909] loop0: detected capacity change from 0 to 64 [ 618.764783][ T8916] overlayfs: missing 'lowerdir' [ 618.828272][ T8909] hfs: get root inode failed [ 621.048502][ T8937] device ipvlan0 entered promiscuous mode [ 622.011527][ T4401] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 622.229200][ T8922] device ipvlan0 entered promiscuous mode [ 622.831486][ T4401] usb 3-1: Using ep0 maxpacket: 8 [ 622.838594][ T4401] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 622.854637][ T4401] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 622.871636][ T4401] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 622.911741][ T4401] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 622.941540][ T4401] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 622.950728][ T4401] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 623.045612][ T8955] overlayfs: missing 'lowerdir' [ 623.130799][ T26] audit: type=1326 audit(1734385556.301:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8954 comm="syz.3.1304" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9f3f185d19 code=0x0 [ 623.295545][ T4401] usb 3-1: GET_CAPABILITIES returned 0 [ 623.305787][ T4401] usbtmc 3-1:16.0: can't read capabilities [ 623.564079][ C1] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 623.584147][ C0] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 623.593305][ C0] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 623.602461][ C0] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 623.611680][ C0] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 623.620891][ C0] vkms_vblank_simulate: vblank timer overrun [ 623.670169][ T8959] loop4: detected capacity change from 0 to 64 [ 623.685231][ T8959] hfs: get root inode failed [ 623.696134][ C0] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 623.706288][ C0] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 623.727458][ C0] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 623.736654][ C0] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 623.745799][ C0] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 623.754905][ C0] vkms_vblank_simulate: vblank timer overrun [ 623.763891][ C0] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 623.773047][ C0] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 623.782762][ C0] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 623.792402][ C0] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 623.801554][ C0] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 623.810714][ C0] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 623.819965][ C0] vkms_vblank_simulate: vblank timer overrun [ 623.855135][ T4349] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 623.866029][ T4296] usb 3-1: USB disconnect, device number 18 [ 624.423776][ T1274] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.430186][ T1274] ieee802154 phy1 wpan1: encryption failed: -22 [ 626.141581][ T4296] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 626.319904][ T8992] binder: 8991:8992 ioctl c0306201 20000080 returned -14 [ 627.371657][ T4296] usb 5-1: Using ep0 maxpacket: 32 [ 627.381270][ T4296] usb 5-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 627.392003][ T26] audit: type=1326 audit(1734385560.551:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8999 comm="syz.1.1321" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7ada785d19 code=0x0 [ 627.413646][ C0] vkms_vblank_simulate: vblank timer overrun [ 627.425987][ T9002] loop0: detected capacity change from 0 to 64 [ 627.435049][ T4296] usb 5-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=58.16 [ 627.458469][ T9002] hfs: get root inode failed [ 627.471591][ T4296] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 627.491274][ T4296] usb 5-1: Product: syz [ 627.501710][ T4296] usb 5-1: Manufacturer: syz [ 627.512264][ T4296] usb 5-1: SerialNumber: syz [ 627.523513][ T4349] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 627.726191][ T4296] usb 5-1: config 0 descriptor?? [ 627.753239][ T4296] usb 5-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 628.461274][ T9018] loop2: detected capacity change from 0 to 256 [ 628.509475][ T9018] FAT-fs (loop2): Unrecognized mount option "shortnime=win95" or missing value [ 628.787397][ T4397] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 628.791738][ T51] usb 5-1: Failed to submit usb control message: -110 [ 628.812509][ T51] usb 5-1: unable to send the bmi data to the device: -110 [ 628.820768][ T51] usb 5-1: unable to get target info from device [ 628.857271][ T51] usb 5-1: could not get target info (-110) [ 628.884911][ T51] usb 5-1: could not probe fw (-110) [ 628.947588][ T9026] loop2: detected capacity change from 0 to 128 [ 629.062203][ T4397] usb 4-1: Using ep0 maxpacket: 8 [ 629.103713][ T4397] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 629.195912][ T9026] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 629.206356][ T9026] ext4 filesystem being mounted at /292/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 629.474311][ T4397] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 629.534885][ T4397] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 629.612417][ T4397] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 629.642472][ T4296] usb 5-1: USB disconnect, device number 17 [ 629.687552][ T4397] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 629.725670][ T4397] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 629.745826][ T9033] loop4: detected capacity change from 0 to 256 [ 629.754579][ T9033] FAT-fs (loop4): Unrecognized mount option "shortnime=win95" or missing value [ 629.760308][ T9034] binder: 9029:9034 ioctl c0306201 20000080 returned -14 [ 630.868613][ T4397] usb 4-1: GET_CAPABILITIES returned 0 [ 630.874469][ T4397] usbtmc 4-1:16.0: can't read capabilities [ 630.895787][ T4263] EXT4-fs (loop2): unmounting filesystem. [ 631.145854][ T4294] usb 4-1: USB disconnect, device number 14 [ 631.233439][ T9053] loop0: detected capacity change from 0 to 64 [ 631.254471][ T9049] can0: slcan on ttyS3. [ 631.260530][ T9053] hfs: get root inode failed [ 631.725388][ T26] audit: type=1326 audit(1734385564.901:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9050 comm="syz.2.1330" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb05785d19 code=0x7ffc0000 [ 631.884734][ T26] audit: type=1326 audit(1734385564.921:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9050 comm="syz.2.1330" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb05785d19 code=0x7ffc0000 [ 631.909480][ T26] audit: type=1326 audit(1734385564.971:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9050 comm="syz.2.1330" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fcb05785d19 code=0x7ffc0000 [ 631.953544][ T26] audit: type=1326 audit(1734385564.971:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9050 comm="syz.2.1330" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb05785d19 code=0x7ffc0000 [ 631.981188][ T26] audit: type=1326 audit(1734385564.981:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9050 comm="syz.2.1330" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb05785d19 code=0x7ffc0000 [ 632.022645][ T26] audit: type=1326 audit(1734385564.981:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9050 comm="syz.2.1330" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fcb05785d19 code=0x7ffc0000 [ 632.085846][ T26] audit: type=1326 audit(1734385564.981:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9050 comm="syz.2.1330" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb05785d19 code=0x7ffc0000 [ 632.162563][ T9048] can0 (unregistered): slcan off ttyS3. [ 632.190425][ T26] audit: type=1326 audit(1734385564.981:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9050 comm="syz.2.1330" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb05785d19 code=0x7ffc0000 [ 632.212676][ C0] vkms_vblank_simulate: vblank timer overrun [ 632.278113][ T26] audit: type=1326 audit(1734385565.061:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9050 comm="syz.2.1330" exe="/root/syz-executor" sig=0 arch=c000003e syscall=316 compat=0 ip=0x7fcb05785d19 code=0x7ffc0000 [ 632.300315][ C0] vkms_vblank_simulate: vblank timer overrun [ 632.470446][ T26] audit: type=1326 audit(1734385565.061:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9050 comm="syz.2.1330" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb05785d19 code=0x7ffc0000 [ 633.027201][ T9073] loop3: detected capacity change from 0 to 256 [ 633.065800][ T9073] FAT-fs (loop3): Unrecognized mount option "shortnime=win95" or missing value [ 633.287354][ T9075] loop4: detected capacity change from 0 to 64 [ 633.359258][ T9075] hfs: get root inode failed [ 633.425088][ T9079] binder: 9076:9079 ioctl c0306201 20000080 returned -14 [ 634.562367][ T9085] loop3: detected capacity change from 0 to 128 [ 636.210392][ T9085] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 636.220966][ T9085] ext4 filesystem being mounted at /266/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 636.253139][ C0] vkms_vblank_simulate: vblank timer overrun [ 636.584835][ T4257] EXT4-fs (loop3): unmounting filesystem. [ 637.810454][ T22] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 638.031572][ T22] usb 4-1: Using ep0 maxpacket: 8 [ 638.046539][ T22] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 638.071801][ T22] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 638.090152][ T22] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 638.147694][ T22] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 638.427801][ T9120] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1351'. [ 638.473865][ T22] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 638.824201][ T22] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 639.502168][ T22] usb 4-1: GET_CAPABILITIES returned 0 [ 639.507835][ T22] usbtmc 4-1:16.0: can't read capabilities [ 639.826027][ C0] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 639.835198][ C0] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 639.844411][ C0] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 639.853700][ C0] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 639.862794][ C0] vkms_vblank_simulate: vblank timer overrun [ 639.881796][ C1] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 639.890954][ C1] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 639.900227][ C1] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 639.909333][ C1] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 639.918440][ C1] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 639.937232][ C0] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 639.946380][ C0] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 639.955617][ C0] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 639.964731][ C0] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 639.973929][ C0] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 639.983127][ C0] vkms_vblank_simulate: vblank timer overrun [ 639.997491][ T9130] loop0: detected capacity change from 0 to 128 [ 640.020807][ C0] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 640.030052][ C0] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 640.050323][ T4319] usb 4-1: USB disconnect, device number 15 [ 640.110372][ T9132] loop2: detected capacity change from 0 to 64 [ 640.137072][ T9132] hfs: get root inode failed [ 641.772479][ T9130] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 641.782265][ T9130] ext4 filesystem being mounted at /267/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 641.814448][ C0] vkms_vblank_simulate: vblank timer overrun [ 642.237773][ T4254] EXT4-fs (loop0): unmounting filesystem. [ 645.087921][ T9146] loop2: detected capacity change from 0 to 512 [ 645.095604][ T9146] EXT4-fs: Ignoring removed mblk_io_submit option [ 645.102268][ T9146] EXT4-fs: inline encryption not supported [ 645.120814][ T9146] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 645.179719][ T9146] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8803e01c, mo2=0002] [ 645.192101][ T9146] EXT4-fs (loop2): orphan cleanup on readonly fs [ 645.199638][ T9146] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.1363: bg 0: block 361: padding at end of block bitmap is not set [ 645.218323][ T9146] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6170: Corrupt filesystem [ 645.228025][ T9146] EXT4-fs error (device loop2): ext4_clear_blocks:883: inode #11: comm syz.2.1363: attempt to clear invalid blocks 33619980 len 1 [ 645.245784][ T9146] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.1363: invalid indirect mapped block 1811939328 (level 0) [ 645.260715][ T9146] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.1363: invalid indirect mapped block 2185560079 (level 1) [ 645.278409][ T9146] EXT4-fs (loop2): 1 truncate cleaned up [ 645.292137][ T9146] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 647.986010][ T9167] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1367'. [ 648.896962][ T4263] EXT4-fs (loop2): unmounting filesystem. [ 649.188550][ T9177] loop0: detected capacity change from 0 to 64 [ 650.961316][ T9180] loop1: detected capacity change from 0 to 128 [ 651.175836][ T9177] hfs: get root inode failed [ 651.277547][ T9180] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 651.286969][ T9180] ext4 filesystem being mounted at /269/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 651.375109][ T4353] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 651.591045][ T4247] EXT4-fs (loop1): unmounting filesystem. [ 654.396452][ T9214] binder: 9211:9214 ioctl c0306201 20000080 returned -14 [ 658.142865][ T9234] loop3: detected capacity change from 0 to 64 [ 658.213131][ T4261] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 658.228136][ T4261] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 658.251527][ T4261] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 658.264311][ T4261] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 658.265285][ T9234] hfs: get root inode failed [ 658.283298][ T4265] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 658.291688][ T4265] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 658.321896][ T9240] loop0: detected capacity change from 0 to 64 [ 658.371815][ T9237] lo speed is unknown, defaulting to 1000 [ 658.431546][ T26] kauditd_printk_skb: 2 callbacks suppressed [ 658.431567][ T26] audit: type=1326 audit(1734385591.591:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9242 comm="syz.2.1390" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fcb05785d19 code=0x0 [ 658.526583][ T9240] hfs: get root inode failed [ 659.813974][ T9255] binder: 9254:9255 ioctl c0306201 20000080 returned -14 [ 660.400417][ T7929] Bluetooth: hci1: command 0x0409 tx timeout [ 660.622869][ T32] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 661.687606][ T32] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 662.641724][ T4265] Bluetooth: hci1: command 0x041b tx timeout [ 664.867385][ T4265] Bluetooth: hci1: command 0x040f tx timeout [ 665.899672][ T32] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 666.736591][ T9316] loop0: detected capacity change from 0 to 64 [ 666.908456][ T26] audit: type=1326 audit(1734385599.911:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9309 comm="syz.2.1406" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fcb05785d19 code=0x0 [ 667.165363][ T4265] Bluetooth: hci1: command 0x0419 tx timeout [ 667.702923][ T9321] loop1: detected capacity change from 0 to 128 [ 667.905091][ T9321] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 667.933319][ T9321] ext4 filesystem being mounted at /277/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 668.159213][ T32] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 668.213252][ T9316] hfs: get root inode failed [ 668.267607][ T9237] chnl_net:caif_netlink_parms(): no params data found [ 668.339264][ T4247] EXT4-fs (loop1): unmounting filesystem. [ 670.670818][ T9340] binder: 9336:9340 ioctl c0306201 20000080 returned -14 [ 671.792678][ T9340] device team_slave_0 entered promiscuous mode [ 671.834874][ T9237] bridge0: port 1(bridge_slave_0) entered blocking state [ 671.836708][ T9237] bridge0: port 1(bridge_slave_0) entered disabled state [ 671.848156][ T9237] device bridge_slave_0 entered promiscuous mode [ 671.857004][ T9237] bridge0: port 2(bridge_slave_1) entered blocking state [ 672.071906][ T9237] bridge0: port 2(bridge_slave_1) entered disabled state [ 672.079619][ T9237] device bridge_slave_1 entered promiscuous mode [ 672.428241][ T9237] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 672.473975][ T9237] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 672.657067][ T9237] team0: Port device team_slave_0 added [ 672.820358][ T9237] team0: Port device team_slave_1 added [ 676.381931][ T26] audit: type=1326 audit(1734385609.551:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9376 comm="syz.3.1418" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9f3f185d19 code=0x0 [ 678.363987][ T9237] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 678.423141][ T9237] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 678.802726][ T9237] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 678.932815][ T9237] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 678.939957][ T9237] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 678.966017][ T9237] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 679.575431][ T9237] device hsr_slave_0 entered promiscuous mode [ 679.595703][ T9237] device hsr_slave_1 entered promiscuous mode [ 679.704112][ T9237] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 679.735837][ T9237] Cannot create hsr debugfs directory [ 681.953555][ T9237] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 681.965137][ T9445] loop2: detected capacity change from 0 to 256 [ 681.982179][ T9445] exfat: Unknown parameter 'zero_size_dir' [ 683.251681][ T9459] loop0: detected capacity change from 0 to 256 [ 683.258922][ T9459] FAT-fs (loop0): Unrecognized mount option "shortnime=win95" or missing value [ 683.666001][ T9444] loop2: detected capacity change from 0 to 32768 [ 683.978865][ T9237] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 683.987055][ T4349] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 684.051456][ T4401] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 684.395084][ T9237] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 684.448033][ T9237] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 684.511918][ T4401] usb 2-1: Using ep0 maxpacket: 8 [ 684.528072][ T4401] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 684.566201][ T4401] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 684.621417][ T4401] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 684.682496][ T4401] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 684.745296][ T4401] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 684.825322][ T4401] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 685.526752][ T32] device hsr_slave_0 left promiscuous mode [ 685.567484][ T32] device hsr_slave_1 left promiscuous mode [ 685.662114][ T32] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 685.669874][ T4401] usb 2-1: can't set config #16, error -71 [ 685.700841][ T4401] usb 2-1: USB disconnect, device number 18 [ 685.711981][ T32] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 685.755083][ T1274] ieee802154 phy0 wpan0: encryption failed: -22 [ 685.761510][ T1274] ieee802154 phy1 wpan1: encryption failed: -22 [ 685.928477][ T32] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 686.004173][ T32] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 686.077687][ T32] device bridge_slave_1 left promiscuous mode [ 686.107130][ T32] bridge0: port 2(bridge_slave_1) entered disabled state [ 687.752884][ T32] device bridge_slave_0 left promiscuous mode [ 687.794987][ T32] bridge0: port 1(bridge_slave_0) entered disabled state [ 687.897031][ T32] device veth1_macvtap left promiscuous mode [ 687.936754][ T32] device veth0_macvtap left promiscuous mode [ 687.961703][ T32] device veth1_vlan left promiscuous mode [ 687.979681][ T32] device veth0_vlan left promiscuous mode [ 688.811187][ T9493] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1444'. [ 689.652193][ T32] bond1 (unregistering): Released all slaves [ 691.204707][ T9520] loop3: detected capacity change from 0 to 64 [ 691.366701][ T9520] hfs: get root inode failed [ 692.560586][ T9538] loop1: detected capacity change from 0 to 256 [ 692.589811][ T9538] FAT-fs (loop1): Unrecognized mount option "shortnime=win95" or missing value [ 693.700972][ T9543] loop1: detected capacity change from 0 to 128 [ 693.782764][ T9543] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 693.790979][ T9547] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 693.828889][ T9543] ext4 filesystem being mounted at /292/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 693.860849][ C0] vkms_vblank_simulate: vblank timer overrun [ 694.240378][ T32] team0 (unregistering): Port device team_slave_1 removed [ 694.411697][ T32] team0 (unregistering): Port device team_slave_0 removed [ 694.540310][ T32] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 694.720049][ T32] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 695.125495][ T4247] EXT4-fs (loop1): unmounting filesystem. [ 697.616936][ T32] bond0 (unregistering): Released all slaves [ 697.799630][ T9237] 8021q: adding VLAN 0 to HW filter on device bond0 [ 697.830623][ T9237] 8021q: adding VLAN 0 to HW filter on device team0 [ 698.062434][ T4298] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 698.070394][ T4298] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 698.195070][ T4298] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 698.252017][ T4298] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 698.279909][ T4298] bridge0: port 1(bridge_slave_0) entered blocking state [ 698.288596][ T4298] bridge0: port 1(bridge_slave_0) entered forwarding state [ 698.297562][ T4298] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 698.308400][ T4298] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 698.317141][ T4298] bridge0: port 2(bridge_slave_1) entered blocking state [ 698.324688][ T4298] bridge0: port 2(bridge_slave_1) entered forwarding state [ 698.332676][ T4298] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 698.342042][ T4298] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 698.355997][ T4298] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 698.378717][ T4298] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 698.476535][ T4298] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 698.737402][ T4298] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 698.912905][ T4298] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 698.958005][ T4298] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 699.015558][ T4298] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 699.093622][ T9574] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1462'. [ 699.103064][ T4298] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 699.149609][ T9237] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 699.193550][ T4298] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 699.228952][ T4298] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 699.811516][ T9583] loop0: detected capacity change from 0 to 256 [ 700.078301][ T9583] FAT-fs (loop0): Unrecognized mount option "shortnime=win95" or missing value [ 700.365343][ T4349] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 700.452179][ T7929] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201' [ 700.461872][ T7929] CPU: 0 PID: 7929 Comm: kworker/u5:0 Tainted: G W 6.1.120-syzkaller-00773-g52f863f820fd #0 [ 700.473929][ T7929] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 700.482784][ T26] audit: type=1326 audit(1734385633.661:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9587 comm="syz.3.1466" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9f3f185d19 code=0x0 [ 700.484017][ T7929] Workqueue: hci3 hci_rx_work [ 700.505676][ C1] vkms_vblank_simulate: vblank timer overrun [ 700.510341][ T7929] Call Trace: [ 700.510354][ T7929] [ 700.522603][ T7929] dump_stack_lvl+0x1e3/0x2cb [ 700.527311][ T7929] ? nf_tcp_handle_invalid+0x642/0x642 [ 700.532793][ T7929] ? panic+0x764/0x764 [ 700.536877][ T7929] sysfs_create_dir_ns+0x2c6/0x390 [ 700.542024][ T7929] ? sysfs_warn_dup+0xa0/0xa0 [ 700.546717][ T7929] kobject_add_internal+0x6df/0xd10 [ 700.552022][ T7929] kobject_add+0x14e/0x210 [ 700.556450][ T7929] ? device_add+0x3c2/0xfd0 [ 700.560970][ T7929] ? kobject_init+0x1d0/0x1d0 [ 700.565657][ T7929] ? __raw_spin_lock_init+0x41/0x100 [ 700.571044][ T7929] ? get_device_parent+0x128/0x400 [ 700.576304][ T7929] device_add+0x476/0xfd0 [ 700.580718][ T7929] hci_conn_add_sysfs+0xe4/0x1f0 [ 700.585687][ T7929] le_conn_complete_evt+0xcc6/0x1320 [ 700.591083][ T7929] ? trace_contention_end+0x61/0x170 [ 700.596392][ T7929] ? hci_le_big_info_adv_report_evt+0x390/0x390 [ 700.602734][ T7929] ? __mutex_unlock_slowpath+0x218/0x750 [ 700.608403][ T7929] ? mutex_unlock+0x10/0x10 [ 700.612932][ T7929] ? skb_pull_data+0x10e/0x220 [ 700.617727][ T7929] hci_le_conn_complete_evt+0x188/0x410 [ 700.623309][ T7929] hci_event_packet+0xa40/0x1510 [ 700.628437][ T7929] ? hci_remote_host_features_evt+0x210/0x210 [ 700.634530][ T7929] ? bis_list+0x290/0x290 [ 700.638880][ T7929] ? do_raw_spin_unlock+0x137/0x8a0 [ 700.644101][ T7929] ? kcov_remote_start+0x4ae/0x7c0 [ 700.649233][ T7929] ? lockdep_hardirqs_on+0x90/0x130 [ 700.654446][ T7929] ? hci_send_to_monitor+0x99/0x4d0 [ 700.659656][ T7929] hci_rx_work+0x3a6/0xd10 [ 700.664123][ T7929] ? process_one_work+0x7a9/0x11d0 [ 700.669278][ T7929] process_one_work+0x8a9/0x11d0 [ 700.674270][ T7929] ? worker_detach_from_pool+0x260/0x260 [ 700.679944][ T7929] ? _raw_spin_lock_irqsave+0x120/0x120 [ 700.685517][ T7929] ? kthread_data+0x4e/0xc0 [ 700.690051][ T7929] ? wq_worker_running+0x97/0x190 [ 700.695086][ T7929] worker_thread+0xa47/0x1200 [ 700.699879][ T7929] ? _raw_spin_unlock+0x40/0x40 [ 700.704767][ T7929] ? release_firmware_map_entry+0x186/0x186 [ 700.710704][ T7929] ? _raw_spin_unlock+0x40/0x40 [ 700.715679][ T7929] kthread+0x28d/0x320 [ 700.719770][ T7929] ? worker_clr_flags+0x190/0x190 [ 700.724817][ T7929] ? kthread_blkcg+0xd0/0xd0 [ 700.729442][ T7929] ret_from_fork+0x1f/0x30 [ 700.734008][ T7929] [ 700.751452][ T7929] kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 700.764790][ T7929] Bluetooth: hci3: failed to register connection device [ 702.258613][ T4775] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 702.275513][ T4775] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 702.351970][ T9237] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 702.774991][ T9622] loop0: detected capacity change from 0 to 128 [ 702.881718][ T7929] Bluetooth: hci3: command 0x2016 tx timeout [ 703.972231][ T9622] EXT4-fs: error -4 creating inode table initialization thread [ 704.122250][ T9622] EXT4-fs (loop0): mount failed [ 704.410497][ T9642] loop1: detected capacity change from 0 to 64 [ 704.482094][ T9642] hfs: get root inode failed [ 705.777858][ T4338] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 705.805772][ T4338] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 705.825608][ T26] audit: type=1326 audit(1734385639.001:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9654 comm="syz.1.1478" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7ada785d19 code=0x0 [ 705.861784][ T4265] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201' [ 705.872003][ T4265] CPU: 0 PID: 4265 Comm: kworker/u5:7 Tainted: G W 6.1.120-syzkaller-00773-g52f863f820fd #0 [ 705.883504][ T4265] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 705.893628][ T4265] Workqueue: hci0 hci_rx_work [ 705.898374][ T4265] Call Trace: [ 705.901680][ T4265] [ 705.904721][ T4265] dump_stack_lvl+0x1e3/0x2cb [ 705.909460][ T4265] ? nf_tcp_handle_invalid+0x642/0x642 [ 705.914979][ T4265] ? panic+0x764/0x764 [ 705.919114][ T4265] sysfs_create_dir_ns+0x2c6/0x390 [ 705.924279][ T4265] ? sysfs_warn_dup+0xa0/0xa0 [ 705.929103][ T4265] kobject_add_internal+0x6df/0xd10 [ 705.934360][ T4265] kobject_add+0x14e/0x210 [ 705.938929][ T4265] ? device_add+0x3c2/0xfd0 [ 705.943491][ T4265] ? kobject_init+0x1d0/0x1d0 [ 705.948223][ T4265] ? __raw_spin_lock_init+0x41/0x100 [ 705.953540][ T4265] ? get_device_parent+0x128/0x400 [ 705.958693][ T4265] device_add+0x476/0xfd0 [ 705.963055][ T4265] hci_conn_add_sysfs+0xe4/0x1f0 [ 705.968011][ T4265] le_conn_complete_evt+0xcc6/0x1320 [ 705.973407][ T4265] ? trace_contention_end+0x61/0x170 [ 705.978763][ T4265] ? hci_le_big_info_adv_report_evt+0x390/0x390 [ 705.985021][ T4265] ? __mutex_unlock_slowpath+0x218/0x750 [ 705.990673][ T4265] ? mutex_unlock+0x10/0x10 [ 705.995306][ T4265] ? skb_pull_data+0x10e/0x220 [ 706.000096][ T4265] hci_le_conn_complete_evt+0x188/0x410 [ 706.005767][ T4265] hci_event_packet+0xa40/0x1510 [ 706.010726][ T4265] ? hci_remote_host_features_evt+0x210/0x210 [ 706.016814][ T4265] ? bis_list+0x290/0x290 [ 706.021161][ T4265] ? do_raw_spin_unlock+0x137/0x8a0 [ 706.026374][ T4265] ? kcov_remote_start+0x4ae/0x7c0 [ 706.031502][ T4265] ? lockdep_hardirqs_on+0x90/0x130 [ 706.036726][ T4265] ? hci_send_to_monitor+0x99/0x4d0 [ 706.041955][ T4265] hci_rx_work+0x3a6/0xd10 [ 706.046406][ T4265] ? process_one_work+0x7a9/0x11d0 [ 706.051529][ T4265] process_one_work+0x8a9/0x11d0 [ 706.056495][ T4265] ? worker_detach_from_pool+0x260/0x260 [ 706.062251][ T4265] ? _raw_spin_lock_irqsave+0x120/0x120 [ 706.067827][ T4265] ? kthread_data+0x4e/0xc0 [ 706.072451][ T4265] ? wq_worker_running+0x97/0x190 [ 706.077521][ T4265] worker_thread+0xa47/0x1200 [ 706.082245][ T4265] ? _raw_spin_unlock+0x40/0x40 [ 706.087123][ T4265] ? release_firmware_map_entry+0x186/0x186 [ 706.093054][ T4265] ? _raw_spin_unlock+0x40/0x40 [ 706.097960][ T4265] kthread+0x28d/0x320 [ 706.102049][ T4265] ? worker_clr_flags+0x190/0x190 [ 706.107175][ T4265] ? kthread_blkcg+0xd0/0xd0 [ 706.111776][ T4265] ret_from_fork+0x1f/0x30 [ 706.116236][ T4265] [ 706.122639][ T4265] kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 706.135992][ T4265] Bluetooth: hci0: failed to register connection device [ 706.169109][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 706.190286][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 706.515204][ T9237] device veth0_vlan entered promiscuous mode [ 706.672090][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 706.812329][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 706.880331][ T9237] device veth1_vlan entered promiscuous mode [ 706.923087][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 707.096330][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 707.134171][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 707.225585][ T9237] device veth0_macvtap entered promiscuous mode [ 707.269138][ T9237] device veth1_macvtap entered promiscuous mode [ 707.417077][ T9237] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 707.545960][ T9237] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 707.631458][ T9237] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 707.709840][ T9237] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 707.791427][ T9237] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 707.846437][ T9237] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 707.857870][ T9237] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 707.871884][ T4414] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 707.940795][ T4414] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 707.959330][ T4414] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 707.990269][ T4414] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 708.035331][ T9237] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 708.071490][ T9237] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 708.099414][ T9237] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 708.140565][ T9677] loop1: detected capacity change from 0 to 64 [ 708.151507][ T4265] Bluetooth: hci0: command 0x2016 tx timeout [ 708.161680][ T9237] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 708.191552][ T9237] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 708.202149][ T9237] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 708.213927][ T9237] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 708.223991][ T7969] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 708.254997][ T7969] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 708.257122][ T9677] hfs: get root inode failed [ 708.310836][ T9237] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 708.544956][ T9237] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 708.592542][ T9237] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 709.021552][ T9237] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 709.425019][ T4338] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 709.457391][ T4338] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 709.500578][ T9375] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 711.318860][ T4361] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 711.346862][ T4361] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 711.429657][ T5255] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 715.438020][ T9729] loop0: detected capacity change from 0 to 1024 [ 719.232554][ T7929] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201' [ 719.242991][ T7929] CPU: 1 PID: 7929 Comm: kworker/u5:0 Tainted: G W 6.1.120-syzkaller-00773-g52f863f820fd #0 [ 719.254494][ T7929] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 719.264588][ T7929] Workqueue: hci1 hci_rx_work [ 719.269324][ T7929] Call Trace: [ 719.272623][ T7929] [ 719.275601][ T7929] dump_stack_lvl+0x1e3/0x2cb [ 719.280426][ T7929] ? nf_tcp_handle_invalid+0x642/0x642 [ 719.285944][ T7929] ? panic+0x764/0x764 [ 719.290071][ T7929] sysfs_create_dir_ns+0x2c6/0x390 [ 719.295276][ T7929] ? sysfs_warn_dup+0xa0/0xa0 [ 719.300006][ T7929] kobject_add_internal+0x6df/0xd10 [ 719.305255][ T7929] kobject_add+0x14e/0x210 [ 719.309708][ T7929] ? device_add+0x3c2/0xfd0 [ 719.314232][ T7929] ? kobject_init+0x1d0/0x1d0 [ 719.318938][ T7929] ? __raw_spin_lock_init+0x41/0x100 [ 719.324241][ T7929] ? get_device_parent+0x128/0x400 [ 719.329501][ T7929] device_add+0x476/0xfd0 [ 719.333980][ T7929] hci_conn_add_sysfs+0xe4/0x1f0 [ 719.338969][ T7929] le_conn_complete_evt+0xcc6/0x1320 [ 719.344294][ T7929] ? trace_contention_end+0x61/0x170 [ 719.349616][ T7929] ? hci_le_big_info_adv_report_evt+0x390/0x390 [ 719.355890][ T7929] ? __mutex_unlock_slowpath+0x218/0x750 [ 719.361544][ T7929] ? mutex_unlock+0x10/0x10 [ 719.366058][ T7929] ? skb_pull_data+0x10e/0x220 [ 719.370845][ T7929] hci_le_conn_complete_evt+0x188/0x410 [ 719.376430][ T7929] hci_event_packet+0xa40/0x1510 [ 719.381388][ T7929] ? hci_remote_host_features_evt+0x210/0x210 [ 719.387475][ T7929] ? bis_list+0x290/0x290 [ 719.391811][ T7929] ? do_raw_spin_unlock+0x137/0x8a0 [ 719.397028][ T7929] ? kcov_remote_start+0x4ae/0x7c0 [ 719.402168][ T7929] ? lockdep_hardirqs_on+0x90/0x130 [ 719.407411][ T7929] ? hci_send_to_monitor+0x99/0x4d0 [ 719.412622][ T7929] hci_rx_work+0x3a6/0xd10 [ 719.417065][ T7929] ? process_one_work+0x7a9/0x11d0 [ 719.422188][ T7929] process_one_work+0x8a9/0x11d0 [ 719.427151][ T7929] ? worker_detach_from_pool+0x260/0x260 [ 719.432931][ T7929] ? _raw_spin_lock_irqsave+0x120/0x120 [ 719.438583][ T7929] ? kthread_data+0x4e/0xc0 [ 719.443195][ T7929] ? wq_worker_running+0x97/0x190 [ 719.448317][ T7929] worker_thread+0xa47/0x1200 [ 719.453008][ T7929] ? _raw_spin_unlock+0x40/0x40 [ 719.457878][ T7929] ? release_firmware_map_entry+0x186/0x186 [ 719.463784][ T7929] ? _raw_spin_unlock+0x40/0x40 [ 719.468661][ T7929] kthread+0x28d/0x320 [ 719.472741][ T7929] ? worker_clr_flags+0x190/0x190 [ 719.477776][ T7929] ? kthread_blkcg+0xd0/0xd0 [ 719.482374][ T7929] ret_from_fork+0x1f/0x30 [ 719.486816][ T7929] [ 719.492777][ T7929] kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 719.506635][ T7929] Bluetooth: hci1: failed to register connection device [ 719.528267][ T26] audit: type=1326 audit(1734385652.701:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9765 comm="syz.5.1501" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f706bf85d19 code=0x0 [ 719.565085][ T9768] loop1: detected capacity change from 0 to 256 [ 719.573111][ T9768] FAT-fs (loop1): Unrecognized mount option "shortnime=win95" or missing value [ 719.647148][ T4349] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 721.857040][ T4265] Bluetooth: hci1: command 0x2016 tx timeout [ 721.874700][ T4361] hfsplus: b-tree write err: -5, ino 8 [ 724.807974][ T9811] binder: 9810:9811 ioctl c0306201 20000080 returned -14 [ 727.571286][ T9833] loop1: detected capacity change from 0 to 512 [ 727.599180][ T9833] EXT4-fs: Ignoring removed mblk_io_submit option [ 727.715200][ T9833] EXT4-fs: inline encryption not supported [ 727.786065][ T9833] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 728.042086][ T9833] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8803e01c, mo2=0002] [ 728.314663][ T9833] EXT4-fs (loop1): orphan cleanup on readonly fs [ 728.489480][ T9833] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz.1.1513: bg 0: block 361: padding at end of block bitmap is not set [ 728.602499][ T9833] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6170: Corrupt filesystem [ 728.612329][ T9833] EXT4-fs error (device loop1): ext4_clear_blocks:883: inode #11: comm syz.1.1513: attempt to clear invalid blocks 33619980 len 1 [ 728.627368][ T9833] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #11: comm syz.1.1513: invalid indirect mapped block 1811939328 (level 0) [ 728.696570][ T9833] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #11: comm syz.1.1513: invalid indirect mapped block 2185560079 (level 1) [ 728.729811][ T9833] EXT4-fs (loop1): 1 truncate cleaned up [ 728.763234][ T9833] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 729.161053][ T4294] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 729.351575][ T4294] usb 3-1: Using ep0 maxpacket: 8 [ 729.357911][ T4294] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 729.357947][ T4294] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 729.357974][ T4294] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 729.358002][ T4294] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 729.358043][ T4294] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 729.358069][ T4294] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 730.526609][ T9855] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1517'. [ 730.982176][ T4247] EXT4-fs (loop1): unmounting filesystem. [ 731.004706][ T4294] usb 3-1: usb_control_msg returned -71 [ 731.010358][ T4294] usbtmc 3-1:16.0: can't read capabilities [ 731.084208][ T4294] usb 3-1: USB disconnect, device number 19 [ 736.535114][ T4265] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 736.545301][ T26] audit: type=1326 audit(1734385669.721:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9874 comm="syz.3.1523" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9f3f185d19 code=0x0 [ 736.604154][ T9879] binder: 9877:9879 ioctl c0306201 20000080 returned -14 [ 741.535702][ T9909] loop0: detected capacity change from 0 to 64 [ 741.597545][ T9909] hfs: get root inode failed [ 746.461611][ T9875] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 746.851630][ T9875] usb 2-1: Using ep0 maxpacket: 8 [ 746.880007][ T9875] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 746.921957][ T9875] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 746.953975][ T9875] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 746.986577][ T9875] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 747.041490][ T9875] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 747.050860][ T9875] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 747.194751][ T1274] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.201251][ T1274] ieee802154 phy1 wpan1: encryption failed: -22 [ 747.295833][ T9875] usb 2-1: usb_control_msg returned -71 [ 747.302481][ T9875] usbtmc 2-1:16.0: can't read capabilities [ 747.352309][ T9875] usb 2-1: USB disconnect, device number 19 [ 748.587631][ T9976] loop2: detected capacity change from 0 to 64 [ 748.644884][ T9976] hfs: get root inode failed [ 754.590275][T10052] loop2: detected capacity change from 0 to 1024 [ 754.713032][ T4265] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 756.209543][ T4340] hfsplus: b-tree write err: -5, ino 8 [ 756.850214][T10088] tipc: Started in network mode [ 756.855367][T10088] tipc: Node identity fe80000000000000000000000000001, cluster identity 4711 [ 756.872573][T10088] tipc: Enabled bearer , priority 10 [ 757.993170][ T9875] tipc: Node number set to 4269801488 [ 758.356384][T10107] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1575'. [ 759.374752][T10115] loop5: detected capacity change from 0 to 1024 [ 761.155093][ T4325] hfsplus: b-tree write err: -5, ino 8 [ 764.165978][T10168] loop5: detected capacity change from 0 to 1024 [ 765.604489][ T51] hfsplus: b-tree write err: -5, ino 8 [ 767.157636][T10200] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1598'. [ 767.305996][T10204] loop1: detected capacity change from 0 to 256 [ 767.373839][T10204] FAT-fs (loop1): Unrecognized mount option "shortnime=win95" or missing value [ 769.043529][T10225] loop3: detected capacity change from 0 to 1024 [ 770.212608][ T4325] hfsplus: b-tree write err: -5, ino 8 [ 774.493193][T10266] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1613'. [ 774.995095][T10274] netdevsim netdevsim5 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 775.004561][T10274] netdevsim netdevsim5 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 775.013745][T10274] netdevsim netdevsim5 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 775.022652][T10274] netdevsim netdevsim5 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 777.680212][T10290] loop0: detected capacity change from 0 to 1024 [ 778.942315][ T4340] hfsplus: b-tree write err: -5, ino 8 [ 779.058959][T10302] loop1: detected capacity change from 0 to 512 [ 779.090318][T10302] EXT4-fs: Ignoring removed mblk_io_submit option [ 779.120051][T10302] EXT4-fs: inline encryption not supported [ 779.142310][T10302] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 779.322828][T10302] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8803e01c, mo2=0002] [ 779.352727][T10302] EXT4-fs (loop1): orphan cleanup on readonly fs [ 780.260835][T10302] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz.1.1621: bg 0: block 361: padding at end of block bitmap is not set [ 780.360079][T10302] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6170: Corrupt filesystem [ 780.369436][T10302] EXT4-fs error (device loop1): ext4_clear_blocks:883: inode #11: comm syz.1.1621: attempt to clear invalid blocks 33619980 len 1 [ 780.477879][ T26] audit: type=1326 audit(1734385713.651:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10313 comm="syz.0.1624" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3f62b85d19 code=0x0 [ 780.488378][T10302] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #11: comm syz.1.1621: invalid indirect mapped block 1811939328 (level 0) [ 780.543348][T10302] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #11: comm syz.1.1621: invalid indirect mapped block 2185560079 (level 1) [ 780.995304][T10302] EXT4-fs (loop1): 1 truncate cleaned up [ 781.001046][T10302] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 781.348371][T10328] loop0: detected capacity change from 0 to 256 [ 781.392306][T10328] FAT-fs (loop0): Unrecognized mount option "shortnime=win95" or missing value [ 781.508153][ T4349] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 782.592948][ T4247] EXT4-fs (loop1): unmounting filesystem. [ 782.925513][ T4397] usb 6-1: new full-speed USB device number 2 using dummy_hcd [ 784.793305][ T4397] usb 6-1: config 1 interface 0 has no altsetting 0 [ 784.814726][ T4397] usb 6-1: New USB device found, idVendor=16c0, idProduct=05e1, bcdDevice= 0.40 [ 784.858507][ T4397] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 784.871259][ T4397] usb 6-1: Product: syz [ 784.876604][ T4397] usb 6-1: Manufacturer: syz [ 784.881260][ T4397] usb 6-1: SerialNumber: syz [ 784.900410][T10373] loop2: detected capacity change from 0 to 256 [ 784.937346][T10373] FAT-fs (loop2): Unrecognized mount option "shortnime=win95" or missing value [ 785.058680][ T4353] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 785.143995][ T4397] usbhid 6-1:1.0: can't add hid device: -71 [ 785.341566][ T4265] Bluetooth: hci1: command 0x0406 tx timeout [ 785.683392][T10373] loop2: detected capacity change from 0 to 128 [ 785.726982][ T4397] usbhid: probe of 6-1:1.0 failed with error -71 [ 785.742396][ T4397] usb 6-1: USB disconnect, device number 2 [ 785.849539][T10373] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 785.858842][T10373] ext4 filesystem being mounted at /359/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 786.106896][ T4263] EXT4-fs (loop2): unmounting filesystem. [ 788.746446][T10407] loop5: detected capacity change from 0 to 512 [ 788.835981][T10407] EXT4-fs: Ignoring removed mblk_io_submit option [ 788.876820][T10407] EXT4-fs: inline encryption not supported [ 788.921633][T10407] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 788.977843][T10407] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8803e01c, mo2=0002] [ 789.002623][T10407] EXT4-fs (loop5): orphan cleanup on readonly fs [ 789.050775][T10407] EXT4-fs error (device loop5): ext4_validate_block_bitmap:438: comm syz.5.1642: bg 0: block 361: padding at end of block bitmap is not set [ 789.081074][T10407] EXT4-fs error (device loop5) in ext4_mb_clear_bb:6170: Corrupt filesystem [ 789.161687][T10407] EXT4-fs error (device loop5): ext4_clear_blocks:883: inode #11: comm syz.5.1642: attempt to clear invalid blocks 33619980 len 1 [ 789.202101][T10407] EXT4-fs error (device loop5): ext4_free_branches:1030: inode #11: comm syz.5.1642: invalid indirect mapped block 1811939328 (level 0) [ 789.252210][T10407] EXT4-fs error (device loop5): ext4_free_branches:1030: inode #11: comm syz.5.1642: invalid indirect mapped block 2185560079 (level 1) [ 789.319634][T10407] EXT4-fs (loop5): 1 truncate cleaned up [ 789.352416][T10407] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 791.140976][T10407] EXT4-fs (loop5): ext4_remount: Checksum for group 0 failed (17031!=33349) [ 791.339117][ T9237] EXT4-fs (loop5): unmounting filesystem. [ 793.547611][T10457] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1650'. [ 795.186424][T10474] loop5: detected capacity change from 0 to 256 [ 795.247220][T10474] FAT-fs (loop5): Unrecognized mount option "shortnime=win95" or missing value [ 797.150891][T10496] loop2: detected capacity change from 0 to 64 [ 797.263662][T10496] hfs: get root inode failed [ 797.580683][ T41] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 798.391919][ T41] usb 2-1: Using ep0 maxpacket: 32 [ 798.406308][ T41] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 798.425481][ T41] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 798.484977][ T41] usb 2-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=58.16 [ 798.501385][ T41] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 798.510766][ T41] usb 2-1: Product: syz [ 798.635301][ T41] usb 2-1: Manufacturer: syz [ 798.680246][ T41] usb 2-1: SerialNumber: syz [ 798.853689][ T41] usb 2-1: config 0 descriptor?? [ 799.050842][ T41] usb 2-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 800.072102][ T7878] usb 2-1: Failed to submit usb control message: -110 [ 800.079880][ T7878] usb 2-1: unable to send the bmi data to the device: -110 [ 800.189895][ T7878] usb 2-1: unable to get target info from device [ 800.679853][ T7878] usb 2-1: could not get target info (-110) [ 800.686274][ T7878] usb 2-1: could not probe fw (-110) [ 800.883989][T10527] loop5: detected capacity change from 0 to 256 [ 800.922781][T10527] FAT-fs (loop5): Unrecognized mount option "shortnime=win95" or missing value [ 800.985435][ T4349] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 801.241396][ T129] usb 2-1: USB disconnect, device number 20 [ 805.601528][T10546] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1669'. [ 806.197224][T10548] loop5: detected capacity change from 0 to 64 [ 806.301904][T10548] hfs: get root inode failed [ 807.246250][T10560] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1676'. [ 807.468083][T10562] loop5: detected capacity change from 0 to 256 [ 807.492378][T10562] FAT-fs (loop5): Unrecognized mount option "shortnime=win95" or missing value [ 810.367803][ T1274] ieee802154 phy0 wpan0: encryption failed: -22 [ 812.040030][T10593] netlink: 'syz.0.1686': attribute type 10 has an invalid length. [ 812.081457][T10593] netlink: 55 bytes leftover after parsing attributes in process `syz.0.1686'. [ 812.096591][T10595] loop2: detected capacity change from 0 to 64 [ 812.141588][T10595] hfs: get root inode failed [ 812.451667][T10602] loop1: detected capacity change from 0 to 64 [ 812.609187][T10602] hfs: get root inode failed [ 813.570272][T10609] loop3: detected capacity change from 0 to 256 [ 813.596790][T10609] FAT-fs (loop3): Unrecognized mount option "shortnime=win95" or missing value [ 816.214174][T10625] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1693'. [ 818.283003][T10636] loop1: detected capacity change from 0 to 256 [ 818.383423][T10636] FAT-fs (loop1): Unrecognized mount option "shortnime=win95" or missing value [ 818.895716][T10645] loop1: detected capacity change from 0 to 128 [ 818.958504][T10645] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 818.967906][T10645] ext4 filesystem being mounted at /338/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 819.101418][T10651] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 819.202352][ T4247] EXT4-fs (loop1): unmounting filesystem. [ 819.259700][T10653] netlink: 300 bytes leftover after parsing attributes in process `syz.2.1701'. [ 819.338783][T10656] loop1: detected capacity change from 0 to 256 [ 819.385824][T10656] FAT-fs (loop1): Unrecognized mount option "shortnime=win95" or missing value [ 821.146532][T10677] loop0: detected capacity change from 0 to 512 [ 821.187940][T10677] EXT4-fs: Ignoring removed mblk_io_submit option [ 821.228027][T10677] EXT4-fs: inline encryption not supported [ 821.257915][T10677] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 821.346020][T10677] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8803e01c, mo2=0002] [ 821.381254][T10677] EXT4-fs (loop0): orphan cleanup on readonly fs [ 821.534126][T10677] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz.0.1708: bg 0: block 361: padding at end of block bitmap is not set [ 821.752588][T10677] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6170: Corrupt filesystem [ 821.763130][T10677] EXT4-fs error (device loop0): ext4_clear_blocks:883: inode #11: comm syz.0.1708: attempt to clear invalid blocks 33619980 len 1 [ 821.885241][T10677] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #11: comm syz.0.1708: invalid indirect mapped block 1811939328 (level 0) [ 821.903830][T10677] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #11: comm syz.0.1708: invalid indirect mapped block 2185560079 (level 1) [ 821.927685][T10677] EXT4-fs (loop0): 1 truncate cleaned up [ 822.069522][T10677] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 823.600607][T10691] loop2: detected capacity change from 0 to 256 [ 823.634970][T10691] FAT-fs (loop2): Unrecognized mount option "shortnime=win95" or missing value [ 823.947688][T10692] loop2: detected capacity change from 0 to 128 [ 823.985412][T10692] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 823.995492][T10692] ext4 filesystem being mounted at /376/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 824.489070][ T4263] EXT4-fs (loop2): unmounting filesystem. [ 824.679530][ T4254] EXT4-fs (loop0): unmounting filesystem. [ 824.835817][T10699] loop3: detected capacity change from 0 to 256 [ 824.859216][T10699] FAT-fs (loop3): Unrecognized mount option "shortnime=win95" or missing value [ 824.997552][ T4353] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 829.226659][T10729] loop1: detected capacity change from 0 to 256 [ 829.829222][T10729] FAT-fs (loop1): Unrecognized mount option "shortnime=win95" or missing value [ 829.887318][T10735] loop5: detected capacity change from 0 to 512 [ 829.889527][T10736] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 829.902495][T10735] EXT4-fs: Ignoring removed mblk_io_submit option [ 829.941783][T10735] EXT4-fs: inline encryption not supported [ 830.097530][T10735] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 830.119059][T10736] netlink: 'syz.2.1728': attribute type 10 has an invalid length. [ 830.138502][T10735] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8803e01c, mo2=0002] [ 830.150651][T10737] loop1: detected capacity change from 0 to 128 [ 830.172548][T10735] EXT4-fs (loop5): orphan cleanup on readonly fs [ 830.177558][T10736] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 830.221795][T10737] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 830.232025][T10737] ext4 filesystem being mounted at /343/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 830.264049][ C1] vkms_vblank_simulate: vblank timer overrun [ 830.294841][T10735] EXT4-fs error (device loop5): ext4_validate_block_bitmap:438: comm syz.5.1727: bg 0: block 361: padding at end of block bitmap is not set [ 830.331965][T10735] EXT4-fs error (device loop5) in ext4_mb_clear_bb:6170: Corrupt filesystem [ 830.449074][T10735] EXT4-fs error (device loop5): ext4_clear_blocks:883: inode #11: comm syz.5.1727: attempt to clear invalid blocks 33619980 len 1 [ 830.472654][T10735] EXT4-fs error (device loop5): ext4_free_branches:1030: inode #11: comm syz.5.1727: invalid indirect mapped block 1811939328 (level 0) [ 830.473552][ T4247] EXT4-fs (loop1): unmounting filesystem. [ 830.527317][T10735] EXT4-fs error (device loop5): ext4_free_branches:1030: inode #11: comm syz.5.1727: invalid indirect mapped block 2185560079 (level 1) [ 830.550836][T10744] loop3: detected capacity change from 0 to 256 [ 830.559072][T10744] FAT-fs (loop3): Unrecognized mount option "shortnime=win95" or missing value [ 830.579220][T10735] EXT4-fs (loop5): 1 truncate cleaned up [ 830.587755][T10736] netlink: 'syz.2.1728': attribute type 10 has an invalid length. [ 830.588731][T10735] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 830.624600][ T4353] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 830.650307][T10736] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1728'. [ 830.803741][T10736] batman_adv: batadv0: Adding interface: vlan1 [ 830.825457][T10736] batman_adv: batadv0: The MTU of interface vlan1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 830.867355][T10736] batman_adv: batadv0: Interface activated: vlan1 [ 834.233142][ T9237] EXT4-fs (loop5): unmounting filesystem. [ 835.390392][T10778] loop2: detected capacity change from 0 to 256 [ 835.411572][ T22] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 835.440536][T10778] FAT-fs (loop2): Unrecognized mount option "shortnime=win95" or missing value [ 835.731451][ T22] usb 1-1: Using ep0 maxpacket: 8 [ 835.738535][ T22] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 835.761371][ T22] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 835.771254][ T22] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 835.787880][T10783] loop2: detected capacity change from 0 to 128 [ 835.797723][ T22] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 835.811596][ T22] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 835.821027][ T22] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 835.830427][T10783] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 835.861180][T10783] ext4 filesystem being mounted at /383/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 835.893240][ C1] vkms_vblank_simulate: vblank timer overrun [ 835.915558][T10780] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 836.456576][ T4263] EXT4-fs (loop2): unmounting filesystem. [ 836.471983][ T22] usb 1-1: GET_CAPABILITIES returned 0 [ 836.478868][ T22] usbtmc 1-1:16.0: can't read capabilities [ 836.695733][ T4294] usb 1-1: USB disconnect, device number 16 [ 836.799192][T10793] loop2: detected capacity change from 0 to 256 [ 836.858110][T10793] FAT-fs (loop2): Unrecognized mount option "shortnime=win95" or missing value [ 837.008071][T10795] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 837.137165][T10795] netlink: 'syz.1.1744': attribute type 10 has an invalid length. [ 837.392294][T10795] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 839.362652][ T7] kworker/dying (7) used greatest stack depth: 18624 bytes left [ 839.955608][T10825] loop2: detected capacity change from 0 to 256 [ 839.997519][T10825] FAT-fs (loop2): Unrecognized mount option "shortnime=win95" or missing value [ 840.614845][T10831] loop2: detected capacity change from 0 to 128 [ 840.656453][T10831] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 840.665377][T10831] ext4 filesystem being mounted at /386/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 840.761518][T10836] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 840.920482][ T4263] EXT4-fs (loop2): unmounting filesystem. [ 842.132091][ C0] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 843.280895][T10859] netlink: zone id is out of range [ 843.288071][T10859] netlink: set zone limit has 4 unknown bytes [ 843.666438][T10861] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 843.731039][T10861] netlink: 'syz.1.1762': attribute type 10 has an invalid length. [ 845.730891][T10879] loop5: detected capacity change from 0 to 256 [ 845.739897][T10879] FAT-fs (loop5): Unrecognized mount option "shortnime=win95" or missing value [ 845.804041][T10881] loop1: detected capacity change from 0 to 512 [ 845.819953][T10881] EXT4-fs: Ignoring removed mblk_io_submit option [ 845.921545][T10881] EXT4-fs: inline encryption not supported [ 845.970381][T10881] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 846.014841][T10881] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8803e01c, mo2=0002] [ 846.029143][T10882] loop5: detected capacity change from 0 to 128 [ 846.089225][T10882] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 846.101906][T10882] ext4 filesystem being mounted at /63/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 846.151641][T10881] EXT4-fs (loop1): orphan cleanup on readonly fs [ 846.161164][T10881] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz.1.1768: bg 0: block 361: padding at end of block bitmap is not set [ 846.218723][T10881] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6170: Corrupt filesystem [ 846.254844][T10881] EXT4-fs error (device loop1): ext4_clear_blocks:883: inode #11: comm syz.1.1768: attempt to clear invalid blocks 33619980 len 1 [ 846.339489][T10881] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #11: comm syz.1.1768: invalid indirect mapped block 1811939328 (level 0) [ 846.435029][T10881] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #11: comm syz.1.1768: invalid indirect mapped block 2185560079 (level 1) [ 846.478248][T10881] EXT4-fs (loop1): 1 truncate cleaned up [ 846.676292][T10881] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 846.704628][ T9237] EXT4-fs (loop5): unmounting filesystem. [ 847.598507][T10897] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 849.552433][ T4247] EXT4-fs (loop1): unmounting filesystem. [ 849.700228][T10916] loop3: detected capacity change from 0 to 256 [ 849.864844][T10916] FAT-fs (loop3): Unrecognized mount option "shortnime=win95" or missing value [ 850.361008][T10921] loop3: detected capacity change from 0 to 128 [ 850.422780][T10921] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 850.431688][T10921] ext4 filesystem being mounted at /359/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 850.678565][ T4257] EXT4-fs (loop3): unmounting filesystem. [ 850.869675][T10937] loop3: detected capacity change from 0 to 256 [ 850.905173][T10937] FAT-fs (loop3): Unrecognized mount option "shortnime=win95" or missing value [ 850.983217][ T4349] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 851.403336][T10947] loop3: detected capacity change from 0 to 128 [ 853.243248][T10947] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 853.252222][T10947] ext4 filesystem being mounted at /360/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 853.745323][ T4257] EXT4-fs (loop3): unmounting filesystem. [ 853.808627][T10955] loop1: detected capacity change from 0 to 512 [ 853.912141][T10955] EXT4-fs: Ignoring removed mblk_io_submit option [ 853.918735][T10955] EXT4-fs: inline encryption not supported [ 854.142250][T10955] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 854.193633][T10955] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8803e01c, mo2=0002] [ 854.213358][T10955] EXT4-fs (loop1): orphan cleanup on readonly fs [ 854.251218][T10955] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz.1.1786: bg 0: block 361: padding at end of block bitmap is not set [ 854.436014][T10964] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 854.459053][T10955] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6170: Corrupt filesystem [ 854.847107][T10955] EXT4-fs error (device loop1): ext4_clear_blocks:883: inode #11: comm syz.1.1786: attempt to clear invalid blocks 33619980 len 1 [ 854.902381][T10955] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #11: comm syz.1.1786: invalid indirect mapped block 1811939328 (level 0) [ 855.032485][T10955] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #11: comm syz.1.1786: invalid indirect mapped block 2185560079 (level 1) [ 855.059694][T10955] EXT4-fs (loop1): 1 truncate cleaned up [ 855.091550][T10955] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 857.308020][ T4247] EXT4-fs (loop1): unmounting filesystem. [ 857.350298][T10995] loop0: detected capacity change from 0 to 256 [ 857.373361][T10995] FAT-fs (loop0): Unrecognized mount option "shortnime=win95" or missing value [ 858.144071][T11008] loop0: detected capacity change from 0 to 128 [ 859.876259][T11008] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 859.885923][T11008] ext4 filesystem being mounted at /353/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 859.965027][T11006] Illegal XDP return value 751541696 on prog (id 291) dev N/A, expect packet loss! [ 860.442117][ T4254] EXT4-fs (loop0): unmounting filesystem. [ 861.311725][T11022] device hsr0 entered promiscuous mode [ 861.365675][T11022] device hsr_slave_0 left promiscuous mode [ 861.386829][T11022] device hsr_slave_1 left promiscuous mode [ 861.535091][T11022] device hsr0 left promiscuous mode [ 862.765807][T11040] loop2: detected capacity change from 0 to 512 [ 862.807271][T11040] EXT4-fs: Ignoring removed mblk_io_submit option [ 862.882622][T11040] EXT4-fs: inline encryption not supported [ 863.102481][T11040] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 863.362780][T11040] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8803e01c, mo2=0002] [ 863.569753][T11040] EXT4-fs (loop2): orphan cleanup on readonly fs [ 863.742063][T11040] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.1809: bg 0: block 361: padding at end of block bitmap is not set [ 863.801396][T11040] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6170: Corrupt filesystem [ 863.810702][T11040] EXT4-fs error (device loop2): ext4_clear_blocks:883: inode #11: comm syz.2.1809: attempt to clear invalid blocks 33619980 len 1 [ 863.848994][T11040] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.1809: invalid indirect mapped block 1811939328 (level 0) [ 863.888702][T11040] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.1809: invalid indirect mapped block 2185560079 (level 1) [ 863.919123][T11040] EXT4-fs (loop2): 1 truncate cleaned up [ 863.932018][T11040] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 866.538549][ T4263] EXT4-fs (loop2): unmounting filesystem. [ 867.528064][T11087] loop5: detected capacity change from 0 to 64 [ 867.548013][T11087] hfs: get root inode failed [ 867.594843][ T4349] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 869.101196][T11101] loop2: detected capacity change from 0 to 256 [ 869.159372][T11101] FAT-fs (loop2): Unrecognized mount option "shortnime=win95" or missing value [ 869.427928][T11106] loop2: detected capacity change from 0 to 128 [ 869.507706][T11106] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 869.526743][T11106] ext4 filesystem being mounted at /400/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 869.545333][T11112] loop1: detected capacity change from 0 to 256 [ 869.623990][T11112] FAT-fs (loop1): Unrecognized mount option "shortnime=win95" or missing value [ 870.831143][T11114] loop1: detected capacity change from 0 to 128 [ 870.843409][ T1274] ieee802154 phy0 wpan0: encryption failed: -22 [ 871.089879][ T4263] EXT4-fs (loop2): unmounting filesystem. [ 871.308879][T11114] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 871.318587][T11114] ext4 filesystem being mounted at /361/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 871.593289][ T4247] EXT4-fs (loop1): unmounting filesystem. [ 871.795910][T11123] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1835'. [ 876.368097][T11157] loop3: detected capacity change from 0 to 256 [ 876.592286][T11157] FAT-fs (loop3): Unrecognized mount option "shortnime=win95" or missing value [ 876.980469][T11162] loop3: detected capacity change from 0 to 128 [ 877.763074][T11162] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 877.772664][T11162] ext4 filesystem being mounted at /381/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 878.106120][ T4257] EXT4-fs (loop3): unmounting filesystem. [ 879.289425][T11187] tipc: Started in network mode [ 879.294499][T11187] tipc: Node identity 080211000001, cluster identity 4711 [ 879.302483][T11187] tipc: Enabled bearer , priority 0 [ 879.733367][ T4401] hid-generic 0001:0000:0000.0003: unknown main item tag 0x0 [ 880.043166][ T4401] hid-generic 0001:0000:0000.0003: hidraw0: HID v0.00 Device [syz0] on syz0 [ 880.511421][ T4397] tipc: Node number set to 134418688 [ 881.213244][T11198] NILFS (nullb0): couldn't find nilfs on the device [ 882.702080][T11214] [ 882.704456][T11214] ====================================================== [ 882.711500][T11214] WARNING: possible circular locking dependency detected [ 882.718527][T11214] 6.1.120-syzkaller-00773-g52f863f820fd #0 Tainted: G W [ 882.727118][T11214] ------------------------------------------------------ [ 882.734133][T11214] syz.3.1860/11214 is trying to acquire lock: [ 882.740206][T11214] ffff8880778f4c58 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_lock_killable+0x1d/0x60 [ 882.749894][T11214] [ 882.749894][T11214] but task is already holding lock: [ 882.757520][T11214] ffff88807d91e140 (&sb->s_type->i_mutex_key#12){+.+.}-{3:3}, at: generic_file_write_iter+0x7f/0x310 [ 882.768454][T11214] [ 882.768454][T11214] which lock already depends on the new lock. [ 882.768454][T11214] [ 882.778856][T11214] [ 882.778856][T11214] the existing dependency chain (in reverse order) is: [ 882.787961][T11214] [ 882.787961][T11214] -> #1 (&sb->s_type->i_mutex_key#12){+.+.}-{3:3}: [ 882.796683][T11214] lock_acquire+0x1f8/0x5a0 [ 882.801726][T11214] down_write+0x36/0x60 [ 882.806447][T11214] process_measurement+0x446/0x21b0 [ 882.812188][T11214] ima_file_mmap+0x121/0x1c0 [ 882.817738][T11214] __se_sys_remap_file_pages+0x67a/0x8b0 [ 882.823893][T11214] do_syscall_64+0x3b/0xb0 [ 882.828841][T11214] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 882.835274][T11214] [ 882.835274][T11214] -> #0 (&mm->mmap_lock){++++}-{3:3}: [ 882.842847][T11214] validate_chain+0x1661/0x5950 [ 882.848226][T11214] __lock_acquire+0x125b/0x1f80 [ 882.853633][T11214] lock_acquire+0x1f8/0x5a0 [ 882.858664][T11214] down_read_killable+0xc6/0xd10 [ 882.864137][T11214] mmap_read_lock_killable+0x1d/0x60 [ 882.869973][T11214] lock_mm_and_find_vma+0x2a7/0x2e0 [ 882.875696][T11214] exc_page_fault+0x169/0x620 [ 882.880896][T11214] asm_exc_page_fault+0x22/0x30 [ 882.886282][T11214] fault_in_readable+0x1c8/0x340 [ 882.891747][T11214] fault_in_iov_iter_readable+0xdb/0x270 [ 882.897912][T11214] generic_perform_write+0x207/0x5e0 [ 882.903722][T11214] __generic_file_write_iter+0x176/0x400 [ 882.909875][T11214] generic_file_write_iter+0xab/0x310 [ 882.915773][T11214] vfs_write+0x857/0xbc0 [ 882.920537][T11214] ksys_write+0x19c/0x2c0 [ 882.925394][T11214] do_syscall_64+0x3b/0xb0 [ 882.930349][T11214] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 882.936773][T11214] [ 882.936773][T11214] other info that might help us debug this: [ 882.936773][T11214] [ 882.946997][T11214] Possible unsafe locking scenario: [ 882.946997][T11214] [ 882.954445][T11214] CPU0 CPU1 [ 882.959893][T11214] ---- ---- [ 882.965256][T11214] lock(&sb->s_type->i_mutex_key#12); [ 882.970726][T11214] lock(&mm->mmap_lock); [ 882.977582][T11214] lock(&sb->s_type->i_mutex_key#12); [ 882.985655][T11214] lock(&mm->mmap_lock); [ 882.990042][T11214] [ 882.990042][T11214] *** DEADLOCK *** [ 882.990042][T11214] [ 882.998182][T11214] 3 locks held by syz.3.1860/11214: [ 883.003374][T11214] #0: ffff888018b91c68 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0x2ba/0x360 [ 883.012620][T11214] #1: ffff888054e16460 (sb_writers#5){.+.+}-{0:0}, at: vfs_write+0x269/0xbc0 [ 883.021518][T11214] #2: ffff88807d91e140 (&sb->s_type->i_mutex_key#12){+.+.}-{3:3}, at: generic_file_write_iter+0x7f/0x310 [ 883.032913][T11214] [ 883.032913][T11214] stack backtrace: [ 883.038831][T11214] CPU: 0 PID: 11214 Comm: syz.3.1860 Tainted: G W 6.1.120-syzkaller-00773-g52f863f820fd #0 [ 883.050236][T11214] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 883.060295][T11214] Call Trace: [ 883.063579][T11214] [ 883.066519][T11214] dump_stack_lvl+0x1e3/0x2cb [ 883.071217][T11214] ? nf_tcp_handle_invalid+0x642/0x642 [ 883.076700][T11214] ? print_circular_bug+0x12b/0x1a0 [ 883.081907][T11214] check_noncircular+0x2fa/0x3b0 [ 883.086849][T11214] ? mark_lock+0x9a/0x340 [ 883.091214][T11214] ? add_chain_block+0x850/0x850 [ 883.096158][T11214] ? lockdep_lock+0x11f/0x2a0 [ 883.100852][T11214] ? _find_first_zero_bit+0xd0/0x100 [ 883.106244][T11214] validate_chain+0x1661/0x5950 [ 883.111113][T11214] ? reacquire_held_locks+0x660/0x660 [ 883.116490][T11214] ? finish_task_switch+0x1ca/0x810 [ 883.121704][T11214] ? finish_task_switch+0x299/0x810 [ 883.126919][T11214] ? reacquire_held_locks+0x660/0x660 [ 883.132295][T11214] ? cgroup_rstat_updated+0xca/0x350 [ 883.137592][T11214] ? __lock_acquire+0x125b/0x1f80 [ 883.142636][T11214] ? memcg_rstat_updated+0x49/0x100 [ 883.147847][T11214] ? mark_lock+0x9a/0x340 [ 883.152192][T11214] __lock_acquire+0x125b/0x1f80 [ 883.157068][T11214] lock_acquire+0x1f8/0x5a0 [ 883.161581][T11214] ? mmap_read_lock_killable+0x1d/0x60 [ 883.167086][T11214] ? read_lock_is_recursive+0x10/0x10 [ 883.172473][T11214] ? __might_sleep+0xb0/0xb0 [ 883.177076][T11214] down_read_killable+0xc6/0xd10 [ 883.182108][T11214] ? mmap_read_lock_killable+0x1d/0x60 [ 883.187577][T11214] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 883.193658][T11214] ? cmp_ex_search+0x70/0x90 [ 883.198252][T11214] ? mmap_read_lock_killable+0x1d/0x60 [ 883.203891][T11214] ? bsearch+0x8e/0xb0 [ 883.207976][T11214] ? down_read_interruptible+0xc40/0xc40 [ 883.213616][T11214] ? search_extable+0xaf/0xf0 [ 883.218295][T11214] ? trim_init_extable+0x3c0/0x3c0 [ 883.223531][T11214] ? fault_in_readable+0x1c8/0x340 [ 883.228643][T11214] ? __init_rwsem+0x160/0x160 [ 883.233327][T11214] ? print_irqtrace_events+0x210/0x210 [ 883.238805][T11214] mmap_read_lock_killable+0x1d/0x60 [ 883.244098][T11214] lock_mm_and_find_vma+0x2a7/0x2e0 [ 883.249303][T11214] exc_page_fault+0x169/0x620 [ 883.253988][T11214] asm_exc_page_fault+0x22/0x30 [ 883.258877][T11214] RIP: 0010:fault_in_readable+0x1c8/0x340 [ 883.264602][T11214] Code: 24 08 4c 8d b0 ff 0f 00 00 48 89 c3 4d 01 e6 49 81 e6 00 f0 ff ff 49 39 c6 72 70 e8 d2 b1 bf ff 4c 39 f3 74 73 4c 89 64 24 10 <44> 8a 23 43 0f b6 04 2f 84 c0 75 18 44 88 64 24 40 48 81 c3 00 10 [ 883.284217][T11214] RSP: 0018:ffffc9000d21f9e0 EFLAGS: 00050287 [ 883.290291][T11214] RAX: ffffffff81caea9e RBX: 000000002010c000 RCX: 0000000000080000 [ 883.298265][T11214] RDX: ffffc9000f2ac000 RSI: 000000000001b9b8 RDI: 000000000001b9b9 [ 883.306238][T11214] RBP: ffffc9000d21fa98 R08: ffffffff81caea36 R09: ffffffff844210c5 [ 883.314216][T11214] R10: 0000000000000002 R11: ffff888026e75940 R12: 0000000000001000 [ 883.322192][T11214] R13: dffffc0000000000 R14: 000000002010d000 R15: 1ffff92001a43f44 [ 883.330288][T11214] ? fault_in_iov_iter_readable+0x45/0x270 [ 883.336107][T11214] ? fault_in_readable+0x156/0x340 [ 883.341223][T11214] ? fault_in_readable+0x1be/0x340 [ 883.346348][T11214] ? fault_in_safe_writeable+0x250/0x250 [ 883.351990][T11214] ? inode_to_bdi+0x65/0xd0 [ 883.356506][T11214] fault_in_iov_iter_readable+0xdb/0x270 [ 883.362145][T11214] generic_perform_write+0x207/0x5e0 [ 883.367463][T11214] ? generic_file_direct_write+0x460/0x460 [ 883.373364][T11214] ? __file_remove_privs+0x640/0x640 [ 883.378662][T11214] ? generic_write_checks+0x15c/0x1c0 [ 883.384040][T11214] ? clear_nonspinnable+0x60/0x60 [ 883.389074][T11214] __generic_file_write_iter+0x176/0x400 [ 883.394713][T11214] generic_file_write_iter+0xab/0x310 [ 883.400099][T11214] vfs_write+0x857/0xbc0 [ 883.404351][T11214] ? file_end_write+0x250/0x250 [ 883.409209][T11214] ? __fget_files+0x28/0x4a0 [ 883.413802][T11214] ? __fget_files+0x435/0x4a0 [ 883.418486][T11214] ? __fdget_pos+0x2ba/0x360 [ 883.423080][T11214] ? ksys_write+0x77/0x2c0 [ 883.427498][T11214] ksys_write+0x19c/0x2c0 [ 883.431828][T11214] ? print_irqtrace_events+0x210/0x210 [ 883.437305][T11214] ? __ia32_sys_read+0x80/0x80 [ 883.442093][T11214] ? syscall_enter_from_user_mode+0x2e/0x230 [ 883.448080][T11214] ? lockdep_hardirqs_on+0x94/0x130 [ 883.453283][T11214] ? syscall_enter_from_user_mode+0x2e/0x230 [ 883.459283][T11214] do_syscall_64+0x3b/0xb0 [ 883.463708][T11214] ? clear_bhb_loop+0x45/0xa0 [ 883.468389][T11214] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 883.474295][T11214] RIP: 0033:0x7f9f3f185d19 [ 883.478724][T11214] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 883.498419][T11214] RSP: 002b:00007f9f3ff45038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 883.506838][T11214] RAX: ffffffffffffffda RBX: 00007f9f3f376080 RCX: 00007f9f3f185d19 [ 883.514812][T11214] RDX: 000000000208e24b RSI: 0000000020000240 RDI: 0000000000000005 [ 883.522816][T11214] RBP: 00007f9f3f201a20 R08: 0000000000000000 R09: 0000000000000000 [ 883.530818][T11214] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 883.538792][T11214] R13: 0000000000000000 R14: 00007f9f3f376080 R15: 00007ffdf74b22d8 [ 883.546791][T11214]