last executing test programs: 3.975103985s ago: executing program 1 (id=354): syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x0, &(0x7f0000000040)={[{@nobarrier}, {@resuid}, {@barrier_val={'barrier', 0x3d, 0x9}}]}, 0x1, 0x4b0, &(0x7f0000000b80)="$eJzs3c1rXOUaAPBnZpo0SXNvP+7l0vbCbaEXej9oJh9cmlzduFIXBbHgRqHGZBprJpmQmdQmdJHqrgsXoiiIC/f+BW7syiKIa92LC6lojaCCMHLOzKT5mjhompGc3w9Oc97zTs/zvhmel3Pec05OAJl1NvknFzEYEZ9GxNFGcfMHzjZ+rN2/OZUsuajXL3+TSz+XlFsfbf2/IxGxGhF9EfH04xEv5LbHrS6vzE6Wy6XFZrlYm1soVpdXLlybm5wpzZTmR8YvTkyMD4+NTuxZX2+/9tLtSx882fv+D6/eu/v6Rx8mzRps1m3sx15qdL0njm/YdigiHn0Ywbqg0OxPf7cbwm+SfH9/iYhzaf4fjUL6bQJZUK/X6z/XD7erXq0DB1Y+PQbO5YciorGezw8NNY7h/xoD+XKlWvvv1crS/HTjWPlY9OSvXiuXhpvnCseiJ5eUR9L1B+XRLeWxiPQY+I1Cf1oemqqUp/d3qAO2ONLM//5m/n9faOQ/kBE7n/K3PSkADhBTfpBd8h+yS/5Ddsl/yC75D9kl/yG75D9kl/yH7JL/kF3yHzLpqUuXkqXeev59+vry0mzl+oXpUnV2aG5pamiqsrgwNFOpzKTP7Mz92v7KlcrCyP9i6UaxVqrWitXllStzlaX52pX0uf4rpZ596RXQieNn7nyei4jV//enS6K3WSdX4WCr13PR7WeQge4odHsAArrG1B9kl3N8YIc/0btJX7uKhb1vC7A/8t1uANA150+5/gdZZf4fssv8P2SXY3zA/D9kj/l/yK7BNu//+tOGd3cNR8SfI+KzQs/h1ru+gIMg/1UuIp8c/58/+s/BrbW9uR/TSwS9EfHyO5ffujFZqy2OJNu/Xd9ee7u5fbQb7Qc61crTVh4DANm1dv/mVGvZz7hfP9a4CWF7/EPNucm+9BrlwFpu070KuT26d2H1VkSc3Cl+rvm+88aVj4G1wrb4J5o/c41dpO09lL43fX/in9oQ/x8b4p/+3b8VyIY7yfgzvFP+5dOcjvX82zz+DO7RvRPtx7/8+vhXaDP+nekwxovvvvJl2/i3Ik7vGL8Vry+NtTV+0rbznYXP3Xvumb+1q6y/19jPTvHXdxARxdrcQrG6vHIh/TtyM6X5kfGLExPjw2OjE8V0jrrYmqne7pGTn9zdrf8DbeLv1v9k278763/89PePnz27S/x/ndv5+z+xS/z+iPhPh/G/G/3i+XZ1SfzpNv3P7xI/2TbWYfzqm094lzgA/IFUl1dmJ8vl0qIVK1asrK90e2QCHrYHSd/tlgAAAAAAAAAAAACd2o/bibvdRwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAg+CXAAAA///8zdZA") setxattr$security_ima(&(0x7f0000000100)='./file1\x00', &(0x7f0000000340), &(0x7f0000001040)=ANY=[], 0x1027, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x2a443, 0x69) 3.17834592s ago: executing program 1 (id=360): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000480)={{0x14}, [@NFT_MSG_NEWRULE={0x78, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2, 0x0, 0x5}, [@NFTA_RULE_EXPRESSIONS={0x4c, 0x4, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, @osf={{0x8}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_OSF_DREG={0x8, 0x1, 0x1, 0x0, 0x4}]}}}, {0x30, 0x1, 0x0, 0x1, @nat={{0x8}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_NAT_FLAGS={0x8}, @NFTA_NAT_TYPE={0x8}, @NFTA_NAT_REG_ADDR_MIN={0x8, 0x3, 0x1, 0x0, 0x14}, @NFTA_NAT_FAMILY={0x8, 0x2, 0x1, 0x0, 0x2}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0xa0}, 0x1, 0x0, 0x0, 0x850}, 0x0) 2.677556646s ago: executing program 2 (id=363): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a60000000060a010400000000000000000a0000010900010073797a3100000000340004803000018008000100636d700024000280080001400010000408000240000000011000038009000100407327c3600000000900020073797a32"], 0x88}, 0x1, 0x0, 0x0, 0x6040850}, 0x20000040) 2.495422021s ago: executing program 2 (id=365): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)={0x60, r1, 0x1, 0x14, 0x0, {0x3}, [@TIPC_NLA_BEARER={0x4c, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e22, 0x81, @mcast1}}, {0x14, 0x2, @in={0x2, 0x4e22, @private=0xa010105}}}}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x8880}, 0x20040000) 2.490027841s ago: executing program 1 (id=366): unshare(0x60600) r0 = syz_open_dev$loop(&(0x7f00000000c0), 0x6, 0x1) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000100)={'\x00', 0xfffd, 0xfffffff6, 0x9, 0x6, 0x9}) 2.290995858s ago: executing program 2 (id=369): r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000180)={0x5}, 0x10) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="300000001a00010000000000000000001c0000f3"], 0x30}}, 0x0) 2.249036919s ago: executing program 3 (id=370): mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000, 0x10008) creat(&(0x7f0000000040)='./file0\x00', 0x0) openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0xa4c81, 0x0) 2.242123529s ago: executing program 1 (id=371): r0 = syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPVS_CMD_NEW_DAEMON(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)={0x34, r0, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_DAEMON={0x20, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'batadv0\x00'}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}]}]}, 0x34}}, 0x0) 2.112057703s ago: executing program 2 (id=373): syz_mount_image$exfat(&(0x7f0000000000), &(0x7f0000000040)='./file1\x00', 0x2008802, &(0x7f0000000840)=ANY=[@ANYBLOB='keep_last_dots,errors=continue,errors=remount-ro,allow_utime=00000000000000000141077,discard,dmask=00000000000000000000003,iocharset=cp864,utf8,errors=continue,errors=continue,uid=', @ANYRESHEX=0xee00, @ANYBLOB="2c666d61736b3d30303030303030303030303030303030303030303031312c6572726f72733d636f6e74696e75652c6d61736b3d5e4d41595f415050454e442c64656e636f6e746578743d73797361646d5f752c736d61636b66736465663d212c6673636f6e746578743d73746166665f752c736d61636b6673726f6f743d2e212d8f2c2b2c736d61636b6673726f6f743d646d61736b2c6f626a5f747970653df12124215d293a27242c636f6e746578743d73746166665f752c00"], 0x1, 0x152f, &(0x7f00000037c0)="$eJzs3AucTVX7OPDnWWvtMSSdJrkMa61nc5LLIklySZJLkiRJkltC0iSvJCSG3JKGJCSXIbkMIblMTBr3+/2SkCRNkoTklqz/Z8r81Vvv/33f39svv/9vnu/nsz+znrP2s/ba85yzz977nJlvug6r1aR29UZEBP8R/OVHIgDEAsAgALgGAAIAKB9XPi6zP6fExP9sI+zP9VDKlZ4Bu5K4/tkb1z974/pnb1z/7I3rn71x/bM3rn/2xvVnLDvbMqPgtbxk34Xv/2dn/P7/v0hG6XFfrCt9fTeAmH81hev//z/8D3K5/v9rBf/KSlz/7I3rn13FXukJsP8B+PWfHeT4hz1c/+yN689Ydvbre8GxcOXvR//VC0Sy92cgV/r5xxhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGMsezjrL1MAkNW+0vNijDHGGGOMMcbYn8fnuNIzYIwxxhhjjDHG2H8/BAESFAQQAzkgFnJCLhAAMVn910IcXAd54XrIB/mhABSEeCgEhUGDAQsEIRSBohCFG6AY3AjFoQSUhFLgoDSUgZugLNwM5eAWKA+3QgW4DSpCJagMVeB2qAp3QDW4E6rDXVADakItqA13Qx24B+rCvVAP7oP6cD80gAegITwIjeAhaAwPQxN4BJrCo9AMmkMLaAmt/kv5L0BPeBF6QW9IhD7QF16CftAfBsBAGAQvw2B4BYbAq5AEQ2EYvAbD4XUYAW/ASBgFo+FNGANvwVgYB+NhAiTDRJgEb8NkeAemwFSYBtMhBWbATHgXZsFsmAPvwVx4H+bBfFgACyEVPoBFsBjS4ENYAh9BOiyFZbAcVsBKWAWrYQ2shXWwHjbARtgEm2ELbIVtsB12wE7YBR/DbvgE9sBe2Aefwn747N/MP/N3+d0QEFCgQIUKYzAGYzEWc2EuzI25MQ/mwQhGMA7jMC/mxXyYDwtgAYzHeCyMhdGgQULCIlgEoxjFYlgMi2NxLIkl0aHDMlgGy+LNWA7LYXksjxWwAlbESlgJq2AVrIpVsRpWw+pYHWtgDayFtfBuvBv7YF2si/WwHtbH+lm3p7ARNsLG2BibYBNsik2xGTbDFtgCW2ErbI2tsQ22wXbYDttje+yAHTABE7AjdsRO2Ak7Y2fsgl2wK3bFbtgdu2e8kAPwRXwRe2MN0Qf7Yl/sh0k5BuBAHIgv42B8BV/BVzEJh+IwfA1fw9dxBJ7GkTgKR+NorCrewrE4DklMwGRMxkk4CSfjZJyCU3EqTscUnIEzcSbOwtk4G9/Dufg+vo/zcT4uxFRMxUW4GNMwDZfgGUzHpbgMl+MKXIkrcDWuwdW4DtfjOtyIG3EzbsatuBW343bciTvxY1QA+Anuxb2YhPtxPx7AA3gQD+IhPIQZmIGH8TAewSN4FI/iMTyGx/EEnsQTeApP4Wk8g2fxLJ7H83gBn4v/qvHHJdYmgcikhBIxIkbEiliRS+QSuUVukUfkEREREXEiTuQVeUU+kU8UEAVEvIgXhUVhYYQRJMLMI4WIiqgoJoqJ4qK4KClKCiecKCPKiLKirCgnyony4lZRQdwmKopKoq2rIqqIqqKdqybuFNVFdVFD1BS1RG1RW9QRdURdUVfUE/VEfVFfNBAPiIaiDw7Ah0RmZZqIodhUDMNmormQl45QrcUIbCPainbiCTEKR2IH0doliKdFRzEWO4m/iXH4rOgiJmBX8bzoJrqLHuIF0VO0cb1EbzEF+4i+Yjr2E/3FADFQzMKa4j2cm7OWeFUkiaFimHhNLMTXxQjxhhgpRonR4k0xRrwlxopxYryYIJLFRDFJvC0mi3fEFDFVTBPTRYqYIWaKd8UsMVvMEe+JueJ9MU/MFwvEQpEqPhCLxGKRJj4US8RHIl0sFcvEcrFCrBSrxGqxRqwV68R6sUFsFJvEZrFFbBXbxHaxQ+wUu8THYrf4ROwRe8U+8anYLz4TB8Tn4qD4QhwSX4oM8ZU4LL4WR8Q34qj4VhwT34nj4oQ4Kb4Xp8QP4rQ4I86Kc+K8+FFcED+Ji8ILkCiFlFLJQMbIHDJW5pS55FUytwyyjv8yTl4n88rrZT6ZXxaQBWW8LCQLSy2NtJJkKIvIojIqb5DF5I2yuCwhS8pS0snSsoy8SZaVN8ty8hZZXt4qK8jbZEVZSVaWVeTtsqq8Q0Lkl23UkDVlLVlb3i0T4R5ZV94r68n7ZH15v2wgH5AN5YOykXxINpYPyybyEdlUPiqbyeayhWwpW8nHZGv5uGwj28p28gnZXj4pO8inZIJ8WnaU/tJT5FnZRT4nu8rnZTfZXfaQP8mL0stesreEPiD7ypdkP9lfDpAD5SD5shwsX5FD5KsySQ6Vw+Rrcrh8XY6Qb8iRcpQcLd+UY+RbcqwcJ8fLCTJZTpST5NtysnxHTpFT5TQ5XabIGXLApZHmSPlP89/+g/whP299s9wit8ptcrvcIXfKXfJjuVvulnvkHrlP7pP75X55QB6QB+VBeUgekhkyQx6Wh+UReUQelUflMXlMHpcn5Dn5vTwlf5Cn5Rl5Rp6T5+V5eeHS7wAUKqGkUipQMSqHilU5VS51lcqtrlZ51DUqoq5Vceo6lVddr/Kp/KqAKqjiVSFVWGlllFWkQlVEFVVRdQNeesKokqqUcqq0KqNu+nfyVTF1oyquSvwmP2t+if9gfq1UK9VatVZtVBvVTrVT7VV71UF1UAkqQXVUHVUn1Ul1Vp1VF9VFdVVdVTfVTfVQPVRP1VP1Ur1UokpUfdVLqp/qrwaogWqQellk7sMQNUQlqSQ1TA1Tw9VwNUKNUCPVSDVajVZj1Bg1Vo1V49V4layS1SQ1SU1Wk9UUNUVNU9NUikpRM9VMNUvNUnPUHDVXzVXz1Dy1QC1QqSpVLVKLVJpKU0vUEpWulqqlarlarlaqlWq1Wq3WqrVqvVqvNqqNKl1tUVvUNrVN7VA71C61S+1Wu9UetUftU/vUfrVfHVAH1EF1UB1Sh1SGylCH1WF1RB1RR9VRdUwdU8fVcXVSnVSn1Cl1Wp1WZ9VZdV6dVxfUBXVRXcw87QtEIAIVqCAmiAlig9ggV5AryB3kDvIEeYJIEAnigrggb3B9kC/IHxQICgbxQaGgcKADE9hAXCp6NLghKBbcGBQPSgQlg1KBC0oHZYKbgrLBzUG54JagfHBrUCG4LagYVAoqB1WC24OqwR1BteDOoHpwV1AjqBnUCmoHdwd1gnuCusG9Qb3gvqB+cH/QIHggaBg8GDQKHgoaBw8HTYJHgqbBo0GzoHnQImgZtPpTx/f+dP7HXS/dWyfqPrqvfkn30/31AD1QD9Iv68H6FT1Ev6qT9FA9TL+mh+vX9Qj9hh6pR+nR+k09Rr+lx+pxeryeoJP1RD1Jv60n63f0FD1VT9PTdYqeoWfqd/UsPVvP0e/pufp9PU/P1wv0Qp2qP9CL9GKdpj/US/RHOl0v1cv0cr1Cr9Sr9Gq9Rq/V6/R6vUFv1Jv0Zr1Fb9Xb9Ha9Q+/Uu/THerf+RO/Re/U+/anerz/TB/Tn+qD+Qh/SX+oM/ZU+rL/WR/Q3+qj+Vh/T3+nj+oQ+qb/Xp/QP+rQ+o8/qc/q8/lFf0D/pi9pnntxnvr0bZZSJMTEm1sSaXCaXyW1ymzwmj4mYiIkzcSavyWvymXymgClg4k28KWwKm0xkyBQxRUzURE0xU8wUN8VNSVPSOONMGVPGlDVlTTlTzpQ35U0FU8FUNBVNZVPZ3G5uN3eYO8yd5k5zl7nL1DQ1TW1T29QxdUxdU9fUM/VMfVPfNDANTEPT0DQyjUxj09g0MU1MU9PUNDPNTAvTwrQyrUxr09q0MW1MO9POtDftTQfTwSSYBNPRdDSdTCfT2XQ2XUwX09V0Nd1MN9PD9DA9TU/Ty/QyiSbR9DV9TT/TzwwwA8wgM8gMNoPNEDPEJJkkM8wMM8PNcDPCjDAjzSgzOvNE1bxlxppxZryZYJJNsplkJpnJZrKZYqaYaWaaSTEpZqaZaWaZWWaOmWPmmrlmnplnFpgFJtWkmkVmkUkzaWaJWWLSTbpZZpaZFWaFWWVWmTVmjVln1pkNsMFsMpvMFrPFbDPbzA6zw+wyu8xus9vsMXvMPrPP7Df7zQFzwBw0B80hc8hkmAxz2Bw2R8wRc9QcNcfMMXPcHDcnzUlzypwyp81pc9acNedN/kvvl97E2pw2l73K5rZX2zz2Gvv3cQFb0MbbQraw1Tafzf+b2Fhri9sStqQtZZ0tbcvYm34XV7SVbGVbxd5uq9o7bLXfxXXsPbauvdfWs/fZ2vbu38T17f22gX3ENkQEsM1tY9vSNrGP2Kb2UdvMNrctbEvb3j5pO9inbIJ92na0z/wuXmQX2zV2rV1n19s9dq89a8/ZI/Ybe97+aHvZ3naQfdkOtq/YIfZVm2SH/i4ebd+0Y+xbdqwdZ8fbCb+Lp9npNsXOsDPtu3aWnf27ONV+YOfaNDvPzrcL7MKf48w5pdkP7RL7kU23ASyzy+0Ku9Kusqv/71yX2412k91sd9tP7Da73e6wO+2urBNhu9fus5/a/fYze9h+bQ/aL+whe9Rm2K9+jjP376j91h6z39nj9oQ9ab+3p+wPKis7c9+/tz/Zi9ZbICQgSYoCiqEcFEs5KRddRbnpaspD11CErqU4uo7y0vWUj/JTASpI8VSICpMmQ5aIQipCRSlKN1DW9EpSKXJUmsrQTVSWbqZydAuVp1upAt1GFakSVaYqdDtVpTuoGt1J1ekuqkE1qRbVprupDt1Ddeleqkf3UX26nxrQA9SQHqRG9BA1poepCT1CTelRakbNqQW1pFb0GLWmx6kNtaV29AS1pyepAz1FCfQ0daRnqBP9jTrTs9SFnqOu9Dx1o+7Ug16gnvQi9aLelEh9qC+9RP2oPw2ggTSIXqbB9AoNoVcpiYbSMHqNhtPrNILeoJE0ikbTmzSG3qKxNI7G0wRKpok0id6myfQOTaGpNI2mUwrNoJn0Ls2i2TSH3qO59D7No/m0gBZSKn1Ai2gxpdGHtIQ+onRaSstoOa2glbSKVtMaWkvraD1toI20iTbTFtpK22g77aCdtIs+pt30Ce2hvbSPPqX99BkdoM/pIH1Bh+hLyqCv6DB9TUfoGzpK3/re9B0dpxN0kr6nU/QDnaYzdJbO0Xn6kS7QT3SRPEGIoQhlqMIgjAlzhLFhzjBXeFWYO7w6zBNeE0bCa8O48Lowb3h9mC/MHxYIC4bxYaGwcKhDE9qQwjAsEhYNo+ENYbHwxrB4WCIsGZYKXVg6LBPeFJYNbw7LhbeE5cNbwwrhbWHFsFL4yH1VwtvDquEdYbXwzrB6eFdYI6wZ1gprh3eHdcJ7wrrhvWG98L6wXHh/2CB8IGwYPhg2Ch8KG4cPh03CR8Km4aNhs7B52CJsGbYKHwtbh4+HbcK2YbvwqrB9+GTYIXwqTAifDjuGz/zcf//irP4nftefGPYJ+4YvhS+F3t8rF0QXRlOjH0QXRRdH06IfRpdEP4qmR5dGl0WXR1dEV0ZXRVdH10TXRtdF10c3RDdGN0U3R72vnQMcOuGkUy5wMS6Hi3U5XS53lcvtrnZ53DUu4q51ce46l9dd7/K5/K6AK+jiXSFX2GlnnHXkQlfEFXVRd4Mr5m50xV0JV9KVcs6VdmVcS9fKtXKt3eOujWvr2rkn3BPuSfeke8o95Z52Hd0zrpP7m+vsnnVd3HPuOfe86+a6ux7uBdfTTczzy2sy0fV1fV0/188NcAPcIDfIDXaD3RA3xCW5JDfMDXPD3XA3wo1wI91IN9qNdmPcGDfWjXXj3XiX7JLdJDfJTXaT3RQ3xU1z01yKS3Ez3Uw3y81yVWf/spV5bp5b4Ba4VJfqFrnMc8Y0t8Qtceku3S1zy9wKt8KtcqvcGrfGrXPr3Aa3wW1ym9wWt8Vtc9vcDrfD7XK73G632+3x1/wyqNvvDrgD7qA76A65L12G+8oddl+7I+4bd9R9646579xxd8KddN+7U+4Hd9qdcWfdOXfe/eguuJ/cReddcmRiZFLk7cjkyDuRKZGpkWmR6ZGUyIzIzMi7kVmR2ZE5kfcicyPvR+ZF5kcWRBZGUiMfRBZFFkfSIh9GlkQ+iqRHlkaWRZZHVkRWRrwvtC30RXxRH/U3+GL+Rl/cl/AlfSnvfGlfxt/ky/qbfTl/iy/vb/UV/G2+oq/kK/tHfTPf3LfwLX0r/5hv7R/3bXxb384/4dv7J30H/5RP8E/7jv4Z38n/zXf2z/ou/jnf1T/vu/nuvod/wff0L/pevrdP9H18X/+S7+f7+wF+oB/kX/aD/St+iH/VJ/mhfph/zQ/3r/sR/g0/0o/yo2Pe9GOyLpFhgk/2E/0k/7af7N/xU/xUP81P9yl+hp/p3/Wz/Gw/x7/n5/r3/Tw/3y/wC32q/8Av8ot9mv/QL/Ef+XS/NOumsV/lV/s1fq1f59f7DX6j3+Q3+y1+q9/mt/sdfqff5T/2u/0nfo/f6/f5T/1+/5k/4D/3B/0X/pD/0mf4r/xh/7U/4r/xR/23/pj/zh/3J/xJ/70/5X/wp/0Zf9af8+f9j/6C/8lf5L9ZY4wxxhj7l0y83BS/7fnldn6fP8gRv1q5LwBcvb1gxq/7M88oN+T7pd1fxLePAMDTvbs+lLXUqJGYmHhp3XQJQdH5AFmfBGX6+asHl+Kl0A6ehARoC2X/cP79Rffz9E/Gj94KkOtXObFwOb48/ucAmPgH4z/2xOhFFcKzcf+P8ecDFC96OScnXI6XQruf76+0hXL/YP75W/+T+ef8Ihmgza9ycsPl+PL8y8Dj8Awk/GZNxhhjjDHGGGPsF/1F5c5Z159Z3/j8o+vzeHU5Jwdcjv/Z9TljjDHGGGOMMcauvGe793jqsYSEtp3//Ua1/1LWv9xoCv9dI3PjDxveA2Q9ogDgPxwQILMh/8q92PqXbCvp0kvn77tWnPMB/M8o5Z/RuMIHJsYYY4wxxtif7vJJ/28fV1dqQowxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGWDb0V/w7sSu9j4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxtiV9n8CAAD//7wUAB0=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) getdents64(r0, &(0x7f0000001280)=""/4089, 0xff9) 2.035008466s ago: executing program 1 (id=374): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x0, 0x0}) r0 = openat$sequencer2(0xffffff9c, &(0x7f00000011c0), 0x0, 0x0) ioctl$SNDCTL_SEQ_NRMIDIS(r0, 0xc0045103, &(0x7f0000000040)) 1.857624461s ago: executing program 2 (id=375): r0 = syz_usb_connect$hid(0x2, 0x3f, &(0x7f0000000300)=ANY=[@ANYBLOB="1201000000000010d80402f000000000000109022d00010000001009040000010300000009211000fd0122050009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000002c0)={0x24, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="00220500000091"], 0x0}, 0x0) 1.805072992s ago: executing program 1 (id=377): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000040)={0x2, 0x90, "1b8ee0", 0x1, 0x7}) syz_usb_connect$uac2(0x6, 0x0, 0x0, 0x0) 1.292182069s ago: executing program 3 (id=380): r0 = syz_open_dev$tty1(0xc, 0x4, 0x2) r1 = dup(r0) write$UHID_INPUT(r1, &(0x7f00000010c0)={0xb, {"a2e3ad21ed9b52f91b5d350987f70e06d038e7ff7fc6e5539b3247298b089b3408346d090890e0878f0e1ac6e7049b3350959bfc9a240d2567f3988f7ef319520100ffe8d178708c523c921b1b9b31070d074b0936cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb056d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498be0800000000000000f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496b19443f166bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6efcffac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ec126c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b8247068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c198045651cf4778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa94a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c5409711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e24919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5136651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f411bc4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cda7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f00000000000000000000b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d53588a0f9455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70e69002bd40195af4486220d664130bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7899484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ea4cd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f031755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb24ee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000693802f00", 0x1000}}, 0x1006) 1.134060004s ago: executing program 3 (id=381): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a80000000060a0904000000000000000002000000540004803c0001800e000100696d6d656469617465000000280002801c0002801800028008000180fffffffef900020073797a32000000000800014000000000140001800c000100636f756e74657200040002800900010073797a30000000000900020073797a32"], 0xbc}}, 0x0) 1.003952379s ago: executing program 3 (id=382): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000640), 0x2082, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) ioctl$TUNSETTXFILTER(r0, 0x400454d1, &(0x7f0000000000)=ANY=[@ANYBLOB="00000900aaaaaaaaaaaa43bf91dee581aaaaaaaaaaaa0980c2000002aaaaaaaaaabbaaaaaaaaaaaa32bcaebfad9a574b6b261db7ff"]) 932.725391ms ago: executing program 0 (id=383): r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) setresuid(0x0, 0xee00, 0x0) ioctl$sock_netrom_SIOCADDRT(r0, 0x890b, 0x0) 855.570163ms ago: executing program 0 (id=384): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1e000000000000000100000007"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000340)={r0}, 0x4) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000004c0)={{r0}, 0x0, 0x0}, 0x20) 756.710266ms ago: executing program 3 (id=385): bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0x8, 0x0, 0x0}, 0x94) r0 = syz_open_dev$amidi(&(0x7f0000000140), 0x2, 0x181) ioctl$SNDRV_RAWMIDI_IOCTL_INFO(r0, 0x40045731, &(0x7f0000000000)) 752.120277ms ago: executing program 0 (id=386): syz_mount_image$reiserfs(&(0x7f0000000000), &(0x7f00000000c0)='./file1\x00', 0x8488, &(0x7f0000000140), 0xfe, 0x1103, &(0x7f0000002240)="$eJzs2T+L1EAYBvBnkvUPNpFcHwQtLOS4Y/0CVyhsa6uNyFVedVsp+m38OHqV/XG9Fgv2kbibXZEVwV0V5PeDkDcPeWcy5UwCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAg0nyqSQHVdKOWZWkJF13MbtK0o357fd1lZInp7P5o/Pp43mS+tvr5WlShq6hLe3x3ZvttJ22x+3Dg5N7H+avXr98fnZ2er4apqTL5WKvq7g1zl3vdVgAAAD4P/Q7a/7x/AAAAMCv7O0gAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOA39c2mbseiSlKSrruYXSXptvRd+0vfBwAAAOyupMqzZlu+PAbYeJCPTVnnw/1LGeqjvNvSDwAAAPxUf2NVfP9/vVzf7MfvZ7Lelw/ZnUxyeLh8frvKP58kdZKjHwa/XLx5MV6lr//0WgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvrIDxwIAAAAAwvyt0+jYAAAAAAAAAAAAAAAAAAAAYK8AAAD//+0M1yg=") mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x17d) fchownat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0xffffffffffffffff, 0x100) 661.912459ms ago: executing program 3 (id=387): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x5543, 0x42, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x7, "", [{{0x9, 0x4, 0x0, 0x8, 0x9, 0x3, 0x0, 0x3, 0x0, {0x9, 0x21, 0xa, 0x3, 0x1, {0x22, 0x29}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x2, 0x7, 0xc}}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000300)={0x2c, &(0x7f0000000100)={0x40, 0x5, 0x29, {0x29, 0x10, "17d1130552e77b9cad47c7c7c394b78d98fa4883ca47ffa3a200abea14da2b1488c0a9e1511ad0"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) 487.179235ms ago: executing program 0 (id=389): r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0) ioctl$VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000040)={0x201, 0xa, 0x1}) ioctl$VIDIOC_PREPARE_BUF(r0, 0xc058565d, &(0x7f0000000200)=@multiplanar_mmap={0x1, 0xa, 0x4, 0x2, 0xfc, {0x77359400}, {0x1, 0x2, 0xb, 0x6a, 0x2, 0x8, "0049c500"}, 0x8, 0x1, {&(0x7f00000000c0)=[{0x700, 0x3, {0x8000}, 0x3}, {0x7, 0x39, {0x4}, 0x80ffd}]}, 0x7}) 149.406396ms ago: executing program 0 (id=390): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000000)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000000c0)={0xffffffffffffffff}, 0x2, 0x9}}, 0x20) write$RDMA_USER_CM_CMD_QUERY_ROUTE(r0, &(0x7f0000000040)={0x5, 0x10, 0xfa00, {&(0x7f0000000600), r1, 0x1}}, 0x18) 74.958088ms ago: executing program 0 (id=391): r0 = syz_usb_connect(0x0, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="12010000a1121710950b2a17f4f7010203010902340001000000000904fb00026c5d650009050402100000fa000905820240"], 0x0) syz_usb_control_io$uac3(r0, 0x0, 0x0) syz_usb_control_io$rtl8150(r0, 0x0, &(0x7f0000000340)={0x2c, &(0x7f00000001c0)={0x40, 0x11, 0x6, "cd0aaa197eeb"}, 0x0, 0x0, 0x0, 0x0}) 0s ago: executing program 2 (id=392): r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000000000040341d0a0000000000000109022400010000000009040000010300000009210000000122030009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000200)={0x24, &(0x7f0000000180)=ANY=[@ANYBLOB="001116000000f36f99"], 0x0, 0x0, 0x0}, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.185' (ED25519) to the list of known hosts. [ 78.394885][ T5760] cgroup: Unknown subsys name 'net' [ 78.533916][ T5760] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 80.197404][ T5760] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 81.829546][ T5779] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 81.838332][ T5779] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 81.846492][ T5779] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 81.854752][ T5779] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 81.862539][ T5779] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 81.871466][ T5785] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 81.878908][ T5785] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 81.888002][ T5785] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 81.895976][ T5785] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 81.904722][ T5785] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 81.914246][ T5785] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 81.922069][ T5785] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 81.924136][ T5781] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 81.947541][ T5784] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 81.956460][ T5781] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 81.964376][ T5784] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 81.971619][ T5781] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 81.981294][ T5784] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 81.988847][ T5781] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 82.003408][ T5784] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 82.011089][ T5784] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 82.018392][ T5781] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 82.028056][ T5781] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 82.035778][ T5781] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 82.517730][ T5774] chnl_net:caif_netlink_parms(): no params data found [ 82.531029][ T5772] chnl_net:caif_netlink_parms(): no params data found [ 82.564555][ T5773] chnl_net:caif_netlink_parms(): no params data found [ 82.678119][ T5771] chnl_net:caif_netlink_parms(): no params data found [ 82.811501][ T5774] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.819284][ T5774] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.827028][ T5774] bridge_slave_0: entered allmulticast mode [ 82.834102][ T5774] bridge_slave_0: entered promiscuous mode [ 82.864985][ T5773] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.872325][ T5773] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.879912][ T5773] bridge_slave_0: entered allmulticast mode [ 82.887745][ T5773] bridge_slave_0: entered promiscuous mode [ 82.902122][ T5774] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.910114][ T5774] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.917410][ T5774] bridge_slave_1: entered allmulticast mode [ 82.924443][ T5774] bridge_slave_1: entered promiscuous mode [ 82.932837][ T5772] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.940593][ T5772] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.948092][ T5772] bridge_slave_0: entered allmulticast mode [ 82.955232][ T5772] bridge_slave_0: entered promiscuous mode [ 82.963041][ T5773] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.972449][ T5773] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.980575][ T5773] bridge_slave_1: entered allmulticast mode [ 82.989843][ T5773] bridge_slave_1: entered promiscuous mode [ 83.034992][ T5772] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.042889][ T5772] bridge0: port 2(bridge_slave_1) entered disabled state [ 83.051753][ T5772] bridge_slave_1: entered allmulticast mode [ 83.059366][ T5772] bridge_slave_1: entered promiscuous mode [ 83.089938][ T5773] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 83.112423][ T5773] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 83.144576][ T5771] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.151951][ T5771] bridge0: port 1(bridge_slave_0) entered disabled state [ 83.159277][ T5771] bridge_slave_0: entered allmulticast mode [ 83.166910][ T5771] bridge_slave_0: entered promiscuous mode [ 83.176493][ T5774] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 83.189467][ T5774] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 83.222583][ T5772] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 83.236834][ T5772] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 83.246366][ T5771] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.253633][ T5771] bridge0: port 2(bridge_slave_1) entered disabled state [ 83.264512][ T5771] bridge_slave_1: entered allmulticast mode [ 83.271820][ T5771] bridge_slave_1: entered promiscuous mode [ 83.294363][ T5773] team0: Port device team_slave_0 added [ 83.346611][ T5773] team0: Port device team_slave_1 added [ 83.355250][ T5774] team0: Port device team_slave_0 added [ 83.365557][ T5772] team0: Port device team_slave_0 added [ 83.394522][ T5771] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 83.405623][ T5774] team0: Port device team_slave_1 added [ 83.413364][ T5772] team0: Port device team_slave_1 added [ 83.443980][ T5773] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 83.451175][ T5773] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 83.477191][ T5773] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 83.494721][ T5771] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 83.543576][ T5773] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 83.550719][ T5773] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 83.580061][ T5773] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 83.614562][ T5772] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 83.621619][ T5772] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 83.647799][ T5772] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 83.659993][ T5774] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 83.667138][ T5774] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 83.693695][ T5774] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 83.733698][ T5771] team0: Port device team_slave_0 added [ 83.741112][ T5772] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 83.748635][ T5772] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 83.774892][ T5772] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 83.795125][ T5774] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 83.802326][ T5774] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 83.828960][ T5774] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 83.861949][ T5771] team0: Port device team_slave_1 added [ 83.889403][ T5773] hsr_slave_0: entered promiscuous mode [ 83.896284][ T5773] hsr_slave_1: entered promiscuous mode [ 83.926157][ T5771] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 83.933147][ T5771] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 83.959693][ T5771] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 83.996481][ T5781] Bluetooth: hci0: command tx timeout [ 84.002200][ T5781] Bluetooth: hci3: command tx timeout [ 84.010941][ T5772] hsr_slave_0: entered promiscuous mode [ 84.020756][ T5772] hsr_slave_1: entered promiscuous mode [ 84.027123][ T5772] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 84.034997][ T5772] Cannot create hsr debugfs directory [ 84.041354][ T5771] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 84.048395][ T5771] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 84.074430][ T5771] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 84.085131][ T5781] Bluetooth: hci2: command tx timeout [ 84.136223][ T5774] hsr_slave_0: entered promiscuous mode [ 84.142596][ T5774] hsr_slave_1: entered promiscuous mode [ 84.149791][ T5774] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 84.157832][ T5774] Cannot create hsr debugfs directory [ 84.158646][ T5781] Bluetooth: hci1: command tx timeout [ 84.272772][ T5771] hsr_slave_0: entered promiscuous mode [ 84.279344][ T5771] hsr_slave_1: entered promiscuous mode [ 84.286661][ T5771] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 84.294263][ T5771] Cannot create hsr debugfs directory [ 84.660410][ T5773] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 84.677512][ T5773] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 84.688821][ T5773] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 84.700169][ T5773] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 84.800614][ T5772] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 84.811982][ T5772] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 84.824588][ T5772] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 84.841205][ T5772] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 84.935744][ T5774] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 84.953822][ T5773] 8021q: adding VLAN 0 to HW filter on device bond0 [ 84.962809][ T5774] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 84.996149][ T5774] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 85.009097][ T5774] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 85.049545][ T5773] 8021q: adding VLAN 0 to HW filter on device team0 [ 85.086007][ T5771] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 85.098424][ T5771] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 85.111860][ T5771] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 85.122873][ T5771] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 85.138233][ T61] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.145730][ T61] bridge0: port 1(bridge_slave_0) entered forwarding state [ 85.181023][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.188287][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 85.350293][ T5774] 8021q: adding VLAN 0 to HW filter on device bond0 [ 85.373603][ T5774] 8021q: adding VLAN 0 to HW filter on device team0 [ 85.388157][ T5772] 8021q: adding VLAN 0 to HW filter on device bond0 [ 85.440769][ T61] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.448044][ T61] bridge0: port 1(bridge_slave_0) entered forwarding state [ 85.482359][ T61] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.489614][ T61] bridge0: port 2(bridge_slave_1) entered forwarding state [ 85.534981][ T5772] 8021q: adding VLAN 0 to HW filter on device team0 [ 85.548490][ T5771] 8021q: adding VLAN 0 to HW filter on device bond0 [ 85.582375][ T3500] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.589623][ T3500] bridge0: port 1(bridge_slave_0) entered forwarding state [ 85.622130][ T3428] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.629394][ T3428] bridge0: port 2(bridge_slave_1) entered forwarding state [ 85.651478][ T5771] 8021q: adding VLAN 0 to HW filter on device team0 [ 85.699601][ T3428] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.706861][ T3428] bridge0: port 1(bridge_slave_0) entered forwarding state [ 85.732057][ T3428] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.739276][ T3428] bridge0: port 2(bridge_slave_1) entered forwarding state [ 85.809901][ T5774] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 85.900816][ T5773] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 86.002722][ T5773] veth0_vlan: entered promiscuous mode [ 86.035361][ T5773] veth1_vlan: entered promiscuous mode [ 86.076241][ T5781] Bluetooth: hci0: command tx timeout [ 86.081729][ T5781] Bluetooth: hci3: command tx timeout [ 86.139915][ T5773] veth0_macvtap: entered promiscuous mode [ 86.156789][ T5781] Bluetooth: hci2: command tx timeout [ 86.202204][ T5773] veth1_macvtap: entered promiscuous mode [ 86.236158][ T5781] Bluetooth: hci1: command tx timeout [ 86.280374][ T5773] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 86.323663][ T5773] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 86.353239][ T5773] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.363173][ T5773] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.372978][ T5773] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.382459][ T5773] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.418523][ T5772] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 86.496546][ T5774] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 86.517617][ T5771] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 86.589778][ T32] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.601745][ T32] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.643852][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.654479][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.742617][ T5772] veth0_vlan: entered promiscuous mode [ 86.767817][ T5774] veth0_vlan: entered promiscuous mode [ 86.789306][ T5772] veth1_vlan: entered promiscuous mode [ 86.808537][ T5774] veth1_vlan: entered promiscuous mode [ 86.893510][ T5772] veth0_macvtap: entered promiscuous mode [ 86.951082][ T5772] veth1_macvtap: entered promiscuous mode [ 87.008976][ T5771] veth0_vlan: entered promiscuous mode [ 87.061964][ T5771] veth1_vlan: entered promiscuous mode [ 87.078058][ T5774] veth0_macvtap: entered promiscuous mode [ 87.093614][ T5772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 87.104548][ T5772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.127972][ T5772] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 87.152103][ T5774] veth1_macvtap: entered promiscuous mode [ 87.189565][ T5772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 87.206137][ T5772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.228131][ T5772] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 87.298756][ T5772] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.325632][ T5772] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.334400][ T5772] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.355782][ T5772] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.389250][ T5774] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 87.408441][ T5774] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.422635][ T5774] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 87.433369][ T5774] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.451026][ T5774] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 87.466684][ T5771] veth0_macvtap: entered promiscuous mode [ 87.506738][ T5774] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 87.525952][ T5774] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.540224][ T5774] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 87.552796][ T5774] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.573695][ T5774] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 87.591950][ T5774] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.605247][ T5774] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.626607][ T5774] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.635384][ T5774] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.679696][ T5771] veth1_macvtap: entered promiscuous mode [ 87.849920][ T5771] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 87.872757][ T5771] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.884107][ T5771] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 87.897815][ T5771] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.907895][ T5771] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 87.919103][ T5771] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.931224][ T5771] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 87.984092][ T3500] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.009168][ T3500] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.011666][ T5771] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 88.043538][ T5771] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 88.054921][ T5771] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 88.067119][ T5771] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 88.077806][ T5771] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 88.088391][ T5771] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 88.100362][ T5771] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 88.113063][ T5771] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.122647][ T5771] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.133463][ T5771] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.142877][ T5771] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.163101][ T5777] Bluetooth: hci3: command tx timeout [ 88.163097][ T5781] Bluetooth: hci0: command tx timeout [ 88.235935][ T5777] Bluetooth: hci2: command tx timeout [ 88.288792][ T3526] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.301050][ T3526] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.316053][ T5777] Bluetooth: hci1: command tx timeout [ 88.341810][ T3526] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.354275][ T3526] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.391021][ T3500] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.407967][ T3500] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.441756][ T3526] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.469337][ T3526] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.531029][ T3526] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.543707][ T3526] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.640657][ T5844] syz.1.2[5844]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 89.416001][ T5858] loop2: detected capacity change from 0 to 16 [ 89.490101][ T5854] ipvlan2: entered promiscuous mode [ 89.502201][ T5858] erofs: (device loop2): mounted with root inode @ nid 36. [ 89.559610][ T5844] loop1: detected capacity change from 0 to 32768 [ 89.587034][ T5844] ======================================================= [ 89.587034][ T5844] WARNING: The mand mount option has been deprecated and [ 89.587034][ T5844] and is ignored by this kernel. Remove the mand [ 89.587034][ T5844] option from the mount to silence this warning. [ 89.587034][ T5844] ======================================================= [ 89.800318][ T5849] loop0: detected capacity change from 0 to 32768 [ 89.822411][ T5844] JBD2: Ignoring recovery information on journal [ 89.908565][ T5861] loop3: detected capacity change from 0 to 256 [ 89.964186][ T5844] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 90.097375][ T5861] FAT-fs (loop3): Directory bread(block 64) failed [ 90.104265][ T5861] FAT-fs (loop3): Directory bread(block 65) failed [ 90.159689][ T5861] FAT-fs (loop3): Directory bread(block 66) failed [ 90.184856][ T5861] FAT-fs (loop3): Directory bread(block 67) failed [ 90.223131][ T5861] FAT-fs (loop3): Directory bread(block 68) failed [ 90.235756][ T5777] Bluetooth: hci3: command tx timeout [ 90.240686][ T5781] Bluetooth: hci0: command tx timeout [ 90.275544][ T5861] FAT-fs (loop3): Directory bread(block 69) failed [ 90.282284][ T5861] FAT-fs (loop3): Directory bread(block 70) failed [ 90.316826][ T5781] Bluetooth: hci2: command tx timeout [ 90.327750][ T5861] FAT-fs (loop3): Directory bread(block 71) failed [ 90.334477][ T5861] FAT-fs (loop3): Directory bread(block 72) failed [ 90.399923][ T5861] FAT-fs (loop3): Directory bread(block 73) failed [ 90.406777][ T5781] Bluetooth: hci1: command tx timeout [ 90.457173][ T5772] ocfs2: Unmounting device (7,1) on (node local) [ 90.619516][ T5872] loop2: detected capacity change from 0 to 1024 [ 90.665805][ T5872] EXT4-fs: Ignoring removed bh option [ 90.804403][ T5872] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 91.169973][ T5883] netlink: 'syz.3.20': attribute type 1 has an invalid length. [ 91.204555][ T5771] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 91.502688][ T5894] Bluetooth: MGMT ver 1.22 [ 92.011423][ T965] cfg80211: failed to load regulatory.db [ 92.397369][ T5781] Bluetooth: hci2: command tx timeout [ 93.344612][ T5923] loop2: detected capacity change from 0 to 32768 [ 93.367579][ T5927] loop3: detected capacity change from 0 to 32768 [ 93.445199][ T5923] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 93.456962][ T23] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 93.502931][ T5927] XFS (loop3): DAX unsupported by block device. Turning off DAX. [ 93.514509][ T5927] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 93.572763][ T5923] XFS (loop2): Ending clean mount [ 93.648845][ T5923] XFS (loop2): Quotacheck needed: Please wait. [ 93.709918][ T23] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 93.769318][ T23] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8E has invalid maxpacket 0 [ 93.787688][ T5923] XFS (loop2): Quotacheck: Done. [ 93.793521][ T5936] loop0: detected capacity change from 0 to 32768 [ 93.796106][ T23] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 93.825557][ T23] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0xA has invalid maxpacket 0 [ 93.848333][ T23] usb 2-1: New USB device found, idVendor=05ab, idProduct=0301, bcdDevice= 1.00 [ 93.875570][ T23] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 93.883654][ T23] usb 2-1: Product: syz [ 93.917189][ T5936] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz.0.37 (5936) [ 93.945092][ T23] usb 2-1: Manufacturer: syz [ 93.956604][ T23] usb 2-1: SerialNumber: syz [ 93.967642][ T5927] XFS (loop3): Ending clean mount [ 93.991739][ T5927] XFS (loop3): Quotacheck needed: Please wait. [ 94.008462][ T23] usb 2-1: config 0 descriptor?? [ 94.051047][ T23] ums-isd200 2-1:0.0: USB Mass Storage device detected [ 94.077888][ T5936] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 94.126884][ T5936] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 94.169613][ T5936] BTRFS info (device loop0): force zlib compression, level 3 [ 94.207562][ T5927] XFS (loop3): Quotacheck: Done. [ 94.213323][ T5936] BTRFS info (device loop0): force clearing of disk cache [ 94.255842][ T5936] BTRFS info (device loop0): setting nodatasum [ 94.262159][ T5936] BTRFS info (device loop0): allowing degraded mounts [ 94.308208][ T5936] BTRFS info (device loop0): enabling disk space caching [ 94.356952][ T5936] BTRFS info (device loop0): disk space caching is enabled [ 94.494684][ T23] scsi host1: usb-storage 2-1:0.0 [ 94.572785][ T5771] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 94.655646][ T5936] BTRFS info (device loop0): auto enabling async discard [ 94.700527][ T5936] BTRFS info (device loop0): rebuilding free space tree [ 94.806182][ T5773] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 94.838114][ T5936] BTRFS info (device loop0): disabling free space tree [ 94.845191][ T5936] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 94.859586][ T5936] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 94.920090][ T9] usb 2-1: USB disconnect, device number 2 [ 95.108049][ T5936] BTRFS info (device loop0): balance: start -d -m -susage=0..0,drange=0..0 [ 95.207497][ T5936] BTRFS info (device loop0): relocating block group 6881280 flags data|metadata [ 95.391933][ T5936] BTRFS info (device loop0): relocating block group 5242880 flags data|metadata [ 95.492282][ T5936] BTRFS info (device loop0): balance: canceled [ 95.647280][ T5774] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 95.687979][ T5994] netlink: 'syz.1.44': attribute type 3 has an invalid length. [ 95.698873][ T5994] netlink: 'syz.1.44': attribute type 1 has an invalid length. [ 95.707142][ T5994] netlink: 181400 bytes leftover after parsing attributes in process `syz.1.44'. [ 96.216049][ T6004] netlink: 32 bytes leftover after parsing attributes in process `syz.0.45'. [ 96.275523][ T6002] loop1: detected capacity change from 0 to 4096 [ 96.485655][ T6010] netlink: 'syz.3.52': attribute type 3 has an invalid length. [ 96.724965][ T6017] loop3: detected capacity change from 0 to 256 [ 96.776806][ T6017] exfat: Deprecated parameter 'namecase' [ 96.796045][ T6017] exfat: Deprecated parameter 'namecase' [ 96.901256][ T6017] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xfcc0b04e, utbl_chksum : 0xe619d30d) [ 97.008677][ T6026] loop0: detected capacity change from 0 to 128 [ 97.041504][ T6027] Bluetooth: MGMT ver 1.22 [ 97.046723][ T6026] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 97.080428][ T6017] exFAT-fs (loop3): hint_cluster is invalid (4278190089), rewind to the first cluster [ 97.126960][ T6017] exFAT-fs (loop3): error, failed to bmap (inode : ffff8880611f87e0 iblock : 8, err : -5) [ 97.161727][ T6017] exFAT-fs (loop3): error, invalid access to FAT (entry 0xff000008) [ 97.180873][ T6029] loop1: detected capacity change from 0 to 256 [ 97.196351][ T6017] syz.3.55: attempt to access beyond end of device [ 97.196351][ T6017] loop3: rw=2049, sector=34225520825, nr_sectors = 1 limit=256 [ 97.233032][ T6029] FAT-fs (loop1): Directory bread(block 64) failed [ 97.245637][ T6017] Buffer I/O error on dev loop3, logical block 34225520825, lost async page write [ 97.264981][ T6029] FAT-fs (loop1): Directory bread(block 65) failed [ 97.283218][ T6017] syz.3.55: attempt to access beyond end of device [ 97.283218][ T6017] loop3: rw=2049, sector=34225520826, nr_sectors = 1 limit=256 [ 97.300525][ T6017] Buffer I/O error on dev loop3, logical block 34225520826, lost async page write [ 97.306019][ T6029] FAT-fs (loop1): Directory bread(block 66) failed [ 97.310815][ T6017] syz.3.55: attempt to access beyond end of device [ 97.310815][ T6017] loop3: rw=2049, sector=34225520827, nr_sectors = 1 limit=256 [ 97.343797][ T6029] FAT-fs (loop1): Directory bread(block 67) failed [ 97.354010][ T6029] FAT-fs (loop1): Directory bread(block 68) failed [ 97.362695][ T6029] FAT-fs (loop1): Directory bread(block 69) failed [ 97.395733][ T6029] FAT-fs (loop1): Directory bread(block 70) failed [ 97.399911][ T6017] Buffer I/O error on dev loop3, logical block 34225520827, lost async page write [ 97.402299][ T6029] FAT-fs (loop1): Directory bread(block 71) failed [ 97.439624][ T6017] syz.3.55: attempt to access beyond end of device [ 97.439624][ T6017] loop3: rw=2049, sector=34225520828, nr_sectors = 1 limit=256 [ 97.455855][ T6029] FAT-fs (loop1): Directory bread(block 72) failed [ 97.466937][ T6029] FAT-fs (loop1): Directory bread(block 73) failed [ 97.476604][ T6017] Buffer I/O error on dev loop3, logical block 34225520828, lost async page write [ 97.493695][ T6033] loop0: detected capacity change from 0 to 256 [ 97.500568][ T6017] syz.3.55: attempt to access beyond end of device [ 97.500568][ T6017] loop3: rw=2049, sector=34225520829, nr_sectors = 1 limit=256 [ 97.540248][ T6017] Buffer I/O error on dev loop3, logical block 34225520829, lost async page write [ 97.610444][ T6017] syz.3.55: attempt to access beyond end of device [ 97.610444][ T6017] loop3: rw=2049, sector=34225520830, nr_sectors = 1 limit=256 [ 97.669754][ T6033] FAT-fs (loop0): Directory bread(block 64) failed [ 97.678873][ T6017] Buffer I/O error on dev loop3, logical block 34225520830, lost async page write [ 97.691782][ T6033] FAT-fs (loop0): Directory bread(block 65) failed [ 97.702943][ T6033] FAT-fs (loop0): Directory bread(block 66) failed [ 97.711299][ T6017] syz.3.55: attempt to access beyond end of device [ 97.711299][ T6017] loop3: rw=2049, sector=34225520831, nr_sectors = 1 limit=256 [ 97.725937][ T6033] FAT-fs (loop0): Directory bread(block 67) failed [ 97.732624][ T6033] FAT-fs (loop0): Directory bread(block 68) failed [ 97.740246][ T6017] Buffer I/O error on dev loop3, logical block 34225520831, lost async page write [ 97.750023][ T6033] FAT-fs (loop0): Directory bread(block 69) failed [ 97.765656][ T6033] FAT-fs (loop0): Directory bread(block 70) failed [ 97.782755][ T6033] FAT-fs (loop0): Directory bread(block 71) failed [ 97.807429][ T6033] FAT-fs (loop0): Directory bread(block 72) failed [ 97.814213][ T6033] FAT-fs (loop0): Directory bread(block 73) failed [ 97.925972][ T965] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 98.023223][ T6037] loop3: detected capacity change from 0 to 2048 [ 98.137270][ T6037] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 98.155577][ T965] usb 3-1: Using ep0 maxpacket: 8 [ 98.168916][ T965] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 98.197160][ T6041] ALSA: mixer_oss: invalid OSS volume 'O' [ 98.203054][ T965] usb 3-1: config 0 interface 0 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 10 [ 98.203089][ T965] usb 3-1: config 0 interface 0 has no altsetting 0 [ 98.203129][ T965] usb 3-1: New USB device found, idVendor=0853, idProduct=0313, bcdDevice= 0.00 [ 98.203154][ T965] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 98.218826][ T965] usb 3-1: config 0 descriptor?? [ 98.266183][ T6041] ALSA: mixer_oss: invalid OSS volume 'PHlâ6žžqÓ†ØÈÌONEOUT' [ 98.749575][ T965] topre 0003:0853:0313.0001: unexpected long global item [ 98.776827][ T965] topre: probe of 0003:0853:0313.0001 failed with error -22 [ 99.016744][ T27] usb 3-1: USB disconnect, device number 2 [ 99.063745][ T6058] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 99.311242][ T6065] IPVS: sync thread started: state = MASTER, mcast_ifn = vcan0, syncid = 0, id = 0 [ 99.482493][ T6069] loop0: detected capacity change from 0 to 1024 [ 99.669814][ T6069] hfsplus: request for non-existent node 33554434 in B*Tree [ 99.705182][ T6069] hfsplus: request for non-existent node 33554434 in B*Tree [ 99.738847][ T6069] hfsplus: request for non-existent node 33554434 in B*Tree [ 99.775972][ T6069] hfsplus: request for non-existent node 33554434 in B*Tree [ 99.784953][ T6071] hfsplus: request for non-existent node 33554434 in B*Tree [ 99.826898][ T6071] hfsplus: request for non-existent node 33554434 in B*Tree [ 99.977613][ T11] hfsplus: request for non-existent node 33554434 in B*Tree [ 99.985153][ T11] hfsplus: request for non-existent node 33554434 in B*Tree [ 100.646122][ T6067] loop3: detected capacity change from 0 to 32768 [ 100.838149][ T6067] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 100.872489][ T6082] loop0: detected capacity change from 0 to 32768 [ 100.935622][ T6082] XFS (loop0): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 101.005701][ T9] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 101.110593][ T6086] loop1: detected capacity change from 0 to 32768 [ 101.128817][ T6086] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 scanned by syz.1.95 (6086) [ 101.141156][ T6082] XFS (loop0): Ending clean mount [ 101.195687][ T9] usb 3-1: Using ep0 maxpacket: 8 [ 101.208503][ T9] usb 3-1: config index 0 descriptor too short (expected 30, got 18) [ 101.228025][ T9] usb 3-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 101.231710][ T6086] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 101.260077][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 101.286340][ T6086] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [ 101.301449][ T9] usb 3-1: Product: syz [ 101.319614][ T9] usb 3-1: Manufacturer: syz [ 101.334823][ T6086] BTRFS info (device loop1): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 101.339416][ T9] usb 3-1: SerialNumber: syz [ 101.374745][ T9] usb 3-1: config 0 descriptor?? [ 101.382914][ T6086] BTRFS info (device loop1): use zstd compression, level 3 [ 101.404015][ T6086] BTRFS info (device loop1): using free space tree [ 101.417110][ T9] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 101.457591][ T9] usb 3-1: setting power ON [ 101.468298][ T9] dvb-usb: bulk message failed: -22 (2/0) [ 101.505285][ T9] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 101.527165][ T5774] XFS (loop0): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 101.552577][ T9] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 101.612232][ T6086] BTRFS info (device loop1): enabling ssd optimizations [ 101.612757][ T9] usb 3-1: media controller created [ 101.657353][ T6091] dvb-usb: bulk message failed: -22 (3/0) [ 101.663860][ T6091] cxusb: i2c wr: len=79 is too big! [ 101.663860][ T6091] [ 101.692862][ T6086] BTRFS info (device loop1): auto enabling async discard [ 101.706722][ T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 101.781473][ T6067] XFS (loop3): Ending clean mount [ 101.812215][ T9] usb 3-1: selecting invalid altsetting 6 [ 101.831285][ T6067] XFS (loop3): Quotacheck needed: Please wait. [ 101.838874][ T9] usb 3-1: digital interface selection failed (-22) [ 101.855567][ T9] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 101.893316][ T9] usb 3-1: setting power OFF [ 101.929540][ T9] dvb-usb: bulk message failed: -22 (2/0) [ 101.954070][ T9] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 101.977652][ T6067] XFS (loop3): Quotacheck: Done. [ 101.982748][ T9] (NULL device *): no alternate interface [ 102.144860][ T9] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 102.192306][ T9] usb 3-1: USB disconnect, device number 3 [ 102.258742][ T5772] BTRFS info (device loop1): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 102.485610][ T5773] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 103.167866][ T6135] nbd: must specify a device to reconfigure [ 103.465575][ T28] audit: type=1326 audit(1779369135.748:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6145 comm="syz.0.101" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1eceb9ce59 code=0x7ffc0000 [ 103.523673][ T28] audit: type=1326 audit(1779369135.778:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6145 comm="syz.0.101" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f1eceb9ce59 code=0x7ffc0000 [ 103.595629][ T28] audit: type=1326 audit(1779369135.878:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6145 comm="syz.0.101" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1eceb9ce59 code=0x7ffc0000 [ 103.644687][ T28] audit: type=1326 audit(1779369135.878:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6145 comm="syz.0.101" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1eceb9ce59 code=0x7ffc0000 [ 103.707643][ T28] audit: type=1326 audit(1779369135.878:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6145 comm="syz.0.101" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f1eceb9ce59 code=0x7ffc0000 [ 103.795741][ T28] audit: type=1326 audit(1779369135.878:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6145 comm="syz.0.101" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f1eceb9ce59 code=0x7ffc0000 [ 103.825266][ T6151] loop2: detected capacity change from 0 to 4096 [ 103.826123][ T5153] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 103.867375][ T6151] ntfs3: loop2: Different NTFS sector size (1024) and media sector size (512). [ 103.908821][ T6151] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 103.924650][ T6151] ntfs3: loop2: Failed to load $Extend (-22). [ 103.939957][ T6151] ntfs3: loop2: Failed to initialize $Extend. [ 104.109156][ T5153] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 104.136252][ T5153] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 104.158629][ T5153] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 104.175446][ T5153] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 104.206818][ T6157] loop0: detected capacity change from 0 to 736 [ 104.216008][ T6147] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 104.233468][ T5153] usb 4-1: Quirk or no altest; falling back to MIDI 1.0 [ 104.910889][ T6172] loop0: detected capacity change from 0 to 128 [ 104.986905][ T6172] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 105.031233][ T6172] hpfs: filesystem error: improperly stopped [ 105.054586][ T6172] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 105.083290][ T6172] hpfs: You really don't want any checks? You are crazy... [ 105.104475][ T6172] hpfs: Code page index out of array [ 105.130092][ T6172] hpfs: code page support is disabled [ 105.170007][ T6172] hpfs: hpfs_map_4sectors(): unaligned read [ 105.206356][ T6172] hpfs: hpfs_map_4sectors(): unaligned read [ 105.209886][ T8] usb 4-1: USB disconnect, device number 2 [ 105.242159][ T6172] hpfs: filesystem error: unable to find root dir [ 105.534140][ T6182] loop1: detected capacity change from 0 to 512 [ 105.579350][ T6182] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 105.626867][ T6182] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a842c019, mo2=0002] [ 105.634959][ T6182] System zones: 1-12 [ 105.693481][ T6182] EXT4-fs warning (device loop1): ext4_xattr_inode_get:546: inode #11: comm syz.1.117: ea_inode file size=0 entry size=6 [ 105.736753][ T6182] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2855: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 105.750580][ T6182] EXT4-fs error (device loop1): ext4_xattr_inode_iget:441: inode #11: comm syz.1.117: iget: bad extra_isize 90 (inode size 256) [ 105.772161][ T6182] EXT4-fs error (device loop1): ext4_xattr_inode_iget:446: comm syz.1.117: error while reading EA inode 11 err=-117 [ 105.806569][ T6182] EXT4-fs (loop1): 1 orphan inode deleted [ 105.813975][ T6182] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 105.896503][ T6182] netlink: 40 bytes leftover after parsing attributes in process `syz.1.117'. [ 105.986615][ T5153] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 106.028421][ T5772] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 106.197973][ T5153] usb 1-1: Using ep0 maxpacket: 16 [ 106.224657][ T5153] usb 1-1: config 0 interface 0 altsetting 16 endpoint 0x81 has an invalid bInterval 130, changing to 11 [ 106.255519][ T5153] usb 1-1: config 0 interface 0 altsetting 16 has 1 endpoint descriptor, different from the interface descriptor's value: 10 [ 106.275528][ T5153] usb 1-1: config 0 interface 0 has no altsetting 0 [ 106.295500][ T5153] usb 1-1: New USB device found, idVendor=044f, idProduct=b320, bcdDevice= 0.00 [ 106.325139][ T5153] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 106.346465][ T5153] usb 1-1: config 0 descriptor?? [ 106.423818][ T6181] loop2: detected capacity change from 0 to 32768 [ 106.471484][ T6181] BTRFS: device fsid db05bf05-c4f4-4d41-ba1f-eb57295b561b devid 1 transid 8 /dev/loop2 scanned by syz.2.118 (6181) [ 106.560851][ T6181] BTRFS info (device loop2): first mount of filesystem db05bf05-c4f4-4d41-ba1f-eb57295b561b [ 106.574629][ T6181] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 106.592632][ T6181] BTRFS info (device loop2): using free space tree [ 106.711705][ T6181] BTRFS info (device loop2): enabling ssd optimizations [ 106.739400][ T6181] BTRFS info (device loop2): auto enabling async discard [ 106.763023][ T5153] hid (null): invalid report_size 26545 [ 106.783574][ T5153] thrustmaster 0003:044F:B320.0002: unknown main item tag 0x6 [ 106.820285][ T5153] thrustmaster 0003:044F:B320.0002: invalid report_size 26545 [ 106.845459][ T5153] thrustmaster 0003:044F:B320.0002: item 0 2 1 7 parsing failed [ 106.864175][ T5153] thrustmaster 0003:044F:B320.0002: parse failed [ 106.883727][ T5153] thrustmaster: probe of 0003:044F:B320.0002 failed with error -22 [ 106.963759][ T5771] BTRFS info (device loop2): last unmount of filesystem db05bf05-c4f4-4d41-ba1f-eb57295b561b [ 106.981318][ T27] usb 1-1: USB disconnect, device number 2 [ 107.050969][ T6192] loop1: detected capacity change from 0 to 32768 [ 107.150454][ T6192] XFS (loop1): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 107.288243][ T6192] XFS (loop1): Ending clean mount [ 107.557378][ T5772] XFS (loop1): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 107.650322][ T6227] Bluetooth: MGMT ver 1.22 [ 108.077556][ T6235] netlink: 'syz.0.132': attribute type 1 has an invalid length. [ 108.095708][ T6235] netlink: 4 bytes leftover after parsing attributes in process `syz.0.132'. [ 108.205663][ T5153] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 108.354974][ T6240] usb usb9: usbfs: process 6240 (syz.0.134) did not claim interface 3 before use [ 108.425756][ T5153] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 108.447063][ T5153] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 108.474162][ T5153] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 108.500319][ T5153] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 108.524744][ T6233] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 108.530707][ T28] audit: type=1326 audit(1779369140.818:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6248 comm="syz.0.138" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1eceb9ce59 code=0x7ffc0000 [ 108.552660][ T5153] usb 3-1: Quirk or no altest; falling back to MIDI 1.0 [ 108.606220][ T28] audit: type=1326 audit(1779369140.868:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6248 comm="syz.0.138" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=293 compat=0 ip=0x7f1eceb9ce59 code=0x7ffc0000 [ 108.655980][ T28] audit: type=1326 audit(1779369140.868:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6248 comm="syz.0.138" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1eceb9ce59 code=0x7ffc0000 [ 108.761925][ T28] audit: type=1326 audit(1779369140.868:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6248 comm="syz.0.138" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1eceb9ce59 code=0x7ffc0000 [ 108.835951][ T28] audit: type=1326 audit(1779369140.868:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6248 comm="syz.0.138" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=196 compat=0 ip=0x7f1eceb9ce59 code=0x7ffc0000 [ 108.895689][ T28] audit: type=1326 audit(1779369140.868:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6248 comm="syz.0.138" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1eceb9ce59 code=0x7ffc0000 [ 108.936440][ T28] audit: type=1326 audit(1779369140.868:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6248 comm="syz.0.138" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1eceb9ce59 code=0x7ffc0000 [ 108.965721][ T27] usb 3-1: USB disconnect, device number 4 [ 109.355665][ T6247] loop3: detected capacity change from 0 to 32768 [ 109.377165][ T6247] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz.3.137 (6247) [ 109.415112][ T6247] BTRFS info (device loop3): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 109.446302][ T6247] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [ 109.489924][ T6247] BTRFS info (device loop3): force zlib compression, level 3 [ 109.523613][ T6247] BTRFS info (device loop3): force clearing of disk cache [ 109.543658][ T6247] BTRFS info (device loop3): setting nodatasum [ 109.570616][ T6247] BTRFS info (device loop3): allowing degraded mounts [ 109.590833][ T6267] loop1: detected capacity change from 0 to 1024 [ 109.607201][ T6247] BTRFS info (device loop3): enabling disk space caching [ 109.620611][ T6247] BTRFS info (device loop3): disk space caching is enabled [ 109.633259][ T6269] netlink: 'syz.0.148': attribute type 2 has an invalid length. [ 109.841271][ T6247] BTRFS info (device loop3): auto enabling async discard [ 109.877549][ T6247] BTRFS info (device loop3): rebuilding free space tree [ 109.980929][ T6247] BTRFS info (device loop3): disabling free space tree [ 109.991293][ T6247] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 110.007340][ T6247] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 110.202199][ T6247] BTRFS info (device loop3): balance: start -d -m -susage=0..0,drange=0..0 [ 110.251861][ T6247] BTRFS info (device loop3): relocating block group 6881280 flags data|metadata [ 110.354780][ T6247] BTRFS info (device loop3): relocating block group 5242880 flags data|metadata [ 110.533870][ T6247] BTRFS info (device loop3): balance: canceled [ 110.677107][ T5773] BTRFS info (device loop3): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 110.706007][ T6307] capability: warning: `syz.0.158' uses 32-bit capabilities (legacy support in use) [ 111.132402][ T6295] loop1: detected capacity change from 0 to 32768 [ 111.146031][ T6295] BTRFS: device fsid db05bf05-c4f4-4d41-ba1f-eb57295b561b devid 1 transid 8 /dev/loop1 scanned by syz.1.152 (6295) [ 111.182142][ T6295] BTRFS info (device loop1): first mount of filesystem db05bf05-c4f4-4d41-ba1f-eb57295b561b [ 111.207179][ T6295] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [ 111.224364][ T6295] BTRFS info (device loop1): using free space tree [ 111.267373][ T6319] netlink: 24 bytes leftover after parsing attributes in process `syz.2.164'. [ 111.425037][ T6295] BTRFS info (device loop1): enabling ssd optimizations [ 111.445630][ T6295] BTRFS info (device loop1): auto enabling async discard [ 111.640377][ T5772] BTRFS info (device loop1): last unmount of filesystem db05bf05-c4f4-4d41-ba1f-eb57295b561b [ 112.123027][ T6351] [U] ø [ 112.310271][ T6360] netlink: 10 bytes leftover after parsing attributes in process `syz.2.175'. [ 112.576043][ T6368] capability: warning: `syz.2.178' uses deprecated v2 capabilities in a way that may be insecure [ 112.634294][ C1] sd 0:0:1:0: [sda] tag#8905 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s [ 112.644917][ C1] sd 0:0:1:0: [sda] tag#8905 CDB: Read(6) 08 00 f9 56 e4 47 [ 113.284136][ T6367] loop1: detected capacity change from 0 to 32768 [ 113.465046][ T6367] ERROR: (device loop1): dbAlloc: the hint is outside the map [ 113.465046][ T6367] [ 113.500340][ T6367] ERROR: (device loop1): remounting filesystem as read-only [ 113.546361][ T6367] ERROR: (device loop1): diWrite: ixpxd invalid [ 113.546361][ T6367] [ 113.554887][ T6367] ERROR: (device loop1): txCommit: [ 113.554887][ T6367] [ 113.766601][ T6393] loop3: detected capacity change from 0 to 128 [ 113.847920][ T6393] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 113.921039][ T6393] ext4 filesystem being mounted at /44/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 113.971195][ T28] audit: type=1800 audit(1779369146.258:15): pid=6393 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.190" name="file1" dev="loop3" ino=12 res=0 errno=0 [ 114.136909][ T5773] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 114.356159][ T6409] netlink: 16 bytes leftover after parsing attributes in process `syz.3.196'. [ 114.424174][ T6413] dmxdev: DVB (dvb_dmxdev_filter_start): could not set feed [ 114.438042][ T6413] dvb_demux: dvb_demux_feed_del: feed not in list (type=1 state=0 pid=ffff) [ 114.602415][ T6419] netlink: 60 bytes leftover after parsing attributes in process `syz.3.201'. [ 114.632368][ T6419] netlink: 60 bytes leftover after parsing attributes in process `syz.3.201'. [ 114.665117][ T6419] netlink: 60 bytes leftover after parsing attributes in process `syz.3.201'. [ 114.711318][ T6423] loop1: detected capacity change from 0 to 1024 [ 114.754563][ T6423] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 114.822703][ T6423] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 114.927737][ T6428] netlink: 4 bytes leftover after parsing attributes in process `syz.3.206'. [ 115.163989][ T5772] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 115.176790][ T6418] loop2: detected capacity change from 0 to 32768 [ 115.220193][ T6418] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 scanned by syz.2.202 (6418) [ 115.300347][ T6418] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 115.358534][ T6418] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 115.374276][ T6418] BTRFS info (device loop2): use no compression [ 115.396440][ T6418] BTRFS info (device loop2): max_inline at 4096 [ 115.426425][ T6418] BTRFS info (device loop2): using free space tree [ 115.547579][ T6418] BTRFS info (device loop2): enabling ssd optimizations [ 115.565570][ T6418] BTRFS info (device loop2): auto enabling async discard [ 116.053553][ T6470] loop1: detected capacity change from 0 to 512 [ 116.076835][ T6470] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 116.348974][ T5771] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 116.505030][ T6474] rdma_op ffff88801c7451f0 conn xmit_rdma 0000000000000000 [ 116.832042][ T6484] dmxdev: DVB (dvb_dmxdev_filter_start): could not set feed [ 116.854529][ T6484] dvb_demux: dvb_demux_feed_del: feed not in list (type=1 state=0 pid=ffff) [ 116.970695][ T6488] vlan2: entered promiscuous mode [ 117.004209][ T6488] bridge0: entered promiscuous mode [ 117.207312][ T6490] loop3: detected capacity change from 0 to 4096 [ 117.254046][ T6490] ntfs: (device loop3): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 117.296207][ T6490] ntfs: (device loop3): ntfs_is_extended_system_file(): Non-resident file name. You should run chkdsk. [ 117.315683][ T6490] ntfs: (device loop3): ntfs_read_locked_inode(): $DATA attribute is missing. [ 117.334888][ T6490] ntfs: (device loop3): ntfs_read_locked_inode(): Failed with error code -2. Marking corrupt inode 0x1 as bad. Run chkdsk. [ 117.354364][ T6490] ntfs: (device loop3): load_system_files(): Failed to load $MFTMirr. Mounting read-only. Run ntfsfix and/or chkdsk. [ 117.492912][ T6490] ntfs: volume version 3.1. [ 117.582808][ T6490] ntfs: (device loop3): ntfs_ucstonls(): Unicode name contains characters that cannot be converted to character set iso8859-13. You might want to try to use the mount option nls=utf8. [ 117.665504][ T6490] ntfs: (device loop3): ntfs_filldir(): Skipping unrepresentable inode 0x45. [ 118.276129][ T6524] loop2: detected capacity change from 0 to 128 [ 118.619696][ T6531] loop2: detected capacity change from 0 to 2048 [ 118.707821][ T6531] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 118.721381][ T6531] ext4 filesystem being mounted at /62/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 118.799951][ T6542] loop3: detected capacity change from 0 to 256 [ 119.010032][ T5771] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 119.662085][ T6569] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.261'. [ 119.684420][ T6569] openvswitch: netlink: IP tunnel attribute has 3052 unknown bytes. [ 119.785218][ T6571] tipc: Started in network mode [ 119.798658][ T6571] tipc: Node identity bbbbbb01, cluster identity 4711 [ 119.817285][ T6571] tipc: Enabled bearer , priority 10 [ 120.031188][ T6573] loop1: detected capacity change from 0 to 8192 [ 120.069114][ T6573] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 120.120326][ T6573] REISERFS (device loop1): found reiserfs format "3.5" with non-standard journal [ 120.157838][ T6582] netlink: 'syz.2.268': attribute type 3 has an invalid length. [ 120.181606][ T6573] REISERFS (device loop1): using ordered data mode [ 120.203813][ T6573] reiserfs: using flush barriers [ 120.247291][ T6573] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 120.286444][ T6573] REISERFS (device loop1): checking transaction log (loop1) [ 120.360094][ T6573] REISERFS (device loop1): Using r5 hash to sort names [ 120.402538][ T6573] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage. [ 120.540462][ T6573] REISERFS warning (device loop1): reiserfs-13077 reiserfs_fh_to_dentry: nfsd/reiserfs, fhtype=129, len=7 - odd [ 120.690123][ T6591] warning: `syz.0.271' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 120.929553][ T5828] tipc: Node number set to 3149642497 [ 120.954161][ T6597] smc: net device wlan0 applied user defined pnetid SYZ0 [ 121.400637][ T28] audit: type=1326 audit(1779369153.688:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6617 comm="syz.3.285" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f9cd9ce59 code=0x7ffc0000 [ 121.485540][ T28] audit: type=1326 audit(1779369153.688:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6617 comm="syz.3.285" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f9cd9ce59 code=0x7ffc0000 [ 121.585490][ T28] audit: type=1326 audit(1779369153.688:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6617 comm="syz.3.285" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=198 compat=0 ip=0x7f9f9cd9ce59 code=0x7ffc0000 [ 121.642933][ T28] audit: type=1326 audit(1779369153.688:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6617 comm="syz.3.285" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f9cd9ce59 code=0x7ffc0000 [ 121.698426][ T28] audit: type=1326 audit(1779369153.698:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6617 comm="syz.3.285" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f9cd9ce59 code=0x7ffc0000 [ 121.924997][ T6632] netlink: 4 bytes leftover after parsing attributes in process `syz.1.291'. [ 122.424534][ T28] audit: type=1326 audit(1779369154.708:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6647 comm="syz.1.300" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bcad9ce59 code=0x7ffc0000 [ 122.501365][ T28] audit: type=1326 audit(1779369154.708:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6647 comm="syz.1.300" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bcad9ce59 code=0x7ffc0000 [ 122.519956][ T6626] loop2: detected capacity change from 0 to 32768 [ 122.552429][ T28] audit: type=1326 audit(1779369154.768:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6647 comm="syz.1.300" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=240 compat=0 ip=0x7f3bcad9ce59 code=0x7ffc0000 [ 122.586117][ T6626] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 scanned by syz.2.288 (6626) [ 122.658333][ T28] audit: type=1326 audit(1779369154.778:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6647 comm="syz.1.300" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bcad9ce59 code=0x7ffc0000 [ 122.697665][ T6626] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 122.732929][ T28] audit: type=1326 audit(1779369154.778:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6647 comm="syz.1.300" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bcad9ce59 code=0x7ffc0000 [ 122.749716][ T6626] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 122.800239][ T6657] Illegal XDP return value 4294967274 on prog (id 22) dev N/A, expect packet loss! [ 122.807779][ T6626] BTRFS info (device loop2): setting nodatacow, compression disabled [ 122.865469][ T6626] BTRFS info (device loop2): use zlib compression, level 3 [ 122.872770][ T6626] BTRFS info (device loop2): force clearing of disk cache [ 122.909045][ T6626] BTRFS info (device loop2): turning on sync discard [ 122.935474][ T6626] BTRFS info (device loop2): turning off barriers [ 122.941991][ T6626] BTRFS info (device loop2): use no compression [ 123.000070][ T6626] BTRFS info (device loop2): disabling free space tree [ 123.025449][ T6626] BTRFS info (device loop2): enabling ssd optimizations [ 123.032474][ T6626] BTRFS info (device loop2): using spread ssd allocation scheme [ 123.065582][ T6626] BTRFS info (device loop2): not using ssd optimizations [ 123.072695][ T6626] BTRFS info (device loop2): not using spread ssd allocation scheme [ 123.250545][ T6626] BTRFS info (device loop2): rebuilding free space tree [ 123.291668][ T6626] BTRFS info (device loop2): disabling free space tree [ 123.304202][ T5828] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 123.316378][ T6626] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 123.340936][ T6626] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 123.516058][ T5828] usb 2-1: Using ep0 maxpacket: 8 [ 123.539812][ T5828] usb 2-1: config 0 interface 0 altsetting 8 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 123.562460][ T5828] usb 2-1: config 0 interface 0 altsetting 8 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 123.595802][ T5828] usb 2-1: config 0 interface 0 has no altsetting 0 [ 123.612104][ T5828] usb 2-1: New USB device found, idVendor=056a, idProduct=0029, bcdDevice= 0.00 [ 123.622657][ T5828] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 123.632023][ T5771] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 123.654083][ T5828] usb 2-1: config 0 descriptor?? [ 124.089539][ T5828] wacom 0003:056A:0029.0003: ignoring exceeding usage max [ 124.120504][ T5828] wacom 0003:056A:0029.0003: unknown main item tag 0x0 [ 124.142348][ T5828] wacom 0003:056A:0029.0003: unknown main item tag 0x0 [ 124.166209][ T5828] wacom 0003:056A:0029.0003: unknown main item tag 0x0 [ 124.173166][ T5828] wacom 0003:056A:0029.0003: unknown main item tag 0x0 [ 124.204083][ T5828] wacom 0003:056A:0029.0003: unknown main item tag 0x0 [ 124.222063][ T5828] wacom 0003:056A:0029.0003: unknown main item tag 0x0 [ 124.235735][ T5828] wacom 0003:056A:0029.0003: unknown main item tag 0x0 [ 124.250186][ T5828] wacom 0003:056A:0029.0003: unknown main item tag 0x0 [ 124.272841][ T5828] wacom 0003:056A:0029.0003: Unknown device_type for 'HID 056a:0029'. Assuming pen. [ 124.362208][ T5828] wacom 0003:056A:0029.0003: hidraw0: USB HID v0.06 Device [HID 056a:0029] on usb-dummy_hcd.1-1/input0 [ 124.405233][ T5828] input: Wacom Intuos5 S Pen as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:056A:0029.0003/input/input6 [ 124.653680][ T5828] usb 2-1: USB disconnect, device number 3 [ 124.954053][ T6723] mkiss: ax0: crc mode is auto. [ 125.445587][ T8] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 125.636553][ T6749] loop1: detected capacity change from 0 to 256 [ 125.645545][ T8] usb 1-1: Using ep0 maxpacket: 16 [ 125.654649][ T8] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 125.705646][ T8] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 125.725174][ T6749] FAT-fs (loop1): Directory bread(block 64) failed [ 125.741541][ T6749] FAT-fs (loop1): Directory bread(block 65) failed [ 125.751911][ T8] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 125.775618][ T6749] FAT-fs (loop1): Directory bread(block 66) failed [ 125.782232][ T6749] FAT-fs (loop1): Directory bread(block 67) failed [ 125.804459][ T8] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 125.807065][ T6749] FAT-fs (loop1): Directory bread(block 68) failed [ 125.826479][ T6749] FAT-fs (loop1): Directory bread(block 69) failed [ 125.833199][ T6749] FAT-fs (loop1): Directory bread(block 70) failed [ 125.846348][ T6749] FAT-fs (loop1): Directory bread(block 71) failed [ 125.854126][ T8] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 125.877648][ T6749] FAT-fs (loop1): Directory bread(block 72) failed [ 125.884338][ T6749] FAT-fs (loop1): Directory bread(block 73) failed [ 125.896949][ T8] usb 1-1: config 0 descriptor?? [ 125.988950][ T6753] loop3: detected capacity change from 0 to 1024 [ 126.090132][ T6753] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 126.144223][ T6753] ext4 filesystem being mounted at /83/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 126.217157][ T6753] EXT4-fs error (device loop3): ext4_validate_block_bitmap:439: comm syz.3.339: bg 0: block 112: padding at end of block bitmap is not set [ 126.286082][ T6753] EXT4-fs (loop3): Remounting filesystem read-only [ 126.380768][ T8] input: HID 045e:07da as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:045E:07DA.0004/input/input9 [ 126.413490][ T5773] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 126.426274][ T8] microsoft 0003:045E:07DA.0004: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.0-1/input0 [ 126.653394][ T6764] loop1: detected capacity change from 0 to 256 [ 126.677072][ T6764] exfat: Deprecated parameter 'utf8' [ 126.731610][ T786] usb 1-1: USB disconnect, device number 3 [ 126.822543][ T6764] exFAT-fs (loop1): failed to load upcase table (idx : 0x0001fe89, chksum : 0xc232f927, utbl_chksum : 0xe619d30d) [ 127.012778][ T6757] loop2: detected capacity change from 0 to 32768 [ 127.068650][ T6757] ocfs2: Mounting device (7,2) on (node local, slot 0) with writeback data mode. [ 127.339487][ T5771] ocfs2: Unmounting device (7,2) on (node local) [ 127.512285][ T6777] netlink: 24 bytes leftover after parsing attributes in process `syz.0.348'. [ 127.592014][ T6767] loop3: detected capacity change from 0 to 32768 [ 127.657593][ T6767] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by syz.3.344 (6767) [ 127.755691][ T6767] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 127.770888][ T6767] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 127.786941][ T6767] BTRFS info (device loop3): setting nodatasum [ 127.794440][ T6767] BTRFS info (device loop3): disabling tree log [ 127.805339][ T6767] BTRFS info (device loop3): max_inline at 0 [ 127.813857][ T6767] BTRFS info (device loop3): turning on sync discard [ 127.833271][ T6767] BTRFS info (device loop3): using free space tree [ 128.014078][ T6767] BTRFS info (device loop3): enabling ssd optimizations [ 128.115330][ T6806] loop1: detected capacity change from 0 to 512 [ 128.180629][ T5773] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 128.245047][ T6806] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 128.316764][ T6806] ext4 filesystem being mounted at /90/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 128.594982][ T5766] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 9 /dev/loop3 scanned by udevd (5766) [ 129.126863][ T5772] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 129.565308][ T6836] tipc: Enabling of bearer rejected, failed to enable media [ 129.874314][ T6850] loop2: detected capacity change from 0 to 256 [ 129.896800][ T6850] exfat: Deprecated parameter 'utf8' [ 129.939321][ T6850] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d) [ 130.405532][ T8] usb 3-1: new full-speed USB device number 5 using dummy_hcd [ 130.601963][ T8] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 130.612614][ T8] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 130.624052][ T8] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 130.638924][ T8] usb 3-1: New USB device found, idVendor=04d8, idProduct=f002, bcdDevice= 0.00 [ 130.648319][ T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 130.661150][ T8] usb 3-1: config 0 descriptor?? [ 130.881672][ T6871] netlink: 12 bytes leftover after parsing attributes in process `syz.3.381'. [ 131.098885][ T8] hid-picolcd 0003:04D8:F002.0005: unknown main item tag 0x0 [ 131.119861][ T8] hid-picolcd 0003:04D8:F002.0005: unknown main item tag 0x0 [ 131.133139][ T8] hid-picolcd 0003:04D8:F002.0005: unknown main item tag 0x0 [ 131.225676][ T8] hid-picolcd 0003:04D8:F002.0005: No report with id 0xf3 found [ 131.237856][ T8] hid-picolcd 0003:04D8:F002.0005: No report with id 0xf4 found [ 131.309296][ T8] usb 3-1: USB disconnect, device number 5 [ 131.625562][ T9] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 131.815494][ T9] usb 4-1: Using ep0 maxpacket: 32 [ 131.835893][ T9] usb 4-1: config 0 interface 0 altsetting 8 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 131.862732][ T9] usb 4-1: config 0 interface 0 has no altsetting 0 [ 131.875231][ T9] usb 4-1: New USB device found, idVendor=5543, idProduct=0042, bcdDevice= 0.00 [ 131.900789][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 131.922728][ T9] usb 4-1: config 0 descriptor?? [ 132.215558][ T27] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 132.235619][ T5781] ================================================================== [ 132.243756][ T5781] BUG: KASAN: slab-use-after-free in hci_cmd_timeout+0x1d0/0x1e0 [ 132.251630][ T5781] Read of size 2 at addr ffff888026b29df8 by task kworker/u5:5/5781 [ 132.259647][ T5781] [ 132.262011][ T5781] CPU: 1 PID: 5781 Comm: kworker/u5:5 Not tainted syzkaller #0 [ 132.269582][ T5781] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 132.279667][ T5781] Workqueue: hci2 hci_cmd_timeout [ 132.284731][ T5781] Call Trace: [ 132.288041][ T5781] [ 132.290997][ T5781] dump_stack_lvl+0x18c/0x250 [ 132.295707][ T5781] ? __lock_acquire+0x7d40/0x7d40 [ 132.300755][ T5781] ? show_regs_print_info+0x20/0x20 [ 132.305977][ T5781] ? load_image+0x420/0x420 [ 132.310518][ T5781] ? _raw_spin_lock_irqsave+0xc0/0x100 [ 132.316008][ T5781] ? __virt_addr_valid+0x18c/0x540 [ 132.321145][ T5781] ? __virt_addr_valid+0x469/0x540 [ 132.326289][ T5781] print_report+0xa8/0x210 [ 132.330743][ T5781] ? hci_cmd_timeout+0x1d0/0x1e0 [ 132.335704][ T5781] kasan_report+0x117/0x150 [ 132.340239][ T5781] ? hci_cmd_timeout+0x1d0/0x1e0 [ 132.345197][ T5781] hci_cmd_timeout+0x1d0/0x1e0 [ 132.349991][ T5781] ? process_scheduled_works+0x96f/0x15d0 [ 132.355745][ T5781] process_scheduled_works+0xa5d/0x15d0 [ 132.361329][ T5781] ? worker_attach_to_pool+0x380/0x380 [ 132.366818][ T5781] ? assign_work+0x3d2/0x5d0 [ 132.371436][ T5781] worker_thread+0xa55/0xfc0 [ 132.376071][ T5781] kthread+0x2fa/0x390 [ 132.380160][ T5781] ? pr_cont_work+0x560/0x560 [ 132.384872][ T5781] ? kthread_blkcg+0xd0/0xd0 [ 132.389482][ T5781] ret_from_fork+0x48/0x80 [ 132.393927][ T5781] ? kthread_blkcg+0xd0/0xd0 [ 132.398543][ T5781] ret_from_fork_asm+0x11/0x20 [ 132.403343][ T5781] [ 132.406381][ T5781] [ 132.408722][ T5781] Allocated by task 5781: [ 132.413076][ T5781] kasan_set_track+0x4e/0x70 [ 132.417705][ T5781] __kasan_slab_alloc+0x6c/0x80 [ 132.422583][ T5781] slab_post_alloc_hook+0x6e/0x4b0 [ 132.427722][ T5781] kmem_cache_alloc+0x11a/0x2d0 [ 132.432607][ T5781] skb_clone+0x1eb/0x370 [ 132.436868][ T5781] hci_cmd_work+0x283/0x650 [ 132.441403][ T5781] process_scheduled_works+0xa5d/0x15d0 [ 132.447153][ T5781] worker_thread+0xa55/0xfc0 [ 132.451803][ T5781] kthread+0x2fa/0x390 [ 132.455889][ T5781] ret_from_fork+0x48/0x80 [ 132.460328][ T5781] ret_from_fork_asm+0x11/0x20 [ 132.465121][ T5781] [ 132.467493][ T5781] Freed by task 6860: [ 132.471497][ T5781] kasan_set_track+0x4e/0x70 [ 132.476108][ T5781] kasan_save_free_info+0x2e/0x50 [ 132.481189][ T5781] ____kasan_slab_free+0x126/0x1e0 [ 132.486328][ T5781] slab_free_freelist_hook+0x130/0x1a0 [ 132.491810][ T5781] kmem_cache_free+0xf8/0x270 [ 132.496521][ T5781] __hci_req_sync+0x613/0x910 [ 132.501236][ T5781] hci_req_sync+0xa2/0xc0 [ 132.505601][ T5781] hci_inquiry+0x38f/0x600 [ 132.510067][ T5781] sock_do_ioctl+0xfc/0x310 [ 132.514598][ T5781] sock_ioctl+0x5ba/0x7e0 [ 132.518954][ T5781] __se_sys_ioctl+0xfd/0x170 [ 132.523568][ T5781] do_syscall_64+0x55/0xb0 [ 132.528005][ T5781] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 132.533928][ T5781] [ 132.536321][ T5781] The buggy address belongs to the object at ffff888026b29dc0 [ 132.536321][ T5781] which belongs to the cache skbuff_head_cache of size 240 [ 132.550932][ T5781] The buggy address is located 56 bytes inside of [ 132.550932][ T5781] freed 240-byte region [ffff888026b29dc0, ffff888026b29eb0) [ 132.564671][ T5781] [ 132.567032][ T5781] The buggy address belongs to the physical page: [ 132.573603][ T5781] page:ffffea00009aca40 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x26b29 [ 132.583792][ T5781] flags: 0xfff00000000800(slab|node=0|zone=1|lastcpupid=0x7ff) [ 132.591363][ T5781] page_type: 0xffffffff() [ 132.595720][ T5781] raw: 00fff00000000800 ffff88801ea70640 ffffea000061a240 dead000000000004 [ 132.604325][ T5781] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000 [ 132.612918][ T5781] page dumped because: kasan: bad access detected [ 132.619343][ T5781] page_owner tracks the page as allocated [ 132.625081][ T5781] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 5139, tgid 5139 (udevadm), ts 34473257981, free_ts 34398408585 [ 132.642991][ T5781] post_alloc_hook+0x1c1/0x200 [ 132.647791][ T5781] get_page_from_freelist+0x1951/0x19e0 [ 132.653379][ T5781] __alloc_pages+0x1f0/0x460 [ 132.658012][ T5781] alloc_slab_page+0x5d/0x160 [ 132.662728][ T5781] new_slab+0x87/0x2d0 [ 132.666838][ T5781] ___slab_alloc+0xc5d/0x12f0 [ 132.671640][ T5781] kmem_cache_alloc+0x1b3/0x2d0 [ 132.676620][ T5781] skb_clone+0x1eb/0x370 [ 132.680900][ T5781] netlink_broadcast_filtered+0x658/0x1110 [ 132.686745][ T5781] netlink_broadcast+0x37/0x50 [ 132.691544][ T5781] kobject_uevent_net_broadcast+0x364/0x530 [ 132.697489][ T5781] kobject_uevent_env+0x550/0x8b0 [ 132.702562][ T5781] kobject_synth_uevent+0x582/0xbc0 [ 132.707796][ T5781] uevent_store+0x4c/0x70 [ 132.712149][ T5781] kernfs_fop_write_iter+0x3b6/0x520 [ 132.717487][ T5781] vfs_write+0x46c/0x990 [ 132.721775][ T5781] page last free stack trace: [ 132.726550][ T5781] free_unref_page_prepare+0x7b2/0x8c0 [ 132.732045][ T5781] free_unref_page+0x32/0x2e0 [ 132.736757][ T5781] __unfreeze_partials+0x1cf/0x210 [ 132.741895][ T5781] put_cpu_partial+0x17c/0x250 [ 132.746683][ T5781] __slab_free+0x319/0x400 [ 132.751120][ T5781] qlist_free_all+0x75/0xd0 [ 132.755658][ T5781] kasan_quarantine_reduce+0x143/0x160 [ 132.761145][ T5781] __kasan_slab_alloc+0x22/0x80 [ 132.766023][ T5781] slab_post_alloc_hook+0x6e/0x4b0 [ 132.771157][ T5781] __kmem_cache_alloc_node+0x13a/0x250 [ 132.776662][ T5781] kmalloc_trace+0x2a/0xe0 [ 132.781119][ T5781] kernfs_fop_open+0x3f5/0xcc0 [ 132.785914][ T5781] do_dentry_open+0x8c6/0x1500 [ 132.790708][ T5781] path_openat+0x27f1/0x3230 [ 132.795347][ T5781] do_filp_open+0x1f5/0x430 [ 132.799876][ T5781] do_sys_openat2+0x134/0x1d0 [ 132.804582][ T5781] [ 132.806922][ T5781] Memory state around the buggy address: [ 132.812567][ T5781] ffff888026b29c80: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 132.820646][ T5781] ffff888026b29d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc [ 132.828725][ T5781] >ffff888026b29d80: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 132.836809][ T5781] ^ [ 132.844801][ T5781] ffff888026b29e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 132.852879][ T5781] ffff888026b29e80: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc [ 132.860962][ T5781] ================================================================== [ 132.870834][ T965] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 132.880669][ T5781] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 132.887914][ T5781] CPU: 1 PID: 5781 Comm: kworker/u5:5 Not tainted syzkaller #0 [ 132.888166][ T9] hid (null): unknown global tag 0xe [ 132.888203][ T9] hid (null): unknown global tag 0xc [ 132.906101][ T5781] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 132.916200][ T5781] Workqueue: hci2 hci_cmd_timeout [ 132.921285][ T5781] Call Trace: [ 132.924593][ T5781] [ 132.927559][ T5781] dump_stack_lvl+0x18c/0x250 [ 132.932275][ T5781] ? show_regs_print_info+0x20/0x20 [ 132.937510][ T5781] ? load_image+0x420/0x420 [ 132.942063][ T5781] panic+0x2dc/0x730 [ 132.946003][ T5781] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 132.952295][ T5781] ? bpf_jit_dump+0xd0/0xd0 [ 132.956850][ T5781] ? _raw_spin_unlock_irqrestore+0x111/0x120 [ 132.962875][ T5781] ? _raw_spin_unlock+0x40/0x40 [ 132.967770][ T5781] ? hci_cmd_timeout+0x1d0/0x1e0 [ 132.972747][ T5781] check_panic_on_warn+0x84/0xa0 [ 132.977733][ T5781] ? hci_cmd_timeout+0x1d0/0x1e0 [ 132.982755][ T5781] end_report+0x6f/0x130 [ 132.987041][ T5781] kasan_report+0x128/0x150 [ 132.991575][ T5781] ? hci_cmd_timeout+0x1d0/0x1e0 [ 132.996539][ T5781] hci_cmd_timeout+0x1d0/0x1e0 [ 133.001318][ T5781] ? process_scheduled_works+0x96f/0x15d0 [ 133.007060][ T5781] process_scheduled_works+0xa5d/0x15d0 [ 133.012642][ T5781] ? worker_attach_to_pool+0x380/0x380 [ 133.018125][ T5781] ? assign_work+0x3d2/0x5d0 [ 133.022743][ T5781] worker_thread+0xa55/0xfc0 [ 133.027373][ T5781] kthread+0x2fa/0x390 [ 133.031463][ T5781] ? pr_cont_work+0x560/0x560 [ 133.036169][ T5781] ? kthread_blkcg+0xd0/0xd0 [ 133.040779][ T5781] ret_from_fork+0x48/0x80 [ 133.045221][ T5781] ? kthread_blkcg+0xd0/0xd0 [ 133.049829][ T5781] ret_from_fork_asm+0x11/0x20 [ 133.054620][ T5781] [ 133.058231][ T5781] Kernel Offset: disabled [ 133.062573][ T5781] Rebooting in 86400 seconds..