last executing test programs: 4m35.423786341s ago: executing program 3 (id=46): r0 = socket(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'ip6gretap0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)=@newqdisc={0x48, 0x24, 0xf0b, 0x4, 0x200, {0x60, 0x0, 0x0, r2, {0x0, 0xd}, {0xffff, 0xffff}, {0x8}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x18, 0x2, [@TCA_CAKE_BASE_RATE64={0xc, 0x2, 0x3b9aca00}, @TCA_CAKE_DIFFSERV_MODE={0x8, 0x3, 0x1}]}}]}, 0x48}}, 0x40) 4m34.601702513s ago: executing program 3 (id=50): syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x0, &(0x7f00000002c0)={[{@noauto_da_alloc}, {@jqfmt_vfsold}, {@dax}, {@norecovery}, {}]}, 0x1, 0x4be, &(0x7f0000000540)="$eJzs3ctrW1caAPBPUvyMZ/KYYUgyMAlkIPMglh8MsWdmM6uZWQSGCXTTQuraiutatowlp7EJ1Gl3WXRRWlooXXRZ6D/QbppVQ6F03e5LFiWlTV1oCwUVXUmO/JArGjsC398PbnTuOTf6zrH4jq+OrnUDSK1ztX8yEUMR8UlEHKvvbj3gXP1h48HN6dqWiWr1yleZ5LjafvPQ5v87GhHrEdEfEf//d8QzmZ1xy6tr81PFYmG5sZ+vLCzly6trF+cWpmYLs4XF0YlLk5MTI+Njk/s21tsvP3f78vv/7X33u5fu333lww9q3RpqtLWOYz/Vh94TJ1rqjkTEPw8iWBfkGuMZ6HZH+EVqr99vIuJ8kv/HIpe8mkAaVKvV6o/VvnbN61Xg0Mom58CZ7HBE1MvZ7PBw/Rz+tzGYLZbKlb9eK60sztTPlY9HT/baXLEw0nivcDx6MrX90aT8cH9s2/54RHIO/GpuINkfni4VZx7vVAdsc3Rb/n+bq+c/kBLe8kN6yX9IL/kP6SX/Ib3kP6SX/If0kv+QXvIf0kv+Q3rJf0gv+Q+p9L/Ll2tbtfn37zPXV1fmS9cvzhTK88MLK9PD06XlGJ4t9b3X2fMVS6Wl0b/Fyo18pVCu5Mura1cXSiuLlatzC1OzvVHoOeDxAJ07cfbOZ5mIWP/7QLLV9Dba5CocbtUX6t8BAKRPrtsTENA1lv4gvbzHB3b5it4t+ts1LD1S1J8LCxygbLc7AHTNhdM+/4O0sv4P6WX9H9Jr6zm+swFIo+6s/wPdZP0f0muo5f4/mZb7f/2q5d5dIxHx64j4NNfT17zXF3AYZL/INHL/wrE/Dm1v7c18nywK9EbE829eef3GVKWyPFqr/3qzvvJGvb63G90HOpbk71jj0S9yAEi1jQc3p5vbZuXxg4/75b/qFyHsjH+ksTbZn3xGObiR2XKtQmafrl1YvxURp3aLn2nc77z+ycfgRm5H/JONx0z9KZL+Hknum/4o8e+902n80y3x/9AS/8wj/1QgHe7U5p+R3fI/m+R0bObf1vlnaJ+uj24//2U3579cm/nvbIcxnn3rxXtt49+KOLNr/Ga8/iTW9vi1vl3oMP79p574Xbu26tv159ktflOtlK8sLOXLq2sX5xamZguzhcXRiUuTkxMj42OT+WSNOt9cqd7pH6c+vrvX+AfbxN9r/LW6P3c4/h9+/9GT5/aI/6fzu7/+J/eIPxARf+kw/jdjnz/drq0Wf6bN+LPb47cs8NXqxjuMX37tP30dHgoAPAbl1bX5qWKxsKygoKCwWej2zAQctIdJ3+2eAAAAAAAAAAAAAJ16HJcTd3uMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACHwU8BAAD//zAx0oQ=") timer_create(0xfffffffffffffffc, 0x0, &(0x7f0000001400)=0x0) timer_settime(r0, 0x1, &(0x7f00000005c0)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0) timer_gettime(r0, &(0x7f0000000080)) 4m33.256568601s ago: executing program 3 (id=55): r0 = syz_io_uring_setup(0x49a, &(0x7f0000000400)={0x0, 0x79af, 0x3180, 0x8000, 0x40024e}, &(0x7f0000000340)=0x0, &(0x7f0000000300)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_MSG_RING={0x28, 0x40, 0x0, r0, 0x0, 0x0, 0x0, 0x2}) io_uring_enter(r0, 0x627, 0x4c1, 0x9, 0x0, 0x0) 4m32.09815339s ago: executing program 3 (id=62): syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000040)='./file1\x00', 0x10, &(0x7f00000004c0)={[{@i_version}, {@nodiscard}, {@min_batch_time={'min_batch_time', 0x3d, 0x3ff}}]}, 0x1, 0x3f7, &(0x7f0000003080)="$eJzs3c1uG0UcAPD/bj6bliaVOPBxiQCJSIikSVugEkhEXDjQEz1wJIrdEtVpUGIkWkV8CMQNJBAPAAfgETjCgXeAM3CAShHKgZSb0dq7jhvbaZPadZX8ftLIMztrz6zHs15PZicBHFvTEfFqRAxFxNmImMy3p3mIjxoh229ne3P5v+3N5SRqtTf/SSLJtxWvleSPJ/MXmEkj0k+TeLJDuRs3bl5bqlTK63l6rrr67tzGjZvPr6wuXS1fLV9feOHc+QsXXrq48GLPjnVrNfn8me/f+PPLz0pf/fr3T1NZfU/lea3H0SvTMd18T/a62OvCBmy8JZ4MD7AiAADsK82v/Yfr1/+TMRS7F2+T8cUvA60cAAAA0BO1WvEIAAAAHF2J3/4AAABwxBXzAHa2N5eLMMDpCDxgW4sRMdVo/9t5aOQMN+/pHYkYGe9T+dMR8fr4pYUsRJ/uwwYAAAA4zn5ebCz81z7+l8ZjLfudiIiJYm2/Hprek24f/0lv9bhIWmwtRrwcEbfbxv/SYpepoTz1SH2ocCS5slIpn42I0xExEyNjWXp+nzI+eOraD93yWsf/vvnjrfms/Oxxd4/01vDYnc8pLVWX7ueY2bX1ccQTw53aP2mO/7auk3kYb6/svNItL2v/rL2L0N7+9FPt24hnO/b/3ZVLk/3XZ52rnw/m8rPCWHsZv5/67pNu5bf2/yxk5Rd/C6D/sv4/sX/719fJba7Xu3HwMn7899Jv3fLu3v6dz/+jyeV6BUfzbe8vVavr8xGjSWPLHdt9mpqK96N4v7L2n3m68/d/cf2X5N/9p1vWhz6I1z48c7lbnv4/WFn7lw7U/w8eeWfi8Zlu5d9b/z9fr0zxIq7/7u5eG2jQ9QQAAAAAAACgN9L63L4knW3G03R2tjHP99GYSCtrG9Xnrqy9d73UmAM4FSNpMf9zsmU+6HzjNvJmemFP+lxEnImIrydP1NOzy2uV0qAPHgAAAI6Jk11+/2f+OszNHgAAAMDDaWrQFQAAAAD6zu9/AAAAONLuZ13/Snm9+BdBh3y6iMjhIkP5B+9hqc/RiwzwpAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA/B8AAP//91C79Q==") mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x1204001, &(0x7f00000011c0)={[{@lowerdir={'lowerdir', 0x3d, '.'}, 0x3a}], [], 0x2f}) r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0) getdents64(r0, 0x0, 0x0) 4m30.725844056s ago: executing program 3 (id=68): r0 = syz_open_procfs(0x0, 0x0) preadv(r0, 0x0, 0x0, 0x47, 0x0) syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000280)='./bus\x00', 0x1200840, &(0x7f0000000100)=ANY=[@ANYBLOB="757466383d312c636865636b3d7374726963742c73686f72746e616d653d6d697865642c6e6f6e756d7461696c3d302c73686f72746e616d653d6d697865642c73686f72746e616d653d77696e39352c696f636861727365743d73703836322c696f636861727365743d63703433372c73686f72746e616d653d77696e39352c756e695f786c6174653d312c756e695f786c6174653d302c757466383d302c756e695f786c6174653d302c003c24d06816418f4be78ed4fbfe47efc82f966a602a8db43ad053c978bbd3501706515140ef63c2a58653ced497550b22917b09702604bc162c57e05beec5bb0c11fc2f9238b25e4527e24bab534e9ba458d92a597c3fee89f57053a4a1535771c9877b3ab101fb26937779cff75a95a296fafddf11280fafeb9bd5f2da4a88b43f3e4d5b1a9aed1f659d88f914548fba990603b0d4f14adda86d459c62701d3d6f007c7e50da9608a03eff5843f6739a8ec5ff33791394a5c075018b5d92bbd7d9874589f3561fbdfc44653bb6c56b522a3413"], 0x3, 0x37c, &(0x7f0000000ec0)="$eJzs3TGIW2UcAPB/7uUud9J6NwiiIEQ3QY+2CqKLV8oVilmqhKqDGGyr5XIWehhsh6bnIo6Co05uDjo4dHMRFOnm4GoFqYqDditY+uTlvSQvl+Q8Kmkt/n5D+Pf7/v/vfS/5aL7Lke9eX4uNk/Nx+vr1a7G4WInq2pG1uFGJlUii71KMW5jQBgDcG26kafyZ5iK+2ktJZfazAgBmqff+/+b+Ust73+yWn+bv/vOznhcAMDvFz/9L5bZkR87itOKzM5sWADBDo5//R8RjYymlX/VXx/YGAMC956VXXn3hcCPixXp9MWLz/U6z04znhv2HT8eZaMepOBDLcTMi3yhkD5Xe49FjjfUD9Xq9G7+sRDOr6DQjNrudZr5TOJz06mtxMJZjpagvdhtpmiZHv2ysH6z3RMSlbu/6sVnpNOdjKatfijM/3hen4lDU44Gx+ohjjfXBnqS52a+fj9gefm6RzX81luP7N+JstONkZLX9bU1j/eLBev1I2thXGdZ3O81aLy839RMQAAAAAAAAAAAAAAAAAAAAAAC4Lav1gZXB+Tnp8Pye1dUJ/b3zcfL64nyg7fx8oLSWRpr+8e6TzQ+SGDkfqHfAz0h9Nebu7q0DAAAAAAAAAAAAAAAAAADAf8bW+YVotdunzm2dv7BRDrrnts7PRUTW8vZ3n3+9FKM5S8UAo1UjQbVIKXXVh1Vp0k9Ok5GcIkiyi1eqectnlwczLufUBncxcRq16V3t9v5Hf/74wkZ/1EeS/si3hjlJTLyvC8mOaZSDzfvzAac/LbsEh/4h52qaptPKL742XhWViOrUqd5mkGbBt9feeuiprf4iSHOPP7F84upHn/620WpnV8602wvntm6mG63i35MX2/QgKa2fSrHYKuWVUG09fev4vikjb4+2tJIffn/54Q+vFC1zu79M6Ykrw5Z3JuQk+UW/2Nm1kAfZNAddz2dB9hyNjzM/YfFPCp6Jf/XCPfjJWuvyxZ9+3WtV6T8JB3UAAAAAAAAAAAAAAAAAAMAdUfqueKH4su/8blXPHp/9zAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgzhn+/f9BEHPbO1r2FvzVjX7Lieh31bIBY6F0xZW7eLcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPxf/R0AAP//KWlfjg==") openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x141042, 0x0) 4m29.47961247s ago: executing program 3 (id=73): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x44, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94) r0 = syz_open_dev$sg(&(0x7f00000002c0), 0x0, 0x2000) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$SG_IO(r1, 0x2285, &(0x7f0000000040)={0x53, 0xfffffffe, 0x6, 0x0, @buffer={0x2, 0x41001, &(0x7f00000000c0)=""/81}, &(0x7f0000000380)="259374c96ee3", 0x0, 0x300, 0x0, 0x0, 0x0}) 4m26.738403006s ago: executing program 32 (id=73): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x44, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94) r0 = syz_open_dev$sg(&(0x7f00000002c0), 0x0, 0x2000) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$SG_IO(r1, 0x2285, &(0x7f0000000040)={0x53, 0xfffffffe, 0x6, 0x0, @buffer={0x2, 0x41001, &(0x7f00000000c0)=""/81}, &(0x7f0000000380)="259374c96ee3", 0x0, 0x300, 0x0, 0x0, 0x0}) 3m42.309782003s ago: executing program 4 (id=215): r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0) fcntl$setlease(r0, 0x400, 0x0) fsetxattr$trusted_overlay_redirect(r0, &(0x7f0000000040), 0x0, 0x0, 0x0) fremovexattr(r0, &(0x7f00000000c0)=@known='trusted.overlay.redirect\x00') 3m41.089623526s ago: executing program 4 (id=219): unshare(0x2c020400) mknod$loop(&(0x7f0000000080)='./file0\x00', 0x100000000000600d, 0x1) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0xc9028ba210c11f88) statx(r0, 0x0, 0x1000, 0x6000, 0x0) 3m39.903934998s ago: executing program 4 (id=225): pipe(&(0x7f0000019480)={0xffffffffffffffff, 0xffffffffffffffff}) close(r1) socket$nl_route(0x10, 0x3, 0x0) splice(r0, 0x0, r1, 0x0, 0x10500, 0x0) 3m39.020175387s ago: executing program 4 (id=228): syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000040)='./file1\x00', 0x10, &(0x7f00000004c0)={[{@i_version}, {@nodiscard}, {@min_batch_time={'min_batch_time', 0x3d, 0x3ff}}]}, 0x1, 0x3f7, &(0x7f0000003080)="$eJzs3c1uG0UcAPD/bj6bliaVOPBxiQCJSIikSVugEkhEXDjQEz1wJIrdEtVpUGIkWkV8CMQNJBAPAAfgETjCgXeAM3CAShHKgZSb0dq7jhvbaZPadZX8ftLIMztrz6zHs15PZicBHFvTEfFqRAxFxNmImMy3p3mIjxoh229ne3P5v+3N5SRqtTf/SSLJtxWvleSPJ/MXmEkj0k+TeLJDuRs3bl5bqlTK63l6rrr67tzGjZvPr6wuXS1fLV9feOHc+QsXXrq48GLPjnVrNfn8me/f+PPLz0pf/fr3T1NZfU/lea3H0SvTMd18T/a62OvCBmy8JZ4MD7AiAADsK82v/Yfr1/+TMRS7F2+T8cUvA60cAAAA0BO1WvEIAAAAHF2J3/4AAABwxBXzAHa2N5eLMMDpCDxgW4sRMdVo/9t5aOQMN+/pHYkYGe9T+dMR8fr4pYUsRJ/uwwYAAAA4zn5ebCz81z7+l8ZjLfudiIiJYm2/Hprek24f/0lv9bhIWmwtRrwcEbfbxv/SYpepoTz1SH2ocCS5slIpn42I0xExEyNjWXp+nzI+eOraD93yWsf/vvnjrfms/Oxxd4/01vDYnc8pLVWX7ueY2bX1ccQTw53aP2mO/7auk3kYb6/svNItL2v/rL2L0N7+9FPt24hnO/b/3ZVLk/3XZ52rnw/m8rPCWHsZv5/67pNu5bf2/yxk5Rd/C6D/sv4/sX/719fJba7Xu3HwMn7899Jv3fLu3v6dz/+jyeV6BUfzbe8vVavr8xGjSWPLHdt9mpqK96N4v7L2n3m68/d/cf2X5N/9p1vWhz6I1z48c7lbnv4/WFn7lw7U/w8eeWfi8Zlu5d9b/z9fr0zxIq7/7u5eG2jQ9QQAAAAAAACgN9L63L4knW3G03R2tjHP99GYSCtrG9Xnrqy9d73UmAM4FSNpMf9zsmU+6HzjNvJmemFP+lxEnImIrydP1NOzy2uV0qAPHgAAAI6Jk11+/2f+OszNHgAAAMDDaWrQFQAAAAD6zu9/AAAAONLuZ13/Snm9+BdBh3y6iMjhIkP5B+9hqc/RiwzwpAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA/B8AAP//91C79Q==") mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x1204001, &(0x7f00000011c0)={[{@lowerdir={'lowerdir', 0x3d, '.'}, 0x3a}], [], 0x2f}) chdir(&(0x7f00000001c0)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0) 3m37.091557996s ago: executing program 4 (id=234): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000480)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'bridge_slave_1\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="7800000010000d00"/20, @ANYRES32=r1, @ANYBLOB="00300000c048000058001280110001006272696467655f736c617665000000004000058004001800050007"], 0x78}, 0x1, 0x0, 0x0, 0x40000}, 0x0) 3m35.324725132s ago: executing program 4 (id=239): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000040)={'vxcan0\x00', 0x0}) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000080)={'vxcan1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@can_newroute={0x24, 0x18, 0x1, 0x0, 0x25dfdbfd, {0x1d, 0x1, 0x2}, [@CGW_DST_IF={0x8, 0xa, r1}, @CGW_SRC_IF={0x8, 0x9, r2}]}, 0x24}}, 0x0) 3m33.345221567s ago: executing program 33 (id=239): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000040)={'vxcan0\x00', 0x0}) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000080)={'vxcan1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@can_newroute={0x24, 0x18, 0x1, 0x0, 0x25dfdbfd, {0x1d, 0x1, 0x2}, [@CGW_DST_IF={0x8, 0xa, r1}, @CGW_SRC_IF={0x8, 0x9, r2}]}, 0x24}}, 0x0) 2m31.573772987s ago: executing program 6 (id=515): r0 = socket$rxrpc(0x21, 0x2, 0x2) r1 = socket$rxrpc(0x21, 0x2, 0x2) sendto$rxrpc(r1, 0x0, 0x0, 0x0, 0x0, 0x0) bind$rxrpc(r0, &(0x7f0000000040)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e24, @multicast2}}, 0x24) 2m30.824410561s ago: executing program 6 (id=519): syz_mount_image$exfat(&(0x7f00000003c0), &(0x7f0000000240)='./file0\x00', 0x3000050, &(0x7f0000000600)=ANY=[], 0x2, 0x14fe, &(0x7f0000003680)="$eJzs3Au0ztXWMPA511p/NklPkvuaa/55kssiSXJJSCRJkiS5JSRJkoTEJrckJCH3JPeQ3GIn9/st9yQ5kiQJCUnWN3Q6n/e8nfftnO+c7/V9Z8/fGGvsNff/mfNZa889nv9ljL2/7Ti4av1qlesyM/xT8M9fUgEgBQD6AcA1ABABQKlspbIBDoNMGlP/uTcR/1oPTbvSKxBXkvQ/fZP+p2/S//RN+p++Sf/TN+l/+ib9T9+k/0KkZ1un575WRvod/3PP/0Ge//8/R87//0YOFxvz5fpi13f6B1Kk/+mb9D99k/6nb9L/9E36n75J///NRQCV/pvD0v/0TfovRHp2pZ8/y7iy40r//gkhhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGESB/OhcsMAPxlfqXXJYQQQgghhBBCiH+dkPFKr0AIIYQQQgghhBD/9yEo0GAgggyQEVIgE2SGqyALXA1Z4RpIwLWQDa6D7HA95ICckAtyQx7IC/nAAoEDhhjyQwFIwg1QEG6EQlAYikBR8FAMisNNUAJuhpJwC5SCW6E03AZloCyUg/JwO1SAO6AiVILKcCdUgbugKlSDu6E63AM14F6oCfdBLbgfasMDUAcehLrwENSDh6E+PAIN4FFoCI2gMTSBpv9H+S9CV3gJukF3SIUe0BNehl7QG/pAX+gHr0B/eBUGwGswEAbBYHgdhsAbMBTehGEwHEbAWzASRsFoGANjYRyMh7dhArwDE+FdmASTYQpMhWkwHWbAezATZsFseB/mwAcwF+bBfFgAC+FDWASLIQ0+giXwMSyFZbAcVsBKWAWrYQ2shXWwHjbARtgEm2ELbIVPYBtshx2wE3bBbtgDn8Je+Az2weewH774B/PP/qf8TggIqFChQYMZMAOmYApmxsyYBbNgVsyKCUxgNsyG2TE75sAcmAtzYR7Mg/kwHxISMjLmx/yYxCQWxIJYCAthESyCHj0Wx+JYAm/GklgSS2EpLI2lsQyWxbJYHstjBayAFbEiVsbKWAWrYFWsinfj3XgP1sAaWBNrYi2shbWxNtbBOlgX62I9rIf1sT42wAbYEBtiY2yMTbEpNsNm2BybY0tsia2wFbbG1tgG22BbbIvtsB22x/bYATtgR+yInbAzdsYX8UV8CV/C7lhF9cCe2BN7YS/sg32xL76C/fFVfBVfw4E4CAfj6/g6voFD8QwOw+E4AkdgBTUKR+MYZDUOx+N4nIATcCJOxEk4GSfjVJyG03EGzsCZOAtn4fs4Bz/AD3AezsMFuBAX4iJcjGmYhkvwLC7FZbgcV+BKXIUrcQ2uxTW4HjfgetyEm3ALbsFP8BPcjttxJ+7E3bgbP8VP8TP8DAfiftyPB/AAHsSDeAgP4WE8jEfwCB7Fo3gMj+FxPI4n8CSewpN4Gk/jGTyL5/AcnsfzeAGfz/N1vd2F1w0EdYlRRmVQGVSKSlGZVWaVRWVRWVVWlVAJlU1lU9lVdpVD5VC5VC6VR+VR+VQ+RYoUq1jlV/lVUiVVQVVQFVKFVBFVRHnlVXFVXJVQJVRJVVKVUreq0uo2VUaVVS18eVVeVVAtfUVVSVVWlVUVdZeqqqqpaqq6qq5qqBqqpqqpaqlaqrZ6QNVRPbAPPqQudaa+GoQN1GBsqBqpxqqJegMfU83UUGyuWqiW6gk1HIdha9XMt1FPq7ZqNLZTz6ox+JzqoMZhR/WC6qQ6qy7qRdVVNffdMvz2EaimYi/VW/VRfdVMvEtd6lhV9ZoaqAapwep1tQDfUEPVm2qYGq5GqLfUSDVKjVZj1Fg1To1Xb6sJ6h01Ub2rJqnJaoqaqqap6WqGek/NVLPUbPW+mqM+UHPVPDVfLVAL1YdqkVqs0tRHaon6WC1Vy9RytUKtVKvUarVGrVXr1Hq1QW1Um9RmtUVtVZ+obWq72qF2ql1qt9qjPlV71Wdqn/pc7VdfqAPqT+qg+lIdUl+pw+prdUR9o46qb9Ux9Z06rr5XJ9RJdUr9oE6rH9UZdVadUz+p8+pndUH9oi6qoECjVlproyOdQWfUKTqTzqyv0ln01TqrvkYn9LU6m75OZ9fX6xw6p86lc+s8Oq/Op60m7TTrWOfXBXRS36AL6ht1IV1YF9FFtdfFdHF9ky6hb9Yl9S26lL5Vl9a36TK6rC6ny+vbdQV9h66oK+nK+k5dRd+lq+pq+m5dXd+ja+h7dU19n66l79e19QO6jn5Q19UP6Xr6YV1fP6Ib6Ed1Q91IN9ZNdFP9mG6mH9fNdQvdUj+hW+kndWv9lG6jn9Zt9TO6nX5Wt9fP6Q76ed1Rv6A76c66i/5FX9RBd9PddaruoXvql3Uv3Vv30X11P/2K7q9f1QP0a3qgHqQH69f1EP2GHqrf1MP0cD1Cv6VH6lF6tB6jx+pxerx+W0/Q7+iJ+l09SU/WU/RUPU1P131+qzT778h/52/kD/j13bforfoTvU1v1zv0Tr1L79Z79B69V+/V+/Q+vV/v1wf0AX1QH9SH9CF9WB/WR/QRfVQf1cf0MX1cH9cn9En9k/5Bn9Y/6jP6rD6rf9Ln9Xl94befARg0ymhjTGQymIwmxWQymc1VJou52mQ115iEudZkM9eZ7OZ6k8PkNLlMbpPH5DX5jDVknGETm/ymgEmaG0xBc6MpZAqbIqao8aaYKW5u+qfz/2h9TU1T08w0M81Nc9PStDStTCvT2rQ2bUwb09a0Ne1MO9PetDcdTAfT0XQ0nUwn08V0MV1NV9PNdDOpJtX0NC+bXqa36WP6mn7mFdPf9DcDzAAz0Aw0g81gM8QMMUPNUDPMDDMjzAgz0ow0o81oM9aMNePNeDPBTDATzUQzyUwyU8wUM81MMzPMDDPTzDSzzWwzx8wxc81cM9/MNwvNQrPILDJpJs0sMUvMUrPMLDMrzAqzyqwya8was86sMxvMBrPJbDJLzVaz1Wwz28wOs8PsMrvMHrPH7DV7zT6zz+w3+80Bc8AcNAfNIXPIHDaHzRFzxBw1R80xc8wcN8fNCXPCnDKnzGlz2pwxZ8w5c86cN+fNBXPBXDQXL132RSpSkYlMlCHKEKVEKVHmKHOUJcoSZY2yRokoEWWLskXZo+ujHFHOKFeUO8oT5Y1SwUYUuYijOMofFYiS0Q1RwejGqFBUOCoSFY18VCwqHt0UlYhujkpGt0Sloluj0tFtUZmobFQuKh/dHlWI7ogqRpWiytGdUZXorqhqVC26O6oe3RPViO6Nakb3RbWi+6Pa0QNRnejBqG70UFQvejiqHz0SNYgejRpGjaLGUZOo6b+0fghncj7uu9nuNtX2sD3ty7aX7W372L62n33F9rev2gH2NTvQDrKD7et2iH3DDrVv2mF2uB1h37Ij7Sg72o6xY+04O96+bSfYd+xE+66dZCfbKXaqnWan2xn2PTvTzrKz7ft2jv3AzrXz7Hy7wC60H9pFdrFNsx/ZJfZju9Qus8vtCrvSrrKr7Rq71q6z6+0Gu9FuspvtFrvVfmK32e12h91pd9nddo/91O61n9l99nO7335hD9g/2YP2S3vIfmUP26/tEfuNPWq/tcfsd/a4/d6esCftKfuDPW1/tGfsWXvO/mTP25/tBfuLvWjDpYv7S6d3MmQoA2WgFEqhzJSZslAWykpZKUEJykbZKDtlpxyUg3JRLspDeSgf5aNLmJjyU35KUpIKUkEqRIWoCBUhT56KU3EqQSWoJJWkUlSKSlNpKkNlqByVo9vpdrqD7qBKVInupDvpLrqLqlE1qk7VqQbVoJpUk2pRLapNtakO1aG6VJfqUT2qT/WpATWghtSQGlNjakpNqRk1o+bUnFpSS2pFrag1taY21IbaUltqR+2oPbWnDtSBOlJH6kSdqAt1oa7UlbpRN0qlVOpJPakX9aI+1If6UT/qT/1pAA2ggTSQBtNgGkJDaCgNpWE0nEbQWzSSRtFoGkNjaRyNp/E0gSbQRJpIk2gSTaEpNI2m0QyaQTNpJs2m2TSH5tBcmkvzaT4tpIW0iBZRGqXRElpCS2kpLafltJJW0mpaTWtpLa2n9bSRNtJm2kxbaStto220g3bQLtpFe2gP7aW9tI/20X7aTwfoAB2kg3SIDtFhOkxH6AgdpaN0jI7RcTpOJ+gEnaJTdJpO0xk6Q+foHJ2nn+kC/UIXKVCKU5DZXeWyuKtdVneNS3GZ3KU4AoBLcS6X2+VxeV0+Z10Ol/OvYnLOFXKFXRFX1HlXzBV3N/0uLuPKunKuvLvdVXB3uIq/i6u7e1wNd6+r6e5z1dzdfxXXcve72u4RV8c96uq6Rq6ea+Lqu0dcA/eoa+gaucauiWvlnnSt3VOujXvatXXP/C5e5Ba7tW6dW+82uL3uM3fO/eSOum/defez6+a6u37uFdffveoGuNfcQDfod/EI95Yb6Ua50W6MG+vG/S6e4qa6aW66m+HeczPdrN/FC92Hbo5Lc3PdPDffLfg1vrSmNPeRW+I+dkvdMrfcrXAr3Sq32q3532td4Ta5zW6L2+M+ddvcdrfD7XS73O5f40v72Oc+d/vdF+6I+8YddF+6Q+6YO+y+/jW+tL9j7jt33H3vTriT7pT7wZ12P7oz7uyv+7+09x/cL+6iCw4YWbFmwxFn4Iycwpk4M1/FWfhqzsrXcIKv5Wx8HWfn6zkH5+RcnJvzcF7Ox5aJHTPHnJ8LcJJv4IJ8IxfiwlyEi7LnYlycb+ISfDOX5Fu4FN/Kpfk2LsNluRyX59u5At/BFbkSV+Y7uUoIXJWr8d1cne/hGnwv1+T7uBbfz7X5Aa7DD3Jdfojr8cNcnx/hBvwoN+RG3JibcFN+jJvx49ycW3BLfoJb8ZPcmp/iNvw0t+VnuB0/y+35Oe7Az3NHfoE7cWfuwi9yV36Ju3F3TuUe3JNf5l7cm/twX+7Hr3B/fpUH8Gs8kAfxYH6dh/AbPJTf5GE8nEfwWzySR/FoHsNjeRyP57d5Ar/DE/ldnsSTeQpP5Wk8nWfwezyTZ/Fsfp/n8Ac8l+fxfF7AC/lDXsSLOY0/4iX8MS/lZbycV/BKXsWreQ2v5XW8njfwRt7Em3kLb+VPeBtv5x28k3fxbt7Dn/Je/oz38ee8n7/gA/wnPshf8iH+ig/z13yEv+Gj/C0f4+/4OH/PJ/gkn+If+DT/yGf4LJ/jn/g8/8wX+Be+yIEhxljFOjZxFGeIM8YpcaY4c3xVnCW+Os4aXxMn4mvjbPF1cfb4+jhHnDPOFeeO88R543yxjSl2McdxnD8uECfjG+KC8Y1xobhwXCQuGvu4WFw8vikuEd8cl4xviUvFt8al49viMnHZ+JH7yse3xxXiO+KKcaW4cnxnXCW+K64aV4vvjqvH98Q14nvjmvF9ccn4/rh2/EBcJ34wrhs/FNeLH47rx4/EDeJH44Zxo7hx3CRuGj8WN4sfj5vHLeKW8RNxq/jJuHX8VNwmfjpuGz/zh8dT4x5xz/jl+OU4hHv1/OSC5MLkh8lFycXJtORHySXJj5NLk8uSy5MrkiuTq5Krk2uSa5PrkuuTG5Ibk5uSm5NbkiFUywgevfLaGx/5DD6jT/GZfGZ/lc/ir/ZZ/TU+4a/12fx1Pru/3ufwOX0un9vn8Xl9Pm89eefZxz6/L+CT/gZf0N/oC/nCvogv6r0v5ov7Jr6pb+qb+cd9c9/Ct/RP+Cf8k/5J/5R/yj/t2/pnfDv/rG/vn/Md/PP+ef+C7+Q7+y7+Rd/Vv+S7+e4+1af6nr6n7+V7+T6+j+/n+/n+vr8f4Af4gX6gH+wH+yF+iB/qh/phfpgf4Uf4kX6kH+1H+7F+rB/vx/sJfoKf6Cf6SX6Sn+Kn+Gl+mp/hZ/iZfqaf7Wf7OYXm+Ll+rp/v5/uFfqFf5Bf5NJ/ml/glfqlf6pf75X6lX+lX+9V+rV/r1/v1fqPf6Df7zX6r3+q3+W1+h9/hd/ldfo/f4/f6vX6f3+f3+/3+gD/gD/qD/pD/yh/2X/sj/ht/1H/rj/nv/HH/vT/hT/pT/gd/2v/oz/iz/pz/yZ/3P/sL/hd/0Qc/PvF2YkLincTExLuJSYnJiSmJqYlpiemJGYn3EjMTsxKzE+8n5iQ+SMxNzEvMTyxILEx8mFiUWJxIS3yUWJL4OLE0sSyxPLEisTKxKhFC3m1xyB8KhGS4IRQMN4ZCoXAoEooGH4qF4uGmUCLcHEqGW0KpcGsoHW4LZULZUC48GhqGRqFxaBKahsdCs/B4aB5ahJbhidAqPBlah6dCm/B0aBueCe3Cs6F9eC50CM+HjuGF0Cl0Dl3Ci6FreCl0C91DaugReoaXQ6/QO/QJfUO/8EroH14NA8JrYWAYFAaH18OQ8EYYGt4Mw8LwMCK8FUaGUWF0GBPGhnFhfHg7TAjvhInh3TApTA5TwtQwLUwPM8J7YWaYFWaH98Oc8EGYG+aF+WFBWBg+DIvC4pAWPgpLwsdhaVgWlocVYWVYFVaHNWFtWBfWhw1hY9gUNoctYWv4JGwL28OOsDPsCrvDnvBp2Bs+C/vC52F/+CIcCH8KB8OX4VD4KhwOX4cj4ZtwNHwbjoXvwvHwfTgRToZT4YdwOvwYzoSz4Vz4KZwPP4cL4ZdwUf5mTQghhBDi76L/4HiPv/G9DACgfpv3BICrt+c+/J9rbszx53lvladVAgCe7t7xob+MKlVSU1N/e+1SDVGBeQCQ+Ov6f4mXQUt4EtpACyjxN9fXW3U+z39QP3krQOb/kJMCl+PL9W/+L+o/9sSIRaXjc9n+m/rzAAoVuJyTCS7Hl+uX/C/q52z2B+vP9OV4gOb/IScLXI4v1y8Oj8Mz0OavXimEEEIIIYQQQvxZb1Wu/R/dP1+6P89jLudkhMvxH92fCyGEEEIIIYQQ4sp7rnOXpx5r06ZF+79vgr89F/jHsmQiE5n8fza50p9MQgghhBBCiH+1yxf9V3olQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCFE+vU/8e/ErvQehRBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCiCvtfwUAAP//luw5aQ==") chdir(&(0x7f0000000200)='./file0\x00') truncate(&(0x7f0000000040)='./file0\x00', 0x1b1c) openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0) 2m29.722775051s ago: executing program 6 (id=524): syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000040)='./file1\x00', 0x4810, &(0x7f0000000140)=ANY=[], 0x11, 0x6a0, &(0x7f0000002d00)="$eJzs3c1vHGcdB/DvrNcvm0qO26ZpQJUwjVQQEYkdK4VwSUAIBalCVThwthqnseKkwXFR2gNxAYkrB/6AcjAXOIEQEhJSpHKGW8XN4lQJiUtPaQ8MmtnZ9dpdv+TVNv18otnnN/PMPPOb37x415G1AT63Lp1K+146uXTqtTvV/Pra3NL62tyNXpxkPEkraXebFDeT4oPkYrpTvlAtbIYrttvPrxfPX/7w4/WPunPtbIxXvXS2T7C9l6NYbaZMJxlp2kewabw3Hm688Y2w6FemKtjJXuFgv40mKTf58fGNnmHKkYGZbe934PAouj83B3Tv/6nkSJKJ3g+01W5n6+lnuKsHehatPrk8AAAA4MA4ev9ucieT+50HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHCbN9/8XzdTqxdMpet//PzbwHftj+5zuFmNDwyEmesG91hNNCAAAAAAAAACeii/dz+8ul+Vkb74s6v/zf7meOVa/PpO3czsLWc7p3Ml8VrKS5cwmmRoYaOzO/MrK8mxvy0/Lstxmy7NDtzy7x4Q7j+OoAQAAAAAAAOD/xoWm/VkuZXKfcwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgE2KZKTb1NOxXjyVVjvJRJKxar3V5B+9+DC7t98JAAAAwFNw9H7u504me/NlUX/mP15/7p/I27mZlSxmJUtZyJX6dwHdT/2t9bW5pfW1uRvV9Nlxv/2fjfiPk7umUY+Y7u8ehu/5RL1GJ1ezWC85nTfyVpZyJa16y8qJ9bW5oomH5PVelVNxoass91agK01bjfurpj0YpuqKjPYrMtPkVlXj2d6ZGX6GBs/OQ+xpNq3+b36O7bynTTW/sONeiv/2zsmR3pLkme/vXvPRBzqYR7K1EmcHrr7jO1ci+cqffv+ja0s3r18rVk8dnMvoAYz/a+Ou2VqJuYFKvLjnSly9fTgrsVUrL/TjS/lefphTmc7rWc5ifpL5rGQh0/luHc0313P1OrVzpS72S1p5fbcsxprzMrIlpy8f7bY75fRyve1kFvODvJUrWcir9b+zmc03ci7ncn7gDL+wh7u+NeSu//P2yZ/8ahN0kvyyaQ+Gqq7PDtR18Jk7VfcNLmmlHO9u99xjezb2tb/YBNWZ+HnTHgz9Skyk/1Oil93zvQqMDq3Eb+rHyu2lm9eXr83f2jJusTp8f69k8+EfnAdJdb08V52sem7z1VH1PT+0b7buO9bva23t+22n37fbnTrWvIf77Ehn674Xh/bN1X0nBvo23m99WpZl9/0WAAfeka8dGev8u/P3zvudX3SudV6b+M74N8dfGsvo30a/1Z4ZeaX1UvGHvJ+fZvdP6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwK5uv/Pu9fmlpYXlLUFZlne36XoiQdrJpiV//cvAOknqLwPa+4DV2hdbSb2knSZ4sMTuPtzhvPewRfhnc06eSsEfSzAx9PoZaY5jsOuTsiwPRs57CcrGQclnP4J9eyQBT8mZlRu3ztx+592vL96Yf3PhzYWb58+dOz9z/tyrc2euLi4tzHRf9ztL4EkYeAcOAAAAAAAAAAAAHBJ7++Oc4tH+tgcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgEVw6lfa9FJmdOT1Tza+vzS1VUy/eWPOTJK0kxXRSfJBcTHfK1MBwxXb7WU0uf/jx+kfduXYz1eu3dtpub1abKdNJRpp2iIlhC8u7241X1OPc2n68PSr6R1gV7GSvcLDf/hcAAP//9TUTFw==") mknod$loop(&(0x7f0000005f40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x80, 0x0) rename(&(0x7f00000001c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000000)='./file1\x00') truncate(&(0x7f0000000080)='./file1\x00', 0x7ff) 2m28.662446099s ago: executing program 6 (id=531): syz_mount_image$minix(&(0x7f0000000080), &(0x7f00000001c0)='./file1\x00', 0x1000008, &(0x7f0000000040)=ANY=[], 0x1, 0x17c, &(0x7f0000000500)="$eJzs289O6kAUx/Ffy797uX8F3biRxIVupIord/ooBCohFCXCBmJiTHwLV76fJvoC1lCgpoUoIFCB72d1DmdmOiUZOF1UANZWTjkZMpSQtCPpJmtEvSUAC+JKenUBrKfYc9Q7ABCNpzOpIenx5bqkWGKoP+jWTwd1Mzlcv5W24/26kdKPcH/xIO0N5hs/R85Py3V79fTI+v7u4Pq/9Ft/9Ff/9F8byvTrZX/9rS92Q8B6MZQP54EPTJ1XHfvQzxNefuTnSS8vhPJjP095eb506ZTndQsApmR+cv5jofMfD51/AMur2e7Uio5jX40XJDXB4EAgs3fBKaeHg+5ys1hnFsFdRlN/LQS1otN97PwG2yAIHNigVhS/TgDmyWrVG1az3Tmo1osVu2JfFO77lRPL6/ytYP8PYHW8/+l/OCy1sA0BAAAAAAAAAAAAAICJZbU5zrDwa30AAAAAltAiXieK+h4BAAAAAAAAAAAAAAAAAACAVfEWAAD//2bRHbQ=") mount$overlay(0x0, &(0x7f0000000480)='./file0\x00', &(0x7f0000000380), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) chdir(&(0x7f0000000040)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x40000, 0x0) 2m27.633050739s ago: executing program 6 (id=538): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x200000000000011, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=@RTM_NEWMDB={0x38, 0x55, 0x2e5, 0x0, 0x0, {0x7, r2}, [@MDBA_SET_ENTRY={0x20, 0x1, {0x0, 0x0, 0x0, 0x700, {@ip4=@empty}}}]}, 0x38}}, 0x0) 2m27.045594045s ago: executing program 6 (id=543): socket$kcm(0x2, 0xa, 0x73) socket$inet(0x2, 0xa, 0x400) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f00000002c0)='syzkaller\x00'}, 0x80) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x560b0000, &(0x7f0000000000)="259a53f271a76d2673004c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 2m25.230265681s ago: executing program 34 (id=543): socket$kcm(0x2, 0xa, 0x73) socket$inet(0x2, 0xa, 0x400) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f00000002c0)='syzkaller\x00'}, 0x80) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x560b0000, &(0x7f0000000000)="259a53f271a76d2673004c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 2m20.63999214s ago: executing program 5 (id=569): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000059c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000001c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_WIPHY_NETNS(r0, &(0x7f0000005c80)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x30, r1, 0x1, 0x70bd28, 0x25dfdbfc, {{}, {@void, @val={0x8}, @val={0xc, 0x99, {0x1, 0x27}}}}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r2}]}, 0x30}, 0x1, 0x0, 0x0, 0x80c0}, 0x200840b0) 2m20.0119586s ago: executing program 5 (id=572): r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) syz_emit_ethernet(0xbe, &(0x7f0000000000)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698dfa871c51852e4451b57d037ad3c045942824251d7d17b5191584cdd4fbe40a27424d", "bcfd56f1373669caaa2f19935e6996c7096ffe4f3a4745a8f762b964", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0) recvmmsg(r0, &(0x7f00000057c0)=[{{0x0, 0x0, &(0x7f00000001c0)=[{0x0}, {&(0x7f00000017c0)=""/130, 0x82}, {&(0x7f0000000140)=""/44, 0x2c}], 0x3, 0x0, 0x37}, 0xa1}], 0x1, 0x101, 0x0) 2m19.333171552s ago: executing program 5 (id=575): r0 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x201, 0x2) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r0, 0xa9207000) r1 = syz_open_procfs$pagemap(0x0, &(0x7f0000001080)) ioctl$PAGEMAP_SCAN(r1, 0xc0606610, &(0x7f00000001c0)={0x60, 0x0, &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffb000/0x4000)=nil, 0x8000, 0x0, 0x0, 0x0, 0x33, 0x40, 0x0, 0xe4}) 2m18.462638419s ago: executing program 5 (id=578): syz_mount_image$minix(&(0x7f0000000080), &(0x7f00000001c0)='./file1\x00', 0x1000008, &(0x7f0000000040)=ANY=[], 0x1, 0x17c, &(0x7f0000000500)="$eJzs289O6kAUx/Ffy797uX8F3biRxIVupIord/ooBCohFCXCBmJiTHwLV76fJvoC1lCgpoUoIFCB72d1DmdmOiUZOF1UANZWTjkZMpSQtCPpJmtEvSUAC+JKenUBrKfYc9Q7ABCNpzOpIenx5bqkWGKoP+jWTwd1Mzlcv5W24/26kdKPcH/xIO0N5hs/R85Py3V79fTI+v7u4Pq/9Ft/9Ff/9F8byvTrZX/9rS92Q8B6MZQP54EPTJ1XHfvQzxNefuTnSS8vhPJjP095eb506ZTndQsApmR+cv5jofMfD51/AMur2e7Uio5jX40XJDXB4EAgs3fBKaeHg+5ys1hnFsFdRlN/LQS1otN97PwG2yAIHNigVhS/TgDmyWrVG1az3Tmo1osVu2JfFO77lRPL6/ytYP8PYHW8/+l/OCy1sA0BAAAAAAAAAAAAAICJZbU5zrDwa30AAAAAltAiXieK+h4BAAAAAAAAAAAAAAAAAACAVfEWAAD//2bRHbQ=") mount$overlay(0x0, &(0x7f0000000480)='./file0\x00', &(0x7f0000000380), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) chdir(&(0x7f0000000040)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x40000, 0x0) 2m17.333747699s ago: executing program 5 (id=580): syz_open_dev$video(0x0, 0x7ff, 0x0) syz_mount_image$nilfs2(&(0x7f0000000ec0), &(0x7f0000000f00)='./file0\x00', 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00d77fbe9e57a634f929f74bee0c10f9cecfc3ead3b77b247312d0ad8ba2e74f257f47c684e0aec5cb3009a5028bd4f70eef4b274a5c38fec4079e5f43b598a9e97e460422eae305e57ae786347345f1de885fa6957858a8b0377854b8190607303abd6aee330a8caac51797b7a15b53acc98e0d526b12f36eb277aead8d55f85523364369522d5f49efa95367a99d00d2c3049e41e7d9ffffffd7a5af9bb021ff2474356bb2c975e3e8f87f1064a983db4d47057c94053fbf53a474536fe59f83bfc1843bd6449160b0c4842dbbeef31ac9bd265bf70f693c8c0c0b783b82271433a5d3d3bcd4c7f8395e4830262a3c414bfbe76d431c2001567510239dd2f2bbc049000000000000000000000092675a0b4430360148a763030694149b66a254a61956fb1b6bcd6cfc49f4f84694e73ed9c4b4d6b46d1e077fc89f36d8e5fd41d863a5bdb87562aa6e34ebb8e16b0b210786e0ae945cf920870ccd9657e2d7639d2d2bc46706950fc40406f22ac773d5043bddfe88faba3a973a67a0a8c64c95ba285267c76a7a31636f1e09ea085c771b3aae335b25fcb6b11358349c0f04abad13df1d0a2f732b059707f13b539692bd95cfea76185a8146ff55219ed65edb3f89f2fd4112fa45eaaee3ad02b5f2ff9c85453a6af8f4a408bc729aec69f33404b61ad21da92b8c813ca3de184e899a596543ca6d9be9f93840870ccda17746cd6461ad770ab337102b891bcd84c1596a60db767d62478ccb6dc3bf80474432a6123cdaf8a02bc6ac95c722c79aae41084a61bdc51f288b3980ba19e39dc078"], 0x1, 0xf01, &(0x7f0000002d40)="$eJzs3U9oHNf9APA3q3+2pVirJL9flKSx1aSpE7eVXdmH9FQHTAshhFx6T3CsxFRJTZ0eEmIs9+RCDykhl5QeUpJbwT0UmlAooVDonxx67im0l5bigiGXGqwtkt9brZ413dVImtVqPx/46unNG833O16xnjfafRuAodVY+3r69GwRwrsfv3P221dWfr267Wh7j7m1r0XsNUMIYx39IjveZ3HD7ZtvnVttV7K2CAtrX9N4eO5G+2cnQwjLYS58Eprh6PHm59dGnl388L1Pj12++Mwru3T6AAAwVK7/aemvT/7jj1+duXX9yJkw0d6ers+bsT8Zr/tPxuv7dN3fCBv7RUd0Gs/2G4nRyPYbyfYbzfKMluQby44zVrLfeJd8Ix3bNjtPAAAAGESNOMdthqIx3zHPbYZGY37+zrx/1WfT48X8axeWFi/1sVgAAACgks+vrL3oVgghhBBiiONWq9Xqdw1CCCHE7kZrut93IAAAAIBhk9YdaK8PllvOVxbYnvbRmr3lv/F0Y/Ofhx1Q9++//IOV/4OrnnEAAKhuv15NpvNK19FpHYN8HcGR7Oe2ev3fyI4zusU6y9YVHJT1BsvqzP9d96qy+rf6OPZLWf35eph7VVn9+Tqde1VZ/RM111FVWf0Haq6jqrL6D9ZcR1Vl9R+quY6qyuqfrLmOqsrqn6q5jqrK6r+n5jqqKqv/cM11VFVW/6C8rLas/mbNdVRVVv9MzXVUVVb/vTXXUVVZ/ffVXEdVZfXfX3Md/fJIbNO/w5FsvHP+nM/pBmWOBwAAAMPuP31b/++bfV/7YNhi7W/Ce6AOIYTY9Vg1twfqEEIIsUnEFcj6XofYwbi6B2oQPcSVft58AAAAAPaE9L6A9K73VpTGR7qMj3YZH+syPt5lfKLLOAAAABDCb64tPvh2sf4+/+2uh5fWjUrrL211HaN8PcKt5t/uumfbzT8o65YBAAAwXIpvfbJy/Oz7r8/cun7kTMfsdyXOd9M6oKPx3sBHsZ9eFzCV9Ys0hz6zMU+jZL/8/sA9Zcd7fpsnCgAAAEMszd+boWjMd8y7m6HRmJ9fn4/PhrFi8cLS+ZOxnz6f5Q/TYxOr279ec90AAABA79bn+5vP/9Pn+M6G8WL+tQtLi5fu9Kfa28canfcFpte3F533BZrZ9oWS7adiP31+5yvTB9e2z5/73tJLO33yAAAAMCQuvfHmd19cWjr/fd/4xje+aX/T72cmAABgp33493f+/INTU7+98/7/9fXv0vv/52K/Gdf2+0vcIb1OIL0P4K7367+wMc902X4XN+7XzPYbiTGR1X2g4zihY73B9HMzG/oj6/s2Nx5nvCTfZJZvKsuXr1Mwmu2fzu9wtj1fnzDtN51tz9dhHM1yFFn+RwMAAACUO/H6qxdPXHrjza9dePXFl8+/fP61UycXvrHw1MLC6YUTa6/rP9H56n4AAABgEK2/6LfflQAAAAAAAAAAAAAAAAAAAMDwquPjxPp9jgAAADDs/n0lhLAshBBC1Bdrn3G6B+oQQgghxODHhOuKnqPVyj9pHgAAAGB33b751rnYXt10h+ViR/O1j9YM4UDH9pVYx+8f/9njq5G233h64/2SQztaDcOu4/f/3KY77PDvv/yDlf+Dqzubv/2c17zTpOe98ue/xsYDnKmW98s/+ecTnfkfGu0xf37+z1fLfyzLfyz0lr/1fpb/hWr5n8jyH+ox/13nf7Fa/idj/tlUz2O95t/4+E/ENp3HwR7zH8/O/6XQa/7s/Js9Jsx8JeYHgGHU6HcBuyRdJaTr6MnYT+cbLzdD/uqHrV7/N7LjjG678o3HTddBD8R+ul6ayvImW61/MjvePRXrzA3Kq0rK6t+px3G3ldU/VnMdVZXVP15zHVWV1T9Rcx1VldV/oOY6qiqrv9d5aL+V1T8o95XL6p+suY6qyuqfqrmOqsrq3+r/4/1SVv/hmuuoqqz+6ZrrqKqs/oq31WpXVv9MzXVUVVb/vTXXUVVZ/ffVXEdVZfXff/emQbkk2pKHY1s2H07zz+k4lvrNrD+xyb/lfr23AAAAAIPmX9b/E0IIIYQQQggh9n20Wv2+A0E/7e67mQHYqzz/DzeP/3Dz+A83jz//S3oNf5H1k5Eu46Ndxse6jI9n4/nv60SX8fuy47aiNH5/l/H/6zJ+uMv4A13GZ7uMP9hl/KEu4w93GQcAAGA4/H9szQ8BAABg/7r8i49+/KtjL9ycuXX9yJkwfte68ydjfyL+bf1a7Ofr3idj8W/+P4z9n8f2d7H9W7a/158AAADA7kufE+Pv/wAAALB/pc8pNf8HAACA/Wsmtub/AAAAsH/dG1vzfwAAANjHigObb45tui/waGx7XdcPANj7vhDbR2J7JLZHY/vF2KbrgMdi+6Wa6gMAds5Pv/Ojp94u1tf7P5WN347bU3uX5Tt3CorGxpX8D8b2UGwf77Ge/PMAes2fHO4xz27ln95mfgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABg/2isfT19erYI4d2P3zk7ffnsy6vbjrb3mFv7WsReM4Qw1v65NLre/2Xc8fbNt86ttiuxbcW2CAuhCEV7PDx3o51pMoSwHObCJ6EZjh5vfn5t5NnFD9/79Njli8+8sov/BAAAALDv/TcAAP//vcAp6A==") r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) getdents64(r0, &(0x7f0000000f80)=""/4096, 0x1000) 2m16.392200307s ago: executing program 5 (id=584): r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) r1 = fcntl$dupfd(r0, 0x0, r0) write$sndseq(r1, &(0x7f0000000180)=[{0x0, 0x47, 0x0, 0x0, @tick, {0x40, 0xff}, {0x0, 0x9}, @queue={0xee, {0x7, 0xc9a}}}, {0x0, 0x0, 0x0, 0x0, @time={0x367f, 0xfffffffd}, {}, {0x80}, @time=@time={0x9, 0x1}}], 0x38) read$snapshot(r1, 0x0, 0xffffffbf) 2m14.142551686s ago: executing program 35 (id=584): r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) r1 = fcntl$dupfd(r0, 0x0, r0) write$sndseq(r1, &(0x7f0000000180)=[{0x0, 0x47, 0x0, 0x0, @tick, {0x40, 0xff}, {0x0, 0x9}, @queue={0xee, {0x7, 0xc9a}}}, {0x0, 0x0, 0x0, 0x0, @time={0x367f, 0xfffffffd}, {}, {0x80}, @time=@time={0x9, 0x1}}], 0x38) read$snapshot(r1, 0x0, 0xffffffbf) 1m5.882336353s ago: executing program 0 (id=927): r0 = socket(0x2000000000000021, 0x2, 0x10000000000002) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000080)) setsockopt$sock_int(r0, 0x1, 0x7, &(0x7f0000000040), 0x4) 1m5.240213051s ago: executing program 0 (id=929): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000ac0)=@delqdisc={0x140, 0x25, 0x100, 0x70bd2a, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0xa, 0x8}, {0xfff3, 0x8}, {0xffff, 0xd}}, [@TCA_STAB={0xf0, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x1c, 0xfc, 0xffe3, 0x7252, 0x0, 0x2, 0x5, 0x5}}, {0xe, 0x2, [0x32, 0x3, 0xfff7, 0x8, 0x3]}}, {{0x1c, 0x1, {0x3, 0xb1, 0x9, 0xedd, 0x0, 0xb1a8, 0x8, 0x3}}, {0xa, 0x2, [0x4, 0x4, 0x0]}}, {{0x1c, 0x1, {0xe, 0x5, 0x6, 0x81, 0x1, 0x4, 0x3, 0x3}}, {0xa, 0x2, [0xfff1, 0x1ff, 0x4]}}, {{0x1c, 0x1, {0x5, 0x7, 0x2, 0xecc7, 0x1, 0x149, 0x8d2, 0x1}}, {0x6, 0x2, [0x9]}}, {{0x1c, 0x1, {0x2, 0x18, 0x8, 0xe, 0x2, 0x8001, 0xff, 0x5}}, {0xe, 0x2, [0x47b, 0x7, 0x800, 0x0, 0x81]}}, {{0x1c, 0x1, {0x81, 0x5, 0x800, 0x6, 0x2, 0x3, 0x3ff}}, {0x4}}]}, @TCA_RATE={0x6, 0x5, {0x71, 0x1}}, @qdisc_kind_options=@q_choke={{0xa}, {0x18, 0x2, [@TCA_CHOKE_PARMS={0x14, 0x1, {0x9, 0x8de, 0x6, 0x1, 0xb, 0x5, 0x8}}]}}]}, 0x140}, 0x1, 0x0, 0x0, 0x81}, 0x20000080) r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0xffffffffffffff2f, 0x600}}], 0x4000000000003b4, 0x2040000, &(0x7f0000003700)={0x77359400}) 1m4.533795823s ago: executing program 0 (id=934): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @empty}], 0x10) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f0000000040)=[@in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x20}}]}, &(0x7f0000000100)=0x10) getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(r0, 0x84, 0x1b, 0x0, &(0x7f00000005c0)) 1m3.069177445s ago: executing program 0 (id=943): syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x11, &(0x7f0000000100)={[{@noblock_validity}, {@stripe={'stripe', 0x3d, 0x2}}, {@norecovery}, {@min_batch_time={'min_batch_time', 0x3d, 0x71d}}, {@quota}]}, 0x1, 0x629, &(0x7f0000001080)="$eJzs3c9vFFUcAPDvTH/Sii3ERPEgTYyBRGlpAUOMifRuCP74ByothFAoaWtigYSS6NF48WDiyYP4XyiJN+PBqwfvhoQYw0EMkTWzO1u2291td9vtlu7nkyx9b2b3vTdLv31v3r6ZDaBrjWX/pBFHIuJGEjFSsa838p1jpec9+vv2xeyRRKHw0V9J3L6TrFaWleQ/h/MX/zcSyW9pxOGejfUurdy8OjM/P7eY5yeWr92YWFq5eeLKtZnLc5fnrk+9PXX2zOkzZydPbuv4+mps+/7bJ8nkD3+cT+JcPM3blh1X9fMGtlVz9p6NRaHkceX27H09u82y94p/Rsq/J88k1RvYsy7lcZvFycsxEj0V/5sj8cUHHW0c0FaFJMp9FNB1kjrx/8t0o78Mg21rD7BbyuOA8rl9rfPgjdI2j0qA3fBwujQhVYr9vogox39vaW4wBotzA0OPknXzPElEbG9mriSr49efz3+ePaLOPBzQHqt3y7Pc1f1/UozN0Rgs5oYepevjf7VQSPORQLb9wxbrH6vKZ/UfbLEsoDmrdyPilbz/748tx3+ax245/j9psf5a8d9iUQAAAAAAAND17k9HxFu11v+la+t/+mus/xmOiHM7UP/mn/+lD/JEUvXU/h2oHrraw+mId2uu/11b4zvak+cOFtcD3EouXZmfOxkRL0bE8egbyPKTVeVWrhA+8eXhb+rVX7n+L3tk9ZfXAuYlPeituhB3dmZ5ZrvHDUQ8vBvxanH979F8y/r1P1n/n9To/7P4vrHFOg6/ce9CvX2bxz/QLoXvIo7V7P+fDbeTxvfnmCiOBybKo4KNXrv11Y/16q+O/zYcIlBH1v8PNY7/gaTyfj1LzZWfnaSfWukt1Nvf6vi/P/m4JyomAT6bWV5enIzoT97fuH2quTbDfpXHw9HI4yWL/+OvN57/Wxv/V8ThgYhY3UJ9g5vsN/6Hzsnif7Zx/z+6vv9vPjF1b/SnevVf2FL/f7rYpx/Pt5j/g0ob78ex1QDtSHMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4DmXRsQLkaTja+k0HR+PGI6Il2IonV9YWn7z0sKn12ezfRGj0ZeWv+l3pJRPyt//P1qRn6rKn4qIQxHxdc+BYn784sL8bKcPHgAAAAAAAAAAAAAAAAAAAPaI4eI1/4WB6uv/M3/2dLp1QNv15j/FO3Sf3pZfWRjY0YYAu671+AeeY9k5fxPx39fOtgAdUD/+Hz8pFO1qc4BdZPwP3avF+PdxAewD+n/oVluc0xtsdzuATtD/AwAAAADAvnLo6P3fk4hYfedA8ZHpz/dZ7A/7W9rpBgAdYw0vdK/ehU63AOgU5/hAspb6t+bF/vVX/yftaRAAAAAAAAAAAAAAsMGxI67/h27V+Pp/a/thP2tw/X+t4He7ANhH6n/1h74f9jvn+MBmvb3r/wEAAAAAAAAAAABgDxi8eXVmfn5ucWllhxKPCztcYP3Ee6VEYTfq2rHE6syeaEYTicKdiMbPebp5OWlENFt7X0TslTdhcSlrzW7VVb4FR9Mvn+zZqWZ0+O8SAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACw5v8AAAD//1GgGm8=") mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000200)='hugetlbfs\x00', 0x0, 0x0) chdir(&(0x7f0000000080)='./file0\x00') mknodat$null(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xb0a54e68b1cd2fdb, 0x103) 1m2.230555201s ago: executing program 0 (id=948): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(0x3) bpf$MAP_CREATE(0x0, &(0x7f0000000ac0)=@base={0xa, 0x7, 0x2, 0x4}, 0x50) ioctl$TUNSETOFFLOAD(r0, 0x5421, 0x110e22fff7) 1m1.132053187s ago: executing program 0 (id=952): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000200)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x0, 0x35, 0x0, "317f83735b4bb1eadc74dde27798c831eec04c24eeec7ff3d3137a508003d2d5c89ab0220cefebd4687636457b9822766c1bfea4e01ff23c6a4caeaf049a572a9774d3b882eb3b4a66c5ec48c29f065d"}, 0xd8) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x4e21, 0x9, @ipv4={'\x00', '\xff\xff', @broadcast}, 0x8000}}, 0x0, 0x0, 0x4d, 0x0, "67880a8b1039b0a4377e3b72748591cbad40e1cf1406f799d5731b82fbc0e7ca6ee4d9dbd826b332d88611e62305927b4fa988dd3e714c0e3bc8bf26a918a3baab813fb817d16614d2f676a821f793a9"}, 0xd8) connect$inet6(r0, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x58) 59.12351196s ago: executing program 36 (id=952): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000200)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x0, 0x35, 0x0, "317f83735b4bb1eadc74dde27798c831eec04c24eeec7ff3d3137a508003d2d5c89ab0220cefebd4687636457b9822766c1bfea4e01ff23c6a4caeaf049a572a9774d3b882eb3b4a66c5ec48c29f065d"}, 0xd8) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x4e21, 0x9, @ipv4={'\x00', '\xff\xff', @broadcast}, 0x8000}}, 0x0, 0x0, 0x4d, 0x0, "67880a8b1039b0a4377e3b72748591cbad40e1cf1406f799d5731b82fbc0e7ca6ee4d9dbd826b332d88611e62305927b4fa988dd3e714c0e3bc8bf26a918a3baab813fb817d16614d2f676a821f793a9"}, 0xd8) connect$inet6(r0, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x58) 6.864407327s ago: executing program 2 (id=1222): r0 = syz_usb_connect$cdc_ecm(0x0, 0x56, &(0x7f0000000400)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x10, 0x525, 0xa4a1, 0x40, 0x0, 0x0, 0xffffffffffff8001, 0x1, [{{0x9, 0x2, 0x44, 0x1, 0x1, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x0, 0x5d, 0x12, 0x2, 0x6, 0x0, 0x0, {{0x5}, {0x5}, {0xd}}, {[{{0x9, 0x5, 0x81, 0x3, 0x40, 0x0, 0x0, 0xfe}}], {{0x9, 0x5, 0x82, 0x2, 0x60}}, {{0x9, 0x5, 0x3, 0x2, 0x8, 0xfe}}}}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) 3.932865009s ago: executing program 8 (id=1238): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) recvmmsg(r1, &(0x7f0000002a40)=[{{0x0, 0x0, 0x0}, 0x3}], 0x1, 0x40000000, &(0x7f0000002b00)={0x0, 0x3938700}) close_range(r0, 0xffffffffffffffff, 0x0) 3.897652631s ago: executing program 2 (id=1239): mknodat$null(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x103) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80000) r2 = dup(r1) mount$9p_fd(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x10413, &(0x7f00000005c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@directio}, {@version_L}, {@dfltgid}, {@afid={'afid', 0x3d, 0xfffffffffffffffb}}, {@afid={'afid', 0x3d, 0x49488007}}, {@version_9p2000}]}}) 3.784793235s ago: executing program 7 (id=1240): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000000000d00000000080000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000280)='netlink_extack\x00', r0}, 0x10) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000004c0)=@ipv4_newroute={0x24, 0x1a, 0x1, 0x200001, 0x0, {0xa, 0x80}, [@RTA_IP_PROTO={0x5, 0x1b, 0x1}]}, 0x24}}, 0x0) 3.254264972s ago: executing program 8 (id=1243): r0 = creat(&(0x7f00000002c0)='./file0\x00', 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) write$qrtrtun(r0, &(0x7f0000000600)="dd0e90aed281ad", 0x7) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r1, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)=[0x7], 0x0, 0x80010000, 0x1}}, 0x40) 3.155030588s ago: executing program 1 (id=1244): munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) r0 = getpgrp(0x0) r1 = syz_pidfd_open(r0, 0x0) pidfd_send_signal(r1, 0xc, &(0x7f0000001fc0)={0x19, 0x1, 0xc}, 0x0) 3.108809327s ago: executing program 2 (id=1245): r0 = syz_open_dev$radio(&(0x7f0000002100), 0x2, 0x2) ioctl$VIDIOC_S_FREQUENCY(r0, 0x402c5639, &(0x7f0000002280)={0x0, 0x1, 0x40}) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) ioctl$VIDIOC_G_TUNER(r0, 0xc054561d, &(0x7f0000000300)={0x1, "edd1382654f1839e6d86b365e5cce46dd66fda85574d5fb20b1cb476153b0b49", 0x2, 0x80, 0x5, 0x40, 0x8, 0x2, 0x114, 0x2}) 3.108499744s ago: executing program 7 (id=1246): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000700)={0x26, 'hash\x00', 0x0, 0x0, 'sha1-generic\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000000940)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000280)=""/182, 0xb6}, {0x0}], 0x2}, 0xb}], 0x1, 0x40000020, 0x0) 2.671292019s ago: executing program 8 (id=1247): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) setsockopt$inet6_int(r0, 0x29, 0x33, &(0x7f0000000040)=0x2, 0x4) getsockopt$inet6_buf(r0, 0x29, 0x6, &(0x7f0000001500)=""/19, &(0x7f0000000240)=0x13) 2.654456721s ago: executing program 9 (id=1248): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) mmap(&(0x7f0000000000/0x2000)=nil, 0x30000, 0x2, 0x11, r0, 0x0) futex(0x0, 0x10b, 0x0, 0x0, &(0x7f0000000380)=0x1, 0x1) 2.605465418s ago: executing program 2 (id=1249): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000100000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='netlink_extack\x00', r0}, 0x10) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@mpls_newroute={0x1c, 0x18, 0x601, 0x0, 0x0, {0x1c, 0x14, 0x0, 0x0, 0xfe, 0x0, 0x0, 0x1}}, 0x1c}}, 0x0) 2.523909726s ago: executing program 7 (id=1250): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB="180000000600000000000000fdffffff"], 0x0, 0x4, 0x0, 0x0, 0x41100}, 0x94) r0 = syz_open_dev$evdev(&(0x7f0000000440), 0x0, 0x100) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) ioctl$EVIOCSKEYCODE_V2(r0, 0x80104592, &(0x7f0000000340)={0x2, 0x0, 0x0, 0xfffffffe, "00207d2000000000201b14700c1e0ac74f000000001200000000000900"}) 2.46480587s ago: executing program 1 (id=1251): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000001e01000000000000000000850000007d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000180)='sys_enter\x00', r0}, 0x10) setfsgid(0x0) 2.140351141s ago: executing program 9 (id=1252): unshare(0xc040400) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) r0 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {}, 0xa}}, 0x26) 2.08803215s ago: executing program 8 (id=1253): r0 = msgget$private(0x0, 0x200) msgsnd(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="01"], 0xff, 0x0) msgrcv(r0, &(0x7f0000000f40)={0x0, ""/255}, 0x107, 0xffffffffffffffff, 0x2000) msgctl$IPC_RMID(r0, 0x0) 1.981429002s ago: executing program 2 (id=1254): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_VENDOR(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="dfbf00000000000000006700000008000300", @ANYRES32=r2, @ANYBLOB="0800c300741300000800c40001"], 0x30}, 0x1, 0x0, 0x0, 0x40002}, 0x0) 1.842838056s ago: executing program 1 (id=1255): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x8080000, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000500)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) 1.797160411s ago: executing program 7 (id=1256): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000400)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000340)={0xffffffffffffffff}, 0x13f, 0xd133bd85fb5540ee}}, 0x20) write$RDMA_USER_CM_CMD_CONNECT(r0, &(0x7f0000000180)={0x6, 0x118, 0xfa00, {{0x7fff, 0xb7aa, "6935982427bc9c9fdf75c530343f1312e4f9edab3b5d12e8687bedaed02666601cb598c22d09d530bac434c6e561b88e3a96fb330d0ef48608b22f14e0143f576ef05368d82e9316a3baefc8d91217150f23ba64fa33a3094d17a91d25d454d341c289a585a3b8fbfcce4347665ddde9d44144aaa056f5ea12e28553af77e02a3a302d263f79c69d4a0afa6f18fe4a24d1046487fe9c3cef5efd601cc38a5b02b7ec0e9b1efbfb584f21623bb43e987bb6203228653fc2aabbec14e5ed78571dabd8987d79937c83ebabc32f282ba0ed8ca74bcb37757286965e55c636d93e44e49e81fbd69d92c66732ed30ef3be99d7bce106d120fee258d283846df6dda98", 0x6, 0x3, 0x2, 0x1, 0x0, 0x0, 0xf3, 0x1}, r2}}, 0x120) 1.661079528s ago: executing program 9 (id=1257): bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r0, &(0x7f0000000000), 0xd) 1.537461117s ago: executing program 8 (id=1258): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000000040000000000080000100850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='br_fdb_external_learn_add\x00', r0}, 0x10) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x4, &(0x7f0000000080)=[{&(0x7f0000000200)="2e0400001c008102e00f80ecdb4cb9f207c804a00d00000088081afb0a0002000a0ada1b40d80800c500c50083b8", 0xfec9}], 0x1, 0x0, 0x0, 0x5865}, 0x0) 1.253363463s ago: executing program 2 (id=1259): r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0xcf, 0x8b, 0xed, 0x20, 0xfd9, 0x25, 0x2940, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xca, 0xfb, 0x1a}}]}}]}}, 0x0) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000580)={0x24, &(0x7f0000000440)={0x20, 0xd, 0x1, '\x00'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402) ioctl$I2C_SMBUS(r1, 0x720, &(0x7f0000000680)={0x1, 0x2, 0x3, &(0x7f0000000400)={0x1b, "65c28678ec59b73ade02da39a66f440cfa56ec4319a52702236bf319b49de48232"}}) 1.160519086s ago: executing program 7 (id=1260): r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r0, &(0x7f0000000300)={{0x6, @rose, 0x1}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default]}, 0x48) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) bind$netrom(r1, &(0x7f00000004c0)={{0x6, @rose, 0x1}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null]}, 0x48) 1.160131584s ago: executing program 1 (id=1261): r0 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000140), 0x82084, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x3) ioctl$TCSETSF2(r0, 0x402c542d, &(0x7f0000000100)={0xfffffffc, 0xe7, 0x6, 0x2, 0x7, "ea7174ddb80fc70000020000000000d3a2d975", 0x2, 0x4}) ioctl$TIOCSTI(r0, 0x5412, &(0x7f00000000c0)) 1.14025187s ago: executing program 9 (id=1262): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f0000003340)=[{{0x0, 0xfffffffffffffed1, &(0x7f0000000280)=[{&(0x7f0000000600)='4', 0x1}], 0x1, &(0x7f00000002c0)=[@rights={{0x10}}], 0x10, 0x40}}], 0x1, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r0, 0x0, r2, 0x0, 0x39011, 0x0) 1.014123757s ago: executing program 8 (id=1263): r0 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, 0x0) r1 = io_uring_setup(0x2e34, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0xfffffffd}) close_range(r1, 0xffffffffffffffff, 0x0) mq_timedreceive(r0, 0x0, 0xffffffffffffffe7, 0x20004000, 0x0) 756.204663ms ago: executing program 1 (id=1264): r0 = socket(0x2b, 0x80801, 0x1) connect$inet6(r0, &(0x7f00000001c0)={0xa, 0x4, 0x3ff, @empty, 0x1}, 0x1c) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f00000002c0)=@mangle={'mangle\x00', 0x1f, 0x6, 0x3b0, 0x1d0, 0x290, 0x290, 0x390, 0x0, 0x428, 0x428, 0x428, 0x428, 0x428, 0x6, 0x0, {[{{@ip={@loopback, @loopback, 0x0, 0xff, 'netdevsim0\x00', '\x00', {0xff}, {0xff}, 0xb8, 0x0, 0x40}, 0x0, 0x70, 0xcc}, @common=@CLUSTERIP={0x5c, 'CLUSTERIP\x00', 0x0, {0x1, @random="81b035711ec5", 0xfc00, 0xe, [0xa, 0x27, 0x1b, 0x3d, 0x1e, 0xb, 0x2b, 0x0, 0x30, 0x1a, 0x23, 0x6, 0x31, 0x33, 0x36, 0x18], 0x2, 0x4, 0x9}}}, {{@ip={@local, @local, 0xff, 0xffffff00, 'netpci0\x00', 'wg1\x00', {}, {}, 0xc, 0x1, 0xa}, 0x0, 0x70, 0x94}, @TTL={0x24, 'TTL\x00', 0x0, {0x1, 0x6}}}, {{@ip={@dev={0xac, 0x14, 0x14, 0x2b}, @loopback, 0xff000000, 0xff000000, 'wg1\x00', 'batadv_slave_0\x00', {0xff}, {}, 0x0, 0x6, 0x4b}, 0x0, 0x70, 0x94}, @TTL={0x24, 'TTL\x00', 0x0, {0x1, 0xdc}}}, {{@ip={@multicast2, @rand_addr=0x64010101, 0xff000000, 0xffffffff, 'ipvlan1\x00', 'veth0_macvtap\x00', {0xff}, {}, 0x6c, 0x0, 0x41}, 0x0, 0x70, 0x94}, @ECN={0x24, 'ECN\x00', 0x0, {0x3, 0xc, 0x2}}}, {{@uncond, 0x0, 0x70, 0x94}, @ECN={0x24, 'ECN\x00', 0x0, {0x1, 0x9b, 0x2}}}], {{'\x00', 0x0, 0x70, 0x94}, {0x24}}}}, 0x40c) setsockopt$inet6_mtu(r0, 0x29, 0x17, 0x0, 0x0) 691.040521ms ago: executing program 9 (id=1265): syz_mount_image$hfs(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0x4490, &(0x7f0000000140)=ANY=[], 0xfb, 0x29b, &(0x7f0000000900)="$eJzs3T9v004cx/HPOUnr369Vcf8gJMRUqMSE2rIgliKUgZ2FCQFNkCqiIkERf6bAjGBn5ynwABiZEDMSGxMPIFvQnc+Nk9pxEpE6gfdLauTE97W/F59z9w1CEYB/1s36j49Xf9o/I1VUkXRdCiSFUlXSWZ0Lnx0eHRy1mo1hB6q4CPtnFEeaE232D5tZoTbORXiRfVbVcvo1TEf4Xe33N249LzsPlMvd/RkCadHfnW5/eOqZTUe77ARKZjrq6IVWys4DAFAuP/8Hfp5f9uv3IJC2/LTfP//P+QTaKTuBKftcsD81/7sqq2vs9T3jdvXqPVfC2f1BUiVOksuC4pHVt8A0RVWlyyX47+FBq3ll/3GrEeiN9rxar9mGe2zEQzeRzvb1yUNvZtSmQ0ze9yXXh5rtw246/1ST9T97xmLmi/lq7ppIH9Q4Xv9Vu8ZeJnelooErFee/nX9E18sFuVY5vVx1Jznvz+AN7WVFORWJkhG1qv4vCKKiPF3U2kBU3Ludgqj1zKjdzIDacdTGYFRvNOefb9rMO3PHbOqXPqmeWv8H9t3e0ih3pm3jWvqRMbQ/VdcycvOJv+vaFzJbBpP2CBN4qwe6ppWnL189ut9qNZ/Mw0byeTBWlL0TZyH5MjfsR1L6lWQQuFfCZGMWUjXjXdxZ37BvcilnT+adIUOi4DilfCrhlPUu+piB/NvM38Kuu0xc/6XqlW23WLMPUf86fTEd2y06eOqIOzm1wZp7/D+/gutj3FcPS/kV3Kg118XL0qVRzhiLfJ6zZ2+SIFPXN93j+38AAAAAAAAAAAAAAAAAAIB5M8b/K0hCctqEygsvt4cAAAAAAAAAAAAAAAAAAAAAAMy/mfv939uKn/H7v8DU/Q4AAP//QFNsMg==") openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x40) getdents(r0, 0x0, 0x0) 412.74321ms ago: executing program 7 (id=1266): sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x14, 0x32, 0x9, 0x0, 0x0, {0x1}}, 0x14}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000500)={'tunl0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="48000000100003002abd70000000000000000000", @ANYRES32=r1, @ANYBLOB="0000000000000000280012800900010069706970000000001800028004001900080014000900000006000f"], 0x48}, 0x1, 0x2}, 0x0) 6.778847ms ago: executing program 9 (id=1267): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_netprio_ifpriomap(r0, &(0x7f0000000280), 0x2, 0x0) write$cgroup_netprio_ifpriomap(r1, &(0x7f0000000080)=ANY=[], 0x12) 0s ago: executing program 1 (id=1268): mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) r0 = socket$kcm(0x2, 0x922000000001, 0x106) sendmsg$inet(r0, &(0x7f0000003080)={0x0, 0x0, 0x0}, 0x2400c0c5) setsockopt$sock_attach_bpf(r0, 0x1, 0x24, &(0x7f0000000000), 0x4) kernel console output (not intermixed with test programs): ridge_slave_1) entered blocking state [ 319.023370][ T3433] bridge0: port 2(bridge_slave_1) entered forwarding state [ 319.497783][ T6173] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 319.508689][ T6173] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 319.846973][ T6308] input: syz0 as /devices/virtual/input/input5 [ 320.390337][ T6314] loop4: detected capacity change from 0 to 512 [ 320.464662][ T6314] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem [ 320.531908][ T6314] EXT4-fs (loop4): invalid journal inode [ 320.539050][ T6314] EXT4-fs (loop4): can't get journal size [ 320.769967][ T6314] EXT4-fs (loop4): 1 truncate cleaned up [ 320.778646][ T6314] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 321.004324][ T30] audit: type=1800 audit(1751025477.596:12): pid=6314 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.123" name="file2" dev="loop4" ino=16 res=0 errno=0 [ 321.544559][ T5806] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 322.241874][ T6173] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 323.008932][ T6346] netlink: 'syz.1.131': attribute type 3 has an invalid length. [ 323.616511][ T5853] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 323.826341][ T5853] usb 5-1: Using ep0 maxpacket: 8 [ 323.887400][ T5853] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 3 [ 324.002539][ T5853] usb 5-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 324.013251][ T5853] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 324.021973][ T5853] usb 5-1: Product: syz [ 324.026544][ T5853] usb 5-1: Manufacturer: syz [ 324.031435][ T5853] usb 5-1: SerialNumber: syz [ 324.194753][ T5853] usb 5-1: config 0 descriptor?? [ 324.264534][ T5853] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 324.277032][ T5853] usb 5-1: setting power ON [ 324.281849][ T5853] dvb-usb: bulk message failed: -22 (2/0) [ 324.361164][ T5853] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 324.448073][ T5853] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 324.457382][ T5853] usb 5-1: media controller created [ 324.470920][ T6350] dvb-usb: bulk message failed: -22 (3/0) [ 324.477499][ T6350] dvb-usb: bulk message failed: -22 (5/0) [ 324.589731][ T5853] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 324.627040][ T6363] dvb-usb: bulk message failed: -22 (4/0) [ 324.633069][ T6363] cxusb: i2c read failed [ 325.085292][ T5853] usb 5-1: selecting invalid altsetting 6 [ 325.091550][ T5853] usb 5-1: digital interface selection failed (-22) [ 325.101495][ T5853] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 325.246961][ T5853] usb 5-1: setting power OFF [ 325.248209][ T6370] netlink: 4 bytes leftover after parsing attributes in process `syz.2.138'. [ 325.251741][ T5853] dvb-usb: bulk message failed: -22 (2/0) [ 325.267867][ T5853] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 325.277730][ T5853] (NULL device *): no alternate interface [ 325.799784][ T6173] veth0_vlan: entered promiscuous mode [ 326.023777][ T6173] veth1_vlan: entered promiscuous mode [ 326.294027][ T5853] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 326.440580][ T5853] usb 5-1: USB disconnect, device number 2 [ 326.619108][ T6173] veth0_macvtap: entered promiscuous mode [ 326.844382][ T6173] veth1_macvtap: entered promiscuous mode [ 327.024776][ T6173] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 327.168275][ T6173] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 327.304801][ T6173] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 327.318934][ T6173] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 327.328277][ T6173] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 327.337451][ T6173] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 327.706771][ T5850] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 327.896597][ T5850] usb 5-1: Using ep0 maxpacket: 16 [ 327.923612][ T5850] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 327.932387][ T5850] usb 5-1: config 0 has no interface number 0 [ 327.939154][ T5850] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 327.950512][ T5850] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 327.966286][ T5850] usb 5-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00 [ 327.975697][ T5850] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 328.097677][ T6389] loop1: detected capacity change from 0 to 1024 [ 328.115465][ T6389] ======================================================= [ 328.115465][ T6389] WARNING: The mand mount option has been deprecated and [ 328.115465][ T6389] and is ignored by this kernel. Remove the mand [ 328.115465][ T6389] option from the mount to silence this warning. [ 328.115465][ T6389] ======================================================= [ 328.163257][ T5850] usb 5-1: config 0 descriptor?? [ 328.186298][ T6391] syzkaller0: tun_chr_ioctl cmd 2147767520 [ 328.361099][ T6389] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 329.021875][ T5850] input: HID 28bd:0071 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.1/0003:28BD:0071.0002/input/input6 [ 329.129534][ T5795] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 329.153273][ T5850] input: HID 28bd:0071 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.1/0003:28BD:0071.0002/input/input7 [ 329.338541][ T5850] uclogic 0003:28BD:0071.0002: input,hidraw0: USB HID v0.02 Keypad [HID 28bd:0071] on usb-dummy_hcd.4-1/input1 [ 329.421287][ T5850] usb 5-1: USB disconnect, device number 3 [ 329.466725][ T6401] loop0: detected capacity change from 0 to 512 [ 329.588140][ T6401] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 329.608102][ T6401] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 329.882377][ T6401] EXT4-fs (loop0): 1 orphan inode deleted [ 329.888720][ T6401] EXT4-fs (loop0): 1 truncate cleaned up [ 329.999682][ T6401] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 330.227792][ T6401] EXT4-fs error (device loop0): ext4_lookup:1787: inode #15: comm syz.0.146: iget: bad extra_isize 46 (inode size 256) [ 330.245080][ T6402] fido_id[6402]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/5-1/report_descriptor': No such file or directory [ 330.294127][ T6401] EXT4-fs (loop0): Remounting filesystem read-only [ 330.877324][ T5800] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 330.901224][ T6410] loop1: detected capacity change from 0 to 2048 [ 331.118601][ T6410] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 331.785223][ T6420] netlink: 'syz.0.151': attribute type 15 has an invalid length. [ 333.330949][ T6435] loop4: detected capacity change from 0 to 1024 [ 334.161486][ T3725] hfsplus: b-tree write err: -5, ino 4 [ 336.108767][ T6471] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 336.381553][ T6477] block device autoloading is deprecated and will be removed. [ 336.390149][ T6477] syz.0.165: attempt to access beyond end of device [ 336.390149][ T6477] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 337.636877][ T3725] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 337.644998][ T3725] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 337.959749][ T4134] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 337.968806][ T4134] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 338.384350][ T6495] loop6: detected capacity change from 0 to 524287999 [ 340.387304][ T6515] netlink: 4 bytes leftover after parsing attributes in process `syz.5.179'. [ 340.521227][ T6515] netlink: 190 bytes leftover after parsing attributes in process `syz.5.179'. [ 341.568353][ T6526] loop4: detected capacity change from 0 to 512 [ 341.641945][ T6526] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 341.729128][ T6526] EXT4-fs (loop4): 1 truncate cleaned up [ 341.731882][ T6526] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 341.813050][ T6526] fscrypt (loop4, inode 18): Direct key flag not allowed with different contents and filenames modes [ 341.898816][ T6535] loop6: detected capacity change from 0 to 63 [ 342.024889][ T5806] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 343.077595][ T6544] loop4: detected capacity change from 0 to 2048 [ 343.173805][ T6548] bond_slave_0: entered promiscuous mode [ 343.180115][ T6548] bond_slave_1: entered promiscuous mode [ 343.192653][ T6548] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 343.270641][ T6551] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 343.346837][ T6548] bond_slave_0: left promiscuous mode [ 343.352750][ T6548] bond_slave_1: left promiscuous mode [ 344.222362][ T6557] loop5: detected capacity change from 0 to 16 [ 344.412334][ T6557] erofs (device loop5): unsupported chunk format ffff of nid 36 [ 345.271936][ T6565] loop2: detected capacity change from 0 to 1024 [ 345.524081][ T6565] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 345.959545][ T6577] EXT4-fs error (device loop2): __ext4_remount:6736: comm syz.2.196: Abort forced by user [ 346.035050][ T6577] EXT4-fs (loop2): Remounting filesystem read-only [ 346.042040][ T6577] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000. [ 346.086727][ T6565] overlayfs: failed to verify upper root origin [ 346.750084][ T5805] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 347.797981][ T5850] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 348.049108][ T5850] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 348.059453][ T5850] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 348.072822][ T5850] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00 [ 348.082479][ T5850] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 348.159853][ T5850] usb 3-1: config 0 descriptor?? [ 348.261844][ T6605] can0: slcan on ttyS3. [ 348.566674][ T6605] can0 (unregistered): slcan off ttyS3. [ 348.625469][ T6606] can0: slcan on ttyS3. [ 348.863471][ T5850] kovaplus 0003:1E7D:2D50.0003: hidraw0: USB HID v0.00 Device [HID 1e7d:2d50] on usb-dummy_hcd.2-1/input0 [ 348.918214][ T6604] can0 (unregistered): slcan off ttyS3. [ 349.183354][ T5850] kovaplus 0003:1E7D:2D50.0003: couldn't init struct kovaplus_device [ 349.192467][ T5850] kovaplus 0003:1E7D:2D50.0003: couldn't install mouse [ 349.300142][ T5850] kovaplus 0003:1E7D:2D50.0003: probe with driver kovaplus failed with error -71 [ 349.429432][ T5850] usb 3-1: USB disconnect, device number 2 [ 350.194988][ T6619] fido_id[6619]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory [ 350.323464][ T6626] netlink: 4 bytes leftover after parsing attributes in process `syz.1.217'. [ 350.511304][ T6629] loop0: detected capacity change from 0 to 512 [ 350.606120][ T6629] EXT4-fs (loop0): bad block size 65536 [ 352.619662][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 352.626577][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 352.818538][ T6643] loop2: detected capacity change from 0 to 4096 [ 353.183463][ T6657] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 353.198436][ T6643] NILFS (loop2): corrupt root inode [ 353.228080][ T6652] syzkaller0: tun_chr_ioctl cmd 2147767521 [ 353.593679][ T6661] loop4: detected capacity change from 0 to 512 [ 353.647711][ T6655] loop5: detected capacity change from 0 to 2048 [ 353.679255][ T6661] EXT4-fs: Ignoring removed i_version option [ 353.858696][ T6655] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 353.909216][ T6661] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 354.709213][ T30] audit: type=1326 audit(1751025511.286:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6672 comm="syz.0.231" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f15539 code=0x7ffc0000 [ 354.731846][ T30] audit: type=1326 audit(1751025511.286:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6672 comm="syz.0.231" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f15539 code=0x7ffc0000 [ 355.061047][ T30] audit: type=1326 audit(1751025511.386:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6672 comm="syz.0.231" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f15539 code=0x7ffc0000 [ 355.084394][ T30] audit: type=1326 audit(1751025511.466:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6672 comm="syz.0.231" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f15539 code=0x7ffc0000 [ 355.113556][ T30] audit: type=1326 audit(1751025511.516:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6672 comm="syz.0.231" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f15539 code=0x7ffc0000 [ 355.138152][ T30] audit: type=1326 audit(1751025511.516:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6672 comm="syz.0.231" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f15539 code=0x7ffc0000 [ 355.160552][ T30] audit: type=1326 audit(1751025511.526:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6672 comm="syz.0.231" exe="/root/syz-executor" sig=0 arch=40000003 syscall=275 compat=1 ip=0xf7f15539 code=0x7ffc0000 [ 355.182914][ T30] audit: type=1326 audit(1751025511.526:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6672 comm="syz.0.231" exe="/root/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf7f15539 code=0x7ffc0000 [ 355.211693][ T30] audit: type=1326 audit(1751025511.526:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6672 comm="syz.0.231" exe="/root/syz-executor" sig=0 arch=40000003 syscall=173 compat=1 ip=0xf7f15567 code=0x7ffc0000 [ 355.236376][ T30] audit: type=1326 audit(1751025511.526:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6672 comm="syz.0.231" exe="/root/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf7f15539 code=0x7ffc0000 [ 355.695255][ T5806] EXT4-fs error (device loop4): ext4_iget_extra_inode:5035: inode #15: comm syz-executor: corrupted in-inode xattr: overlapping e_value [ 355.756826][ T5806] EXT4-fs error (device loop4): ext4_iget_extra_inode:5035: inode #15: comm syz-executor: corrupted in-inode xattr: overlapping e_value [ 356.033454][ T6677] loop1: detected capacity change from 0 to 4096 [ 356.082339][ T6677] ntfs3(loop1): Different NTFS sector size (4096) and media sector size (512). [ 356.374501][ T5806] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 356.388048][ T77] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 356.467877][ T6677] ntfs3(loop1): ino=19, mi_enum_attr [ 356.473533][ T6677] ntfs3(loop1): Mark volume as dirty due to NTFS errors [ 356.677310][ T77] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 356.829581][ T77] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 356.865084][ T6691] ntfs3(loop1): failed to convert "c46c" to iso8859-9 [ 356.882889][ T6691] ntfs3(loop1): ino=20, mi_enum_attr [ 356.921192][ T6691] ntfs3(loop1): ino=1e, mi_enum_attr [ 357.021301][ T77] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 357.426360][ T77] bridge_slave_1: left allmulticast mode [ 357.432412][ T77] bridge_slave_1: left promiscuous mode [ 357.439438][ T77] bridge0: port 2(bridge_slave_1) entered disabled state [ 357.529138][ T77] bridge_slave_0: left allmulticast mode [ 357.535195][ T77] bridge_slave_0: left promiscuous mode [ 357.542286][ T77] bridge0: port 1(bridge_slave_0) entered disabled state [ 358.117276][ T77] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 358.145587][ T77] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 358.181537][ T77] bond0 (unregistering): Released all slaves [ 358.689425][ T77] hsr_slave_0: left promiscuous mode [ 358.746470][ T77] hsr_slave_1: left promiscuous mode [ 358.754698][ T77] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 358.763250][ T77] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 358.839394][ T77] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 358.847442][ T77] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 358.957342][ T77] veth1_macvtap: left promiscuous mode [ 358.957498][ T77] veth0_macvtap: left promiscuous mode [ 358.957825][ T77] veth1_vlan: left promiscuous mode [ 358.958077][ T77] veth0_vlan: left promiscuous mode [ 359.945658][ T77] team0 (unregistering): Port device team_slave_1 removed [ 359.994961][ T6708] capability: warning: `syz.2.245' uses deprecated v2 capabilities in a way that may be insecure [ 360.087308][ T77] team0 (unregistering): Port device team_slave_0 removed [ 360.167286][ T6707] loop1: detected capacity change from 0 to 2048 [ 360.347728][ T5801] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 360.358844][ T5801] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 360.368597][ T5801] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 360.383636][ T5801] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 360.395751][ T5801] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 360.459922][ T6715] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 360.527119][ T6716] cgroup: fork rejected by pids controller in /syz5 [ 360.841249][ T6714] loop0: detected capacity change from 0 to 1764 [ 361.294292][ T6723] loop2: detected capacity change from 0 to 128 [ 361.394927][ T6723] FAT-fs (loop2): Directory bread(block 162) failed [ 361.402066][ T6723] FAT-fs (loop2): Directory bread(block 163) failed [ 361.409244][ T6723] FAT-fs (loop2): Directory bread(block 164) failed [ 361.416248][ T6723] FAT-fs (loop2): Directory bread(block 165) failed [ 361.423144][ T6723] FAT-fs (loop2): Directory bread(block 166) failed [ 361.430277][ T6723] FAT-fs (loop2): Directory bread(block 167) failed [ 361.437325][ T6723] FAT-fs (loop2): Directory bread(block 168) failed [ 361.455722][ T6723] FAT-fs (loop2): Directory bread(block 169) failed [ 361.560371][ T6723] FAT-fs (loop2): Directory bread(block 162) failed [ 361.567588][ T6723] FAT-fs (loop2): Directory bread(block 163) failed [ 361.719288][ T6710] chnl_net:caif_netlink_parms(): no params data found [ 362.147861][ T6730] syz.1.253 uses obsolete (PF_INET,SOCK_PACKET) [ 362.287164][ T3433] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 362.486605][ T5801] Bluetooth: hci4: command tx timeout [ 362.492925][ T3433] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 362.758827][ T3433] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 362.971685][ T3433] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 363.314565][ T6710] bridge0: port 1(bridge_slave_0) entered blocking state [ 363.323360][ T6710] bridge0: port 1(bridge_slave_0) entered disabled state [ 363.331303][ T6710] bridge_slave_0: entered allmulticast mode [ 363.341525][ T6710] bridge_slave_0: entered promiscuous mode [ 363.370572][ T6710] bridge0: port 2(bridge_slave_1) entered blocking state [ 363.378362][ T6710] bridge0: port 2(bridge_slave_1) entered disabled state [ 363.386267][ T6710] bridge_slave_1: entered allmulticast mode [ 363.405130][ T6710] bridge_slave_1: entered promiscuous mode [ 363.650699][ T6710] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 363.661721][ T3433] bridge_slave_1: left allmulticast mode [ 363.667836][ T3433] bridge_slave_1: left promiscuous mode [ 363.674457][ T3433] bridge0: port 2(bridge_slave_1) entered disabled state [ 363.714654][ T3433] bridge_slave_0: left allmulticast mode [ 363.721471][ T3433] bridge_slave_0: left promiscuous mode [ 363.728505][ T3433] bridge0: port 1(bridge_slave_0) entered disabled state [ 364.250899][ T3433] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 364.308511][ T3433] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 364.372909][ T3433] bond0 (unregistering): Released all slaves [ 364.438510][ T6710] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 364.607232][ T5801] Bluetooth: hci4: command tx timeout [ 364.703993][ T6710] team0: Port device team_slave_0 added [ 364.727894][ T6710] team0: Port device team_slave_1 added [ 365.268858][ T6745] syz.2.260 (6745) used greatest stack depth: 4328 bytes left [ 365.304449][ T6710] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 365.312008][ T6710] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 365.340930][ T6710] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 365.577917][ T3433] hsr_slave_0: left promiscuous mode [ 365.625692][ T3433] hsr_slave_1: left promiscuous mode [ 365.634262][ T3433] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 365.646575][ T3433] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 365.693441][ T5802] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 365.693906][ T3433] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 365.709793][ T3433] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 365.720114][ T5802] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 365.730853][ T5802] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 365.757704][ T5802] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 365.780323][ T5802] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 365.790829][ T6756] loop2: detected capacity change from 0 to 128 [ 365.845423][ T3433] veth1_macvtap: left promiscuous mode [ 365.855833][ T3433] veth0_macvtap: left promiscuous mode [ 365.862047][ T3433] veth1_vlan: left promiscuous mode [ 365.868461][ T3433] veth0_vlan: left promiscuous mode [ 366.665386][ T5802] Bluetooth: hci4: command tx timeout [ 366.935398][ T3433] team0 (unregistering): Port device team_slave_1 removed [ 367.008066][ T3433] team0 (unregistering): Port device team_slave_0 removed [ 367.335083][ T6710] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 367.342579][ T6710] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 367.370797][ T6710] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 367.457483][ T6767] netlink: 12 bytes leftover after parsing attributes in process `syz.0.268'. [ 367.497439][ T6769] netlink: 4 bytes leftover after parsing attributes in process `syz.0.268'. [ 367.510649][ T6768] loop2: detected capacity change from 0 to 2048 [ 367.847283][ T5802] Bluetooth: hci1: command tx timeout [ 367.879662][ T6768] EXT4-fs (loop2): mounted filesystem 00000800-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 368.025563][ T30] kauditd_printk_skb: 4 callbacks suppressed [ 368.025645][ T30] audit: type=1800 audit(1751025524.646:27): pid=6768 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.267" name="file1" dev="loop2" ino=15 res=0 errno=0 [ 368.109336][ T6710] hsr_slave_0: entered promiscuous mode [ 368.119010][ T6768] EXT4-fs (loop2): Online defrag not supported with bigalloc [ 368.122551][ T6710] hsr_slave_1: entered promiscuous mode [ 368.135775][ T6710] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 368.143772][ T6710] Cannot create hsr debugfs directory [ 368.560218][ T6768] EXT4-fs (loop2): unmounting filesystem 00000800-0000-0000-0000-000000000000. [ 368.669035][ T6781] netlink: 'syz.1.271': attribute type 1 has an invalid length. [ 368.729317][ T5802] Bluetooth: hci4: command tx timeout [ 369.053180][ T6753] chnl_net:caif_netlink_parms(): no params data found [ 369.650504][ T6710] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 369.712344][ T6710] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 369.755000][ T6710] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 369.818073][ T6710] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 369.926553][ T5802] Bluetooth: hci1: command tx timeout [ 370.747747][ T6753] bridge0: port 1(bridge_slave_0) entered blocking state [ 370.755469][ T6753] bridge0: port 1(bridge_slave_0) entered disabled state [ 370.769734][ T6753] bridge_slave_0: entered allmulticast mode [ 370.779785][ T6753] bridge_slave_0: entered promiscuous mode [ 370.859424][ T6753] bridge0: port 2(bridge_slave_1) entered blocking state [ 370.872876][ T6753] bridge0: port 2(bridge_slave_1) entered disabled state [ 370.880864][ T6753] bridge_slave_1: entered allmulticast mode [ 370.891018][ T6753] bridge_slave_1: entered promiscuous mode [ 371.297150][ T6753] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 371.335198][ T6809] loop2: detected capacity change from 0 to 512 [ 371.364767][ T6710] 8021q: adding VLAN 0 to HW filter on device bond0 [ 371.421978][ T6753] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 371.544296][ T6809] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e842c11c, mo2=0002] [ 371.626849][ T6809] System zones: 0-2, 18-18, 34-34 [ 371.672376][ T6710] 8021q: adding VLAN 0 to HW filter on device team0 [ 371.744726][ T6809] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.279: bg 0: block 248: padding at end of block bitmap is not set [ 371.767657][ T6809] Quota error (device loop2): write_blk: dquota write failed [ 371.775849][ T6809] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 371.789526][ T6809] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.279: Failed to acquire dquot type 1 [ 371.828376][ T6753] team0: Port device team_slave_0 added [ 371.873772][ T4134] bridge0: port 1(bridge_slave_0) entered blocking state [ 371.881779][ T4134] bridge0: port 1(bridge_slave_0) entered forwarding state [ 371.904946][ T6809] EXT4-fs (loop2): 1 truncate cleaned up [ 371.913427][ T6809] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 371.927029][ T6809] ext4 filesystem being mounted at /61/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 371.971064][ T6753] team0: Port device team_slave_1 added [ 372.006405][ T5802] Bluetooth: hci1: command tx timeout [ 372.028711][ T4134] bridge0: port 2(bridge_slave_1) entered blocking state [ 372.036550][ T4134] bridge0: port 2(bridge_slave_1) entered forwarding state [ 372.043056][ T6809] EXT4-fs error (device loop2): ext4_lookup:1791: inode #2: comm syz.2.279: deleted inode referenced: 12 [ 372.392362][ T6753] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 372.399854][ T6753] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 372.430828][ T6753] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 372.438666][ T6809] syz.2.279 (6809) used greatest stack depth: 3984 bytes left [ 372.539528][ T6753] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 372.547068][ T6753] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 372.571336][ T5805] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 372.586666][ T6753] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 372.930777][ T6753] hsr_slave_0: entered promiscuous mode [ 372.941662][ T6753] hsr_slave_1: entered promiscuous mode [ 372.950760][ T6753] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 372.958695][ T6753] Cannot create hsr debugfs directory [ 373.916616][ T6830] netlink: 36 bytes leftover after parsing attributes in process `syz.2.286'. [ 374.087157][ T5802] Bluetooth: hci1: command tx timeout [ 374.984285][ T6753] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 375.012383][ T6753] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 375.059003][ T6753] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 375.120051][ T6753] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 375.259427][ T6710] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 376.238653][ T6753] 8021q: adding VLAN 0 to HW filter on device bond0 [ 376.367187][ T6753] 8021q: adding VLAN 0 to HW filter on device team0 [ 376.412509][ T3959] bridge0: port 1(bridge_slave_0) entered blocking state [ 376.420260][ T3959] bridge0: port 1(bridge_slave_0) entered forwarding state [ 376.538985][ T3959] bridge0: port 2(bridge_slave_1) entered blocking state [ 376.546741][ T3959] bridge0: port 2(bridge_slave_1) entered forwarding state [ 377.242812][ T6865] loop1: detected capacity change from 0 to 128 [ 377.322928][ T6865] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1) [ 377.476838][ T30] audit: type=1800 audit(1751025534.086:28): pid=6865 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.297" name="file2" dev="loop1" ino=1048606 res=0 errno=0 [ 377.507948][ T6865] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 550) [ 377.517927][ T6865] FAT-fs (loop1): Filesystem has been set read-only [ 377.529891][ T6865] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 550) [ 377.542777][ T6865] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 550) [ 377.553983][ T6865] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 550) [ 377.564597][ T6865] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 550) [ 377.578560][ T6865] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 550) [ 377.588036][ T6865] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 550) [ 377.597311][ T6865] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 550) [ 377.608515][ T6865] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 550) [ 377.619811][ T6865] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 550) [ 378.233684][ T6710] veth0_vlan: entered promiscuous mode [ 378.363286][ T6710] veth1_vlan: entered promiscuous mode [ 378.734400][ T6753] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 378.767813][ T6710] veth0_macvtap: entered promiscuous mode [ 378.863954][ T6710] veth1_macvtap: entered promiscuous mode [ 379.055519][ T6710] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 379.162102][ T6710] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 379.255293][ T6710] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 379.267469][ T6710] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 379.277631][ T6710] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 379.286991][ T6710] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 379.418870][ T6878] loop1: detected capacity change from 0 to 4096 [ 379.448565][ T6878] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [ 381.345286][ T6753] veth0_vlan: entered promiscuous mode [ 381.474269][ T6753] veth1_vlan: entered promiscuous mode [ 381.832183][ T6753] veth0_macvtap: entered promiscuous mode [ 381.929838][ T6753] veth1_macvtap: entered promiscuous mode [ 382.032320][ T6913] netlink: 64 bytes leftover after parsing attributes in process `syz.2.311'. [ 382.150887][ T6753] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 382.237167][ T6753] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 382.355324][ T6753] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 382.365326][ T6753] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 382.376352][ T6753] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 382.385404][ T6753] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 383.651517][ T6933] loop2: detected capacity change from 0 to 16 [ 383.746783][ T6933] cramfs: empty filesystem [ 385.375359][ T5807] Bluetooth: hci0: command 0x0406 tx timeout [ 385.376203][ T5804] Bluetooth: hci2: command 0x0406 tx timeout [ 385.901108][ T6958] netlink: 40 bytes leftover after parsing attributes in process `syz.0.323'. [ 385.910539][ T6958] netlink: 8 bytes leftover after parsing attributes in process `syz.0.323'. [ 386.221021][ T4184] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 386.231961][ T4184] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 386.458296][ T60] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 386.466794][ T60] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 389.383772][ T4184] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 389.392026][ T4184] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 389.731676][ T77] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 389.741088][ T77] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 391.591164][ T7035] loop6: detected capacity change from 0 to 128 [ 391.694330][ T7037] loop1: detected capacity change from 0 to 128 [ 391.711565][ T7037] EXT4-fs: Ignoring removed nobh option [ 391.829643][ T7043] netlink: 8 bytes leftover after parsing attributes in process `syz.0.356'. [ 391.829806][ T7037] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 391.868320][ T7043] netlink: 24 bytes leftover after parsing attributes in process `syz.0.356'. [ 391.966469][ T7037] ext4 filesystem being mounted at /88/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 391.996887][ T7046] netlink: 47 bytes leftover after parsing attributes in process `syz.5.357'. [ 392.103922][ T7037] EXT4-fs warning (device loop1): ext4_group_extend:1886: will only finish group (8193 blocks, 8129 new) [ 392.116868][ T7037] EXT4-fs warning (device loop1): ext4_group_extend:1891: can't read last block, resize aborted [ 392.563006][ T5795] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 392.740571][ T7052] loop0: detected capacity change from 0 to 2048 [ 392.851125][ T7052] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 392.965346][ T7060] loop1: detected capacity change from 0 to 1024 [ 392.967055][ T7058] netlink: 40 bytes leftover after parsing attributes in process `syz.6.364'. [ 392.980466][ T7060] hfsplus: unable to find HFS+ superblock [ 393.683507][ T3959] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 281 free clusters [ 393.764769][ T3959] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 32 with error 28 [ 393.777862][ T3959] EXT4-fs (loop0): This should not happen!! Data will be lost [ 393.777862][ T3959] [ 393.788131][ T3959] EXT4-fs (loop0): Total free blocks count 0 [ 393.794426][ T3959] EXT4-fs (loop0): Free/Dirty block details [ 393.800744][ T3959] EXT4-fs (loop0): free_blocks=4096 [ 393.812812][ T3959] EXT4-fs (loop0): dirty_blocks=48 [ 393.820749][ T3959] EXT4-fs (loop0): Block reservation details [ 393.828975][ T3959] EXT4-fs (loop0): i_reserved_data_blocks=3 [ 393.938495][ T3959] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 159 with max blocks 1 with error 28 [ 394.297328][ T7073] loop1: detected capacity change from 0 to 512 [ 394.342896][ T7073] EXT4-fs (loop1): external journal device major/minor numbers have changed [ 394.457603][ T7073] block device autoloading is deprecated and will be removed. [ 394.502961][ T7073] EXT4-fs (loop1): external journal has bad superblock [ 395.396848][ T7094] loop5: detected capacity change from 0 to 512 [ 395.580214][ T7094] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 395.593674][ T7094] ext4 filesystem being mounted at /6/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 395.921476][ T7089] loop1: detected capacity change from 0 to 8192 [ 395.989064][ T7102] Failed to get privilege flags for destination (handle=0x2:0x9) [ 396.174409][ T7106] loop6: detected capacity change from 0 to 256 [ 396.234686][ T7106] exFAT-fs (loop6): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 396.246185][ T7106] exFAT-fs (loop6): Medium has reported failures. Some data may be lost. [ 396.308762][ T7105] loop0: detected capacity change from 0 to 1024 [ 396.345310][ T7105] EXT4-fs: Ignoring removed nobh option [ 396.351509][ T7105] EXT4-fs: Ignoring removed bh option [ 396.458212][ T7105] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 396.480692][ T7106] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010000, chksum : 0xe5674ec2, utbl_chksum : 0xe619d30d) [ 396.546110][ T30] audit: type=1800 audit(1751025553.166:29): pid=7105 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.383" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 396.558831][ T6753] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 396.788529][ T5800] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 397.106373][ T7113] program syz.1.385 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 397.542660][ T7120] loop2: detected capacity change from 0 to 1024 [ 397.757756][ T7120] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 397.935456][ T7120] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 397.996867][ T7120] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 319 with max blocks 1 with error 28 [ 398.018646][ T7120] EXT4-fs (loop2): This should not happen!! Data will be lost [ 398.018646][ T7120] [ 398.031424][ T7120] EXT4-fs (loop2): Total free blocks count 0 [ 398.037833][ T7120] EXT4-fs (loop2): Free/Dirty block details [ 398.044113][ T7120] EXT4-fs (loop2): free_blocks=68451041280 [ 398.050418][ T7120] EXT4-fs (loop2): dirty_blocks=64 [ 398.056078][ T7120] EXT4-fs (loop2): Block reservation details [ 398.062324][ T7120] EXT4-fs (loop2): i_reserved_data_blocks=4 [ 398.078208][ T7128] Bluetooth: MGMT ver 1.23 [ 398.088009][ T7129] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 64 with error 28 [ 398.413009][ T7134] loop1: detected capacity change from 0 to 512 [ 398.462255][ T7134] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 398.482908][ T7133] loop6: detected capacity change from 0 to 1024 [ 398.600378][ T7134] EXT4-fs (loop1): 1 truncate cleaned up [ 398.609657][ T7134] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 398.698492][ T4305] hfsplus: b-tree write err: -5, ino 4 [ 399.083152][ T5795] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 400.271653][ T5853] IPVS: starting estimator thread 0... [ 400.307762][ T7159] tipc: Started in network mode [ 400.313347][ T7159] tipc: Node identity ac14140f, cluster identity 4711 [ 400.321326][ T7159] tipc: New replicast peer: 255.255.255.255 [ 400.331956][ T7159] tipc: Enabled bearer , priority 10 [ 400.377082][ T7160] IPVS: using max 192 ests per chain, 9600 per kthread [ 400.990719][ T7168] macvlan0: entered promiscuous mode [ 401.009893][ T7168] netlink: 'syz.2.407': attribute type 1 has an invalid length. [ 401.018045][ T7168] netlink: 'syz.2.407': attribute type 2 has an invalid length. [ 401.458102][ T42] tipc: Node number set to 2886997007 [ 401.560425][ T7179] serio: Serial port ttyS3 [ 402.631399][ T7195] netlink: 52 bytes leftover after parsing attributes in process `syz.6.418'. [ 402.832182][ T7196] loop5: detected capacity change from 0 to 1764 [ 402.934399][ T7192] loop2: detected capacity change from 0 to 4096 [ 402.997607][ T7192] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512). [ 403.232016][ T7200] loop0: detected capacity change from 0 to 2048 [ 403.310826][ T7200] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 403.441936][ T7203] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 403.818678][ T5853] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 404.093864][ T5853] usb 2-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 404.103589][ T5853] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 404.112531][ T5853] usb 2-1: Product: syz [ 404.117119][ T5853] usb 2-1: Manufacturer: syz [ 404.122081][ T5853] usb 2-1: SerialNumber: syz [ 404.179116][ T5853] usb 2-1: config 0 descriptor?? [ 404.312779][ T7207] loop5: detected capacity change from 0 to 4096 [ 404.603933][ T7215] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 404.709506][ T5853] usb 2-1: Firmware: major: 217, minor: 215, hardware type: UNKNOWN (86) [ 404.941084][ T5853] usb 2-1: failed to fetch extended address, random address set [ 404.949537][ T5853] usb 2-1: atusb_probe: initialization failed, error = -524 [ 404.958308][ T5853] atusb 2-1:0.0: probe with driver atusb failed with error -524 [ 405.080545][ T5853] usb 2-1: USB disconnect, device number 2 [ 406.710735][ T7236] loop5: detected capacity change from 0 to 2048 [ 406.774199][ T7230] loop0: detected capacity change from 0 to 8192 [ 406.877631][ T7236] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 406.890700][ T7236] ext4 filesystem being mounted at /15/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 407.195461][ T7236] fs-verity: sha256 using implementation "sha256-x86_64" [ 407.247580][ T7236] fs-verity (loop5, inode 13): fs-verity keyring is empty, rejecting signed file! [ 407.724312][ T6753] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 408.159024][ T7248] netlink: 79 bytes leftover after parsing attributes in process `syz.1.442'. [ 408.687855][ T7246] loop0: detected capacity change from 0 to 4096 [ 410.325397][ T7279] loop1: detected capacity change from 0 to 256 [ 411.068037][ T7289] warning: `syz.5.458' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 411.197242][ T7292] netlink: 2 bytes leftover after parsing attributes in process `syz.2.461'. [ 411.724427][ T7301] loop8: detected capacity change from 0 to 1 [ 411.793567][ T7301] Dev loop8: unable to read RDB block 1 [ 411.800026][ T7301] loop8: unable to read partition table [ 411.857340][ T7301] loop8: partition table beyond EOD, truncated [ 411.863879][ T7301] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5) [ 411.956699][ T5853] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 412.192755][ T5853] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 412.204065][ T5853] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 412.242680][ T5853] usb 7-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 412.253336][ T5853] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 412.262087][ T5853] usb 7-1: SerialNumber: syz [ 412.318103][ T7309] loop1: detected capacity change from 0 to 256 [ 412.428266][ T7311] loop2: detected capacity change from 0 to 512 [ 412.460294][ T7311] EXT4-fs: Ignoring removed mblk_io_submit option [ 412.497751][ T7311] EXT4-fs (loop2): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 412.538178][ T5853] usb 7-1: 0:2 : does not exist [ 412.581223][ T7311] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 412.634835][ T5853] usb 7-1: USB disconnect, device number 2 [ 412.656637][ T7311] EXT4-fs (loop2): orphan cleanup on readonly fs [ 412.704263][ T11] kernel write not supported for file bpf-map (pid: 11 comm: kworker/0:1) [ 412.750206][ T7311] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:483: comm syz.2.470: Invalid block bitmap block 0 in block_group 0 [ 412.781856][ T7311] EXT4-fs (loop2): Remounting filesystem read-only [ 412.805521][ T7311] Quota error (device loop2): write_blk: dquota write failed [ 412.819524][ T7311] Quota error (device loop2): write_blk: dquota write failed [ 412.827671][ T7311] Quota error (device loop2): qtree_write_dquot: Error -28 occurred while creating quota [ 412.838279][ T7311] EXT4-fs (loop2): 1 orphan inode deleted [ 412.874287][ T7311] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 413.440789][ T5805] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 413.910621][ T7328] loop2: detected capacity change from 0 to 256 [ 414.043115][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 414.050165][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 414.125198][ T7328] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 414.163303][ T77] Bluetooth: hci5: Frame reassembly failed (-84) [ 414.226668][ T7332] Bluetooth: hci5: Frame reassembly failed (-84) [ 414.268351][ T7328] exFAT-fs (loop2): error, data size is invalid(10) [ 414.809187][ T7339] loop5: detected capacity change from 0 to 1024 [ 415.000380][ T30] audit: type=1800 audit(1751025571.626:30): pid=7339 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.482" name="bus" dev="loop5" ino=26 res=0 errno=0 [ 415.254952][ T35] hfsplus: b-tree write err: -5, ino 4 [ 415.740472][ T7348] netlink: 16 bytes leftover after parsing attributes in process `syz.5.485'. [ 416.257196][ T5802] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 417.004085][ T7350] loop6: detected capacity change from 0 to 40427 [ 417.033170][ T7350] F2FS-fs (loop6): Invalid log_blocksize (268), supports only 12 [ 417.043079][ T7350] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock [ 417.054408][ T7350] F2FS-fs (loop6): Wrong secs_per_zone / total_sections (64, 24) [ 417.062592][ T7350] F2FS-fs (loop6): Can't find valid F2FS filesystem in 2th superblock [ 417.730502][ T5801] block nbd0: Receive control failed (result -32) [ 419.276421][ T7387] loop1: detected capacity change from 0 to 164 [ 419.479998][ T7391] netlink: 'syz.6.507': attribute type 11 has an invalid length. [ 419.488506][ T7391] netlink: 44 bytes leftover after parsing attributes in process `syz.6.507'. [ 420.986410][ T5853] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 421.186692][ T5853] usb 3-1: Using ep0 maxpacket: 16 [ 421.204041][ T5853] usb 3-1: config 0 has an invalid interface number: 8 but max is 0 [ 421.213254][ T5853] usb 3-1: config 0 has no interface number 0 [ 421.219980][ T5853] usb 3-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 421.231367][ T5853] usb 3-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 421.252968][ T5853] usb 3-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 421.262657][ T5853] usb 3-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 421.271271][ T5853] usb 3-1: Product: syz [ 421.275708][ T5853] usb 3-1: SerialNumber: syz [ 421.346683][ T5853] usb 3-1: config 0 descriptor?? [ 421.365427][ T5853] cm109 3-1:0.8: invalid payload size 0, expected 4 [ 421.375585][ T5853] input: CM109 USB driver as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.8/input/input9 [ 421.550905][ T7421] loop0: detected capacity change from 0 to 256 [ 421.611940][ C0] cm109 3-1:0.8: cm109_urb_ctl_callback: usb_submit_urb (urb_irq) failed -90 [ 421.634582][ T7423] loop6: detected capacity change from 0 to 256 [ 421.652760][ T7423] exFAT-fs (loop6): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 421.664764][ T7423] exFAT-fs (loop6): Medium has reported failures. Some data may be lost. [ 421.796401][ T7423] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 421.870004][ C0] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 421.879950][ C0] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 421.890813][ C0] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 421.899389][ C0] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 421.908052][ C0] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 421.916508][ C0] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 421.932382][ C0] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 421.940194][ T5853] usb 3-1: USB disconnect, device number 3 [ 421.946579][ C0] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 421.946711][ C0] cm109 3-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 421.988467][ T5853] cm109 3-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 422.735347][ T7433] loop6: detected capacity change from 0 to 1024 [ 423.320511][ T3433] hfsplus: b-tree write err: -5, ino 8 [ 423.822785][ T7453] loop6: detected capacity change from 0 to 64 [ 423.900250][ T7454] netlink: 'syz.2.533': attribute type 8 has an invalid length. [ 424.009291][ T30] audit: type=1800 audit(1751025580.626:31): pid=7453 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.531" name="file0" dev="overlay" ino=3 res=0 errno=0 [ 424.042776][ T7457] loop0: detected capacity change from 0 to 64 [ 424.075788][ T7457] minix: Unknown parameter '0xffffffffffffffff' [ 424.261359][ T7458] loop5: detected capacity change from 0 to 2048 [ 424.297173][ T7458] NILFS (loop5): broken superblock, retrying with spare superblock (blocksize = 1024) [ 424.349503][ T7458] syz.5.535: attempt to access beyond end of device [ 424.349503][ T7458] loop5: rw=524288, sector=33554430, nr_sectors = 2 limit=2048 [ 424.365348][ T7462] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 424.738416][ T7465] loop0: detected capacity change from 0 to 16 [ 424.770279][ T7465] erofs (device loop0): mounted with root inode @ nid 36. [ 424.892960][ T4134] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 425.083894][ T4134] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 425.311731][ T4134] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 425.527215][ T4134] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 425.840113][ T4134] bridge_slave_1: left allmulticast mode [ 425.846336][ T4134] bridge_slave_1: left promiscuous mode [ 425.853040][ T4134] bridge0: port 2(bridge_slave_1) entered disabled state [ 425.877848][ T4134] bridge_slave_0: left allmulticast mode [ 425.883812][ T4134] bridge_slave_0: left promiscuous mode [ 425.890941][ T4134] bridge0: port 1(bridge_slave_0) entered disabled state [ 426.401758][ T4134] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 426.436599][ T4134] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 426.472183][ T4134] bond0 (unregistering): Released all slaves [ 426.629423][ T4134] tipc: Disabling bearer [ 426.635422][ T4134] tipc: Left network mode [ 427.088925][ T4134] hsr_slave_0: left promiscuous mode [ 427.118832][ T4134] hsr_slave_1: left promiscuous mode [ 427.127580][ T4134] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 427.135323][ T4134] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 427.221276][ T4134] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 427.229464][ T4134] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 427.390151][ T4134] veth1_macvtap: left promiscuous mode [ 427.396258][ T4134] veth0_macvtap: left promiscuous mode [ 427.402282][ T4134] veth1_vlan: left promiscuous mode [ 427.409007][ T4134] veth0_vlan: left promiscuous mode [ 427.874207][ T5802] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 427.897637][ T5802] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 427.914245][ T5802] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 427.929909][ T5802] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 427.952206][ T5802] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 428.410466][ T4134] team0 (unregistering): Port device team_slave_1 removed [ 428.517418][ T4134] team0 (unregistering): Port device team_slave_0 removed [ 429.008548][ T7491] bridge: RTM_NEWNEIGH with invalid ether address [ 429.488482][ T7503] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 429.497862][ T7503] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 429.507145][ T7503] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 429.516374][ T7503] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 429.635594][ T7503] Zero length message leads to an empty skb [ 430.096886][ T5802] Bluetooth: hci4: command tx timeout [ 430.298348][ T7485] chnl_net:caif_netlink_parms(): no params data found [ 430.446853][ T7518] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 430.463151][ T7517] netlink: 4 bytes leftover after parsing attributes in process `syz.1.562'. [ 430.526645][ T7517] veth0_macvtap: left promiscuous mode [ 431.138677][ T7528] loop1: detected capacity change from 0 to 128 [ 431.169752][ T7528] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 431.248113][ T7528] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 431.519642][ T7531] loop2: detected capacity change from 0 to 1024 [ 431.598067][ T7531] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 431.692215][ T7485] bridge0: port 1(bridge_slave_0) entered blocking state [ 431.700397][ T7485] bridge0: port 1(bridge_slave_0) entered disabled state [ 431.708472][ T7485] bridge_slave_0: entered allmulticast mode [ 431.718605][ T7485] bridge_slave_0: entered promiscuous mode [ 431.755738][ T7485] bridge0: port 2(bridge_slave_1) entered blocking state [ 431.758684][ T35] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 431.765135][ T7485] bridge0: port 2(bridge_slave_1) entered disabled state [ 431.780687][ T7485] bridge_slave_1: entered allmulticast mode [ 431.790767][ T7485] bridge_slave_1: entered promiscuous mode [ 432.038497][ T7485] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 432.082817][ T7485] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 432.085304][ T5805] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 432.167044][ T5802] Bluetooth: hci4: command tx timeout [ 432.327038][ T7485] team0: Port device team_slave_0 added [ 432.374686][ T7485] team0: Port device team_slave_1 added [ 432.456573][ T5850] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 432.663358][ T7485] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 432.670888][ T7485] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 432.698090][ T7485] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 432.747909][ T5850] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 432.757744][ T5850] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 432.766349][ T5850] usb 2-1: Product: syz [ 432.770788][ T5850] usb 2-1: Manufacturer: syz [ 432.775658][ T5850] usb 2-1: SerialNumber: syz [ 432.825231][ T7485] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 432.832778][ T7485] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 432.859492][ T7485] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 432.876677][ T5850] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 432.944096][ T7552] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 433.199895][ T5855] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 433.524979][ T7485] hsr_slave_0: entered promiscuous mode [ 433.552421][ T7485] hsr_slave_1: entered promiscuous mode [ 433.570897][ T7485] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 433.579770][ T7485] Cannot create hsr debugfs directory [ 434.055058][ T5853] usb 2-1: USB disconnect, device number 3 [ 434.091739][ T7561] loop5: detected capacity change from 0 to 64 [ 434.246176][ T5802] Bluetooth: hci4: command tx timeout [ 434.366466][ T30] audit: type=1800 audit(1751025590.976:32): pid=7561 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.578" name="file0" dev="overlay" ino=3 res=0 errno=0 [ 434.673505][ T5855] usb 2-1: Service connection timeout for: 256 [ 434.680158][ T5855] ath9k_htc 2-1:1.0: ath9k_htc: Unable to initialize HTC services [ 434.691447][ T5855] ath9k_htc: Failed to initialize the device [ 434.780626][ T5853] usb 2-1: ath9k_htc: USB layer deinitialized [ 435.374599][ T7485] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 435.544750][ T4134] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 435.624023][ T7485] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 435.760046][ T4134] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 435.834323][ T7485] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 435.919616][ T4134] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 435.978194][ T7485] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 436.092523][ T4134] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 436.337255][ T5802] Bluetooth: hci4: command tx timeout [ 436.566849][ T4134] bridge_slave_1: left allmulticast mode [ 436.572890][ T4134] bridge_slave_1: left promiscuous mode [ 436.580009][ T4134] bridge0: port 2(bridge_slave_1) entered disabled state [ 436.615407][ T4134] bridge_slave_0: left allmulticast mode [ 436.621572][ T4134] bridge_slave_0: left promiscuous mode [ 436.628872][ T4134] bridge0: port 1(bridge_slave_0) entered disabled state [ 437.203278][ T4134] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 437.228228][ T4134] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 437.251762][ T4134] bond0 (unregistering): Released all slaves [ 437.655417][ T4134] hsr_slave_0: left promiscuous mode [ 437.664550][ T4134] hsr_slave_1: left promiscuous mode [ 437.677580][ T4134] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 437.685999][ T4134] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 437.707515][ T4134] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 437.715298][ T4134] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 437.744603][ T4134] veth1_macvtap: left promiscuous mode [ 437.751119][ T4134] veth0_macvtap: left promiscuous mode [ 437.757383][ T4134] veth1_vlan: left promiscuous mode [ 437.763020][ T4134] veth0_vlan: left promiscuous mode [ 438.643780][ T4134] team0 (unregistering): Port device team_slave_1 removed [ 438.691139][ T4134] team0 (unregistering): Port device team_slave_0 removed [ 439.257021][ T7485] 8021q: adding VLAN 0 to HW filter on device bond0 [ 439.369532][ T5801] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 439.379748][ T5801] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 439.394495][ T5801] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 439.413399][ T5801] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 439.472725][ T7485] 8021q: adding VLAN 0 to HW filter on device team0 [ 439.519860][ T5801] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 439.743010][ T77] bridge0: port 1(bridge_slave_0) entered blocking state [ 439.750865][ T77] bridge0: port 1(bridge_slave_0) entered forwarding state [ 439.839078][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 439.846832][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 440.733449][ T7600] loop1: detected capacity change from 0 to 128 [ 441.285823][ T7585] chnl_net:caif_netlink_parms(): no params data found [ 441.617194][ T5801] Bluetooth: hci1: command tx timeout [ 442.577548][ T7485] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 443.204505][ T7585] bridge0: port 1(bridge_slave_0) entered blocking state [ 443.212766][ T7585] bridge0: port 1(bridge_slave_0) entered disabled state [ 443.220857][ T7585] bridge_slave_0: entered allmulticast mode [ 443.231009][ T7585] bridge_slave_0: entered promiscuous mode [ 443.320920][ T7585] bridge0: port 2(bridge_slave_1) entered blocking state [ 443.329483][ T7585] bridge0: port 2(bridge_slave_1) entered disabled state [ 443.337566][ T7585] bridge_slave_1: entered allmulticast mode [ 443.347574][ T7585] bridge_slave_1: entered promiscuous mode [ 443.696748][ T5801] Bluetooth: hci1: command tx timeout [ 443.773720][ T7585] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 443.876591][ T7585] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 444.207485][ T7585] team0: Port device team_slave_0 added [ 444.216910][ T7633] netlink: 8 bytes leftover after parsing attributes in process `syz.2.605'. [ 444.247638][ T7585] team0: Port device team_slave_1 added [ 444.387315][ T7637] IPv6: Can't replace route, no match found [ 444.551123][ T7585] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 444.558775][ T7585] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 444.587214][ T7585] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 444.711655][ T7585] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 444.719190][ T7585] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 444.746676][ T7585] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 444.991031][ T7485] veth0_vlan: entered promiscuous mode [ 445.280170][ T7585] hsr_slave_0: entered promiscuous mode [ 445.292641][ T7585] hsr_slave_1: entered promiscuous mode [ 445.301976][ T7585] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 445.309948][ T7585] Cannot create hsr debugfs directory [ 445.380321][ T7485] veth1_vlan: entered promiscuous mode [ 445.766394][ T5801] Bluetooth: hci1: command tx timeout [ 445.899154][ T7485] veth0_macvtap: entered promiscuous mode [ 445.982165][ T7485] veth1_macvtap: entered promiscuous mode [ 446.141402][ T7485] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 446.216773][ T5853] usb 2-1: new full-speed USB device number 4 using dummy_hcd [ 446.223319][ T7485] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 446.242569][ T7649] loop0: detected capacity change from 0 to 4096 [ 446.343599][ T7485] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 446.354219][ T7485] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 446.364567][ T7485] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 446.373853][ T7485] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 446.449251][ T5853] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 446.461041][ T5853] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 446.471545][ T5853] usb 2-1: New USB device found, idVendor=146b, idProduct=0902, bcdDevice= 0.00 [ 446.481198][ T5853] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 446.504162][ T5853] usb 2-1: config 0 descriptor?? [ 446.589581][ T7649] ntfs3(loop0): Mark volume as dirty due to NTFS errors [ 446.737431][ T30] audit: type=1800 audit(1751025603.346:33): pid=7649 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.612" name="file1" dev="loop0" ino=30 res=0 errno=0 [ 446.765049][ T7656] loop2: detected capacity change from 0 to 256 [ 446.869495][ T7585] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 446.939354][ T7585] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 446.963463][ T7656] exFAT-fs (loop2): failed to load upcase table (idx : 0x00011f41, chksum : 0x31e44978, utbl_chksum : 0xe619d30d) [ 447.021301][ T7585] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 447.064775][ T5853] bigben 0003:146B:0902.0004: unexpected rdesc, please submit for review [ 447.097435][ T5853] bigben 0003:146B:0902.0004: item fetching failed at offset 1/5 [ 447.121867][ T30] audit: type=1800 audit(1751025603.746:34): pid=7656 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.615" name="file1" dev="loop2" ino=1048630 res=0 errno=0 [ 447.122039][ T5853] bigben 0003:146B:0902.0004: parse failed [ 447.149924][ T5853] bigben 0003:146B:0902.0004: probe with driver bigben failed with error -22 [ 447.169672][ T7585] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 447.303541][ T5853] usb 2-1: USB disconnect, device number 4 [ 447.848441][ T5801] Bluetooth: hci1: command tx timeout [ 447.876905][ T30] audit: type=1326 audit(1751025604.496:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7663 comm="syz.2.617" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf712e539 code=0x0 [ 448.180971][ T7585] 8021q: adding VLAN 0 to HW filter on device bond0 [ 448.342459][ T7585] 8021q: adding VLAN 0 to HW filter on device team0 [ 448.409854][ T4305] bridge0: port 1(bridge_slave_0) entered blocking state [ 448.417598][ T4305] bridge0: port 1(bridge_slave_0) entered forwarding state [ 448.520965][ T4305] bridge0: port 2(bridge_slave_1) entered blocking state [ 448.528743][ T4305] bridge0: port 2(bridge_slave_1) entered forwarding state [ 450.557819][ T7585] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 450.738344][ T7700] netlink: 'syz.2.628': attribute type 4 has an invalid length. [ 451.321389][ T7708] mmap: syz.1.629 (7708): VmData 37376000 exceed data ulimit 0. Update limits or use boot option ignore_rlimit_data. [ 451.407199][ T7709] program syz.2.630 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 452.697269][ T7726] sctp: [Deprecated]: syz.0.634 (pid 7726) Use of int in maxseg socket option. [ 452.697269][ T7726] Use struct sctp_assoc_value instead [ 452.714375][ T7585] veth0_vlan: entered promiscuous mode [ 452.898019][ T60] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 452.906371][ T60] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 452.993411][ T7585] veth1_vlan: entered promiscuous mode [ 453.152724][ T7585] veth0_macvtap: entered promiscuous mode [ 453.181994][ T7585] veth1_macvtap: entered promiscuous mode [ 453.264737][ T3959] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 453.273417][ T3959] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 453.376709][ T7585] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 453.412037][ T7585] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 453.536717][ T7585] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 453.545819][ T7585] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 453.555230][ T7585] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 453.564476][ T7585] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 454.195797][ T7738] loop0: detected capacity change from 0 to 1024 [ 454.420289][ T7738] EXT4-fs (loop0): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 454.433201][ T7738] ext4 filesystem being mounted at /153/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 454.608860][ T7738] EXT4-fs error (device loop0): ext4_map_blocks:816: inode #15: block 1: comm syz.0.639: lblock 1 mapped to illegal pblock 1 (length 4) [ 454.649140][ T7738] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 4 with error 117 [ 454.662241][ T7738] EXT4-fs (loop0): This should not happen!! Data will be lost [ 454.662241][ T7738] [ 454.760617][ T7749] EXT4-fs error (device loop0): ext4_map_blocks:816: inode #15: block 7: comm syz.0.639: lblock 7 mapped to illegal pblock 7 (length 1) [ 454.798797][ T7749] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 7 with max blocks 1 with error 117 [ 454.812051][ T7749] EXT4-fs (loop0): This should not happen!! Data will be lost [ 454.812051][ T7749] [ 455.237786][ T7752] loop1: detected capacity change from 0 to 1024 [ 455.281125][ T5800] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 455.741181][ T7761] netlink: 8 bytes leftover after parsing attributes in process `syz.7.644'. [ 455.770948][ T7761] bond0: entered promiscuous mode [ 455.776587][ T7761] bond_slave_0: entered promiscuous mode [ 455.783693][ T7761] bond_slave_1: entered promiscuous mode [ 455.800531][ T7761] team_slave_1: entered promiscuous mode [ 455.811872][ T7761] team_slave_1: left promiscuous mode [ 455.918252][ T7762] loop0: detected capacity change from 0 to 256 [ 455.958470][ T7762] exfat: Unknown parameter '000000000000000000000000x0000000000000000' [ 456.003853][ T7761] bond0: left promiscuous mode [ 456.009141][ T7761] bond_slave_0: left promiscuous mode [ 456.016470][ T7761] bond_slave_1: left promiscuous mode [ 456.140271][ T7767] loop1: detected capacity change from 0 to 164 [ 456.361505][ T7767] isofs_fill_super: bread failed, dev=loop1, iso_blknum=41, block=82 [ 456.624753][ T7770] netlink: 4 bytes leftover after parsing attributes in process `syz.2.647'. [ 456.687407][ T7770] netlink: 8 bytes leftover after parsing attributes in process `syz.2.647'. [ 457.509427][ T9] kernel write not supported for file /sequencer (pid: 9 comm: kworker/0:0) [ 457.895677][ T7790] loop2: detected capacity change from 0 to 256 [ 458.489302][ T9] usb 8-1: new full-speed USB device number 2 using dummy_hcd [ 458.696490][ T9] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 458.707261][ T9] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 458.718972][ T9] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 458.731593][ T9] usb 8-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5 [ 458.868456][ T9] usb 8-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 458.878080][ T9] usb 8-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 458.886697][ T9] usb 8-1: Manufacturer: syz [ 459.012991][ T9] usb 8-1: config 0 descriptor?? [ 459.705574][ T4134] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 459.714756][ T4134] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 459.756415][ T9] rc_core: IR keymap rc-hauppauge not found [ 459.762768][ T9] Registered IR keymap rc-empty [ 459.769320][ T9] mceusb 8-1:0.0: Error: mce write submit urb error = -90 [ 459.855621][ T9] mceusb 8-1:0.0: Error: mce write submit urb error = -90 [ 459.885727][ T9] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.7/usb8/8-1/8-1:0.0/rc/rc0 [ 459.901281][ T9] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.7/usb8/8-1/8-1:0.0/rc/rc0/input10 [ 459.945137][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 459.956639][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 460.012966][ T9] mceusb 8-1:0.0: Error: mce write submit urb error = -90 [ 460.105406][ T7819] netlink: 4 bytes leftover after parsing attributes in process `syz.1.662'. [ 460.136801][ T9] mceusb 8-1:0.0: Error: mce write submit urb error = -90 [ 460.167147][ T9] mceusb 8-1:0.0: Error: mce write submit urb error = -90 [ 460.207088][ T7815] netlink: 12 bytes leftover after parsing attributes in process `syz.1.662'. [ 460.224114][ T9] mceusb 8-1:0.0: Error: mce write submit urb error = -90 [ 460.259636][ T9] mceusb 8-1:0.0: Error: mce write submit urb error = -90 [ 460.302191][ T9] mceusb 8-1:0.0: Error: mce write submit urb error = -90 [ 460.333655][ T9] mceusb 8-1:0.0: Error: mce write submit urb error = -90 [ 460.391579][ T9] mceusb 8-1:0.0: Error: mce write submit urb error = -90 [ 460.416761][ T9] mceusb 8-1:0.0: Error: mce write submit urb error = -90 [ 460.436558][ T9] mceusb 8-1:0.0: Error: mce write submit urb error = -90 [ 460.479183][ T9] mceusb 8-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 460.489098][ T9] mceusb 8-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 460.548699][ T9] usb 8-1: USB disconnect, device number 2 [ 460.930766][ T7823] loop1: detected capacity change from 0 to 8 [ 461.053631][ T7823] SQUASHFS error: lzo decompression failed, data probably corrupt [ 461.062550][ T7823] SQUASHFS error: Failed to read block 0x91: -5 [ 461.069275][ T7823] SQUASHFS error: Unable to read metadata cache entry [8f] [ 461.077124][ T7823] SQUASHFS error: Unable to read inode 0x11f [ 461.619477][ T7833] sctp: [Deprecated]: syz.7.668 (pid 7833) Use of int in maxseg socket option. [ 461.619477][ T7833] Use struct sctp_assoc_value instead [ 461.691967][ T7835] netlink: 'syz.0.669': attribute type 2 has an invalid length. [ 463.022588][ T7852] netlink: 8 bytes leftover after parsing attributes in process `syz.7.676'. [ 463.336993][ T0] NOHZ tick-stop error: local softirq work is pending, handler #82!!! [ 463.346526][ T0] NOHZ tick-stop error: local softirq work is pending, handler #82!!! [ 463.456862][ T9] usb 9-1: new high-speed USB device number 2 using dummy_hcd [ 463.626174][ T9] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 463.637672][ T9] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 463.651790][ T9] usb 9-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 463.662552][ T9] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 463.802181][ T9] usb 9-1: config 0 descriptor?? [ 463.914004][ T7861] netlink: 16 bytes leftover after parsing attributes in process `syz.7.680'. [ 464.000548][ T4184] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 464.009828][ T4184] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 464.031751][ T1590] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 464.282626][ T9] cp2112 0003:10C4:EA90.0005: unknown main item tag 0x0 [ 464.337652][ T9] cp2112 0003:10C4:EA90.0005: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.8-1/input0 [ 464.494788][ T9] cp2112 0003:10C4:EA90.0005: Part Number: 0x82 Device Version: 0xFE [ 464.710887][ T9] cp2112 0003:10C4:EA90.0005: error requesting SMBus config [ 464.728667][ T1590] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 464.749289][ T9] cp2112 0003:10C4:EA90.0005: probe with driver cp2112 failed with error -71 [ 464.785088][ T9] usb 9-1: USB disconnect, device number 2 [ 465.050193][ T1590] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 466.205349][ T7888] loop2: detected capacity change from 0 to 2048 [ 466.602837][ T7894] netlink: zone id is out of range [ 466.624464][ T7894] netlink: zone id is out of range [ 466.630113][ T7894] netlink: zone id is out of range [ 466.635560][ T7894] netlink: zone id is out of range [ 466.641309][ T7894] netlink: zone id is out of range [ 466.647047][ T7894] netlink: zone id is out of range [ 466.652393][ T7894] netlink: zone id is out of range [ 466.658237][ T7894] netlink: zone id is out of range [ 466.667004][ T7894] netlink: zone id is out of range [ 466.673986][ T7894] netlink: zone id is out of range [ 467.803403][ T7911] ipvlan0: entered promiscuous mode [ 467.814880][ T7911] ipvlan0: left promiscuous mode [ 468.146988][ T7914] loop8: detected capacity change from 0 to 1024 [ 468.246542][ C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 468.718448][ T7922] loop2: detected capacity change from 0 to 128 [ 468.856259][ T30] audit: type=1800 audit(1751025625.476:36): pid=7922 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.707" name="file1" dev="loop2" ino=1048639 res=0 errno=0 [ 469.722646][ T7936] loop7: detected capacity change from 0 to 1024 [ 470.477038][ T7949] macsec2: entered promiscuous mode [ 470.482637][ T7949] mac80211_hwsim hwsim4 wlan0: entered promiscuous mode [ 470.492056][ T7949] macsec2: entered allmulticast mode [ 470.497854][ T7949] mac80211_hwsim hwsim4 wlan0: entered allmulticast mode [ 470.530677][ T7952] capability: warning: `syz.8.721' uses 32-bit capabilities (legacy support in use) [ 470.605656][ T7951] pim6reg: tun_chr_ioctl cmd 1074812118 [ 470.726535][ T5801] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 470.727379][ T5802] Bluetooth: hci0: command 0x0406 tx timeout [ 470.878151][ T7954] loop7: detected capacity change from 0 to 1024 [ 470.994090][ T7954] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 471.007163][ T7954] ext4 filesystem being mounted at /17/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 471.103853][ T7962] EXT4-fs error (device loop7): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters [ 471.162144][ T7962] EXT4-fs (loop7): Remounting filesystem read-only [ 471.459047][ T7485] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 471.894290][ T7970] loop8: detected capacity change from 0 to 2048 [ 471.998012][ T7974] netlink: 4 bytes leftover after parsing attributes in process `syz.0.731'. [ 472.093939][ T7970] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 472.274740][ T7978] loop2: detected capacity change from 0 to 512 [ 472.423365][ T7585] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 472.871161][ T7986] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 472.878999][ T7986] IPv6: NLM_F_CREATE should be set when creating new route [ 473.039011][ T7990] loop8: detected capacity change from 0 to 256 [ 473.039488][ T7978] EXT4-fs (loop2): Test dummy encryption mode enabled [ 473.052961][ T7978] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 473.092305][ T7990] exFAT-fs (loop8): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 473.103660][ T7990] exFAT-fs (loop8): Medium has reported failures. Some data may be lost. [ 473.132945][ T7978] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a00cc018, mo2=0002] [ 473.146274][ T7978] System zones: 1-12 [ 473.158005][ T7978] EXT4-fs (loop2): 1 truncate cleaned up [ 473.170842][ T7978] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 473.329207][ T7990] exFAT-fs (loop8): failed to load upcase table (idx : 0x00010000, chksum : 0x9eba79a2, utbl_chksum : 0xe619d30d) [ 473.751002][ T5805] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 473.759478][ T7990] exFAT-fs (loop8): error, invalid access to FAT (entry 0xffffffff) [ 473.769486][ T7990] exFAT-fs (loop8): Filesystem has been set read-only [ 474.278637][ T1590] kernel write not supported for file /uhid (pid: 1590 comm: kworker/1:2) [ 475.488237][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 475.494994][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 476.259061][ T8033] netlink: 8 bytes leftover after parsing attributes in process `syz.7.756'. [ 476.268568][ T8033] netlink: 8 bytes leftover after parsing attributes in process `syz.7.756'. [ 476.516788][ T8038] loop1: detected capacity change from 0 to 1024 [ 477.088740][ T8046] netlink: 8 bytes leftover after parsing attributes in process `syz.7.761'. [ 477.282435][ T8048] loop8: detected capacity change from 0 to 512 [ 477.293331][ T8048] EXT4-fs: Ignoring removed bh option [ 477.305347][ T8048] EXT4-fs (loop8): mounting ext3 file system using the ext4 subsystem [ 477.366642][ C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 477.392011][ T8048] EXT4-fs (loop8): 1 truncate cleaned up [ 477.401544][ T8048] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 477.933120][ T7585] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 478.967468][ T5801] Bluetooth: hci0: command 0x0406 tx timeout [ 478.973926][ T5802] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 479.058723][ T8081] netlink: 28 bytes leftover after parsing attributes in process `syz.7.774'. [ 479.911432][ T8080] loop8: detected capacity change from 0 to 32768 [ 479.922419][ T8080] XFS (loop8): Invalid device [./file1], error=-15 [ 480.916299][ T8092] netlink: 12 bytes leftover after parsing attributes in process `syz.0.782'. [ 481.065989][ T8097] netlink: 'syz.1.783': attribute type 5 has an invalid length. [ 481.074245][ T8097] netlink: 24 bytes leftover after parsing attributes in process `syz.1.783'. [ 481.801620][ T42] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 481.996275][ T42] usb 1-1: Using ep0 maxpacket: 32 [ 482.022632][ T42] usb 1-1: config index 0 descriptor too short (expected 27904, got 36) [ 482.035078][ T42] usb 1-1: config 0 has too many interfaces: 159, using maximum allowed: 32 [ 482.044382][ T42] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 482.054926][ T42] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 159 [ 482.146128][ T42] usb 1-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 482.155664][ T42] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 482.164185][ T42] usb 1-1: Product: syz [ 482.169352][ T42] usb 1-1: Manufacturer: syz [ 482.174241][ T42] usb 1-1: SerialNumber: syz [ 482.225668][ T8110] loop1: detected capacity change from 0 to 512 [ 482.235398][ T42] usb 1-1: config 0 descriptor?? [ 482.253144][ T8110] EXT4-fs (loop1): couldn't mount as ext2 due to feature incompatibilities [ 482.520981][ T8102] ALSA: mixer_oss: invalid OSS volume 'AðÅ–' [ 482.528026][ T8102] ALSA: mixer_oss: invalid OSS volume '' [ 482.593421][ T42] usb 1-1: USB disconnect, device number 2 [ 483.067374][ T5802] Bluetooth: hci0: unexpected event for opcode 0x0c03 [ 485.318967][ T8145] team0: No ports can be present during mode change [ 485.659947][ T30] audit: type=1326 audit(1751025642.216:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8152 comm="syz.1.810" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae539 code=0x7ffc0000 [ 485.682402][ T30] audit: type=1326 audit(1751025642.236:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8152 comm="syz.1.810" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae539 code=0x7ffc0000 [ 485.704907][ T30] audit: type=1326 audit(1751025642.276:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8152 comm="syz.1.810" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf70ae539 code=0x7ffc0000 [ 485.727658][ T30] audit: type=1326 audit(1751025642.276:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8152 comm="syz.1.810" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae539 code=0x7ffc0000 [ 485.750001][ T30] audit: type=1326 audit(1751025642.276:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8152 comm="syz.1.810" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae539 code=0x7ffc0000 [ 485.772665][ T30] audit: type=1326 audit(1751025642.286:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8152 comm="syz.1.810" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf70ae539 code=0x7ffc0000 [ 485.795099][ T30] audit: type=1326 audit(1751025642.286:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8152 comm="syz.1.810" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae539 code=0x7ffc0000 [ 485.817559][ T30] audit: type=1326 audit(1751025642.286:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8152 comm="syz.1.810" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae539 code=0x7ffc0000 [ 485.840089][ T30] audit: type=1326 audit(1751025642.306:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8152 comm="syz.1.810" exe="/root/syz-executor" sig=0 arch=40000003 syscall=237 compat=1 ip=0xf70ae539 code=0x7ffc0000 [ 485.862532][ T30] audit: type=1326 audit(1751025642.306:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8152 comm="syz.1.810" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae539 code=0x7ffc0000 [ 486.519583][ T8163] loop7: detected capacity change from 0 to 256 [ 486.575232][ T8163] exFAT-fs (loop7): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 486.590433][ T8163] exFAT-fs (loop7): Medium has reported failures. Some data may be lost. [ 486.711032][ T8163] exFAT-fs (loop7): failed to load upcase table (idx : 0x00010000, chksum : 0x9eba79a2, utbl_chksum : 0xe619d30d) [ 486.758862][ T8165] netlink: 4 bytes leftover after parsing attributes in process `syz.0.815'. [ 487.117333][ T8163] exFAT-fs (loop7): error, invalid access to FAT (entry 0xffffffff) [ 487.127179][ T8163] exFAT-fs (loop7): Filesystem has been set read-only [ 487.197958][ T8163] exFAT-fs (loop7): error, invalid access to FAT (entry 0xffffffff) [ 487.230543][ T8163] exFAT-fs (loop7): error, invalid access to FAT (entry 0xffffffff) [ 488.666724][ T8191] netlink: 72 bytes leftover after parsing attributes in process `syz.7.828'. [ 488.937497][ T9] usb 9-1: new high-speed USB device number 3 using dummy_hcd [ 489.080788][ T8199] netlink: 'syz.2.831': attribute type 10 has an invalid length. [ 489.115346][ T9] usb 9-1: config 0 has an invalid interface number: 1 but max is 0 [ 489.123859][ T9] usb 9-1: config 0 has no interface number 0 [ 489.181590][ T8199] team0: Port device geneve1 added [ 489.207750][ T9] usb 9-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 489.218634][ T9] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 489.227162][ T9] usb 9-1: Product: syz [ 489.231605][ T9] usb 9-1: Manufacturer: syz [ 489.236628][ T9] usb 9-1: SerialNumber: syz [ 489.260473][ T9] usb 9-1: config 0 descriptor?? [ 489.497237][ T9] usb 9-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state [ 489.545204][ T9] usb 9-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 489.567494][ T9] dvbdev: DVB: registering new adapter (E3C EC168 reference design) [ 489.573427][ T8203] loop0: detected capacity change from 0 to 256 [ 489.575746][ T9] usb 9-1: media controller created [ 489.676410][ T8203] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 489.688823][ T8203] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 489.702044][ T8193] usb 9-1: dvb_usb_ec168: I2C read not implemented [ 489.720520][ T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 489.802587][ T8203] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x9eba79a2, utbl_chksum : 0xe619d30d) [ 489.943232][ T8205] nbd: socks must be embedded in a SOCK_ITEM attr [ 489.950767][ T8205] block nbd1: shutting down sockets [ 490.065346][ T8203] exFAT-fs (loop0): error, invalid access to FAT (entry 0xffffffff) [ 490.074327][ T8203] exFAT-fs (loop0): Filesystem has been set read-only [ 490.088185][ T9] i2c i2c-1: ec100: i2c rd failed=-71 reg=33 [ 490.136540][ T8203] exFAT-fs (loop0): error, invalid access to FAT (entry 0xffffffff) [ 490.149026][ T8208] loop2: detected capacity change from 0 to 512 [ 490.159142][ T8203] exFAT-fs (loop0): error, invalid access to FAT (entry 0xffffffff) [ 490.361230][ T8208] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 490.756413][ T9] usb 9-1: USB disconnect, device number 3 [ 490.943358][ T8219] loop0: detected capacity change from 0 to 128 [ 490.959477][ T5805] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 492.199065][ T8236] loop2: detected capacity change from 0 to 512 [ 492.363775][ T8236] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 492.377574][ T8236] ext4 filesystem being mounted at /197/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 492.645328][ T8246] loop1: detected capacity change from 0 to 256 [ 492.711449][ T8246] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 492.723075][ T8246] exFAT-fs (loop1): Medium has reported failures. Some data may be lost. [ 492.767529][ T8249] loop7: detected capacity change from 0 to 256 [ 492.887508][ T8249] FAT-fs (loop7): unable to read block(8925478924) for building NFS inode [ 492.927510][ T8246] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x9eba79a2, utbl_chksum : 0xe619d30d) [ 492.967412][ T5805] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 493.323917][ T8246] exFAT-fs (loop1): error, invalid access to FAT (entry 0xffffffff) [ 493.332581][ T8246] exFAT-fs (loop1): Filesystem has been set read-only [ 493.386542][ T8246] exFAT-fs (loop1): error, invalid access to FAT (entry 0xffffffff) [ 493.925640][ T8260] loop8: detected capacity change from 0 to 1024 [ 494.414113][ T4184] hfsplus: bad catalog file entry [ 494.478711][ T4184] hfsplus: b-tree write err: -5, ino 3 [ 495.089273][ T8268] loop1: detected capacity change from 0 to 32768 [ 495.100166][ T8268] XFS (loop1): Invalid device [./file1], error=-15 [ 495.286570][ C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 497.168424][ T8302] loop2: detected capacity change from 0 to 256 [ 497.197531][ T8302] exFAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 497.209940][ T8302] exFAT-fs (loop2): Medium has reported failures. Some data may be lost. [ 497.406645][ T8302] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x9eba79a2, utbl_chksum : 0xe619d30d) [ 497.771937][ T8302] exFAT-fs (loop2): error, invalid access to FAT (entry 0xffffffff) [ 497.781098][ T8302] exFAT-fs (loop2): Filesystem has been set read-only [ 497.832320][ T8302] exFAT-fs (loop2): error, invalid access to FAT (entry 0xffffffff) [ 497.923569][ T8302] exFAT-fs (loop2): error, invalid access to FAT (entry 0xffffffff) [ 499.171623][ T8317] loop7: detected capacity change from 0 to 32768 [ 499.188461][ T8317] XFS (loop7): Invalid device [./file1], error=-15 [ 500.154661][ T8332] loop8: detected capacity change from 0 to 1024 [ 500.271565][ T8332] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 500.426263][ T30] audit: type=1326 audit(1751025913.029:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8336 comm="syz.7.889" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f56539 code=0x7ffc0000 [ 500.449381][ T30] audit: type=1326 audit(1751025913.039:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8336 comm="syz.7.889" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f56539 code=0x7ffc0000 [ 500.574636][ T8332] EXT4-fs warning (device loop8): ext4_expand_extra_isize_ea:2848: Unable to expand inode 12. Delete some EAs or run e2fsck. [ 500.616595][ T30] audit: type=1326 audit(1751025913.119:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8336 comm="syz.7.889" exe="/root/syz-executor" sig=0 arch=40000003 syscall=277 compat=1 ip=0xf7f56539 code=0x7ffc0000 [ 500.638982][ T30] audit: type=1326 audit(1751025913.119:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8336 comm="syz.7.889" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f56539 code=0x7ffc0000 [ 500.661721][ T30] audit: type=1326 audit(1751025913.119:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8336 comm="syz.7.889" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f56539 code=0x7ffc0000 [ 500.685217][ T30] audit: type=1326 audit(1751025913.129:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8336 comm="syz.7.889" exe="/root/syz-executor" sig=0 arch=40000003 syscall=279 compat=1 ip=0xf7f56539 code=0x7ffc0000 [ 500.708554][ T30] audit: type=1326 audit(1751025913.129:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8336 comm="syz.7.889" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f56539 code=0x7ffc0000 [ 500.731214][ T30] audit: type=1326 audit(1751025913.129:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8336 comm="syz.7.889" exe="/root/syz-executor" sig=0 arch=40000003 syscall=280 compat=1 ip=0xf7f56539 code=0x7ffc0000 [ 500.753921][ T30] audit: type=1326 audit(1751025913.129:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8336 comm="syz.7.889" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f56539 code=0x7ffc0000 [ 500.776729][ T30] audit: type=1326 audit(1751025913.139:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8336 comm="syz.7.889" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f56539 code=0x7ffc0000 [ 501.150768][ T7585] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 502.073339][ T8359] netlink: 8 bytes leftover after parsing attributes in process `syz.0.900'. [ 502.226160][ T8362] loop8: detected capacity change from 0 to 256 [ 502.257702][ T8362] exfat: Deprecated parameter 'namecase' [ 502.362701][ T8362] exFAT-fs (loop8): failed to load upcase table (idx : 0x00017f3e, chksum : 0x0b83170a, utbl_chksum : 0xe619d30d) [ 502.806709][ T8369] loop0: detected capacity change from 0 to 1024 [ 504.375687][ T8391] tipc: Started in network mode [ 504.381138][ T8391] tipc: Node identity @, cluster identity 4711 [ 504.388446][ T8391] tipc: Enabling of bearer rejected, failed to enable media [ 505.647259][ T30] kauditd_printk_skb: 1 callbacks suppressed [ 505.647341][ T30] audit: type=1326 audit(1751025918.269:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8405 comm="syz.0.923" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f15539 code=0x7ffc0000 [ 505.676388][ T30] audit: type=1326 audit(1751025918.269:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8405 comm="syz.0.923" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f15539 code=0x7ffc0000 [ 505.699111][ T30] audit: type=1326 audit(1751025918.319:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8405 comm="syz.0.923" exe="/root/syz-executor" sig=0 arch=40000003 syscall=329 compat=1 ip=0xf7f15539 code=0x7ffc0000 [ 505.721513][ T30] audit: type=1326 audit(1751025918.319:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8405 comm="syz.0.923" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f15539 code=0x7ffc0000 [ 505.744443][ T30] audit: type=1326 audit(1751025918.339:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8405 comm="syz.0.923" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7f15539 code=0x7ffc0000 [ 505.767502][ T30] audit: type=1326 audit(1751025918.339:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8405 comm="syz.0.923" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f15539 code=0x7ffc0000 [ 505.793052][ T30] audit: type=1326 audit(1751025918.379:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8405 comm="syz.0.923" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f15539 code=0x7ffc0000 [ 505.858647][ T8408] loop1: detected capacity change from 0 to 256 [ 505.914598][ T30] audit: type=1326 audit(1751025918.469:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8405 comm="syz.0.923" exe="/root/syz-executor" sig=0 arch=40000003 syscall=255 compat=1 ip=0xf7f15539 code=0x7ffc0000 [ 505.937706][ T30] audit: type=1326 audit(1751025918.469:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8405 comm="syz.0.923" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f15539 code=0x7ffc0000 [ 505.963602][ T30] audit: type=1326 audit(1751025918.499:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8405 comm="syz.0.923" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f15539 code=0x7ffc0000 [ 506.031229][ T8408] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x39626d3b, utbl_chksum : 0xe619d30d) [ 506.237296][ T8408] exFAT-fs (loop1): error, data size is invalid(150994954) [ 506.248938][ T8408] exFAT-fs (loop1): Filesystem has been set read-only [ 506.393068][ T8414] exFAT-fs (loop1): error, invalid access to FAT (entry 0xffffffff) [ 506.433257][ T8413] loop2: detected capacity change from 0 to 1024 [ 506.543473][ T8413] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 506.561156][ T8413] ext4 filesystem being mounted at /208/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 506.815204][ T8413] EXT4-fs error (device loop2): ext4_readdir:264: inode #2: block 16: comm syz.2.925: path /208/file1: bad entry in directory: rec_len is smaller than minimal - offset=876, inode=0, rec_len=0, size=1024 fake=0 [ 506.883789][ T8413] EXT4-fs (loop2): Remounting filesystem read-only [ 507.207731][ T5805] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 509.337515][ T8453] loop0: detected capacity change from 0 to 1024 [ 509.407578][ T8453] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 509.418035][ T8453] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (42152!=20869) [ 509.428631][ T8453] EXT4-fs (loop0): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 509.470034][ T8453] EXT4-fs error (device loop0): ext4_get_journal_inode:5796: inode #5: comm syz.0.943: unexpected bad inode w/o EXT4_IGET_BAD [ 509.527091][ T8453] EXT4-fs (loop0): no journal found [ 509.532635][ T8453] EXT4-fs (loop0): can't get journal size [ 509.564856][ T8453] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 509.693309][ T5800] EXT4-fs error (device loop0): __ext4_iget:5379: inode #15: block 1803188595: comm syz-executor: invalid block [ 509.725738][ T5800] EXT4-fs error (device loop0): __ext4_iget:5379: inode #15: block 1803188595: comm syz-executor: invalid block [ 510.160372][ T6586] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 510.418026][ T8466] netlink: 4 bytes leftover after parsing attributes in process `syz.7.950'. [ 510.461892][ T8466] netlink: 277 bytes leftover after parsing attributes in process `syz.7.950'. [ 510.471562][ T8466] netlink: 277 bytes leftover after parsing attributes in process `syz.7.950'. [ 510.732377][ T3959] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 510.921776][ T3959] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 511.081559][ T3959] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 511.296972][ T3959] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 511.299316][ T8476] netlink: 20 bytes leftover after parsing attributes in process `syz.8.954'. [ 511.396354][ T8476] bond0: invalid ARP target 0.0.0.0 specified for addition [ 511.404062][ T8476] bond0: option arp_ip_target: invalid value (0) [ 511.708722][ T3959] bridge_slave_1: left promiscuous mode [ 511.715537][ T3959] bridge0: port 2(bridge_slave_1) entered disabled state [ 511.761318][ T3959] bridge_slave_0: left allmulticast mode [ 511.772731][ T3959] bridge_slave_0: left promiscuous mode [ 511.779909][ T3959] bridge0: port 1(bridge_slave_0) entered disabled state [ 512.221108][ T3959] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 512.240770][ T3959] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 512.264399][ T3959] bond0 (unregistering): Released all slaves [ 512.363512][ T3959] tipc: Left network mode [ 512.519854][ T3959] mac80211_hwsim hwsim4 wlan0 (unregistering): left allmulticast mode [ 512.529737][ T3959] mac80211_hwsim hwsim4 wlan0 (unregistering): left promiscuous mode [ 512.680795][ T3959] hsr_slave_0: left promiscuous mode [ 512.707002][ T3959] hsr_slave_1: left promiscuous mode [ 512.715165][ T3959] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 512.723265][ T3959] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 512.752707][ T3959] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 512.760920][ T3959] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 512.799951][ T3959] veth1_macvtap: left promiscuous mode [ 512.805794][ T3959] veth0_macvtap: left promiscuous mode [ 512.812009][ T3959] veth1_vlan: left promiscuous mode [ 512.817951][ T3959] veth0_vlan: left promiscuous mode [ 514.064889][ T3959] team0 (unregistering): Port device team_slave_1 removed [ 514.093143][ T3959] team0 (unregistering): Port device team_slave_0 removed [ 514.175483][ T5801] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 514.185611][ T5801] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 514.197349][ T5801] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 514.212900][ T5801] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 514.225463][ T5801] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 515.627053][ T8489] chnl_net:caif_netlink_parms(): no params data found [ 516.108665][ T8514] netlink: 45 bytes leftover after parsing attributes in process `syz.8.970'. [ 516.249886][ T5801] Bluetooth: hci2: command tx timeout [ 517.144958][ T8489] bridge0: port 1(bridge_slave_0) entered blocking state [ 517.152866][ T8489] bridge0: port 1(bridge_slave_0) entered disabled state [ 517.161197][ T8489] bridge_slave_0: entered allmulticast mode [ 517.171412][ T8489] bridge_slave_0: entered promiscuous mode [ 517.279895][ T8489] bridge0: port 2(bridge_slave_1) entered blocking state [ 517.288006][ T8489] bridge0: port 2(bridge_slave_1) entered disabled state [ 517.296182][ T8489] bridge_slave_1: entered allmulticast mode [ 517.312017][ T8489] bridge_slave_1: entered promiscuous mode [ 517.687770][ T8489] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 517.760417][ T8489] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 518.001523][ T8489] team0: Port device team_slave_0 added [ 518.051744][ T8489] team0: Port device team_slave_1 added [ 518.326270][ T5801] Bluetooth: hci2: command tx timeout [ 518.400712][ T8489] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 518.409860][ T8489] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 518.436809][ T8489] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 518.505710][ T8489] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 518.513160][ T8489] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 518.540148][ T8489] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 519.064785][ T8489] hsr_slave_0: entered promiscuous mode [ 519.075419][ T8489] hsr_slave_1: entered promiscuous mode [ 519.084839][ T8489] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 519.092840][ T8489] Cannot create hsr debugfs directory [ 520.082129][ T30] audit: type=1400 audit(1751025932.609:68): apparmor="DENIED" operation="stack_onexec" class="file" info="label not found" error=-2 profile="unconfined" name=3A203A2020202030 pid=8552 comm="syz.7.988" [ 520.340285][ T8489] netdevsim netdevsim9 netdevsim0: renamed from eth0 [ 520.397802][ T8489] netdevsim netdevsim9 netdevsim1: renamed from eth1 [ 520.408821][ T5801] Bluetooth: hci2: command tx timeout [ 520.504168][ T8489] netdevsim netdevsim9 netdevsim2: renamed from eth2 [ 520.592758][ T8489] netdevsim netdevsim9 netdevsim3: renamed from eth3 [ 521.777581][ T8489] 8021q: adding VLAN 0 to HW filter on device bond0 [ 521.965104][ T8489] 8021q: adding VLAN 0 to HW filter on device team0 [ 522.019019][ T8577] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 522.071575][ T3433] bridge0: port 1(bridge_slave_0) entered blocking state [ 522.079352][ T3433] bridge0: port 1(bridge_slave_0) entered forwarding state [ 522.209733][ T3433] bridge0: port 2(bridge_slave_1) entered blocking state [ 522.217491][ T3433] bridge0: port 2(bridge_slave_1) entered forwarding state [ 522.487124][ T5801] Bluetooth: hci2: command tx timeout [ 523.613950][ T8595] loop1: detected capacity change from 0 to 1024 [ 523.901689][ T8595] hfsplus: can't free extent [ 524.154782][ T8489] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 526.126992][ T8624] netlink: 4 bytes leftover after parsing attributes in process `syz.8.1015'. [ 526.704028][ T8489] veth0_vlan: entered promiscuous mode [ 526.830507][ T8489] veth1_vlan: entered promiscuous mode [ 527.140521][ T8489] veth0_macvtap: entered promiscuous mode [ 527.250226][ T8489] veth1_macvtap: entered promiscuous mode [ 527.407957][ T8489] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 527.523430][ T8489] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 527.639937][ T8489] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 527.649476][ T8489] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 527.658750][ T8489] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 527.667927][ T8489] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 528.325153][ T8640] loop2: detected capacity change from 0 to 512 [ 528.396287][ T8640] EXT4-fs (loop2): Test dummy encryption mode enabled [ 528.403557][ T8640] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 528.504464][ T8640] EXT4-fs error (device loop2): ext4_orphan_get:1419: comm syz.2.1021: bad orphan inode 131083 [ 528.616615][ T8640] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 528.747266][ T4184] Bluetooth: hci5: Frame reassembly failed (-84) [ 529.362983][ T8640] fscrypt: AES-256-CBC-CTS using implementation "cts(cbc(ecb(aes-fixed-time)))" [ 529.804197][ T5805] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 529.846859][ C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 530.322453][ T8662] netlink: 'syz.8.1026': attribute type 1 has an invalid length. [ 530.331622][ T8662] netlink: 4 bytes leftover after parsing attributes in process `syz.8.1026'. [ 530.817705][ T5802] Bluetooth: hci5: command 0x1003 tx timeout [ 530.824382][ T5801] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 532.218298][ T8681] loop8: detected capacity change from 0 to 4096 [ 532.684045][ T8681] ntfs3(loop8): Mark volume as dirty due to NTFS errors [ 532.923510][ T8698] netlink: 2 bytes leftover after parsing attributes in process `syz.7.1037'. [ 533.137232][ T4184] ntfs3(loop8): ino=9, ntfs3_write_inode failed, -22. [ 533.178236][ T7585] ntfs3(loop8): ino=9, ntfs_sync_fs failed, -22. [ 533.651330][ T8705] netlink: 5 bytes leftover after parsing attributes in process `syz.7.1042'. [ 533.661468][ T8705] 0ªX¹¦D: renamed from gretap0 (while UP) [ 533.749576][ T8705] 0ªX¹¦D: entered allmulticast mode [ 533.757824][ T8705] net_ratelimit: 2 callbacks suppressed [ 533.757904][ T8705] A link change request failed with some changes committed already. Interface 30ªX¹¦D may have been left with an inconsistent configuration, please check. [ 533.874423][ T60] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 533.884036][ T60] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 534.140970][ T4134] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 534.149450][ T4134] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 534.799595][ T5857] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 535.169393][ T8724] loop1: detected capacity change from 0 to 1024 [ 535.251270][ T8724] EXT4-fs: Ignoring removed nomblk_io_submit option [ 535.417670][ T8724] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 535.666084][ T8724] EXT4-fs (loop1): shut down requested (1) [ 536.384295][ T5857] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 536.396184][ T5857] usb 8-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 536.410730][ T5857] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 536.420396][ T5857] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 536.453625][ T5795] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 536.480618][ T8718] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22 [ 536.503036][ T5857] usb 8-1: Quirk or no altset; falling back to MIDI 1.0 [ 536.921566][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 536.928749][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 537.042847][ T8735] netlink: 12 bytes leftover after parsing attributes in process `syz.9.1050'. [ 537.146957][ T5857] usb 8-1: USB disconnect, device number 3 [ 537.230443][ T8739] loop1: detected capacity change from 0 to 256 [ 537.442075][ T8738] loop8: detected capacity change from 0 to 2048 [ 537.480708][ T8739] FAT-fs (loop1): Directory bread(block 64) failed [ 537.487731][ T8739] FAT-fs (loop1): Directory bread(block 65) failed [ 537.494844][ T8739] FAT-fs (loop1): Directory bread(block 66) failed [ 537.502065][ T8739] FAT-fs (loop1): Directory bread(block 67) failed [ 537.509300][ T8739] FAT-fs (loop1): Directory bread(block 68) failed [ 537.516387][ T8739] FAT-fs (loop1): Directory bread(block 69) failed [ 537.523379][ T8739] FAT-fs (loop1): Directory bread(block 70) failed [ 537.532596][ T8739] FAT-fs (loop1): Directory bread(block 71) failed [ 537.539844][ T8739] FAT-fs (loop1): Directory bread(block 72) failed [ 537.546883][ T8739] FAT-fs (loop1): Directory bread(block 73) failed [ 537.621238][ T8738] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 537.783665][ T8738] EXT4-fs (loop8): shut down requested (0) [ 538.169593][ T7585] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 538.941211][ T8760] netlink: 'syz.1.1062': attribute type 10 has an invalid length. [ 538.978009][ T8760] team0: Port device dummy0 added [ 539.817698][ T8772] delete_channel: no stack [ 540.145005][ T8768] loop8: detected capacity change from 0 to 8192 [ 541.102247][ T8787] netlink: 4 bytes leftover after parsing attributes in process `syz.9.1074'. [ 541.212258][ T8791] loop7: detected capacity change from 0 to 64 [ 542.565469][ T8809] cifs: Unknown parameter 'f,' [ 542.893371][ T8811] syz.8.1084: attempt to access beyond end of device [ 542.893371][ T8811] loop17: rw=0, sector=2, nr_sectors = 2 limit=0 [ 542.907485][ T8811] syz.8.1084: attempt to access beyond end of device [ 542.907485][ T8811] loop17: rw=0, sector=16, nr_sectors = 2 limit=0 [ 543.893444][ T8825] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1090'. [ 544.076182][ T5853] usb 2-1: new full-speed USB device number 5 using dummy_hcd [ 544.272755][ T5853] usb 2-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43 [ 544.282629][ T5853] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 544.317478][ T5853] usb 2-1: config 0 descriptor?? [ 544.378817][ T5853] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state. [ 544.529251][ T5857] usb 9-1: new full-speed USB device number 4 using dummy_hcd [ 544.586420][ T5853] gp8psk: usb in 128 operation failed. [ 544.754216][ T5857] usb 9-1: unable to get BOS descriptor or descriptor too short [ 544.801284][ T5857] usb 9-1: not running at top speed; connect to a high speed hub [ 544.802486][ T5853] gp8psk: FW Version = 12.160.214 (0xca0d6) Build 2146/135/53 [ 544.843782][ T5857] usb 9-1: config 187 interface 0 altsetting 8 endpoint 0x6 has an invalid bInterval 0, changing to 10 [ 544.855676][ T5857] usb 9-1: config 187 interface 0 altsetting 8 endpoint 0x6 has invalid maxpacket 576, setting to 64 [ 544.870627][ T5857] usb 9-1: config 187 interface 0 altsetting 8 has an invalid descriptor for endpoint zero, skipping [ 544.882169][ T5857] usb 9-1: config 187 interface 0 altsetting 8 endpoint 0x5 has invalid wMaxPacketSize 0 [ 544.892456][ T5857] usb 9-1: config 187 interface 0 altsetting 8 endpoint 0x2 has invalid maxpacket 512, setting to 64 [ 544.903824][ T5857] usb 9-1: config 187 interface 0 altsetting 8 endpoint 0x8 has invalid maxpacket 1023, setting to 64 [ 544.915313][ T5857] usb 9-1: config 187 interface 0 has no altsetting 0 [ 545.009118][ T5853] gp8psk: usb in 149 operation failed. [ 545.014900][ T5853] gp8psk: failed to get FPGA version [ 545.068644][ T5853] gp8psk: usb in 138 operation failed. [ 545.074425][ T5853] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 545.085600][ T5853] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-19) [ 545.110578][ T5857] usb 9-1: New USB device found, idVendor=0582, idProduct=0012, bcdDevice=e2.be [ 545.120857][ T5857] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 545.129354][ T5857] usb 9-1: Product: syz [ 545.133813][ T5857] usb 9-1: Manufacturer: syz [ 545.139059][ T5857] usb 9-1: SerialNumber: syz [ 545.161366][ T5853] usb 2-1: USB disconnect, device number 5 [ 545.262154][ T8827] raw-gadget.1 gadget.8: fail, usb_ep_enable returned -22 [ 545.438025][ T8494] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 545.543787][ T5857] usb 9-1: Quirk or no altset; falling back to MIDI 1.0 [ 545.619737][ T8494] usb 3-1: Using ep0 maxpacket: 32 [ 545.634614][ T8494] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 545.646618][ T8494] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 545.656928][ T8494] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 545.666416][ T8494] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 545.678045][ T5857] usb 9-1: USB disconnect, device number 4 [ 545.705151][ T8494] usb 3-1: config 0 descriptor?? [ 546.196439][ T8494] savu 0003:1E7D:2D5A.0006: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.2-1/input0 [ 546.322234][ T8844] loop7: detected capacity change from 0 to 4096 [ 546.454982][ T9] usb 3-1: USB disconnect, device number 4 [ 546.557406][ T5853] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 546.734115][ T5853] usb 2-1: config 0 interface 0 altsetting 238 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 546.746274][ T5853] usb 2-1: config 0 interface 0 altsetting 238 endpoint 0x81 has invalid wMaxPacketSize 0 [ 546.756725][ T5853] usb 2-1: config 0 interface 0 has no altsetting 0 [ 546.763814][ T5853] usb 2-1: New USB device found, idVendor=1a34, idProduct=f705, bcdDevice= 0.00 [ 546.773307][ T5853] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 546.866105][ T5853] usb 2-1: config 0 descriptor?? [ 547.323581][ T5853] acrux 0003:1A34:F705.0007: item fetching failed at offset 5/7 [ 547.361627][ T5853] acrux 0003:1A34:F705.0007: parse failed [ 547.368771][ T5853] acrux 0003:1A34:F705.0007: probe with driver acrux failed with error -22 [ 547.560628][ T5853] usb 2-1: USB disconnect, device number 6 [ 547.740036][ T8858] loop2: detected capacity change from 0 to 1024 [ 548.130688][ T3433] hfsplus: b-tree write err: -5, ino 4 [ 548.676155][ T8870] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1111'. [ 548.782062][ T8872] loop1: detected capacity change from 0 to 256 [ 550.515364][ T8896] tap0: tun_chr_ioctl cmd 2147767506 [ 550.635174][ T8898] loop2: detected capacity change from 0 to 1024 [ 550.711870][ T8889] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 551.138339][ T4305] hfsplus: b-tree write err: -5, ino 4 [ 552.000040][ T8918] bond1: entered promiscuous mode [ 552.005425][ T8918] bond1: entered allmulticast mode [ 552.022059][ T8918] 8021q: adding VLAN 0 to HW filter on device bond1 [ 552.767521][ T8930] netlink: 12 bytes leftover after parsing attributes in process `syz.7.1138'. [ 552.777247][ T8930] smc: net device bond0 applied user defined pnetid SYZ2 [ 552.808453][ T8930] smc: net device bond0 erased user defined pnetid SYZ2 [ 553.782265][ T8948] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1146'. [ 554.170347][ T5853] usb 9-1: new full-speed USB device number 5 using dummy_hcd [ 554.326152][ T5802] Bluetooth: hci4: command 0x0406 tx timeout [ 554.397213][ T5853] usb 9-1: config 0 has no interfaces? [ 554.428315][ T5853] usb 9-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=ed.ae [ 554.438270][ T5853] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 554.446768][ T5853] usb 9-1: Product: syz [ 554.451236][ T5853] usb 9-1: Manufacturer: syz [ 554.456297][ T5853] usb 9-1: SerialNumber: syz [ 554.477210][ T5853] usb 9-1: config 0 descriptor?? [ 554.791257][ T8951] netlink: 136 bytes leftover after parsing attributes in process `syz.8.1147'. [ 554.800871][ T8951] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check. [ 554.908152][ T5857] usb 9-1: USB disconnect, device number 5 [ 556.272295][ T8982] loop8: detected capacity change from 0 to 1024 [ 556.882637][ T8992] loop1: detected capacity change from 0 to 64 [ 557.896845][ T9005] loop8: detected capacity change from 0 to 256 [ 558.152036][ T9005] exFAT-fs (loop8): failed to load upcase table (idx : 0x00010000, chksum : 0x905a013b, utbl_chksum : 0xe619d30d) [ 558.647130][ T9013] netlink: 24 bytes leftover after parsing attributes in process `syz.7.1178'. [ 558.759279][ T9013] netlink: 24 bytes leftover after parsing attributes in process `syz.7.1178'. [ 559.389389][ T9022] loop2: detected capacity change from 0 to 256 [ 560.374572][ T9035] blkio.reset_stats is deprecated [ 561.069521][ T9047] netlink: 12 bytes leftover after parsing attributes in process `syz.7.1194'. [ 561.134308][ T9051] block nbd1: NBD_DISCONNECT [ 563.629027][ T9079] loop8: detected capacity change from 0 to 4096 [ 563.643103][ T9079] ntfs3(loop8): Different NTFS sector size (1024) and media sector size (512). [ 563.976728][ T9089] loop9: detected capacity change from 0 to 128 [ 564.048557][ T9079] ntfs3(loop8): MFT: r=b, expect seq=0 instead of b! [ 564.156416][ T30] audit: type=1800 audit(1751025976.779:69): pid=9089 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.9.1214" name="file1" dev="loop9" ino=1048655 res=0 errno=0 [ 564.567532][ T5802] Bluetooth: hci1: command 0x0406 tx timeout [ 564.668839][ T9091] loop1: detected capacity change from 0 to 4096 [ 564.718561][ T9091] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [ 564.956839][ T9091] ntfs3(loop1): ino=1a, mi_enum_attr [ 564.962572][ T9091] ntfs3(loop1): Mark volume as dirty due to NTFS errors [ 565.136879][ T9091] ntfs3(loop1): ino=1e, "file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" ni_find_attr [ 565.660330][ T5853] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 565.856088][ T5853] usb 3-1: Using ep0 maxpacket: 16 [ 565.876384][ T5853] usb 3-1: config 1 interface 0 altsetting 93 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 565.880668][ T9113] loop7: detected capacity change from 0 to 128 [ 565.887792][ T5853] usb 3-1: config 1 interface 0 altsetting 93 bulk endpoint 0x82 has invalid maxpacket 96 [ 565.887944][ T5853] usb 3-1: config 1 interface 0 altsetting 93 bulk endpoint 0x3 has invalid maxpacket 8 [ 565.888095][ T5853] usb 3-1: config 1 interface 0 altsetting 93 has 3 endpoint descriptors, different from the interface descriptor's value: 18 [ 565.888257][ T5853] usb 3-1: config 1 interface 0 has no altsetting 0 [ 565.922759][ T5853] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 565.950538][ T5853] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 565.960723][ T5853] usb 3-1: SerialNumber: syz [ 566.092998][ T9108] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 566.106154][ T30] audit: type=1800 audit(1751025978.719:70): pid=9113 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.1226" name="file1" dev="loop7" ino=1048656 res=0 errno=0 [ 566.136945][ T9108] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 566.158008][ T3433] FAT-fs (loop7): error, invalid FAT chain (i_pos 548, last_block 8) [ 566.167042][ T3433] FAT-fs (loop7): Filesystem has been set read-only [ 566.174095][ T3433] FAT-fs (loop7): error, corrupted file size (i_pos 548, 522) [ 566.431704][ T9108] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 566.447228][ T9108] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 566.954407][ T5853] cdc_ether 3-1:1.0 usb0: register 'cdc_ether' at usb-dummy_hcd.2-1, CDC Ethernet Device, 42:42:42:42:42:42 [ 567.198120][ T5853] usb 3-1: USB disconnect, device number 5 [ 567.207867][ T5853] cdc_ether 3-1:1.0 usb0: unregister 'cdc_ether' usb-dummy_hcd.2-1, CDC Ethernet Device [ 568.095288][ T9138] autofs: Bad value for 'fd' [ 570.339453][ T9174] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1254'. [ 570.684421][ T9182] netlink: 830 bytes leftover after parsing attributes in process `syz.8.1258'. [ 571.247326][ T5853] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 571.453330][ T5853] usb 3-1: Using ep0 maxpacket: 32 [ 571.479688][ T5853] usb 3-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 571.490654][ T5853] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 571.516452][ T9198] loop9: detected capacity change from 0 to 64 [ 571.549309][ T5853] usb 3-1: config 0 descriptor?? [ 571.818621][ T5853] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 571.845642][ T5853] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 571.870719][ T5853] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 571.886250][ T5853] usb 3-1: media controller created [ 571.975120][ T5853] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 572.064050][ T9185] ===================================================== [ 572.072669][ T9185] BUG: KMSAN: kernel-infoleak in _copy_to_user+0xcc/0x120 [ 572.080272][ T9185] _copy_to_user+0xcc/0x120 [ 572.090703][ T9185] i2cdev_ioctl_smbus+0x586/0x660 [ 572.098079][ T9185] compat_i2cdev_ioctl+0x48f/0xb40 [ 572.103440][ T9185] __ia32_compat_sys_ioctl+0x7f9/0x1270 [ 572.109416][ T9185] ia32_sys_call+0x2d07/0x42c0 [ 572.114394][ T9185] __do_fast_syscall_32+0xb0/0x150 [ 572.120019][ T9185] do_fast_syscall_32+0x38/0x80 [ 572.125105][ T9185] do_SYSENTER_32+0x1f/0x30 [ 572.129965][ T9185] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 572.136698][ T9185] [ 572.139140][ T9185] Uninit was stored to memory at: [ 572.144648][ T9185] ------------[ cut here ]------------ [ 572.150421][ T9185] WARNING: CPU: 0 PID: 9185 at kernel/stacktrace.c:29 stack_trace_print+0xd4/0xf0 [ 572.160498][ T9185] Modules linked in: [ 572.164608][ T9185] CPU: 0 UID: 0 PID: 9185 Comm: syz.2.1259 Not tainted 6.16.0-rc3-syzkaller-00190-g67a993863163 #0 PREEMPT(undef) [ 572.177110][ T9185] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 572.194014][ T9185] RIP: 0010:stack_trace_print+0xd4/0xf0 [ 572.201904][ T9185] Code: 3c 7d 02 92 89 de ba 20 00 00 00 4c 89 e1 e8 d3 8a 4d ff 49 83 c6 08 49 ff cd 0f 85 6e ff ff ff eb 0b e8 0f aa c3 00 eb d4 90 <0f> 0b 90 5b 41 5c 41 5d 41 5e 41 5f 5d e9 0a 7c f4 0e cc 66 0f 1f [ 572.221950][ T9185] RSP: 0018:ffff888058423818 EFLAGS: 00010246 [ 572.228430][ T9185] RAX: ffff8881186dac18 RBX: 0000000000000000 RCX: 0000000000000000 [ 572.236739][ T9185] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 572.244909][ T9185] RBP: ffff888058423840 R08: 0000000000000000 R09: 0000000000000000 [ 572.253477][ T9185] R10: ffff888057c23858 R11: 0000000000000001 R12: 0000000000000000 [ 572.261759][ T9185] R13: 00000000abcd0100 R14: 0000000000000000 R15: 0000000000000000 [ 572.270138][ T9185] FS: 0000000000000000(0000) GS:ffff8881aa87d000(0063) knlGS:00000000f511eb40 [ 572.279450][ T9185] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 572.292940][ T9185] CR2: 000000000c45bc62 CR3: 000000002a898000 CR4: 00000000003526f0 [ 572.303210][ T9185] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 572.311662][ T9185] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 572.320000][ T9185] Call Trace: [ 572.323445][ T9185] [ 572.326660][ T9185] kmsan_print_origin+0xb0/0x340 [ 572.331888][ T9185] ? stack_trace_print+0xbd/0xf0 [ 572.337274][ T9185] kmsan_report+0x1d3/0x320 [ 572.342040][ T9185] ? kmsan_internal_check_memory+0x1e1/0x230 [ 572.348439][ T9185] ? kmsan_copy_to_user+0xf1/0x190 [ 572.353838][ T9185] ? _copy_to_user+0xcc/0x120 [ 572.358846][ T9185] ? i2cdev_ioctl_smbus+0x586/0x660 [ 572.364346][ T9185] ? compat_i2cdev_ioctl+0x48f/0xb40 [ 572.370758][ T9185] ? __ia32_compat_sys_ioctl+0x7f9/0x1270 [ 572.376872][ T9185] ? ia32_sys_call+0x2d07/0x42c0 [ 572.381996][ T9185] ? __do_fast_syscall_32+0xb0/0x150 [ 572.387647][ T9185] ? do_fast_syscall_32+0x38/0x80 [ 572.399754][ T9185] ? do_SYSENTER_32+0x1f/0x30 [ 572.407018][ T9185] ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 572.413916][ T9185] ? __pfx_az6027_i2c_xfer+0x10/0x10 [ 572.419677][ T9185] ? __i2c_transfer+0x11cd/0x3110 [ 572.424960][ T9185] ? kmsan_get_metadata+0xfb/0x160 [ 572.430544][ T9185] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 572.437370][ T9185] ? kmsan_get_metadata+0xfb/0x160 [ 572.442793][ T9185] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 572.449189][ T9185] ? __i2c_smbus_xfer+0x1e93/0x2f60 [ 572.454785][ T9185] ? kmsan_get_metadata+0xfb/0x160 [ 572.460489][ T9185] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 572.466904][ T9185] kmsan_internal_check_memory+0x1e1/0x230 [ 572.473047][ T9185] kmsan_copy_to_user+0xf1/0x190 [ 572.478435][ T9185] _copy_to_user+0xcc/0x120 [ 572.483186][ T9185] i2cdev_ioctl_smbus+0x586/0x660 [ 572.488812][ T9185] compat_i2cdev_ioctl+0x48f/0xb40 [ 572.501014][ T9185] ? __pfx_compat_i2cdev_ioctl+0x10/0x10 [ 572.509157][ T9185] __ia32_compat_sys_ioctl+0x7f9/0x1270 [ 572.515022][ T9185] ? kmsan_get_metadata+0xfb/0x160 [ 572.520571][ T9185] ? kmsan_get_metadata+0xfb/0x160 [ 572.526321][ T9185] ia32_sys_call+0x2d07/0x42c0 [ 572.531323][ T9185] __do_fast_syscall_32+0xb0/0x150 [ 572.536908][ T9185] do_fast_syscall_32+0x38/0x80 [ 572.542049][ T9185] do_SYSENTER_32+0x1f/0x30 [ 572.547003][ T9185] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 572.553629][ T9185] RIP: 0023:0xf712e539 [ 572.558023][ T9185] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 572.578088][ T9185] RSP: 002b:00000000f511e55c EFLAGS: 00000206 ORIG_RAX: 0000000000000036 [ 572.587356][ T9185] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000000720 [ 572.602182][ T9185] RDX: 0000000080000680 RSI: 0000000000000000 RDI: 0000000000000000 [ 572.612333][ T9185] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 572.620722][ T9185] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 572.629087][ T9185] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 572.637445][ T9185] [ 572.640605][ T9185] ---[ end trace 0000000000000000 ]--- [ 572.646435][ T9185] [ 572.648915][ T9185] Local variable msgbuf1.i created at: [ 572.654519][ T9185] __i2c_smbus_xfer+0x86a/0x2f60 [ 572.659968][ T9185] i2c_smbus_xfer+0x31d/0x4d0 [ 572.664916][ T9185] [ 572.667618][ T9185] Bytes 0-1 of 2 are uninitialized [ 572.672917][ T9185] Memory access of size 2 starts at ffff888058423c86 [ 572.680042][ T9185] Data copied to user address 0000000080000400 [ 572.686533][ T9185] [ 572.689056][ T9185] CPU: 0 UID: 0 PID: 9185 Comm: syz.2.1259 Tainted: G W 6.16.0-rc3-syzkaller-00190-g67a993863163 #0 PREEMPT(undef) [ 572.709007][ T9185] Tainted: [W]=WARN [ 572.712981][ T9185] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 572.725201][ T9185] ===================================================== [ 572.742227][ T9185] Disabling lock debugging due to kernel taint [ 572.750317][ T9185] Kernel panic - not syncing: kmsan.panic set ... [ 572.756959][ T9185] CPU: 0 UID: 0 PID: 9185 Comm: syz.2.1259 Tainted: G B W 6.16.0-rc3-syzkaller-00190-g67a993863163 #0 PREEMPT(undef) [ 572.770909][ T9185] Tainted: [B]=BAD_PAGE, [W]=WARN [ 572.776085][ T9185] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 572.786322][ T9185] Call Trace: [ 572.789737][ T9185] [ 572.792800][ T9185] __dump_stack+0x26/0x30 [ 572.797359][ T9185] dump_stack_lvl+0x53/0x270 [ 572.802159][ T9185] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 572.808263][ T9185] dump_stack+0x1e/0x25 [ 572.812646][ T9185] panic+0x4bd/0xd50 [ 572.816818][ T9185] kmsan_report+0x31c/0x320 [ 572.821553][ T9185] ? kmsan_internal_check_memory+0x1e1/0x230 [ 572.827744][ T9185] ? kmsan_copy_to_user+0xf1/0x190 [ 572.833069][ T9185] ? _copy_to_user+0xcc/0x120 [ 572.838039][ T9185] ? i2cdev_ioctl_smbus+0x586/0x660 [ 572.843464][ T9185] ? compat_i2cdev_ioctl+0x48f/0xb40 [ 572.848980][ T9185] ? __ia32_compat_sys_ioctl+0x7f9/0x1270 [ 572.854932][ T9185] ? ia32_sys_call+0x2d07/0x42c0 [ 572.860046][ T9185] ? __do_fast_syscall_32+0xb0/0x150 [ 572.865541][ T9185] ? do_fast_syscall_32+0x38/0x80 [ 572.870753][ T9185] ? do_SYSENTER_32+0x1f/0x30 [ 572.875624][ T9185] ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 572.882397][ T9185] ? __pfx_az6027_i2c_xfer+0x10/0x10 [ 572.887919][ T9185] ? __i2c_transfer+0x11cd/0x3110 [ 572.893139][ T9185] ? kmsan_get_metadata+0xfb/0x160 [ 572.898501][ T9185] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 572.905079][ T9185] ? kmsan_get_metadata+0xfb/0x160 [ 572.910432][ T9185] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 572.916606][ T9185] ? __i2c_smbus_xfer+0x1e93/0x2f60 [ 572.922042][ T9185] ? kmsan_get_metadata+0xfb/0x160 [ 572.927678][ T9185] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 572.933776][ T9185] kmsan_internal_check_memory+0x1e1/0x230 [ 572.939840][ T9185] kmsan_copy_to_user+0xf1/0x190 [ 572.945019][ T9185] _copy_to_user+0xcc/0x120 [ 572.949721][ T9185] i2cdev_ioctl_smbus+0x586/0x660 [ 572.954980][ T9185] compat_i2cdev_ioctl+0x48f/0xb40 [ 572.960488][ T9185] ? __pfx_compat_i2cdev_ioctl+0x10/0x10 [ 572.966321][ T9185] __ia32_compat_sys_ioctl+0x7f9/0x1270 [ 572.972111][ T9185] ? kmsan_get_metadata+0xfb/0x160 [ 572.977486][ T9185] ? kmsan_get_metadata+0xfb/0x160 [ 572.982865][ T9185] ia32_sys_call+0x2d07/0x42c0 [ 572.987824][ T9185] __do_fast_syscall_32+0xb0/0x150 [ 572.993171][ T9185] do_fast_syscall_32+0x38/0x80 [ 572.998237][ T9185] do_SYSENTER_32+0x1f/0x30 [ 573.002933][ T9185] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 573.009516][ T9185] RIP: 0023:0xf712e539 [ 573.013750][ T9185] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 573.033599][ T9185] RSP: 002b:00000000f511e55c EFLAGS: 00000206 ORIG_RAX: 0000000000000036 [ 573.042230][ T9185] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000000720 [ 573.050413][ T9185] RDX: 0000000080000680 RSI: 0000000000000000 RDI: 0000000000000000 [ 573.058543][ T9185] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 573.066706][ T9185] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 573.074965][ T9185] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 573.083152][ T9185] [ 573.086723][ T9185] Kernel Offset: disabled [ 573.091175][ T9185] Rebooting in 86400 seconds..