last executing test programs: 2m57.903160574s ago: executing program 32 (id=48): r0 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) write$binfmt_elf32(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="7f454c4604070003070000000000000002000300030000000903000038000000fc81000000000000000020000100050000000000000000000300000008000000f30000007f00000004"], 0x58) r1 = inotify_init1(0x0) inotify_add_watch(r1, &(0x7f0000000340)='./file0\x00', 0x203) close(r0) execve(&(0x7f0000000400)='./file0\x00', 0x0, 0x0) 2m28.925518736s ago: executing program 33 (id=241): bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_mount_image$exfat(&(0x7f0000001500), &(0x7f00000013c0)='./file0\x00', 0x10090, &(0x7f00000000c0)=ANY=[@ANYRES64=0x0], 0x1, 0x14e4, &(0x7f0000001540)="$eJzs3Hl0VUXWKPDaVXUgxBivERkCtWsfuGKAIiIiMoiIDCIiIiIiMomAgBEREQERAjKJGBCReYiIDAEBkSFCROZ5knky0oiIiMgkk0C9hd39+Lrtb/G91/0ef2T/1qqV2vfcve8+2Vm559y1kp+7DK3RqGbVBkQk/i3w1y+pQogYIcRAIcRtQohACFE2oWzCteN5FKT+ey/C/rOeybjZHbCbieefs/H8czaef87G88/ZeP45G88/Z+P552w8f8Zysq0zCt7OK+cu/vw/J+P3/5yN55+z8fxzNp5/zsbzz0n0nx7h+edsPP+cjeefs/H8GcvJbvbnz7xu7rrZP3+MMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxnKGC/46LYT4+/5m98UYY4wxxhhjjLH/HJ/7ZnfAGGOMMcYYY4yx//dASKGEFoHIJXKLGJFHxIpbRJy4VcSL20RE3C4SxB0ir7hT5BP5RQFRUCSKQqKwMAKFFSRCUUQUFVFxlygm7hZJorgoIUoKJ0qJZHGPKC3uFWXEfaKsuF+UEw+I8qKCqCgqiQdFZfGQqCIeFlXFI6KaqC5qiJriUVFLPCZqi8dFHfGEqCueFPXEU6K+eFo0EM+IhuJZ0Ug8JxqL50UT0VQ0E81Fi/+r/LdED/G26Cl6iVTRW/QR74i+op/oLwaIgeJdMUi8JwaL90WaGCKGig/EMPGhGC4+EiPESDFKjBZjxFgxTowXE8REkS4+FpPEJ2Ky+FRMEVPFNDFdZIgZYqb4TMwSs8Uc8bmYK74Q88R8sUAsFJniS7FILBZZ4iuxRHwtloplYrlYIVaKVWK1WCPWinVivdggNopNYrPYIraKb8Q2sV3sEDvFLrFb7BF7xT6xXxwQ34ps8d3/Yf75f8rvCgIESJCgQUMuyAUxEAOxEAtxEAfxEA8RiEACJEBeyAv5IB8UgAKQCIlQGAoDAgIBQREoAlGIQjEoBkmQBCWgBDhwkAzJUBruhTJQBspCWSgH5aA8VIAKUAkqQWWoDFWgClSFqlANqkENqAGPwqPwGNSG2lAH6kBdqAv1oB7Uh/rQABpAQ2gIjaARNIbG0ASaQDNoBi2gBbSEltAKWkEbaANtoS20h/aQAinQATpAO+gInaATdIbO0AW6QFfoBt3gLXgL3oa3oRdUk72hD/SBvtAX+sMAGADvwiB4D96D9yENhsBQ+AA+gA9hOJyDETASRsEoqCzHwjgYDyQnQjqkwySYBJNhMkyBqTAVpkMGzICZMBNmwWyYDZ/DXPgCvoD5MB8WQiZkwiJYDFmQBUvgPCyFZbAcVsBKWAUrYQ2shTWwHjbAetgEm2ALbIFv4BsYDdthJ+yE3bAb9sJe2A/7IQ2yIRsOwkE4BIfgMByGI3AEjsJROAbH4DgchxNwAk7CKTgNp+AsnIVzcB4uwAW4BJfgMryR+GPD3cXXpQl5jZZa5pK5ZIyMkbEyVsbJOBkv42VERmSCTJB5ZV6ZT+aTBWQBmSgTZWFZWKJESTKURWQRGZVRWUwWk0kySZaQJaSTTibLZFlalpZlZBlZVt4vy8kHZHlZQbZ2lWQlWVm2cVXkw7KqrCqryeqyhqwpa8paspasLWvLOrKOrCvrynryKVlf9ob+8Iy8NplGcgg0lkOhiWwqm8nm8kN4QbaUw6GVbC3byJfkSBgB7WVLlyJfkR3kOOgoX5Pj4XXZWU6ELvJN2VV2k93lW7KHbOV6yl5yCvSWfeR06Cv7yf5ygJwF1eW1idWQ78s0OUQOlR/IhfChHC4/kiPkSDlKjpZj5Fg5To6XE+REmS4/lpPkJ3Ky/FROkVPlNDldZsgZcqb8TM6Ss+Uc+bmcK7+Q8+R8uUAulJnyS7lILpZZ8iu5RH4tl8plcrlcIVfKVXK1XCPXynVyvdwgN8pNcrPcIrfKb+Q2uV3ukDvlLrlb7pF75T65Xx6Q38ps+Z08KP8iD8nv5WH5gzwif5RH5U/ymPxZHpe/yBPyV3lSnpKn5Rl5Vv4mz8nz8oK8KC/J3+VleUVelV4KBUoqpbQKVC6VW8WoPCpW3aLi1K0qXt2mIup2laDuUHnVnSqfyq8KqIIqURVShZVRqKwiFaoiqqiKqrtUMXW3SlLFVQlVUjlVSiWre1Rpda8qo+5TZdX9qpx6QJVXFVRFVUk9qCqrh1QV9bCqqh5R1VR1VUPVVI+qWuoxVVs9ruqoJ1Rd9aSqp55S9dXTqoF6RjVUz6pG6jnVWD2vmqimqplqrlqoF1RL9aJqpVqrNuol1Va1U+3VyypFvaI6qFdVR/Wa6qReV53VG6qLelN1Vd1Ud3VFXVVe9VS9VKrqrfqod1Rf1U/1VwPUQPWuGqTeU4PV+ypNDVFD1QdqmPpQDVcfqRFqpBqlRqsxaqwap8arCWqiSlcfq0nqEzVZfaqmqKlqmpquMtQM1f9vleb8D/I/+Rf5g/949S1qq/pGbVPb1Q61U+1Su9UetUftU/vUAXVAZatsdVAdVIfUIXVYHVZH1BF1VB1Vx9QxdVwdVyfUCXVSnVIX1Rl1Vv2mzqnz6ry6qC6pS+ry374HQoOWWmmtA51L59YxOo+O1bfoOH2rjte36Yi+XSfoO3RefafOp/PrArqgTtSFdGFtNGqrSYe6iC6qo/ouXUzfrZN0cV1Cl9ROl9LJ+p5/O/9G/bXQLXRL3VK30q10G91Gt9VtdXvdXqfoFN1Bd9AddUfdSXfSnXVn3UV30V11V91dd9c9dA/dU/fUqTpV99Hv6L66n+6vB+iB+l09SA/Sg/VgnabT9FA9VA/Tw/RwPVyP0CP0KD1Kj9Fj9Dg9Tk/QE3S6TteT9CQ9WU/WU/QUPU1P0xk6Q8/UM/UsPUvP0XP0XD1Xz9Pz9AK9QGfqTL1IL9JZOksv0Uv0Ur1ML9Mr9Aq9Sq/Sa/QavU6v0xv0Br1Jb9JL9Va9VW/T2/QOvUPv0rv0Hr1H79P79AF9QGfrbH1QH9SH9CF9WB/WR/QRfVQf1cf0MX1cH9cn9Al9Up/Up/VpfVaf1ef0OX1BX9CX9CV9WV/WV/XVa5d9gQxkoAMd5ApyBTFBTBAbxAZxQVwQH8QHkSASJAQJQd7gziBfkD8oEBQMEoNCQeHABBjYgIIwKBIUDaLBXUGx4O4gKSgelAhKBi4oFSQH9wSlg3uDMsF9Qdng/qBc8EBQPqgQVAwqBQ8GlYOHgirBw0HV4JGgWlA9qBHUDB4NagWPBbWDx4M6wRNB3eDJoF7wVFA/eDpoEDwTNAyeDRoFzwWNg+eDJkHToFnQPGjxH63v/bn8L7qeppdJNb1NH/OO6Wv6mf5mgBlo3jWDzHtmsHnfpJkhZqj5wAwzH5rh5iMzwow0o8xoM8aMNePMeDPBTDTp5mMzyXxiJptPzRQz1Uwz002GmWFmms/MLDPbzDGfm7nmCzPPzDcLzEKTab40i8xik2W+MkvM12apWWaWmxVmpVllVps1Zq1ZZ9abDWaj2WQ2my1mq/nGbDPbzQ6z0+wyu80es9fsM/vNAfOtyTbfmYPmL+aQ+d4cNj+YI+ZHc9T8ZI6Zn81x84s5YX41J80pc9qcMWfNb+acOW8umIvmkvndXDZXzFXjr13cX3t7R40ac2EujMEYjMVYjMM4jMd4jGAEEzAB82JezIf5sAAWwERMxMJYGK8hJCyCRTCKUSyGxTAJk7AElkCHDpMxGUtjaSyDZbAslsVyWA7LY3msiBXxQXwQH8KH8GF8GB/BR7A6VseaWBNrYS2sjbWxDtbBulgX62E9rI/1sQE2wIbYEBthI2yMjbEJNsFm2AxbYAtsiS2xFbbCNtgG22JbbI/tMQVTsAN2wI7YETthJ+yMnbELdsGu2BW7Y3fsgT2wJ/bEVEzFPtgH+2Jf7I/9cSAOxEE4CAfjYEzDNByKQ3EYDsPhOBxH4EgchaNxDI7FcTgeJ+BETMd0nISTcDJOxik4BafhNMzADJyJM3EWzsI5OAfn4lych/NwAS7ATMzERbgIszALl+ASXIpLcTkux5W4ElfjalyLa3E9rseNuBE342bciltxG27DHbgDd+Eu3IN7cB/uwwN4ALMxGw/iQTyEh/AwHsYjeASP4lE8hsfwOB7HE3gCT+JJPI2n8SyexXN4Di/gBbyEv+NlvIJX0WOMzWNj7S02zt5q4+1t9p/jAragTbSFbGFrbD6b/x9itNYm2eK2hC1pnS1lk+09f4rL2wq2oq1kH7SV7UO2yp/iWvYxW9s+buvYJ2xN++g/xHXtk7aefc7Wt8/bBrapbWib20b2OdvYPm+b2Ka2mW1u29p2tr192abYV2wH++qf4kV2sV1r19n1doPdZ/fbC/aiPWZ/tpfs77an7WUH2nftIPueHWzft2l2yJ/iUXa0HWPH2nF2vJ1gJ/4pnman2ww7w860n9lZdvaf4kz7pZ1rs+w8O98usAv/iK/1lGW/skvs1zYav8wutyvsSrvKrrZrrt2o/9HrCrvJbrZb7B67126z2+0Ou9Pusrv/iK+dxwH7rc2239mj9id7yH5vD9vj9oj98Y/42vkdt7/YE/ZXe9KesqftGXvW/mbP2fN/nP+1cz9jr9ir1ltBQJIUaQooF+WmGMpDsXQLxdGtFE+3UYRupwS6g/LSnZSP8lMBKkiJVIgKkyEkS0QhFaGiFKW7qBjdTUlUnEpQSXJUipLpHipN91IZuo/K0v1Ujh6g8lSBKlIlepAq00NUhR6mqvQIVaPqVINq0qNUix6j2vQ41aEnqC49SfXoKapPT1MDeoYa0rPUiJ6jxvQ8NaGm1IyaUwt6gVrSi9SKWlMbeonaUjtqTy9TCr1CHehV6kivUSd6nTrTG9SF3qSu1I2601vUg96mntSLUqk39aF3qC/1o/40gAbSuzSI3qPB9D6l0RAaSh/QMPqQhtNHNIJG0igaTWNoLI2j8TSBJlI6fUyT6BOaTJ/SFJpK02g6ZdAMmkmf0SyaTXPoc5pLX9A8mk8LaCFl0pe0iBZTlhZC0Ne0lJbRclpBK2kVraY1tJbW0XraQBtpE22mLbSVvqFttJ120E7aRbtpD+2lfbSfDtC3lE3f0UH6Cx2i7+kw/UBH6Ec6Sj/RMfqZjtMvdIJ+pZN0ik7TGTpLv9E5Ok8X6CJdot/pMl2hq+RJhBDKUIU6DMJcYe4wJswTxoa3hHHhrWF8eFsYCW8PE8I7wrzhnWG+MH9YICwYJoaFwsKhCTG0IYVhWCQsGkbDu8Ji4d1hUlg8LBGWDF1YKkwO7wlLh/eGZcL7wrLh/WG58IGwfFghfO6JSuGDYeXwobBK+HBYNXwkrBZWD2uENcNHw1rhY2Ht8PGwTvhEWCZ8MqwXPhXWD58OG4TPhA3DZ8NG4XNh4/D5sEnYNGwWNg9bhC+ELcMXw1Zh67BN+FLYNmwXtg9fDlPCV8IO4as3PJ4a9g77hO+E74TeP64WRBdGM6NfRhdFF0ezol9Fl0S/ji6NLosuj66Iroyuiq6Oromuja6Lro9uiG6Mbopujm6Jel8zt3DgpFNOu8DlcrldjMvjYt0tLs7d6uLdbS7ibncJ7g6X193p8rn8roAr6BJdIVfYGYfOOnKhK+KKuqi7yxVzd7skV9yVcCWdc6VcsmvuWrgWrqV70bVyrV0b95J7ybVz7dzL7mX3iuvgXnUd3Wuuk3vddXZvuDfcm66r6+a6u7dcD/e26+l6uVSX6vq4Pq6v6+v6u/5uoBvoBrlBbrAb7NJcmhvqhrphbpgb7oa7EW6EG+VGuTFujBvnxrkJboJLd+lukpvkJrvJboqb4qa5aS7DZbiZbqab5Wa5OW6Om5s0181z89wCt8Bluky3yC1yWS7LLXFL3FK31C13y91Kt9KtdqvdWrfWrXfr3Ua30W12m91Wt9Vtc9vcDrfD7XK73B63x+1z+9wBd8Blu2x30B10h9whd9j94I64H91R95M75n52x90v7oT71Z10p9xpd8addb+5c+68u+Auukvud3fZXXFXnXfpkY8jkyKfRCZHPo1MiUyNTItMj2REZkRmRj6LzIrMjsyJfB6ZG/kiMi8yP7IgsjCSGfkysiiyOJIV+SqyJPJ1ZGlkWWR5ZEVkZWRVxPtC20JfxBf1UX+XL+bv9km+uC/hS3rnS/lkf48v7e/1Zfx9vqy/35fzD/jyvoKv6J/3TXxT38w39y38C76lf9G38q19G/+Sb+vb+fb+ZZ/iX/Ed/Ku+o3/Nd/Kv+87+Dd/Fv+m7+m6+u3/L9/Bv+56+l0/1vX0f/47v6/v5/n6AH+jf9YP8e36wf9+n+SF+qP/AD/Mf+uH+Iz/Cj/Sj/Gg/xo/14/x4P8FP9On+Yz/Jf+In+0/9FD/VT/PTfYaf4Wf6z/wsP9vP8Z/7uf4LP8/P9wv8Qp/pv/SL/GKf5b/yS/zXfqlf5pf7FX6lX+VX+zV+rV/n1/sNfqPf5Df7LX6r/8Zv89v9Dr/T7/K7/R6/1+/z+/0B/63P9t/5g/4v/pD/3h/2P/gj/scLR/1P/pj/2R/3v/gT/ld/0p/yp/0Zf9b/5s/58/6Cv+gv+d/9ZX/FX+W/WWOMMcYY+x9RNzje+188Jv+2rukjhLh1e8Ej/1xzY76/7vvJxLYRIcQrvbo88/dVrVpqaurfnrtUiaDofCFEROT6e/4fm8hf98tEG9FOpIjWovS/7K+f7HaJblA/er8Qsf8lJ0Zcj32vv9e/97+pP3buDevPFyKp6PWcPOJ6fL3/Mv9N/fwtb1A/z/fpQrT6Lzlx4np8vX6yeFG8KlL+4ZmMMcYYY4wxxthf9ZMVO93o/vba/Xmivp6TW1yPb3R/zhhjjDHGGGOMsZvv9W7dX34hJaV1J97whje8+d+bm/2biTHGGGOMMfafdv2i/2Z3whhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOM5Vz/P/6d2M0+R8YYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY+xm+18BAAD//w60Myw=") chmod(&(0x7f0000000880)='./file0/file0\x00', 0x1c1) 2m16.076777242s ago: executing program 34 (id=304): bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={r1, 0x2000300, 0xe, 0x0, &(0x7f0000000000)="63eced8e46dc3f0adf3389f7b986", 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 2m13.289922314s ago: executing program 35 (id=328): r0 = syz_open_dev$loop(&(0x7f0000000100), 0x3, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='blkio.bfq.io_service_time_recursive\x00', 0x275a, 0x0) write$binfmt_misc(r1, &(0x7f0000000000)="180c4552", 0x4) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x500, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[], 0x50}}, 0x200c405a) write$binfmt_misc(r1, &(0x7f0000000040), 0xe09) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000400)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x204, 0x0, 0x0, 0x0, 0xc, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d2d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}}) 2m1.325683119s ago: executing program 7 (id=305): syz_mount_image$udf(&(0x7f0000000f00), &(0x7f00000000c0)='./file1\x00', 0x800, &(0x7f0000001040)=ANY=[@ANYBLOB='uid=', @ANYRESDEC=0x0, @ANYBLOB="2c756e64656c6574652c6e6f7672732c6164696e6963622c766f6c756d653d30303030303030303030303030303030303030322c7569643d666f726765742c6769643d666f726765742c6e6f7374726963742c6e6f7672732c0085f95733019d784ca386da1fd41ffabd4b47acca2b8d488be702157dd8711c31732d"], 0xff, 0xc2d, &(0x7f00000001c0)="$eJzs3U9sHNd9B/DfGy3FldxWTOwoThoXm7ZIZcVy9S+mYhXuqqbZBpBlIhRzC8AVSakLUyRBUo1spAXTSw89BCiKHnIi0BoFUjQwmiLokWldILn4UOTUE9HCRlD0wBYBcgoYzOxbcUmRNi2KEmV9Pjb13Z19b+a9eesZWdCbFwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAxB+8cun0mfSwWwEAPEhXRr96+qz7PwA8Vq76/38AAAAAAAAAAAAAADjoUhTxZKSYu7KWxqv3HfXL7b5bt8eGhrevdiRVNQ9V5cuf+pmz585/6YXBC9283J75gPr322fjtdGrlxovz96cm59aWJiabIzNtCdmJ6d2vYe91t/qZHUCGjdfvzV5/fpC4+zz5zZ9fHvg/f4njg9cHHz21DPdsmNDw8OjG0XqveVr99yQjp1meByOIk5Fiue+99PUiogi9n4u6g927Lc6UnXiZNWJsaHhqiPT7dbMYvnhSPdEFBGNnkrN7jnafiyi1vdA+7CzZsRS2fyywSfL7o3OteZb16anGiOt+cX2Ynt2ZiR1Wlv2pxFFXEgRyxGx2n/37vqiiFqk+M6xtXQtIg51z8MXq4nBO7ej2Mc+7kLZzkZfxHLxCIzZAdYfRbwaKX72zomYyNeZ6lrzhYhXy/xBxFtlvhSRyi/G+Yj3tvke8WiqRRF/WY7/xbU0WV0PuteVy19rfGXm+mxP2e515SPeH+66Ujyk+8ORLflgHPBrUz2KaFVX/LV077/ZAQAAAAAAAAAAAAAAAOB+OxJFfCZSvPIff1LNK45qXvqxi4N/OPCrvXPGn/6Q/ZRln4+IpWJ3c3IP54mBI2kkpYc8l/hxVo8i/jTP//vWw24MAAAAAAAAAAAAAAAAAADAY62In0SKF989kZajd03x9syNxtXWtenOqrDdtX+7a6avr6+vN1InmznHcy7lXM65knM1ZxS5fs5mzvGcSzmXc67kXM0Zh3L9nM2c4zmXci7nXMm5mjNquX7OZs7xnEs5l3Ou5FzNGQdk7V4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgI+TIor4RaT49jfWUqSIaEaMRydX+h926wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAUn8q4vuRovFHzTvbahGRqn87TpS/nI/m4TI/Gc3BMl+K5qWcrSprzW89hPazN32piB9Hiv7623cGPI9/X+fdna9BvPXNjXefrXXyUPfDgff7nzh+7OLg8G88vdPrtF0DTl5uz9y63RgbGh4e7dlcy0f/ZM+2gXzc4v50nYhYeOPN11vT01Pz9/6i/Arsofoj9CLVHpeeelG9iNqBaMbD6TuPgfL+/16k+N13/7N7w+/c/+vxK513d+7w8fM/27j/v7h1R7u8/9e21sv3//Kevt39/8mebS/m34301SLqizfn+o5H1BfeePNU+2brxtSNqZnzp09/eXDwy+dO9x2OqF9vT0/1vLovpwsAAAAAAAAAAAAAAADgwUlF/H6kaP14LTUi4nY1X2vg4uCzp545FIeq+Vab5m2/Nnr1UuPl2Ztz81MLC1OTjbGZ9sTs5NRuD1evpnuNDQ3vS2c+1JF9bv+R+suzc2/Mt2/88eK2nx+tX7q2sDjfmtj+4zgSRUSzd8vJqsFjQ8NVo6fbrZmq6si2k+k/ur5UxH9FionzjfT5vC3P/986w3/T/P+lrTvap/n/n+jZVh4zpSJ+Hil+56+ejs9X7Twad52zXO7vIsXJC5/L5eJwWa7bhs5zBTozA8uy/xcp/ukXm8t250M+uVH2zK5P7COiHP9jkeL7f/Hd+M28bfPzH7Yf/6Nbd7RP4/9Uz7ajm55XsOeuk8f/VKR46cm347fytg96/kf32RsncuE7z+fYp/H/VM+2gXzc374/XQcAAAAAAAAAAHik9aUi/j5S/HC4ll7I23bz9/8mt+5on/7+16d7tk3en/WKPvTFnk8qAAAAABwQfamIn0SKG4tv35lDvXn+d8/8z9/bmP85lLZ8Wv05369Vzw24n3/+12sgH3d8790GAAAAAAAAAAAAAAAAAACAAyWlIl7I66mPV/P5J3dcT30lUrzyP8/lcul4Wa67DvxA9Wv9yuzMqUvT07MTrcXWtempxuhca2KqrPtUpFj728/lukW1vnp3vfnOGu8ba7HPR4rhf+iW7azF3l2b/KmNsmfKsp+IFP/9j5vLdtex/tRG2bNl2b+JFF//l+3LHt8oe64s+91I8aOvN7plj5Zlu89H/fRG2ecnZot9GBUAAAAAAAAAAAAAAAAAAAAeN32piD+PFP97c/nOXP68/n9fz9vKW9/sWe9/i9vVOv8D1fr/O72+l/X/q+cKLO10VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+HhKUcSbkWLuylpa6S/fd9Qvt2du3R4bGt6+2pFU1TxUlS9/6mfOnjv/pRcGL3Tzg+vfb5+J10avXmq8PHtzbn5qYWFqsjE2056YnZza9R72Wn+rk9UJaNx8/dbk9esLjbPPn9v08e2B9/ufOD5wcfDZU890y44NDQ+P9pSp9d3z0e+Sdth+OIr460jx3Pd+mn7YH1HE3s/Fh3x39tuRqhMnq06MDQ1XHZlut2YWyw9HuieiiGj0VGp2z9EDGIs9aUYslc0vG3yy7N7oXGu+dW16qjHSml9sL7ZnZ0ZSp7VlfxpRxIUUsRwRq/13764ving9Unzn2Fr61/6IQ93z8MUro189fXbndhT72MddKNvZ6ItYLh6BMTvA+qOIf44UP3vnRPxbf0QtOj/xhYhXy/xBxFvRGe9UfjHOR7y3zfeIR1Mtivj/cvwvrqV3+svrQfe6cvlrja/MXJ/tKdu9rjzy94cH6YBfm+pRxI+qK/5a+nf/XQMAAAAAAAAAAAAAAAAcIEX8eqR48d0TqZoffGdOcXvmRuNq69p0Z1pfd+5fd870+vr6eiN1splzPOdSzuWcKzlXc0aR6+dslllfXx/P75dyLudcybmaMw7l+jmbOcdzLuVczrmSczVn1HL9nM2c4zmXci7nXMm5mjMOyNw9AAAAAAAAAAAAAAAAAADg46Wo/knx7W+spfX+zvrS49HJFeuBfuz9MgAA//8hX/ir") creat(&(0x7f0000000100)='./bus\x00', 0x44) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x301400, 0x0) r0 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0) pwritev2(r0, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x78c00}], 0x1, 0x7a00, 0x0, 0x3) statfs(&(0x7f0000000300)='./file0\x00', 0x0) 2m0.42697295s ago: executing program 7 (id=382): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='pids.current\x00', 0x26e1, 0x0) close(r0) bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x1, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b7020000f7ffffffbfa70000000000003702000020febfff7a0af0fff8ff00f869a4f0ff00000000b70600001218d1fe2d640500000000002404000000ffffffd404000040000000b704000010000020620700fe00000000850000002f000000b70000000a00000095000000000000006458c2c62fca868f0399d909a63396c113943219aab9d607000000cb3924b611f5969f62c28b22edf3cf393d14c46cc4f79fd2b316da4f0de8163f6242fa8a23f1740637c48468766af54043000000ec44631ac2622cdcae18c3d14bfbe96dd87235b44174f7c034318508f49f09781dc7a2cfbb9a0f119e31975f551557f05dc2dc2739e2e735d0ab961dac07f4f6d8aa1c3f16765d427c0e01000000fe4c16737d50d2a4bfc463450d524eacf2b734b0289c7a3a16eeca71296746681d61af491e4fa734318e0d72b8dbbc2b2b869af2f87903000000b6ecc7de09a2257e908cd92e664fa7aba7f07474863333c460e34caf0806a7e2575a56fba3eadd8efbd5dae6c024585d972b1bf8c4e872bba38160be9e92b6ddb90fc51b894917b50876b5708e64e70f7d8225da90ce9bc019084873ed07c0c59c4ba053fe77e0d37ccc3318da2e9fefaf025527e734ed1de5d12b4c56ca3b03dc121086061d1f26821a428d28eefa22ead6a3dab9388da53263b81ebe6be197a48a63440000a356240c4e2df57457000100000000000000000000008d2516510b29804b3cc034c19cef0d773f01064709edd63a185cbab8456c25283b9514b220fe401503ff536478088eb9fd932a0703a7bf9ea40429b2d49177824f210a69f8e5227fd32e7d5a2c7ecf57ac64509224090000000000000096e5a55d2c805bf725b9d14756c8cfa292aae0872866cf9fe063317741a0db9081d4393a7f9bcc0917d60a11b4a9ece831660ce625de441cef915eba31255d163f7033045ceb97f8ea006efc5b84f75ca1fb74c9faef444eb12f46b435de87feb2f7f2d7fb659395e4b38178b5c67e6ac100000000000000001b2e77bd5de136fa1bec1a26c622bb9662d9ee70147acc5605aa2318855cb8b918000000c5f265dcb5dce05f94ea051c4e8dcdf37d01ad7aff64f84ce32b841c799f47c2949725285fc50f1dd3f5e264023082eec752704c1f598151aa7d29e0d79522df196278acf327a74777d1f658f50c27020198770ff8ebef9df1b750d56d4d195ad7a267c46b3348b0e03ed33b5bca13cafc304dc6da78d20f029742d8d2f36acfdd331081ca00c1d5c8b7bed2ef603d6e7f1764246aab2d7d531559a971939a038055ac28625ec837f824ff537cd67993a3589be73a18680da50287b9e962b1a0235c290346a21ca5de55c49c78e411c791617000ef8df75411a5d300000000000000e0ffffff004deb8d49806823655735bd6deb49edb2e42f4ed9e6e9080366660b847bf03c144f6796920726dcf29e9a6c808459e82cbb0000000000000000000000000000000000006b5530865aaa7aa6171f66f2bca881a4201588427bb65ed3d5e7a74e9b5ece44067d4a9875a310bc7ec42b844b9eb3c9083560ef5c92b8a01188d615efbf70893d2eaf76517e990021fa5020a71023bca1194ad87cade480ba3dce8f57294e31ca24a8d181210bb6d18ff2c58293c2e314a7447ed3a1c870908aa8e3b33e6a94c7381bce9fa71dcbb758451f247e38d80d66e03d7564a5cddfaf06574b05cefb2670f30c2d501ee625ce3ffc08f15b53d28ce552c1807bc6866f06098a0e5517068aa48f2a82496fe83ee85218fe7f52b48742c7055f2a144c13e9c54be60b0a4f979ef7eb216897875946dc6ca1571930b1cf7c93de103f5289f782ae538e02612c717a76c787a873936eb8dcf1bfe581cc8ef965a0424bc140939e3274e251e519d188f6af680402c49458065dccfcb4f0d4f2ec9cf6fb3cf0a1807e34fb8d0108007734c1d2bc6a9d32d2560a88bad976b6000100002b712e632eeca810fb73fc8aaef94acf8bde18b9149cadc688254eabbe91f943592ccf68e717bcc6852828bd621e3a9dcb1cc6f1a6d1915200d95087838c2dc0a002c3aa554f725b965714144652cdc14761b0236f1a05b7f50f4149057e63d713103b5a6c2919161efc165a2e6981d76d29c95ad9f180135fb8962f59495fd33be3a6d35274941790bc1bd9da5e9c67c39de2c9f6fe35b8f528edbd8ea2a77dccdc3fe247feb121d9440a3ea9012a9d23a7e3110b0f25c5f8bf803d688de4d92b5dfdbd69fb8b426b55c10ba01b5f18b10cce8de3369300000000"], &(0x7f0000000280)='GPL\x00'}, 0x48) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f00000000c0)=r0, 0x4) sendmsg$unix(r2, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0) 1m59.17977781s ago: executing program 7 (id=387): setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x220, 0x0, 0xffffffff, 0xffffffff, 0xf0, 0xffffffff, 0x188, 0xffffffff, 0xffffffff, 0x188, 0xffffffff, 0x7fffffe, 0x0, {[{{@uncond, 0x6, 0xa8, 0xf0, 0x0, {}, [@common=@unspec=@time={{0x38}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'snmp_trap\x00'}}}, {{@ip={@local, @local, 0x0, 0x0, 'veth0_to_team\x00', 'veth1_virt_wifi\x00'}, 0x0, 0x70, 0x98}, @common=@unspec=@NFQUEUE0={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x280) r0 = socket$inet(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000000000)={@multicast1, @local}, 0xc) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x3, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sock_ops}, 0x94) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000140)=ANY=[@ANYBLOB="e0000001ac1414aa0000000003"], 0x1c) syz_emit_ethernet(0x2a, &(0x7f0000000e80)={@link_local, @local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x2, 0x0, 0xfe, 0x11, 0x0, @local, @multicast1}, {0x0, 0x4e25, 0x8}}}}}, 0x0) 1m58.772126422s ago: executing program 36 (id=387): setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x220, 0x0, 0xffffffff, 0xffffffff, 0xf0, 0xffffffff, 0x188, 0xffffffff, 0xffffffff, 0x188, 0xffffffff, 0x7fffffe, 0x0, {[{{@uncond, 0x6, 0xa8, 0xf0, 0x0, {}, [@common=@unspec=@time={{0x38}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'snmp_trap\x00'}}}, {{@ip={@local, @local, 0x0, 0x0, 'veth0_to_team\x00', 'veth1_virt_wifi\x00'}, 0x0, 0x70, 0x98}, @common=@unspec=@NFQUEUE0={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x280) r0 = socket$inet(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000000000)={@multicast1, @local}, 0xc) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x3, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sock_ops}, 0x94) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000140)=ANY=[@ANYBLOB="e0000001ac1414aa0000000003"], 0x1c) syz_emit_ethernet(0x2a, &(0x7f0000000e80)={@link_local, @local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x2, 0x0, 0xfe, 0x11, 0x0, @local, @multicast1}, {0x0, 0x4e25, 0x8}}}}}, 0x0) 1m58.447277438s ago: executing program 8 (id=330): r0 = socket$inet6_udp(0xa, 0x2, 0x0) mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x300000a, 0x12, r0, 0x852ac000) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000000)=0x86, 0x4) setsockopt$inet6_int(r0, 0x29, 0x31, &(0x7f0000000100)=0x4583c57b, 0x4) sendto$inet6(r0, 0x0, 0x0, 0x20000040, &(0x7f0000000180)={0xa, 0x4e20, 0x8041, @empty, 0x627bcafb}, 0x1c) recvmmsg(r0, &(0x7f0000000140)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002000)=""/4093, 0xffd}, 0x7ffffffe}], 0x1, 0x40012060, 0x0) 1m58.095979416s ago: executing program 8 (id=392): syz_mount_image$udf(&(0x7f0000000f00), &(0x7f00000000c0)='./file1\x00', 0x800, &(0x7f0000001040)=ANY=[@ANYBLOB='uid=', @ANYRESDEC=0x0, @ANYBLOB="2c756e64656c6574652c6e6f7672732c6164696e6963622c766f6c756d653d30303030303030303030303030303030303030322c7569643d666f726765742c6769643d666f726765742c6e6f7374726963742c6e6f7672732c0085f95733019d784ca386da1fd41ffabd4b47acca2b8d488be702157dd8711c31732d"], 0xff, 0xc2d, &(0x7f00000001c0)="$eJzs3U9sHNd9B/DfGy3FldxWTOwoThoXm7ZIZcVy9S+mYhXuqqbZBpBlIhRzC8AVSakLUyRBUo1spAXTSw89BCiKHnIi0BoFUjQwmiLokWldILn4UOTUE9HCRlD0wBYBcgoYzOxbcUmRNi2KEmV9Pjb13Z19b+a9eesZWdCbFwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAxB+8cun0mfSwWwEAPEhXRr96+qz7PwA8Vq76/38AAAAAAAAAAAAAADjoUhTxZKSYu7KWxqv3HfXL7b5bt8eGhrevdiRVNQ9V5cuf+pmz585/6YXBC9283J75gPr322fjtdGrlxovz96cm59aWJiabIzNtCdmJ6d2vYe91t/qZHUCGjdfvzV5/fpC4+zz5zZ9fHvg/f4njg9cHHz21DPdsmNDw8OjG0XqveVr99yQjp1meByOIk5Fiue+99PUiogi9n4u6g927Lc6UnXiZNWJsaHhqiPT7dbMYvnhSPdEFBGNnkrN7jnafiyi1vdA+7CzZsRS2fyywSfL7o3OteZb16anGiOt+cX2Ynt2ZiR1Wlv2pxFFXEgRyxGx2n/37vqiiFqk+M6xtXQtIg51z8MXq4nBO7ej2Mc+7kLZzkZfxHLxCIzZAdYfRbwaKX72zomYyNeZ6lrzhYhXy/xBxFtlvhSRyi/G+Yj3tvke8WiqRRF/WY7/xbU0WV0PuteVy19rfGXm+mxP2e515SPeH+66Ujyk+8ORLflgHPBrUz2KaFVX/LV077/ZAQAAAAAAAAAAAAAAAOB+OxJFfCZSvPIff1LNK45qXvqxi4N/OPCrvXPGn/6Q/ZRln4+IpWJ3c3IP54mBI2kkpYc8l/hxVo8i/jTP//vWw24MAAAAAAAAAAAAAAAAAADAY62In0SKF989kZajd03x9syNxtXWtenOqrDdtX+7a6avr6+vN1InmznHcy7lXM65knM1ZxS5fs5mzvGcSzmXc67kXM0Zh3L9nM2c4zmXci7nXMm5mjNquX7OZs7xnEs5l3Ou5FzNGQdk7V4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgI+TIor4RaT49jfWUqSIaEaMRydX+h926wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAUn8q4vuRovFHzTvbahGRqn87TpS/nI/m4TI/Gc3BMl+K5qWcrSprzW89hPazN32piB9Hiv7623cGPI9/X+fdna9BvPXNjXefrXXyUPfDgff7nzh+7OLg8G88vdPrtF0DTl5uz9y63RgbGh4e7dlcy0f/ZM+2gXzc4v50nYhYeOPN11vT01Pz9/6i/Arsofoj9CLVHpeeelG9iNqBaMbD6TuPgfL+/16k+N13/7N7w+/c/+vxK513d+7w8fM/27j/v7h1R7u8/9e21sv3//Kevt39/8mebS/m34301SLqizfn+o5H1BfeePNU+2brxtSNqZnzp09/eXDwy+dO9x2OqF9vT0/1vLovpwsAAAAAAAAAAAAAAADgwUlF/H6kaP14LTUi4nY1X2vg4uCzp545FIeq+Vab5m2/Nnr1UuPl2Ztz81MLC1OTjbGZ9sTs5NRuD1evpnuNDQ3vS2c+1JF9bv+R+suzc2/Mt2/88eK2nx+tX7q2sDjfmtj+4zgSRUSzd8vJqsFjQ8NVo6fbrZmq6si2k+k/ur5UxH9FionzjfT5vC3P/986w3/T/P+lrTvap/n/n+jZVh4zpSJ+Hil+56+ejs9X7Twad52zXO7vIsXJC5/L5eJwWa7bhs5zBTozA8uy/xcp/ukXm8t250M+uVH2zK5P7COiHP9jkeL7f/Hd+M28bfPzH7Yf/6Nbd7RP4/9Uz7ajm55XsOeuk8f/VKR46cm347fytg96/kf32RsncuE7z+fYp/H/VM+2gXzc374/XQcAAAAAAAAAAHik9aUi/j5S/HC4ll7I23bz9/8mt+5on/7+16d7tk3en/WKPvTFnk8qAAAAABwQfamIn0SKG4tv35lDvXn+d8/8z9/bmP85lLZ8Wv05369Vzw24n3/+12sgH3d8790GAAAAAAAAAAAAAAAAAACAAyWlIl7I66mPV/P5J3dcT30lUrzyP8/lcul4Wa67DvxA9Wv9yuzMqUvT07MTrcXWtempxuhca2KqrPtUpFj728/lukW1vnp3vfnOGu8ba7HPR4rhf+iW7azF3l2b/KmNsmfKsp+IFP/9j5vLdtex/tRG2bNl2b+JFF//l+3LHt8oe64s+91I8aOvN7plj5Zlu89H/fRG2ecnZot9GBUAAAAAAAAAAAAAAAAAAAAeN32piD+PFP97c/nOXP68/n9fz9vKW9/sWe9/i9vVOv8D1fr/O72+l/X/q+cKLO10VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+HhKUcSbkWLuylpa6S/fd9Qvt2du3R4bGt6+2pFU1TxUlS9/6mfOnjv/pRcGL3Tzg+vfb5+J10avXmq8PHtzbn5qYWFqsjE2056YnZza9R72Wn+rk9UJaNx8/dbk9esLjbPPn9v08e2B9/ufOD5wcfDZU890y44NDQ+P9pSp9d3z0e+Sdth+OIr460jx3Pd+mn7YH1HE3s/Fh3x39tuRqhMnq06MDQ1XHZlut2YWyw9HuieiiGj0VGp2z9EDGIs9aUYslc0vG3yy7N7oXGu+dW16qjHSml9sL7ZnZ0ZSp7VlfxpRxIUUsRwRq/13764ving9Unzn2Fr61/6IQ93z8MUro189fXbndhT72MddKNvZ6ItYLh6BMTvA+qOIf44UP3vnRPxbf0QtOj/xhYhXy/xBxFvRGe9UfjHOR7y3zfeIR1Mtivj/cvwvrqV3+svrQfe6cvlrja/MXJ/tKdu9rjzy94cH6YBfm+pRxI+qK/5a+nf/XQMAAAAAAAAAAAAAAAAcIEX8eqR48d0TqZoffGdOcXvmRuNq69p0Z1pfd+5fd870+vr6eiN1splzPOdSzuWcKzlXc0aR6+dslllfXx/P75dyLudcybmaMw7l+jmbOcdzLuVczrmSczVn1HL9nM2c4zmXci7nXMm5mjMOyNw9AAAAAAAAAAAAAAAAAADg46Wo/knx7W+spfX+zvrS49HJFeuBfuz9MgAA//8hX/ir") creat(&(0x7f0000000100)='./bus\x00', 0x44) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x301400, 0x0) r0 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0) pwritev2(r0, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x78c00}], 0x1, 0x7a00, 0x0, 0x3) statfs(&(0x7f0000000300)='./file0\x00', 0x0) 1m57.05181304s ago: executing program 8 (id=395): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={0x0}, 0x18) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000880)={'\x00', 0x9, 0x2, 0x1f5c6ca3, 0x9, 0x8, 0xffffffffffffffff}) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000fdffffff03000000400001802c00040014000100020000005f14140f000000000000000014000200020000000000ffff00000000000000000d0001007564703a73"], 0x54}}, 0x0) 1m56.451938257s ago: executing program 8 (id=399): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TCXONC(r0, 0x540a, 0x0) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000280), 0x40, 0x0) ioctl$TCSETSF(r1, 0x5404, &(0x7f0000000000)={0xffffffff, 0xc9a, 0xfffff001, 0x6, 0x18, "5cadf0fa59ebc3cef90ac43c5c135252e5d962"}) pselect6(0x1a, &(0x7f0000000080)={0xb, 0x1, 0xfffffffffffffff7, 0x4, 0x955, 0x0, 0x400000000000, 0x400}, 0x0, 0x0, 0x0, 0x0) ioctl$TCSETSF(r1, 0x5404, &(0x7f0000000040)={0x5, 0x7fffffff, 0x7ffe, 0x4800c, 0x3, "5e0000000000000003000000f5ff00"}) 1m56.157623871s ago: executing program 37 (id=399): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TCXONC(r0, 0x540a, 0x0) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000280), 0x40, 0x0) ioctl$TCSETSF(r1, 0x5404, &(0x7f0000000000)={0xffffffff, 0xc9a, 0xfffff001, 0x6, 0x18, "5cadf0fa59ebc3cef90ac43c5c135252e5d962"}) pselect6(0x1a, &(0x7f0000000080)={0xb, 0x1, 0xfffffffffffffff7, 0x4, 0x955, 0x0, 0x400000000000, 0x400}, 0x0, 0x0, 0x0, 0x0) ioctl$TCSETSF(r1, 0x5404, &(0x7f0000000040)={0x5, 0x7fffffff, 0x7ffe, 0x4800c, 0x3, "5e0000000000000003000000f5ff00"}) 54.253830361s ago: executing program 6 (id=870): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000040)=0x46c, 0x4) setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000001340)=0x6, 0x4) capset(0x0, &(0x7f00000000c0)={0x1, 0x5, 0x4, 0x0, 0x5, 0xffff29fe}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) sendto$packet(r0, &(0x7f0000001500)="280320000a0014000000fbf719143baa111f43c851ffab28", 0x18, 0x90, &(0x7f00000000c0)={0x11, 0x6, 0x0, 0x1, 0x8}, 0x14) 54.078782794s ago: executing program 6 (id=871): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000440)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x0, 0x0, 0x2}}, &(0x7f0000000080)=""/159, 0x1a, 0x9f, 0x1}, 0x28) r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{0x0, 0xfffffffffffffd4f}, {&(0x7f0000000580)="d4fa0c511aad03aa5ed217677bc41c027d9c830c439c7f821ddd78b6915cb170e7603acf9e433c2903bb6773f4b0130668a1e5b5e08d21d0b69c28ca3455aed65855c86f3d1e5789d26375a0d85eaf5e92e19c9affcf76e7a94e76556d2b104ebf645747fadc91460f4b3c94e1a89b51be4a6aa4c65285f988329a8163b69c51b801500a5bacd0463976e2960e2679ef2feee5e6ce6bb78a51fb0e15820d13e4a5aa9e0742a6f8d677ad28fea356657bb550c8311b682d9003c82267a15aa7334bc53b65b9119a1a7d905c7dd365b85c230bbad0d5d0a79819e112637819d9a187cfdf782c6127d2d4281926ab0e22f7346b616fe28ed0b9f4a0c9fdac6d3a90a9c38b5e31448a45546388c95045bc22fe88c43b82a0a5d3eb61c238a5159ea98db9c00aeef644ae98a8cb8dffff3b7ba14d7971910b559623af8295", 0x13c}], 0x2, 0x0, 0x48}, 0x4048015) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000000)={'vcan0\x00'}) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8b18, &(0x7f0000000000)={'wlan0\x00'}) 53.813364206s ago: executing program 6 (id=875): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, 0x0, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x4e22, @local}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @remote}, 0x10) syz_emit_ethernet(0x42, &(0x7f0000000140)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1b}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x9, 0x34, 0x68, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x8, 0x4, 0x2, 0x0, 0x0, {[@timestamp={0x8, 0xa, 0xffff, 0x7}]}}}}}}}, 0x0) 53.579040414s ago: executing program 6 (id=879): mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x1d0) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000140)='ramfs\x00', 0x10, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x104000, 0x0) mount$9p_unix(&(0x7f0000000100)='./file0\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x12d7498, 0x0) mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0) umount2(&(0x7f00000000c0)='./file0/file0/../file0\x00', 0x1) 53.303123986s ago: executing program 6 (id=885): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000080)=0x1, 0x4) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x2}, 0x1c) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'xfrm0\x00', 0x0}) sendto$packet(r1, &(0x7f0000000540)="e2", 0x1, 0x20008801, &(0x7f0000000200)={0x11, 0x19, r2, 0x1, 0xf9, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x42}}, 0x14) 53.238552682s ago: executing program 3 (id=886): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x6, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x100}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x84}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0xa7f10723c5e5444d}}]}, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r3, r1, 0x25, 0x2, @void}, 0x10) syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @multicast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x2, 0x29, 0x0, @empty=0xe000, @multicast1}, {0x0, 0x0, 0x8}}}}}, 0x0) 52.953583844s ago: executing program 3 (id=889): r0 = socket(0x1e, 0x4, 0x0) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0x7, 0x0, 0xfffffffa}, 0x10) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000280)=@req={0x3fc, 0xfffff8c2, 0x2}, 0x10) r2 = dup3(r1, r0, 0x0) read$FUSE(r2, &(0x7f0000004cc0)={0x2020}, 0x2020) 52.835960363s ago: executing program 6 (id=891): sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x78}, 0x1, 0xffffffff00000003}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000000)=0x4, 0x4) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) recvmmsg(r0, &(0x7f0000000040), 0x400000000000284, 0x2, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) 52.531966458s ago: executing program 38 (id=891): sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x78}, 0x1, 0xffffffff00000003}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000000)=0x4, 0x4) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) recvmmsg(r0, &(0x7f0000000040), 0x400000000000284, 0x2, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) 52.526810918s ago: executing program 3 (id=895): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x9}, 0x1c) listen(r0, 0x3) syz_emit_ethernet(0x4a, &(0x7f0000000240)={@local, @dev, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000006340)={@local, @link_local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "8a35f2", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x7}}}}}}}, 0x0) syz_emit_ethernet(0xae, &(0x7f0000000000)={@link_local, @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "010120", 0x78, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [{0x0, 0xa, "a78ce54006598080a8030037004023493b87aafaffffffffffffff23732472eefa45ad96489269748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42ca0a5c15b37adac15084dbaf736b41e5af1802"}, {0x0, 0x1, "000000000400260004000000"}, {0x1, 0x1, "fe906d17efe3"}]}}}}}}, 0x0) 52.431925066s ago: executing program 3 (id=896): mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x1d0) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000140)='ramfs\x00', 0x10, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x104000, 0x0) mount$9p_unix(&(0x7f0000000100)='./file0\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x12d7498, 0x0) mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0) umount2(&(0x7f00000000c0)='./file0/file0/../file0\x00', 0x1) 52.226659112s ago: executing program 3 (id=898): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) connect$inet(r0, &(0x7f0000000140)={0x2, 0x0, @remote}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000000), 0x20000328) getsockopt$EBT_SO_GET_INFO(r0, 0x0, 0x80, 0x0, &(0x7f0000000040)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) 51.912015588s ago: executing program 3 (id=899): mmap(&(0x7f00004b0000/0x3000)=nil, 0x3000, 0x2000000, 0x8031, 0xffffffffffffffff, 0x0) r0 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10) connect$inet(r0, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000600)='\"}', 0x2, 0x44000, 0x0, 0x0) writev(r0, &(0x7f0000000200)=[{&(0x7f00000000c0)='X', 0x8030000}], 0x1) 51.434424455s ago: executing program 39 (id=899): mmap(&(0x7f00004b0000/0x3000)=nil, 0x3000, 0x2000000, 0x8031, 0xffffffffffffffff, 0x0) r0 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10) connect$inet(r0, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000600)='\"}', 0x2, 0x44000, 0x0, 0x0) writev(r0, &(0x7f0000000200)=[{&(0x7f00000000c0)='X', 0x8030000}], 0x1) 32.946401741s ago: executing program 1 (id=987): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="180200000000000000000000000000008500000018000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001700000095"], &(0x7f0000000080)='GPL\x00'}, 0x90) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000001000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x47, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000010000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x8, '\x00', 0x0, @fallback=0x4cf68d79c8eac253, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) close(0x3) bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0xe00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) 32.69837006s ago: executing program 1 (id=991): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000002c0)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00220f000000040b2100000095f5758483"], 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) ioctl$HIDIOCGFIELDINFO(r1, 0xc038480a, &(0x7f0000000140)={0x2, 0x200, 0x5, 0x8000, 0xbab1, 0x7, 0x2, 0x1, 0x1, 0x9, 0x7f, 0x0, 0x3, 0xfff}) 29.253309365s ago: executing program 1 (id=1023): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000f59ffc)=0x4, 0x4) bind$inet6(r0, &(0x7f0000000480)={0xa, 0x4e20, 0x0, @mcast1, 0x2}, 0x1c) r1 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f00000000c0)=0x4, 0x4) bind$inet6(r1, &(0x7f0000000480)={0xa, 0x4e20, 0xfffffffd, @empty, 0x2}, 0x1c) 29.055142581s ago: executing program 1 (id=1028): syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x40, &(0x7f0000000a80)={[{@resuid}, {@max_dir_size_kb}]}, 0x0, 0x4f7, &(0x7f0000000540)="$eJzs3c9vI1cdAPDvTOJNmqZNCpUKCOhSCgtarZ1426jqqVxAqKqEqDhxSEPijaLYcRQ7pQkrNfkfkKjEAcGJMwckDpV64ojgBre9LAekBVagDRIHo/GPbHZjJ2HXsVX785FGM2/eeL7vrTXveb9J/AIYW1cj4iAirkTEexEx1z6ftLd4q7Vl1z24f3v16P7t1SQajXf/kTTrs3Nx4jWZZ9v3nI6I738n4kfJ6bi1vf3NlXK5tNMuF+qV7UJtb//GRmVlvbRe2ioWlxaXFt64+Xqxb319ufKbe9/eePsHH//uS3f/dPDNn2TNmm3XnexHP7W6njuOk5mMiLcvI9gQTLT7c2XYDeGJpBHxmYh4pfn8z8VE8928mC6PNQDwKdBozEVj7mQZABh1aTMHlqT5di5gNtI0n2/l8F6MmbRcrdWv36rubq21cmXzkUtvbZRLC+1c4Xzkkqy8+GF2/LBcjEfLNyPihYj46dQzzXJ+9eJ5BgCgv559bP7/91Rr/gcARtz0eRcsD6YdAMDgnDv/AwAjx/wPAOPH/A8A48f8DwDjx/wPAOPmTmf+nxh2SwCAgfjeO+9kW+Oo/f3Xa+/v7W5W37+xVqpt5iu7q/nV6s52fr1aXS+X8qvVynn3K1er24uvxe4HhXqpVi/U9vaXK9Xdrfpy83u9l0u5gfQKADjLCy9/8pckIg7efKa5xYm1HMzVMNrSYTcAGBo5fxhfvoUbxpf/4wPnreXZ81eEP3qCYI0Pn+BFQL9d+7z8P4wr+X8YX/L/ML7k/2F8NRpJrzX/0+NLAICRIscPDPTn/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAiZpvb/IlymubzEc9FxHzkklsb5dJCRDwfEX+eyk1l5cWhthgAeHrp35L2+l/X5l6dfbz2SvKfqeY+In7883d/9sFKvb6zmJ3/5/H5+kft88VhtB8AOE9nnu7M4x0P7t9e7WyDbM+9b7UWF83iHrW3Vs1kTGa7P05HLiJm/pW0ym3Z55WJPsQ/OIyIz3Xrf9LMjcy3Vz59PH4W+7mBxk8fiZ8261r77N/is6fuPNUz5nlrvcK4+CQbf97q9vylcbW5n+66+PF0c4R6ep3x7+jU+Nd53qebY0238e/qRWO89vvv9qw7jPjCZLf4yXH8pEf8Vy8Y/84Xv/xKr7rGLyOuRff4J2MV6pXtQm1v/8ZGZWW9tF7aKhaXFpcW3rj5erHQzFEXOpnq0/7+5vXne/b/1xEzPeJPn9P/r53Z68bxAPyr/773w6/0in8Y8Y2vdn//XzwjfjYnfv3M+A+tzPy25/LdWfy1Vv8P/9/3//oF49/96/7aBS8FAAagtre/uVIul3b6epCLPt/wxEFySW12MOIH2efxp73PS+2UWddr/vCLj1/KKofe074cDHlgAi7dw4d+2C0BAAAAAAAAAAAAAAB6ufQ/J0qH3UMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABG2f8CAAD//zwQyy8=") mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x101091, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000200)='./file0/file0\x00', 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x20000, 0x0) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) 28.648269244s ago: executing program 1 (id=1031): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000340)={0x400000100002f}) write$uinput_user_dev(r0, &(0x7f0000000800)={'syz0\x00', {}, 0x2a, [0x0, 0x0, 0x2, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x10, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x4, 0x0, 0x0, 0x6, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x296, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2004, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c, 0x0, 0x0, 0x0, 0xffff, 0x8000000, 0x1, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x7fe, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0x10001, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x10000], [0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ffff, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x2, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0xc4, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x3b6, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x75, 0xffffffff, 0x0, 0x0, 0x1, 0x4, 0x0, 0x0, 0x1e9, 0x0, 0x0, 0x0, 0x5, 0x54, 0x1, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0xba1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3]}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x15) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r0, 0x5501) 27.847918497s ago: executing program 1 (id=1039): r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) r1 = syz_open_dev$dri(&(0x7f0000000000), 0x1f, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000200)={0x0, &(0x7f0000000140)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r1, 0xc02064b9, &(0x7f0000000280)={&(0x7f0000000400)=[0x0], &(0x7f0000000280), 0x1, r2}) ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000040)={0x0, 0x1, &(0x7f0000000380)=[r2], &(0x7f00000003c0)=[0x7], &(0x7f0000000300)=[r3], 0x0}) 27.433238631s ago: executing program 40 (id=1039): r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) r1 = syz_open_dev$dri(&(0x7f0000000000), 0x1f, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000200)={0x0, &(0x7f0000000140)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r1, 0xc02064b9, &(0x7f0000000280)={&(0x7f0000000400)=[0x0], &(0x7f0000000280), 0x1, r2}) ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000040)={0x0, 0x1, &(0x7f0000000380)=[r2], &(0x7f00000003c0)=[0x7], &(0x7f0000000300)=[r3], 0x0}) 5.497408211s ago: executing program 5 (id=1196): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000010000000c00000009"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000800b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180), &(0x7f0000000280), 0x84, r0}, 0x38) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000740)={r1, 0x0, 0x0}, 0x10) 5.284100268s ago: executing program 5 (id=1198): r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000001c0)=ANY=[@ANYBLOB="120100009dea7840b418fbff7bdc01020301090212000100000000090401"], 0x0) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x31, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000008c0)={0x1c, &(0x7f0000000100)=ANY=[@ANYBLOB="00000100000001"], 0x0, 0x0}) r1 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402) writev(r1, &(0x7f0000000040)=[{&(0x7f0000000900)="dc31dea0bc20f266dd8812d12c6fb9201e4f941c1857009fb29e75d20c977ffdb8f3d6514d74136ae9ac941552f3074e001d9393b2e60fac3af20cda79add1527f46c1eb94c6f2debfd50d084cd6a20fc819cc06027608529c31384abf2e7c8f59499f845f07a3", 0x67}, {&(0x7f0000000380)="901bc96187dd3ead2743f1445d7153fdaf0974a7d47281f9a8bb3e0b86b47cc12fdad9433b8d8f4bdab0219334605585be75fdd7bf42b6b745d76d22e8ca9925e1e48d582a0db6b1fa26f8041d78ebbef3f40f9b983f0ac52cb0235f5bb503981ca0b8f52aad0fcc327e62d3cd5167b4d2007a43d9a5e113b0b97ba8571466dfca8b7b945c21e1f597dc59182a5035a690990c365d24c0eb23", 0x99}], 0x2) syz_usb_control_io$hid(r0, 0x0, 0x0) 2.959946774s ago: executing program 4 (id=1222): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000700)=ANY=[@ANYBLOB="12010000000000408c0d220000000000000109022400010000000009040000010300000009210000000122050009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000740)={0x2c, &(0x7f0000000980)=ANY=[@ANYBLOB="00000001000000090090"], 0x0, 0x0, 0x0, 0x0}, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000000), 0x4, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_RENAMEAT={0x23, 0x4, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x99089e3cb07bf0d3}) ioctl$EVIOCGKEYCODE_V2(r1, 0x80284504, &(0x7f0000000040)=""/185) 2.721984023s ago: executing program 2 (id=1224): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0) write$binfmt_aout(r0, &(0x7f0000000280)=ANY=[], 0xff2e) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, "0000fa00ea8000"}) r1 = syz_open_pts(r0, 0x0) dup3(r1, r0, 0x0) ioctl$TCSETSF2(r0, 0x5432, 0x0) 2.384233619s ago: executing program 5 (id=1228): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x17, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x7a, 0x0, 0x0, 0x41000, 0x44, '\x00', 0x0, @cgroup_sysctl=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='rxrpc_recvmsg\x00', r1}, 0x18) r2 = socket$kcm(0x21, 0x2, 0x2) recvmmsg(r2, &(0x7f0000000fc0)=[{{0x0, 0x0, 0x0}, 0xd73}], 0x1, 0x220, 0x0) 2.071879864s ago: executing program 5 (id=1229): syz_mount_image$nilfs2(&(0x7f0000000a40), &(0x7f0000000a80)='./file0\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="00a717cf64394a00dc299b573660f498c4d99aac48af10923f703f53e58070c2bf4575228d0e471df7101ac03b8d48a1b0fc276e395f25b63e9a27cd2ab98888989eec154d97b4dbcf"], 0x1, 0xa09, &(0x7f0000001540)="$eJzs3UuMHEfdAPDq2Z31M5/H+WyyOCaxCSThkd14vZiHBXEUX7DiiFukiIvlOMHCMQhHgkQ52D5xI1FkrjzEKZcIEBK5ICsnLpGIJS45BQ4csIwUiQME7EW7WzU7+/eMemZt73h2fj+ptqa6aqaqZ3t6erq7qhIwthpLf+fnp6uULr3z5tG/P/y3LYtLnmiXaC39nexINVNKVU5Phtf7cGI5vv7Raye7xVWaW/pb0umZa+3nbkspnU/70uXUSnsuXXnjvbmnj184dnH/+28dvnpn1h4AAMbLty4fnt/9lz/dv/Pjtx84kja1l5fj81ZOb8/H/UfygX85/m+k1emqI3SaCuUmc2iEchNdynXW0wzlJnvUPxVet9mj3Kaa+ic6lnVbbxhlZTtupaoxsyrdaMzMLP8mT0u/66eqmbOnz7xwbkgNBW67fz6YUtonCMI4hoUdw94DASyL1wtvcj6eWbg17Veb7K/+a082uj8fboP13v7VP1r1/+qCPQ63z0bdmsp6lc/R9pyO1xHi/UuDfv7L68XrEc0+29nrOsKoXF/o1c6JdW7HWvVqf9wuNqqv57i8D98I+Z2fn/g/HZX/MdDdv5z/F4SxDQvD3gEBd61439xCVvLjfX0xf1NN/uaa/C01+Vtr8rfV5MM4++3LP0mvVyu/8+Nv+kHPh5XzbPfk+P8GbE88Hzlo/fG+30Hdav3xfmK4m/3+xLOnvvL8c1eW7/+v2tv/jby978vpVv5sXc4FyvnCeF69fe9/a3U9jR7l7g3tuadL+aXHu1aXq3atvE7q2M/c1I7p1c/b0avc3tXlWqHclhw2h/bG45Ot4Xnl+KPsV8v7NRnWtxnWYyq0o+xXduY4tgPWomyPve7/L9vndGpWL5w+c+rxnC7b6R8nmpsWlx9Y53YDt67f/j/TaXX/n+3t5c1G535hx8ryqnO/0ArL53osP5jT5XvuOxNblpbPnPzemedv98rDmDv3yqvfPXHmzKkfeOCBBx60Hwx7zwTcabMvv/T92XOvvPrY6ZdOvHjqxVNnDx46dHBu7tBXD87PLh3Xz3Ye3QMbycqX/rBbAgAAAAAAAAAAAPTrh8eOXvnzu1/+YLn//0r/v9L/v9z5W/r//zj0/4/95Es/+NIPcGeX/KUyYYDVqVCumcP/h/buCvXsDs/7RI7b8/jl/v+lujiua2nPfWF5HL+3lAvDCdw0XspUGIMkzhf46RxfzPEvEwxRtaX74hzXjW9dtvUyPoVxKUZT+b+VraGMY1L6f/ca16ns/3euQxu5/dajO+Gw1xHo7h/G/xaEsQ0LC2bxAO4Ow57/s5z3LPHZP3xz82Ioxa49uXp/GccvhVtxt88/qf6NNf9ne/67vvd/Yca81trq/ffPrn7QUW3a02/9cf3LONC7Bqv/41x/WZtHUn/1L/wi1B8vCPXpP6H+rX3Wf9P6711b/f/N9Ze37dGH+q1/ucVVY3U74nnjcv0vnjcurof1L2N7Drz+a5yo8UauH8bZqMwzO6hRmf+3l3gfxpdyuuwIy30Ocb6TQdtf7q8o3wO7w+tXNd9v5v8dbV/Lcd3nocz/W7bHVpd0oyPd7PLebtR9DYyqD13/E4SxDQsLC3f2hFaNoVbO0N//Yf9OGHb9w37/68T5f+MxfJz/N+bH+X9jfpz/N+bH+fVifpz/N76fcf7fmH9feN04P/B0Tf4na/L31OTfX5O/tyb/UzX5+2vyH6jJf7Am/96a/Idq8j9Tk//ZmvyHa/Ifrcn/XE3+Rlf6o4zr+sM4i/3zfP5hfJTrP70+/7tq8oHR9dO3Dzz13G++3Vru/z/VPh9SruMdyelm/u38o5yO171TR3ox792c/mvIv9vPd8A4ieNnxO/3R2rygdFV7vPy+YYxVHUfsaffcat6HeczWj6f4y/k+Is5fizHMzmezfGBHM+tU/u4M5769e8Ov16t/N7fEfL7vZ889geK40Qd7LM98fzAoPezx3H8BnWr9a+xOxgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDQNJb+zs9PVyldeufNo88ePz27uOSJdonW0t/JjlSz/byUHs/xRI5/nh9c/+i1k53xjcV4KqUqzaUqVe3l6Zlr7Zq2pZTOp33pcmqlPZeuvPHe3NPHLxy7uP/9tw5fvYNvAQAAAGx4/wsAAP//2XsNow==") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='cpuset.memory_pressure\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) ftruncate(r0, 0xc17e) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.kill\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0) 2.019022599s ago: executing program 2 (id=1230): r0 = socket$packet(0x11, 0x2, 0x300) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="0600000004000000fd0f000002"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000004000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f9ffffffb703000000080000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000180)=r2, 0x4) syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) 1.843978673s ago: executing program 9 (id=1232): syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x0, 0x0, 0x3e, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x41) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f0000000100)={0x30, 0x5, 0x0, {0x0, 0x1}}, 0x30) umount2(&(0x7f00000001c0)='./file0\x00', 0x1) 1.734000781s ago: executing program 2 (id=1233): r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = syz_clone(0x20042400, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x4206, r1) setpgid(r0, r0) waitid(0x2, r0, 0x0, 0x4, 0x0) wait4(0x0, 0x0, 0x2, 0x0) 1.487683421s ago: executing program 9 (id=1235): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x8000}, 0x4) syz_emit_ethernet(0x6a, &(0x7f0000000000)={@local, @random="424e1aa2e0d4", @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x1, 0x0, 0x11, 0x0, @private=0xa010101, @dev={0xac, 0x14, 0x14, 0x29}}, {0x0, 0x4e20, 0x48, 0x0, @wg=@cookie={0x3, 0x0, "6d4dfdeb8cf7bbfe143803bec2ce783e04cd32308cdd8dde", "c71cb8adfce542a4bc5a026c208fd0c45787e4aa384e3d26b21ea41cc128364c"}}}}}}, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x90) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0x6, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 1.486349121s ago: executing program 5 (id=1236): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000003, 0x13, r2, 0x0) fsetxattr$security_ima(r0, &(0x7f0000000000), 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1.24548693s ago: executing program 0 (id=1238): r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) r1 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000ac0), 0x400, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r1, 0xc0285700, &(0x7f0000000b00)={0x4, "abacd211119ca94c633774262eb5ab2c7b9c5cff6ce78185d8c4dc064744e042", 0xffffffffffffffff}) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000f40)={0x8, "b546baa5cc590d3033de259c2996817bb959ebab028deda525e19bdeffafde25", 0xffffffffffffffff}) ioctl$SYNC_IOC_MERGE(r2, 0xc0303e03, &(0x7f0000000780)={"d1ed39d88b014076ab94c1fb10628c46d2e681cdb9e581a38ebb0ddd5f307e56", r3, 0xffffffffffffffff}) ioctl$SYNC_IOC_MERGE(r2, 0xc0303e03, &(0x7f0000000300)={"0b44887d9b2231dfcd8103e06b97b6eaec63c252c77600", r4}) 1.110112121s ago: executing program 0 (id=1239): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x80b00, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000040)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f0000000080)={0x13, 0x4, 0x2}) 1.109964441s ago: executing program 2 (id=1240): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x8202, 0x0) mmap$binder(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x8000000000000000) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'gretap0\x00', 0x0}) sendto$packet(r0, &(0x7f0000000180)="0b0312002e0064000200475400f6a13bb1000000086086dd4803", 0x100a6, 0x0, &(0x7f0000000140)={0x11, 0x8100, r2}, 0x14) 1.00005976s ago: executing program 4 (id=1241): r0 = socket$packet(0x11, 0x3, 0x300) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000)={0x0, 0xb007}, 0x4) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000100)=0x207, 0x4) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bridge0\x00', 0x0}) sendto$packet(r0, &(0x7f00000002c0)="05031600d3fc140000004788031c09102c28", 0xfce0, 0x4, &(0x7f0000000140)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @multicast}, 0x14) 961.996753ms ago: executing program 0 (id=1242): r0 = fanotify_init(0x0, 0x40000) fanotify_mark(r0, 0x1, 0x9, r0, 0x0) r1 = epoll_create1(0x0) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000000)={0x30}) close(r1) 901.804758ms ago: executing program 0 (id=1243): mlock(&(0x7f00007fe000/0x800000)=nil, 0x800000) mprotect(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x8) r0 = userfaultfd(0x1) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x10}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000140)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x3}) ioctl$UFFDIO_WRITEPROTECT(r0, 0xc018aa06, &(0x7f00000000c0)={{&(0x7f0000b72000/0x400000)=nil, 0x400000}, 0x1}) 836.023523ms ago: executing program 2 (id=1244): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000000380)={[{@delalloc}, {@data_err_abort}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@dioread_lock}, {@data_err_ignore}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x4007b1}}, {@data_err_ignore}, {@grpquota}, {@nobh}, {@user_xattr}, {@bh}, {@dioread_nolock}]}, 0x1, 0x553, &(0x7f0000000a40)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==") syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000000)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) setxattr$incfs_id(&(0x7f0000000180)='./file0/file3\x00', &(0x7f0000000200), 0x0, 0x0, 0x2) quotactl$Q_SETQUOTA(0xffffffff80000800, 0x0, 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file0/file3\x00', 0x0, 0x20) 835.691793ms ago: executing program 9 (id=1245): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = memfd_create(&(0x7f0000000300)='+\x8b\x8a\x16\x11O\xdd\xdfk(F\x99\xdf\x92\xd5>oJ\x02u\x9b\xafa\xac\x06\x9c&\xf5\xe3j\xfa\tcqM\xb8R\x86\xd9\xd2.\x9f\x12\xed\x10\f\xbd\x1a|\x8a\xbb\xda\xcfY\x98gU@\xf2M\xc0\xb5\xdf\x9a\x8d\xdb,n\xae\x0eT\x80\x8c\xfd\xd7\xb0\x94\x82t\x96\rKx\xc5\x9b\x8c\x87\x96\x8bc\xbc\xee\xcc\x9f\xe3F\x99V4\x8e;M\xa9\x823\xe3\xb3mG\x8f\xdb\xed\x1b\x05\xec\xfc\xd1\xb5\xfd\xec@\xdeU\xdd\xa4\xc1\xe4L)\x8e\xe5\x91\x8e\xd4\x89\xef\x95T\x05G\xac\xb8\xc1: )mh\xc7\xf1?\xbb\x13;\xad\x95\xd70\xb6\x0e\x7f\x84r\x0e\xbf\xc5\xf6\xd4\xdd\t\x14\x18\xf7\xefi\x93\x03\xd2\xf2\bK\"\xd2\xb5\xaa\xb8\xc8\xe0\xac\x99\xe8su\xcd\xc3E\x12\xd7\xdd\x96!\x16Tu\xe3\xf0\x84#R\xd9\xe3~Wj\xb0r\x87\'\xea\a\xcfOeK\x9daW\xf4\x87@\x9c\xf3\xf1K\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x91\xe6\xdb\xc2\xa5h\'\xdfIn\x97\x0263~\xeb\xbe(i\n\xc2k4\x7f\x12\xa9e`SOs\x8c\xb4\xe7FeQ\xc6$\x92j_U\xfa\b\xea\xb0bYkW\xc0\x05\aC{\xcc\x03T\x17\xa5Sk\x87P\xc2\x97D\xb2\xfa\x1b\x9fe\xf4\x10\x1a\xad\x92\xce\x88\x1b\xbc\xe14\x19\xaa\xd3\r\xf4\xa2\xc3\x9e=\xa0 \xe6j\xe5\x85\xf8\x97\x03\x15\xaa\x920\xdcrI\xd8\b\xfb\xc7\xe7xX\x00>d\xbb\xa71\xad\x9a\xfb\xe6\x13\x87\x93\\\xe5W-\xfc\xfd\xb8O\xb9j\xb8\xf2\x9dx\xb2\x86\xad\x92', 0x3) write$binfmt_elf64(r1, &(0x7f0000000180)=ANY=[], 0x78) sendfile(r0, r1, &(0x7f00000001c0), 0x8) fcntl$addseals(r1, 0x409, 0x8) fallocate(r1, 0x3, 0x9100, 0x3) 792.677196ms ago: executing program 4 (id=1246): socket$nl_route(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_route(0x10, 0x3, 0x0) pipe2$9p(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80000) write$P9_RVERSION(r2, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007ffff", @ANYRES16=r0, @ANYRESOCT=r0], 0x15) mount$9p_fd(0x0, &(0x7f0000000040)='./cgroup.net/devices.allow\x00', &(0x7f00000000c0), 0x2000040, &(0x7f0000000440)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@version_u}]}}) 747.52414ms ago: executing program 5 (id=1247): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000280)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000001b40)=0x9) syz_genetlink_get_family_id$tipc(&(0x7f0000000040), r1) recvmmsg(r1, &(0x7f000000a400), 0x6fe, 0x10163, 0x0) 524.907798ms ago: executing program 4 (id=1248): io_setup(0x9, &(0x7f0000000340)=0x0) r1 = socket$xdp(0x2c, 0x3, 0x0) close(0x3) r2 = userfaultfd(0x80801) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000080)={0xaa, 0x100}) io_submit(r0, 0x1, &(0x7f0000000840)=[&(0x7f00000004c0)={0x0, 0x0, 0x0, 0x5, 0x9, r1, 0x0}]) 502.957889ms ago: executing program 0 (id=1249): r0 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r0, &(0x7f00000002c0)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000600)=ANY=[@ANYBLOB="3400000010001fff000000000800000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800900010076657468"], 0x34}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000001280)=@newtaction={0x18, 0x31, 0x3d, 0x0, 0x0, {}, [{0x4}]}, 0x18}}, 0x0) 403.944047ms ago: executing program 0 (id=1250): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@gettaction={0x44, 0x32, 0x20, 0x70bd25, 0x25dfdbfe, {}, [@action_gd=@TCA_ACT_TAB={0x1c, 0x1, [{0xc, 0x1c, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'bpf\x00'}}, {0xc, 0x20, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ife\x00'}}]}, @action_gd=@TCA_ACT_TAB={0x14, 0x1, [{0x10, 0x13, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'mirred\x00'}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x40000}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x1, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x5}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800000010000d0428bd7000fcdbff2500008000", @ANYRES32=0x0, @ANYBLOB="1000000000000000280012800b0001006272696467650000180002"], 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840) r0 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 400.783828ms ago: executing program 9 (id=1251): r0 = socket$inet6(0xa, 0x3, 0x5) socket$l2tp6(0xa, 0x2, 0x73) setsockopt$inet6_IPV6_RTHDRDSTOPTS(r0, 0x29, 0x37, &(0x7f0000000640)=ANY=[], 0xd0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000000c0)={@dev, 0x800, 0x0, 0x2, 0x9}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f0000000000)=0xffffffc3, 0x4) sendmmsg(r0, &(0x7f00000002c0)=[{{&(0x7f0000000340)=@l2tp6={0xa, 0x500, 0x80000, @dev, 0x0, 0x1}, 0x80, 0x0}, 0x5b4}], 0x1, 0x850) 228.098402ms ago: executing program 9 (id=1252): r0 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x1) fchdir(r1) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) fchmod(r2, 0x6) 211.467683ms ago: executing program 4 (id=1253): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'netdevsim0\x00', 0x0}) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x1, 0x7, 0x2261, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', r1}, 0x50) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000d80)={{r2, 0xffffffffffffffff}, &(0x7f0000000d00), &(0x7f0000000d40)='%+9llu \x00'}, 0x20) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000009c0)={{r3, 0xffffffffffffffff}, &(0x7f00000008c0), &(0x7f0000000980)='%pB \x00'}, 0x20) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000a40)={r4, &(0x7f0000000dc0), 0x0}, 0x20) 110.778111ms ago: executing program 9 (id=1254): r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) fcntl$notify(r0, 0x402, 0x91ea6c1af182532) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x108242, 0x78e22799f4a46f8e) r2 = getpgid(0x0) fcntl$setownex(r0, 0xf, &(0x7f0000000000)={0x2, r2}) write$P9_RWRITE(r1, &(0x7f0000000080)={0xb, 0x77, 0x1, 0x1406}, 0xb) 156.29µs ago: executing program 2 (id=1255): madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) 0s ago: executing program 4 (id=1256): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000140), 0x62981) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x30, 0x0, &(0x7f0000000100)="b9ff03316844268cb89e14f008004ce0050000000000003377fbacfe1416e000030a86079f03b180ff940c0511e08450", 0x0, 0xfe, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x800000, 0x0, 'queue1\x00', 0x2}) writev(r0, &(0x7f0000000580)=[{&(0x7f0000000000)="238292", 0xfff6}], 0x2) kernel console output (not intermixed with test programs): nique to avoid problems! [ 155.836231][ T4375] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 155.849647][ T5899] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 155.866113][ T4375] usb 4-1: config 0 interface 0 has no altsetting 0 [ 155.881637][ T6265] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 155.885784][ T4375] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 155.907755][ T6265] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 155.915585][ T4375] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 155.936599][ T6265] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 155.945240][ T4375] usb 4-1: config 0 interface 0 has no altsetting 0 [ 155.951015][ T6265] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 155.969813][ T4375] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 155.982271][ T5899] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 156.005948][ T4375] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 156.017073][ T5899] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 156.034474][ T4375] usb 4-1: config 0 interface 0 has no altsetting 0 [ 156.041678][ T5899] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 156.054725][ T5899] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 156.073598][ T4375] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 156.082748][ T4375] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 156.101347][ T5899] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 156.113399][ T4375] usb 4-1: config 0 interface 0 has no altsetting 0 [ 156.127730][ T5899] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 156.142773][ T5899] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 156.166007][ T4375] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 156.175032][ T4375] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 156.196162][ T5899] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 156.213219][ T4375] usb 4-1: config 0 interface 0 has no altsetting 0 [ 156.221437][ T5899] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 156.240383][ T5899] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 156.255396][ T4375] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 156.264875][ T5899] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 156.282938][ T4375] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 156.302038][ T4375] usb 4-1: config 0 interface 0 has no altsetting 0 [ 156.320618][ T6265] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 156.344933][ T4375] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 156.359311][ T6265] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 156.372168][ T4375] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 156.393714][ T4375] usb 4-1: config 0 interface 0 has no altsetting 0 [ 156.395306][ T6265] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 156.416855][ T6265] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 156.419039][ T4375] usb 4-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 156.438406][ T5899] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 156.448424][ T5899] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 156.452608][ T4375] usb 4-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 156.458485][ T5899] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 156.474680][ T4375] usb 4-1: Product: syz [ 156.477356][ T5899] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 156.483108][ T4375] usb 4-1: Manufacturer: syz [ 156.504411][ T5964] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 156.505599][ T4375] usb 4-1: SerialNumber: syz [ 156.524987][ T4375] usb 4-1: config 0 descriptor?? [ 156.548157][ T4375] yurex 4-1:0.0: USB YUREX device now attached to Yurex #0 [ 156.654710][ T6256] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 156.674490][ T6256] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 156.685613][ T125] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 156.764698][ T6256] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 156.786431][ T6256] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 156.816328][ T6256] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 156.824331][ T6256] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 156.847579][ T5964] device veth0_vlan entered promiscuous mode [ 156.859174][ T5507] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 156.889826][ T125] usb 7-1: Using ep0 maxpacket: 32 [ 156.889834][ T5507] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 156.900601][ T125] usb 7-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0 [ 156.911473][ T5964] device veth1_vlan entered promiscuous mode [ 156.920985][ T6256] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 156.930700][ C1] usb 4-1: yurex_control_callback - control failed: -71 [ 156.940068][ T4375] usb 4-1: USB disconnect, device number 7 [ 156.950358][ T125] usb 7-1: config 0 interface 0 altsetting 16 endpoint 0x3 has invalid wMaxPacketSize 0 [ 156.952731][ T4375] yurex 4-1:0.0: USB YUREX #0 now disconnected [ 156.985615][ T125] usb 7-1: config 0 interface 0 altsetting 16 has 2 endpoint descriptors, different from the interface descriptor's value: 5 [ 157.016513][ T125] usb 7-1: config 0 interface 0 has no altsetting 0 [ 157.030167][ T125] usb 7-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00 [ 157.043819][ T125] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 157.057190][ T6256] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 157.069029][ T125] usb 7-1: config 0 descriptor?? [ 157.082326][ T6371] netlink: 4 bytes leftover after parsing attributes in process `syz.0.510'. [ 157.129099][ T6256] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 157.139399][ T6256] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 157.152315][ T5964] device veth0_macvtap entered promiscuous mode [ 157.171000][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 157.190887][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 157.206531][ T5964] device veth1_macvtap entered promiscuous mode [ 157.218167][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 157.228682][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 157.238441][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 157.268741][ T5964] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 157.293658][ T5964] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 157.305132][ T5964] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 157.316452][ T5964] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 157.327487][ T5964] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 157.338732][ T5964] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 157.350096][ T5964] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 157.362205][ T5964] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 157.372724][ T5964] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 157.383980][ T5964] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 157.398644][ T5964] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 157.412182][ T5964] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 157.424975][ T5964] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 157.445070][ T5964] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 157.458633][ T5964] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 157.469195][ T5964] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 157.481127][ T5964] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 157.494936][ T125] hid-thrustmaster 0003:044F:B65D.0003: unknown main item tag 0x0 [ 157.503150][ T5964] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 157.514754][ T125] hid-thrustmaster 0003:044F:B65D.0003: unknown main item tag 0x0 [ 157.524111][ T125] hid-thrustmaster 0003:044F:B65D.0003: unknown main item tag 0x0 [ 157.532531][ T5964] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 157.542887][ T125] hid-thrustmaster 0003:044F:B65D.0003: unknown main item tag 0x0 [ 157.546673][ T5964] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 157.551278][ T125] hid-thrustmaster 0003:044F:B65D.0003: unknown main item tag 0x0 [ 157.573734][ T125] hid-thrustmaster 0003:044F:B65D.0003: hidraw0: USB HID v0.00 Device [HID 044f:b65d] on usb-dummy_hcd.6-1/input0 [ 157.574814][ T5964] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 157.586588][ T125] hid-thrustmaster 0003:044F:B65D.0003: Unexpected non-int endpoint [ 157.611554][ T5964] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 157.631991][ T5964] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 157.644253][ T5964] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 157.661931][ T5964] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 157.673711][ T5964] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 157.716999][ T6271] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 157.743280][ T6271] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 157.784020][ T6271] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 157.856437][ T6271] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 157.907388][ T5964] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 157.935560][ T5964] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 157.954447][ C0] hid-thrustmaster 0003:044F:B65D.0003: URB to get model id failed with error -71 [ 157.964259][ T4331] usb 7-1: USB disconnect, device number 5 [ 157.975027][ T5964] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 158.022787][ T5964] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 158.179777][ T6385] 9pnet_fd: Insufficient options for proto=fd [ 158.204791][ T6271] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 158.233768][ T6271] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 158.253172][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 158.272210][ T6265] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 158.299503][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 158.322638][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 158.354604][ T6389] loop3: detected capacity change from 0 to 1024 [ 158.637388][ T26] audit: type=1800 audit(1755798392.640:9): pid=6389 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.517" name="file1" dev="loop3" ino=20 res=0 errno=0 [ 158.978100][ T6409] device syzkaller1 entered promiscuous mode [ 159.451366][ T26] audit: type=1326 audit(1755798393.450:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6426 comm="syz.3.532" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f70abf8ebe9 code=0x0 [ 159.672396][ T6439] loop1: detected capacity change from 0 to 128 [ 159.857805][ T125] libceph: connect (1)[c::]:6789 error -101 [ 159.864445][ T125] libceph: mon0 (1)[c::]:6789 connect error [ 159.890792][ T9] kworker/u4:0: attempt to access beyond end of device [ 159.890792][ T9] loop1: rw=1, sector=145, nr_sectors = 896 limit=128 [ 159.908394][ T125] libceph: connect (1)[c::]:6789 error -101 [ 159.914451][ T125] libceph: mon0 (1)[c::]:6789 connect error [ 160.192692][ T4323] libceph: connect (1)[c::]:6789 error -101 [ 160.203753][ T4323] libceph: mon0 (1)[c::]:6789 connect error [ 160.666546][ T6442] ceph: No mds server is up or the cluster is laggy [ 160.726674][ T4323] libceph: connect (1)[c::]:6789 error -101 [ 160.732816][ T4323] libceph: mon0 (1)[c::]:6789 connect error [ 161.045646][ T26] audit: type=1326 audit(1755798395.040:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6475 comm="syz.1.552" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f2ab0b8ebe9 code=0x0 [ 161.504930][ T6487] use of bytesused == 0 is deprecated and will be removed in the future, [ 161.538029][ T6487] use the actual size instead. [ 161.837465][ T6496] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 161.969251][ T4375] libceph: connect (1)[c::]:6789 error -101 [ 161.978079][ T4375] libceph: mon0 (1)[c::]:6789 connect error [ 162.237580][ T4375] libceph: connect (1)[c::]:6789 error -101 [ 162.243933][ T4375] libceph: mon0 (1)[c::]:6789 connect error [ 162.759858][ T4375] libceph: connect (1)[c::]:6789 error -101 [ 162.780864][ T4375] libceph: mon0 (1)[c::]:6789 connect error [ 162.792895][ T6505] ceph: No mds server is up or the cluster is laggy [ 163.081372][ T6523] loop1: detected capacity change from 0 to 256 [ 163.132338][ T6523] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 163.189627][ T6523] exFAT-fs (loop1): Medium has reported failures. Some data may be lost. [ 163.295590][ T6523] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 163.863698][ T6540] netlink: 4 bytes leftover after parsing attributes in process `syz.0.577'. [ 164.599600][ T4375] usb 10-1: new high-speed USB device number 2 using dummy_hcd [ 164.785538][ T4375] usb 10-1: Using ep0 maxpacket: 32 [ 164.792699][ T4375] usb 10-1: config 0 has an invalid interface number: 184 but max is 0 [ 164.811400][ T4375] usb 10-1: config 0 has no interface number 0 [ 164.832508][ T4375] usb 10-1: config 0 interface 184 has no altsetting 0 [ 164.854996][ T4375] usb 10-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 164.887809][ T4375] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 164.905542][ T4375] usb 10-1: Product: syz [ 164.910412][ T4375] usb 10-1: Manufacturer: syz [ 164.915290][ T4375] usb 10-1: SerialNumber: syz [ 164.937257][ T4375] usb 10-1: config 0 descriptor?? [ 164.966389][ T4375] smsc75xx v1.0.0 [ 165.412186][ T6578] netlink: 4 bytes leftover after parsing attributes in process `syz.6.592'. [ 165.747528][ T6589] loop1: detected capacity change from 0 to 256 [ 166.075890][ T4272] Bluetooth: hci5: command 0x1003 tx timeout [ 166.084756][ T4270] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 166.186828][ T4375] smsc75xx 10-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000044: -71 [ 166.223648][ T4375] smsc75xx 10-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_DATA [ 166.244649][ T4375] smsc75xx 10-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 166.310110][ T6600] loop6: detected capacity change from 0 to 7 [ 166.332819][ T4375] smsc75xx 10-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71 [ 166.343866][ T4375] smsc75xx 10-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset [ 166.354923][ T6600] Dev loop6: unable to read RDB block 7 [ 166.364949][ T4375] smsc75xx 10-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71 [ 166.374929][ T6600] loop6: unable to read partition table [ 166.378857][ T4375] smsc75xx: probe of 10-1:0.184 failed with error -71 [ 166.404386][ T6600] loop6: partition table beyond EOD, truncated [ 166.404560][ T4375] usb 10-1: USB disconnect, device number 2 [ 166.445429][ T6600] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5) [ 167.606017][ T4309] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 167.783800][ T6620] ceph: No mds server is up or the cluster is laggy [ 167.815628][ T4309] usb 2-1: Using ep0 maxpacket: 8 [ 167.830320][ T4309] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 167.875543][ T4309] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 167.912703][ T4309] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 167.953509][ T4309] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 168.004830][ T4309] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 168.044644][ T4309] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 168.073518][ T4309] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 168.185995][ T6664] netlink: 4 bytes leftover after parsing attributes in process `syz.0.628'. [ 168.331825][ T4309] usb 2-1: usb_control_msg returned -32 [ 168.339814][ T4309] usbtmc 2-1:16.0: can't read capabilities [ 168.417605][ T6672] netlink: 8 bytes leftover after parsing attributes in process `syz.6.631'. [ 168.450876][ T6672] IPv6: ADDRCONF(NETDEV_CHANGE): gre1: link becomes ready [ 168.468732][ T6672] IPv6: ADDRCONF(NETDEV_CHANGE): gre1: link becomes ready [ 168.690216][ T6655] loop9: detected capacity change from 0 to 40427 [ 168.734923][ T6655] F2FS-fs (loop9): build fault injection attr: rate: 771, type: 0x3ffff [ 168.747234][ T6655] F2FS-fs (loop9): invalid crc value [ 168.769367][ T6655] F2FS-fs (loop9): Found nat_bits in checkpoint [ 168.831621][ T6655] F2FS-fs (loop9): Mounted with checkpoint version = 48b305e5 [ 168.941401][ T5899] syz-executor: attempt to access beyond end of device [ 168.941401][ T5899] loop9: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 169.136561][ T6690] usbtmc 2-1:16.0: usb_clear_halt returned -32 [ 169.370264][ T4323] usb 2-1: USB disconnect, device number 2 [ 169.437308][ T6697] loop9: detected capacity change from 0 to 512 [ 169.511297][ T6697] EXT4-fs (loop9): Test dummy encryption mode enabled [ 169.548644][ T6697] EXT4-fs (loop9): encrypted files will use data=ordered instead of data journaling mode [ 169.562065][ T6678] loop6: detected capacity change from 0 to 40427 [ 169.623226][ T6678] F2FS-fs (loop6): invalid crc value [ 169.666718][ T6697] EXT4-fs error (device loop9): ext4_orphan_get:1426: comm syz.9.637: bad orphan inode 131083 [ 169.699957][ T6697] EXT4-fs (loop9): mounted filesystem without journal. Quota mode: none. [ 169.730938][ T6678] F2FS-fs (loop6): Found nat_bits in checkpoint [ 169.993099][ T6678] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5 [ 170.016864][ T5899] EXT4-fs (loop9): unmounting filesystem. [ 170.063335][ T6678] syz.6.634: attempt to access beyond end of device [ 170.063335][ T6678] loop6: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 170.318346][ T6711] loop3: detected capacity change from 0 to 32768 [ 170.337157][ T6711] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 170.346106][ T6711] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 170.360455][ T5223] syz-executor: attempt to access beyond end of device [ 170.360455][ T5223] loop6: rw=2049, sector=45112, nr_sectors = 8 limit=40427 [ 170.408297][ T6711] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms [ 170.447400][ T41] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 170.461754][ T41] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 170.497426][ T41] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 33ms [ 170.510091][ T41] gfs2: fsid=syz:syz.0: jid=0: Done [ 170.517980][ T6711] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 170.814703][ T4331] usb 10-1: new high-speed USB device number 3 using dummy_hcd [ 171.039103][ T4331] usb 10-1: Using ep0 maxpacket: 16 [ 171.053948][ T4331] usb 10-1: config 0 interface 0 has no altsetting 0 [ 171.105319][ T4331] usb 10-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 171.156730][ T4331] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 171.242344][ T4331] usb 10-1: config 0 descriptor?? [ 171.683656][ T4331] hid (null): global environment stack underflow [ 171.695122][ T4331] hid (null): global environment stack underflow [ 171.724555][ T4331] hid (null): report_id 3899690137 is invalid [ 171.753253][ T4331] hid (null): report_id 1862125167 is invalid [ 171.871517][ T6723] loop1: detected capacity change from 0 to 131072 [ 171.888183][ T6723] F2FS-fs (loop1): Wrong CP boundary, start(512) end(1536) blocks(0) [ 171.896363][ T6723] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 171.909498][ T6723] F2FS-fs (loop1): invalid crc value [ 171.947693][ T4375] usb 10-1: USB disconnect, device number 3 [ 171.996721][ T6723] F2FS-fs (loop1): Found nat_bits in checkpoint [ 172.035917][ T6723] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 172.043008][ T6723] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4 [ 172.387070][ T4331] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 172.607513][ T6723] F2FS-fs (loop1): Start checkpoint disabled! [ 172.621439][ T4331] usb 4-1: Using ep0 maxpacket: 8 [ 172.645611][ T4331] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 172.684663][ T4331] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 172.732736][ T4331] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 172.771149][ T4331] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 172.838267][ T4331] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 172.916748][ T4331] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 172.987604][ T4331] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 173.132194][ T6757] loop9: detected capacity change from 0 to 1024 [ 173.278227][ T4331] usb 4-1: usb_control_msg returned -32 [ 173.284386][ T4331] usbtmc 4-1:16.0: can't read capabilities [ 174.148633][ T6775] usbtmc 4-1:16.0: usb_clear_halt returned -32 [ 174.371228][ T22] usb 4-1: USB disconnect, device number 8 [ 174.401267][ T6762] loop6: detected capacity change from 0 to 131072 [ 174.412774][ T6762] F2FS-fs (loop6): Wrong CP boundary, start(512) end(1536) blocks(0) [ 174.422351][ T6762] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock [ 174.449425][ T6762] F2FS-fs (loop6): invalid crc value [ 174.505274][ T6762] F2FS-fs (loop6): Found nat_bits in checkpoint [ 174.557885][ T6762] F2FS-fs (loop6): Try to recover 1th superblock, ret: 0 [ 174.565009][ T6762] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e4 [ 174.569186][ T4375] libceph: connect (1)[c::]:6789 error -101 [ 174.580050][ T6790] netlink: 'syz.1.660': attribute type 11 has an invalid length. [ 174.597549][ T4375] libceph: mon0 (1)[c::]:6789 connect error [ 174.604344][ T6790] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.660'. [ 174.889611][ T22] libceph: connect (1)[c::]:6789 error -101 [ 174.895865][ T22] libceph: mon0 (1)[c::]:6789 connect error [ 175.313333][ T6809] device pim6reg1 entered promiscuous mode [ 175.370225][ T6784] ceph: No mds server is up or the cluster is laggy [ 175.741885][ T6820] netlink: 'syz.6.685': attribute type 11 has an invalid length. [ 175.785682][ T6820] netlink: 209852 bytes leftover after parsing attributes in process `syz.6.685'. [ 175.913059][ T6800] loop1: detected capacity change from 0 to 32768 [ 175.953222][ T6828] loop9: detected capacity change from 0 to 512 [ 176.093487][ T6800] XFS (loop1): Mounting V5 Filesystem [ 176.156071][ T6828] EXT4-fs (loop9): mounted filesystem without journal. Quota mode: writeback. [ 176.209973][ T6828] ext4 filesystem being mounted at /33/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 176.255694][ T6800] XFS (loop1): Ending clean mount [ 176.256071][ T4331] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 176.292088][ T6800] XFS (loop1): Quotacheck needed: Please wait. [ 176.360182][ T6800] XFS (loop1): Quotacheck: Done. [ 176.399955][ T5899] EXT4-fs (loop9): unmounting filesystem. [ 176.458742][ T26] audit: type=1804 audit(1755798410.047:12): pid=6800 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.675" name="/newroot/24/file0/file1" dev="loop1" ino=9286 res=1 errno=0 [ 176.500877][ T4331] usb 4-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 176.539013][ T4331] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 176.564586][ T4331] usb 4-1: Product: syz [ 176.574086][ T4331] usb 4-1: Manufacturer: syz [ 176.580977][ T4331] usb 4-1: SerialNumber: syz [ 176.620538][ T4331] usb 4-1: config 0 descriptor?? [ 176.636502][ T5964] XFS (loop1): Unmounting Filesystem [ 176.898680][ T4331] usb 4-1: USB disconnect, device number 9 [ 177.436178][ T6859] device pim6reg1 entered promiscuous mode [ 177.615758][ T6864] netlink: 24 bytes leftover after parsing attributes in process `syz.0.697'. [ 177.833357][ T6871] loop9: detected capacity change from 0 to 512 [ 177.912765][ T6871] EXT4-fs (loop9): mounted filesystem without journal. Quota mode: writeback. [ 177.951425][ T6871] ext4 filesystem being mounted at /37/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 177.992169][ T4331] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 178.191026][ T4331] usb 7-1: Using ep0 maxpacket: 32 [ 178.199915][ T4331] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 178.223268][ T4331] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 178.245934][ T4331] usb 7-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 178.260468][ T4331] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 178.271534][ T4331] usb 7-1: config 0 descriptor?? [ 178.279767][ T5899] EXT4-fs (loop9): unmounting filesystem. [ 178.291484][ T4331] hub 7-1:0.0: USB hub found [ 178.507353][ T4331] hub 7-1:0.0: 1 port detected [ 178.710759][ T6907] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 178.886937][ T6880] ceph: No mds server is up or the cluster is laggy [ 179.170730][ T4331] hub 7-1:0.0: activate --> -90 [ 179.276077][ T6905] loop1: detected capacity change from 0 to 32768 [ 179.370466][ T6905] XFS (loop1): Mounting V5 Filesystem [ 179.401147][ T4331] hub 7-1:0.0: hub_ext_port_status failed (err = -71) [ 179.410596][ T4323] usb 7-1: USB disconnect, device number 6 [ 179.427979][ T4331] usb 7-1: Failed to suspend device, error -19 [ 179.555061][ T6905] XFS (loop1): Ending clean mount [ 179.578622][ T6905] XFS (loop1): Quotacheck needed: Please wait. [ 179.673351][ T6905] XFS (loop1): Quotacheck: Done. [ 179.766383][ T26] audit: type=1800 audit(1755798413.143:13): pid=6905 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.715" name="file2" dev="loop1" ino=9287 res=0 errno=0 [ 179.822699][ T26] audit: type=1800 audit(1755798413.171:14): pid=6905 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.715" name="file2" dev="loop1" ino=9287 res=0 errno=0 [ 179.947620][ T5964] XFS (loop1): Unmounting Filesystem [ 180.633397][ T6955] Bluetooth: hci0: unsupported parameter 28 [ 180.644411][ T6955] Bluetooth: hci0: invalid length 0, exp 2 for type 0 [ 180.919032][ T6957] input: syz0 as /devices/virtual/input/input5 [ 181.364321][ T6953] loop1: detected capacity change from 0 to 131072 [ 181.377004][ T6953] F2FS-fs (loop1): Wrong CP boundary, start(512) end(1536) blocks(0) [ 181.385236][ T6953] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 181.394878][ T6953] F2FS-fs (loop1): invalid crc value [ 181.474664][ T6953] F2FS-fs (loop1): Found nat_bits in checkpoint [ 181.533035][ T6953] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 181.540394][ T6953] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4 [ 181.675175][ T6945] loop9: detected capacity change from 0 to 32768 [ 181.742280][ T6945] JBD2: Ignoring recovery information on journal [ 181.892583][ T6945] ocfs2: Mounting device (7,9) on (node local, slot 0) with ordered data mode. [ 182.232515][ T5899] ocfs2: Unmounting device (7,9) on (node local) [ 183.261102][ T7004] loop6: detected capacity change from 0 to 128 [ 183.543176][ T7014] loop9: detected capacity change from 0 to 1024 [ 183.572202][ T7014] EXT4-fs: Ignoring removed orlov option [ 183.618297][ T7014] EXT4-fs: Ignoring removed nomblk_io_submit option [ 183.699385][ T7014] EXT4-fs (loop9): mounted filesystem without journal. Quota mode: none. [ 183.846526][ T4255] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 183.946082][ T5899] EXT4-fs (loop9): unmounting filesystem. [ 184.049663][ T4255] usb 2-1: Using ep0 maxpacket: 8 [ 184.057155][ T4255] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 184.088978][ T4255] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 184.120758][ T4255] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 184.148925][ T4255] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 184.174063][ T4255] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 184.225602][ T4255] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 184.253596][ T4255] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 184.518075][ T4255] usb 2-1: usb_control_msg returned -32 [ 184.524052][ T4255] usbtmc 2-1:16.0: can't read capabilities [ 184.619457][ T7033] loop9: detected capacity change from 0 to 32768 [ 184.651464][ T7033] XFS (loop9): Mounting V5 Filesystem [ 184.718432][ T7033] XFS (loop9): Ending clean mount [ 184.723736][ T22] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 184.738888][ T7033] XFS (loop9): Quotacheck needed: Please wait. [ 184.786316][ T7033] XFS (loop9): Quotacheck: Done. [ 184.824998][ T26] audit: type=1800 audit(1755798417.876:15): pid=7033 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.9.763" name="file2" dev="loop9" ino=9287 res=0 errno=0 [ 184.854635][ T26] audit: type=1800 audit(1755798417.895:16): pid=7033 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.9.763" name="file2" dev="loop9" ino=9287 res=0 errno=0 [ 184.916070][ T22] usb 4-1: Using ep0 maxpacket: 8 [ 184.926429][ T5899] XFS (loop9): Unmounting Filesystem [ 184.938763][ T22] usb 4-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d [ 184.950749][ T22] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 184.959207][ T22] usb 4-1: Product: syz [ 184.963416][ T22] usb 4-1: Manufacturer: syz [ 184.968039][ T22] usb 4-1: SerialNumber: syz [ 184.990326][ T22] usb 4-1: config 0 descriptor?? [ 185.009226][ T22] gspca_main: sonixj-2.14.0 probing 0c45:613a [ 185.376869][ T7056] usbtmc 2-1:16.0: usb_control_msg returned -32 [ 185.592071][ T4375] usb 2-1: USB disconnect, device number 3 [ 186.290824][ T22] gspca_sonixj: reg_w1 err -71 [ 186.444359][ T22] sonixj: probe of 4-1:0.0 failed with error -71 [ 186.464193][ T22] usb 4-1: USB disconnect, device number 10 [ 186.658049][ T41] usb 10-1: new high-speed USB device number 4 using dummy_hcd [ 186.749904][ T7060] loop6: detected capacity change from 0 to 32768 [ 186.816860][ T7060] XFS (loop6): Mounting V5 Filesystem [ 186.887833][ T41] usb 10-1: Using ep0 maxpacket: 32 [ 186.895284][ T41] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 186.906952][ T41] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 186.925648][ T41] usb 10-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 186.955195][ T41] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 186.968563][ T7060] XFS (loop6): Ending clean mount [ 186.979948][ T41] usb 10-1: config 0 descriptor?? [ 186.997206][ T41] hub 10-1:0.0: USB hub found [ 187.000807][ T7060] XFS (loop6): Quotacheck needed: Please wait. [ 187.119926][ T7060] XFS (loop6): Quotacheck: Done. [ 187.128597][ T22] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 187.184120][ T26] audit: type=1804 audit(1755798420.084:17): pid=7060 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.6.772" name="/newroot/119/file0/file1" dev="loop6" ino=9286 res=1 errno=0 [ 187.214519][ T41] hub 10-1:0.0: 1 port detected [ 187.271030][ T5223] XFS (loop6): Unmounting Filesystem [ 187.278231][ T4281] Bluetooth: hci0: command 0x0406 tx timeout [ 187.284344][ T4281] Bluetooth: hci4: command 0x0406 tx timeout [ 187.342527][ T22] usb 2-1: Using ep0 maxpacket: 8 [ 187.351274][ T22] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 187.367479][ T22] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 187.377064][ T22] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 187.405336][ T22] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 187.417327][ T22] usb 2-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 187.426447][ T22] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 187.454554][ T22] hub 2-1:1.0: bad descriptor, ignoring hub [ 187.460928][ T22] hub: probe of 2-1:1.0 failed with error -5 [ 187.468208][ T22] cdc_wdm 2-1:1.0: skipping garbage [ 187.474327][ T22] cdc_wdm 2-1:1.0: skipping garbage [ 187.487273][ T22] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 187.501607][ T22] cdc_wdm 2-1:1.0: Unknown control protocol [ 187.891770][ T22] hub 10-1:0.0: activate --> -90 [ 188.027907][ T4323] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 188.110368][ T7104] loop3: detected capacity change from 0 to 32768 [ 188.117553][ T22] hub 10-1:0.0: hub_ext_port_status failed (err = -71) [ 188.123606][ T4328] usb 10-1: USB disconnect, device number 4 [ 188.168539][ T125] usb 2-1: USB disconnect, device number 4 [ 188.229697][ T4323] usb 7-1: Using ep0 maxpacket: 8 [ 188.236278][ T4323] usb 7-1: config index 0 descriptor too short (expected 301, got 45) [ 188.247613][ T4323] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 188.263877][ T4323] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 188.274653][ T4323] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 188.290438][ T4323] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 188.311110][ T4323] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 188.320897][ T4323] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 188.550672][ T4323] usb 7-1: usb_control_msg returned -32 [ 188.556576][ T4323] usbtmc 7-1:16.0: can't read capabilities [ 189.020836][ T4323] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 189.226653][ T4323] usb 4-1: config 0 has an invalid interface number: 41 but max is 0 [ 189.235201][ T4323] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 189.246754][ T4323] usb 4-1: config 0 has no interface number 0 [ 189.255339][ T4323] usb 4-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice=83.9c [ 189.264751][ T4323] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 189.272974][ T4323] usb 4-1: Product: syz [ 189.277485][ T4323] usb 4-1: Manufacturer: syz [ 189.282196][ T4323] usb 4-1: SerialNumber: syz [ 189.288332][ T4323] usb 4-1: config 0 descriptor?? [ 189.296103][ T4323] ims_pcu: probe of 4-1:0.41 failed with error -22 [ 189.384865][ T7128] usbtmc 7-1:16.0: usb_control_msg returned -32 [ 189.520517][ T22] usb 4-1: USB disconnect, device number 11 [ 189.600792][ T125] usb 7-1: USB disconnect, device number 7 [ 190.199312][ T7145] netlink: 8 bytes leftover after parsing attributes in process `syz.1.803'. [ 190.217012][ T7145] netlink: 8 bytes leftover after parsing attributes in process `syz.1.803'. [ 190.792773][ T7158] netlink: 'syz.0.809': attribute type 12 has an invalid length. [ 190.812552][ T7143] loop3: detected capacity change from 0 to 40427 [ 190.823946][ T7143] F2FS-fs (loop3): build fault injection attr: rate: 771, type: 0x3ffff [ 190.841426][ T7143] F2FS-fs (loop3): invalid crc value [ 190.845369][ T7158] netlink: 4 bytes leftover after parsing attributes in process `syz.0.809'. [ 190.879642][ T7143] F2FS-fs (loop3): Found nat_bits in checkpoint [ 190.948710][ T7158] netlink: 'syz.0.809': attribute type 12 has an invalid length. [ 190.962356][ T7158] netlink: 4 bytes leftover after parsing attributes in process `syz.0.809'. [ 190.983560][ T7143] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 190.998589][ T125] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 191.044432][ T7143] syz.3.802: attempt to access beyond end of device [ 191.044432][ T7143] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 191.133998][ T4264] syz-executor: attempt to access beyond end of device [ 191.133998][ T4264] loop3: rw=2049, sector=45104, nr_sectors = 8 limit=40427 [ 191.212331][ T125] usb 7-1: Using ep0 maxpacket: 32 [ 191.220863][ T125] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 191.249251][ T125] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 191.264835][ T125] usb 7-1: New USB device found, idVendor=054c, idProduct=024b, bcdDevice= 0.00 [ 191.274461][ T125] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 191.309741][ T125] usb 7-1: config 0 descriptor?? [ 191.449549][ T7172] loop3: detected capacity change from 0 to 128 [ 191.501391][ T7172] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 191.516204][ T7172] ext4 filesystem being mounted at /164/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 191.549972][ T125] usbhid 7-1:0.0: can't add hid device: -71 [ 191.556519][ T125] usbhid: probe of 7-1:0.0 failed with error -71 [ 191.570450][ T125] usb 7-1: USB disconnect, device number 8 [ 191.656840][ T4264] EXT4-fs (loop3): unmounting filesystem. [ 191.811004][ T4331] usb 10-1: new high-speed USB device number 5 using dummy_hcd [ 192.027029][ T4331] usb 10-1: config 0 has an invalid interface number: 41 but max is 0 [ 192.035584][ T4331] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 192.046431][ T4331] usb 10-1: config 0 has no interface number 0 [ 192.055026][ T4331] usb 10-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice=83.9c [ 192.065006][ T4331] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 192.074346][ T4331] usb 10-1: Product: syz [ 192.082830][ T4331] usb 10-1: Manufacturer: syz [ 192.087549][ T4331] usb 10-1: SerialNumber: syz [ 192.105006][ T4331] usb 10-1: config 0 descriptor?? [ 192.117127][ T4331] ims_pcu: probe of 10-1:0.41 failed with error -22 [ 192.217987][ T7184] netlink: 8 bytes leftover after parsing attributes in process `syz.6.817'. [ 192.248339][ T7184] netlink: 8 bytes leftover after parsing attributes in process `syz.6.817'. [ 192.342115][ T4331] usb 10-1: USB disconnect, device number 5 [ 193.028029][ T7200] overlayfs: failed to clone upperpath [ 193.204610][ T7207] netlink: 'syz.1.826': attribute type 12 has an invalid length. [ 193.214351][ T7207] netlink: 4 bytes leftover after parsing attributes in process `syz.1.826'. [ 193.230589][ T7207] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 193.240506][ T7207] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 193.249803][ T7207] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 193.258593][ T7207] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 193.396410][ T7207] netlink: 'syz.1.826': attribute type 12 has an invalid length. [ 193.431641][ T7207] netlink: 4 bytes leftover after parsing attributes in process `syz.1.826'. [ 193.897650][ T7209] loop9: detected capacity change from 0 to 32768 [ 193.927644][ T4331] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 193.970174][ T7211] loop3: detected capacity change from 0 to 32768 [ 193.999957][ T7209] XFS (loop9): Mounting V5 Filesystem [ 194.049904][ T7211] XFS: attr2 mount option is deprecated. [ 194.144993][ T4331] usb 2-1: Using ep0 maxpacket: 16 [ 194.160550][ T4331] usb 2-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3 [ 194.186414][ T7209] XFS (loop9): Ending clean mount [ 194.204850][ T4331] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 194.219299][ T4331] usb 2-1: Product: syz [ 194.223682][ T4331] usb 2-1: Manufacturer: syz [ 194.229307][ T4331] usb 2-1: SerialNumber: syz [ 194.240053][ T4331] usb 2-1: config 0 descriptor?? [ 194.246604][ T7211] XFS (loop3): Mounting V5 Filesystem [ 194.247581][ T7209] XFS (loop9): Quotacheck needed: Please wait. [ 194.354549][ T7209] XFS (loop9): Quotacheck: Done. [ 194.532979][ T7211] XFS (loop3): Ending clean mount [ 194.559512][ T7211] XFS (loop3): Quotacheck needed: Please wait. [ 194.630903][ T7211] XFS (loop3): Quotacheck: Done. [ 194.675448][ T4331] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state. [ 194.700236][ T4331] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 194.723845][ T5899] XFS (loop9): Unmounting Filesystem [ 194.739378][ T4264] XFS (loop3): Unmounting Filesystem [ 194.741800][ T4331] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T) [ 194.783256][ T4331] usb 2-1: media controller created [ 194.822026][ T4331] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 195.447104][ T4331] zl10353_read_register: readreg error (reg=127, ret==0) [ 195.454376][ T7217] dtv5100: wlen = 0, aborting. [ 195.488566][ T4331] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T' [ 195.494502][ T7263] netlink: 'syz.3.844': attribute type 12 has an invalid length. [ 195.517581][ T4331] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected. [ 195.526877][ T7263] netlink: 4 bytes leftover after parsing attributes in process `syz.3.844'. [ 195.558059][ T4331] usb 2-1: USB disconnect, device number 5 [ 195.606400][ T7265] loop9: detected capacity change from 0 to 128 [ 195.617728][ T7263] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 195.626522][ T7263] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 195.635409][ T7263] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 195.644257][ T7263] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 195.669433][ T7263] netlink: 'syz.3.844': attribute type 12 has an invalid length. [ 195.695122][ T7265] EXT4-fs (loop9): mounted filesystem without journal. Quota mode: none. [ 195.701371][ T7263] netlink: 4 bytes leftover after parsing attributes in process `syz.3.844'. [ 195.723486][ T7265] ext4 filesystem being mounted at /67/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 195.741317][ T4331] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully deinitialized and disconnected. [ 195.755123][ T7265] fscrypt (loop9, inode 12): Unsupported encryption modes (contents 0, filenames 78) [ 195.857105][ T5899] EXT4-fs (loop9): unmounting filesystem. [ 195.951924][ T7275] loop3: detected capacity change from 0 to 256 [ 195.970783][ T125] usb 7-1: new high-speed USB device number 9 using dummy_hcd [ 195.995422][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 196.001910][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 196.174197][ T125] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 196.186042][ T125] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 196.196848][ T125] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 196.206401][ T125] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 196.221693][ T7267] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 196.407874][ T4255] usb 10-1: new high-speed USB device number 6 using dummy_hcd [ 196.439993][ T22] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 196.460879][ T125] usb 7-1: USB disconnect, device number 9 [ 196.611079][ T4255] usb 10-1: Using ep0 maxpacket: 16 [ 196.618741][ T4255] usb 10-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 196.630207][ T4255] usb 10-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 196.640221][ T4255] usb 10-1: config 0 interface 0 has no altsetting 0 [ 196.647199][ T4255] usb 10-1: New USB device found, idVendor=05ac, idProduct=0247, bcdDevice= 0.00 [ 196.657476][ T4255] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 196.671983][ T22] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 196.683772][ T4255] usb 10-1: config 0 descriptor?? [ 196.689817][ T22] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 196.700171][ T22] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 196.713084][ T22] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 196.724229][ T7284] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22 [ 197.144014][ T4255] apple 0003:05AC:0247.0005: unexpected long global item [ 197.151940][ T4255] apple 0003:05AC:0247.0005: parse failed [ 197.158008][ T4255] apple: probe of 0003:05AC:0247.0005 failed with error -22 [ 197.400581][ T125] usb 2-1: USB disconnect, device number 6 [ 197.893859][ T4323] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 198.086475][ T4323] usb 4-1: Using ep0 maxpacket: 8 [ 198.095499][ T4323] usb 4-1: New USB device found, idVendor=2040, idProduct=d300, bcdDevice=16.b3 [ 198.153270][ T7329] loop1: detected capacity change from 0 to 1024 [ 198.189402][ T4323] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 198.230242][ T4323] usb 4-1: Product: syz [ 198.234470][ T4323] usb 4-1: Manufacturer: syz [ 198.253624][ T4323] usb 4-1: SerialNumber: syz [ 198.365052][ T4323] usb 4-1: config 0 descriptor?? [ 198.478868][ T7348] netlink: 104 bytes leftover after parsing attributes in process `syz.6.865'. [ 198.490845][ T7349] device ipvlan2 entered promiscuous mode [ 198.736601][ T6240] hfsplus: b-tree write err: -5, ino 4 [ 198.785009][ T4323] msi2500 4-1:0.0: Registered as swradio24 [ 198.803599][ T7356] overlayfs: failed to resolve './file0': -2 [ 198.809995][ T4323] msi2500 4-1:0.0: SDR API is still slightly experimental and functionality changes may follow [ 198.848087][ T4323] usb 4-1: USB disconnect, device number 12 [ 198.868554][ T7358] loop6: detected capacity change from 0 to 7 [ 198.886867][ T7286] Dev loop6: unable to read RDB block 7 [ 198.893825][ T7286] loop6: AHDI p3 [ 198.908313][ T7286] loop6: partition table partially beyond EOD, truncated [ 198.926421][ T7358] Dev loop6: unable to read RDB block 7 [ 198.935567][ T7358] loop6: AHDI p3 [ 198.939573][ T7358] loop6: partition table partially beyond EOD, truncated [ 199.380461][ T4255] usb 10-1: USB disconnect, device number 6 [ 199.783765][ T7389] loop1: detected capacity change from 0 to 512 [ 199.814641][ T7389] EXT4-fs: Ignoring removed mblk_io_submit option [ 199.826025][ T7389] EXT4-fs: Ignoring removed mblk_io_submit option [ 199.869981][ T7389] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem [ 199.882983][ T7389] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a002c11c, mo2=0002] [ 199.891159][ T7389] System zones: 1-12 [ 199.973627][ T7389] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2195: inode #15: comm syz.1.883: corrupted in-inode xattr [ 199.991457][ T7389] EXT4-fs error (device loop1): ext4_orphan_get:1405: comm syz.1.883: couldn't read orphan inode 15 (err -117) [ 200.024213][ T7389] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 200.087911][ T7389] EXT4-fs warning (device loop1): dx_probe:833: inode #2: comm syz.1.883: Unrecognised inode hash code 4 [ 200.115458][ T7389] EXT4-fs warning (device loop1): dx_probe:966: inode #2: comm syz.1.883: Corrupt directory, running e2fsck is recommended [ 200.204024][ T5964] EXT4-fs (loop1): unmounting filesystem. [ 200.364993][ T6238] netdevsim netdevsim6 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 200.406360][ T6238] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 200.534005][ T6238] netdevsim netdevsim6 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 200.547036][ T6238] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 200.686450][ T6238] netdevsim netdevsim6 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 200.717664][ T6238] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 200.728477][ T4255] usb 2-1: new full-speed USB device number 7 using dummy_hcd [ 200.836763][ T6238] netdevsim netdevsim6 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 200.876750][ T6238] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 200.958798][ T4255] usb 2-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0 [ 200.969609][ T4255] usb 2-1: config 0 interface 0 altsetting 16 has 2 endpoint descriptors, different from the interface descriptor's value: 21 [ 200.986205][ T4255] usb 2-1: config 0 interface 0 has no altsetting 0 [ 200.993122][ T4255] usb 2-1: New USB device found, idVendor=1b1c, idProduct=1d00, bcdDevice= 0.00 [ 201.002848][ T4255] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 201.021129][ T4255] usb 2-1: config 0 descriptor?? [ 201.055616][ T4264] bond0: (slave syz_tun): Releasing backup interface [ 201.145115][ T4270] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 201.157649][ T4270] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 201.166664][ T4270] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 201.199390][ T4270] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 201.207223][ T4270] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 201.216863][ T4270] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 201.843809][ T4255] corsair-cpro 0003:1B1C:1D00.0006: hidraw0: USB HID v0.00 Device [HID 1b1c:1d00] on usb-dummy_hcd.1-1/input0 [ 202.199757][ T7413] chnl_net:caif_netlink_parms(): no params data found [ 202.272939][ T4255] corsair-cpro: probe of 0003:1B1C:1D00.0006 failed with error -110 [ 202.306245][ T4255] usb 2-1: USB disconnect, device number 7 [ 202.495512][ T7428] fido_id[7428]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 202.523817][ T4281] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 202.524276][ T7434] loop9: detected capacity change from 0 to 256 [ 202.538860][ T4281] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 202.548272][ T4281] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 202.559255][ T7413] bridge0: port 1(bridge_slave_0) entered blocking state [ 202.567481][ T4281] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 202.575462][ T4281] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 202.577949][ T7434] FAT-fs (loop9): Unrecognized mount option "uni_xlate=codepage=864" or missing value [ 202.593159][ T4272] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 202.641686][ T7413] bridge0: port 1(bridge_slave_0) entered disabled state [ 202.649650][ T7413] device bridge_slave_0 entered promiscuous mode [ 202.789863][ T7413] bridge0: port 2(bridge_slave_1) entered blocking state [ 202.799895][ T7413] bridge0: port 2(bridge_slave_1) entered disabled state [ 202.818790][ T7413] device bridge_slave_1 entered promiscuous mode [ 203.028833][ T7413] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 203.154577][ T7413] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 203.431654][ T4270] Bluetooth: hci0: command 0x0409 tx timeout [ 203.450417][ T7413] team0: Port device team_slave_0 added [ 203.530045][ T7413] team0: Port device team_slave_1 added [ 203.772387][ T7413] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 203.823087][ T7413] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 203.866233][ T7413] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 203.881704][ T0] NOHZ tick-stop error: local softirq work is pending, handler #208!!! [ 203.927441][ T6238] device hsr_slave_0 left promiscuous mode [ 203.934995][ T6238] device hsr_slave_1 left promiscuous mode [ 203.943865][ T6238] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 203.955211][ T6238] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 203.964233][ T6238] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 203.972489][ T6238] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 203.981884][ T6238] device bridge_slave_1 left promiscuous mode [ 204.013150][ T6238] bridge0: port 2(bridge_slave_1) entered disabled state [ 204.030001][ T6238] device bridge_slave_0 left promiscuous mode [ 204.039020][ T6238] bridge0: port 1(bridge_slave_0) entered disabled state [ 204.103504][ T6238] device veth1_macvtap left promiscuous mode [ 204.110094][ T6238] device veth0_macvtap left promiscuous mode [ 204.116843][ T6238] device veth1_vlan left promiscuous mode [ 204.122846][ T6238] device veth0_vlan left promiscuous mode [ 204.597581][ T7473] loop9: detected capacity change from 0 to 40427 [ 204.645136][ T7473] F2FS-fs (loop9): invalid crc value [ 204.699201][ T7473] F2FS-fs (loop9): Found nat_bits in checkpoint [ 204.758612][ T7473] F2FS-fs (loop9): Mounted with checkpoint version = 48b305e5 [ 204.811298][ T4270] Bluetooth: hci2: command 0x0409 tx timeout [ 204.858250][ T26] audit: type=1804 audit(1755798436.612:18): pid=7473 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.9.915" name="/newroot/79/file0/file1" dev="loop9" ino=10 res=1 errno=0 [ 204.991714][ T7481] Bluetooth: MGMT ver 1.22 [ 205.021451][ T5899] syz-executor: attempt to access beyond end of device [ 205.021451][ T5899] loop9: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 205.655265][ T4270] Bluetooth: hci0: command 0x041b tx timeout [ 205.662177][ T6238] team0 (unregistering): Port device team_slave_1 removed [ 205.724182][ T6238] team0 (unregistering): Port device team_slave_0 removed [ 205.836985][ T6238] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 205.906967][ T6238] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 206.081334][ T4255] kernel read not supported for file /admmidi2 (pid: 4255 comm: kworker/1:3) [ 206.677519][ T7506] loop1: detected capacity change from 0 to 40427 [ 206.719580][ T7506] F2FS-fs (loop1): invalid crc value [ 206.753480][ T7506] F2FS-fs (loop1): Found nat_bits in checkpoint [ 206.820645][ T7506] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 206.940044][ T26] audit: type=1804 audit(1755798438.549:19): pid=7506 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.928" name="/newroot/69/file0/file1" dev="loop1" ino=10 res=1 errno=0 [ 206.994059][ T5964] syz-executor: attempt to access beyond end of device [ 206.994059][ T5964] loop1: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 207.032477][ T4270] Bluetooth: hci2: command 0x041b tx timeout [ 207.149434][ T6238] bond0 (unregistering): Released all slaves [ 207.312604][ T7413] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 207.319770][ T7413] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 207.348653][ T7413] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 207.420698][ T7521] netlink: 4 bytes leftover after parsing attributes in process `syz.1.932'. [ 207.541128][ T7413] device hsr_slave_0 entered promiscuous mode [ 207.598721][ T7413] device hsr_slave_1 entered promiscuous mode [ 207.616240][ T7413] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 207.624666][ T7413] Cannot create hsr debugfs directory [ 207.786449][ T7432] chnl_net:caif_netlink_parms(): no params data found [ 207.889167][ T4270] Bluetooth: hci0: command 0x040f tx timeout [ 208.051364][ T7432] bridge0: port 1(bridge_slave_0) entered blocking state [ 208.067909][ T7432] bridge0: port 1(bridge_slave_0) entered disabled state [ 208.079590][ T7432] device bridge_slave_0 entered promiscuous mode [ 208.194718][ T7413] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 208.222460][ T7432] bridge0: port 2(bridge_slave_1) entered blocking state [ 208.231325][ T7432] bridge0: port 2(bridge_slave_1) entered disabled state [ 208.249228][ T7432] device bridge_slave_1 entered promiscuous mode [ 208.334208][ T7413] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 208.374602][ T7432] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 208.458862][ T7413] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 208.484945][ T7432] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 208.565886][ T7413] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 208.588459][ T7432] team0: Port device team_slave_0 added [ 208.607321][ T7432] team0: Port device team_slave_1 added [ 208.646635][ T7432] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 208.684674][ T7432] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 208.722361][ T7432] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 208.746004][ T7432] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 208.753153][ T7432] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 208.781992][ T7432] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 208.833821][ T6238] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 208.888565][ T7432] device hsr_slave_0 entered promiscuous mode [ 208.895770][ T7432] device hsr_slave_1 entered promiscuous mode [ 208.902413][ T7432] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 208.918659][ T7432] Cannot create hsr debugfs directory [ 208.954711][ T6238] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 209.022003][ T6238] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 209.066891][ T7413] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 209.092601][ T7413] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 209.120380][ T6238] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 209.134771][ T7413] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 209.154527][ T7413] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 209.254765][ T4270] Bluetooth: hci2: command 0x040f tx timeout [ 209.398953][ T6238] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 209.410062][ T6238] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 209.517613][ T6238] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 209.528775][ T6238] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 209.617853][ T6238] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 209.628313][ T6238] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 209.646566][ T7413] 8021q: adding VLAN 0 to HW filter on device bond0 [ 209.746740][ T6238] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 209.757631][ T6238] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 209.773000][ T6258] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 209.783774][ T6258] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 209.795145][ T7413] 8021q: adding VLAN 0 to HW filter on device team0 [ 209.805990][ T6240] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 209.817056][ T6240] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 209.826705][ T6240] bridge0: port 1(bridge_slave_0) entered blocking state [ 209.833949][ T6240] bridge0: port 1(bridge_slave_0) entered forwarding state [ 209.842579][ T6240] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 209.867795][ T6240] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 209.876921][ T6240] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 209.885851][ T6240] bridge0: port 2(bridge_slave_1) entered blocking state [ 209.893184][ T6240] bridge0: port 2(bridge_slave_1) entered forwarding state [ 209.908364][ T6240] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 209.919954][ T6240] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 209.952970][ T6240] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 209.964808][ T6240] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 209.973465][ T6240] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 210.007119][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 210.021362][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 210.040871][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 210.061488][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 210.078150][ T5507] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 210.099196][ T5507] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 210.114191][ T4270] Bluetooth: hci0: command 0x0419 tx timeout [ 210.135950][ T7413] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 210.406747][ T6240] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 210.414699][ T6240] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 210.466801][ T7413] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 210.835286][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 210.844668][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 210.968061][ T7432] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 210.978783][ T7432] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 210.988455][ T7432] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 210.997016][ T5507] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 211.009832][ T5507] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 211.019873][ T5507] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 211.029276][ T5507] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 211.040050][ T7413] device veth0_vlan entered promiscuous mode [ 211.085202][ T7432] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 211.106920][ T7413] device veth1_vlan entered promiscuous mode [ 211.153678][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 211.162386][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 211.170586][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 211.180821][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 211.241470][ T7413] device veth0_macvtap entered promiscuous mode [ 211.260209][ T7413] device veth1_macvtap entered promiscuous mode [ 211.345204][ T7432] 8021q: adding VLAN 0 to HW filter on device bond0 [ 211.359147][ T7413] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 211.370164][ T7413] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 211.381372][ T7413] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 211.394090][ T7413] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 211.404409][ T7413] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 211.415091][ T7413] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 211.425345][ T7413] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 211.436156][ T7413] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 211.446182][ T7413] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 211.456990][ T7413] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 211.467593][ T7413] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 211.478809][ T7413] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 211.481799][ T4270] Bluetooth: hci2: command 0x0419 tx timeout [ 211.490969][ T7413] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 211.510056][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 211.520569][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 211.535933][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 211.544929][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 211.565115][ T6240] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 211.573869][ T6240] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 211.643182][ T7432] 8021q: adding VLAN 0 to HW filter on device team0 [ 211.650561][ T7413] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 211.661281][ T7413] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 211.672159][ T7413] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 211.682949][ T7413] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 211.693340][ T7413] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 211.704160][ T7413] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 211.714226][ T7413] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 211.725084][ T7413] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 211.736626][ T7413] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 211.747777][ T7413] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 211.758552][ T7413] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 211.769234][ T7413] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 211.781312][ T7413] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 211.791950][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 211.800729][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 211.830251][ T7413] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 211.840763][ T7413] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 211.849925][ T7413] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 211.859474][ T7413] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 211.872267][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 211.881427][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 211.890426][ T51] bridge0: port 1(bridge_slave_0) entered blocking state [ 211.897682][ T51] bridge0: port 1(bridge_slave_0) entered forwarding state [ 211.906940][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 211.980393][ T6258] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 211.990427][ T6258] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 212.000375][ T6258] bridge0: port 2(bridge_slave_1) entered blocking state [ 212.007901][ T6258] bridge0: port 2(bridge_slave_1) entered forwarding state [ 212.045595][ T6258] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 212.056672][ T6258] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 212.079081][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 212.112468][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 212.187928][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 212.197736][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 212.206710][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 212.218559][ T6258] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 212.227521][ T6258] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 212.281399][ T6238] device hsr_slave_0 left promiscuous mode [ 212.288794][ T6238] device hsr_slave_1 left promiscuous mode [ 212.298117][ T6238] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 212.306000][ T6238] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 212.313742][ T6238] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 212.322229][ T6238] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 212.330991][ T6238] device bridge_slave_1 left promiscuous mode [ 212.337507][ T6238] bridge0: port 2(bridge_slave_1) entered disabled state [ 212.346344][ T6238] device bridge_slave_0 left promiscuous mode [ 212.353442][ T6238] bridge0: port 1(bridge_slave_0) entered disabled state [ 212.367488][ T6238] device hsr_slave_0 left promiscuous mode [ 212.374140][ T6238] device hsr_slave_1 left promiscuous mode [ 212.380895][ T6238] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 212.388430][ T6238] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 212.396889][ T6238] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 212.405051][ T6238] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 212.431532][ T6238] bridge0: port 2(bridge_slave_1) entered disabled state [ 212.442410][ T6238] device bridge_slave_0 left promiscuous mode [ 212.449097][ T6238] bridge0: port 1(bridge_slave_0) entered disabled state [ 212.497758][ T6238] device veth1_macvtap left promiscuous mode [ 212.504194][ T6238] device veth0_macvtap left promiscuous mode [ 212.511417][ T6238] device veth1_vlan left promiscuous mode [ 212.517228][ T6238] device veth0_vlan left promiscuous mode [ 212.524503][ T6238] device veth1_macvtap left promiscuous mode [ 212.531162][ T6238] device veth0_macvtap left promiscuous mode [ 212.537704][ T6238] device veth1_vlan left promiscuous mode [ 212.544066][ T6238] device veth0_vlan left promiscuous mode [ 213.229999][ T6238] team0 (unregistering): Port device team_slave_1 removed [ 213.289067][ T6238] team0 (unregistering): Port device team_slave_0 removed [ 213.347352][ T6238] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 213.412023][ T6238] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 214.025586][ T6238] bond0 (unregistering): Released all slaves [ 214.587128][ T6238] team0 (unregistering): Port device team_slave_1 removed [ 214.651079][ T6238] team0 (unregistering): Port device team_slave_0 removed [ 214.703246][ T6238] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 214.760123][ T6238] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 215.390793][ T6238] bond0 (unregistering): Released all slaves [ 215.540534][ T6240] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 215.555489][ T6258] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 215.563928][ T6258] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 215.567441][ T6240] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 215.591386][ T6240] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 215.602687][ T7432] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 215.684782][ T6256] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 215.693167][ T6256] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 215.715834][ T6258] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 215.941163][ T7577] netlink: 16 bytes leftover after parsing attributes in process `syz.5.892'. [ 216.211203][ T7551] kernel write not supported for file bpf-prog (pid: 7551 comm: kworker/0:8) [ 216.393686][ T6240] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 216.431040][ T6240] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 216.481598][ T7432] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 216.603434][ T6258] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 216.632608][ T6258] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 216.665245][ T7599] overlayfs: failed to clone upperpath [ 216.686354][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 216.709645][ T125] usb 10-1: new high-speed USB device number 7 using dummy_hcd [ 216.732234][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 216.764687][ T7432] device veth0_vlan entered promiscuous mode [ 216.788197][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 216.802167][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 216.828238][ T7432] device veth1_vlan entered promiscuous mode [ 216.905350][ T6258] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 216.933595][ T6258] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 216.947244][ T125] usb 10-1: unable to get BOS descriptor or descriptor too short [ 216.965218][ T125] usb 10-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 216.988371][ T7432] device veth0_macvtap entered promiscuous mode [ 217.003200][ T7588] loop5: detected capacity change from 0 to 40427 [ 217.014062][ T7432] device veth1_macvtap entered promiscuous mode [ 217.023566][ T125] usb 10-1: New USB device found, idVendor=046d, idProduct=c539, bcdDevice= 0.40 [ 217.059373][ T7588] F2FS-fs (loop5): invalid crc value [ 217.068252][ T125] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 217.080719][ T7432] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 217.091691][ T125] usb 10-1: Product: syz [ 217.103315][ T7432] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 217.104535][ T125] usb 10-1: Manufacturer: syz [ 217.122925][ T7432] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 217.125007][ T125] usb 10-1: SerialNumber: syz [ 217.144345][ T7432] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 217.152111][ T125] usbhid 10-1:1.0: couldn't find an input interrupt endpoint [ 217.167115][ T7588] F2FS-fs (loop5): Found nat_bits in checkpoint [ 217.210795][ T7432] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 217.248036][ T7432] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 217.277909][ T7432] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 217.294021][ T7432] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 217.305905][ T7432] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 217.317170][ T7588] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 217.329379][ T7432] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 217.353756][ T7432] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 217.374900][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 217.388201][ T26] audit: type=1804 audit(1755798448.333:20): pid=7588 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.5.941" name="/newroot/1/file0/file1" dev="loop5" ino=10 res=1 errno=0 [ 217.392712][ T4308] usb 10-1: USB disconnect, device number 7 [ 217.417910][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 217.447882][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 217.470383][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 217.485719][ T7413] syz-executor: attempt to access beyond end of device [ 217.485719][ T7413] loop5: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 217.494970][ T7432] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 217.514913][ T7432] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 217.525389][ T7432] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 217.543713][ T7432] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 217.566844][ T7432] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 217.582082][ T7432] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 217.595066][ T7432] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 217.611665][ T7432] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 217.625074][ T7432] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 217.654315][ T7432] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 217.670753][ T7432] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 217.688744][ T6258] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 217.704931][ T6258] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 217.722980][ T7432] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 217.736035][ T7432] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 217.744946][ T7432] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 217.760117][ T7432] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 217.957488][ T7618] netlink: 4 bytes leftover after parsing attributes in process `syz.1.960'. [ 217.967387][ T5507] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 217.988570][ T5507] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 218.031172][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 218.086017][ T5507] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 218.106565][ T5507] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 218.151157][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 218.152137][ T7621] loop9: detected capacity change from 0 to 256 [ 218.177422][ T7621] exFAT-fs (loop9): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 218.189928][ T7621] exFAT-fs (loop9): Medium has reported failures. Some data may be lost. [ 218.203584][ T7621] exFAT-fs (loop9): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 218.325527][ T7626] netlink: 4 bytes leftover after parsing attributes in process `syz.2.901'. [ 218.430556][ T41] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 218.471085][ T7628] loop1: detected capacity change from 0 to 4096 [ 218.645256][ T7633] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 218.651943][ T41] usb 6-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 218.708645][ T41] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 218.751002][ T41] usb 6-1: Product: syz [ 218.766676][ T41] usb 6-1: Manufacturer: syz [ 218.771412][ T41] usb 6-1: SerialNumber: syz [ 218.796643][ T41] usb 6-1: config 0 descriptor?? [ 219.123059][ T4319] usb 6-1: USB disconnect, device number 4 [ 220.761226][ T41] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 220.976512][ T41] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 221.006914][ T41] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 221.035431][ T7694] loop9: detected capacity change from 0 to 32768 [ 221.038572][ T41] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 221.070127][ T41] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 221.090679][ T41] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 221.112599][ T41] usb 2-1: config 0 descriptor?? [ 221.206794][ T7694] XFS (loop9): Mounting V5 Filesystem [ 221.274265][ T4319] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 221.305578][ T7694] XFS (loop9): Ending clean mount [ 221.458904][ T5899] XFS (loop9): Unmounting Filesystem [ 221.488348][ T4319] usb 6-1: Using ep0 maxpacket: 16 [ 221.498183][ T4319] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 221.527314][ T4319] usb 6-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 221.537003][ T4319] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 221.556356][ T4319] usb 6-1: config 0 descriptor?? [ 221.581118][ T41] plantronics 0003:047F:FFFF.0007: No inputs registered, leaving [ 221.603306][ T41] plantronics 0003:047F:FFFF.0007: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 221.982822][ T7734] loop9: detected capacity change from 0 to 2048 [ 222.007098][ T7734] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 222.035166][ T4319] mcp2221 0003:04D8:00DD.0008: unknown main item tag 0x0 [ 222.043214][ T4319] mcp2221 0003:04D8:00DD.0008: unknown main item tag 0x0 [ 222.061390][ T4319] mcp2221 0003:04D8:00DD.0008: unknown main item tag 0x0 [ 222.070805][ T4319] mcp2221 0003:04D8:00DD.0008: unknown main item tag 0x0 [ 222.086458][ T4319] mcp2221 0003:04D8:00DD.0008: unknown main item tag 0x0 [ 222.104484][ T4319] mcp2221 0003:04D8:00DD.0008: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.5-1/input0 [ 222.279471][ T4319] usb 6-1: USB disconnect, device number 5 [ 222.419559][ T7742] netlink: 'syz.9.1007': attribute type 5 has an invalid length. [ 222.898894][ T7758] loop9: detected capacity change from 0 to 1024 [ 222.926783][ T7758] EXT4-fs: Ignoring removed oldalloc option [ 222.949755][ T7758] EXT4-fs: Ignoring removed bh option [ 222.980535][ T7758] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 223.059730][ T4319] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 223.080612][ T7758] EXT4-fs (loop9): mounted filesystem without journal. Quota mode: writeback. [ 223.178489][ T7758] EXT4-fs error (device loop9): ext4_mb_mark_diskspace_used:3841: comm syz.9.1014: Allocating blocks 385-513 which overlap fs metadata [ 223.198543][ T22] usb 2-1: reset high-speed USB device number 8 using dummy_hcd [ 223.267928][ T4319] usb 3-1: config 0 has no interfaces? [ 223.278932][ T4319] usb 3-1: New USB device found, idVendor=0582, idProduct=0029, bcdDevice=bb.9d [ 223.299807][ T4319] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 223.335971][ T4319] usb 3-1: config 0 descriptor?? [ 223.401755][ T7757] EXT4-fs (loop9): pa ffff888073f92b60: logic 16, phys. 129, len 24 [ 223.410725][ T7757] EXT4-fs error (device loop9): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 8 [ 223.493042][ T5899] EXT4-fs (loop9): unmounting filesystem. [ 223.599801][ T4319] usb 3-1: USB disconnect, device number 4 [ 224.064204][ T7789] device veth0 entered promiscuous mode [ 224.080495][ T7789] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1026'. [ 224.114644][ T7791] loop1: detected capacity change from 0 to 512 [ 224.131383][ T41] usb 2-1: USB disconnect, device number 8 [ 224.213660][ T7791] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 224.234666][ T7791] ext4 filesystem being mounted at /88/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 224.279001][ T7796] loop2: detected capacity change from 0 to 64 [ 224.289513][ T7796] hfs: unable to locate alternate MDB [ 224.295405][ T7796] hfs: continuing without an alternate MDB [ 224.564014][ T5964] EXT4-fs (loop1): unmounting filesystem. [ 224.693479][ T7799] netlink: 'syz.0.1029': attribute type 10 has an invalid length. [ 224.725311][ T7799] bridge0: port 2(bridge_slave_1) entered disabled state [ 224.779227][ T7799] device bridge_slave_1 left promiscuous mode [ 224.800402][ T7799] bridge0: port 2(bridge_slave_1) entered disabled state [ 224.900114][ T7799] bond0: (slave bridge_slave_1): Enslaving as an active interface with an up link [ 225.200160][ T7811] loop5: detected capacity change from 0 to 512 [ 225.323107][ T7811] EXT4-fs error (device loop5): ext4_orphan_get:1400: inode #15: comm syz.5.1036: casefold flag without casefold feature [ 225.417455][ T7811] EXT4-fs error (device loop5): ext4_orphan_get:1405: comm syz.5.1036: couldn't read orphan inode 15 (err -117) [ 225.476309][ T7811] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 225.540200][ T6265] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 225.567437][ T6265] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 225.628600][ T7413] EXT4-fs (loop5): unmounting filesystem. [ 225.777205][ T6265] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 225.829513][ T7826] loop5: detected capacity change from 0 to 512 [ 225.837321][ T6265] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 225.866814][ T7826] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 226.134209][ T7826] EXT4-fs (loop5): 1 truncate cleaned up [ 226.180009][ T7826] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 226.304591][ T6265] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 226.368619][ T6265] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 226.425104][ T7826] EXT4-fs (loop5): unmounting filesystem. [ 226.616510][ T4281] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 226.631641][ T4281] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 226.642215][ T4281] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 226.673264][ T4272] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 226.675665][ T6265] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 226.716836][ T4281] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 226.726612][ T4281] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 226.776553][ T6265] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 227.259782][ T7864] sctp: [Deprecated]: syz.2.1058 (pid 7864) Use of int in max_burst socket option deprecated. [ 227.259782][ T7864] Use struct sctp_assoc_value instead [ 227.472039][ T7840] chnl_net:caif_netlink_parms(): no params data found [ 227.657418][ T7868] loop9: detected capacity change from 0 to 40427 [ 227.667526][ T7868] F2FS-fs (loop9): Insane cp_payload (553648128 >= 504) [ 227.681527][ T7868] F2FS-fs (loop9): Can't find valid F2FS filesystem in 1th superblock [ 227.690541][ T7868] F2FS-fs (loop9): build fault injection attr: rate: 17008, type: 0x3ffff [ 227.699128][ T7868] F2FS-fs (loop9): build fault injection attr: rate: 0, type: 0x6 [ 227.707311][ T7868] F2FS-fs (loop9): build fault injection attr: rate: 0, type: 0x5 [ 227.718256][ T7868] F2FS-fs (loop9): invalid crc value [ 227.739771][ T7868] F2FS-fs (loop9): Found nat_bits in checkpoint [ 227.817922][ T7868] F2FS-fs (loop9): Try to recover 1th superblock, ret: 0 [ 227.819020][ T7840] bridge0: port 1(bridge_slave_0) entered blocking state [ 227.839400][ T7868] F2FS-fs (loop9): Mounted with checkpoint version = 48b305e5 [ 227.878078][ T7840] bridge0: port 1(bridge_slave_0) entered disabled state [ 227.925221][ T7840] device bridge_slave_0 entered promiscuous mode [ 227.980249][ T7840] bridge0: port 2(bridge_slave_1) entered blocking state [ 227.988796][ T7840] bridge0: port 2(bridge_slave_1) entered disabled state [ 227.998846][ T5899] syz-executor: attempt to access beyond end of device [ 227.998846][ T5899] loop9: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 228.018745][ T7840] device bridge_slave_1 entered promiscuous mode [ 228.105071][ T7840] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 228.210685][ T7840] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 228.381253][ T7840] team0: Port device team_slave_0 added [ 228.498721][ T7840] team0: Port device team_slave_1 added [ 228.560234][ T7890] netlink: 4 bytes leftover after parsing attributes in process `syz.9.1063'. [ 228.668633][ T7840] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 228.686667][ T7884] loop2: detected capacity change from 0 to 32768 [ 228.688373][ T7840] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 228.728943][ T7884] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 scanned by syz.2.1064 (7884) [ 228.734432][ T7840] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 228.918384][ T4281] Bluetooth: hci1: command 0x0409 tx timeout [ 228.939662][ T7884] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 228.973950][ T7884] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 228.982345][ T7888] loop5: detected capacity change from 0 to 32768 [ 229.014822][ T7840] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 229.021277][ T7888] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 scanned by syz.5.1065 (7888) [ 229.021884][ T7840] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 229.067973][ T7884] BTRFS info (device loop2): force clearing of disk cache [ 229.077197][ T7884] BTRFS info (device loop2): disabling tree log [ 229.126648][ T7884] BTRFS info (device loop2): enabling auto defrag [ 229.141536][ T7884] BTRFS info (device loop2): metadata ratio 8 [ 229.152802][ T7840] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 229.164518][ T7888] BTRFS info (device loop5): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 229.180494][ T7888] BTRFS info (device loop5): using crc32c (crc32c-intel) checksum algorithm [ 229.193944][ T7884] BTRFS info (device loop2): enabling disk space caching [ 229.201321][ T7888] BTRFS info (device loop5): turning on async discard [ 229.201537][ T7888] BTRFS info (device loop5): using free space tree [ 229.226077][ T7884] BTRFS info (device loop2): disk space caching is enabled [ 229.467805][ T7840] device hsr_slave_0 entered promiscuous mode [ 229.482654][ T7884] BTRFS info (device loop2): enabling ssd optimizations [ 229.497181][ T7840] device hsr_slave_1 entered promiscuous mode [ 229.510509][ T7888] BTRFS info (device loop5): enabling ssd optimizations [ 229.535929][ T7884] BTRFS info (device loop2): rebuilding free space tree [ 229.569235][ T7840] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 229.593067][ T7840] Cannot create hsr debugfs directory [ 229.716455][ T6265] device hsr_slave_0 left promiscuous mode [ 229.749021][ T6265] device hsr_slave_1 left promiscuous mode [ 229.763550][ T6265] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 229.771828][ T6265] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 229.781832][ T7884] BTRFS info (device loop2): disabling free space tree [ 229.789847][ T7884] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 229.806589][ T6265] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 229.816193][ T6265] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 229.828658][ T7884] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 229.858960][ T6265] device bridge_slave_1 left promiscuous mode [ 229.877464][ T6265] bridge0: port 2(bridge_slave_1) entered disabled state [ 229.925042][ T6265] device bridge_slave_0 left promiscuous mode [ 229.944673][ T6265] bridge0: port 1(bridge_slave_0) entered disabled state [ 230.076661][ T7413] BTRFS info (device loop5): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 230.117525][ T6238] BTRFS info (device loop2): qgroup scan completed (inconsistency flag cleared) [ 230.178895][ T6265] device veth1_macvtap left promiscuous mode [ 230.206985][ T6265] device veth0_macvtap left promiscuous mode [ 230.223938][ T6265] device veth1_vlan left promiscuous mode [ 230.229889][ T6265] device veth0_vlan left promiscuous mode [ 230.283899][ T7567] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 10 /dev/loop5 scanned by udevd (7567) [ 230.673162][ T7432] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 231.141971][ T4270] Bluetooth: hci1: command 0x041b tx timeout [ 231.655568][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 231.664443][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 232.157351][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 232.254426][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 232.431870][ T6265] team0 (unregistering): Port device team_slave_1 removed [ 232.543079][ T6265] team0 (unregistering): Port device team_slave_0 removed [ 232.629033][ T6265] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 232.691259][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 232.699702][ T0] NOHZ tick-stop error: local softirq work is pending, handler #282!!! [ 232.726093][ T6265] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 233.009015][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 233.369027][ T4270] Bluetooth: hci1: command 0x040f tx timeout [ 234.117365][ T6265] bond0 (unregistering): Released all slaves [ 235.471489][ T7967] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 235.499825][ T7840] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 235.517011][ T7840] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 235.529836][ T7840] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 235.540764][ T7840] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 235.599904][ T4270] Bluetooth: hci1: command 0x0419 tx timeout [ 235.674472][ T7967] usb 6-1: Using ep0 maxpacket: 16 [ 235.682390][ T7967] usb 6-1: config 0 has an invalid interface number: 1 but max is 0 [ 235.691407][ T7967] usb 6-1: config 0 has no interface number 0 [ 235.704811][ T7967] usb 6-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 235.715215][ T7967] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 235.719523][ T7840] 8021q: adding VLAN 0 to HW filter on device bond0 [ 235.723716][ T7967] usb 6-1: Product: syz [ 235.735221][ T7967] usb 6-1: Manufacturer: syz [ 235.742138][ T7967] usb 6-1: SerialNumber: syz [ 235.764448][ T6238] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 235.779452][ T7967] usb 6-1: config 0 descriptor?? [ 235.787897][ T6238] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 235.799116][ T7967] gspca_main: spca1528-2.14.0 probing 04fc:1528 [ 235.810169][ T7840] 8021q: adding VLAN 0 to HW filter on device team0 [ 235.844058][ T6238] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 235.881184][ T6238] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 235.902022][ T6238] bridge0: port 1(bridge_slave_0) entered blocking state [ 235.909312][ T6238] bridge0: port 1(bridge_slave_0) entered forwarding state [ 235.935840][ T6238] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 235.968772][ T6238] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 235.985491][ T8032] block nbd2: NBD_DISCONNECT [ 235.999936][ T6238] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 236.003960][ T8032] block nbd2: Send disconnect failed -22 [ 236.036415][ T8032] block nbd2: Disconnected due to user request. [ 236.037725][ T6238] bridge0: port 2(bridge_slave_1) entered blocking state [ 236.050174][ T6238] bridge0: port 2(bridge_slave_1) entered forwarding state [ 236.071060][ T8032] block nbd2: shutting down sockets [ 236.089605][ T6238] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 236.120032][ T6238] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 236.175813][ T6238] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 236.213259][ T6238] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 236.243501][ T6238] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 236.261609][ T6238] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 236.321332][ T6238] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 236.334215][ T6238] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 236.346079][ T6238] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 236.366785][ T6238] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 236.378383][ T6238] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 236.395733][ T7840] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 236.887465][ T7967] gspca_spca1528: reg_w err -71 [ 236.894837][ T7967] spca1528: probe of 6-1:0.1 failed with error -71 [ 236.929550][ T7967] usb 6-1: USB disconnect, device number 6 [ 236.966825][ T22] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 237.043515][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 237.051727][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 237.076696][ T7840] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 237.135147][ T8052] loop9: detected capacity change from 0 to 32768 [ 237.160846][ T8052] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop9 scanned by syz.9.1108 (8052) [ 237.183933][ T22] usb 3-1: Using ep0 maxpacket: 32 [ 237.191594][ T22] usb 3-1: config 0 has an invalid interface number: 51 but max is 0 [ 237.206585][ T22] usb 3-1: config 0 has no interface number 0 [ 237.215955][ T8052] BTRFS info (device loop9): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 237.222366][ T22] usb 3-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 237.238007][ T22] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 237.243891][ T8052] BTRFS info (device loop9): using blake2b (blake2b-256-generic) checksum algorithm [ 237.247423][ T22] usb 3-1: Product: syz [ 237.260751][ T22] usb 3-1: Manufacturer: syz [ 237.266337][ T22] usb 3-1: SerialNumber: syz [ 237.276572][ T8052] BTRFS info (device loop9): using free space tree [ 237.280384][ T22] usb 3-1: config 0 descriptor?? [ 237.298782][ T22] quatech2 3-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 237.352833][ T8052] BTRFS info (device loop9): enabling ssd optimizations [ 237.402448][ T26] audit: type=1800 audit(1755798467.050:21): pid=8052 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.9.1108" name="file1" dev="loop9" ino=260 res=0 errno=0 [ 237.434887][ T26] audit: type=1800 audit(1755798467.069:22): pid=8052 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.9.1108" name="file1" dev="loop9" ino=260 res=0 errno=0 [ 237.672685][ T8085] loop5: detected capacity change from 0 to 1024 [ 237.750046][ T8049] device veth0_macvtap left promiscuous mode [ 237.763056][ T8085] Quota error (device loop5): do_check_range: Getting block 64 out of range 1-5 [ 237.786990][ T5899] BTRFS info (device loop9): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 237.792450][ T8085] Quota error (device loop5): qtree_read_dquot: Can't read quota structure for id 0 [ 237.821140][ T22] usb 3-1: qt2_attach - failed to power on unit: -71 [ 237.836327][ T22] quatech2: probe of 3-1:0.51 failed with error -71 [ 237.839653][ T8085] EXT4-fs error (device loop5): ext4_acquire_dquot:6814: comm syz.5.1113: Failed to acquire dquot type 0 [ 237.885154][ T22] usb 3-1: USB disconnect, device number 5 [ 237.917238][ T8090] "syz.0.1115" (8090) uses obsolete ecb(arc4) skcipher [ 237.969373][ T8090] syz.0.1115 sent an empty control message without MSG_MORE. [ 237.992951][ T8085] EXT4-fs error (device loop5): mb_free_blocks:1815: group 0, inode 13: block 144:freeing already freed block (bit 9); block bitmap corrupt. [ 238.045213][ T8085] EXT4-fs error (device loop5): ext4_do_update_inode:5254: inode #13: comm syz.5.1113: corrupted inode contents [ 238.120809][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 238.144955][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 238.164796][ T8085] EXT4-fs error (device loop5): ext4_dirty_inode:6119: inode #13: comm syz.5.1113: mark_inode_dirty error [ 238.180436][ T8085] EXT4-fs error (device loop5): ext4_do_update_inode:5254: inode #13: comm syz.5.1113: corrupted inode contents [ 238.205131][ T8085] EXT4-fs error (device loop5): __ext4_ext_dirty:202: inode #13: comm syz.5.1113: mark_inode_dirty error [ 238.227468][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 238.236342][ T8085] EXT4-fs error (device loop5): ext4_do_update_inode:5254: inode #13: comm syz.5.1113: corrupted inode contents [ 238.237525][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 238.269134][ T8085] EXT4-fs error (device loop5) in ext4_orphan_del:305: Corrupt filesystem [ 238.279302][ T7840] device veth0_vlan entered promiscuous mode [ 238.290766][ T8085] EXT4-fs error (device loop5): ext4_do_update_inode:5254: inode #13: comm syz.5.1113: corrupted inode contents [ 238.292730][ T7840] device veth1_vlan entered promiscuous mode [ 238.312746][ T8085] EXT4-fs error (device loop5): ext4_truncate:4312: inode #13: comm syz.5.1113: mark_inode_dirty error [ 238.332006][ T8085] EXT4-fs error (device loop5) in ext4_process_orphan:347: Corrupt filesystem [ 238.354708][ T8085] EXT4-fs (loop5): 1 truncate cleaned up [ 238.363233][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 238.386124][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 238.396935][ T8085] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 238.412628][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 238.487265][ T5507] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 238.508765][ T5507] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 238.531372][ T8085] EXT4-fs (loop5): re-mounted. Quota mode: writeback. [ 238.548889][ T5507] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 238.577128][ T7840] device veth0_macvtap entered promiscuous mode [ 238.621715][ T8085] EXT4-fs (loop5): warning: mounting fs with errors, running e2fsck is recommended [ 238.664224][ T7840] device veth1_macvtap entered promiscuous mode [ 238.688794][ T8085] EXT4-fs (loop5): re-mounted. Quota mode: writeback. [ 238.709736][ T7840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 238.713938][ T8100] binfmt_misc: register: failed to install interpreter file ./file2 [ 238.742290][ T7840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 238.763845][ T7840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 238.796157][ T7840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 238.811447][ T8111] loop2: detected capacity change from 0 to 1024 [ 238.818044][ T7840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 238.829207][ T7840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 238.841675][ T7840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 238.853357][ T7840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 238.863550][ T7840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 238.875849][ T7840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 238.898787][ T7413] EXT4-fs (loop5): unmounting filesystem. [ 238.906098][ T7840] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 238.916310][ T6265] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 238.925310][ T6265] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 238.932229][ T8111] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 238.933866][ T6265] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 238.952278][ T6265] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 238.964396][ T7840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 238.975866][ T7840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 238.985980][ T7840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 238.997353][ T7840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 239.007286][ T7840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 239.029977][ T7840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 239.075947][ T7840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 239.086895][ T7840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 239.097831][ T7840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 239.108771][ T7840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 239.129364][ T7840] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 239.140960][ T7840] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 239.157632][ T7840] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 239.168795][ T7840] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 239.209005][ T7840] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 239.239737][ T7432] EXT4-fs (loop2): unmounting filesystem. [ 239.248928][ T6265] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 239.263915][ T6265] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 239.443600][ T6265] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 239.475863][ T6265] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 239.535285][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 239.573725][ T6256] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 239.587053][ T6256] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 239.662207][ T8096] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 239.673199][ T6256] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 239.877581][ T8096] usb 6-1: config 0 has no interfaces? [ 239.885048][ T8096] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 239.922268][ T8096] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 239.950471][ T8096] usb 6-1: Product: syz [ 239.972037][ T8096] usb 6-1: Manufacturer: syz [ 239.995179][ T8096] usb 6-1: config 0 descriptor?? [ 240.257795][ T41] usb 6-1: USB disconnect, device number 7 [ 240.261454][ T8136] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1131'. [ 240.317023][ T8126] loop2: detected capacity change from 0 to 32768 [ 240.456285][ T8126] XFS (loop2): Mounting V5 Filesystem [ 240.617260][ T8126] XFS (loop2): Ending clean mount [ 240.619952][ T8141] loop9: detected capacity change from 0 to 32768 [ 240.658202][ T8126] XFS (loop2): Quotacheck needed: Please wait. [ 240.767340][ T8126] XFS (loop2): Quotacheck: Done. [ 240.811544][ T8141] XFS (loop9): Mounting V5 Filesystem [ 240.922870][ T8141] XFS (loop9): Ending clean mount [ 240.970939][ T8141] XFS (loop9): Quotacheck needed: Please wait. [ 241.001069][ T7967] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 241.062324][ T8141] XFS (loop9): Quotacheck: Done. [ 241.178223][ T5899] XFS (loop9): Unmounting Filesystem [ 241.179838][ T7432] XFS (loop2): Unmounting Filesystem [ 241.208916][ T7967] usb 6-1: config 0 has no interfaces? [ 241.263626][ T7967] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 241.274862][ T8162] loop4: detected capacity change from 0 to 512 [ 241.279323][ T7967] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 241.296562][ T7967] usb 6-1: Product: syz [ 241.300951][ T7967] usb 6-1: Manufacturer: syz [ 241.307899][ T7967] usb 6-1: config 0 descriptor?? [ 241.338848][ T8162] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem [ 241.501484][ T8162] EXT4-fs error (device loop4): ext4_validate_block_bitmap:429: comm syz.4.1134: bg 0: block 104: invalid block bitmap [ 241.531651][ T8162] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6170: Corrupt filesystem [ 241.555668][ T8162] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #11: comm syz.4.1134: invalid indirect mapped block 1 (level 1) [ 241.573687][ T7967] usb 6-1: USB disconnect, device number 8 [ 241.590352][ T8162] EXT4-fs (loop4): 1 truncate cleaned up [ 241.607953][ T8162] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 241.813352][ T7840] EXT4-fs (loop4): unmounting filesystem. [ 242.033292][ T8180] loop4: detected capacity change from 0 to 1024 [ 242.076075][ T8180] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 242.085450][ T8180] ext4 filesystem being mounted at /4/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 242.311252][ T7840] EXT4-fs (loop4): unmounting filesystem. [ 242.919301][ T8210] loop4: detected capacity change from 0 to 2048 [ 242.971061][ T8210] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024) [ 243.018396][ T8214] loop5: detected capacity change from 0 to 1024 [ 243.060046][ T8216] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1158'. [ 243.073682][ T8217] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 243.088644][ T8216] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1158'. [ 243.108934][ T8220] loop9: detected capacity change from 0 to 256 [ 243.172897][ T8214] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 243.331062][ T8214] EXT4-fs error (device loop5): ext4_mb_mark_diskspace_used:3841: comm syz.5.1157: Allocating blocks 497-513 which overlap fs metadata [ 243.602463][ T7413] EXT4-fs (loop5): unmounting filesystem. [ 243.725397][ T41] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 243.873044][ T8239] device gretap0 entered promiscuous mode [ 243.919807][ T8221] loop2: detected capacity change from 0 to 32768 [ 243.948934][ T41] usb 5-1: Using ep0 maxpacket: 32 [ 243.958289][ T41] usb 5-1: config 0 has an invalid interface number: 132 but max is 0 [ 243.963844][ T8237] device gretap0 left promiscuous mode [ 243.967800][ T41] usb 5-1: config 0 has no interface number 0 [ 243.979700][ T41] usb 5-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 243.993207][ T41] usb 5-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5 [ 244.002847][ T41] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 244.009096][ T8221] XFS (loop2): Mounting V5 Filesystem [ 244.011225][ T41] usb 5-1: Product: syz [ 244.021642][ T41] usb 5-1: Manufacturer: syz [ 244.026698][ T41] usb 5-1: SerialNumber: syz [ 244.041401][ T41] usb 5-1: config 0 descriptor?? [ 244.046776][ T7967] usb 6-1: new full-speed USB device number 9 using dummy_hcd [ 244.067862][ T41] em28xx 5-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132) [ 244.141276][ T41] em28xx 5-1:0.132: Video interface 132 found: [ 244.156875][ T8221] XFS (loop2): Ending clean mount [ 244.280593][ T7967] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 244.319137][ T7967] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 244.329668][ T7967] usb 6-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 244.345743][ T26] audit: type=1326 audit(1755798473.551:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8254 comm="syz.0.1171" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fabbc78ebe9 code=0x0 [ 244.345925][ T7967] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 244.367745][ C1] vkms_vblank_simulate: vblank timer overrun [ 244.438898][ T7967] usb 6-1: config 0 descriptor?? [ 244.453088][ T7432] XFS (loop2): Unmounting Filesystem [ 244.466532][ T7967] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 244.480194][ T7967] dvb-usb: bulk message failed: -22 (3/0) [ 244.511914][ T7967] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 244.521583][ T41] em28xx 5-1:0.132: unknown em28xx chip ID (0) [ 244.529835][ T7967] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 244.537778][ T7967] usb 6-1: media controller created [ 244.544434][ T7967] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 244.567013][ T7967] dvb-usb: bulk message failed: -22 (6/0) [ 244.577612][ T7967] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 244.588493][ T7967] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.5/usb6/6-1/input/input7 [ 244.611249][ T7967] dvb-usb: schedule remote query interval to 150 msecs. [ 244.619641][ T7967] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 244.717785][ T4255] usb 6-1: USB disconnect, device number 9 [ 244.745237][ T8227] dvb-usb: bulk message failed: -22 (5/0) [ 244.762887][ T41] em28xx 5-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5) [ 244.781274][ T41] em28xx 5-1:0.132: board has no eeprom [ 244.817518][ T4255] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 244.874233][ T41] em28xx 5-1:0.132: Identified as Leadtek Winfast USB II (card=7) [ 244.888280][ T41] em28xx 5-1:0.132: analog set to bulk mode. [ 244.925670][ T41] usb 5-1: USB disconnect, device number 6 [ 244.944552][ T41] em28xx 5-1:0.132: Disconnecting em28xx [ 244.950602][ T7967] em28xx 5-1:0.132: Registering V4L2 extension [ 244.952402][ T8251] loop9: detected capacity change from 0 to 40427 [ 244.996059][ T8251] F2FS-fs (loop9): invalid crc value [ 245.080471][ T8251] F2FS-fs (loop9): Found nat_bits in checkpoint [ 245.205494][ T8251] F2FS-fs (loop9): Mounted with checkpoint version = 48b305e5 [ 245.290362][ T8251] syz.9.1169: attempt to access beyond end of device [ 245.290362][ T8251] loop9: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 245.356940][ T7967] em28xx 5-1:0.132: Config register raw data: 0xffffffed [ 245.366605][ T7967] em28xx 5-1:0.132: AC97 chip type couldn't be determined [ 245.393553][ T7967] em28xx 5-1:0.132: No AC97 audio processor [ 245.458498][ T7967] usb 5-1: Decoder not found [ 245.495703][ T7967] em28xx 5-1:0.132: failed to create media graph [ 245.530019][ T7967] em28xx 5-1:0.132: V4L2 device video103 deregistered [ 245.546376][ T8276] loop4: detected capacity change from 0 to 256 [ 245.554202][ T7967] em28xx 5-1:0.132: Remote control support is not available for this card. [ 245.575185][ T41] em28xx 5-1:0.132: Closing input extension [ 245.585901][ T41] em28xx 5-1:0.132: Freeing device [ 245.628342][ T5899] syz-executor: attempt to access beyond end of device [ 245.628342][ T5899] loop9: rw=2049, sector=45104, nr_sectors = 8 limit=40427 [ 246.292492][ T8297] loop2: detected capacity change from 0 to 128 [ 246.388177][ T8297] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 246.469161][ T8297] ext4 filesystem being mounted at /43/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 246.555550][ T8297] syz.2.1181 (pid 8297) is setting deprecated v1 encryption policy; recommend upgrading to v2. [ 246.663128][ T7432] EXT4-fs (loop2): unmounting filesystem. [ 246.974659][ T8319] af_packet: tpacket_rcv: packet too big, clamped from 32 to 4294967272. macoff=96 [ 247.135259][ C1] vcan0: j1939_tp_rxtimer: 0xffff8880560f6c00: rx timeout, send abort [ 247.145969][ T8322] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 247.147468][ C1] vcan0: j1939_tp_rxtimer: 0xffff8880560f5400: rx timeout, send abort [ 247.172229][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff8880560f6c00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 247.189667][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff8880560f5400: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 247.320173][ T8325] loop5: detected capacity change from 0 to 2048 [ 247.389332][ T8325] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 247.437961][ T26] audit: type=1800 audit(1755798476.442:24): pid=8325 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1192" name="file1" dev="loop5" ino=1346 res=0 errno=0 [ 248.129253][ T7967] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 248.344423][ T7967] usb 6-1: config 0 has an invalid interface number: 1 but max is 0 [ 248.362756][ T7967] usb 6-1: config 0 has no interface number 0 [ 248.373620][ T7967] usb 6-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 248.383763][ T7967] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 248.392856][ T7967] usb 6-1: Product: syz [ 248.397354][ T7967] usb 6-1: Manufacturer: syz [ 248.402127][ T7967] usb 6-1: SerialNumber: syz [ 248.418411][ T7967] usb 6-1: config 0 descriptor?? [ 248.437585][ T8364] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1208'. [ 248.466905][ T8364] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 248.477354][ T8364] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 248.486700][ T8364] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 248.495588][ T8364] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 248.507185][ T8364] device vxlan0 entered promiscuous mode [ 248.643939][ T7967] usb 6-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state [ 248.658497][ T7967] usb 6-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 248.669959][ T7967] dvbdev: DVB: registering new adapter (E3C EC168 reference design) [ 248.679899][ T7967] usb 6-1: media controller created [ 248.699859][ T7967] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 248.914548][ T7967] i2c i2c-1: ec100: i2c rd failed=-32 reg=33 [ 249.440668][ T8378] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1212'. [ 250.056010][ T7967] usb 6-1: USB disconnect, device number 10 [ 250.385295][ T41] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 250.581951][ T8405] device batadv_slave_1 entered promiscuous mode [ 250.597939][ T8404] device batadv_slave_1 left promiscuous mode [ 250.600270][ T41] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 250.616076][ T41] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 250.673098][ T41] usb 5-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 250.693428][ T41] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 250.739924][ T41] usb 5-1: config 0 descriptor?? [ 251.121258][ T8413] loop5: detected capacity change from 0 to 2048 [ 251.158262][ T8413] NILFS (loop5): broken superblock, retrying with spare superblock (blocksize = 1024) [ 251.181974][ T41] cm6533_jd 0003:0D8C:0022.0009: unknown main item tag 0x0 [ 251.209545][ T41] cm6533_jd 0003:0D8C:0022.0009: unknown main item tag 0x0 [ 251.220882][ T8413] NILFS (loop5): mounting unchecked fs [ 251.268408][ T41] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0D8C:0022.0009/input/input8 [ 251.283977][ T7593] udevd[7593]: incorrect nilfs2 checksum on /dev/loop5 [ 251.290884][ T8413] NILFS (loop5): recovery complete [ 251.304125][ T8416] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 251.381019][ T41] cm6533_jd 0003:0D8C:0022.0009: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.4-1/input0 [ 251.438091][ T7953] usb 5-1: USB disconnect, device number 7 [ 251.686648][ T8428] fido_id[8428]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory [ 252.368339][ T8456] loop2: detected capacity change from 0 to 1024 [ 252.382658][ T8458] 9pnet: p9_errstr2errno: server reported unknown error 00000 [ 252.401936][ T8456] EXT4-fs: Ignoring removed nobh option [ 252.426820][ T8456] EXT4-fs: Ignoring removed bh option [ 252.456661][ T8456] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 252.545398][ T8456] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 252.605934][ T8468] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1249'. [ 252.703838][ T8472] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1250'. [ 252.714062][ T8472] netlink: 'syz.0.1250': attribute type 19 has an invalid length. [ 252.723338][ T8472] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1250'. [ 252.866825][ T8472] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1250'. [ 252.892173][ T8472] netlink: 'syz.0.1250': attribute type 19 has an invalid length. [ 252.919102][ T8472] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1250'. [ 253.033463][ T8481] [ 253.035882][ T8481] ===================================================== [ 253.042908][ T8481] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected [ 253.050648][ T8481] 6.1.148-syzkaller #0 Not tainted [ 253.055945][ T8481] ----------------------------------------------------- [ 253.063338][ T8481] syz.9.1254/8481 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 253.071096][ T8481] ffffffff8c80a058 (tasklist_lock){.+.+}-{2:2}, at: send_sigio+0xf5/0x360 [ 253.080201][ T8481] [ 253.080201][ T8481] and this task is already holding: [ 253.088099][ T8481] ffff888078ac1030 (&f->f_owner.lock){...-}-{2:2}, at: send_sigio+0x2f/0x360 [ 253.097704][ T8481] which would create a new lock dependency: [ 253.103778][ T8481] (&f->f_owner.lock){...-}-{2:2} -> (tasklist_lock){.+.+}-{2:2} [ 253.111686][ T8481] [ 253.111686][ T8481] but this new dependency connects a HARDIRQ-irq-safe lock: [ 253.121333][ T8481] (&dev->event_lock#2){-...}-{2:2} [ 253.121369][ T8481] [ 253.121369][ T8481] ... which became HARDIRQ-irq-safe at: [ 253.135282][ T8481] lock_acquire+0x1b4/0x490 [ 253.140183][ T8481] _raw_spin_lock_irqsave+0xa4/0xf0 [ 253.145671][ T8481] input_event+0x76/0xb0 [ 253.150125][ T8481] psmouse_report_standard_packet+0x4f/0x200 [ 253.156299][ T8481] psmouse_process_byte+0x42b/0x620 [ 253.161621][ T8481] psmouse_handle_byte+0x43/0x490 [ 253.166797][ T8481] psmouse_interrupt+0x699/0x1130 [ 253.172108][ T8481] serio_interrupt+0x87/0x130 [ 253.176915][ T8481] i8042_interrupt+0x36b/0x720 [ 253.181978][ T8481] __handle_irq_event_percpu+0x298/0xa30 [ 253.187984][ T8481] handle_irq_event+0x87/0x1e0 [ 253.192860][ T8481] handle_edge_irq+0x243/0xb20 [ 253.197917][ T8481] __common_interrupt+0xd7/0x1e0 [ 253.203059][ T8481] common_interrupt+0xb0/0xd0 [ 253.208019][ T8481] asm_common_interrupt+0x22/0x40 [ 253.213268][ T8481] _raw_spin_unlock_irqrestore+0xa5/0x100 [ 253.219097][ T8481] i8042_aux_write+0x105/0x170 [ 253.224091][ T8481] ps2_do_sendbyte+0x1fb/0x6c0 [ 253.229009][ T8481] ps2_sendbyte+0x5b/0x110 [ 253.233619][ T8481] cypress_send_ext_cmd+0x239/0x910 [ 253.239091][ T8481] cypress_detect+0x89/0x190 [ 253.243879][ T8481] psmouse_extensions+0xda5/0x1510 [ 253.249106][ T8481] psmouse_switch_protocol+0x300/0x820 [ 253.255044][ T8481] psmouse_connect+0x8d3/0x1490 [ 253.260088][ T8481] serio_driver_probe+0x76/0x90 [ 253.265152][ T8481] really_probe+0x2aa/0xc70 [ 253.269932][ T8481] __driver_probe_device+0x18c/0x330 [ 253.275397][ T8481] driver_probe_device+0x4f/0x420 [ 253.280538][ T8481] __driver_attach+0x44a/0x6e0 [ 253.285399][ T8481] bus_for_each_dev+0x175/0x1e0 [ 253.290538][ T8481] serio_handle_event+0x29c/0x840 [ 253.295690][ T8481] process_one_work+0x898/0x1160 [ 253.300722][ T8481] worker_thread+0xaa2/0x1250 [ 253.305765][ T8481] kthread+0x29d/0x330 [ 253.310014][ T8481] ret_from_fork+0x1f/0x30 [ 253.314523][ T8481] [ 253.314523][ T8481] to a HARDIRQ-irq-unsafe lock: [ 253.322069][ T8481] (tasklist_lock){.+.+}-{2:2} [ 253.322089][ T8481] [ 253.322089][ T8481] ... which became HARDIRQ-irq-unsafe at: [ 253.335192][ T8481] ... [ 253.335202][ T8481] lock_acquire+0x1b4/0x490 [ 253.342590][ T8481] _raw_read_lock+0x32/0x40 [ 253.347353][ T8481] do_wait+0x2b6/0xb60 [ 253.351598][ T8481] kernel_wait+0xa8/0x160 [ 253.356013][ T8481] call_usermodehelper_exec_work+0xb5/0x220 [ 253.361994][ T8481] process_one_work+0x898/0x1160 [ 253.367129][ T8481] worker_thread+0xaa2/0x1250 [ 253.372005][ T8481] kthread+0x29d/0x330 [ 253.376317][ T8481] ret_from_fork+0x1f/0x30 [ 253.380996][ T8481] [ 253.380996][ T8481] other info that might help us debug this: [ 253.380996][ T8481] [ 253.391229][ T8481] Chain exists of: [ 253.391229][ T8481] &dev->event_lock#2 --> &f->f_owner.lock --> tasklist_lock [ 253.391229][ T8481] [ 253.405623][ T8481] Possible interrupt unsafe locking scenario: [ 253.405623][ T8481] [ 253.414134][ T8481] CPU0 CPU1 [ 253.419694][ T8481] ---- ---- [ 253.425176][ T8481] lock(tasklist_lock); [ 253.429677][ T8481] local_irq_disable(); [ 253.436516][ T8481] lock(&dev->event_lock#2); [ 253.444151][ T8481] lock(&f->f_owner.lock); [ 253.452440][ T8481] [ 253.456626][ T8481] lock(&dev->event_lock#2); [ 253.462230][ T8481] [ 253.462230][ T8481] *** DEADLOCK *** [ 253.462230][ T8481] [ 253.471300][ T8481] 5 locks held by syz.9.1254/8481: [ 253.477030][ T8481] #0: ffff888078ac1268 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0x2ae/0x360 [ 253.486697][ T8481] #1: ffff88807a128460 (sb_writers#5){.+.+}-{0:0}, at: vfs_write+0x256/0x960 [ 253.495857][ T8481] #2: ffffffff96cb2748 (&fsnotify_mark_srcu){....}-{0:0}, at: fsnotify+0x4f7/0x1cc0 [ 253.505905][ T8481] #3: ffff888055ce7038 (&mark->lock){+.+.}-{2:2}, at: dnotify_handle_event+0x5e/0x420 [ 253.515992][ T8481] #4: ffff888078ac1030 (&f->f_owner.lock){...-}-{2:2}, at: send_sigio+0x2f/0x360 [ 253.525436][ T8481] [ 253.525436][ T8481] the dependencies between HARDIRQ-irq-safe lock and the holding lock: [ 253.536132][ T8481] -> (&dev->event_lock#2){-...}-{2:2} { [ 253.542039][ T8481] IN-HARDIRQ-W at: [ 253.546366][ T8481] lock_acquire+0x1b4/0x490 [ 253.553138][ T8481] _raw_spin_lock_irqsave+0xa4/0xf0 [ 253.560772][ T8481] input_event+0x76/0xb0 [ 253.567267][ T8481] psmouse_report_standard_packet+0x4f/0x200 [ 253.575586][ T8481] psmouse_process_byte+0x42b/0x620 [ 253.583080][ T8481] psmouse_handle_byte+0x43/0x490 [ 253.590429][ T8481] psmouse_interrupt+0x699/0x1130 [ 253.597977][ T8481] serio_interrupt+0x87/0x130 [ 253.605097][ T8481] i8042_interrupt+0x36b/0x720 [ 253.612122][ T8481] __handle_irq_event_percpu+0x298/0xa30 [ 253.620191][ T8481] handle_irq_event+0x87/0x1e0 [ 253.627388][ T8481] handle_edge_irq+0x243/0xb20 [ 253.634724][ T8481] __common_interrupt+0xd7/0x1e0 [ 253.642401][ T8481] common_interrupt+0xb0/0xd0 [ 253.649281][ T8481] asm_common_interrupt+0x22/0x40 [ 253.656653][ T8481] _raw_spin_unlock_irqrestore+0xa5/0x100 [ 253.664977][ T8481] i8042_aux_write+0x105/0x170 [ 253.672260][ T8481] ps2_do_sendbyte+0x1fb/0x6c0 [ 253.679284][ T8481] ps2_sendbyte+0x5b/0x110 [ 253.686104][ T8481] cypress_send_ext_cmd+0x239/0x910 [ 253.693494][ T8481] cypress_detect+0x89/0x190 [ 253.700573][ T8481] psmouse_extensions+0xda5/0x1510 [ 253.708084][ T8481] psmouse_switch_protocol+0x300/0x820 [ 253.716167][ T8481] psmouse_connect+0x8d3/0x1490 [ 253.723198][ T8481] serio_driver_probe+0x76/0x90 [ 253.730377][ T8481] really_probe+0x2aa/0xc70 [ 253.737230][ T8481] __driver_probe_device+0x18c/0x330 [ 253.744793][ T8481] driver_probe_device+0x4f/0x420 [ 253.752007][ T8481] __driver_attach+0x44a/0x6e0 [ 253.759136][ T8481] bus_for_each_dev+0x175/0x1e0 [ 253.766402][ T8481] serio_handle_event+0x29c/0x840 [ 253.773781][ T8481] process_one_work+0x898/0x1160 [ 253.780909][ T8481] worker_thread+0xaa2/0x1250 [ 253.787845][ T8481] kthread+0x29d/0x330 [ 253.794180][ T8481] ret_from_fork+0x1f/0x30 [ 253.800850][ T8481] INITIAL USE at: [ 253.805010][ T8481] lock_acquire+0x1b4/0x490 [ 253.811985][ T8481] _raw_spin_lock_irqsave+0xa4/0xf0 [ 253.819271][ T8481] input_inject_event+0xa7/0x310 [ 253.826777][ T8481] led_trigger_event+0x12f/0x210 [ 253.833795][ T8481] kbd_led_trigger_activate+0xb9/0x100 [ 253.841524][ T8481] led_trigger_set+0x504/0x900 [ 253.848384][ T8481] led_trigger_set_default+0x19c/0x1e0 [ 253.856124][ T8481] led_classdev_register_ext+0x5d3/0x7a0 [ 253.864099][ T8481] input_leds_connect+0x4e7/0x6b0 [ 253.871215][ T8481] input_register_device+0xdfd/0x1310 [ 253.878672][ T8481] atkbd_connect+0x6e9/0x980 [ 253.885348][ T8481] serio_driver_probe+0x76/0x90 [ 253.892295][ T8481] really_probe+0x2aa/0xc70 [ 253.898984][ T8481] __driver_probe_device+0x18c/0x330 [ 253.906488][ T8481] driver_probe_device+0x4f/0x420 [ 253.913606][ T8481] __driver_attach+0x44a/0x6e0 [ 253.920642][ T8481] bus_for_each_dev+0x175/0x1e0 [ 253.927598][ T8481] serio_handle_event+0x29c/0x840 [ 253.934891][ T8481] process_one_work+0x898/0x1160 [ 253.942006][ T8481] worker_thread+0xaa2/0x1250 [ 253.948958][ T8481] kthread+0x29d/0x330 [ 253.955158][ T8481] ret_from_fork+0x1f/0x30 [ 253.961757][ T8481] } [ 253.964687][ T8481] ... key at: [] input_allocate_device.__key.5+0x0/0x20 [ 253.974300][ T8481] -> (&client->buffer_lock){....}-{2:2} { [ 253.980244][ T8481] INITIAL USE at: [ 253.984383][ T8481] lock_acquire+0x1b4/0x490 [ 253.991069][ T8481] _raw_spin_lock+0x2a/0x40 [ 253.997631][ T8481] evdev_pass_values+0xcb/0xab0 [ 254.004496][ T8481] evdev_events+0x1d4/0x320 [ 254.011186][ T8481] input_pass_values+0x907/0x1300 [ 254.018120][ T8481] input_event_dispose+0x346/0x6c0 [ 254.025168][ T8481] input_inject_event+0x1f5/0x310 [ 254.032199][ T8481] evdev_write+0x326/0x470 [ 254.038687][ T8481] vfs_write+0x2c4/0x960 [ 254.044942][ T8481] ksys_write+0x143/0x240 [ 254.051370][ T8481] do_syscall_64+0x4c/0xa0 [ 254.057868][ T8481] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 254.066014][ T8481] } [ 254.068773][ T8481] ... key at: [] evdev_open.__key.29+0x0/0x20 [ 254.077363][ T8481] ... acquired at: [ 254.081529][ T8481] _raw_spin_lock+0x2a/0x40 [ 254.086449][ T8481] evdev_pass_values+0xcb/0xab0 [ 254.091847][ T8481] evdev_events+0x1d4/0x320 [ 254.096536][ T8481] input_pass_values+0x907/0x1300 [ 254.101921][ T8481] input_event_dispose+0x346/0x6c0 [ 254.107215][ T8481] input_inject_event+0x1f5/0x310 [ 254.112681][ T8481] evdev_write+0x326/0x470 [ 254.117479][ T8481] vfs_write+0x2c4/0x960 [ 254.122073][ T8481] ksys_write+0x143/0x240 [ 254.126835][ T8481] do_syscall_64+0x4c/0xa0 [ 254.131522][ T8481] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 254.137774][ T8481] [ 254.140097][ T8481] -> (&new->fa_lock){....}-{2:2} { [ 254.145389][ T8481] INITIAL USE at: [ 254.149419][ T8481] lock_acquire+0x1b4/0x490 [ 254.155768][ T8481] _raw_write_lock_irq+0x9f/0xe0 [ 254.162708][ T8481] fasync_remove_entry+0xf0/0x1c0 [ 254.169660][ T8481] sock_fasync+0x84/0xf0 [ 254.175735][ T8481] __fput+0x7a7/0x920 [ 254.181568][ T8481] task_work_run+0x1ca/0x250 [ 254.188069][ T8481] exit_to_user_mode_loop+0xe6/0x110 [ 254.195118][ T8481] exit_to_user_mode_prepare+0xb1/0x140 [ 254.202770][ T8481] syscall_exit_to_user_mode+0x16/0x40 [ 254.210152][ T8481] do_syscall_64+0x58/0xa0 [ 254.216448][ T8481] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 254.225177][ T8481] INITIAL READ USE at: [ 254.229728][ T8481] lock_acquire+0x1b4/0x490 [ 254.236795][ T8481] _raw_read_lock_irqsave+0xac/0xf0 [ 254.244896][ T8481] kill_fasync+0x18e/0x4b0 [ 254.251491][ T8481] sock_wake_async+0x128/0x150 [ 254.258524][ T8481] sk_wake_async+0x184/0x280 [ 254.265295][ T8481] queue_oob+0x3d3/0x4d0 [ 254.271962][ T8481] unix_stream_sendmsg+0x8c2/0xa60 [ 254.279533][ T8481] ____sys_sendmsg+0x59b/0x970 [ 254.286551][ T8481] ___sys_sendmsg+0x21c/0x290 [ 254.294108][ T8481] __sys_sendmmsg+0x272/0x490 [ 254.301161][ T8481] __x64_sys_sendmmsg+0x9c/0xb0 [ 254.308283][ T8481] do_syscall_64+0x4c/0xa0 [ 254.314966][ T8481] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 254.323082][ T8481] } [ 254.325669][ T8481] ... key at: [] fasync_insert_entry.__key+0x0/0x20 [ 254.334596][ T8481] ... acquired at: [ 254.338499][ T8481] _raw_read_lock_irqsave+0xac/0xf0 [ 254.343870][ T8481] kill_fasync+0x18e/0x4b0 [ 254.348458][ T8481] evdev_pass_values+0x54b/0xab0 [ 254.353745][ T8481] evdev_events+0x1d4/0x320 [ 254.358526][ T8481] input_pass_values+0x907/0x1300 [ 254.363924][ T8481] input_event_dispose+0x346/0x6c0 [ 254.369287][ T8481] input_inject_event+0x1f5/0x310 [ 254.374556][ T8481] evdev_write+0x326/0x470 [ 254.379142][ T8481] vfs_write+0x2c4/0x960 [ 254.383572][ T8481] ksys_write+0x143/0x240 [ 254.388090][ T8481] do_syscall_64+0x4c/0xa0 [ 254.392669][ T8481] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 254.398831][ T8481] [ 254.401333][ T8481] -> (&f->f_owner.lock){...-}-{2:2} { [ 254.407002][ T8481] IN-SOFTIRQ-R at: [ 254.410994][ T8481] lock_acquire+0x1b4/0x490 [ 254.417243][ T8481] _raw_read_lock_irqsave+0xac/0xf0 [ 254.424309][ T8481] send_sigurg+0x25/0x3c0 [ 254.442112][ T8481] sk_send_sigurg+0x6b/0xc0 [ 254.448314][ T8481] tcp_check_urg+0x200/0x750 [ 254.454687][ T8481] tcp_urg+0x15d/0x3e0 [ 254.460904][ T8481] tcp_rcv_established+0xde4/0x1d30 [ 254.467768][ T8481] tcp_v4_do_rcv+0x48d/0xb00 [ 254.474383][ T8481] tcp_v4_rcv+0x2789/0x2e30 [ 254.480821][ T8481] ip_protocol_deliver_rcu+0x3ad/0x780 [ 254.488036][ T8481] ip_local_deliver_finish+0x2c7/0x510 [ 254.495268][ T8481] NF_HOOK+0x2ff/0x390 [ 254.501152][ T8481] NF_HOOK+0x2ff/0x390 [ 254.507243][ T8481] __netif_receive_skb+0xcc/0x290 [ 254.513913][ T8481] process_backlog+0x37c/0x6e0 [ 254.520346][ T8481] __napi_poll+0xc0/0x460 [ 254.526483][ T8481] net_rx_action+0x5b1/0xad0 [ 254.532739][ T8481] handle_softirqs+0x2a1/0x920 [ 254.539341][ T8481] run_ksoftirqd+0x98/0xf0 [ 254.545497][ T8481] smpboot_thread_fn+0x64a/0xa40 [ 254.552084][ T8481] kthread+0x29d/0x330 [ 254.557824][ T8481] ret_from_fork+0x1f/0x30 [ 254.564063][ T8481] INITIAL USE at: [ 254.567962][ T8481] lock_acquire+0x1b4/0x490 [ 254.574160][ T8481] _raw_write_lock_irq+0x9f/0xe0 [ 254.580926][ T8481] __f_setown+0x37/0x330 [ 254.586844][ T8481] fcntl_dirnotify+0x6de/0x8f0 [ 254.593254][ T8481] do_fcntl+0x587/0x11c0 [ 254.599247][ T8481] __se_sys_fcntl+0xc9/0x190 [ 254.605705][ T8481] do_syscall_64+0x4c/0xa0 [ 254.611864][ T8481] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 254.619423][ T8481] INITIAL READ USE at: [ 254.624090][ T8481] lock_acquire+0x1b4/0x490 [ 254.630674][ T8481] _raw_read_lock_irqsave+0xac/0xf0 [ 254.638249][ T8481] send_sigurg+0x25/0x3c0 [ 254.644758][ T8481] sk_send_sigurg+0x6b/0xc0 [ 254.651463][ T8481] queue_oob+0x3d3/0x4d0 [ 254.657798][ T8481] unix_stream_sendmsg+0x8c2/0xa60 [ 254.665096][ T8481] ____sys_sendmsg+0x59b/0x970 [ 254.672193][ T8481] ___sys_sendmsg+0x21c/0x290 [ 254.678882][ T8481] __sys_sendmmsg+0x272/0x490 [ 254.685736][ T8481] __x64_sys_sendmmsg+0x9c/0xb0 [ 254.692758][ T8481] do_syscall_64+0x4c/0xa0 [ 254.699185][ T8481] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 254.707370][ T8481] } [ 254.709895][ T8481] ... key at: [] __alloc_file.__key+0x0/0x10 [ 254.718331][ T8481] ... acquired at: [ 254.722130][ T8481] _raw_read_lock_irqsave+0xac/0xf0 [ 254.727535][ T8481] send_sigio+0x2f/0x360 [ 254.732051][ T8481] kill_fasync+0x224/0x4b0 [ 254.736807][ T8481] sock_wake_async+0x128/0x150 [ 254.741851][ T8481] sk_wake_async+0x184/0x280 [ 254.746702][ T8481] sock_def_readable+0x1a7/0x280 [ 254.751914][ T8481] queue_oob+0x400/0x4d0 [ 254.756449][ T8481] unix_stream_sendmsg+0x8c2/0xa60 [ 254.761935][ T8481] ____sys_sendmsg+0x59b/0x970 [ 254.766890][ T8481] ___sys_sendmsg+0x21c/0x290 [ 254.771737][ T8481] __sys_sendmmsg+0x272/0x490 [ 254.776581][ T8481] __x64_sys_sendmmsg+0x9c/0xb0 [ 254.781788][ T8481] do_syscall_64+0x4c/0xa0 [ 254.786466][ T8481] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 254.792627][ T8481] [ 254.794941][ T8481] [ 254.794941][ T8481] the dependencies between the lock to be acquired [ 254.794949][ T8481] and HARDIRQ-irq-unsafe lock: [ 254.808491][ T8481] -> (tasklist_lock){.+.+}-{2:2} { [ 254.813627][ T8481] HARDIRQ-ON-R at: [ 254.817602][ T8481] lock_acquire+0x1b4/0x490 [ 254.824015][ T8481] _raw_read_lock+0x32/0x40 [ 254.830310][ T8481] do_wait+0x2b6/0xb60 [ 254.836121][ T8481] kernel_wait+0xa8/0x160 [ 254.842097][ T8481] call_usermodehelper_exec_work+0xb5/0x220 [ 254.849648][ T8481] process_one_work+0x898/0x1160 [ 254.856508][ T8481] worker_thread+0xaa2/0x1250 [ 254.863090][ T8481] kthread+0x29d/0x330 [ 254.868815][ T8481] ret_from_fork+0x1f/0x30 [ 254.875182][ T8481] SOFTIRQ-ON-R at: [ 254.879194][ T8481] lock_acquire+0x1b4/0x490 [ 254.885638][ T8481] _raw_read_lock+0x32/0x40 [ 254.891901][ T8481] do_wait+0x2b6/0xb60 [ 254.897623][ T8481] kernel_wait+0xa8/0x160 [ 254.903687][ T8481] call_usermodehelper_exec_work+0xb5/0x220 [ 254.911411][ T8481] process_one_work+0x898/0x1160 [ 254.918108][ T8481] worker_thread+0xaa2/0x1250 [ 254.924440][ T8481] kthread+0x29d/0x330 [ 254.930371][ T8481] ret_from_fork+0x1f/0x30 [ 254.936574][ T8481] INITIAL USE at: [ 254.940478][ T8481] lock_acquire+0x1b4/0x490 [ 254.946734][ T8481] _raw_write_lock_irq+0x9f/0xe0 [ 254.953246][ T8481] copy_process+0x2531/0x4020 [ 254.959607][ T8481] kernel_clone+0x225/0x8b0 [ 254.965694][ T8481] user_mode_thread+0xda/0x130 [ 254.972130][ T8481] rest_init+0x23/0x300 [ 254.978037][ T8481] start_kernel+0x0/0x539 [ 254.983929][ T8481] start_kernel+0x490/0x539 [ 254.990411][ T8481] secondary_startup_64_no_verify+0xcf/0xdb [ 254.997976][ T8481] INITIAL READ USE at: [ 255.002478][ T8481] lock_acquire+0x1b4/0x490 [ 255.009064][ T8481] _raw_read_lock+0x32/0x40 [ 255.015672][ T8481] do_wait+0x2b6/0xb60 [ 255.021830][ T8481] kernel_wait+0xa8/0x160 [ 255.028331][ T8481] call_usermodehelper_exec_work+0xb5/0x220 [ 255.036244][ T8481] process_one_work+0x898/0x1160 [ 255.043384][ T8481] worker_thread+0xaa2/0x1250 [ 255.050325][ T8481] kthread+0x29d/0x330 [ 255.056621][ T8481] ret_from_fork+0x1f/0x30 [ 255.063923][ T8481] } [ 255.066526][ T8481] ... key at: [] tasklist_lock+0x18/0x40 [ 255.074801][ T8481] ... acquired at: [ 255.078685][ T8481] _raw_read_lock+0x32/0x40 [ 255.083869][ T8481] send_sigio+0xf5/0x360 [ 255.088475][ T8481] dnotify_handle_event+0x14f/0x420 [ 255.093952][ T8481] fsnotify+0x165a/0x1cc0 [ 255.098491][ T8481] __fsnotify_parent+0x5ae/0x6e0 [ 255.103808][ T8481] vfs_write+0x747/0x960 [ 255.108331][ T8481] ksys_write+0x143/0x240 [ 255.113104][ T8481] do_syscall_64+0x4c/0xa0 [ 255.117836][ T8481] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 255.124081][ T8481] [ 255.126507][ T8481] [ 255.126507][ T8481] stack backtrace: [ 255.132585][ T8481] CPU: 1 PID: 8481 Comm: syz.9.1254 Not tainted 6.1.148-syzkaller #0 [ 255.140989][ T8481] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 255.151226][ T8481] Call Trace: [ 255.154705][ T8481] [ 255.157674][ T8481] dump_stack_lvl+0x168/0x22e [ 255.162445][ T8481] ? load_image+0x3b0/0x3b0 [ 255.167041][ T8481] ? show_regs_print_info+0x12/0x12 [ 255.172245][ T8481] ? load_image+0x3b0/0x3b0 [ 255.176763][ T8481] ? print_shortest_lock_dependencies+0xf0/0x160 [ 255.183218][ T8481] __lock_acquire+0x660b/0x7c50 [ 255.188101][ T8481] ? verify_lock_unused+0x140/0x140 [ 255.193408][ T8481] lock_acquire+0x1b4/0x490 [ 255.198103][ T8481] ? send_sigio+0xf5/0x360 [ 255.202806][ T8481] ? read_lock_is_recursive+0x10/0x10 [ 255.208296][ T8481] ? do_raw_read_lock+0x39/0x80 [ 255.213269][ T8481] ? _raw_read_lock_irqsave+0xb8/0xf0 [ 255.218807][ T8481] ? _raw_read_lock+0x40/0x40 [ 255.223560][ T8481] ? do_raw_spin_lock+0x11d/0x280 [ 255.228681][ T8481] _raw_read_lock+0x32/0x40 [ 255.233297][ T8481] ? send_sigio+0xf5/0x360 [ 255.237824][ T8481] send_sigio+0xf5/0x360 [ 255.242280][ T8481] dnotify_handle_event+0x14f/0x420 [ 255.247566][ T8481] fsnotify+0x165a/0x1cc0 [ 255.251921][ T8481] ? attach_dn+0x240/0x240 [ 255.256343][ T8481] ? fsnotify+0x4f7/0x1cc0 [ 255.260761][ T8481] ? fsnotify_clear_child_dentry_flag+0xe0/0xe0 [ 255.267312][ T8481] ? do_raw_spin_unlock+0x11d/0x230 [ 255.272776][ T8481] __fsnotify_parent+0x5ae/0x6e0 [ 255.277733][ T8481] ? fsnotify_set_children_dentry_flags+0x220/0x220 [ 255.284676][ T8481] ? noop_fsync+0x5/0x10 [ 255.289068][ T8481] ? generic_file_write_iter+0x27b/0x2e0 [ 255.294800][ T8481] vfs_write+0x747/0x960 [ 255.299047][ T8481] ? file_end_write+0x250/0x250 [ 255.303897][ T8481] ? __fget_files+0x44a/0x4d0 [ 255.308596][ T8481] ? __fdget_pos+0x2ae/0x360 [ 255.313279][ T8481] ? ksys_write+0x71/0x240 [ 255.317714][ T8481] ksys_write+0x143/0x240 [ 255.322042][ T8481] ? __ia32_sys_read+0x80/0x80 [ 255.326895][ T8481] ? lockdep_hardirqs_on+0x94/0x140 [ 255.332180][ T8481] do_syscall_64+0x4c/0xa0 [ 255.336723][ T8481] ? clear_bhb_loop+0x60/0xb0 [ 255.341416][ T8481] ? clear_bhb_loop+0x60/0xb0 [ 255.346175][ T8481] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 255.352242][ T8481] RIP: 0033:0x7f4f5698ebe9 [ 255.356944][ T8481] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 255.376912][ T8481] RSP: 002b:00007f4f578c5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 255.385422][ T8481] RAX: ffffffffffffffda RBX: 00007f4f56bb5fa0 RCX: 00007f4f5698ebe9 [ 255.393498][ T8481] RDX: 000000000000000b RSI: 0000200000000080 RDI: 0000000000000004 [ 255.401480][ T8481] RBP: 00007f4f56a11e19 R08: 0000000000000000 R09: 0000000000000000 [ 255.409467][ T8481] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 255.417541][ T8481] R13: 00007f4f56bb6038 R14: 00007f4f56bb5fa0 R15: 00007ffc9824f758 [ 255.425553][ T8481] [ 255.468631][ T7432] EXT4-fs (loop2): unmounting filesystem. [ 261.675965][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 261.682371][ T1277] ieee802154 phy1 wpan1: encryption failed: -22