last executing test programs: 8m20.440155755s ago: executing program 3 (id=110): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000080)=ANY=[], 0x44}, 0x1, 0x0, 0x0, 0x4008010}, 0x0) r0 = socket(0x10, 0x3, 0x0) sendmmsg(r0, &(0x7f0000000000), 0x4000000000001f2, 0x0) 8m20.172037941s ago: executing program 3 (id=115): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000a00)=@delchain={0x174, 0x65, 0x2, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x2, 0x1}, {0x0, 0x1}, {0x0, 0xb}}, [@filter_kind_options=@f_flower={{0xb}, {0x4c, 0x2, [@TCA_FLOWER_KEY_ETH_DST={0xa}, @TCA_FLOWER_KEY_CT_MARK={0x8, 0x5f, 0x2}, @TCA_FLOWER_KEY_ARP_SIP_MASK={0x8, 0x3a, 0xffffffff}, @TCA_FLOWER_KEY_IPV6_SRC_MASK={0x14, 0xf, [0xff000000, 0x0, 0xffffffff, 0xffffff00]}, @TCA_FLOWER_KEY_UDP_DST_MASK={0x6}, @TCA_FLOWER_KEY_ICMPV6_TYPE={0x5}, @TCA_FLOWER_KEY_MPLS_LABEL={0x8, 0x46, 0xa1}]}}, @TCA_CHAIN={0x8, 0xb, 0x6}, @filter_kind_options=@f_bpf={{0x8}, {0xe8, 0x2, [@TCA_BPF_FD={0x8}, @TCA_BPF_FLAGS_GEN={0x8, 0x9, 0x3}, @TCA_BPF_ACT={0xd4, 0x1, [@m_ctinfo={0xd0, 0x19, 0x0, 0x0, {{0xb}, {0x4}, {0xa1, 0x6, "ed5c1eb99390e7d0a8730c2f4ad7eab8a255351b763e5585c30ef05596ff09fd3ea6975074d4baa7805a08bfdd7f7fa2634cbcdbba1c88eea89d70023a7b9d8d2a94daf79fa1e5bffdc60fbea174f1aa7372acb7f356da638e68d8cc0dfa35b1ef1879e8526f439300c841829ae601a7811d02b21fcc5aaa7951b03466f8a1800a4b912630d3eb9f282786ef340f4e3cb08280f71f4ee2941ec13001a2"}, {0xc}, {0xc, 0x8, {0x1, 0x2}}}}]}]}}]}, 0x174}, 0x1, 0x0, 0x0, 0x81}, 0x20000080) r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0xffffffffffffff2f}}], 0x4000000000003b4, 0x2040000, &(0x7f0000003700)={0x77359400}) 8m19.922364495s ago: executing program 3 (id=116): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f00000004c0)={[{@dioread_nolock}, {@data_err_abort}, {@inlinecrypt}, {@noauto_da_alloc}, {@data_err_ignore}, {@delalloc}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5c}}, {@grpquota}, {@noblock_validity}, {@user_xattr}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@errors_remount}]}, 0x11, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==") bpf$MAP_CREATE(0x0, 0x0, 0x48) prlimit64(0x0, 0xe, &(0x7f0000000240)={0xb, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000006c0)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f00000002c0)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) unshare(0x62000000) unlink(&(0x7f0000000000)='./file1\x00') openat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x143142, 0x40) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r4 = memfd_create(&(0x7f00000003c0)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,U\xb1]*\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3S\xef}\xfd\x12\xbc:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec=\x9e\xc3\xfd\x85d\x0fl5\xf3\xbe\" 6\r<\xea\x8dz\xcf6\x99\x91\xear8p\xaaR\xd5\xa6\xab#N>\x9a\xdf\xea\x009\xfbB\xc1\xd0_\xc0\'Z\xeb\xd8\xaf\xf0\'J\xe2\xff\xe5x*;(p\xf7p\xce\xbb\xa7\xfe\x04\xd0t\x81\x1a\x1b?m/\x1ex\xf8\x88^\xbaU\xb9\xa6\xab\x8d\a\xa6\"\xd9\x13\xeb\xe2\rh\x8dsx\xaa!\xd5Q\xf8\xce*\x95\x0es\xfaZ\x94t\x19\xdc\xdc\xcf\x0f\x9a\xa2O>\xb9\xfc\x01\fW\xee\xffh\xbd\xb2\xb4z\xeb\x84\x13\x13u\x8f\xe2\\Z\xef\xa3\xe1c\xc5\xe6', 0x0) execveat(r4, 0x0, 0x0, 0x0, 0x1000) r5 = openat(0xffffffffffffff9c, 0x0, 0x141042, 0x0) connect$tipc(r5, &(0x7f00000000c0)=@name={0x1e, 0x2, 0x2, {{0x1, 0x3}}}, 0x10) 8m15.499348559s ago: executing program 3 (id=120): writev(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f00000001c0)="580000001500add427323b472545b45602117fffffff81000e224e217f000001925aa80020007b00090080007f000001e809000000ff0000f03ac71036000000ff", 0x41}], 0x1) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000009, 0x12, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000180)={@mcast2, 0x800, 0x0, 0x3, 0x1, 0x0, 0x100}, 0x20) 8m14.36939541s ago: executing program 3 (id=122): r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0xe, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000940)='percpu_alloc_percpu\x00', r1}, 0x10) unshare(0x28000600) 8m13.715243533s ago: executing program 3 (id=124): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000200)="ad00"/16, 0x10) recvmmsg(r1, &(0x7f0000002440), 0x3ffffffffffff67, 0x0, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) 7m55.765715883s ago: executing program 32 (id=124): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000200)="ad00"/16, 0x10) recvmmsg(r1, &(0x7f0000002440), 0x3ffffffffffff67, 0x0, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) 53.640004463s ago: executing program 0 (id=1605): r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000002c0)=ANY=[@ANYBLOB="12010000d0918108ac051582588f0000000109022d00010000000009040000030b08000009058d67c8002a000009050502000000000009058b6e", @ANYRESOCT], 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, 0x0, 0x0) syz_usb_ep_write(r0, 0x8d, 0x3, &(0x7f00000000c0)="f84971") 50.69090449s ago: executing program 0 (id=1617): add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff) add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000008c0)={0xffffffffffffffff, 0x20, &(0x7f0000000880)={&(0x7f0000000700)=""/196, 0xc4, 0x0, &(0x7f0000000800)=""/102, 0x66}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xd, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="b40000749f0000006111040000000000fcf470594600feff000000000900000010000000"], 0x0, 0x4, 0xbd, &(0x7f000000cf3d)=""/189, 0x0, 0x73, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x1}, 0x10, r0}, 0x94) r1 = epoll_create1(0x80000) r2 = epoll_create1(0x80000) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = getpid() iopl(0x3) syz_open_procfs$namespace(r3, 0xfffffffffffffffe) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r4 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r4, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8) openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/file0\x00', 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f00000008c0)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x94) fcntl$dupfd(r1, 0x406, r2) r6 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r1, &(0x7f0000000040)) 48.894572284s ago: executing program 0 (id=1620): syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000b40)='./file0\x00', 0x210000, &(0x7f0000000b00), 0xfc, 0x592, &(0x7f0000001600)="$eJzs3d9rW1UcAPDvTdPup66DMZwPMtiDk7l0bf0xQXA+ig4H+j5Dm5XRdBlNOtY6cH1wL77IEEQciH+A7z4O/wH/ioEOhoyiggiVm9502Zo0adeZdPl84G7n3B8799tzv3fn5KbcAAbW8fSPXMSxiPg6iTjUtC0f2cbja/utPLwxlS5JrK5+8kcSSbausX+S/X0gq7wUEb98GXEqt7Hd6uLSbLFcLs1n9bHa3NWx6uLS6ctzxZnSTOnKxOTk2TcnJ955+61uwhjuZqfXLvz13cd3Pzj71YmVb3+6f/h2EufiYLatOY6ncLO5crz47/rpnXtix/EdaKyfJL0+AbZlKMvzNIGOxaEYyrIeeP59ERGrHQx32gHYpZKO+Q88nxrjgMbcfofmwbvGg/fXJkD12Eea48+vfTYSe+tzo/0ryWMzo3S+O7oD7adt/Pz7ndvpEpt/DrGvQx1gS24uR8SZfH7j/T/J7n/bd6b+4fHmnmxj0P7/gV66m45/Xm81/sutj3+ixfjnQIvc3Y7O+Z+7vwPNtJWO/95tOf5dv3WNDmW1F+pjvuHk0uVy6UxEvBgRJ2N4T1rf7HnO2ZV7q+22NY//0iVtvzEWzM7jfn7P48dMF2vFiBh5mrgbHixHvJxvFX+y3v9Ji/5Pfx4XumzjaOnOK+22dY7/2Vr9MeLVlv3/6IlWsvnzybH69TDWuCo2+vPW0V/btd/r+NP+3795/KNJ8/Pa6tbb+GHvP6V227Z7/Y8kn9bLjSS4XqzV5scjRpKPNq6feHRso97YP43/5InN73+trv908vVZl/HfOnKr7a790P/T3fR/Ogmu9//6hdB14d6Hn3/frv3u+v+Neulktia7/7WWXSvdnuDT/vwAAAAAAACgn+Qi4mAkucJ6OZcrFNa+33Ek9ufKlWrt1KXKwpXpqP+u7GgM5xpPug81fR9iPPs+bKM+8UR9MiIOR8Q3Q/vq9cJUpTzd6+ABAAAAAAAAAAAAAAAAAACgTxxo8/v/qd+GWh3xd9t3GQC7UP3FBnt6fRZAL3R85f9OvOkJ6Esd8x94bsl/GFzyHwaX/IfBJf9hcMl/GFzyHwaX/AcAAAAAAAAAAAAAAAAAAAAAAAAAAIAddeH8+XRZXXl4YyqtT19bXJitXDs9XarOFuYWpgpTlfmrhZlKZaZcKkxV5jr9e+VK5er4RCxcH6uVqrWx6uLSxbnKwpXaxctzxZnSxdLw/xIVAAAAAAAAAAAAAAAAAAAA7C7VxaXZYrlcmldoW3gv+uI0nmWAEZGLSNcsR8SWDs/3SxQKbQrLWa5v7ajH7xN7e3BvAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICG/wIAAP//W6Ewhg==") r0 = open(&(0x7f0000000000)='./file1\x00', 0x4787e, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x1ff) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f00000001c0)=0x10) write$tcp_congestion(r0, 0x0, 0x0) 47.734117456s ago: executing program 0 (id=1621): bpf$TOKEN_CREATE(0x24, &(0x7f0000000040), 0x8) setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x67, &(0x7f0000000340)=0x5, 0x4) syz_mount_image$ext4(&(0x7f0000000700)='ext3\x00', &(0x7f0000000080)='./file0\x00', 0x8042, &(0x7f0000000380)={[{@grpjquota}, {@init_itable_val={'init_itable', 0x3d, 0x8}}, {@dioread_nolock}, {@grpid}]}, 0x1, 0x4f8, &(0x7f0000001900)="$eJzs3E1oXNUeAPD/nXz26zXvvb6+176+Z2oVg8WkTavNQpCKggsFsYK6DElaatNGmhRsqTIFqUspuBeXbl24VTdFXAlu61KQQpFu2griyJ25dzIzmUmaSTJjmt8Pbuace2fuOeeee+6ce07mBrBlDad/kkr4VkTsjohC4xuGKy/3716denD36lQUS6VTvyblj91L45lsN7Eji4wUIgofJYsbasxfvnJucnZ25mIWH1s4/97Y/OUrz5wdzNZMTCS9bRaqSXppue7t/3DuwL5X3rnx2lR1z3lqteVYL8Mx3CwrZU+ud2Jdtqsm3Ha90XHp+Z9WV1+5/e+Onliu8oodzBmw0UqlUmmg9eZiqdG1JWuATSsGu50DoDvyL/r0/jdfmnUE+jem+9F1d05WboDSct/PlojHyivzcZC+hvvb9TQcEW8Xf/ssXWKDxiEAAGp9czLvCTb0/4YqMyO/X7r5Qvr6t2wOZSgi/h4R/4iIf0bEnoj4V0TsjYh/R8R/GvbfExGlZdIfbohX069OQhVur1NRm0r7f89nc1vpsjj3VQ0N9WSxXRF5h3nmSHZMRqJv4PTZ2Zmjy6Tx7Us/ftJqW23/L13SPOR9wSwft3sbBuimJxcm2yvtUneuRezvXSx/pf+b9EYk1ZmAJCL2RcT+Vex3qCZ89ukvDlQjffXvW7n8ZaWm82jrMM9U+jziqUr9F6Na/qibREzq5ifPT56ZOTNzYXxi4vixoyeeG392bDBmZ46MpWfBkaZpfP/D9ddbpb9i+b/6ufEjL5/4+lTWstYurf/tNed/5PO3i+UfSiKS6nzt/OrTuP7Txy3vado9//uTN8vh/L70/cmFhYtHI/qTV5euH1/8bB5PX6NYKf/Iocbzv5xu+RqXH4n/RkR6Ev8vIv4flTvENO8HI+LxiDi0TPm/e/GJd9sv/8ZKyz8d9eWv1Hxd/S/O17cKJNncYN2m/kgDPecO3nrQ4uLxcPV/vBwaydY0v/4ldZeIVjnNv+3SNX+s+egBAADA5lCIiJ01Y0k7o1AYHa2MAe2J7YXZufmFw6fnLl2YTrdFDEVfIR/pqowH9yX5+OdQTXy8IX4sGzf+tGdbOT46NTc73dWSAzvKbT4pjEa81VPT/lO/rM8QM/BX5vdasHUt1/7TTvzeGx3MDNBRD//9f/ODDc0I0HE17b/VL/yLbfzfF7AJPPT3f9LyeTbAI2PlB/0YM4TNr6Qtw5a2qvZ/2EMA4VHSG29Uw4Wu5gToNP1/2JJW/F3/mgKlgeabBmPpm2Nw+R32RHvZ2NYkra4E0p5VV1Lf1s6n8omelu+Jwup2OBD1a/rbrNPTazwaxYvzZ/Yunvz5s0XWeJxL2f/Kr3cNftmRdtos0PFLEQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwIb4MwAA///GJdfC") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8000, 0x20000000019}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) close(0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) recvmmsg(r2, &(0x7f0000001640)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000004c0)=""/4082, 0xff2}, {0x0}, {&(0x7f0000000080)=""/61, 0x3d}, {&(0x7f00000000c0)=""/76, 0x4c}], 0x4}, 0x8c}], 0x1, 0x40030002, 0x0) sendmsg$nl_generic(r2, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000002b40)=ANY=[@ANYBLOB="200000001000010700000000000000000a0000000c0002006e6c3830323131"], 0x20}}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000400), r2) 46.794934065s ago: executing program 0 (id=1623): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r1 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0xa, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000002140)={0x0, 0x0}) unshare(0x26020400) ioperm(0x10001, 0x5, 0x2) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000010c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$unix(r4, 0x0, 0x80) r5 = socket$inet(0x2, 0xa, 0x3) close(0x3) socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_opts(r5, 0x0, 0x4, 0x0, 0x0) setsockopt$inet_opts(r5, 0x0, 0x4, 0x0, 0x0) recvmsg$unix(r3, 0x0, 0x2) r6 = syz_open_procfs(0x0, &(0x7f0000000200)='oom_adj\x00') preadv(r6, &(0x7f00000005c0)=[{&(0x7f0000000240)=""/144, 0x90}], 0x1, 0x80000000, 0x80000000) poll(0x0, 0x0, 0x41) r7 = getpid() sched_setscheduler(r7, 0x2, 0x0) prlimit64(r7, 0x2, 0x0, 0x0) keyctl$instantiate(0xc, 0x0, 0x0, 0x2a, 0x0) ioprio_set$pid(0x1, r1, 0x4004) 45.019886928s ago: executing program 0 (id=1627): close(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0, 0xffffffffffffff2c}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r3 = io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0xc89f, 0xc000, 0xa, 0x20002f7}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000093c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@deltfilter={0x24, 0x2d, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {}, {0xe, 0xffff}}}, 0x24}}, 0x0) io_uring_enter(r3, 0x2219, 0x7721, 0x16, 0x0, 0x0) 30.014136675s ago: executing program 33 (id=1627): close(0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0, 0xffffffffffffff2c}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r3 = io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0xc89f, 0xc000, 0xa, 0x20002f7}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000093c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@deltfilter={0x24, 0x2d, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {}, {0xe, 0xffff}}}, 0x24}}, 0x0) io_uring_enter(r3, 0x2219, 0x7721, 0x16, 0x0, 0x0) 17.683743351s ago: executing program 1 (id=1688): setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x67, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000700)='ext3\x00', &(0x7f0000000080)='./file0\x00', 0x8042, &(0x7f0000000380)={[{@grpjquota}, {@init_itable_val={'init_itable', 0x3d, 0x8}}, {@dioread_nolock}, {@grpid}]}, 0x1, 0x4f8, &(0x7f0000001900)="$eJzs3E1oXNUeAPD/nXz26zXvvb6+176+Z2oVg8WkTavNQpCKggsFsYK6DElaatNGmhRsqTIFqUspuBeXbl24VTdFXAlu61KQQpFu2griyJ25dzIzmUmaSTJjmt8Pbuace2fuOeeee+6ce07mBrBlDad/kkr4VkTsjohC4xuGKy/3716denD36lQUS6VTvyblj91L45lsN7Eji4wUIgofJYsbasxfvnJucnZ25mIWH1s4/97Y/OUrz5wdzNZMTCS9bRaqSXppue7t/3DuwL5X3rnx2lR1z3lqteVYL8Mx3CwrZU+ud2Jdtqsm3Ha90XHp+Z9WV1+5/e+Onliu8oodzBmw0UqlUmmg9eZiqdG1JWuATSsGu50DoDvyL/r0/jdfmnUE+jem+9F1d05WboDSct/PlojHyivzcZC+hvvb9TQcEW8Xf/ssXWKDxiEAAGp9czLvCTb0/4YqMyO/X7r5Qvr6t2wOZSgi/h4R/4iIf0bEnoj4V0TsjYh/R8R/GvbfExGlZdIfbohX069OQhVur1NRm0r7f89nc1vpsjj3VQ0N9WSxXRF5h3nmSHZMRqJv4PTZ2Zmjy6Tx7Us/ftJqW23/L13SPOR9wSwft3sbBuimJxcm2yvtUneuRezvXSx/pf+b9EYk1ZmAJCL2RcT+Vex3qCZ89ukvDlQjffXvW7n8ZaWm82jrMM9U+jziqUr9F6Na/qibREzq5ifPT56ZOTNzYXxi4vixoyeeG392bDBmZ46MpWfBkaZpfP/D9ddbpb9i+b/6ufEjL5/4+lTWstYurf/tNed/5PO3i+UfSiKS6nzt/OrTuP7Txy3vado9//uTN8vh/L70/cmFhYtHI/qTV5euH1/8bB5PX6NYKf/Iocbzv5xu+RqXH4n/RkR6Ev8vIv4flTvENO8HI+LxiDi0TPm/e/GJd9sv/8ZKyz8d9eWv1Hxd/S/O17cKJNncYN2m/kgDPecO3nrQ4uLxcPV/vBwaydY0v/4ldZeIVjnNv+3SNX+s+egBAADA5lCIiJ01Y0k7o1AYHa2MAe2J7YXZufmFw6fnLl2YTrdFDEVfIR/pqowH9yX5+OdQTXy8IX4sGzf+tGdbOT46NTc73dWSAzvKbT4pjEa81VPT/lO/rM8QM/BX5vdasHUt1/7TTvzeGx3MDNBRD//9f/ODDc0I0HE17b/VL/yLbfzfF7AJPPT3f9LyeTbAI2PlB/0YM4TNr6Qtw5a2qvZ/2EMA4VHSG29Uw4Wu5gToNP1/2JJW/F3/mgKlgeabBmPpm2Nw+R32RHvZ2NYkra4E0p5VV1Lf1s6n8omelu+Jwup2OBD1a/rbrNPTazwaxYvzZ/Yunvz5s0XWeJxL2f/Kr3cNftmRdtos0PFLEQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwIb4MwAA///GJdfC") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8000, 0x20000000019}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r1 = syz_clone(0x4000000, 0x0, 0xfffffffffffffe10, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000002b40)=ANY=[@ANYBLOB="200000001000010700000000000000000a0000000c0002006e6c3830323131"], 0x20}}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000400), r3) 16.342696237s ago: executing program 1 (id=1690): getsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x6, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x18, 0x3, &(0x7f0000000580)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x1e00, 0x4d}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10) syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000840)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xc0ed000e, &(0x7f0000000700)={[{@jqfmt_vfsold}, {@orlov}, {@debug}, {@max_batch_time={'max_batch_time', 0x3d, 0x4d6d}}, {@nombcache}, {@journal_dev={'journal_dev', 0x3d, 0x8}}, {@init_itable_val={'init_itable', 0x3d, 0x601}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x8000}}]}, 0xfa, 0x47c, &(0x7f0000000a80)="$eJzs3M1vFOUfAPDvTLulwI9fK+ILCFJFI/GlpeVFDl40mnDQxEQPGE+1LaRSqKE1EUK0esCjIfFu/C+MJ70Y9aKJV70bEmK4gHpZMzsztLS77ZZud4H9fJLZfZ6Z2X2e78w8O8/Ms7sBdK2h7CGJ+F9E/B4RA3n29hWG8qeb1y9N/H390kQS1epbfyW19W5cvzRRrlq+bnueqVaL/JY65V5+N2J8ZmbqfJEfmT/7wcjchYsvTJ8dPz11eurc2PHjRw7v6zs2drQlcWZx3djz8eze3SfeufLGxMkr7/2UpJHHHcviaJWhfOvW9XSrC+uwHUvSSW/22F/k9v+yuKTekUAn9UREtrsqtfY/ED2x9daygXjts45WDthU1Wq1usqn8kIVuI8l0ekaAJ1Rnuiz699yalPX465w7eX8AiiL+2Yx5Ut6I80T+yvLrm9baSgiTi7881U2xSbdhwAAWOq7rP/zfL3+XxoP54m+7OH/xRjKYEQ8EBE7I+LBiNgVEQ9F1NZ9JCIeXWf5y0dIVvZ/0qt3HFwTsv7fS8XY1u39v7RcZbCnyO2oxV9JTk3PTB0qtsnBqGw5NZ1Mja5Sxvev/vZFo2VL+3/ZlJVf9gWLelztXXaDbnJ8fnwjMS917dOIPb314k9q4wJRjOvtjog9d1jG9LO9DZetHf8qGr9t06pfRzyT7/+FWBZ/KWk4Pjn64rGxoyP9MTN1aKQ8Klb6+dfLbzYqf0Pxt0C2/7fVPf5vxT+Y9EfMXbh4pjZeO7f+Mi7/8XnDa5p1Hv8ndhTHf1/ydm1GX7Hgo/H5+fOjEX3J6yvnjy2+W5kv18/iP3igfvvfGYtb4rGI2BsR+yLi8eyisKj7ExHxZEQcWCX+H1956v31x9+esdIs/sm19n8s3f/rT/Sc+eHbtePvj4hG+/9ILXWwmNPM51+zFdzItgMAAIB7Rf4d+CQdXkwnw8P5d/h3xbZ0ZnZu/rlTsx+em8y/Kz8YlbS80zWw5H7oaHFvuMyPLcsfLu4bf9mztZYfnpidmex08NDltq9o/2matf/Mnz2drh2w6Vowjgbco7R/6F7aP3SnZM32X2lbXYD2c/6H7lWv/X/ScO3hbza1MkBbOf9D92qi/S/kT417BcC9yfkfupf2D12p4W/j0w395L/tiX+L/zO8W+pz/ycivSuqcf8nepv+M4tGicrKtlwdyNt/NmdL3Vd1+pMJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgNf4LAAD///R05PQ=") 10.999035709s ago: executing program 4 (id=1703): bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = socket$inet(0x2, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) pipe2(&(0x7f00000000c0)={0xffffffffffffffff}, 0x0) openat(r1, 0x0, 0x1442, 0x1bc) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$sock_inet_SIOCSIFADDR(r2, 0x8916, &(0x7f0000000000)={'lo\x00', {0x2, 0x4e23, @empty}}) shutdown(r0, 0x1) mknod$loop(0x0, 0x6000, 0x1) 10.536031598s ago: executing program 1 (id=1704): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0xa, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000002140)={0x0, 0x0}) unshare(0x26020400) ioperm(0x10001, 0x5, 0x2) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000010c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$unix(r2, 0x0, 0x80) r3 = socket$inet(0x2, 0xa, 0x3) close(0x3) socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_opts(r3, 0x0, 0x4, 0x0, 0x0) setsockopt$inet_opts(r3, 0x0, 0x4, 0x0, 0x0) 10.44298096s ago: executing program 4 (id=1705): bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) fsopen(0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) socket$packet(0x11, 0x3, 0x300) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) creat(0x0, 0xa1) syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101b01) r1 = syz_open_dev$usbfs(&(0x7f0000000100), 0x206, 0x20182) ioctl$USBDEVFS_BULK(r1, 0x5523, 0x0) 8.747610422s ago: executing program 1 (id=1707): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000000c0)={0x0, 0x0, 0x0, 'queue0\x00'}) write$sndseq(r0, &(0x7f00000001c0)=[{0x0, 0x3f, 0x0, 0x0, @tick, {}, {}, @result={0x2, 0x1}}], 0x1c) write$sndseq(r0, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick=0xfe, {}, {}, @raw32}], 0xffc8) 8.211646923s ago: executing program 5 (id=1709): syz_mount_image$hfsplus(&(0x7f0000000980), &(0x7f0000000a80)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2000010, &(0x7f0000000080)=ANY=[@ANYRES8=0x0, @ANYRES8, @ANYBLOB="4a3a9f8c2aab73255ecca15a5ad5b0b10a8188680863e509dca434325eec52c449bc0f78c4d4996b7c34f8c4022a0980617731d8084daf83fa32ac4f26093d06abe1c066b64b56d81577ccc09ee10fa7258f8c9a08a6fa6f21d52366469e697011812e7133138514e15b9fe1f64a7d3062ee9a77ca0a5d9f6af20b21dc3f0f0577b860b69773048ec9a9a6d40e94d2f4aca5a132897494efd6232446f0d416f1a75c1e7e1e233ad655802c57c24d281190a09a21b70500000000000000"], 0xff, 0x6de, &(0x7f0000000180)="$eJzs3c9vHGcZB/DvrNeON1TBaZM2QkVYiVSQIhInVgrhgkEI5VChqhx6thKnsbpJqsRFaYUgBQQnJA79AwqSbxwQEvegcOFSbr36WAmJS8QhqpAWzezsete7ju0kXifw+UTjed9533nnmWd+eddZbYD/W5dOp3kvRS6dfuNOWd9YX2xvrC8eqpvbScpyI2l2ZyluJMX9ZKlsLwamDMxHfLx68a3PHmx83q0166nqP9Vfb3ZXIY/Zxt16ynw93vzYNad3NX53rCq8vJDkcj0fNrPbsYY6lkk7Vc/hwHVG3N3L6tte78Czr/d0KrrPzRFzyeH6yVz9TlDfHRqTi3B/7OkuBwAAAM+pT28edAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADw/Km//7+op0Y9z3yK3vf/z/SW1eVn0NKue97b1zgAAAAAAAAAYDK+9jAPcydHevVOUf3N/2RVOZYvOsmX8n5uZyW3ciZ3spy1rOVWziWZGxho5s7y2tqtc/01S+PXPD92zfOT2mMAAAAAAAAA+J/0i7Q2//4PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADPgiKZ6s6q6Vg9z1wazWy25W7yjyQzBx3vHhTjFt6bfBwAAADwRGYfY50vP8zD3MmRXr1TVK/5X65eL8/m/dzIWlazlnZWcqV+DV2+6m9srC+2N9YXr5dTWR8e93v/2lMYM/UIU1Vt3JZPVD1auZrVasmZXC6S/3Q6nUZ326eSE714BuIa8FEZU/Hd2i4ja9ZpLff8d9u9i/BUDL8V0XhEz9ZmcEk/Iwt1bOWaR7sZKKo3apKtmdjx6DSHanPVqNP9LZ1Lo//Oz7F9yPnhel7uz6/3Ned71c9EI1UmzqfRP1IvPzoTydf/8se3r7VvvHvt6u3Tz84u7WBqm+Vbz4nFgUy88lxnornH/gtVJo7365fyw/w4pzOfN3Mrq/lJlrOWlXTq9uX6fC5/zj06U0tDtTd3imSmPi7dY7abmObzg6q0nJPVukeymiI3cyUreb36dz7n8q1cyIVcHDjCx7eNu9q36qpvbL3qe0f6r2ODP/WNulDe3X6zeZdbetQeb3d2Pi3de3+Z16MDee2e9Q/6vY4OXAcLA1l6sZed6bGDP869sfmVulBu45c7PCcma67ORHkB9Z4Svehe6maiWT2LRs/z33fK9dK+0elcW35vm/Hvbqm/Vs/L02r9qzv17hl/KJ6u8nx5MbP1nWT47CjbXurfZQbaOpvncrdt+Ilbrne8aiuK3pX6o9ysToDRK3Wm/h1udKTzVdsrY9sWq7YTA21Dv2/lZtq5MoH8AfA4/v52vziXwzOtf7Y+bX3S+lXrWuuN2e8f+vahV2cy/bfp7zQXpl5rvFr8OZ/kZ5uv/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgMd3+4MP311ut1dujS80tm9aXup9cU27vdLK1j7bjXxo/IBF/YU+O8TzTBbSHG2aLfMyuGS6m6gJR9jaGsZIofPzZOIZ632J4Pg+vy0LzZEzalxhaWjJn0YH/GiPERa7uy72sdDIZDdaXsXjmg7ohgRMzNm16++dvf3Bh99cvb78zso7KzemL1y4uHDxwuuLZ6+utlcWuj8POkpgP2w+9A86EgAAAAAAAAAAAGC3xn0w4OQLO31oZFef8fA/CwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICn4tLpNO+lyLmFMwtlfWN9sV1OvfJmz2aSRiMpfpoU95OldKfMDQxX5A/30xmznY9XL7712YONzzfHanb7J416vr1Htya5W0+ZTzJVz5/A0HiXn3i84t+9fSgT9kWn01l6svjg6fhvAAAA///1I/PD") mkdirat(0xffffffffffffff9c, &(0x7f00000005c0)='./file0\x00', 0x1c0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040), 0x18a3c85) write$P9_RSETATTR(r0, &(0x7f0000000a40)={0x7, 0x1b, 0x1}, 0x7) 7.567828955s ago: executing program 5 (id=1710): socket$nl_generic(0x10, 0x3, 0x10) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000005"], 0x48) syz_mount_image$iso9660(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x3800813, &(0x7f0000000100)={[{@iocharset={'iocharset', 0x3d, 'cp1251'}}, {@utf8}, {@overriderock}, {@nojoliet}, {@nojoliet}, {@overriderock}, {@dmode={'dmode', 0x3d, 0x3}}, {@nocompress}, {@mode={'mode', 0x3d, 0x3e8}}, {}, {@block={'block', 0x3d, 0x200}}, {@check_relaxed}, {@overriderock}, {@check_relaxed}, {@map_acorn}]}, 0x1, 0xa51, &(0x7f0000001240)="$eJzs3ctvXNd9B/DvHZISQ7u24qiuKzjiSK4UxmEpkqqlCl6kEjmSmPJRkBRgoYsojahCEFu3cQs4RoEoQNFVjBZo0UW7M7rqykA2TReFN0W7a1ZdFCj8LwRdqSsG986QHJIzHIrhy8rnQ8zMffzuOec+zj2cmTv3hC+WtVe3jK2tVY99jt/75yMoMSfYrenPP/n04/Lxw6c5lb68U/xLMpiknvQneSMZmJpeXJjrkdCT5EGSz5Iiyek0X/fkQYq/zsub45+l+Mcy365O7TVlelnjl9pxH38AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHASFVPT4+MTxanMzN97r96U1HeYml5cKLK2tnPO+jJNP6l6/S5+0jPfpCgfGRxc7+r7jbObs19PUr+YN5tjb1YdkmcwH730+pl3v9JfW1++W2l+Iaf3nuwH3//oyXdWV1e+13FuURxgqU6Y5jFypzE/s7QwM3fzTqM+s7RQv3Ht2viVu7eX6rdnZhtL95eWG3P1qcXGzeWFxfrI1NfrEzduXK03xu4v3Ju/Mz0221ifeP03J8fHr9W/NfZ7jZuLSwvzV741tjR1d2Z2dmb+ThVTzi5jrpcH4u/OLNeXGzfn6vVHj1dXrm4rWV+2Hb9l0ESv9SmDJnsFTY5PTk5MTE5O/LDVe/bGhGvv3Hjn+vh4/3jTy2kNZEfEIR20nCxf6r6bD/4kDvtUa7b/yWxmMp97eS/1jn9Tmc5iFjLXZX7Levt/6Upj12zT1v63Wvn+tvnnyqeLOd8aHezS/ncpy9H9fZDv56M8yXeymtWs5HvHXqKj/buTRuYzk6UsZCZzuVlNqbem1HMj13It4/l27mY4S+nP7cxkNo0s5X6WspxGdURNZTGN3MxyFrKYekYyla+nnoncyI1cTT2NjOV+FnIv87mT6dysUnmUx9V2v7pLGTeCJvYSNLlL0I7GvFv7v2H7Io3t/5zwAqrtupcP4SwO+7PWav9P9Q4dmdoy2n94hQIAAAAO1K//Z145+9p//G9S5KvV9/K3Z2Yb48ddLAAAAOAAVZfrvVm+DJRDX03h/T8AAAC8aIrqN3ZFkqEMN4fWfwnlQwAAAAB4QVTf/59PMbw5wft/AAAAeMH0vsd+z4hidP32v/WHzdeHrYjmWDF0e2a2MTa1MPvuRC5XdxmofmmwI7W+pBiofn7wdi40oy4MNV+HNlMs8xwsoybG3p3I27nYWpGRt8qXt0Y6RE42I7/WjPxae2RftkReLSMB4EV3cZf2eK/t/9sZbUaMnqua/P5zW9rgvqplHdeyAsBJsdHHzv+3ujTr0P6fb94b4Hy39v+3dnn/X0a8lkfDzUsKxvLdvJ/VPMxoWlccDHdKdb03guZlCKM9Pg0Yal2y8NPrtYzu+DxgcGNd22NXMpnRjp8ItKVbrJfhajOu77D2AgAcrYu7tsPr7X/1IXnX9n909/f/bW2uSwoB4CTY6MH+eQeG9x583OsIAGyllQYAAAAAAAAAAAAAAAAAAAAAAAAAAICDt6cb+P/X5WR1dSXZb2cBHQZ++u//+itdY370UjL4PCXcfaCWAynz6SQHsu6HN9CX5Lhy/2aee6lyH5+UTfciDRRPqwr7C6VzzCcmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAjkSR9HWaXktOJxlPcuXoS3V4nh53AQ5KfX+LFc/yLB/mlYMuDgAAAAAAAAAAAAAAAAAAAAAAAAAAAADAL7vW/f9rab6+1JyU/lpyKcmDJL9/3GV8HoM95j87onKcPH9UPbfd/7+WDGStSH/W1tbWkmJganpxYa48FIrT5fzPP/n04/LRNckfrA/s7FWhTKDMYUvnEq0c2qYMbF3qy9VSQ9MrHzz5s/f/pD59qzowby3fnp2eu7P4O5uBrxc/bnaB0N4Nwnp5/+LSv/1N2+RTrcx/nP5uK7I939tVvtM78/21Tkt3yXcPHq+uTJY5LTfeW/7zP661z3otF5K3RpKRrTn9YfnoktOF7dtzq+JnxV8Vr+Tv86Da/+XWKNaKche9Wq3/lx49Xl0Z++77qw83yvSDxx+2JXAmw0kebq1lPco0XJ1POnqpynWgzHW8CiqfzvZIb1dtKU5sbtct6/Dl6pAZeq51qHdfh0qP7d4q0dXtJVorK8nf/ulXcnnXPX26Q4qXe+TYUfGz4n+Ku/nv/GVb/x+1cv9fSsfa2SGJKrLtSGmft6V61S5trvlk+4xvb0+za63kEPwof5Df3tj/ter8315vJrvUm43z0TfbJnapN+tVq0u9OL21pu6oFy296sXOmvpPr+5oUbbmmrPbWqTW2afbMq1ynm1GdSnnr+YbSf+55zqjfKPHGaXX8vut//9QjOT/8lT/PwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMlXJH2dpteSS0nOJHm1HK8na9tjnu4jv9pQsZ9iHpj9lPmLp+i6osWzPMuHeeWoSwQAAAAAAADA4bg1/fknn35cPqrv4/vyG7XWnHrSn+RM8XcDU9OLC3M9EhpIHqx/pT/YOaTL5Dwon17eHP+sHHujR37He/kAAHyh/TwAAP//FnluMg==") bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) epoll_create1(0x0) socket$packet(0x11, 0x3, 0x300) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0xc8300, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000100)={0xa, "5660359c3245d1c42317b1ad7d48ed51000000000000000100"}) poll(&(0x7f0000000000), 0x20000000000000b5, 0x9) ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) 7.082701544s ago: executing program 4 (id=1711): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000080)=0x1, 0x4) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000140)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x7ff, 0xf80, 0x3}, 0x1c) setsockopt$packet_int(r0, 0x107, 0x7, &(0x7f0000000000)=0x1, 0x4) syz_emit_ethernet(0x102b, &(0x7f0000002c40)=ANY=[], 0x0) 7.056356505s ago: executing program 5 (id=1712): r0 = socket$inet(0x2, 0x2, 0x1) sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000000)={0x2, 0x4e23, @remote}, 0xa, &(0x7f00000000c0)=[{&(0x7f0000000100)='\b\x00', 0x2}, {&(0x7f0000000180)="96bc1480bb58", 0x6}], 0x2, &(0x7f0000000040)=[@ip_tos_int={{0x0, 0x0, 0x1, 0x5}}, @ip_tos_int={{0x14}}], 0x30}, 0x40014) 6.843835269s ago: executing program 5 (id=1713): add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff) r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000008c0)={0xffffffffffffffff, 0x20, &(0x7f0000000880)={&(0x7f0000000700)=""/196, 0xc4, 0x0, &(0x7f0000000800)=""/102, 0x66}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xd, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="b40000749f0000006111040000000000fcf470594600feff000000000900000010000000"], 0x0, 0x4, 0xbd, &(0x7f000000cf3d)=""/189, 0x0, 0x73, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x1}, 0x10, r1}, 0x94) r2 = epoll_create1(0x80000) r3 = epoll_create1(0x80000) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = getpid() iopl(0x3) syz_open_procfs$namespace(r4, 0xfffffffffffffffe) sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r5 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r5, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8) openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/file0\x00', 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f00000008c0)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x94) fcntl$dupfd(r2, 0x406, r3) r7 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r2, &(0x7f0000000040)) add_key$keyring(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, 0x0, 0x0, r0) socket$nl_route(0x10, 0x3, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) 6.835613379s ago: executing program 4 (id=1714): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_mount_image$iso9660(&(0x7f0000000180), &(0x7f0000000280)='./file0\x00', 0x0, &(0x7f0000001380)=ANY=[@ANYBLOB="6d61703d6f66662c6d61703d61636f726e006e6f726f636b2c73657373696f6e3d307830203030303030303030332c636865636b3d72656c617865642c6e6f726f636b416e0400000000000000c86b2c6d6f44653d30783030303030303090cf5cee73e4fdbccf1ad8f6238d714830303030303030756e686964652c6d61703d61636f726e2c6f76657272696467726f636b706572916964652c00add51ea2b35249a135fa479f9069028397e9808a385f6e0c9ab44fb55e327ad812fe293a6347f7f50263af07e2638e5c5522fc046bdeb75ac5ae4dfa74f42b394b1587068ecfa5acd43d2ca29a5d67adb9bfb87ce6ccb85cb9ae05ac000000000030ba8a33e03d0f35e2a073794e41e412b0990a0b95f8980e222648ebd4812668105ec95142624f1c8c9404720acd353b34587bd415789242664ba8d1c5506ae693aba03cbdf0d0f4e149c05cca8ad11491b56e656879a9f8", @ANYRES64=r0], 0x1, 0x6fd, &(0x7f0000000c40)="$eJzs3V2P21gZB/D/STJJJoWqAlStqm7ndMpKUzGkTmabKipIGOckY0jiyPbAjIS0KnRmNWqmQFskmpt2bniRli/A3d5wwYdYiQuu9lvAFUgrEDesQMjIx3ZeJk5m0knb7e7/N9qNYz8+5/Gx61N37GMQERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERhNUwjIpA2+7u7MrZrIbrdJIvWUwtj0pbwc1o4ua8OlfCegER/odiEW9Fs9/62ijkcvi/dVyNvl1FMfwoYnDh8qW7X81lkvXnJPwisGiBj58OHtzr9/cfnSE2i4WLf52QOUNQS3Vtz7E7ZktJ23NkvVYzbm03Pdm028rb83zVkZarMr7jyg3rpqzU61tSlfecnW6rYbZVMvPON6uGUZPfK0Q7GkDZs7btdtvutnRMuDiMuSM/+FEUoMyOlAeH/f2tsXyepbVxGFRJST4zHhwGVU/b3KpRrVYq1Wqldrt++45h5KZmGCFhDGEqYukHLb1hlnsCJzqHjNX4r/EXAbRRRBc72IVM/bHQgAsHnRnLY0n//84tNbfe8f4/6eVXRouvQPf/16Jv12b1/zNykZB6hbQlYsb8xX5WdEYSj/EUAzzAPfTRxz4eLaFsCbl27hLyRtySS8ln5k8LCl3Y8ODARgcmWvgyZDxHoo4aajDwHrbRhAeJJmy0oeBhDx58qPCIyoeZKpjw4cCFxAYs3IREBXXUsQUJhTL24GAHXbTQgIl/B0FwgEPd7ltxPs9TthpJUGXGRhSQS467fVTnbO2s/v/Hz6K14/7fYP//RRUdB4Xo4+N5MUSfAUF8/b+gtZeTDRERERERERG9DEL/67vQv5V/G0CApt1WxkRM4bVlR0RERERERETLIBAUcBUiuisfb0NMX/8TERERERER0ZtN6GfsBICSvqlfjB6XOss/AmRfQYpEREREREREdE76yf9reSDQd/mvQSx0/U9EREREREREb4DfjI2xn8vGY+wGya/1MwDW/loQH/2jAHdFHPd2vy6OzHCJeRTHTN0B4DeviIvxQL36Iw9Af7PUVRHXFg+CORx38JOD9LH+nwcRIYR7IoF8dryAGQmIsOZaLv6GD3A9WuV6PM78/UEGekk0onCpabdV2XLadyswzYsZX+36v3h4+EvAHW7nwWF/v/yTn/bv61yOw1nHR2GhzybSyaQ3xiiXJ3q8Bf3MRdroxqtoJlX+ttspCV2vkWx/FuZRZryieTugtgpEW/krrEf7bD2IYkuD4Yj7AljTgz9UynqXTWy9uyJGWVRObnnajpix5UWdxY0o5sbGjegjaZOwnIwofiMLVMvT+2Aii+p4Fqe3hfjnifafnwVEMWyLrTCLP4UFncjihx9FK2/1dpPhMc6SxdRRQET0uhyMeiE9iPnUGPtJ95Cc1M7e7yAHxGe5Gb37qJYg7j+S3v3J74Ooh8oCufh3E+m1JP0KwjP6htDl5KMB3XNXUs7oRvnTIAjMi0WMn9H/F/89Y9jHnq13Ow6C4OQZ/Y+jdyDFaU9l8Z8gCO5WdE/yuxO96ofhCh/OrNdrV7NhE956cvQzPQB+6P399/cfVqtbNeNdw7hdxYr+q0L8kQX7HiIimnL6O3Z0RGZOhHgX16Myrt//+zvR1ESP95X4lgLtFtDHfWwmrxBYSy+1hAN8+1/RbQib0VUrsF6KPksDefnS3fCqdhh7KHL6DS+bM6/qdF8axerbG6rD2OS9QyevAEexWy95LxAREb1a6zP6YWCi/8dk/1+c6P83sRFFbFxJve4ujd1SuJlcHQ8v6QcXjlNjK6cn/50lNwYREdEXhHI/ESX/18J17d57lXq9YvrbSrqO9X3p2o2WknbXV661bXZbSvZcx3cspy17Lgr2qvKkt9PrOa4vm44re45n7+o3v8v41e+e6phd37a8XluZnpKW0/VNy5cN27Nkb+e7bdvbVq5e2espy27alunbTld6zo5rqbKUnlJjgXZDdX27aYeTXdlz7Y7p7skfOO2djpIN5Vmu3fOdqMCkLrvbdNyOLraMYOEXHRIREX0ePX46eHCv399/dHJiNbw0j+YcY0bM9EQ+pUCOEURERPQZM+quF1ip+BITIiIiIiIiIiIiIiIiIiIiIiIiIiIiIiKiKac/0rfgxEraw4LAcM7PL8Zz8ByjRwynyhE4bz6fun/WA/u9yOqZRStNHokYPPh4TvDqcE7S/OMxx4tUikvAC7fP374EXNBzEM3JLfEAmH5+dOnHWNrEtw6iFp0VoxemLioM90Vu+X8cwomHf5heJMKWD4IgmL96YbIN82c/nnMAHuXPsQte9ZmIiF61/wcAAP//iYxA9A==") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, 0x0}], 0x1, 0xa, 0x0, 0x0) futex_waitv(0x0, 0x0, 0x0, 0x0, 0x0) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={&(0x7f0000000000)="ea28", 0x0, 0x0, 0x0, 0x8}, 0x38) bpf$ITER_CREATE(0x21, 0x0, 0x0) timer_create(0x2, &(0x7f0000533fa0)={0x0, 0x1d, 0x1}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) clock_nanosleep(0x2, 0x0, &(0x7f0000000040)={0x0, 0x989680}, 0x0) syz_clone(0x102311, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) sync() 5.331296578s ago: executing program 5 (id=1716): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0xa, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000002140)={0x0, 0x0}) unshare(0x26020400) ioperm(0x10001, 0x5, 0x2) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000010c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$unix(r2, 0x0, 0x80) r3 = socket$inet(0x2, 0xa, 0x3) close(0x3) socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_opts(r3, 0x0, 0x4, 0x0, 0x0) setsockopt$inet_opts(r3, 0x0, 0x4, 0x0, 0x0) 4.932082346s ago: executing program 2 (id=1717): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = openat$rtc(0xffffffffffffff9c, &(0x7f00000001c0), 0x103a02, 0x0) ioctl$RTC_SET_TIME(r0, 0x4024700a, 0x0) 4.880089906s ago: executing program 1 (id=1718): syz_mount_image$ext4(&(0x7f0000000700)='ext3\x00', &(0x7f0000000080)='./file0\x00', 0x8042, &(0x7f0000000380)={[{@grpjquota}, {@init_itable_val={'init_itable', 0x3d, 0xc}}, {@dioread_nolock}, {@grpid}]}, 0x1, 0x4f8, &(0x7f0000001900)="$eJzs3E1oXNUeAPD/nXz26zXvvb6+176+Z2oVg8WkTavNQpCKggsFsYK6DElaatNGmhRsqTIFqUspuBeXbl24VTdFXAlu61KQQpFu2griyJ25dzIzmUmaSTJjmt8Pbuace2fuOeeee+6ce07mBrBlDad/kkr4VkTsjohC4xuGKy/3716denD36lQUS6VTvyblj91L45lsN7Eji4wUIgofJYsbasxfvnJucnZ25mIWH1s4/97Y/OUrz5wdzNZMTCS9bRaqSXppue7t/3DuwL5X3rnx2lR1z3lqteVYL8Mx3CwrZU+ud2Jdtqsm3Ha90XHp+Z9WV1+5/e+Onliu8oodzBmw0UqlUmmg9eZiqdG1JWuATSsGu50DoDvyL/r0/jdfmnUE+jem+9F1d05WboDSct/PlojHyivzcZC+hvvb9TQcEW8Xf/ssXWKDxiEAAGp9czLvCTb0/4YqMyO/X7r5Qvr6t2wOZSgi/h4R/4iIf0bEnoj4V0TsjYh/R8R/GvbfExGlZdIfbohX069OQhVur1NRm0r7f89nc1vpsjj3VQ0N9WSxXRF5h3nmSHZMRqJv4PTZ2Zmjy6Tx7Us/ftJqW23/L13SPOR9wSwft3sbBuimJxcm2yvtUneuRezvXSx/pf+b9EYk1ZmAJCL2RcT+Vex3qCZ89ukvDlQjffXvW7n8ZaWm82jrMM9U+jziqUr9F6Na/qibREzq5ifPT56ZOTNzYXxi4vixoyeeG392bDBmZ46MpWfBkaZpfP/D9ddbpb9i+b/6ufEjL5/4+lTWstYurf/tNed/5PO3i+UfSiKS6nzt/OrTuP7Txy3vado9//uTN8vh/L70/cmFhYtHI/qTV5euH1/8bB5PX6NYKf/Iocbzv5xu+RqXH4n/RkR6Ev8vIv4flTvENO8HI+LxiDi0TPm/e/GJd9sv/8ZKyz8d9eWv1Hxd/S/O17cKJNncYN2m/kgDPecO3nrQ4uLxcPV/vBwaydY0v/4ldZeIVjnNv+3SNX+s+egBAADA5lCIiJ01Y0k7o1AYHa2MAe2J7YXZufmFw6fnLl2YTrdFDEVfIR/pqowH9yX5+OdQTXy8IX4sGzf+tGdbOT46NTc73dWSAzvKbT4pjEa81VPT/lO/rM8QM/BX5vdasHUt1/7TTvzeGx3MDNBRD//9f/ODDc0I0HE17b/VL/yLbfzfF7AJPPT3f9LyeTbAI2PlB/0YM4TNr6Qtw5a2qvZ/2EMA4VHSG29Uw4Wu5gToNP1/2JJW/F3/mgKlgeabBmPpm2Nw+R32RHvZ2NYkra4E0p5VV1Lf1s6n8omelu+Jwup2OBD1a/rbrNPTazwaxYvzZ/Yunvz5s0XWeJxL2f/Kr3cNftmRdtos0PFLEQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwIb4MwAA///GJdfC") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8000, 0x20000000019}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r1 = syz_clone(0x4000000, 0x0, 0xfffffffffffffe10, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$sock_inet_tcp_SIOCOUTQNSD(r2, 0x894b, &(0x7f0000000040)) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x881, 0x0) 4.713302449s ago: executing program 2 (id=1719): mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0) open$dir(&(0x7f0000000100)='./file0\x00', 0x149800, 0x0) r0 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00') openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r1 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0xc1}) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1600000004"], 0x50) io_uring_enter(r1, 0x2219, 0x7721, 0x16, 0x0, 0x0) 4.582172292s ago: executing program 4 (id=1720): bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) fsopen(0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) socket$packet(0x11, 0x3, 0x300) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) creat(0x0, 0xa1) syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101b01) r1 = syz_open_dev$usbfs(&(0x7f0000000100), 0x206, 0x20182) ioctl$USBDEVFS_BULK(r1, 0x5523, 0x0) 3.14385012s ago: executing program 1 (id=1721): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x101900, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000300)) r1 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_SET_BINARY(r1, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(r1, 0x0, 0x0) r3 = openat$cgroup_subtree(r2, &(0x7f0000000100), 0x2, 0x0) write$cgroup_subtree(r3, &(0x7f0000000300)=ANY=[@ANYBLOB='-cpu'], 0x5) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x20, 0x3, &(0x7f0000000340)=ANY=[@ANYRES32=r3], &(0x7f0000000200)='GPL\x00', 0x44, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000}, 0x50) write$cgroup_subtree(r3, &(0x7f00000001c0)={[{0x2b, 'cpu'}]}, 0x5) r5 = openat(0xffffffffffffff9c, &(0x7f0000000a80)='./file0/file0\x00', 0x0, 0x100) ioctl(r5, 0x5385, &(0x7f0000000000)) writev(r5, &(0x7f0000000000)=[{&(0x7f0000000340)="7f9b5a18b8b969ee8ed580b1cc304dc4ac05449c2b63710f3e2b0d9838ae63e372bafdfa7e19f04bdb935554f227bda01743800ff0f34e411eff0a53962cf1a5a8000b318aa74a0c4ea520810036822e2b891699af58ece774348db7b79299ef3db0fa44035e456ba1551d022bc61e321d9138f3a04ab3c7890a44d6c8a0cb322fc81868ef31084376b69c238e3df46821f7295225adc6a53b32ce92a9acf95feeb1d3739339ce097716ef701c4576ef6a34fa8a112c07478dc485cff277d2a6fc13410a928e8f7c1224cd1940f16d7a5f45156a8e450a344b5e475c2226a94f", 0xe0}], 0x1) ioctl$PPPIOCSMAXCID(r0, 0x40047451, &(0x7f0000002540)=0x1) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$SO_ATTACH_FILTER(r6, 0x1, 0x33, &(0x7f00000001c0)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x7, 0x2}]}, 0x10) ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r4, 0x8010671f, &(0x7f0000000240)={&(0x7f0000000040)=""/113, 0x71}) syz_usb_connect(0x0, 0x48, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100004748290895130003758100000001090236004100000000092fd3090b502f7e0009050f10200001ff080904013d8e", @ANYRES8, @ANYRESOCT], 0x0) 3.143500839s ago: executing program 2 (id=1722): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000ac0)=@base={0x6, 0x4, 0x1010, 0x89}, 0x50) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000840)={0x0, &(0x7f0000000780)=""/106, &(0x7f0000000380), &(0x7f0000000000), 0x80, r0, 0x0, 0x7}, 0x38) 2.754516867s ago: executing program 2 (id=1723): openat$tcp_congestion(0xffffffffffffff9c, 0x0, 0x1, 0x0) syz_emit_ethernet(0x2e, &(0x7f0000000140)={@remote, @random="d0de521c8be3", @val={@void, {0x8100, 0x7, 0x1, 0x4}}, {@arp={0x806, @ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x9, @empty, @loopback, @random="3a476c61e48b", @initdev={0xac, 0x1e, 0x1, 0x0}}}}}, 0x0) 2.375517045s ago: executing program 2 (id=1724): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x4, 0x6031, 0xffffffffffffffff, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r3 = dup3(r1, r0, 0x0) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000004a40)={0x3c, 0x0, &(0x7f0000000ac0)=[@acquire_done={0x40106309, 0x1}, @request_death, @clear_death={0x400c630f, 0x3}, @decrefs={0x40046307, 0x2}, @acquire={0x40046305, 0xfffffdff}], 0x19, 0x0, 0x0}) 682.361647ms ago: executing program 5 (id=1725): syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000480)='./file0\x00', 0x8a, &(0x7f00000003c0)={[{@stripe={'stripe', 0x3d, 0x4}}, {@usrjquota}, {@jqfmt_vfsv0}, {@noload}, {@data_err_ignore}, {@usrjquota, 0x22}, {@init_itable_val={'init_itable', 0x3d, 0x601}}, {@init_itable_val={'init_itable', 0x3d, 0x101}}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x3}}]}, 0x0, 0x461, &(0x7f00000004c0)="$eJzs3MtvVFUYAPBvXuVtKz5B0CoaiY+Wlocs3GA0caGJCS4wrmpbCDJQQ2sihGh1gUtD4t64NPEvcCNujLoycYt7Y0IMG9DVNXfm3jJtZ9qZdso0zO+XXDjnnjM559x7z/Sbc+dOAH1rOP2nELEzIm5ExGA9u7jCcP2/O7euTP5768pkIZLk5D+FWr3bt65M5lXz1+2oZ5JkhXavvh8xUa1OX8zyo3PnPxqdvXT55bPnJ85Mn5m+MH78+JHD+weOjR/tyjh3pX3d++nMvj1vvnft7clT1z749fu0vzuz8sZxdKzSfPdw/eg29dyaG9ucdjWkC+UedoSOlCKinF3CN2IwSrFtoWww3viip50DNlSSFJMtrYvnE+A+lgbqQD/K/9Cnn3/z7R6FHpvCzROxsI5xJ9vqJeUoZnUq2WekjTAcEafm//sm3WK96xAAAG24fiIiXmoW/xXj0YZ6D2T3hoYi4sGI2B0RD0XEwxHxSESt7mMR8XiH7S+9Q7I8/kkG1zSwNqXx36vZva3F8V8e/cVQKcvtqo2/Ujh9tjp9KDsmB6OyJc2PrdDGT6//8VWrssb4L93S9vNYMOvH3+UlC3RTE3MT6xlzo5ufR+wtNxt/YSHmTePjPRGxd41tnH3hu32tyoZWHf8KuhCUJ99GPF8///OxZPy5Qsv7k2OvHBs/Oro1qtOHRvOrYrnffr/6Tqv2Vz//G+vm9SS2N73+F8Y/VNgaMXvp8rna/drZztu4+ueXLT/TrPX6Hyi8W0sPZPs+mZibuzgWMVB4a/n+8buvzfN5/fT6P3ig+fzfHXePxBMRkV7E+yPiyYh4Kuv70xHxTEQcWGH8v7z27Iedj3+FVfkuSsc/tdr5j8bz33midO7nH5o2Xmn3/B+ppQ5me1q+/zW8H7TbwS4cQgAAANj0irXvwBeKIwvpYnFkJGK+tra7vVidmZ178fTMxxem6t+VH4pKMV/pGmxYDx3L1vLy/PiS/OFs3fjr0rZafmRypjrV68FDn9uRz//S4vmf+qvU694BG87zWtC/zH/oX+Y/9C/zH/qX+Q/9q9n8/6wH/QDuvXz+N7vftzMafhEMuO+I/6F/mf/Qv8x/6Estn40vruuRf4keJX4caHFOt0VEV9uKYtuVT95Okk1yfDZzohJNi8pt/5jFGhNbmhb1+p0JAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgO/4PAAD//7my44Y=") sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4044064}, 0x40000) fgetxattr(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(0xffffffffffffffff, 0xc4c85512, &(0x7f0000000040)={{0x0, 0x0, 0x0, 0x8, 'syz0\x00'}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x4, 0x0, 0x5, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe0000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000]}) rename(&(0x7f0000000000)='./file1\x00', &(0x7f00000000c0)='./file0/file0\x00') bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f0000000600), 0x4) r0 = openat(0xffffffffffffff9c, 0x0, 0xc2800, 0x88) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r0, 0xc0046686, 0x0) listxattr(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) 161.501437ms ago: executing program 4 (id=1726): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) unshare(0x2c020400) connect$inet6(0xffffffffffffffff, 0x0, 0x0) write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r2, 0x4058534c, &(0x7f0000000000)={0x80, 0x1, 0xc8, 0xa, 0x2}) 0s ago: executing program 2 (id=1727): add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff) r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000008c0)={0xffffffffffffffff, 0x20, &(0x7f0000000880)={&(0x7f0000000700)=""/196, 0xc4, 0x0, &(0x7f0000000800)=""/102, 0x66}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xd, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="b40000749f0000006111040000000000fcf470594600feff000000000900000010000000"], 0x0, 0x4, 0xbd, &(0x7f000000cf3d)=""/189, 0x0, 0x73, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x1}, 0x10, r1}, 0x94) r2 = epoll_create1(0x80000) r3 = epoll_create1(0x80000) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = getpid() iopl(0x3) syz_open_procfs$namespace(r4, 0xfffffffffffffffe) sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r5 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r5, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8) openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/file0\x00', 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f00000008c0)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x94) fcntl$dupfd(r2, 0x406, r3) r7 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r2, &(0x7f0000000040)) add_key$keyring(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, 0x0, 0x0, r0) socket$nl_route(0x10, 0x3, 0x0) remap_file_pages(&(0x7f000051c000/0x400000)=nil, 0x400000, 0x0, 0x0, 0x100) kernel console output (not intermixed with test programs): 4.559429][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.565845][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.728207][ T5414] lo speed is unknown, defaulting to 1000 [ 199.596326][ T4267] EXT4-fs (loop1): unmounting filesystem. [ 199.858059][ T4265] EXT4-fs (loop0): unmounting filesystem. [ 200.098348][ T5426] netlink: 'syz.1.298': attribute type 72 has an invalid length. [ 200.355036][ T5435] netlink: 36 bytes leftover after parsing attributes in process `syz.2.303'. [ 201.164674][ T5443] netlink: 8 bytes leftover after parsing attributes in process `syz.1.305'. [ 201.592755][ T5449] siw: device registration error -23 [ 202.600293][ T5458] loop5: detected capacity change from 0 to 1024 [ 202.646416][ T5458] EXT4-fs: inline encryption not supported [ 202.730525][ T5458] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 202.832743][ T5458] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 202.950901][ T5475] netlink: 1752 bytes leftover after parsing attributes in process `syz.1.315'. [ 203.301676][ T5480] lo speed is unknown, defaulting to 1000 [ 205.710154][ T5494] netlink: 36 bytes leftover after parsing attributes in process `syz.2.319'. [ 205.729766][ T5486] netlink: 36 bytes leftover after parsing attributes in process `syz.0.316'. [ 205.884720][ T5497] netlink: 8 bytes leftover after parsing attributes in process `syz.4.321'. [ 206.007996][ T4949] EXT4-fs (loop5): unmounting filesystem. [ 206.579549][ T5513] siw: device registration error -23 [ 207.314669][ T4283] Bluetooth: hci0: command 0x0406 tx timeout [ 207.320814][ T4283] Bluetooth: hci1: command 0x0406 tx timeout [ 207.327147][ T4283] Bluetooth: hci2: command 0x0406 tx timeout [ 207.333282][ T4283] Bluetooth: hci3: command 0x0406 tx timeout [ 207.405577][ T5515] loop4: detected capacity change from 0 to 1024 [ 207.415534][ T5515] EXT4-fs: inline encryption not supported [ 207.470012][ T5515] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 207.529456][ T5520] netlink: 12 bytes leftover after parsing attributes in process `syz.1.330'. [ 207.545287][ T5515] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 207.889166][ T5528] syz.2.331 uses obsolete (PF_INET,SOCK_PACKET) [ 208.031653][ T5531] lo speed is unknown, defaulting to 1000 [ 208.876136][ T4531] Ignoring NSS change in VHT Operating Mode Notification from 08:02:11:00:00:00 with invalid nss 2 [ 209.435069][ T5542] loop2: detected capacity change from 0 to 1024 [ 209.526857][ T5542] EXT4-fs: inline encryption not supported [ 209.576401][ T5542] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 209.962142][ T5548] netlink: 36 bytes leftover after parsing attributes in process `syz.0.335'. [ 210.005130][ T5542] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 210.150136][ T4266] EXT4-fs (loop4): unmounting filesystem. [ 211.344230][ T5553] lo speed is unknown, defaulting to 1000 [ 212.465392][ T5565] siw: device registration error -23 [ 212.822025][ T4269] EXT4-fs (loop2): unmounting filesystem. [ 213.283872][ T5573] siw: device registration error -23 [ 214.363458][ T5587] siw: device registration error -23 [ 215.130352][ T4756] Ignoring NSS change in VHT Operating Mode Notification from 08:02:11:00:00:00 with invalid nss 2 [ 215.153410][ T5594] netlink: 12 bytes leftover after parsing attributes in process `syz.0.345'. [ 215.759818][ T5614] loop0: detected capacity change from 0 to 1024 [ 216.037539][ T5614] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 216.573671][ T5614] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 216.599438][ T5613] tipc: Started in network mode [ 216.619468][ T5613] tipc: Node identity 22af55a3121c, cluster identity 4711 [ 216.654683][ T5614] ext4 filesystem being mounted at /80/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 216.676848][ T5613] tipc: Enabled bearer , priority 0 [ 216.741779][ T5617] tipc: Resetting bearer [ 216.801563][ T5610] tipc: Disabling bearer [ 217.014577][ T5354] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 217.289304][ T5637] netlink: 36 bytes leftover after parsing attributes in process `syz.1.358'. [ 217.309616][ T5603] netlink: 36 bytes leftover after parsing attributes in process `syz.5.349'. [ 217.404722][ T5639] siw: device registration error -23 [ 218.352450][ T5646] lo speed is unknown, defaulting to 1000 [ 218.358836][ T5646] lo speed is unknown, defaulting to 1000 [ 218.368965][ T5646] lo speed is unknown, defaulting to 1000 [ 218.417596][ T5646] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 218.543603][ T5646] lo speed is unknown, defaulting to 1000 [ 218.560454][ T5646] lo speed is unknown, defaulting to 1000 [ 218.574405][ T5646] lo speed is unknown, defaulting to 1000 [ 218.587714][ T5646] lo speed is unknown, defaulting to 1000 [ 218.599714][ T5646] lo speed is unknown, defaulting to 1000 [ 218.611683][ T5646] lo speed is unknown, defaulting to 1000 [ 218.905216][ T27] audit: type=1800 audit(1759566207.726:10): pid=5647 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.352" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 219.062508][ T11] Ignoring NSS change in VHT Operating Mode Notification from 08:02:11:00:00:00 with invalid nss 2 [ 219.339648][ T5657] netlink: 12 bytes leftover after parsing attributes in process `syz.2.364'. [ 219.482036][ T5660] loop1: detected capacity change from 0 to 1024 [ 219.536373][ T5660] EXT4-fs: inline encryption not supported [ 219.579766][ T5660] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 219.700488][ T5660] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 219.737793][ T5669] netlink: 36 bytes leftover after parsing attributes in process `syz.4.367'. [ 220.168334][ T5674] lo speed is unknown, defaulting to 1000 [ 220.180411][ T5674] lo speed is unknown, defaulting to 1000 [ 221.093560][ T5354] usb 1-1: unable to get BOS descriptor or descriptor too short [ 221.115353][ T5354] usb 1-1: unable to read config index 0 descriptor/start: -71 [ 221.123030][ T5354] usb 1-1: can't read configurations, error -71 [ 221.776254][ T5678] siw: device registration error -23 [ 222.419688][ T4267] EXT4-fs (loop1): unmounting filesystem. [ 222.426509][ T4265] EXT4-fs (loop0): unmounting filesystem. [ 222.537511][ T5683] tipc: Started in network mode [ 222.542557][ T5683] tipc: Node identity be716cc744a9, cluster identity 4711 [ 222.575733][ T5683] tipc: Enabled bearer , priority 0 [ 222.668763][ T5683] device syzkaller0 entered promiscuous mode [ 222.838720][ T5691] tipc: Resetting bearer [ 222.915322][ T4546] Ignoring NSS change in VHT Operating Mode Notification from 08:02:11:00:00:00 with invalid nss 2 [ 222.933485][ T5682] tipc: Resetting bearer [ 223.047190][ T5682] tipc: Disabling bearer [ 223.424806][ T5711] netlink: 36 bytes leftover after parsing attributes in process `syz.5.378'. [ 223.594274][ T5713] loop1: detected capacity change from 0 to 1024 [ 223.629552][ T5715] loop4: detected capacity change from 0 to 1024 [ 223.638425][ T5713] EXT4-fs: inline encryption not supported [ 223.680483][ T5713] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 223.760928][ T5715] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 223.825631][ T5713] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 224.062943][ T5715] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 224.134690][ T5715] ext4 filesystem being mounted at /89/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 224.300584][ T5729] lo speed is unknown, defaulting to 1000 [ 224.312159][ T5729] lo speed is unknown, defaulting to 1000 [ 225.644559][ T14] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 226.694933][ T27] audit: type=1800 audit(1759566215.436:11): pid=5738 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.381" name="file1" dev="loop4" ino=15 res=0 errno=0 [ 227.009703][ T4267] EXT4-fs (loop1): unmounting filesystem. [ 227.326319][ T5742] netlink: 8 bytes leftover after parsing attributes in process `syz.1.386'. [ 227.360782][ T5742] netlink: 'syz.1.386': attribute type 1 has an invalid length. [ 227.387902][ T5742] netlink: 12 bytes leftover after parsing attributes in process `syz.1.386'. [ 228.028532][ T14] usb 5-1: unable to get BOS descriptor or descriptor too short [ 228.117314][ T5762] netlink: 36 bytes leftover after parsing attributes in process `syz.5.393'. [ 228.120175][ T4266] EXT4-fs (loop4): unmounting filesystem. [ 228.132838][ T14] usb 5-1: unable to read config index 0 descriptor/start: -71 [ 228.151229][ T14] usb 5-1: can't read configurations, error -71 [ 228.362904][ T5769] loop1: detected capacity change from 0 to 1024 [ 228.442383][ T5769] EXT4-fs: inline encryption not supported [ 228.504322][ T5769] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 228.669040][ T5776] netlink: 8 bytes leftover after parsing attributes in process `syz.5.400'. [ 228.739657][ T5769] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 228.775515][ T5776] netlink: 'syz.5.400': attribute type 1 has an invalid length. [ 228.803710][ T5776] netlink: 12 bytes leftover after parsing attributes in process `syz.5.400'. [ 231.683164][ T5793] lo speed is unknown, defaulting to 1000 [ 231.690474][ T5793] lo speed is unknown, defaulting to 1000 [ 232.663368][ T4267] EXT4-fs (loop1): unmounting filesystem. [ 232.967149][ T5343] Ignoring NSS change in VHT Operating Mode Notification from 08:02:11:00:00:00 with invalid nss 2 [ 233.070741][ T5810] siw: device registration error -23 [ 233.439211][ T5821] loop2: detected capacity change from 0 to 1024 [ 233.500797][ T5821] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 233.558487][ T5824] netlink: 8 bytes leftover after parsing attributes in process `syz.1.412'. [ 233.609105][ T5824] netlink: 'syz.1.412': attribute type 1 has an invalid length. [ 233.617063][ T5824] netlink: 'syz.1.412': attribute type 2 has an invalid length. [ 233.638325][ T5821] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 233.741328][ T5821] ext4 filesystem being mounted at /81/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 234.144799][ T4330] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 234.682467][ T5852] siw: device registration error -23 [ 234.711581][ T27] audit: type=1800 audit(1759566223.916:12): pid=5852 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.410" name="file1" dev="loop2" ino=15 res=0 errno=0 [ 235.253956][ T5854] loop0: detected capacity change from 0 to 1024 [ 235.321814][ T5854] EXT4-fs: inline encryption not supported [ 235.345362][ T5854] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 235.498641][ T5854] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 236.138343][ T5875] lo speed is unknown, defaulting to 1000 [ 236.146654][ T5875] lo speed is unknown, defaulting to 1000 [ 237.493097][ T5870] netlink: 8 bytes leftover after parsing attributes in process `syz.1.425'. [ 237.532646][ T5870] netlink: 'syz.1.425': attribute type 1 has an invalid length. [ 237.575817][ T5870] netlink: 'syz.1.425': attribute type 2 has an invalid length. [ 238.671407][ T4330] usb 3-1: unable to get BOS descriptor or descriptor too short [ 238.684298][ T4330] usb 3-1: unable to read config index 0 descriptor/start: -71 [ 238.692605][ T4330] usb 3-1: can't read configurations, error -71 [ 238.775527][ T5890] siw: device registration error -23 [ 238.798891][ T4265] EXT4-fs (loop0): unmounting filesystem. [ 238.809696][ T4269] EXT4-fs (loop2): unmounting filesystem. [ 239.011992][ T5893] loop0: detected capacity change from 0 to 1024 [ 239.019344][ T5893] EXT4-fs: inline encryption not supported [ 239.034703][ T5893] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 239.148677][ T5893] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 239.497807][ T5355] Ignoring NSS change in VHT Operating Mode Notification from 08:02:11:00:00:00 with invalid nss 2 [ 239.857979][ T5913] lo speed is unknown, defaulting to 1000 [ 239.881816][ T5913] lo speed is unknown, defaulting to 1000 [ 240.778513][ T27] audit: type=1326 audit(1759566229.996:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5917 comm="syz.2.435" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f39dc18eec9 code=0x0 [ 240.882705][ T5923] netlink: 36 bytes leftover after parsing attributes in process `syz.2.435'. [ 241.785114][ T4265] EXT4-fs (loop0): unmounting filesystem. [ 242.166130][ T5942] siw: device registration error -23 [ 243.221665][ T5946] siw: device registration error -23 [ 243.970126][ T5947] Ignoring NSS change in VHT Operating Mode Notification from 08:02:11:00:00:00 with invalid nss 2 [ 244.249429][ T5967] netlink: 216 bytes leftover after parsing attributes in process `syz.1.449'. [ 244.342047][ T5967] netlink: 24 bytes leftover after parsing attributes in process `syz.1.449'. [ 244.381483][ T5967] netlink: 16 bytes leftover after parsing attributes in process `syz.1.449'. [ 244.675228][ T5976] loop5: detected capacity change from 0 to 1024 [ 244.779123][ T5976] EXT4-fs: inline encryption not supported [ 244.820750][ T5976] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 244.971232][ T5978] siw: device registration error -23 [ 245.077879][ T5986] siw: device registration error -23 [ 245.785475][ T5976] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 246.352097][ T6002] lo speed is unknown, defaulting to 1000 [ 246.359017][ T6002] lo speed is unknown, defaulting to 1000 [ 250.583000][ T4470] Ignoring NSS change in VHT Operating Mode Notification from 08:02:11:00:00:00 with invalid nss 2 [ 250.596263][ T4949] EXT4-fs (loop5): unmounting filesystem. [ 251.210128][ T6034] loop5: detected capacity change from 0 to 1024 [ 251.226185][ T6034] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 251.361751][ T6034] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 251.367918][ T6041] netlink: 8 bytes leftover after parsing attributes in process `syz.2.469'. [ 251.377917][ T6034] ext4 filesystem being mounted at /40/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 251.419377][ T6041] netlink: 'syz.2.469': attribute type 1 has an invalid length. [ 251.428505][ T6041] netlink: 'syz.2.469': attribute type 2 has an invalid length. [ 251.714606][ T127] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 251.843470][ T4506] Ignoring NSS change in VHT Operating Mode Notification from 08:02:11:00:00:00 with invalid nss 2 [ 252.296525][ T6061] siw: device registration error -23 [ 252.342612][ T27] audit: type=1800 audit(1759566241.546:14): pid=6061 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.467" name="file1" dev="loop5" ino=15 res=0 errno=0 [ 254.172548][ T127] usb 6-1: unable to get BOS descriptor or descriptor too short [ 254.181458][ T127] usb 6-1: unable to read config index 0 descriptor/start: -71 [ 254.190251][ T127] usb 6-1: can't read configurations, error -71 [ 254.200627][ T4949] EXT4-fs (loop5): unmounting filesystem. [ 255.424626][ T6079] netlink: 8 bytes leftover after parsing attributes in process `syz.1.483'. [ 255.434064][ T6079] netlink: 'syz.1.483': attribute type 1 has an invalid length. [ 255.464716][ T6079] netlink: 'syz.1.483': attribute type 2 has an invalid length. [ 255.703072][ T4506] Ignoring NSS change in VHT Operating Mode Notification from 08:02:11:00:00:00 with invalid nss 2 [ 255.807580][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.836532][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.992615][ T6129] siw: device registration error -23 [ 257.618321][ T4372] Ignoring NSS change in VHT Operating Mode Notification from 08:02:11:00:00:00 with invalid nss 2 [ 257.850777][ T6134] netlink: 'syz.2.501': attribute type 1 has an invalid length. [ 257.944732][ T6134] netlink: 'syz.2.501': attribute type 2 has an invalid length. [ 258.690118][ T6159] siw: device registration error -23 [ 259.686404][ T6164] Illegal XDP return value 4294967262 on prog (id 41) dev syz_tun, expect packet loss! [ 259.734736][ T5355] Ignoring NSS change in VHT Operating Mode Notification from 08:02:11:00:00:00 with invalid nss 2 [ 260.193169][ T6182] netlink: 'syz.0.520': attribute type 1 has an invalid length. [ 260.243225][ T6182] netlink: 'syz.0.520': attribute type 2 has an invalid length. [ 261.257148][ T27] audit: type=1326 audit(1759566250.476:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6165 comm="syz.1.514" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f114fb8eec9 code=0x0 [ 261.543341][ T5355] Ignoring NSS change in VHT Operating Mode Notification from 08:02:11:00:00:00 with invalid nss 2 [ 261.766985][ T6214] loop0: detected capacity change from 0 to 1024 [ 261.876645][ T6214] EXT4-fs: inline encryption not supported [ 262.003351][ T6214] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 262.231719][ T6228] siw: device registration error -23 [ 262.477863][ T6214] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 262.624227][ T6229] netlink: 'syz.4.534': attribute type 1 has an invalid length. [ 262.769719][ T6229] netlink: 'syz.4.534': attribute type 2 has an invalid length. [ 263.569116][ T6236] lo speed is unknown, defaulting to 1000 [ 263.575916][ T6236] lo speed is unknown, defaulting to 1000 [ 264.505471][ T6242] netlink: 36 bytes leftover after parsing attributes in process `syz.5.536'. [ 265.142281][ T6251] sch_fq: defrate 0 ignored. [ 265.597713][ T4265] EXT4-fs (loop0): unmounting filesystem. [ 266.855819][ T6278] loop2: detected capacity change from 0 to 1024 [ 266.863622][ T6278] EXT4-fs: inline encryption not supported [ 266.893911][ T6283] loop0: detected capacity change from 0 to 1024 [ 266.945533][ T6278] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 266.968552][ T6283] EXT4-fs: inline encryption not supported [ 266.996385][ T6283] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 267.043526][ T6278] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 267.170456][ T6296] netlink: 'syz.1.555': attribute type 1 has an invalid length. [ 267.223879][ T6296] netlink: 'syz.1.555': attribute type 2 has an invalid length. [ 267.343527][ T6283] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 269.480497][ T6305] lo speed is unknown, defaulting to 1000 [ 269.487495][ T6300] lo speed is unknown, defaulting to 1000 [ 269.487592][ T6305] lo speed is unknown, defaulting to 1000 [ 269.502092][ T6300] lo speed is unknown, defaulting to 1000 [ 270.006448][ T6307] netlink: 36 bytes leftover after parsing attributes in process `syz.5.557'. [ 270.629787][ T4269] EXT4-fs (loop2): unmounting filesystem. [ 272.197552][ T6319] sch_fq: defrate 0 ignored. [ 272.211878][ T4265] EXT4-fs (loop0): unmounting filesystem. [ 272.439490][ T6326] loop5: detected capacity change from 0 to 1024 [ 272.504821][ T6326] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 272.647875][ T6326] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 272.681353][ T6326] ext4 filesystem being mounted at /62/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 272.783940][ T6345] netlink: 'syz.2.569': attribute type 1 has an invalid length. [ 272.883511][ T6345] netlink: 'syz.2.569': attribute type 2 has an invalid length. [ 272.984682][ T4441] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 273.030618][ T6349] loop1: detected capacity change from 0 to 1024 [ 273.195954][ T6349] EXT4-fs: inline encryption not supported [ 273.218003][ T6349] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 274.274954][ T6361] siw: device registration error -23 [ 275.483357][ T27] audit: type=1800 audit(1759566263.796:16): pid=6361 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.564" name="file1" dev="loop5" ino=15 res=0 errno=0 [ 275.560371][ T6349] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 276.191082][ T6370] lo speed is unknown, defaulting to 1000 [ 276.200857][ T6370] lo speed is unknown, defaulting to 1000 [ 276.849063][ T4441] usb 6-1: unable to get BOS descriptor or descriptor too short [ 276.889228][ T4441] usb 6-1: unable to read config index 0 descriptor/start: -71 [ 276.941085][ T4441] usb 6-1: can't read configurations, error -71 [ 277.235591][ T6378] loop4: detected capacity change from 0 to 1024 [ 277.283919][ T6378] EXT4-fs: inline encryption not supported [ 277.328184][ T6378] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 277.501054][ T6378] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 278.989743][ T4949] EXT4-fs (loop5): unmounting filesystem. [ 279.014776][ T4267] EXT4-fs (loop1): unmounting filesystem. [ 279.024983][ T6388] lo speed is unknown, defaulting to 1000 [ 279.033003][ T6388] lo speed is unknown, defaulting to 1000 [ 279.073909][ T6392] netlink: 'syz.0.582': attribute type 1 has an invalid length. [ 279.102114][ T6392] netlink: 'syz.0.582': attribute type 2 has an invalid length. [ 280.208713][ T4266] EXT4-fs (loop4): unmounting filesystem. [ 281.312224][ T6422] siw: device registration error -23 [ 281.394051][ T6432] loop0: detected capacity change from 0 to 512 [ 281.705706][ T6432] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 282.484310][ T4265] EXT4-fs (loop0): unmounting filesystem. [ 283.408444][ T6474] siw: device registration error -23 [ 284.013399][ T27] audit: type=1326 audit(1759566273.226:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6470 comm="syz.0.606" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff3d258eec9 code=0x0 [ 284.392491][ T6499] loop4: detected capacity change from 0 to 512 [ 284.562293][ T6499] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 285.542527][ T4266] EXT4-fs (loop4): unmounting filesystem. [ 286.635090][ T6554] siw: device registration error -23 [ 289.058238][ T6527] tipc: Enabled bearer , priority 0 [ 289.070426][ T6533] device syzkaller0 entered promiscuous mode [ 289.090192][ T6544] tipc: Resetting bearer [ 289.222405][ T6567] netlink: 8 bytes leftover after parsing attributes in process `syz.4.626'. [ 289.284301][ T6525] tipc: Resetting bearer [ 289.338879][ T6570] loop2: detected capacity change from 0 to 512 [ 289.349289][ T6525] tipc: Disabling bearer [ 289.453498][ T6570] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 289.623909][ T6579] loop4: detected capacity change from 0 to 1024 [ 289.642374][ T6579] EXT4-fs: inline encryption not supported [ 289.663770][ T6579] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 289.760224][ T6579] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 290.267617][ T6594] lo speed is unknown, defaulting to 1000 [ 290.277750][ T6594] lo speed is unknown, defaulting to 1000 [ 291.344268][ T4269] EXT4-fs (loop2): unmounting filesystem. [ 291.776033][ T6603] loop2: detected capacity change from 0 to 1024 [ 291.859401][ T6603] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 292.103788][ T6603] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 292.143292][ T6603] ext4 filesystem being mounted at /129/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 292.341967][ T4266] EXT4-fs (loop4): unmounting filesystem. [ 292.554788][ T4338] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 292.707048][ T27] audit: type=1326 audit(1759566281.926:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6600 comm="syz.5.635" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0631f8eec9 code=0x0 [ 293.061808][ T6625] loop4: detected capacity change from 0 to 1024 [ 293.133521][ T6628] siw: device registration error -23 [ 293.164826][ T27] audit: type=1800 audit(1759566282.366:19): pid=6628 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.636" name="file1" dev="loop2" ino=15 res=0 errno=0 [ 293.613757][ T6625] EXT4-fs: inline encryption not supported [ 293.712725][ T6625] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 293.750155][ T6625] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 294.200154][ T6638] lo speed is unknown, defaulting to 1000 [ 294.210861][ T6638] lo speed is unknown, defaulting to 1000 [ 295.985106][ T4338] usb 3-1: unable to get BOS descriptor or descriptor too short [ 296.007327][ T4338] usb 3-1: unable to read config index 0 descriptor/start: -71 [ 296.016088][ T4338] usb 3-1: can't read configurations, error -71 [ 296.029873][ T4266] EXT4-fs (loop4): unmounting filesystem. [ 296.037026][ T4269] EXT4-fs (loop2): unmounting filesystem. [ 296.370489][ T6655] tipc: Started in network mode [ 296.375661][ T6655] tipc: Node identity 5e0fc44a1aba, cluster identity 4711 [ 296.383135][ T6655] tipc: Enabled bearer , priority 0 [ 296.400112][ T6655] device syzkaller0 entered promiscuous mode [ 296.446045][ T6655] tipc: Resetting bearer [ 296.464313][ T6650] tipc: Resetting bearer [ 296.529887][ T6650] tipc: Disabling bearer [ 296.640810][ T6663] loop2: detected capacity change from 0 to 1024 [ 296.692842][ T6663] EXT4-fs: inline encryption not supported [ 296.733909][ T6663] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 296.867560][ T6663] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 297.214230][ T6676] loop4: detected capacity change from 0 to 1024 [ 297.422223][ T6677] lo speed is unknown, defaulting to 1000 [ 297.429220][ T6677] lo speed is unknown, defaulting to 1000 [ 297.666840][ T6676] EXT4-fs: inline encryption not supported [ 298.078006][ T6676] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 298.305983][ T6676] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 299.405719][ T6685] lo speed is unknown, defaulting to 1000 [ 299.412513][ T6685] lo speed is unknown, defaulting to 1000 [ 299.576873][ T4269] EXT4-fs (loop2): unmounting filesystem. [ 300.659004][ T6692] netlink: 8 bytes leftover after parsing attributes in process `syz.5.659'. [ 300.709043][ T6692] netlink: 'syz.5.659': attribute type 1 has an invalid length. [ 300.780402][ T6692] netlink: 'syz.5.659': attribute type 2 has an invalid length. [ 300.970818][ T6694] netlink: 4 bytes leftover after parsing attributes in process `syz.2.660'. [ 301.323626][ T4266] EXT4-fs (loop4): unmounting filesystem. [ 303.786694][ T6713] netlink: 4 bytes leftover after parsing attributes in process `syz.1.670'. [ 303.819911][ T6717] netlink: 60 bytes leftover after parsing attributes in process `syz.0.671'. [ 303.951769][ T6719] loop5: detected capacity change from 0 to 1024 [ 304.044878][ T6719] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 304.067317][ T6721] loop4: detected capacity change from 0 to 1024 [ 304.099694][ T6721] EXT4-fs: inline encryption not supported [ 304.148830][ T6721] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 304.173989][ T6719] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 304.232882][ T6719] ext4 filesystem being mounted at /81/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 304.355593][ T6721] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 304.821028][ T6747] lo speed is unknown, defaulting to 1000 [ 304.832189][ T6747] lo speed is unknown, defaulting to 1000 [ 305.229973][ T4357] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 306.253629][ T6750] siw: device registration error -23 [ 306.394624][ T27] audit: type=1800 audit(1759566295.486:20): pid=6750 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.672" name="file1" dev="loop5" ino=15 res=0 errno=0 [ 307.587019][ T4266] EXT4-fs (loop4): unmounting filesystem. [ 307.599972][ T6754] netlink: 8 bytes leftover after parsing attributes in process `syz.2.680'. [ 307.621277][ T6754] netlink: 'syz.2.680': attribute type 1 has an invalid length. [ 307.686765][ T6754] netlink: 12 bytes leftover after parsing attributes in process `syz.2.680'. [ 307.749745][ T6761] siw: device registration error -23 [ 308.290755][ T4357] usb 6-1: unable to get BOS descriptor or descriptor too short [ 308.301704][ T4357] usb 6-1: unable to read config index 0 descriptor/start: -71 [ 308.384521][ T4357] usb 6-1: can't read configurations, error -71 [ 308.407780][ T4949] EXT4-fs (loop5): unmounting filesystem. [ 308.676547][ T6776] netlink: 'syz.2.689': attribute type 15 has an invalid length. [ 309.521109][ T6798] netlink: 4 bytes leftover after parsing attributes in process `syz.2.699'. [ 309.653560][ T6800] loop4: detected capacity change from 0 to 1024 [ 309.702930][ T6800] EXT4-fs: inline encryption not supported [ 309.748396][ T6800] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 309.855184][ T6803] loop5: detected capacity change from 0 to 1024 [ 309.927330][ T6810] netlink: 28 bytes leftover after parsing attributes in process `syz.1.703'. [ 309.950190][ T6803] EXT4-fs: inline encryption not supported [ 310.022369][ T6803] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 310.893419][ T6800] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 310.926348][ T6803] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 311.329241][ T6827] lo speed is unknown, defaulting to 1000 [ 311.337378][ T6827] lo speed is unknown, defaulting to 1000 [ 311.551885][ T6828] lo speed is unknown, defaulting to 1000 [ 311.558745][ T6828] lo speed is unknown, defaulting to 1000 [ 315.079878][ T4266] EXT4-fs (loop4): unmounting filesystem. [ 315.211715][ T6842] netlink: 'syz.1.707': attribute type 15 has an invalid length. [ 315.294154][ T4949] EXT4-fs (loop5): unmounting filesystem. [ 315.625683][ T6852] netlink: 8 bytes leftover after parsing attributes in process `syz.0.714'. [ 315.689572][ T6856] netlink: 28 bytes leftover after parsing attributes in process `syz.4.716'. [ 316.056416][ T6865] siw: device registration error -23 [ 317.245139][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.251655][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.370690][ T6879] loop5: detected capacity change from 0 to 1024 [ 317.451712][ T6879] EXT4-fs: inline encryption not supported [ 317.480252][ T6879] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 317.565493][ T6879] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 319.319369][ T4283] Bluetooth: hci5: command 0x0406 tx timeout [ 321.063041][ T6891] lo speed is unknown, defaulting to 1000 [ 321.070025][ T6891] lo speed is unknown, defaulting to 1000 [ 321.278976][ T4949] EXT4-fs (loop5): unmounting filesystem. [ 321.445437][ T6897] netlink: 'syz.0.725': attribute type 15 has an invalid length. [ 321.486219][ T6900] device syzkaller0 entered promiscuous mode [ 322.035620][ T6916] siw: device registration error -23 [ 323.242862][ T6932] siw: device registration error -23 [ 324.830471][ T6956] netlink: 60 bytes leftover after parsing attributes in process `syz.2.746'. [ 325.238446][ T6961] siw: device registration error -23 [ 326.301719][ T6973] loop0: detected capacity change from 0 to 1024 [ 326.330824][ T6973] EXT4-fs: inline encryption not supported [ 326.371260][ T6973] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 326.542032][ T6973] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 327.631857][ T6998] lo speed is unknown, defaulting to 1000 [ 327.638895][ T6998] lo speed is unknown, defaulting to 1000 [ 328.985055][ T7002] siw: device registration error -23 [ 329.434191][ T4265] EXT4-fs (loop0): unmounting filesystem. [ 331.515132][ T7032] siw: device registration error -23 [ 334.040656][ T7044] netlink: 28 bytes leftover after parsing attributes in process `syz.2.777'. [ 334.513204][ T7062] netlink: 36 bytes leftover after parsing attributes in process `syz.1.785'. [ 334.560052][ T7063] loop4: detected capacity change from 0 to 1024 [ 334.611112][ T7063] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 334.712942][ T7063] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 334.775242][ T7063] ext4 filesystem being mounted at /175/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 335.079198][ T4268] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 335.207759][ T27] audit: type=1326 audit(1759566324.416:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7073 comm="syz.2.789" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f39dc18eec9 code=0x0 [ 335.648081][ T27] audit: type=1800 audit(1759566324.856:22): pid=7079 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.786" name="file1" dev="loop4" ino=15 res=0 errno=0 [ 337.173615][ T7090] loop1: detected capacity change from 0 to 1024 [ 337.190870][ T7090] EXT4-fs: inline encryption not supported [ 337.215688][ T7090] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 337.328318][ T7090] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 337.632285][ T4268] usb 5-1: unable to get BOS descriptor or descriptor too short [ 337.641218][ T4266] EXT4-fs (loop4): unmounting filesystem. [ 337.655392][ T4268] usb 5-1: unable to read config index 0 descriptor/start: -71 [ 337.668013][ T4268] usb 5-1: can't read configurations, error -71 [ 340.462200][ T7099] lo speed is unknown, defaulting to 1000 [ 340.469629][ T7099] lo speed is unknown, defaulting to 1000 [ 340.646572][ T7110] netlink: 36 bytes leftover after parsing attributes in process `syz.2.798'. [ 340.729783][ T4267] EXT4-fs (loop1): unmounting filesystem. [ 341.547851][ T7141] siw: device registration error -23 [ 341.752744][ T7145] loop4: detected capacity change from 0 to 1024 [ 341.798806][ T7145] EXT4-fs: inline encryption not supported [ 341.884197][ T7145] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 342.153626][ T7153] siw: device registration error -23 [ 342.308019][ T7145] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 346.143434][ T7156] lo speed is unknown, defaulting to 1000 [ 346.150447][ T7156] lo speed is unknown, defaulting to 1000 [ 346.248214][ T7159] netlink: 36 bytes leftover after parsing attributes in process `syz.2.815'. [ 346.341577][ T4266] EXT4-fs (loop4): unmounting filesystem. [ 346.842454][ T7173] loop1: detected capacity change from 0 to 1024 [ 346.858899][ T7173] EXT4-fs: inline encryption not supported [ 346.950813][ T7173] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 347.190915][ T7173] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 348.179309][ T7189] lo speed is unknown, defaulting to 1000 [ 348.186138][ T7189] lo speed is unknown, defaulting to 1000 [ 350.301553][ T7193] siw: device registration error -23 [ 350.556415][ T7198] netlink: 36 bytes leftover after parsing attributes in process `syz.0.837'. [ 350.567044][ T4267] EXT4-fs (loop1): unmounting filesystem. [ 351.119490][ T7208] netlink: 36 bytes leftover after parsing attributes in process `syz.5.832'. [ 352.226415][ T7216] loop5: detected capacity change from 0 to 1024 [ 352.248925][ T7215] netlink: 8 bytes leftover after parsing attributes in process `syz.0.835'. [ 352.281250][ T7216] EXT4-fs: inline encryption not supported [ 352.289628][ T27] audit: type=1326 audit(1759566341.506:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7197 comm="syz.2.829" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f39dc18eec9 code=0x0 [ 352.315690][ T7215] netlink: 'syz.0.835': attribute type 1 has an invalid length. [ 352.328683][ T7216] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 352.335649][ T7215] netlink: 'syz.0.835': attribute type 2 has an invalid length. [ 352.419171][ T7216] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 353.623312][ T7229] lo speed is unknown, defaulting to 1000 [ 353.630149][ T7229] lo speed is unknown, defaulting to 1000 [ 354.848754][ T4949] EXT4-fs (loop5): unmounting filesystem. [ 355.039066][ T7247] device pim6reg1 entered promiscuous mode [ 357.371304][ T7330] lo speed is unknown, defaulting to 1000 [ 357.383163][ T7330] lo speed is unknown, defaulting to 1000 [ 359.869070][ T7425] cgroup: fork rejected by pids controller in /syz0 [ 360.865915][ T4365] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 360.910009][ T7461] bridge0: port 2(bridge_slave_1) entered disabled state [ 360.918963][ T7461] bridge0: port 1(bridge_slave_0) entered disabled state [ 361.011732][ T4365] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 361.044107][ T7461] device bridge_slave_1 left promiscuous mode [ 361.061738][ T7461] bridge0: port 2(bridge_slave_1) entered disabled state [ 361.078715][ T7461] device bridge_slave_0 left promiscuous mode [ 361.088783][ T7461] bridge0: port 1(bridge_slave_0) entered disabled state [ 361.281022][ T4365] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 361.477222][ T4365] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 361.909538][ T4283] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 361.919553][ T4283] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 361.932925][ T4283] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 361.952953][ T4281] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 361.960818][ T4281] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 361.968728][ T4281] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 362.129089][ T7489] lo speed is unknown, defaulting to 1000 [ 364.048080][ T4279] Bluetooth: hci1: command 0x0409 tx timeout [ 365.349925][ T7489] lo speed is unknown, defaulting to 1000 [ 366.114578][ T4279] Bluetooth: hci1: command 0x041b tx timeout [ 366.180632][ T7589] loop4: detected capacity change from 0 to 512 [ 366.211935][ T7589] EXT4-fs: Ignoring removed i_version option [ 366.218957][ T7589] EXT4-fs: Ignoring removed bh option [ 366.287638][ T7589] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 366.306988][ T7489] chnl_net:caif_netlink_parms(): no params data found [ 366.333061][ T7589] ext4 filesystem being mounted at /207/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 366.369496][ T952] usb 2-1: new full-speed USB device number 4 using dummy_hcd [ 366.581575][ T952] usb 2-1: too many endpoints for config 0 interface 0 altsetting 254: 253, using maximum allowed: 30 [ 366.607433][ T4266] EXT4-fs (loop4): unmounting filesystem. [ 366.613455][ T952] usb 2-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0 [ 366.660505][ T952] usb 2-1: config 0 interface 0 altsetting 254 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 366.878984][ T952] usb 2-1: config 0 interface 0 has no altsetting 0 [ 366.886540][ T952] usb 2-1: New USB device found, idVendor=054c, idProduct=0268, bcdDevice= 0.00 [ 366.896542][ T952] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 366.928687][ T952] usb 2-1: config 0 descriptor?? [ 367.007918][ T7610] loop2: detected capacity change from 0 to 8 [ 367.816523][ T7606] SQUASHFS error: zstd decompression error: 10 [ 367.823126][ T7606] SQUASHFS error: zstd decompression failed, data probably corrupt [ 367.831466][ T7606] SQUASHFS error: Failed to read block 0x62b: -5 [ 367.837877][ T7606] SQUASHFS error: Unable to read metadata cache entry [629] [ 367.845260][ T7606] SQUASHFS error: Unable to read directory block [629:ff26] [ 367.865823][ T7606] SQUASHFS error: Unable to read metadata cache entry [629] [ 367.874473][ T7606] SQUASHFS error: Unable to read directory block [629:ff26] [ 368.085716][ T7489] bridge0: port 1(bridge_slave_0) entered blocking state [ 368.111164][ T952] sony 0003:054C:0268.0001: unknown main item tag 0x0 [ 368.118462][ T952] sony 0003:054C:0268.0001: unknown main item tag 0x1 [ 368.135670][ T7489] bridge0: port 1(bridge_slave_0) entered disabled state [ 368.162944][ T952] sony 0003:054C:0268.0001: hiddev0,hidraw0: USB HID vff.ff Device [HID 054c:0268] on usb-dummy_hcd.1-1/input0 [ 368.180668][ T7489] device bridge_slave_0 entered promiscuous mode [ 368.184686][ T4357] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 368.198275][ T7621] loop4: detected capacity change from 0 to 164 [ 368.204715][ T4279] Bluetooth: hci1: command 0x040f tx timeout [ 368.218411][ T952] sony 0003:054C:0268.0001: failed to claim input [ 368.295929][ T7489] bridge0: port 2(bridge_slave_1) entered blocking state [ 368.303117][ T7489] bridge0: port 2(bridge_slave_1) entered disabled state [ 368.325970][ T7] usb 2-1: USB disconnect, device number 4 [ 368.373730][ T7489] device bridge_slave_1 entered promiscuous mode [ 368.394569][ T4357] usb 6-1: Using ep0 maxpacket: 8 [ 368.401864][ T4357] usb 6-1: config 179 has an invalid interface number: 65 but max is 0 [ 368.420998][ T4357] usb 6-1: config 179 has no interface number 0 [ 368.431470][ T4357] usb 6-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9 [ 368.455122][ T4357] usb 6-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024 [ 368.541492][ T4357] usb 6-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 368.614540][ T4357] usb 6-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid wMaxPacketSize 0 [ 368.623713][ T7625] fido_id[7625]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 368.654091][ T4357] usb 6-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 368.732059][ T7627] loop2: detected capacity change from 0 to 512 [ 368.753308][ T7627] EXT4-fs: test_dummy_encryption requires encrypt feature [ 369.046946][ T4357] usb 6-1: config 179 interface 65 has no altsetting 0 [ 369.178986][ T4357] usb 6-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00 [ 369.337544][ T4357] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 369.503633][ T4357] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:179.65/input/input5 [ 369.688491][ T4357] usb 6-1: USB disconnect, device number 8 [ 369.706958][ T4357] xpad 6-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 369.838463][ T7489] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 369.860488][ T7630] lo speed is unknown, defaulting to 1000 [ 369.894265][ T7489] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 370.000512][ T7630] lo speed is unknown, defaulting to 1000 [ 370.062864][ T7489] team0: Port device team_slave_0 added [ 370.174813][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 370.184505][ T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!! [ 370.194459][ T0] NOHZ tick-stop error: local softirq work is pending, handler #282!!! [ 370.204462][ T0] NOHZ tick-stop error: local softirq work is pending, handler #282!!! [ 370.212782][ T0] NOHZ tick-stop error: local softirq work is pending, handler #282!!! [ 370.221213][ T0] NOHZ tick-stop error: local softirq work is pending, handler #282!!! [ 370.229778][ T0] NOHZ tick-stop error: local softirq work is pending, handler #382!!! [ 370.238089][ T0] NOHZ tick-stop error: local softirq work is pending, handler #382!!! [ 370.246477][ T0] NOHZ tick-stop error: local softirq work is pending, handler #382!!! [ 370.255132][ T0] NOHZ tick-stop error: local softirq work is pending, handler #382!!! [ 370.401976][ T7642] 9pnet_fd: Insufficient options for proto=fd [ 371.846329][ T4279] Bluetooth: hci1: command 0x0419 tx timeout [ 372.107527][ T7647] loop5: detected capacity change from 0 to 512 [ 372.119133][ T7489] team0: Port device team_slave_1 added [ 372.155520][ T7647] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 372.212476][ T7649] loop2: detected capacity change from 0 to 2048 [ 372.299633][ T7649] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 372.327584][ T7647] EXT4-fs (loop5): 1 orphan inode deleted [ 372.346464][ T4704] Quota error (device loop5): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 372.377235][ T4365] device hsr_slave_0 left promiscuous mode [ 372.405980][ T7647] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 372.416749][ T4704] EXT4-fs error (device loop5): ext4_release_dquot:6852: comm kworker/u4:15: Failed to release dquot type 1 [ 372.436271][ T7649] EXT4-fs (loop2): shut down requested (0) [ 372.450306][ T7647] ext4 filesystem being mounted at /153/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 372.492166][ T4365] device hsr_slave_1 left promiscuous mode [ 372.579635][ T4365] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 372.600008][ T4365] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 372.674169][ T4365] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 372.701488][ T4365] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 372.712897][ T4949] EXT4-fs (loop5): unmounting filesystem. [ 372.729107][ T4365] device bridge_slave_1 left promiscuous mode [ 372.729755][ T4269] EXT4-fs (loop2): unmounting filesystem. [ 372.756630][ T4365] bridge0: port 2(bridge_slave_1) entered disabled state [ 372.814377][ T4365] device bridge_slave_0 left promiscuous mode [ 372.822029][ T4365] bridge0: port 1(bridge_slave_0) entered disabled state [ 372.991131][ T4365] device veth1_macvtap left promiscuous mode [ 372.999785][ T4365] device veth0_macvtap left promiscuous mode [ 373.036569][ T4365] device veth1_vlan left promiscuous mode [ 373.083172][ T4365] device veth0_vlan left promiscuous mode [ 376.232584][ T7695] loop5: detected capacity change from 0 to 512 [ 376.257533][ T7695] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 376.316569][ T7695] EXT4-fs warning (device loop5): ext4_expand_extra_isize_ea:2818: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 376.354623][ T7695] EXT4-fs (loop5): 1 truncate cleaned up [ 376.360559][ T7695] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 376.377593][ T27] audit: type=1800 audit(1759566365.596:24): pid=7695 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1020" name="file1" dev="loop5" ino=15 res=0 errno=0 [ 376.424808][ T27] audit: type=1800 audit(1759566365.616:25): pid=7695 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1020" name="file1" dev="loop5" ino=15 res=0 errno=0 [ 376.515599][ T4949] EXT4-fs (loop5): unmounting filesystem. [ 377.369272][ T4365] team0 (unregistering): Port device team_slave_1 removed [ 377.434849][ T4365] team0 (unregistering): Port device team_slave_0 removed [ 377.435892][ T7711] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 377.535999][ T4365] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 377.589997][ T4365] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 377.702101][ T7715] capability: warning: `syz.5.1028' uses deprecated v2 capabilities in a way that may be insecure [ 377.828836][ T7717] Bluetooth: MGMT ver 1.22 [ 378.199864][ T4365] bond0 (unregistering): Released all slaves [ 378.302314][ T26] lo speed is unknown, defaulting to 1000 [ 378.352923][ T7489] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 378.382157][ T7489] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 378.524530][ T7489] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 378.591917][ T7489] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 378.609420][ T7489] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 378.676534][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.681493][ T7489] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 378.682951][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.855220][ T7489] device hsr_slave_0 entered promiscuous mode [ 378.887877][ T7489] device hsr_slave_1 entered promiscuous mode [ 379.526231][ T7743] loop4: detected capacity change from 0 to 2048 [ 379.589508][ T7743] UDF-fs: error (device loop4): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 379.637606][ T7743] UDF-fs: error (device loop4): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 379.863236][ T7743] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found [ 380.152685][ T7743] UDF-fs: Scanning with blocksize 512 failed [ 380.205603][ T7743] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 380.534887][ T7752] loop2: detected capacity change from 0 to 1024 [ 380.644074][ T7752] loop2: detected capacity change from 0 to 1024 [ 380.671166][ T7752] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 380.753242][ T7756] loop4: detected capacity change from 0 to 1024 [ 380.760306][ T7752] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 380.802872][ T7752] JBD2: no valid journal superblock found [ 380.834029][ T7752] EXT4-fs (loop2): error loading journal [ 380.847490][ T7760] loop1: detected capacity change from 0 to 1024 [ 382.384815][ T7489] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 382.420329][ T7489] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 382.475738][ T7489] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 382.483276][ T7760] loop1: detected capacity change from 0 to 1024 [ 382.534073][ T7760] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 382.548891][ T7489] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 382.596019][ T7760] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 382.679916][ T7760] JBD2: no valid journal superblock found [ 382.707250][ T7760] EXT4-fs (loop1): error loading journal [ 384.354833][ T4281] Bluetooth: hci5: command 0x0406 tx timeout [ 384.505014][ T7489] 8021q: adding VLAN 0 to HW filter on device bond0 [ 384.563597][ T4704] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 384.584359][ T4704] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 384.599380][ T7489] 8021q: adding VLAN 0 to HW filter on device team0 [ 384.640964][ T4704] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 384.655355][ T4704] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 384.685010][ T4704] bridge0: port 1(bridge_slave_0) entered blocking state [ 384.692191][ T4704] bridge0: port 1(bridge_slave_0) entered forwarding state [ 384.755829][ T4704] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 384.808670][ T4704] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 384.842768][ T4704] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 384.871348][ T4704] bridge0: port 2(bridge_slave_1) entered blocking state [ 384.878647][ T4704] bridge0: port 2(bridge_slave_1) entered forwarding state [ 384.913192][ T4704] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 385.001917][ T4704] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 385.029399][ T4704] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 385.036632][ T4281] Bluetooth: hci0: Malformed LE Event: 0x0d [ 385.068895][ T4704] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 385.337638][ T7789] rtc_cmos 00:00: Alarms can be up to one day in the future [ 386.488451][ T4704] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 386.497919][ T4704] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 386.525834][ T4704] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 386.547211][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 386.569019][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 386.633173][ T4756] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 386.661368][ T4756] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 386.701967][ T7489] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 387.192485][ T7800] loop5: detected capacity change from 0 to 2048 [ 387.360285][ T7800] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 387.421984][ T7800] EXT4-fs (loop5): shut down requested (0) [ 388.841053][ T27] audit: type=1326 audit(1759566376.926:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7808 comm="syz.2.1050" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39dc18eec9 code=0x7ffc0000 [ 388.927934][ T27] audit: type=1326 audit(1759566376.926:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7808 comm="syz.2.1050" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39dc18eec9 code=0x7ffc0000 [ 389.065592][ T27] audit: type=1326 audit(1759566377.006:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7808 comm="syz.2.1050" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f39dc18eec9 code=0x7ffc0000 [ 389.144494][ T27] audit: type=1326 audit(1759566377.016:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7808 comm="syz.2.1050" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39dc18eec9 code=0x7ffc0000 [ 389.155007][ T4756] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 389.171815][ T7822] loop1: detected capacity change from 0 to 128 [ 389.224024][ T27] audit: type=1326 audit(1759566377.016:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7808 comm="syz.2.1050" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39dc18eec9 code=0x7ffc0000 [ 389.261059][ T7822] FAT-fs (loop1): error, corrupted directory (invalid entries) [ 389.276280][ T4949] EXT4-fs (loop5): unmounting filesystem. [ 389.299182][ T4756] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 389.301017][ T7822] FAT-fs (loop1): Filesystem has been set read-only [ 389.369900][ T7489] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 389.454105][ T4506] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 389.494210][ T4506] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 389.561243][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 389.688235][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 389.761694][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 389.769886][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 389.819425][ T7489] device veth0_vlan entered promiscuous mode [ 389.881766][ T7489] device veth1_vlan entered promiscuous mode [ 389.903448][ T4506] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 390.189932][ T4315] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 390.215954][ T4315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 390.257383][ T7489] device veth0_macvtap entered promiscuous mode [ 390.426956][ T7489] device veth1_macvtap entered promiscuous mode [ 390.502205][ T7489] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 390.538585][ T7489] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 390.573311][ T7489] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 390.611824][ T7489] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 390.643812][ T7489] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 390.683129][ T7489] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 390.721845][ T7489] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 390.773420][ T7489] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 390.813316][ T7489] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 390.843725][ T4372] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 390.874324][ T4372] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 390.918388][ T4372] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 390.951928][ T4372] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 391.019553][ T7489] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 391.053685][ T7489] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 391.095403][ T7489] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 391.137306][ T7489] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 391.188452][ T7489] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 391.232832][ T7489] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 391.276019][ T7489] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 391.321236][ T7489] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 391.427198][ T7489] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 391.485367][ T4372] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 391.494287][ T4372] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 391.503139][ T7844] loop5: detected capacity change from 0 to 1024 [ 391.547244][ T7489] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 391.661969][ T7489] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 391.733053][ T7489] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 391.742548][ T7489] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 391.823814][ T7848] loop2: detected capacity change from 0 to 764 [ 392.588647][ T7844] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1067'. [ 392.676122][ T4315] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 392.684635][ T4315] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 392.742420][ T4315] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 392.915581][ T4365] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 392.923824][ T4365] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 393.042779][ T4704] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 395.463395][ T7882] loop5: detected capacity change from 0 to 16 [ 395.480594][ T7882] erofs: (device loop5): mounted with root inode @ nid 36. [ 395.723772][ T7886] loop1: detected capacity change from 0 to 2048 [ 396.665475][ T7886] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 396.773288][ T7886] EXT4-fs (loop1): shut down requested (0) [ 396.846207][ T7899] process 'syz.2.1070' launched './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 397.136220][ T4267] EXT4-fs (loop1): unmounting filesystem. [ 399.617359][ T7911] loop2: detected capacity change from 0 to 1024 [ 399.623213][ T7913] loop1: detected capacity change from 0 to 764 [ 399.787881][ T7911] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1072'. [ 399.813949][ T7915] loop4: detected capacity change from 0 to 2048 [ 399.967511][ T7915] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 400.104945][ T7926] loop1: detected capacity change from 0 to 128 [ 400.113647][ T7926] FAT-fs (loop1): Unrecognized mount option "uni_xl%PB^¯°cwiet" or missing value [ 400.218795][ T4266] EXT4-fs (loop4): unmounting filesystem. [ 401.251183][ T7938] input: syz0 as /devices/virtual/input/input6 [ 401.426217][ T7914] binder: 7910:7914 ioctl c0306201 200000004a40 returned -14 [ 403.747020][ T7970] loop1: detected capacity change from 0 to 512 [ 404.791530][ T7970] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 404.896738][ T7970] EXT4-fs (loop1): 1 truncate cleaned up [ 404.902485][ T7970] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 405.828954][ T7988] loop0: detected capacity change from 0 to 1024 [ 405.916326][ T4267] EXT4-fs (loop1): unmounting filesystem. [ 405.933033][ T7988] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1090'. [ 406.033233][ T7990] loop5: detected capacity change from 0 to 128 [ 406.041281][ T7990] FAT-fs (loop5): Unrecognized mount option "uni_xl%PB^¯°cwiet" or missing value [ 406.113964][ T7616] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 407.547973][ T8013] loop0: detected capacity change from 0 to 512 [ 407.616639][ T8013] EXT4-fs: Mount option(s) incompatible with ext3 [ 414.038764][ T8072] loop0: detected capacity change from 0 to 128 [ 414.367684][ T8072] UDF-fs: bad mount option "˙˙˙˙/“ķĒxc=hć4VßćĄ%‡‹F¼sßł‘Ø÷£ADĄ_ĮĆz×;9‡3ēCo;Tu‹LåłqÕSĮBw!l ŗjŠRśzmwš±‹#«Ämś~KĘĆ{ŗ³łō¨`U¦E|]P50 [ 414.367684][ T8072] iÜQ|Ą‹•]šŃäĮ ÅģļūóüNK ¸$—±N•ĻŽńĀn†#ź¹”Ź¯„ß|KG¾&Či#åæ‡.ą@‚ķ£ŲGč-ŽLn_fw_Mń½Ļ¼(ė\ķ+3)DÓ«+˛<»!ž$5|‘d²÷ •" or missing value [ 414.504442][ T8074] loop4: detected capacity change from 0 to 1024 [ 414.974692][ T4481] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 415.076860][ T8074] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1105'. [ 415.208416][ T4481] usb 6-1: config 220 has an invalid interface number: 76 but max is 2 [ 415.230055][ T4481] usb 6-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 415.462434][ T4481] usb 6-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 416.228236][ T4481] usb 6-1: config 220 has no interface number 2 [ 416.263444][ T4481] usb 6-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 416.318254][ T4481] usb 6-1: config 220 interface 0 has no altsetting 0 [ 416.345599][ T4481] usb 6-1: config 220 interface 76 has no altsetting 0 [ 416.385187][ T4481] usb 6-1: config 220 interface 1 has no altsetting 0 [ 416.425728][ T4481] usb 6-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 416.481802][ T4481] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 416.520744][ T4481] usb 6-1: Product: syz [ 416.538181][ T8089] loop1: detected capacity change from 0 to 1024 [ 416.552575][ T4481] usb 6-1: Manufacturer: syz [ 416.568355][ T4481] usb 6-1: SerialNumber: syz [ 416.824346][ T4481] usb 6-1: selecting invalid altsetting 0 [ 417.027819][ T4481] usb 6-1: Found UVC 7.01 device syz (8086:0b07) [ 417.128533][ T8100] loop0: detected capacity change from 0 to 764 [ 417.148866][ T4481] usb 6-1: No valid video chain found. [ 417.453458][ T4481] usb 6-1: selecting invalid altsetting 0 [ 417.470017][ T8102] binder: 8101:8102 ioctl c0306201 200000004a40 returned -14 [ 417.557575][ T4481] usbtest: probe of 6-1:220.1 failed with error -22 [ 417.585792][ T4481] usb 6-1: USB disconnect, device number 9 [ 418.219817][ T8119] loop0: detected capacity change from 0 to 512 [ 418.267274][ T8119] FAT-fs (loop0): Unrecognized mount option "nnonumtail=1" or missing value [ 420.680274][ T4481] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 420.816001][ T8140] loop5: detected capacity change from 0 to 512 [ 420.869987][ T8140] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 420.914891][ T4481] usb 3-1: Using ep0 maxpacket: 8 [ 420.919316][ T4281] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 420.922638][ T4481] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 420.989283][ T4281] Bluetooth: hci2: Injecting HCI hardware error event [ 420.998128][ T4279] Bluetooth: hci2: hardware error 0x00 [ 421.002064][ T4481] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 421.082342][ T8140] EXT4-fs (loop5): 1 truncate cleaned up [ 421.114931][ T8140] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 421.130459][ T4481] usb 3-1: New USB device found, idVendor=06cb, idProduct=81a7, bcdDevice= 0.00 [ 421.190916][ T4481] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 421.270458][ T4481] usb 3-1: config 0 descriptor?? [ 421.337235][ T4481] usb 3-1: can't set config #0, error -71 [ 421.374726][ T4481] usb 3-1: USB disconnect, device number 8 [ 421.459360][ T4949] EXT4-fs (loop5): unmounting filesystem. [ 421.552229][ T8145] loop2: detected capacity change from 0 to 764 [ 422.031168][ T8154] loop0: detected capacity change from 0 to 1764 [ 423.074662][ T4279] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 423.689151][ T8181] loop5: detected capacity change from 0 to 8 [ 423.705519][ T8180] loop1: detected capacity change from 0 to 512 [ 423.714803][ T8182] loop4: detected capacity change from 0 to 512 [ 423.729312][ T8182] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 423.739897][ T8180] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 1 overlaps superblock [ 423.750727][ T8180] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 1 overlaps superblock [ 423.771951][ T8180] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 423.780704][ T8180] [EXT4 FS bs=4096, gc=2, bpg=35, ipg=32, mo=6042e01c, mo2=0000] [ 423.788793][ T8180] EXT4-fs (loop1): failed to initialize system zone (-117) [ 423.796617][ T8180] EXT4-fs (loop1): mount failed [ 423.850439][ T8182] EXT4-fs (loop4): 1 truncate cleaned up [ 423.856382][ T8182] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 423.952094][ T8189] loop2: detected capacity change from 0 to 764 [ 424.101655][ T4266] EXT4-fs (loop4): unmounting filesystem. [ 424.840692][ T8196] loop1: detected capacity change from 0 to 128 [ 424.848387][ T8196] FAT-fs (loop1): Unrecognized mount option "uni_xl%PB^¯°cwiet" or missing value [ 424.900449][ T8198] loop4: detected capacity change from 0 to 512 [ 425.973753][ T8198] FAT-fs (loop4): Unrecognized mount option "nnonumtail=1" or missing value [ 427.293410][ T8214] loop1: detected capacity change from 0 to 128 [ 427.643842][ T8217] loop1: detected capacity change from 0 to 1024 [ 427.687333][ T8219] loop0: detected capacity change from 0 to 1024 [ 427.712672][ T8219] hfsplus: unable to find HFS+ superblock [ 428.456710][ T8228] loop0: detected capacity change from 0 to 512 [ 428.489604][ T8227] loop2: detected capacity change from 0 to 1024 [ 428.515763][ T8228] EXT4-fs: Ignoring removed mblk_io_submit option [ 428.584111][ T8227] hfsplus: Filesystem was not cleanly unmounted, running fsck.hfsplus is recommended. mounting read-only. [ 428.605037][ T8228] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 428.645525][ T8228] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e04ce028, mo2=0002] [ 428.702669][ T8228] System zones: 0-1, 15-15, 18-18, 34-34 [ 428.712257][ T8228] EXT4-fs (loop0): orphan cleanup on readonly fs [ 428.773628][ T8232] loop4: detected capacity change from 0 to 764 [ 428.791338][ T8228] Quota error (device loop0): v2_read_header: Failed header read: expected=8 got=0 [ 428.888752][ T8228] EXT4-fs warning (device loop0): ext4_enable_quotas:7068: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 428.947490][ T8235] loop5: detected capacity change from 0 to 1024 [ 428.970962][ T8228] EXT4-fs (loop0): Cannot turn on quotas: error -22 [ 429.042977][ T8228] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz.0.1155: bg 0: block 40: padding at end of block bitmap is not set [ 429.084914][ T8237] loop2: detected capacity change from 0 to 128 [ 429.092104][ T8237] FAT-fs (loop2): Unrecognized mount option "uni_xl%PB^¯°cwiet" or missing value [ 429.252501][ T8228] EXT4-fs (loop0): Remounting filesystem read-only [ 429.934483][ T8228] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6165: Corrupt filesystem [ 430.060336][ T8228] EXT4-fs (loop0): Remounting filesystem read-only [ 430.142879][ T8228] EXT4-fs (loop0): 1 truncate cleaned up [ 430.151675][ T8242] loop1: detected capacity change from 0 to 1024 [ 430.172388][ T8228] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 430.264342][ T8249] loop2: detected capacity change from 0 to 16 [ 430.529005][ T8250] fuse: Unknown parameter '#Q0x0000000000000006' [ 430.969940][ T8249] erofs: (device loop2): mounted with root inode @ nid 36. [ 431.250067][ T7489] EXT4-fs (loop0): unmounting filesystem. [ 433.593755][ T8270] loop1: detected capacity change from 0 to 764 [ 434.137697][ T27] audit: type=1326 audit(1759566423.356:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8277 comm=04 exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f114fb8eec9 code=0x7ffc0000 [ 434.183977][ T8280] loop5: detected capacity change from 0 to 128 [ 434.191641][ T8280] FAT-fs (loop5): Unrecognized mount option "uni_xl%PB^¯°cwiet" or missing value [ 434.197742][ T27] audit: type=1326 audit(1759566423.386:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8277 comm=04 exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f114fb8eec9 code=0x7ffc0000 [ 434.237496][ T7615] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 434.289442][ T27] audit: type=1326 audit(1759566423.386:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8277 comm=04 exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f114fb8eec9 code=0x7ffc0000 [ 434.424917][ T27] audit: type=1326 audit(1759566423.386:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8277 comm=04 exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f114fb8eec9 code=0x7ffc0000 [ 435.346588][ T8288] fuse: Bad value for 'fd' [ 436.274565][ T27] audit: type=1326 audit(1759566423.386:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8277 comm=04 exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7f114fb8eec9 code=0x7ffc0000 [ 436.375203][ T27] audit: type=1326 audit(1759566423.386:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8277 comm=04 exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f114fb8eec9 code=0x7ffc0000 [ 436.457528][ T27] audit: type=1326 audit(1759566423.386:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8277 comm=04 exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f114fb8eec9 code=0x7ffc0000 [ 436.543063][ T27] audit: type=1326 audit(1759566423.386:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8277 comm=04 exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f114fb8eec9 code=0x7ffc0000 [ 436.928051][ T27] audit: type=1326 audit(1759566423.386:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8277 comm=04 exe="/root/syz-executor" sig=0 arch=c000003e syscall=72 compat=0 ip=0x7f114fb8eec9 code=0x7ffc0000 [ 436.968752][ T27] audit: type=1326 audit(1759566423.386:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8277 comm=04 exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f114fb8eec9 code=0x7ffc0000 [ 438.120812][ T8307] loop5: detected capacity change from 0 to 764 [ 438.586886][ T8316] loop4: detected capacity change from 0 to 128 [ 438.594559][ T8316] FAT-fs (loop4): Unrecognized mount option "uni_xl%PB^¯°cwiet" or missing value [ 438.668064][ T8317] loop0: detected capacity change from 0 to 128 [ 439.885158][ T8314] binder: 8312:8314 ioctl c0306201 200000004a40 returned -14 [ 440.119600][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.126356][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 442.227548][ T8334] 9pnet_fd: Insufficient options for proto=fd [ 442.295322][ T4481] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 442.320066][ T4481] hid-generic 0000:0000:0000.0002: hidraw0: HID v0.00 Device [syz1] on syz0 [ 442.631132][ T8354] loop1: detected capacity change from 0 to 764 [ 442.632780][ T8350] fido_id[8350]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 443.095173][ T8365] loop5: detected capacity change from 0 to 128 [ 443.506211][ T8369] loop5: detected capacity change from 0 to 128 [ 443.513759][ T8369] FAT-fs (loop5): Unrecognized mount option "uni_xl%PB^¯°cwiet" or missing value [ 443.565572][ T6994] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 443.616430][ T8372] tmpfs: Bad value for 'nr_inodes' [ 443.773411][ T8372] loop1: detected capacity change from 0 to 1024 [ 445.344523][ T4668] usb 6-1: new full-speed USB device number 10 using dummy_hcd [ 445.533008][ T8372] EXT4-fs: Ignoring removed i_version option [ 445.547688][ T4668] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 445.567576][ T8372] EXT4-fs: inline encryption not supported [ 445.583878][ T4668] usb 6-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00 [ 445.616558][ T8372] EXT4-fs (loop1): Test dummy encryption mode enabled [ 445.623768][ T4668] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 445.666320][ T4668] usb 6-1: config 0 descriptor?? [ 445.673549][ T8372] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 445.697890][ T8387] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 446.161522][ T4668] elan 0003:04F3:0755.0003: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.5-1/input0 [ 446.352383][ T4668] usb 6-1: USB disconnect, device number 10 [ 446.441749][ T8410] fido_id[8410]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory [ 446.542988][ T4267] EXT4-fs (loop1): unmounting filesystem. [ 446.615467][ T8417] loop0: detected capacity change from 0 to 1024 [ 446.795092][ T8421] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1218'. [ 448.290620][ T8429] loop4: detected capacity change from 0 to 256 [ 448.355038][ T8433] loop5: detected capacity change from 0 to 128 [ 448.362207][ T8433] EXT4-fs: Ignoring removed nomblk_io_submit option [ 448.619840][ T8433] EXT4-fs (loop5): Test dummy encryption mode enabled [ 448.659727][ T8433] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 448.669371][ T8433] ext4 filesystem being mounted at /206/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 448.754011][ T8429] exFAT-fs (loop4): bogus sectors bits per cluster : 193 [ 448.863349][ T8429] exFAT-fs (loop4): failed to read boot sector [ 448.907553][ T8429] exFAT-fs (loop4): failed to recognize exfat type [ 449.148628][ T8449] loop1: detected capacity change from 0 to 764 [ 452.495435][ T8433] fscrypt (loop5): Missing crypto API support for AES-256-CTS-CBC (API name: "cts(cbc(aes))") [ 452.747038][ T4949] EXT4-fs (loop5): unmounting filesystem. [ 453.714581][ T8479] 9pnet_fd: Insufficient options for proto=fd [ 454.068405][ T8488] loop5: detected capacity change from 0 to 512 [ 454.098264][ T8488] EXT4-fs: Mount option(s) incompatible with ext3 [ 455.793783][ T8496] loop4: detected capacity change from 0 to 128 [ 455.874530][ T8496] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 457.030985][ T8505] loop0: detected capacity change from 0 to 1024 [ 457.037975][ T8496] ext4 filesystem being mounted at /252/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 457.133017][ T8496] fscrypt (loop4, inode 12): Unsupported encryption modes (contents 0, filenames 0) [ 457.317044][ T4266] EXT4-fs (loop4): unmounting filesystem. [ 458.068983][ T8517] loop4: detected capacity change from 0 to 256 [ 458.162644][ T8517] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 458.609925][ T8523] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1249'. [ 458.709655][ T8531] loop4: detected capacity change from 0 to 764 [ 460.003076][ T8542] loop4: detected capacity change from 0 to 512 [ 460.359220][ T8542] EXT4-fs: Mount option(s) incompatible with ext3 [ 460.498489][ T8546] loop0: detected capacity change from 0 to 128 [ 461.065988][ T8535] binder: BINDER_SET_CONTEXT_MGR already set [ 461.101903][ T8535] binder: 8534:8535 ioctl 4018620d 200000004a80 returned -16 [ 461.315173][ T8535] binder: 8534:8535 ioctl c0306201 200000004a40 returned -14 [ 461.436582][ T8553] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 461.463465][ T8546] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 461.508452][ T8546] ext4 filesystem being mounted at /37/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 461.582597][ T8546] fscrypt (loop0, inode 12): Unsupported encryption modes (contents 0, filenames 0) [ 461.836709][ T7489] EXT4-fs (loop0): unmounting filesystem. [ 462.009003][ T8565] loop5: detected capacity change from 0 to 1024 [ 462.180145][ T8573] netlink: 84 bytes leftover after parsing attributes in process `syz.4.1263'. [ 462.562908][ T8581] loop0: detected capacity change from 0 to 512 [ 462.601466][ T8581] EXT4-fs: Ignoring removed nobh option [ 462.625979][ T8581] ext3: Unknown parameter 'smackfsdef' [ 462.895229][ T8587] loop1: detected capacity change from 0 to 8 [ 463.987891][ T8587] SQUASHFS error: Unable to read inode 0x127 [ 465.590024][ T8600] loop5: detected capacity change from 0 to 1024 [ 465.607063][ T8600] EXT4-fs: Ignoring removed oldalloc option [ 465.613077][ T8600] EXT4-fs: Ignoring removed bh option [ 465.634104][ T8603] loop0: detected capacity change from 0 to 1024 [ 465.672432][ T8600] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 465.712812][ T8603] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 465.845798][ T8600] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 466.319293][ T8596] binder: 8594:8596 ioctl c0306201 200000004a40 returned -14 [ 466.470294][ T4949] EXT4-fs (loop5): unmounting filesystem. [ 466.546308][ T7489] EXT4-fs (loop0): unmounting filesystem. [ 466.951146][ T8618] loop4: detected capacity change from 0 to 764 [ 467.292417][ T8628] loop5: detected capacity change from 0 to 1024 [ 467.361940][ T8628] EXT4-fs: Ignoring removed bh option [ 467.373759][ T8630] loop1: detected capacity change from 0 to 512 [ 467.421189][ T8630] EXT4-fs: Mount option(s) incompatible with ext3 [ 467.439827][ T8628] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 467.473924][ T8628] EXT4-fs error (device loop5): ext4_read_inline_dir:1601: inode #12: block 7: comm syz.5.1283: path /214/file0/file0: bad entry in directory: rec_len is too small for name_len - offset=40, inode=14, rec_len=40, size=80 fake=0 [ 467.665142][ T4949] EXT4-fs (loop5): unmounting filesystem. [ 468.078187][ T8652] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 468.105892][ T8652] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 468.116021][ T8652] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 468.827831][ T8650] binder: 8649:8650 ioctl c0306201 200000004a40 returned -14 [ 468.946040][ T8664] loop4: detected capacity change from 0 to 512 [ 468.985658][ T8664] EXT4-fs: Ignoring removed nobh option [ 468.993435][ T8664] ext4: Unknown parameter 'noacl' [ 469.144611][ T4481] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 470.608050][ T26] usb 5-1: new full-speed USB device number 8 using dummy_hcd [ 470.644487][ T4481] usb 2-1: Using ep0 maxpacket: 32 [ 470.650557][ T4481] usb 2-1: too many configurations: 255, using maximum allowed: 8 [ 470.662186][ T4481] usb 2-1: config 0 has no interfaces? [ 470.686840][ T4481] usb 2-1: config 0 has no interfaces? [ 470.696046][ T4481] usb 2-1: config 0 has no interfaces? [ 470.711887][ T4481] usb 2-1: config 0 has no interfaces? [ 470.732547][ T4481] usb 2-1: config 0 has no interfaces? [ 470.755270][ T4481] usb 2-1: config 0 has no interfaces? [ 470.771025][ T4481] usb 2-1: config 0 has no interfaces? [ 470.782014][ T4481] usb 2-1: config 0 has no interfaces? [ 470.796115][ T26] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 470.808635][ T26] usb 5-1: config 1 has no interface number 0 [ 470.815509][ T4481] usb 2-1: New USB device found, idVendor=0b05, idProduct=ffff, bcdDevice=ff.ff [ 470.824729][ T26] usb 5-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 470.836431][ T4481] usb 2-1: New USB device strings: Mfr=255, Product=255, SerialNumber=255 [ 470.854565][ T4481] usb 2-1: Product: syz [ 470.876931][ T26] usb 5-1: config 1 interface 1 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 470.893157][ T4481] usb 2-1: Manufacturer: syz [ 470.907845][ T4481] usb 2-1: SerialNumber: syz [ 470.922960][ T26] usb 5-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping [ 470.951486][ T4481] usb 2-1: config 0 descriptor?? [ 470.971488][ T26] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 471.011782][ T26] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 471.549842][ T8658] loop1: detected capacity change from 0 to 8192 [ 471.974081][ T27] kauditd_printk_skb: 5 callbacks suppressed [ 471.974098][ T27] audit: type=1800 audit(1759566461.186:46): pid=8658 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1290" name="bus" dev="loop1" ino=1048602 res=0 errno=0 [ 472.024512][ T4668] usb 2-1: USB disconnect, device number 5 [ 472.157529][ T26] usb 5-1: string descriptor 0 read error: -71 [ 472.163924][ T26] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 472.184429][ T26] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 472.282001][ T26] usb 5-1: can't set config #1, error -71 [ 472.332697][ T26] usb 5-1: USB disconnect, device number 8 [ 472.533229][ T8691] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 472.561708][ T8692] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1302'. [ 472.773244][ T27] audit: type=1326 audit(1759566461.986:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8693 comm="syz.2.1305" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39dc18eec9 code=0x7ffc0000 [ 472.855336][ T27] audit: type=1326 audit(1759566461.986:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8693 comm="syz.2.1305" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39dc18eec9 code=0x7ffc0000 [ 472.938779][ T27] audit: type=1326 audit(1759566462.016:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8693 comm="syz.2.1305" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f39dc18eec9 code=0x7ffc0000 [ 472.970000][ T8700] loop0: detected capacity change from 0 to 2048 [ 473.009967][ T8700] UDF-fs: bad mount option "uid=" or missing value [ 473.053873][ T27] audit: type=1326 audit(1759566462.016:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8693 comm="syz.2.1305" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39dc18eec9 code=0x7ffc0000 [ 473.173288][ T27] audit: type=1326 audit(1759566462.016:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8693 comm="syz.2.1305" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39dc18eec9 code=0x7ffc0000 [ 473.222016][ T8705] loop1: detected capacity change from 0 to 1024 [ 473.265654][ T8705] EXT4-fs: Ignoring removed mblk_io_submit option [ 473.283661][ T27] audit: type=1326 audit(1759566462.016:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8693 comm="syz.2.1305" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f39dc18eec9 code=0x7ffc0000 [ 473.312120][ T8705] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 473.366373][ T27] audit: type=1326 audit(1759566462.016:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8693 comm="syz.2.1305" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39dc18eec9 code=0x7ffc0000 [ 473.425985][ T8705] EXT4-fs error (device loop1): ext4_ext_check_inode:520: inode #11: comm syz.1.1307: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512) [ 473.453267][ T27] audit: type=1326 audit(1759566462.016:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8693 comm="syz.2.1305" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39dc18eec9 code=0x7ffc0000 [ 473.453364][ T8705] EXT4-fs error (device loop1): ext4_orphan_get:1405: comm syz.1.1307: couldn't read orphan inode 11 (err -117) [ 473.488602][ T27] audit: type=1326 audit(1759566462.016:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8693 comm="syz.2.1305" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f39dc18eec9 code=0x7ffc0000 [ 473.564249][ T8705] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 473.622088][ T8705] EXT4-fs error (device loop1): ext4_read_block_bitmap_nowait:477: comm syz.1.1307: Invalid block bitmap block 0 in block_group 0 [ 473.665326][ T8714] EXT4-fs error (device loop1): ext4_nfs_get_inode:1461: inode #11: comm syz.1.1307: iget: bad extra_isize 65535 (inode size 256) [ 473.714193][ T8705] EXT4-fs error (device loop1): ext4_acquire_dquot:6816: comm syz.1.1307: Failed to acquire dquot type 0 [ 473.877997][ T4267] EXT4-fs (loop1): unmounting filesystem. [ 474.265032][ T8729] loop5: detected capacity change from 0 to 512 [ 474.293163][ T8729] EXT4-fs: Mount option(s) incompatible with ext3 [ 474.430080][ T8736] loop1: detected capacity change from 0 to 256 [ 474.475074][ T8736] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 474.521685][ T8736] exFAT-fs (loop1): Medium has reported failures. Some data may be lost. [ 474.577340][ T8736] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000ff98, chksum : 0x65b64522, utbl_chksum : 0xe619d30d) [ 476.233301][ T8770] loop0: detected capacity change from 0 to 764 [ 476.264670][ T8749] binder: 8748:8749 ioctl c0306201 200000004a40 returned -14 [ 479.640144][ T8789] ptrace attach of "./syz-executor exec"[4267] was attempted by "./syz-executor exec"[8789] [ 480.752392][ T8799] loop4: detected capacity change from 0 to 512 [ 481.600840][ T8799] EXT4-fs: Mount option(s) incompatible with ext3 [ 483.461654][ T8812] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 483.616091][ T8812] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 484.646456][ T8829] loop5: detected capacity change from 0 to 512 [ 484.738879][ T8829] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 484.764662][ T8829] ext4 filesystem being mounted at /225/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 484.985815][ T4949] EXT4-fs (loop5): unmounting filesystem. [ 486.955336][ T8856] fuse: Bad value for 'fd' [ 488.611232][ T8873] netlink: 148 bytes leftover after parsing attributes in process `syz.4.1365'. [ 488.832705][ T8875] loop0: detected capacity change from 0 to 512 [ 488.964839][ T8875] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 489.042525][ T8868] binder: 8866:8868 ioctl c0306201 200000004a40 returned -14 [ 489.074009][ T8875] EXT4-fs (loop0): 1 truncate cleaned up [ 489.090833][ T8875] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 489.205181][ T26] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 489.355514][ T7489] EXT4-fs (loop0): unmounting filesystem. [ 489.424800][ T26] usb 5-1: Using ep0 maxpacket: 16 [ 489.436494][ T26] usb 5-1: config 0 interface 0 altsetting 1 endpoint 0x7 has invalid wMaxPacketSize 0 [ 489.497381][ T26] usb 5-1: config 0 interface 0 altsetting 1 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 489.518608][ T8885] loop1: detected capacity change from 0 to 128 [ 489.574632][ T26] usb 5-1: config 0 interface 0 altsetting 1 endpoint 0x89 has invalid wMaxPacketSize 0 [ 489.627331][ T8885] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 489.637087][ T26] usb 5-1: config 0 interface 0 has no altsetting 0 [ 489.671250][ T26] usb 5-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb [ 489.700761][ T8888] loop0: detected capacity change from 0 to 1024 [ 489.726123][ T8885] ext4 filesystem being mounted at /266/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 489.800490][ T8888] EXT4-fs: Ignoring removed mblk_io_submit option [ 489.813732][ T26] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 489.984735][ T26] usb 5-1: Product: syz [ 489.989842][ T26] usb 5-1: Manufacturer: syz [ 490.001854][ T26] usb 5-1: SerialNumber: syz [ 490.066561][ T26] usb 5-1: config 0 descriptor?? [ 490.403411][ T26] input: syz syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input9 [ 490.417400][ T3623] synaptics_usb 5-1:0.0: synusb_open - usb_submit_urb failed, error: -90 [ 490.435561][ T8888] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 491.108839][ T8888] EXT4-fs error (device loop0): ext4_ext_check_inode:520: inode #11: comm syz.0.1369: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512) [ 491.143555][ T26] usb 5-1: USB disconnect, device number 9 [ 491.265061][ T8888] EXT4-fs error (device loop0): ext4_orphan_get:1405: comm syz.0.1369: couldn't read orphan inode 11 (err -117) [ 491.305673][ T4267] EXT4-fs (loop1): unmounting filesystem. [ 491.364469][ T8888] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 491.414224][ T8896] loop5: detected capacity change from 0 to 512 [ 491.462356][ T8888] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:477: comm syz.0.1369: Invalid block bitmap block 0 in block_group 0 [ 491.504924][ T8896] EXT4-fs: Mount option(s) incompatible with ext3 [ 491.523541][ T8897] EXT4-fs error (device loop0): ext4_nfs_get_inode:1461: inode #11: comm syz.0.1369: iget: bad extra_isize 65535 (inode size 256) [ 493.059519][ T8888] __quota_error: 14 callbacks suppressed [ 493.059539][ T8888] Quota error (device loop0): write_blk: dquota write failed [ 493.119258][ T8888] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 493.214750][ T8888] EXT4-fs error (device loop0): ext4_acquire_dquot:6816: comm syz.0.1369: Failed to acquire dquot type 0 [ 493.427561][ T7489] EXT4-fs (loop0): unmounting filesystem. [ 493.867059][ T8914] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 493.891385][ T8914] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 493.901695][ T8914] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 494.128748][ C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 494.708205][ T8921] loop0: detected capacity change from 0 to 256 [ 495.159658][ C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 497.788421][ T8944] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 497.799576][ T8942] loop0: detected capacity change from 0 to 256 [ 497.799757][ T8944] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 497.875615][ T8944] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 497.926888][ T8946] loop1: detected capacity change from 0 to 512 [ 497.933706][ T8942] exFAT-fs (loop0): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18d7c, utbl_chksum : 0xe619d30d) [ 497.984244][ T8946] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 498.648119][ T8946] EXT4-fs (loop1): 1 truncate cleaned up [ 498.662042][ T8946] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 499.137557][ T4267] EXT4-fs (loop1): unmounting filesystem. [ 500.133807][ T8982] loop5: detected capacity change from 0 to 2048 [ 500.183320][ T8982] UDF-fs: error (device loop5): udf_process_sequence: Primary Volume Descriptor not found! [ 501.039847][ T4279] Bluetooth: hci0: command 0x2016 tx timeout [ 501.074899][ T8982] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 501.410062][ T8991] loop0: detected capacity change from 0 to 128 [ 501.425554][ T8991] FAT-fs (loop0): bogus number of FAT structure [ 501.462887][ T8991] FAT-fs (loop0): This doesn't look like a DOS 1.x volume; no bootstrapping code [ 501.518884][ T8991] FAT-fs (loop0): Can't find a valid FAT filesystem [ 501.564951][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.571363][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 502.543815][ T9007] loop4: detected capacity change from 0 to 1024 [ 502.613725][ T9011] loop1: detected capacity change from 0 to 128 [ 502.688825][ T6994] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 502.689922][ T9007] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 503.089789][ T4266] EXT4-fs (loop4): unmounting filesystem. [ 503.694479][ T7] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 503.899904][ T7] usb 1-1: Using ep0 maxpacket: 16 [ 503.909500][ T7] usb 1-1: config 0 interface 0 altsetting 1 endpoint 0x7 has invalid wMaxPacketSize 0 [ 503.923862][ T9031] lo speed is unknown, defaulting to 1000 [ 503.944612][ T7] usb 1-1: config 0 interface 0 altsetting 1 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 503.993158][ T7] usb 1-1: config 0 interface 0 altsetting 1 endpoint 0x89 has invalid wMaxPacketSize 0 [ 505.495231][ T7] usb 1-1: config 0 interface 0 has no altsetting 0 [ 505.514553][ T7] usb 1-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb [ 505.523683][ T7] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 505.559721][ T7] usb 1-1: Product: syz [ 505.564076][ T7] usb 1-1: Manufacturer: syz [ 505.586629][ T7] usb 1-1: SerialNumber: syz [ 505.646670][ T7] usb 1-1: config 0 descriptor?? [ 505.726780][ T7] usb 1-1: can't set config #0, error -71 [ 505.784750][ T7] usb 1-1: USB disconnect, device number 8 [ 506.886531][ T9063] loop1: detected capacity change from 0 to 2048 [ 508.325568][ T9063] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 508.681174][ T9084] 9pnet_fd: p9_fd_create_tcp (9084): problem connecting socket to 127.0.0.1 [ 509.061290][ T9063] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz.1.1424: bg 0: block 234: padding at end of block bitmap is not set [ 509.208920][ T9063] EXT4-fs (loop1): Remounting filesystem read-only [ 509.850533][ T9096] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 509.860052][ T9096] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 509.867685][ T9096] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 509.942382][ T9094] input: syz0 as /devices/virtual/input/input11 [ 510.332301][ T4267] EXT4-fs (loop1): unmounting filesystem. [ 510.855365][ T9114] loop1: detected capacity change from 0 to 128 [ 511.459186][ T9114] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 511.478604][ T9114] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 513.615139][ T9136] loop4: detected capacity change from 0 to 2048 [ 513.684317][ T9136] UDF-fs: error (device loop4): udf_process_sequence: Primary Volume Descriptor not found! [ 513.746601][ T9136] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 514.916780][ T9143] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 514.940643][ T9143] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 514.951753][ T9143] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 515.696402][ T4283] Bluetooth: hci1: hardware error 0x00 [ 517.794894][ T4283] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 518.456956][ T9170] loop5: detected capacity change from 0 to 1024 [ 519.046458][ T27] audit: type=1800 audit(1759566508.226:68): pid=9170 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1454" name="file1" dev="loop5" ino=20 res=0 errno=0 [ 519.669334][ T9167] lo speed is unknown, defaulting to 1000 [ 520.713640][ T9181] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 520.723431][ T9181] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 520.731063][ T9181] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 521.764426][ T4337] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 521.794780][ T9184] binder: 9183:9184 ioctl c0306201 200000004a40 returned -14 [ 521.958953][ T4337] usb 1-1: unable to get BOS descriptor or descriptor too short [ 521.978347][ T4337] usb 1-1: config 14 has an invalid interface number: 21 but max is 0 [ 522.018119][ T4337] usb 1-1: config 14 has no interface number 0 [ 522.051945][ T4337] usb 1-1: config 14 interface 21 altsetting 249 bulk endpoint 0xA has invalid maxpacket 32 [ 522.093789][ T4337] usb 1-1: config 14 interface 21 has no altsetting 0 [ 522.160193][ T4337] usb 1-1: New USB device found, idVendor=c880, idProduct=760e, bcdDevice=35.fc [ 522.202000][ T4337] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 522.301759][ T4337] usb 1-1: Product: syz [ 522.306854][ T4337] usb 1-1: Manufacturer: syz [ 522.327837][ T4337] usb 1-1: SerialNumber: syz [ 522.856913][ T4337] usb 1-1: MIDIStreaming interface descriptor not found [ 523.620825][ T9211] usb usb8: usbfs: process 9211 (syz.1.1468) did not claim interface 0 before use [ 523.705983][ T4337] usb 1-1: USB disconnect, device number 9 [ 524.400380][ T9222] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 524.410031][ T9222] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 524.417812][ T9222] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 524.457394][ C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 524.704748][ C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 524.756309][ T6893] udevd[6893]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:14.21/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 524.878580][ T9225] lo speed is unknown, defaulting to 1000 [ 526.044739][ T4268] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 526.246401][ T4268] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 526.276277][ T4268] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 526.322809][ T4268] usb 1-1: config 0 descriptor?? [ 526.348147][ T4268] cp210x 1-1:0.0: cp210x converter detected [ 526.766192][ T4268] cp210x 1-1:0.0: failed to get vendor val 0x0010 size 3: -32 [ 527.105682][ T4283] Bluetooth: hci3: command 0x0401 tx timeout [ 527.295577][ T4268] usb 1-1: cp210x converter now attached to ttyUSB0 [ 527.357921][ T4268] usb 1-1: USB disconnect, device number 10 [ 527.440223][ T4268] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 527.484086][ T4268] cp210x 1-1:0.0: device disconnected [ 531.362413][ T4283] Bluetooth: hci3: command 0x0401 tx timeout [ 534.516425][ T27] audit: type=1326 audit(1759566522.606:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9310 comm="syz.0.1500" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f6c06d8eec9 code=0x0 [ 534.870356][ T9321] loop4: detected capacity change from 0 to 128 [ 535.267747][ T9333] loop4: detected capacity change from 0 to 512 [ 535.335165][ T9333] EXT4-fs: Mount option(s) incompatible with ext3 [ 538.516740][ T9342] mmap: syz.5.1511 (9342) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 539.629063][ T9355] binder: 9353:9355 unknown command 0 [ 539.659785][ T9355] binder: 9353:9355 ioctl c0306201 200000000080 returned -22 [ 541.556037][ T9372] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 541.582470][ T9372] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 541.592368][ T9372] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 542.161809][ T9374] loop4: detected capacity change from 0 to 128 [ 542.211390][ T9374] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 542.229001][ T9378] loop1: detected capacity change from 0 to 512 [ 542.243394][ T9378] EXT4-fs: Mount option(s) incompatible with ext3 [ 542.250769][ T9374] ext4 filesystem being mounted at /306/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 542.276213][ T9384] loop5: detected capacity change from 0 to 16 [ 542.288150][ T9384] erofs: Bad value for 'cache_strategy' [ 542.305075][ T6994] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 543.715855][ C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 545.507166][ T4266] EXT4-fs (loop4): unmounting filesystem. [ 545.978998][ T9403] loop4: detected capacity change from 0 to 256 [ 546.036263][ T9403] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x205ab87c, utbl_chksum : 0xe619d30d) [ 546.815104][ T9412] loop5: detected capacity change from 0 to 512 [ 546.831488][ T9412] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 547.009583][ T9414] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 547.061351][ T9414] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 547.074754][ T9414] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 547.524739][ T9412] EXT4-fs (loop5): 1 orphan inode deleted [ 547.561677][ T9412] EXT4-fs (loop5): 1 truncate cleaned up [ 547.605956][ T9412] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 549.455529][ T4949] EXT4-fs (loop5): unmounting filesystem. [ 551.235050][ T27] audit: type=1326 audit(1759566540.116:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9436 comm="syz.5.1538" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f0631f8eec9 code=0x0 [ 554.764873][ T4357] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 555.011106][ T4357] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 555.105694][ T4357] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 555.185840][ T4357] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 555.206683][ T4357] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 555.219587][ T4357] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 555.253442][ T4357] usb 1-1: config 0 descriptor?? [ 555.843134][ T4357] plantronics 0003:047F:FFFF.0004: unbalanced collection at end of report description [ 555.860235][ T4357] plantronics 0003:047F:FFFF.0004: parse failed [ 555.970305][ T4357] plantronics: probe of 0003:047F:FFFF.0004 failed with error -22 [ 556.068109][ T4357] usb 1-1: USB disconnect, device number 11 [ 557.573967][ T9434] usb 5-1: new full-speed USB device number 10 using dummy_hcd [ 557.776674][ T9434] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 557.793339][ T9434] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 557.829765][ T9434] usb 5-1: config 0 descriptor?? [ 557.857322][ T9434] cp210x 5-1:0.0: cp210x converter detected [ 558.781811][ T9434] cp210x 5-1:0.0: failed to get vendor val 0x370c size 13: -121 [ 558.811111][ T9434] cp210x 5-1:0.0: GPIO initialisation failed: -121 [ 558.871305][ T9434] usb 5-1: cp210x converter now attached to ttyUSB0 [ 559.987971][ T9480] loop4: detected capacity change from 0 to 512 [ 560.262538][ T9480] FAT-fs (loop4): bogus number of FAT sectors [ 560.352210][ T9480] FAT-fs (loop4): Can't find a valid FAT filesystem [ 561.271437][ T9434] usb 5-1: USB disconnect, device number 10 [ 561.302488][ T9434] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 561.363363][ T9434] cp210x 5-1:0.0: device disconnected [ 561.558684][ T9532] loop1: detected capacity change from 0 to 128 [ 561.653923][ T9534] sch_tbf: burst 0 is lower than device veth0_to_bridge mtu (1514) ! [ 561.657322][ T9519] binder: 9516:9519 ioctl c0306201 200000004a40 returned -14 [ 561.665551][ T9532] loop1: detected capacity change from 128 to 0 [ 561.847314][ T9542] loop4: detected capacity change from 0 to 512 [ 561.887003][ T9542] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 561.996787][ T9542] EXT4-fs (loop4): 1 orphan inode deleted [ 562.073437][ T27] audit: type=1326 audit(1759566551.286:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9544 comm="syz.2.1576" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f39dc18eec9 code=0x0 [ 562.084376][ T9542] EXT4-fs (loop4): 1 truncate cleaned up [ 562.224425][ T9542] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 563.097506][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.103827][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.168930][ T4266] EXT4-fs (loop4): unmounting filesystem. [ 563.175815][ T9561] xt_TCPMSS: Only works on TCP SYN packets [ 565.474440][ T4441] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 565.554545][ T4283] Bluetooth: hci0: command 0x2016 tx timeout [ 565.674490][ T4441] usb 2-1: Using ep0 maxpacket: 32 [ 565.683885][ T4441] usb 2-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 565.784563][ T4441] usb 2-1: config 4 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 565.896293][ T4441] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 565.943000][ T4441] usb 2-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 566.003771][ T4441] usb 2-1: Product: syz [ 566.009562][ T4441] usb 2-1: Manufacturer: syz [ 566.068956][ T4441] hub 2-1:4.0: bad descriptor, ignoring hub [ 566.122748][ T4441] hub: probe of 2-1:4.0 failed with error -5 [ 566.156471][ T4441] usbhid 2-1:4.0: couldn't find an input interrupt endpoint [ 566.964765][ T9582] binder: 9581:9582 ioctl c0306201 200000004a40 returned -14 [ 567.114785][ T4345] usb 2-1: USB disconnect, device number 6 [ 568.960393][ T4279] Bluetooth: hci0: command 0x0419 tx timeout [ 570.994508][ T4283] Bluetooth: hci0: command 0x0406 tx timeout [ 571.994585][ T4357] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 572.129245][ T9634] loop4: detected capacity change from 0 to 1024 [ 572.184488][ T4357] usb 1-1: Using ep0 maxpacket: 8 [ 572.195168][ T4357] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9 [ 572.198890][ T9633] fuse: root generation should be zero [ 572.236324][ T9634] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 572.286471][ T9634] EXT4-fs warning (device loop4): empty_inline_dir:1874: bad inline directory (dir #12) - no `..' [ 572.368952][ T4357] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 572.444507][ T4357] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 572.528889][ T4357] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12592, setting to 1024 [ 572.605066][ T4357] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 572.653052][ T4357] usb 1-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 572.688582][ T9648] device lo entered promiscuous mode [ 572.693032][ T4357] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 572.695953][ T9648] device tunl0 entered promiscuous mode [ 572.704297][ T4357] usb 1-1: config 0 descriptor?? [ 572.714892][ T9626] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 572.831119][ T9648] device gre0 entered promiscuous mode [ 572.906712][ T9648] device gretap0 entered promiscuous mode [ 572.931445][ T9648] device erspan0 entered promiscuous mode [ 572.990601][ T9648] device ip_vti0 entered promiscuous mode [ 573.046903][ T9648] device ip6_vti0 entered promiscuous mode [ 573.089868][ T9648] device sit0 entered promiscuous mode [ 573.100574][ T4266] EXT4-fs (loop4): unmounting filesystem. [ 573.167611][ T9648] device ip6tnl0 entered promiscuous mode [ 573.177503][ T4283] Bluetooth: hci4: Opcode 0x0c03 failed: -71 [ 573.192782][ T8844] usb 1-1: USB disconnect, device number 12 [ 573.341503][ T9648] device ip6gre0 entered promiscuous mode [ 573.374184][ T9648] device syz_tun entered promiscuous mode [ 573.430872][ T9648] device ip6gretap0 entered promiscuous mode [ 573.481083][ T9648] device vcan0 entered promiscuous mode [ 573.526845][ T9648] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 573.603715][ T9648] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 573.622227][ T9648] device bond0 entered promiscuous mode [ 573.634033][ T9648] device bond_slave_0 entered promiscuous mode [ 573.659825][ T9648] device bond_slave_1 entered promiscuous mode [ 573.688254][ T9648] device team0 entered promiscuous mode [ 573.704474][ T9648] device team_slave_0 entered promiscuous mode [ 573.736599][ T9648] device team_slave_1 entered promiscuous mode [ 573.768368][ T9648] device dummy0 entered promiscuous mode [ 573.819902][ T9648] device nlmon0 entered promiscuous mode [ 573.819902][ T9659] loop4: detected capacity change from 0 to 128 [ 573.821122][ T9659] FAT-fs (loop4): Unrecognized mount option "uni_xl%PB^¯°cwiet" or missing value [ 573.875689][ T7615] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 573.889917][ T9648] device caif0 entered promiscuous mode [ 573.912526][ T9648] device batadv0 entered promiscuous mode [ 573.930925][ T9648] device vxcan0 entered promiscuous mode [ 573.953623][ T9648] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 574.774829][ T9648] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 574.973614][ T9648] device vxcan1 entered promiscuous mode [ 575.093554][ T9648] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 575.329569][ T9648] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 575.396049][ T9648] device veth0 entered promiscuous mode [ 575.408217][ T9648] device veth1 entered promiscuous mode [ 575.418337][ T9648] device wg0 entered promiscuous mode [ 575.594139][ T9648] device wg1 entered promiscuous mode [ 575.600463][ T9648] device wg2 entered promiscuous mode [ 575.607097][ T9648] device veth0_to_bridge entered promiscuous mode [ 575.614111][ T9648] device bridge_slave_0 entered promiscuous mode [ 575.621492][ T9648] device veth1_to_bridge entered promiscuous mode [ 575.648004][ T9648] device bridge_slave_1 entered promiscuous mode [ 575.786933][ T9648] device veth0_to_bond entered promiscuous mode [ 575.795267][ T9648] device veth1_to_bond entered promiscuous mode [ 575.803050][ T9648] device veth0_to_team entered promiscuous mode [ 575.811060][ T9648] device veth1_to_team entered promiscuous mode [ 575.819845][ T9648] device veth0_to_batadv entered promiscuous mode [ 575.828340][ T9648] device batadv_slave_0 entered promiscuous mode [ 575.836136][ T9648] device veth1_to_batadv entered promiscuous mode [ 575.843900][ T9648] device batadv_slave_1 entered promiscuous mode [ 576.409786][ T9648] device xfrm0 entered promiscuous mode [ 576.462585][ T9648] device veth0_to_hsr entered promiscuous mode [ 576.511836][ T9648] device veth1_to_hsr entered promiscuous mode [ 576.570412][ T9648] device hsr0 entered promiscuous mode [ 576.594068][ T9648] device veth1_virt_wifi entered promiscuous mode [ 576.605528][ T9648] device veth0_virt_wifi entered promiscuous mode [ 576.643572][ T9648] device virt_wifi0 entered promiscuous mode [ 576.675075][ T9648] device vlan0 entered promiscuous mode [ 576.701163][ T9648] device vlan1 entered promiscuous mode [ 576.728436][ T9648] device macvlan0 entered promiscuous mode [ 576.787976][ T9648] device macvlan1 entered promiscuous mode [ 576.815125][ T9648] device ipvlan0 entered promiscuous mode [ 576.820993][ T9648] device ipvlan1 entered promiscuous mode [ 576.879557][ T9648] device macvtap0 entered promiscuous mode [ 576.897291][ T9648] device macsec0 entered promiscuous mode [ 576.937654][ T9648] device geneve0 entered promiscuous mode [ 577.427313][ T9648] device geneve1 entered promiscuous mode [ 577.694561][ T9648] device netdevsim0 entered promiscuous mode [ 577.701315][ T9648] device netdevsim1 entered promiscuous mode [ 577.708161][ T9648] device netdevsim2 entered promiscuous mode [ 577.716092][ T9648] device netdevsim3 entered promiscuous mode [ 577.722911][ T9648] device wlan0 entered promiscuous mode [ 577.735645][ T9648] device wlan1 entered promiscuous mode [ 577.742155][ T9663] IPVS: Unknown mcast interface: pimreg1 [ 577.780088][ T9676] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 577.790816][ T9676] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 577.798620][ T9676] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 579.615475][ T9698] loop1: detected capacity change from 0 to 1024 [ 580.200765][ T9708] loop5: detected capacity change from 0 to 256 [ 580.282826][ T9708] FAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 582.211771][ T9714] FAT-fs (loop5): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 582.220925][ T9714] FAT-fs (loop5): Filesystem has been set read-only [ 582.231875][ T27] audit: type=1800 audit(1759566571.416:72): pid=9714 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1629" name="file1" dev="loop5" ino=1048612 res=0 errno=0 [ 584.780066][ T9724] loop5: detected capacity change from 0 to 1024 [ 584.887799][ T9724] hfsplus: session requires an argument [ 584.938331][ T9724] hfsplus: unable to parse mount options [ 585.803892][ T9734] loop4: detected capacity change from 0 to 512 [ 585.815322][ T9727] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 585.920570][ T9734] EXT4-fs: Mount option(s) incompatible with ext3 [ 585.974090][ T9727] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 587.403963][ T9727] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 587.831735][ T9731] device syzkaller0 entered promiscuous mode [ 588.392060][ T9749] loop5: detected capacity change from 0 to 2048 [ 588.433140][ T9749] UDF-fs: bad mount option "uid=" or missing value [ 590.891805][ T9762] binder: 9761:9762 ioctl c0306201 200000004a40 returned -14 [ 592.295040][ T9778] loop1: detected capacity change from 0 to 1024 [ 592.517117][ T9781] loop5: detected capacity change from 0 to 512 [ 594.633873][ T9781] EXT4-fs: Mount option(s) incompatible with ext3 [ 596.736455][ T9800] loop1: detected capacity change from 0 to 2048 [ 596.823183][ T9800] UDF-fs: bad mount option "uid=" or missing value [ 596.993594][ T9804] lo speed is unknown, defaulting to 1000 [ 597.563296][ T4279] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 597.574093][ T4279] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 597.583014][ T4279] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 597.593497][ T4279] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 597.601599][ T4279] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 597.608977][ T4279] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 598.433781][ T9812] lo speed is unknown, defaulting to 1000 [ 601.082483][ T4281] Bluetooth: hci4: command 0x0409 tx timeout [ 602.606561][ T9841] loop4: detected capacity change from 0 to 512 [ 602.778143][ T9841] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 602.824999][ T9841] ext4 filesystem being mounted at /338/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 603.154849][ T4281] Bluetooth: hci4: command 0x041b tx timeout [ 603.163523][ T4266] EXT4-fs (loop4): unmounting filesystem. [ 603.293131][ T9812] chnl_net:caif_netlink_parms(): no params data found [ 603.343786][ T9857] loop1: detected capacity change from 0 to 128 [ 603.351791][ T9857] FAT-fs (loop1): Unrecognized mount option "uni_xl%PB^¯°cwiet" or missing value [ 604.369270][ T9866] loop4: detected capacity change from 0 to 128 [ 604.384066][ T9812] bridge0: port 1(bridge_slave_0) entered blocking state [ 604.421072][ T9812] bridge0: port 1(bridge_slave_0) entered disabled state [ 604.435238][ T9812] device bridge_slave_0 entered promiscuous mode [ 604.446325][ T9812] bridge0: port 2(bridge_slave_1) entered blocking state [ 604.453886][ T9812] bridge0: port 2(bridge_slave_1) entered disabled state [ 604.463427][ T6994] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 604.515327][ T9812] device bridge_slave_1 entered promiscuous mode [ 604.665709][ T4704] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 604.736937][ T9877] loop5: detected capacity change from 0 to 512 [ 604.798648][ T9877] EXT4-fs: Mount option(s) incompatible with ext3 [ 606.187345][ T4281] Bluetooth: hci4: command 0x040f tx timeout [ 606.199660][ T4704] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 606.246371][ T9812] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 606.283582][ T9812] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 606.374985][ T9872] binder: BINDER_SET_CONTEXT_MGR already set [ 606.464582][ T9872] binder: 9869:9872 ioctl 4018620d 200000004a80 returned -16 [ 606.509734][ T9872] binder: 9869:9872 ioctl c0306201 200000004a40 returned -14 [ 606.626588][ T4704] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 606.671857][ T9812] team0: Port device team_slave_0 added [ 606.819191][ T4704] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 606.960287][ T9812] team0: Port device team_slave_1 added [ 607.053356][ T9898] loop1: detected capacity change from 0 to 512 [ 607.080975][ T9812] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 607.099677][ T9898] EXT4-fs: Mount option(s) incompatible with ext3 [ 608.174506][ T9812] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 608.194776][ T4283] Bluetooth: hci4: command 0x0419 tx timeout [ 608.344383][ T9812] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 608.450873][ T9812] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 608.463376][ T9812] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 608.489549][ C1] vkms_vblank_simulate: vblank timer overrun [ 608.520591][ T9812] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 608.790273][ T9812] device hsr_slave_0 entered promiscuous mode [ 608.843790][ T9812] device hsr_slave_1 entered promiscuous mode [ 608.895835][ T9812] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 608.909524][ T9812] Cannot create hsr debugfs directory [ 610.961944][ T9922] netlink: 'syz.5.1693': attribute type 11 has an invalid length. [ 611.086073][ T9931] loop1: detected capacity change from 0 to 512 [ 611.094641][ T9931] EXT4-fs: Ignoring removed orlov option [ 611.102879][ T9931] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem [ 611.143871][ T9931] EXT4-fs (loop1): external journal device major/minor numbers have changed [ 612.418788][ T9812] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 613.274795][ T9812] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 613.312286][ T9950] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 613.322772][ T9950] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 613.330429][ T9950] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 613.506953][ T9812] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 613.572692][ T9812] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 613.677357][ T9931] EXT4-fs (loop1): failed to open journal device unknown-block(0,8) -6 [ 616.081884][ T4704] device hsr_slave_0 left promiscuous mode [ 616.098571][ T4704] device hsr_slave_1 left promiscuous mode [ 616.129428][ T4704] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 616.171532][ T4704] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 616.218809][ T4704] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 616.267888][ T4704] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 616.333940][ T4704] device bridge_slave_1 left promiscuous mode [ 616.350988][ T4704] bridge0: port 2(bridge_slave_1) entered disabled state [ 616.384898][ T4704] device bridge_slave_0 left promiscuous mode [ 616.420160][ T4704] bridge0: port 1(bridge_slave_0) entered disabled state [ 616.499114][ T9979] loop5: detected capacity change from 0 to 1024 [ 616.555212][ T9979] hfsplus: xattr searching failed [ 616.569011][ T9979] hfsplus: xattr searching failed [ 616.587480][ T4704] device veth1_macvtap left promiscuous mode [ 616.593546][ T4704] device veth0_macvtap left promiscuous mode [ 616.644136][ T4704] device veth1_vlan left promiscuous mode [ 616.668457][ T4704] device veth0_vlan left promiscuous mode [ 616.706571][ T9979] hfsplus: b-tree write err: -5, ino 3 [ 617.191476][ T9984] loop5: detected capacity change from 0 to 1764 [ 619.214682][ T9996] loop4: detected capacity change from 0 to 164 [ 619.779872][T10008] loop1: detected capacity change from 0 to 512 [ 619.867622][T10008] EXT4-fs: Mount option(s) incompatible with ext3 [ 623.862684][ T4704] team0 (unregistering): Port device team_slave_1 removed [ 624.134718][ T4704] team0 (unregistering): Port device team_slave_0 removed [ 624.413910][ T4704] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 624.438756][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.445706][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 624.883325][T10031] [ 624.885745][T10031] ====================================================== [ 624.892890][T10031] WARNING: possible circular locking dependency detected [ 624.899984][T10031] syzkaller #0 Not tainted [ 624.904432][T10031] ------------------------------------------------------ [ 624.911830][T10031] syz.2.1727/10031 is trying to acquire lock: [ 624.918051][T10031] ffff8880568dede0 (&sb->s_type->i_mutex_key#12){+.+.}-{3:3}, at: process_measurement+0x33c/0x1a10 [ 624.928913][T10031] [ 624.928913][T10031] but task is already holding lock: [ 624.936297][T10031] ffff88807c74ea58 (&mm->mmap_lock){++++}-{3:3}, at: __se_sys_remap_file_pages+0x17d/0x770 [ 624.946320][T10031] [ 624.946320][T10031] which lock already depends on the new lock. [ 624.946320][T10031] [ 624.956738][T10031] [ 624.956738][T10031] the existing dependency chain (in reverse order) is: [ 624.965766][T10031] [ 624.965766][T10031] -> #1 (&mm->mmap_lock){++++}-{3:3}: [ 624.973341][T10031] down_read_killable+0x4c/0x340 [ 624.978829][T10031] mmap_read_lock_killable+0x1d/0x60 [ 624.984746][T10031] lock_mm_and_find_vma+0x2b1/0x2f0 [ 624.990578][T10031] do_user_addr_fault+0x2db/0xb10 [ 624.996179][T10031] exc_page_fault+0x60/0x100 [ 625.001310][T10031] asm_exc_page_fault+0x22/0x30 [ 625.006790][T10031] fault_in_readable+0xf3/0x1f0 [ 625.012275][T10031] fault_in_iov_iter_readable+0xbb/0x2e0 [ 625.018488][T10031] generic_perform_write+0x3da/0x560 [ 625.024331][T10031] __generic_file_write_iter+0x172/0x430 [ 625.030541][T10031] generic_file_write_iter+0xab/0x2e0 [ 625.036542][T10031] vfs_write+0x44c/0x960 [ 625.041328][T10031] ksys_write+0x143/0x240 [ 625.046349][T10031] do_syscall_64+0x4c/0xa0 [ 625.051309][T10031] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 625.057735][T10031] [ 625.057735][T10031] -> #0 (&sb->s_type->i_mutex_key#12){+.+.}-{3:3}: [ 625.066525][T10031] __lock_acquire+0x2cf8/0x7c50 [ 625.071912][T10031] lock_acquire+0x1b4/0x490 [ 625.077033][T10031] down_write+0x36/0x60 [ 625.081717][T10031] process_measurement+0x33c/0x1a10 [ 625.087538][T10031] ima_file_mmap+0x104/0x150 [ 625.092666][T10031] __se_sys_remap_file_pages+0x53e/0x770 [ 625.098946][T10031] do_syscall_64+0x4c/0xa0 [ 625.103990][T10031] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 625.110424][T10031] [ 625.110424][T10031] other info that might help us debug this: [ 625.110424][T10031] [ 625.120661][T10031] Possible unsafe locking scenario: [ 625.120661][T10031] [ 625.128141][T10031] CPU0 CPU1 [ 625.133701][T10031] ---- ---- [ 625.139081][T10031] lock(&mm->mmap_lock); [ 625.143507][T10031] lock(&sb->s_type->i_mutex_key#12); [ 625.151511][T10031] lock(&mm->mmap_lock); [ 625.158644][T10031] lock(&sb->s_type->i_mutex_key#12); [ 625.164165][T10031] [ 625.164165][T10031] *** DEADLOCK *** [ 625.164165][T10031] [ 625.172318][T10031] 1 lock held by syz.2.1727/10031: [ 625.177522][T10031] #0: ffff88807c74ea58 (&mm->mmap_lock){++++}-{3:3}, at: __se_sys_remap_file_pages+0x17d/0x770 [ 625.187987][T10031] [ 625.187987][T10031] stack backtrace: [ 625.193999][T10031] CPU: 1 PID: 10031 Comm: syz.2.1727 Not tainted syzkaller #0 [ 625.201822][T10031] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 625.212016][T10031] Call Trace: [ 625.215305][T10031] [ 625.218248][T10031] dump_stack_lvl+0x168/0x22e [ 625.223066][T10031] ? load_image+0x3b0/0x3b0 [ 625.227674][T10031] ? show_regs_print_info+0x12/0x12 [ 625.232927][T10031] ? print_circular_bug+0x12b/0x1a0 [ 625.238235][T10031] check_noncircular+0x274/0x310 [ 625.243216][T10031] ? add_chain_block+0x940/0x940 [ 625.248357][T10031] ? lockdep_lock+0xdc/0x1e0 [ 625.252979][T10031] ? _find_first_zero_bit+0xcf/0x100 [ 625.258486][T10031] __lock_acquire+0x2cf8/0x7c50 [ 625.263453][T10031] ? ima_match_policy+0x104/0x2100 [ 625.268608][T10031] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 625.274621][T10031] ? verify_lock_unused+0x140/0x140 [ 625.279862][T10031] ? ima_match_policy+0x207a/0x2100 [ 625.285101][T10031] lock_acquire+0x1b4/0x490 [ 625.289896][T10031] ? process_measurement+0x33c/0x1a10 [ 625.295399][T10031] ? __might_sleep+0xd0/0xd0 [ 625.300099][T10031] ? __schedule+0x10f4/0x40b0 [ 625.304807][T10031] ? read_lock_is_recursive+0x10/0x10 [ 625.310208][T10031] ? ima_get_action+0x71/0xa0 [ 625.315000][T10031] down_write+0x36/0x60 [ 625.319220][T10031] ? process_measurement+0x33c/0x1a10 [ 625.324612][T10031] process_measurement+0x33c/0x1a10 [ 625.329842][T10031] ? ima_file_mmap+0x150/0x150 [ 625.334646][T10031] ? aa_file_perm+0x117/0xec0 [ 625.339393][T10031] ? mtree_load+0xeb/0xa40 [ 625.343824][T10031] ? mtree_load+0x90a/0xa40 [ 625.348337][T10031] ? aa_get_current_label+0x110/0x1d0 [ 625.354011][T10031] ? apparmor_current_getsecid_subj+0xb1/0x110 [ 625.360203][T10031] ima_file_mmap+0x104/0x150 [ 625.364942][T10031] ? ima_file_free+0x3e0/0x3e0 [ 625.369727][T10031] ? common_file_perm+0x171/0x1c0 [ 625.374770][T10031] ? bpf_lsm_mmap_file+0x5/0x10 [ 625.379652][T10031] ? security_mmap_file+0x11b/0x180 [ 625.384872][T10031] __se_sys_remap_file_pages+0x53e/0x770 [ 625.390530][T10031] ? __x64_sys_remap_file_pages+0xc0/0xc0 [ 625.396372][T10031] ? lock_chain_count+0x20/0x20 [ 625.401245][T10031] ? lockdep_hardirqs_on+0x94/0x140 [ 625.406559][T10031] ? __x64_sys_remap_file_pages+0x1c/0xc0 [ 625.412523][T10031] do_syscall_64+0x4c/0xa0 [ 625.417101][T10031] ? clear_bhb_loop+0x60/0xb0 [ 625.421892][T10031] ? clear_bhb_loop+0x60/0xb0 [ 625.426611][T10031] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 625.432530][T10031] RIP: 0033:0x7f39dc18eec9 [ 625.436987][T10031] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 625.456618][T10031] RSP: 002b:00007f39dcfcf038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d8 [ 625.465040][T10031] RAX: ffffffffffffffda RBX: 00007f39dc3e5fa0 RCX: 00007f39dc18eec9 [ 625.473120][T10031] RDX: 0000000000000000 RSI: 0000000000400000 RDI: 000020000051c000 [ 625.481126][T10031] RBP: 00007f39dc211f91 R08: 0000000000000100 R09: 0000000000000000 [ 625.489115][T10031] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 625.497474][T10031] R13: 00007f39dc3e6038 R14: 00007f39dc3e5fa0 R15: 00007ffc03f4f298 [ 625.505688][T10031] [ 626.121365][ T4704] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 626.367578][T10039] loop5: detected capacity change from 0 to 512 [ 626.412984][T10039] EXT4-fs (loop5): Cannot turn on journaled quota: type 0: error -2 [ 626.425233][T10039] EXT4-fs (loop5): 1 truncate cleaned up [ 626.450879][T10039] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 626.544026][ T4949] EXT4-fs (loop5): unmounting filesystem. [ 626.550150][ T9434] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 626.740518][ T9434] usb 2-1: Using ep0 maxpacket: 8 [ 626.750863][ T9434] usb 2-1: config 0 has too many interfaces: 65, using maximum allowed: 32 [ 626.760065][ T9434] usb 2-1: config 0 has an invalid descriptor of length 55, skipping remainder of the config [ 626.772848][ T9434] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 65 [ 626.782209][ T9434] usb 2-1: config 0 has no interface number 0 [ 626.790504][ T9434] usb 2-1: too many endpoints for config 0 interface 1 altsetting 61: 142, using maximum allowed: 30 [ 626.801636][ T9434] usb 2-1: config 0 interface 1 altsetting 61 has 0 endpoint descriptors, different from the interface descriptor's value: 142 [ 626.816933][ T9434] usb 2-1: config 0 interface 1 has no altsetting 0 [ 626.823635][ T9434] usb 2-1: New USB device found, idVendor=1395, idProduct=0300, bcdDevice=81.75 [ 626.838818][ T9434] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 626.849284][ T9434] usb 2-1: config 0 descriptor?? [ 627.009680][ T4704] bond0 (unregistering): Released all slaves [ 627.104837][ T9812] 8021q: adding VLAN 0 to HW filter on device bond0 [ 627.125060][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 627.125988][ T9434] usb 2-1: string descriptor 0 read error: -71 [ 627.133880][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 627.157594][ T9812] 8021q: adding VLAN 0 to HW filter on device team0 [ 627.168708][ T9434] usb 2-1: selecting invalid altsetting 0 [ 627.177201][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 627.189537][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 627.193407][ T9434] usb 2-1: USB disconnect, device number 7 [ 627.210335][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 627.217518][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 627.247809][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 627.278248][ T4756] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 627.290236][ T4756] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 627.301021][ T4756] bridge0: port 2(bridge_slave_1) entered blocking state [ 627.308213][ T4756] bridge0: port 2(bridge_slave_1) entered forwarding state [ 627.316689][ T4756] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 627.334970][ T4756] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 627.344804][ T4756] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 627.354185][ T4756] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 627.363389][ T4756] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 627.374771][ T4756] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 627.388855][ T9812] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 627.401814][ T9812] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 627.413997][ T4756] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 627.422204][ T4756] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 627.433341][ T4756] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 627.438509][ T7615] udevd[7615]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.1/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 627.445435][ T4756] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 627.468904][ T4756] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 627.482082][ T4756] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 627.771844][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 627.780310][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 627.792246][ T9812] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 628.099055][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 628.108477][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 628.136888][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 628.147787][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 628.159056][ T9812] device veth0_vlan entered promiscuous mode [ 628.169593][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 628.179734][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 628.192658][ T9812] device veth1_vlan entered promiscuous mode [ 628.218051][ T4704] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 628.228447][ T4704] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 628.239055][ T9812] device veth0_macvtap entered promiscuous mode [ 628.249453][ T9812] device veth1_macvtap entered promiscuous mode [ 628.266355][ T9812] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 628.279825][ T9812] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 628.293171][ T9812] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 628.303998][ T9812] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 628.315966][ T9812] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 628.326609][ T9812] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 628.338402][ T9812] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 628.349087][ T9812] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 628.362194][ T9812] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 628.371438][ T4704] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 628.380548][ T4704] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 628.388867][ T4704] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 628.398396][ T4704] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 628.409291][ T9812] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 628.420237][ T9812] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 628.430491][ T9812] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 628.442273][ T9812] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 628.452291][ T9812] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 628.462953][ T9812] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 628.472866][ T9812] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 628.483645][ T9812] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 628.495633][ T9812] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 628.512402][ T4756] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 628.524117][ T4756] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 628.535277][ T9812] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 628.544027][ T9812] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 628.553126][ T9812] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 628.562326][ T9812] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 628.599084][ T9812] ieee80211 phy17: Selected rate control algorithm 'minstrel_ht' [ 628.629318][ T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 628.641009][ T9812] ieee80211 phy18: Selected rate control algorithm 'minstrel_ht' [ 628.649205][ T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 628.662000][ T4756] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 628.684879][ T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 628.693316][ T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 628.702301][ T4756] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready