last executing test programs: 1m16.53822203s ago: executing program 3 (id=120): mprotect(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x8) mlock(&(0x7f0000ffc000/0x2000)=nil, 0x2000) r0 = openat$userfaultfd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$USERFAULTFD_IOC_NEW(r0, 0xaa00) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000240)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000001080)={{&(0x7f0000ffc000/0x3000)=nil, 0x3000}, 0x3}) mprotect(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0xf) 1m15.789598967s ago: executing program 3 (id=122): r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r1, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) connect$inet(r0, &(0x7f0000000480)={0x2, 0x4e23, @multicast2}, 0x10) setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@empty, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x10000, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x6}, {}, 0x0, 0x0, 0x1}, {{@in6=@ipv4={'\x00', '\xff\xff', @rand_addr=0x64010101}, 0x4d2, 0x32}, 0x0, @in=@loopback, 0x0, 0x0, 0x0, 0xb7, 0x5, 0x5}}, 0xe8) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x1c) 1m14.58131407s ago: executing program 3 (id=126): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000dc0)='./bus\x00', 0x21081e, &(0x7f0000000080), 0x1, 0x51d, &(0x7f0000000200)="$eJzs3c9vHFcdAPDvTLK2k7h1WnoABG1oCwFFWceb1qp6gHJCCFVC9AhSauyNZXnXa3nXpTaRcM9ckajECY78AZx74s4FwY1LOSDxwwLVSBwGzezY2di79uaHvZb385FG89688X7fizPvzbxd7wtgbN2IiJ2ImIiI9yNipjyelFu8093y8z7bfbC4t/tgMYkse++fSVGeH4uen8ldK19zKiJ+8J2IHydH47a3tlcXGo36Rpmf7TTXZ9tb27dXmgvL9eX6Wq02Pzd/5627b9YeozVTx5a+0pwoU1/+9A873/hpXq3p8khvO56lbtMrB3FylyPie6cRbAQule2ZGHVFeCJpRLwYEa8W1/9MXCp+mwDARZZlM5HN9OYBgIsuLebAkrRazgVMR5pWq905vJfiatpotTu37rc215a6c2XXo5LeX2nU75RzhdejkuT5uSL9MF87lL8bES9ExC8mrxT56mKrsTTKGx8AGGPXDo3//5nsjv8AwAV3/MdmAICLyPgPAOPH+A8A48f4DwDjpzv+X3ncH8uy7GenUR0A4Ax4/geA8WP8B4Cx8v133823bK/8/uulD7Y2V1sf3F6qt1erzc3F6mJrY7263GotF9/Z0zzp9Rqt1vrcG7H54fVvrrc7s+2t7XvN1uZa517xvd736pXirJ0zaBkAMMgLr3zy5yQfkd++UmzRs5ZDZaQ1A05bOuoKACNzadQVAEbGal8wvh4+4z/2hwBMD8AF0WeJ3kdM9fsDoSzLstOrEnDKbn7B/D+Mq575f58ChjFz0vx/sTawNwnhQjL/D+Mry5Jh1/yPYU8EAM63Y+b4r5/lfQgwOgPe/3+x3P+2fHPgR0uHz/j4NGsFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA59v++r/Vcpnf6UjTajXiuWIBoEpyf6VRvxMRz0fEnyYrk3l+bsR1BgCeVvq3pFz/6+bM69OPFL187SA5ERE/+dV7v/xwodPZ+GPERPKvyf3jnY/L47UTg02dRgsAgOPtj9PFvudB/rPdB4v721nW5+/f7t4V5HH3didi7yD+5bhc7KeiEhFX/52U+a6kZ+7iaex8FBGf79f+JKaLOZDuLcvh+Hns5840fvpI/LRcoDkt/y0+9wzqAuPmk7z/eaff9ZfGjWLf//qfKnqop1f2f/lLLe4VfeDD+Pv936UB/d+NYWO88fvvdlNXjpZ9FPHFyxH7sfd6+p/9+MmA+K8PGf8vX3r51UFl2a8jbkb/+L2xZjvN9dn21vbtlebCcn25vlarzc/N33nr7pu12WKOenbwaPCPt289P6gsb//VAfGnTmj/V4ds/2/+9/4Pv3JM/K+/1i9+Gi8dEz8fE782ZPyFq78b+Nydx1862v5kmN//rSHjf/rX7SPLhgMAo9Pe2l5daDTqGxIS5z+R/5c9B9Xom/jWWcWaiP5FP3+te00fKsqyJ4o1qMd4FrNuwHlwcNFHxH9HXRkAAAAAAAAAAAAAAKCvs/iLpVG3EQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIvr/wEAAP//Rb3T2A==") r0 = creat(&(0x7f00000000c0)='./bus\x00', 0x182) r1 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x181242, 0x148) pwrite64(r1, &(0x7f0000000140)='2', 0xfdef, 0xfecc) write$binfmt_elf32(r1, &(0x7f0000000e00)={{0x7f, 0x45, 0x4c, 0x46, 0x2, 0x40, 0x4, 0x5, 0x8001, 0x3, 0x6, 0x7fffffff, 0x7b, 0x38, 0x0, 0x2, 0x6, 0x20, 0x4, 0x5, 0x1, 0x9}, [{0x6474e551, 0x1, 0x7, 0x3ff, 0x5, 0x800, 0x3133, 0x7}, {0x7, 0x87, 0x9, 0x3ff, 0x8, 0xdfc00000, 0x7fffffff, 0x4}, {0x7, 0xa69a, 0x9, 0x2, 0x14, 0x2, 0x400, 0x5dfa}, {0x7, 0xb, 0x7, 0xb, 0x3fc6, 0x907, 0x0, 0x1}], "b0c8f09bde5dd74d49f72d2e7afcd10c78199ba04bb3dd9eac974e6d3e6551a0f52cb46fd133a8ef7b4e501b4dd8206660271ab816d3175f18a840ab20695858ae7b237a", ['\x00', '\x00', '\x00']}, 0x3fc) fallocate(r0, 0x0, 0xbf5, 0x2000402) ioctl$EXT4_IOC_MOVE_EXT(r1, 0xc028660f, &(0x7f0000000040)={0xc, r0, 0x0, 0x0, 0x0, 0xfffffffffdffffff}) 1m13.645613616s ago: executing program 3 (id=131): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x1010012, &(0x7f0000000080)={[{@nobh}, {@bsdgroups}, {@data_err_ignore}]}, 0x3, 0x4cd, &(0x7f0000000c80)="$eJzs3M9vFGUfAPDvbHdpgZfXioiCKAU0Nia2UFA4eMHExIMmRjzIsWkrQRYwtAchREpi8Ezi3Xg03jTxqkfjyT8ADx5MDAkxXABPa2Z3pt3ur+7CtqXs55Ns+zwzz8zzPDPzzD77PDsbwMAaS/8kEf+LiFsR8VQtujLBWO3f/btXZx7cvToTi5XKqX+Sarp7aTyTb7c9i4wXIgpfJg07rJm/fOXcdLk8dymLTy6c/2xy/vKV18+enz4zd2buwtSJE8eOHjn+5tQbvVeqRX5pve7t/eLivj3vnr75/kwxXz6S/a+vR1vF3oox1mHdK73t6rG3oy6cNB+na+taGLo2kl3WpbT9Xy0fPL3RBQLWTaVSqQy3X71YaXS9aQmwaSWx0SUANkb+Rp9+/s1f69T1eCzcOVn7AJTW+372qq0pRiFLU2r4fNtPYxHx8eK/36Sv6DQO8ecaFQAAGDi/nMx7go39v0Lsrkv3/2wOZTQino6InRHxTETsiohnI6ppn4uI5xszSCIqHfLf1RBfzv/HbBahcPuRK9lB2v97K5vbWtn/y3t/MTqUxXZE5B3mucPZMRmP0vAnZ8tzR9rsf8sq+df3/9JXmn/eF8zKcbvYMEA3O70w/XC1bXbnesTeYmP9k2J64vJpnCQi9kTE3h72O1oXPvvad/uWIqWV6Vavf1WlxZRez/NxrVS+jXi1dv4XY8X5X84x6Tw/OTkS5bnDk+lVcLhlHr/9fuODdvmvWv+f/mrc5J3jP5961GovSc//trrrP/L52+X6jyYRydJ87XxEZai3PG788VV1v2OHmtc97PW/JfmoGs7b1+fTCwuXjkRsSd5rXj61vG0ez9On9R8/1Lr978y2SY/ECxGRXsQvRsRLEbE/K/uBiDgYES2qtuTXt1/+tN26Lq//NZPWf7bl/W/F+V+er+8ykG+cLhk6d+DWgzY3j+7O/7FqaDxb0vr+l6y4RXRb0kc7egAAALA5FKL63f/CxFK4UJiYqI0B7YpthfLF+YX9EXFhtvaMwGiUCvlIV208uJTk45+jdfGphvjRbNz466Gt1fjEzMXy7EZXHgbc9mqbT5raf+rvHsd5gU2oD/NowCa1WvvffXOdCgKsO+//MLjq2v9imySLvikDTybv/zC4WrX/a/F9x2cX3DNg86toyzDQtH8YXMX4cClcfey55dO2wJPI+z8MpF6f6+8tUBluvWokWvxiwMjaFGNri7w2JJD2rPq4w1JEdJd468NkkXcB2//CQ6G3HQ5H86qh6LRV0sPvOOSB9KismvjM7r5f/PlvovT7svlhuZ2WujzdfQpsyO0IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACg7/4LAAD///QJ1ng=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file2\x00', 0x143042, 0x20) open(&(0x7f0000000200)='./bus\x00', 0x14507e, 0x1) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1c10, 0x0) r1 = open(&(0x7f0000000400)='./bus\x00', 0xc40, 0x0) ioctl$BLKROSET(r1, 0x125d, &(0x7f0000000080)=0x3f) write$FUSE_STATX(r0, &(0x7f0000000140)={0x130, 0x0, 0x0, {0x4e06f502, 0x1, 0x0, '\x00', {0x1, 0xcf47, 0x6, 0xfffffff7, 0x0, 0x0, 0xa000, '\x00', 0x6, 0x0, 0x3, 0xfffffffffffffeff, {0xa, 0x8}, {0x10001, 0x5}, {0x8, 0xfffffffa}, {0x6ad0, 0x2}, 0x81, 0x8, 0x9, 0x7}}}, 0x130) 1m13.645249526s ago: executing program 1 (id=132): mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000002380)=ANY=[]) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) r2 = syz_io_uring_setup(0x10d, &(0x7f0000000380)={0x0, 0x5885, 0x100, 0x0, 0xffeffc03}, &(0x7f0000000340)=0x0, &(0x7f0000000240)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_CONNECT={0x10, 0x40, 0x0, r0, 0x80, &(0x7f00000000c0)=@un=@file={0x0, './file0\x00'}}) io_uring_enter(r2, 0x351e, 0x483, 0x0, 0x0, 0x0) 1m13.461463505s ago: executing program 1 (id=134): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) r2 = syz_open_dev$sg(&(0x7f00000002c0), 0x0, 0x88101) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$SG_IO(r3, 0x2285, &(0x7f0000000040)={0x53, 0xfffffffe, 0x6, 0x0, @buffer={0x2, 0x41001, &(0x7f00000000c0)=""/81}, &(0x7f0000000380)="259374c96ee3", 0x0, 0x300, 0x0, 0x0, 0x0}) 1m13.278276414s ago: executing program 1 (id=135): r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f00000000c0)={'adl_pci9118\x00', [0x8001, 0x6, 0x1, 0x0, 0x4, 0xcc7, 0x8, 0x7, 0xa, 0x100, 0x2, 0x1, 0x8, 0x4, 0x6, 0xffffffff, 0x1, 0x1a449, 0x4, 0x40000003, 0x89, 0x2, 0xf27, 0x6, 0xb, 0x8, 0x5, 0x8, 0x4, 0x10000, 0xfffffff8]}) 1m12.959595956s ago: executing program 3 (id=137): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x100, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000780)=[@text32={0x20, &(0x7f00000007c0)="26f20f4766000f3566b84200c4e2bda80ab805000000b953800000000fc773140fde460b0f01300faefef2360f217a0f07", 0x31}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1m12.175432096s ago: executing program 3 (id=142): socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000100)={0x4, "ff0f00000000000001a82d866bf4ff0713e4b89c3c00"}) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) r2 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r2, 0xc0184800, &(0x7f0000000100)={0x4, r1}) pselect6(0x40, &(0x7f0000000040)={0x0, 0x0, 0xffffffffffffffff}, &(0x7f0000000080)={0xea, 0x9, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0xa}, 0x0, 0x0, 0x0) 1m11.492528656s ago: executing program 32 (id=142): socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000100)={0x4, "ff0f00000000000001a82d866bf4ff0713e4b89c3c00"}) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) r2 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r2, 0xc0184800, &(0x7f0000000100)={0x4, r1}) pselect6(0x40, &(0x7f0000000040)={0x0, 0x0, 0xffffffffffffffff}, &(0x7f0000000080)={0xea, 0x9, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0xa}, 0x0, 0x0, 0x0) 1m10.021937146s ago: executing program 1 (id=150): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x40000}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000780)=@newtfilter={0x5c, 0x2c, 0xd27, 0x70bd28, 0x8000, {0x0, 0x0, 0x0, r3, {0x8, 0x7}, {}, {0xa, 0xfff3}}, [@filter_kind_options=@f_flower={{0xb}, {0x2c, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS_MASK={0x10, 0x55, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_ERSPAN={0xc, 0x3, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_ERSPAN_INDEX={0x8, 0x2, 0x401}]}]}, @TCA_FLOWER_KEY_ENC_OPTS={0x18, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_ERSPAN={0x14, 0x3, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_ERSPAN_VER={0x5, 0x1, 0x1}, @TCA_FLOWER_KEY_ENC_OPT_ERSPAN_INDEX={0x8, 0x2, 0x3}]}]}]}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x22044028}, 0x0) 1m9.408136169s ago: executing program 1 (id=154): mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1\x00', 0x94) mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount$bind(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x803400, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x4000, 0x0) 1m9.01012806s ago: executing program 1 (id=155): ioctl$TCSETSF(0xffffffffffffffff, 0x5404, &(0x7f0000000000)={0xffffffff, 0xc9a, 0xfffff001, 0x6, 0x18, "5cadf0fa59ebc3cef90ac43c5c135252e5d962"}) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ff1000/0x2000)=nil, &(0x7f0000ff5000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x1c, 0x10, &(0x7f0000000340)=ANY=[], &(0x7f0000000200)='syzkaller\x00', 0x1f2, 0x0, 0x0, 0x0, 0x1}, 0x94) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r0 = io_uring_setup(0x2727, &(0x7f0000000040)={0x0, 0x21e1, 0x1c080, 0x1, 0x20002f7}) syz_io_uring_setup(0x497, &(0x7f0000002480)={0x0, 0x3f73, 0x4000, 0x4, 0x17}, &(0x7f0000000340), 0x0) io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0) 53.690748734s ago: executing program 33 (id=155): ioctl$TCSETSF(0xffffffffffffffff, 0x5404, &(0x7f0000000000)={0xffffffff, 0xc9a, 0xfffff001, 0x6, 0x18, "5cadf0fa59ebc3cef90ac43c5c135252e5d962"}) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ff1000/0x2000)=nil, &(0x7f0000ff5000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x1c, 0x10, &(0x7f0000000340)=ANY=[], &(0x7f0000000200)='syzkaller\x00', 0x1f2, 0x0, 0x0, 0x0, 0x1}, 0x94) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r0 = io_uring_setup(0x2727, &(0x7f0000000040)={0x0, 0x21e1, 0x1c080, 0x1, 0x20002f7}) syz_io_uring_setup(0x497, &(0x7f0000002480)={0x0, 0x3f73, 0x4000, 0x4, 0x17}, &(0x7f0000000340), 0x0) io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0) 6.438716562s ago: executing program 4 (id=425): r0 = socket(0x10, 0x3, 0x0) r1 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) r2 = fcntl$dupfd(r1, 0x0, r1) write$sndseq(r2, &(0x7f0000000180)=[{0x0, 0x47, 0x0, 0x0, @tick, {0x40, 0xff}, {0x0, 0x9}, @queue={0xee, {0x7, 0xc9a}}}, {0x0, 0x0, 0x0, 0x0, @time={0x367f, 0xfffffffd}, {0x1}, {0x80}, @connect={{0x40, 0x5}, {0x80, 0xf}}}], 0x38) read$snapshot(r2, 0x0, 0xffffffbf) select(0x40, &(0x7f0000000000), 0x0, &(0x7f0000000080)={0x1f, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000}, 0x0) sendmsg$ETHTOOL_MSG_WOL_SET(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000100)=ANY=[@ANYBLOB, @ANYBLOB="040025"], 0x94}, 0x1, 0x0, 0x0, 0x20000000}, 0x90) 5.411945817s ago: executing program 4 (id=430): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r2 = getpid() process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) keyctl$KEYCTL_CAPABILITIES(0x1f, &(0x7f0000000000)=""/21, 0xfffffe0d) close_range(r0, 0xffffffffffffffff, 0x0) 4.298295891s ago: executing program 4 (id=434): syz_open_dev$MSR(0x0, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x1, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x0, 0x9}, {0xffff, 0xffff}, {0x5, 0x1}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0) sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB='|\x00\x00\x00', @ANYRES16, @ANYBLOB="010829bd7000000000000b00000008000300", @ANYRES32, @ANYBLOB="60005080110001004abee339084eeef16f162471f4000000080003000aac0f000500020007"], 0x7c}, 0x1, 0x0, 0x0, 0x4}, 0x0) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000540)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB='|\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010829bd7000000000000b00000008000300", @ANYRES32=r2], 0x7c}, 0x1, 0x0, 0x0, 0x4}, 0x0) 3.752820307s ago: executing program 2 (id=437): syz_mount_image$bfs(&(0x7f0000000040), &(0x7f0000000000)='./bus\x00', 0x98, &(0x7f00000004c0)=ANY=[], 0xff, 0xa4, &(0x7f00000000c0)="$eJzs0b+pAkEQB+C5e/C4A9EC7OFq0CKswBKMBEEsyFYswdTIwNTkZHFFuGDBQFH4Ptg/P4ZdBuZw3U9jHNFvI/q/eOiT1XoXJf/FKr+gzmeThj655/M8YhYRVaqn7bJZHvMaPF80xd9Hb+sbAAB4XTXIdXTdM53afGk/2RMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAN7kFAAD//z7jFwY=") openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x0) link(&(0x7f0000000200)='./file1\x00', &(0x7f0000000300)='./bus\x00') openat(0xffffffffffffff9c, &(0x7f0000000080)='./file3\x00', 0x105042, 0x0) munmap(&(0x7f0000002000/0x1000)=nil, 0x1000) r0 = open(&(0x7f0000000140)='.\x00', 0x8000, 0x112) getdents(r0, &(0x7f0000001fc0)=""/184, 0xb8) 3.42733573s ago: executing program 2 (id=439): sched_setscheduler(0x0, 0x2, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000200)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) unlink(0x0) syz_emit_ethernet(0x2a, &(0x7f0000001940)={@local, @multicast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x2, 0x2, 0x11, 0x0, @empty, @empty}, {0x0, 0x0, 0x8}}}}}, 0x0) syz_emit_ethernet(0x32, &(0x7f0000000300)={@local, @local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0xe000, 0xff, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e22, 0x10, 0x0, @opaque="cbe66f1099d3a415"}}}}}, 0x0) 3.288320334s ago: executing program 4 (id=440): r0 = syz_clone(0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r1) mount(0x0, &(0x7f0000000040)='.\x00', &(0x7f0000000000)='proc\x00', 0x800000, 0x0) r2 = syz_open_procfs(r0, &(0x7f0000000100)='stack\x00') capset(&(0x7f0000000080)={0x20080522}, &(0x7f00000000c0)={0x200000, 0x200002, 0x7}) pread64(r2, &(0x7f0000000400)=""/15, 0xf, 0x2) 3.236273749s ago: executing program 2 (id=441): syz_mount_image$reiserfs(&(0x7f0000000180), &(0x7f0000000280)='./file0\x00', 0x1000098, &(0x7f00000002c0), 0xfe, 0x1103, &(0x7f0000000300)="$eJzs2LFqFEEYB/D/7J6ChZxM+iWghYIEw/kCKRSusbCxsTus7LxKucfJG/gakso+5gFSBOyV3fU0AUHxDg+O3w+W3e/Pznwz5UwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgN0luJzlokrrOmiQl6bqz+UWSbp3f+9Q2KXn5Zr589m72fDn+lj5rUvpRQ12P79c6q7N6XJ8enDyoy/cf3rbXWpZ0Ob9aLe68uNzqVvre7VZnBAAAgP3wbWPTYZ67O+sPAAAA/MlWLxMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANlTXH02SknTd2fwiSbfbZQEAAAAbKmnyevq7fLwG+OVxPk/LkCf5cprk61A8yek4/tFftPv46kZ5698XDgAAAHumXDuPP8zk57m8zw4zydHRWP945fIkaYeT+U3nV6vF8ByuFuV/bgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPjODhwLAAAAAAjzt06jYwMAAAAAAAAAAAAAAAAAAKYKAAD//xIs078=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x121042, 0x2) pwrite64(r0, &(0x7f0000000140)='2', 0x1, 0x8000c61) ioctl$SNDRV_CTL_IOCTL_POWER_STATE(0xffffffffffffffff, 0x800455d1, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x0) pwrite64(r1, &(0x7f0000000000)='2', 0x1, 0x4fed0) mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x8000, 0x1) 2.889341715s ago: executing program 4 (id=443): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x4e23, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0xfffffffd, 0x0, 0x0, 0x0, 0x8a}, 0x9c) setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f0000000240), 0x8) bind$inet6(r0, &(0x7f0000000300)={0xa, 0x4e23, 0x0, @loopback, 0x3}, 0x7e) sendto$inet6(r0, &(0x7f0000847fff)='X', 0x34000, 0xe0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000a00)={0x0, @in6={{0xa, 0x4e23, 0x2, @loopback, 0xfffffffd}}, 0x0, 0x0, 0x500, 0x0, 0x4, 0x6}, 0x9c) 2.301682825s ago: executing program 4 (id=446): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=@newqdisc={0x34, 0x24, 0x10, 0x1, 0x25dffbfe, {0x0, 0x0, 0x0, 0x0, {0xb, 0x5}, {0xa, 0xffff}, {0xd, 0xfff1}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x4040040}, 0x4048084) r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000402609333340000000000109022400010000000009040000010301000009210000000122010009058103"], 0x0) syz_usb_disconnect(r0) syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="120100009ac0b620110f2110"], 0x0) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) syz_usb_ep_write(r0, 0x81, 0x2, &(0x7f0000000200)='1%') readv(r1, &(0x7f00000001c0)=[{&(0x7f00000019c0)=""/196, 0xc4}, {0x0}], 0x2) 2.110630844s ago: executing program 2 (id=448): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000007c0)=[@text16={0x10, &(0x7f00000000c0)="0f2976cb8fe9c8012a660faef5f30f01e8b8c4008ec8baf80c66b89e2d388766efbafc0cb80f05ef660fc774000f01fab89f000f00d8b801018ee0", 0x3b}], 0x1, 0x28, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1.591557498s ago: executing program 0 (id=451): setfsgid(0xee00) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r0) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x800000, 0x0) r1 = syz_clone(0x20300000, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = syz_open_procfs(r1, &(0x7f0000000100)='io\x00') preadv(r2, &(0x7f00000001c0)=[{&(0x7f0000000340)=""/230, 0xe6}], 0x1, 0x401, 0x9) 1.458908541s ago: executing program 0 (id=452): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CAP_HYPERV_SYNIC2(r2, 0x4068aea3, &(0x7f0000000140)) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000040)={0x2, 0x0, [{0x400000b0, 0x0, 0x5}, {0x400000b1, 0x0, 0x10000000000005}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1.105491087s ago: executing program 5 (id=453): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004cc311ec8500000075000000a70000000800000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000000)='kfree\x00', r0}, 0x10) r1 = socket$inet(0xa, 0x801, 0x84) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) setsockopt(r1, 0x84, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8) listen(r1, 0x8) accept4$inet(r1, &(0x7f0000000040)={0x2, 0x0, @multicast2}, 0x0, 0x0) 1.094529998s ago: executing program 0 (id=454): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x30000c6, &(0x7f0000000080), 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==") mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0) chdir(&(0x7f00000000c0)='./bus\x00') symlink(&(0x7f0000000580)='./file0\x00', &(0x7f00000002c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') creat(&(0x7f0000000e00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x0) rename(&(0x7f00000003c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000f40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') 961.535131ms ago: executing program 5 (id=455): syz_mount_image$iso9660(&(0x7f0000000d40), &(0x7f0000000280)='./file0\x00', 0x0, &(0x7f0000000b80)=ANY=[], 0x1, 0x5ef, &(0x7f0000000d80)="$eJzs3M9uG8cZAPBZW4ppBzUKBG0cx0A2Tg7uwQpJ1TIE92B2tZI2IbnELhXIp8KopdSIlABJCzS+FL6kDdCip56LXHroE/Sl8gwqllzZpP5Rsa3YQX4/wNwR9+PON8PFjElwJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIUpWms1WFLpZf2MzPl6yUuS9E87vX+9/U4cp8xOPIQohqv6FRiNcGT915Y2nsb+oHq6HN8d/vRka1aERHr3+y5/feWPuXPXC+SgKJyT0QlysHvbOh7qiz8+N83ly/suvHn16f2dn64uzTuQVtZb2szLPep21NM7KPF5eWmp+sL5axqtZNy3vlcO0FydF2hnmRXwjuRtCWF6M04V7+UZ/baXTTeMbya/i1vLy7ZvtZnMp/nBhkHaKMu9/8OFCmaxn3W7WXxvFVKdvtt8Jt6sb8aNsGA/TRi+Otx/ubC3OSrIKap0mqD0rqN1st1utdru1dGv51u1mszG+Hf7T/iKMn5hrHhAOvmTu7G9aXjmvhYmBY3+Me+1FjeHwrPaSfx594vwPnQkAAABwVqLRd+zR6Hv5K6PSatZNm1Mxe9HFl5YfAAAA8PyiMPp9XVT/MO9KiA5//p/gNysAAADwI/S3J2vsLhyxxi5EUSgHF6L9j/2Dzfej3U5V6uzWCwQOrRMYrl6NLtcXGR2W5uq/kvRa9NY46K396O/qw/b0Wr/5cDCPqCjmo8ejBKbrO10CVdRc+Hu4Oo65+mB8fFDH1SsSL61m3XQhybt3WqHTuXxumG4O//TZwz+HUBR757/p9y5HYfvhztbC7z/feTDK5XF1lce70fhy0cm5XAhPOyP88cm6x3p1493pFs+PvoipWv1Nv3dpXG9z8g2oFyOeO/0bEL4Ob49j3r40Pl6abn+jqrO1cETrJ7NoDTbfv1BXdsqWH8ji2jjm2o33qsN7N+oz8xNZtGdl0a77/y9V/z9TXxyTxWRfLM7KYnHyLjg2i6q3js4C4GXZPjgLHZr/n867x8474zX9J4y12yeu5B9N4QdrOfTfiz+EWbV8Hd4dx7x7de7pjHRgRG/OGtGbp5zXjxvR/xuu//tfIWyE6/vBx82xVb3/mJpVo91vqxd8e6jeeqV5KLvtvb0QLt4Zz99fnb/5cPf+J1ufbH3Wbi8uNX/dbN5qh/lRM+rD0f11Pph7AH7S0uK76NLwr1FRZIPftZaXW53hehoXefJRXGQra2mc9Ydpkax3+mtpPCjyYZ7k3arwcbaSlnG5MRjkxTBezYt4kJfZ5mjnl7je+qVMe53+MEvKQTftlGmc5P1hJxnGK1mZxION33azcj0tRi8uB2mSrWZJZ5jl/bjMN4okXYjjMk0nArOVtD/MVrOq2I8HRdbrFPfij/PuRi+NV9IyKbLBMB9fcL+urL+aF73qsocmcQD4qfoy1DvYPdnK7nsXQmNGzMtuIwAw7eAsfeHYSHsAAAAAAAAAAAAAAADAyzK5XO839ZY+z70icL/QeEHXmVFoTD9z9/Wjgt858zS+VyGEMPfo0/v7m/A81wX3d2J6Fdr1/IUohPAKpHHyPXZWhcaMt3K+Pv+sVVSdOzv4Z1XMDz0SAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBs/w8AAP//uVeEhg==") prlimit64(0x0, 0xe, 0x0, 0x0) sched_setaffinity(0x0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)) r0 = openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0) getdents64(r0, &(0x7f0000000040)=""/54, 0x36) getdents64(r0, 0xfffffffffffffffe, 0x29) 906.621108ms ago: executing program 2 (id=457): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2003, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_TSC_KHZ_vm(r1, 0xaea2, 0xffffffffffffffff) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x5) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@text64={0x40, 0x0}], 0x1, 0x41, 0x0, 0x0) ioctl$KVM_SET_TSC_KHZ_cpu(r2, 0xaea2, 0x7) ioctl$KVM_RUN(r2, 0xae80, 0x0) 713.378167ms ago: executing program 5 (id=458): write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000700)={'syz0\x00', {0x0, 0xe5e4, 0x0, 0x9}, 0x7, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x3, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x80000000, 0x0, 0x0, 0x0, 0x8, 0x0, 0x2000001, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0x0, 0xfffffffc, 0x4, 0xfffffefe, 0x0, 0xf6, 0x0, 0x0, 0x3, 0x1, 0x9, 0x0, 0x0, 0x80001ff, 0x4, 0x0, 0x1, 0x7fffffff, 0x2, 0x4000000, 0xfffffffd, 0x5, 0x0, 0xfdfffffe, 0x4, 0x0, 0x0, 0x0, 0x0, 0x5, 0xfffffffe, 0xffffffff, 0x7b67], [0x0, 0x0, 0x0, 0x3, 0x3, 0x0, 0xfffffffe, 0x3, 0x0, 0x0, 0x9b05, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x0, 0xfffffff8, 0xfffffffc, 0x2, 0x7, 0x5, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x6, 0x0, 0xffffffff, 0xfffffffc, 0x0, 0x0, 0xc33, 0xffffffff, 0x1a0d, 0x39, 0xaecd, 0x10, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc], [0x1, 0x0, 0x567, 0x4, 0x0, 0x0, 0x0, 0x9, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000005, 0x0, 0x0, 0x0, 0x0, 0x3, 0x10000000, 0x0, 0x101, 0xfffffffe, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0xfffffffd, 0x0, 0x0, 0x4000000d, 0xffffffff, 0x0, 0x9, 0x3, 0x0, 0x14, 0x1, 0x0, 0x400a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001, 0x0, 0x1d, 0x400, 0x0, 0x8, 0x4000002, 0x0, 0x100000], [0x0, 0x1ff, 0x0, 0x4, 0x2, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffe, 0xf7b, 0x0, 0x0, 0x0, 0xaad, 0x10000, 0x80000, 0x0, 0x8, 0x0, 0x3e8, 0xfffffffd, 0x10000001, 0x0, 0x0, 0x5861, 0x0, 0xdf77, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd, 0x0, 0x0, 0xf, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x101, 0xfffffffe, 0x0, 0x5, 0x0, 0x1]}, 0x45c) syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000280)='./file0\x00', 0x0, &(0x7f0000002a80)=ANY=[@ANYBLOB="66736d616769633d3078303030303030303030303030653461332c726f6f74636f6e746578743d756e636f6e66696e65645f752c7375626a5f726f6c653d405c212f2e2f2ec53a2c66736e616d653d6e6f67727069642c7375626a5f747970653d646973636172642c66736d616769633d3078303030303030303030303030303030372c657569643e", @ANYRESDEC, @ANYBLOB=',uid<', @ANYRESDEC, @ANYBLOB="2c646f6e745f6170707261699e3c3bf8348b3e622766736465663d69736f383835392d312c6f626a5f726f6c653d2421f42c646f6e745f686173682c00"], 0x0, 0x14f5, &(0x7f0000001580)="$eJzs3AuYjlXXOPC99t43Y5r0NMlh2GuvmycNtkmSHBJySJIkSXJKSJokSUgMOSUNSchxkhyGkBymMWmcz4eckyavNEkSklPY/0vv+33e9+v9vr7v//b/u65v1u+69jV7zf2s9ax71lzz3PdzXfP80HNUvRb1azcjIvEvgb9+SRFCxAghhgkhbhBCBEKISvGV4q8cL6Ag5V97EvbnejT9WnfAriWef97G88/beP55G88/b+P55208/7yN55+38fwZy8u2zyl2I6+8u/j9/7yMX///F8ktP/mbjeVv7vU/SOH55208/7yN55+38fzzNp5/3sbz/9+v1n9xjOeft/H8GcvLrvX7z7yu7brWv3+MMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxvKGc/4qLYT4t/217osxxhhjjDHGGGN/Hp//WnfAGGOMMcYYY4yx//dASKGEFoHIJ/KLGFFAxIrrRJy4XhQUN4iIuFHEi5tEIXGzKCyKiKKimEgQxUUJYQQKK0iEoqQoJaLiFlFa3CoSRRlRVpQTTpQXSeI2UUHcLiqKO0QlcaeoLO4SVURVUU1UF3eLGuIeUVPUErXFvaKOqCvqifriPtFA3C8aigdEI/GgaCweEk3Ew6KpeEQ0E4+K5uIx0UI8LlqKJ0Qr0Vq0EW1Fu/+r/FdEX/Gq6Cf6ixQxQAwUr4lBYrAYIoaKYeJ1MVy8IUaIN0WqGClGibfEaPG2GCPeEWPFODFevCsmiIlikpgspoipIk28J6aJ98V08YGYIWaKWWK2SBdzxFzxoZgn5osF4iOxUHwsFonFYolYKjLEJyJTLBNZ4lOxXHwmssUKsVKsEqvFGrFWrBPrxQaxUWwSm8UWsVVsE9vF52KH2Cl2id1ij9gr9okvxH7xpTggvhI54uv/Yf7Z/5DfCwQIkCBBg4Z8kA9iIAZiIRbiIA4KQkGIQATiIR4KQSEoDIWhKBSFBEiAElACEBAICEpCSYhCFEpDaUiERCgLZcGBgyRIggpwO1SEilAJKkFlqAxVoCpUhepQHWpADagJNaE21IY6UAfqQT24D+6D+6EhNIRG0AgaQ2NoAk2gKTSFZtAMmkNzaAEtoCW0hFbQCtpAG2gH7aA9tIcO0AE6QSfoDJ2hC3SBZEiGrtAVukE36A7doQf0gJ7QE3pBb+gNr8Ar8Cq8Cv2hjhwAA2EgDIJBMASGwlB4HYbDG/AGvAmpMBJGwVvwFrwNY+AMjIVxMB7GQw05ESbBZCA5FdIgDabBNJgO02EGzISZMBvSYQ7MhbkwD+bDfPgIFsLH8DEshsWwFDIgAzJhGWRBFiyHs5ANK2AlrILVsAZWwzpYD+tgI2yCjbAFtsA22Aafw+ewE3bCbtgNe2EvfAFfwJfwJaRCDuTAQTgIh+AQHIbDkAu5cASOwFE4CsfgGByH43ACTsIpOAmn4TScgbNwDs7BBbgAF+GlhO+a7y2zIVXIK7TUMp/MJ2NkjIyVsTJOxsmCsqCMyIiMl/GykCwkC8vCsqgsKhNkgiwhS0iUKEmGsqQsKaMyKkvL0jJRJsqysqx00skkmSQryAqyoqwoK8k7ZWV5l6wiq8qOrrqsLmvITq6mrCVry9qyjqwr68n6sr5sIBvIhrKhbCQbycaysWwiH5ZN5QAYAo/KK5NpIUdCSzkKWsnWso1sK9+GJ2V7OQY6yI6yk3xajoOx0EW2d8nyOdlVToJu8gU5GV6UPeRU6Clflr1kb9lHviL7yg6un+wvZ8AAOVDOhkFysBwih8p5UFdemVg9+aZMlSPlKPmWXApvyzHyHTlWjpPj5btygpwoJ8nJcoqcKtPke3KafF9Olx/IGXKmnCVny3Q5R86VH8p5cr5cID+SC+XHcpFcLJfIpTJDfiIz5TKZJT+Vy+VnMluukCvlKrlarpFr5Tq5Xm6QG+UmuVlukVvlNrldfi53yJ1yl9wt98i9cp/8Qu6XX8oD8iuZI7+WB+Vf5CH5jTwsv5W58jt5RH4vj8of5DH5ozwuf5In5El5Sv4sT8tf5Bl5Vp6T5+UF+au8KC/Jy9JLoUBJpZRWgcqn8qsYVUDFqutUnLpeFVQ3qIi6UcWrm1QhdbMqrIqooqqYSlDFVQllFCqrSIWqpCqlouoWVVrdqhJVGVVWlVNOlVdJ6jZVQd2uKqo7VCV1p6qs7lJVVFVVTVVXd6sa6h5VU9VStdW9qo6qq+qp+uo+1UDdrxqqB1Qj9aBqrB5STdTDqql6RDVTj6rm6jHVQj2uWqonVCvVWrVRbVU79aRqr55SHVRH1Uk9rTqrZ1QX9axKVs+prup51U29oLqrF1UP9ZLqqV5WvVRv1UddUpeVV/1Uf5WiBqiB6jU1SA1WQ9RQNUy9roarN9QI9aZKVSPVKPWWGq3eVmPUO2qsGqfGq3fVBDVRTVKT1RQ1VaWp99Q09b6arj5QM9RMNUvNVulqjhryt0oL/hv57/+T/BG/Pfs2tV19rnaonWqX2q32qL1qn9qn9qv96oA6oHJUjjqoDqpD6pA6rA6rXJWrjqgj6qg6qo6pY+q4Oq5OqJPqvPpZnVa/qDPqrDqrzqsL6oK6+LefgdCgpVZa60Dn0/l1jC6gY/V1Ok5frwvqG3RE36jj9U26kL5ZF9ZFdFFdTCfo4rqENhq11aRDXVKX0lF9iy6tb9WJuowuq8tpp8vrJH3bv5z/R/210+10e91ed9AddCfdSXfWnXUX3UUn62TdVXfV3XQ33V131z10D91T99S9dC/dR/fRfXVf3U/30yk6RQ/Ur+lBerAeoofqYfp1PVwP1yP0CJ2qU/UoPUqP1qP1GD1Gj9Vj9Xg9Xk/QE/QkPUlP0VN0mk7T0/Q0PV1P1zP0DD1Lz9LpOl3P1XP1PD1PL9AL9EK9UC/Si/QSvURn6AydqTN1ls7Sy/Vyna1X6BV6lV6l1+g1ep1epzfoDXqT3qS36C06W2/X2/UOvUPv0rv0Hr1H79P79H69Xx/QB3SOztEH9UF9SB/Sh/Vhnatz9RF9RB/VR/UxfUwf18f1CX1Cn9Kn9Gl9Wp/RZ/Q5fU5f0Bf0RX1RX9aXr1z2BTKQgQ50kC/IF8QEMUFsEBvEBXFBwaBgEAkiQXwQHxQKbg4KB0WCokGxICEoHpQITICBDSgIg5JBqSAa3BKUDm4NEoMyQdmgXOCC8kFScFtQIbg9qBjcEVQK7gwqB3cFVYKqQbWgenB3UCO4J6gZ1ApqB/cGdYK6Qb2gfnBf0CC4P2gYPBA0Ch4MGgcPBU2Ch4OmwSNBs+DRoHnwWNAieDxoGTwRtApaB22CtkG7P7W+92eKPOX6mf4mxQwwA81rZpAZbIaYoWaYed0MN2+YEeZNk2pGmlHmLTPavG3GmHfMWDPOjDfvmglmoplkJpspZqpJM++ZaeZ9M918YGaYmWaWmW3SzRwz13xo5pn5ZoH5yCw0H5tFZrFZYpaaDPOJyTTLTJb51Cw3n5lss8KsNKvMarPGrDXrzHqzwWw0m8xms8VsNdvMdvO52WF2ml1mt9lj9pp95guz33xpDpivTI752hw0fzGHzDfmsPnW5JrvzBHzvTlqfjDHzI/muPnJnDAnzSnzszltfjFnzFlzzpw3F8yv5qK5ZC4bf+Xi/srLO2rUmA/zYQzGYCzGYhzGYUEsiBGMYDzGYyEshIWxMBbFopiACVgCS+AVhIQlsSRGMYqlsTQmYiKWxbLo0GESJmEFrIAVsSJWwkpYGStjFayC1bAa3o134z14D9bCWngv3ot1sS7Wx/rYABtgQ2yIjbARNsbG2ASbYFNsis2wGTbH5tgCW2BLbImtsBW2wTbYDtthe2yPHbADdsJO2Bk7YxfsgsmYjF2xK3bDbtgdu2MP7IE9sSf2wl7YB/tgX+yL/bAfpmAKDsSBOAgH4RAcgsNwGA7H4TgCR2AqpuIoHIWjcTSOwTE4FsfheHwXJ+BEnISTcQpOxTRMw2k4DafjdJyBM3AWzsJ0TMe5OBfn4TxcgAtwIS7ERbgIl+ASzMAMzMRMzMIsXI7LMRuzcSWuxNW4GtfiWlyP63EjbsTNuBm34lbcjttxB+7AXbgL9+Ae3If7cD/uxwN4AHMwBw/iQTyEh/AwHsZczMUjeASP4lE8hsfwOB7HE3gCT+EpPI2n8QyewXN4Di/gr3gRL+Fl9BhjpYi119k4e70taG+wMbaA/fu4qC1mE2xxW8IaW9gW+YcYrbWJtowta8tZZ8vbJHvb7+IqtqqtZqvbu20Ne4+t+bu4gb3fNrQP2Eb2QVvf3vcPcWP7kG1iH7dN7RO2mW1tm9u2toV93La0T9hWtrVtY9vazvYZ28U+a5Ptc7arff53caZdZtfbDXaj3WT32y/tOXveHrU/2Av2V9vP9rfD7Ot2uH3DjrBv2lQ78nfxePuunWAn2kl2sp1ip/4unmVn23Q7x861H9p5dv7v4gz7iV1os+wiu9gusUt/i6/0lGU/tcvtZzbbrrAr7Sq72q6xa+26f+91ld1it9ptdp/9wu6wO+0uu9vusXt/i6+cxwH7lc2xX9sj9nt7yH5jD9tjNtd+91t85fyO2R/tcfuTPWFP2lP2Z3va/mLP2LO/nf+Vc//ZXrKXrbeCgCQp0hRQPspPMVSAYuk6iqPrqSDdQBG6keLpJipEN1NhKkJFqRglUHEqQYaQLBGFVJJKUZRuodJ0KyVSGSpL5chReUqi26gC3U4V6Q6qRHdSZbqLqlBVqkbV6W6qQfdQTapFteleqkN1qR7Vp/uoAd1PDekBakQPUmN6iJrQw9SUHqFm9Cg1p8eoBT1OLekJakWtqQ21pXb0JLWnp6gDdaRO9DR1pmeoCz1LyfQcdaXnqRu9QN3pRepBL1FPepl6UW/qQ69QX3qV+lF/SqEBNJBeo0E0mIbQUBpGr9NweoNG0JuUSiNpFL1Fo+ltGkPv0FgaR+PpXZpAE2kSTaYpNJXS6D2aRu/TdPqAZtBMmkWzKZ3m0Fz6kObRfFpAH9FC+pgW0WJaQkspgz6hTFpGWfQpLafPKJtW0EpaRatpDa2ldbSeNtBG2kSbaQttpW20nT6nHbSTdtFu2kN7aR99QfvpSzpAX1EOfU0H6S90iL6hw/Qt5dJ3dIS+p6P0Ax2jH+k4/UQn6CSdop/pNP1CZ+gsnaPzdIF+pYt0iS6TJxFCKEMV6jAI84X5w5iwQBgbXhfGhdeHBcMbwkh4Yxgf3hQWCm8OC4dFwqJhsTAhLB6WCE2IoQ0pDMOSYakwGt4Slg5vDRPDMmHZsFzowvJhUnhbWCG8PawY3hFWCu8MK4d3hVXCquHjD1YP7w5rhPeENcNaYe3w3rBOWDesF9YP7wsbhPeHDcMHwkbhg2HF8KGwSfhw2DR8JGwWPho2Dx8LW4SPhy3DJ8JWYeuwTdg2bBc+GbYPnwo7hB3DTuHTYefwmbBL+GyYHD4Xdg2f/8PjKeGAcGD4Wvha6P0Dakl0aTQj+kk0M7osmhX9NLo8+lk0O7oiujK6Kro6uia6Nrouuj66Iboxuim6ObolujW6Lep9/fzCgZNOOe0Cl8/ldzGugIt117k4d70r6G5wEXeji3c3uULuZlfYFXFFXTGX4Iq7Es44dNaRC11JV8pF3S2utLvVJboyrqwr55wr75JcW9fOtXPt3VOug+voOrmn3dPuGfeMe9Y9655zXd3zrpt7wXV3L7oe7iX3knvZ9XK9XR/3iuvrXnX9XH+X4lLcQDfQDXKD3BA3xA1zw9xwN9yNcCNcqkt1o9woN9qNdmPcGDfWjXXj3Xg3wU1wk9wkN8VNcWkuzU1z09x0N93NcDPcLDfLpbt0N9fNdfPcPLfALXALExe6RW6RW+KWuAyX4TJdpstyWW65W+6yXbZb6Va61W61W+vWuvVuvdvoNrrNbrPb6ra67W672+F2uF1ul9vj9rh9bp/b7/a7A+6Ay3E57qA76A65Q+6w+9bluu/cEfe9O+p+cMfcj+64+8mdcCfdKfezO+1+cWfcWXfOnXcX3K/uorvkLjvv0iLvRaZF3o9Mj3wQmRGZGZkVmR1Jj8yJzI18GJkXmR9ZEPkosjDycWRRZHFkSWRpJCPySSQzsiySFfk0sjzyWSQ7siKyMrIqsjqyJuJ98R2hL+lL+ai/xZf2t/pEX8aX9eW88+V9kr/NV/C3+4r+Dl/J3+kr+7t8FV/VV/NP+Fa+tW/j2/p2/knf3j/lO/iOvpN/2nf2z/gu/lmf7J/zXf3zvpt/wXf3L/oe/iXf07/se/nevo9/xff1r/p+vr9P8QP8QP+aH+QH+yF+qB/mX/fD/Rt+hH/Tp/qRfpR/y4/2b/sx/h0/1o/z4/27foKf6Cf5yX6Kn+rT/Ht+mn/fT/cf+Bl+pp/lZ/t0P8fP9R/6eX6+X+A/8gv9x36RX+yX+KU+w3/iM/0yn+U/9cv9Zz7br/Ar/Sq/2q/xa/06v95v8Bv9Jr/Zb/Fb/Ta/3X/ud/idfpff7ff4vX6f/8Lv91/6A/4rn+O/9gf9X/wh/40/7L/1uf47f8R/74/6H/wx/6M/7n/yJ/xJf8r/7E/7X/wZf9af8+f9Bf+rv+gv+cv8P2uMMcYYY/8t6g+OD/gn35N/W1cMFEJcv7NY7n+subnwX/eDZULniBDiuf49H/23VadOSkrK3x6brURQarEQInI1P5+4Gq8QncQzIll0FBX+aX+DZe8L9Af1o3cKEft3OTHiany1/u3/Sf0nnx6fWTk8F/9f1F8sRGKpqzkFxNX4av2K/0n9Iu3/oP8C36QJ0eHvcuLE1fhq/STxlHheJP/DIxljjDHGGGOMsb8aLKt1/6P75yv35wn6ak5+cTX+o/tzxhhjjDHGGGOMXXsv9u7z7JPJyR2784Y3vOHNv2+u9V8mxhhjjDHG2J/t6kX/te6EMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhjLu/5/fJzYtT5HxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhj7Fr7PwEAAP//SOc8Mw==") syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000200)='./bus\x00', &(0x7f0000000b80), 0x204008, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './cgroup'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) syz_mount_image$fuse(&(0x7f00000001c0), &(0x7f00000002c0)='./bus\x00', 0x322020, &(0x7f0000000380)=ANY=[], 0x1, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='blkio.bfq.sectors_recursive\x00', 0x275a, 0x0) ioctl$FS_IOC_RESVSP(r0, 0xc0189436, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x5f, 0x3}) 675.364151ms ago: executing program 0 (id=459): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1, 0x0, 0x0, 0x2) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) 521.617787ms ago: executing program 2 (id=460): syz_mount_image$reiserfs(&(0x7f0000000140), &(0x7f0000001140)='./file6\x00', 0x98, &(0x7f0000000280), 0x1, 0x10ef, &(0x7f00000022c0)="$eJzs2DGLE0EYBuB3dg/kqshcvx5oYSHHHfEPXKGQxsLaLljZmUrJz/HnyFX2R3pTBOyVTQwJEhDJYuB4Hlh252Vmvp1yvgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDvLPlekosmqdusSVKSrrubLJJ02/zx17ZJydv3k9mrj+PXs8209FmT0q9aj+vN01rHdVxv6suL22d19unzh3avZEmX+9V8ev5mOehR+trtoDsCAADAw/DzaKMT1wcAAAD+ZrBGAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAA6vajSVKSrrubLJJ0p/0tAAAA4EglTd6NDuWbNsDOi3wblZRHu+RH6edc58uB9QAAAMC/KXv38ec5z5O9/DJnubrajH+/srxN2iTXf+xzv5pP18/lfFr+5wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgF/swLEAAAAAgDB/6zQ6NgAAAAAAAAAAAAAAAGCqAAAA//9TGNII") r0 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x103a42, 0x100) fsetxattr$trusted_overlay_opaque(r0, &(0x7f0000000180), 0x0, 0x0, 0x1) truncate(&(0x7f0000000080)='./file0\x00', 0x3a6800) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0xc4042, 0xb9cbbe05c791f09e) write$uinput_user_dev(r0, &(0x7f0000002dc0)={'syz1\x00', {0x0, 0x3, 0x1000, 0x101}, 0x19, [0xf, 0x7, 0x3, 0x0, 0xd, 0x8, 0x9b, 0x3ff, 0x8f, 0xff, 0x6, 0x3, 0x5f0, 0x4, 0x8, 0x9, 0x4, 0x3ff, 0x101, 0x400, 0x8, 0x2, 0xe, 0x800, 0x8, 0xfffffffb, 0x7, 0x2, 0x0, 0x9, 0x6, 0x1ff, 0x8, 0x0, 0x5, 0x3, 0x9, 0x5, 0x2, 0x9, 0x40, 0x8, 0x1, 0x2f, 0x3ff, 0x0, 0xb, 0x3, 0x6, 0x7, 0x5, 0xb, 0xfffffffe, 0x1, 0x9, 0x9, 0xe5c5, 0xb, 0x4, 0x7, 0x100, 0x24, 0x2, 0x3], [0x3ff, 0x0, 0xa, 0x5, 0x8, 0x0, 0x6, 0xed92, 0x888, 0x0, 0x7f, 0x118758c6, 0xfff, 0x8, 0x4, 0x4, 0x5, 0x0, 0x9, 0x2f, 0x3, 0x10001, 0xf6, 0x0, 0x7, 0xc, 0x3f, 0x1ff, 0x8, 0x9, 0x0, 0xff, 0x0, 0x8, 0x4, 0x4, 0x6, 0x0, 0x6, 0x9, 0x3ff, 0xe, 0x8, 0x10000, 0x6, 0x0, 0x1ff, 0x8, 0x0, 0x7fffffff, 0xfff, 0xe81, 0x6, 0x7e22, 0x7fffffff, 0x1, 0x10000, 0x44, 0x52d, 0x5, 0x3, 0xfffff001, 0x9, 0x24d], [0x8, 0x1, 0x78da, 0x8000, 0xffffff7f, 0x67c, 0x98f5, 0x0, 0x10, 0xc1c, 0x4, 0x4db83704, 0x8, 0x6, 0xc7a, 0x5, 0xf978, 0x7ffffffc, 0x3, 0x5, 0x0, 0x9, 0xb6c, 0x8000, 0x1, 0x6, 0x1000, 0x4, 0x200, 0x5, 0x0, 0x7, 0x8f98, 0x0, 0x8000, 0x80000000, 0x4, 0x0, 0xa6b0, 0x6, 0xa221, 0x7fffffff, 0x2, 0x4, 0x10001, 0x45b, 0x8, 0x3e85daf5, 0x404, 0xffff8000, 0x423, 0xbf3, 0x94, 0x3, 0x4, 0x2, 0x4, 0x1, 0x5, 0x1, 0x1, 0x1, 0x5, 0x6], [0x9, 0x4, 0xffff8001, 0x4, 0x81, 0x1, 0x1, 0x0, 0x8, 0x6, 0xb, 0x1, 0x4, 0x9b4, 0x9, 0x3, 0x4, 0x9, 0x260d, 0xfffffffb, 0xc, 0xff, 0x7, 0x3, 0x2, 0x7fffffff, 0x1, 0x9, 0x3, 0x5, 0xffffffff, 0xa7bd, 0x9, 0x9, 0x1, 0x25562d28, 0x3ff, 0x9, 0x39, 0x8, 0x6, 0xa7d7, 0x6, 0x5, 0x0, 0x40f, 0xff, 0x2, 0x800, 0xffffffff, 0xa9, 0x20009, 0x3, 0x6, 0xfc9a, 0x3, 0x10001, 0x9, 0x5, 0x800, 0x7, 0x3859, 0x2, 0x1]}, 0x45c) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='memory.swap.current\x00', 0x275a, 0x0) 487.88253ms ago: executing program 5 (id=461): syz_mount_image$hfsplus(&(0x7f0000000180), &(0x7f0000000500)='./file2\x00', 0x80408a, &(0x7f0000000540)=ANY=[], 0x11, 0x6c1, &(0x7f000000abc0)="$eJzs3c9vHGcZB/DvrNc/NpVct03TgCrVNFJBRCRxrBTCJQEhFKQKVUGCs9U4jRUnDY6L0h6IC0hInDjwB7SHcIETCCEhIUUqZ7hVcLI4VULqpae0Qgza2dn12t21N3FiO/D5WLPzvPPOvvPMs/NjdyVrA/zfunA8zbtp5cLxV2612+t35pfX78xf68SN5SSTSRpJszNLcT0p3k/OpzPlc+2F9XDFsO38aunsxQ8+Xv+w02pmY7z2Q2t4gs1R9mKtnjKbZKye78Km8V57sPEmN8KiV5l2wY51Cwf7bTxJuckPj2z0DFKO9TWGnu/A46Po3Df7dM7/meRQkqnuDW2t09nY+wx3NMK16Be9aO3R5gIAAAAHwpP3bie3Mr3feQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDjpP79/6KeGt14NkX39/8n+n5jf2Kf0x1u+8ymusHdxl4kAwAAAAAAAACP1gv38puLZTndbZdFGt8fqxuHq8cn8mZuZjErOZFbWchqVrOSuSQzfQNN3FpYXV2Zy4udZ35aluWQZ54e+MzTIybc2v0+AwAAAAAAAMD/kHP1/Ce5kOl9zgUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADYpkrHOrJoOd+OZNJpJppJMtNdbS/7WjR9nd/c7AQAAAHhY/vHvsjKg68l7uZdbme62y6L6zH+k+tw/lTdzPatZymqWs5hL1XcBnU/9jfU788vrd+avtafPjvteayP+/fSOGVYjpvPdw+AtH63WaOVylqolJ/Ja3shyLqVRPbPtaDefwXm981F77HMdZZnJUWp3qZ639/yX9fxgmKkqMt6ryKl2bkWnjk9tX4lvfLSrLc2l0fvm5/B91Pzctlsp/tM9Qg91lyRPfGfnmo/f187sytZKnO47+o5sX4nki3/47Q+uLF+/eqVYO35wDqNBXhi8ePKfG9eQmfqMTfVl4GLm+yrx3MiVuHzzgFdiqOamViPP9uIL+Xa+l+OZzatZyVJ+lIWsZjGz+VYVLdTHc/txZvtKnd/UenWnnCbq12VsS05feLIz3y6nF6vnTmcp380buZTFvFz9nc5cvpozOZOzfa/wsyOc9Y0BZ/0fhyd/7Et10L5z/LyeHwztuj7VV9f+a+5M1de/pJGyvrM8/dCujT3Nz9dB+5X4ad85uP96lZhK7y7Rze6ZbgXGB1biveqycnP5+tWVKws3toxbrA3e3kvZvPsH50LSPl6e7l0jNh8d7b5nBvbNVX2He32NrX2/bvX6djpTJ+r3cJ8d6XTV99zAvvmq72hfX/v91lSSxXxalmXn/VbXM3tcVQBGdujLhyZa/2r9tfVu62etK61Xpr45+bXJ5ycy/pfxrzdPjb3UeL74Xd7Nj7PzJ3QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGBHN996++rC8vLiypagLMvbQ7oeSZBmsmnJn//Ut071W2NJRh+wvfb5RlItaaYO7i+x2w+2O+88aBH+Xr8me1LwhxJMDT1+tgaflGV5MHIeJShre771RvZ937vBvl6WgD1wcvXajZM333r7K0vXFl5ffH3x+tkzZ86eOnvm5fmTl5eWp/Y7PeARqu711fuc/c4EAAAAAAAAAAAAGNVo/5xT9JY0k9z3//YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7MKF42neTZG5UydOtdvrd+aX21M33ljzkySNJMVsUryfnE9nykzfcMWw7awlFz/4eP3DTqtZT9X6jd3vxVo9ZTbJWD0fYGrQwvL2sPGKapwbw8cbUdGrTLtgx7qFg/323wAAAP//yAscyg==") socket$vsock_stream(0x28, 0x1, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000162000/0x3000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff8000/0x2000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r0 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a0, 0xc000, 0x8000008, 0xc1}) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0d00010004000000010004000000000000000000", @ANYRES32=r0, @ANYBLOB='\x00\x00\x00\x00\x00'], 0x50) io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0) 328.793396ms ago: executing program 0 (id=462): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @broadcast}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @empty}, 0x10) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@newlink={0x30, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_MTU={0x8, 0x4, 0x600}, @IFLA_GROUP={0x8}]}, 0xfe61}}, 0x880) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f00000000c0)=0x3, 0x4) sendto(r0, &(0x7f00000002c0)='%', 0x300000, 0x0, 0x0, 0x0) 149.704555ms ago: executing program 5 (id=463): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={0xffffffffffffffff, 0x0, 0x9, 0x0, &(0x7f0000000100)="e02742d123e8680d85", 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, 0x0}], 0x1, 0x8, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 48.188835ms ago: executing program 0 (id=464): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="09000000070000000080000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x4}, [@ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x5}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x7c) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r0, 0xffffffffffffffff}, &(0x7f00000002c0), &(0x7f0000000280)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000d0039000000000000b4a518110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='module_request\x00', r2}, 0x10) socketpair(0x0, 0x0, 0x0, &(0x7f00000006c0)) 0s ago: executing program 5 (id=465): unshare(0x62040200) syz_usb_connect(0x0, 0x4a, &(0x7f0000000080)=ANY=[@ANYBLOB="120100005520f010402038b14201040000010902"], 0x0) r0 = socket$inet6(0xa, 0x800000000000002, 0x0) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(0xffffffffffffffff, 0x3ba0, 0x0) unshare(0x2000000) openat$random(0xffffffffffffff9c, 0x0, 0x40000, 0x0) setsockopt$IP6T_SO_SET_ADD_COUNTERS(r0, 0x29, 0x41, &(0x7f0000000440)=ANY=[@ANYBLOB="66696c746572000000000000002000000000000000000000000000000000000004"], 0x68) kernel console output (not intermixed with test programs): llmulticast mode [ 86.968941][ T5766] bridge_slave_0: entered promiscuous mode [ 86.977869][ T5766] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.985168][ T5766] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.007322][ T5766] bridge_slave_1: entered allmulticast mode [ 87.014724][ T5766] bridge_slave_1: entered promiscuous mode [ 87.060707][ T5769] team0: Port device team_slave_0 added [ 87.086116][ T5768] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.093566][ T5768] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.104340][ T5768] bridge_slave_1: entered allmulticast mode [ 87.112588][ T5768] bridge_slave_1: entered promiscuous mode [ 87.163339][ T5769] team0: Port device team_slave_1 added [ 87.283991][ T5769] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.291855][ T5769] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.323487][ T5769] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.341554][ T5767] hsr_slave_0: entered promiscuous mode [ 87.353930][ T5767] hsr_slave_1: entered promiscuous mode [ 87.391768][ T5766] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.401770][ T5769] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.414816][ T5769] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.446230][ T5769] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.494500][ T5768] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.518680][ T5766] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.547308][ T5773] Bluetooth: hci2: command tx timeout [ 87.574311][ T5768] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.626622][ T5773] Bluetooth: hci1: command tx timeout [ 87.632667][ T5782] Bluetooth: hci3: command tx timeout [ 87.638495][ T5083] Bluetooth: hci0: command tx timeout [ 87.672273][ T5766] team0: Port device team_slave_0 added [ 87.683883][ T5769] hsr_slave_0: entered promiscuous mode [ 87.693532][ T5769] hsr_slave_1: entered promiscuous mode [ 87.700161][ T5769] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 87.708415][ T5769] Cannot create hsr debugfs directory [ 87.734912][ T5766] team0: Port device team_slave_1 added [ 87.774078][ T5766] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.781234][ T5766] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.808255][ T5766] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.822788][ T5768] team0: Port device team_slave_0 added [ 87.851218][ T5766] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.859582][ T5766] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.886215][ T5766] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.904733][ T5768] team0: Port device team_slave_1 added [ 87.981775][ T5768] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.989575][ T5768] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.016108][ T5768] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.029212][ T5768] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.036204][ T5768] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.062554][ T5768] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.141159][ T5766] hsr_slave_0: entered promiscuous mode [ 88.147635][ T5766] hsr_slave_1: entered promiscuous mode [ 88.153737][ T5766] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 88.161409][ T5766] Cannot create hsr debugfs directory [ 88.290405][ T5768] hsr_slave_0: entered promiscuous mode [ 88.300395][ T5768] hsr_slave_1: entered promiscuous mode [ 88.306871][ T5768] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 88.314471][ T5768] Cannot create hsr debugfs directory [ 88.502699][ T5767] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 88.532567][ T5767] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 88.543733][ T5767] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 88.577682][ T5767] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 88.657950][ T5769] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 88.669880][ T5769] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 88.681386][ T5769] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 88.692000][ T5769] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 88.772836][ T5766] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 88.786074][ T5766] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 88.813869][ T5766] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 88.824478][ T5766] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 88.937962][ T5768] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 88.954678][ T5768] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 88.965122][ T5768] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 88.990679][ T5768] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 89.069479][ T5767] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.084501][ T5769] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.132417][ T5769] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.151634][ T5767] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.163499][ T3493] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.170906][ T3493] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.201984][ T34] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.209281][ T34] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.243429][ T3493] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.250695][ T3493] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.273251][ T5766] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.303849][ T3493] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.311076][ T3493] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.346023][ T5766] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.404043][ T3515] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.411328][ T3515] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.463427][ T5768] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.478393][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.485532][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.531502][ T5768] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.573415][ T3493] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.580653][ T3493] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.610839][ T34] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.618063][ T34] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.628629][ T5773] Bluetooth: hci2: command tx timeout [ 89.706577][ T5773] Bluetooth: hci1: command tx timeout [ 89.712053][ T5773] Bluetooth: hci3: command tx timeout [ 89.718023][ T5782] Bluetooth: hci0: command tx timeout [ 89.968313][ T5769] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.088414][ T5769] veth0_vlan: entered promiscuous mode [ 90.116385][ T5769] veth1_vlan: entered promiscuous mode [ 90.152207][ T5767] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.213959][ T5769] veth0_macvtap: entered promiscuous mode [ 90.260241][ T5769] veth1_macvtap: entered promiscuous mode [ 90.320095][ T5769] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.331208][ T5767] veth0_vlan: entered promiscuous mode [ 90.344615][ T5768] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.364279][ T5769] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 90.393374][ T5769] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.403016][ T5769] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.412495][ T5769] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.421791][ T5769] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.446238][ T5766] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.455986][ T5767] veth1_vlan: entered promiscuous mode [ 90.606892][ T3515] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.614926][ T3515] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.632317][ T5767] veth0_macvtap: entered promiscuous mode [ 90.642960][ T5768] veth0_vlan: entered promiscuous mode [ 90.681360][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.694755][ T5767] veth1_macvtap: entered promiscuous mode [ 90.697599][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.723103][ T5768] veth1_vlan: entered promiscuous mode [ 90.740274][ T5766] veth0_vlan: entered promiscuous mode [ 90.759947][ T5767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 90.774778][ T5767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.789250][ T5767] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.842344][ T5767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 90.855421][ T5767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.877705][ T5767] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 90.904379][ T5768] veth0_macvtap: entered promiscuous mode [ 90.923550][ T5768] veth1_macvtap: entered promiscuous mode [ 90.940875][ T5766] veth1_vlan: entered promiscuous mode [ 90.951768][ T5861] syz.2.3[5861]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 90.962112][ T5767] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.971789][ T5767] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.985598][ T5861] loop2: detected capacity change from 0 to 1024 [ 91.005216][ T5861] ======================================================= [ 91.005216][ T5861] WARNING: The mand mount option has been deprecated and [ 91.005216][ T5861] and is ignored by this kernel. Remove the mand [ 91.005216][ T5861] option from the mount to silence this warning. [ 91.005216][ T5861] ======================================================= [ 91.019325][ T5767] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.056772][ T5767] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.095262][ T5861] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 91.124429][ T5768] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.135975][ T5768] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.146666][ T5768] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.158368][ T5768] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.170062][ T5768] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.209643][ T5768] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.234624][ T5768] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.245798][ T5768] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.261796][ T5768] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.273679][ T5768] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.311861][ T5768] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.326266][ T5861] EXT4-fs warning (device loop2): ext4_rename_delete:3778: inode #18: comm syz.2.3: Deleting old file: nlink 2, error=-2 [ 91.337638][ T5768] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.351862][ T5768] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.361612][ T5768] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.385114][ T5766] veth0_macvtap: entered promiscuous mode [ 91.452883][ T5769] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 91.467972][ T5766] veth1_macvtap: entered promiscuous mode [ 91.547919][ T79] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.557799][ T79] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.615691][ T5766] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.632425][ T5766] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.647542][ T5766] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.658270][ T5766] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.669056][ T5766] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.680104][ T5766] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.696112][ T5766] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.708746][ T5083] Bluetooth: hci2: command tx timeout [ 91.742415][ T5766] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.766544][ T5766] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.776693][ T5766] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.791842][ T5766] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.798007][ T5083] Bluetooth: hci3: command tx timeout [ 91.807223][ T5773] Bluetooth: hci0: command tx timeout [ 91.807308][ T5782] Bluetooth: hci1: command tx timeout [ 91.820455][ T5766] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.831002][ T5766] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.842627][ T5766] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.855182][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.869771][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.890794][ T34] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.903874][ T34] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.917849][ T5766] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.935881][ T5766] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.949687][ T5766] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.959831][ T5766] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.993702][ T5868] syzkaller1: entered promiscuous mode [ 92.003777][ T5868] syzkaller1: entered allmulticast mode [ 92.071026][ T1137] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.082579][ T1137] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.110908][ T27] cfg80211: failed to load regulatory.db [ 92.234743][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.242793][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.393553][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.424625][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.441534][ T5876] loop0: detected capacity change from 0 to 8 [ 92.549758][ T5876] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 92.863403][ T5888] loop0: detected capacity change from 0 to 64 [ 93.111379][ T5884] loop1: detected capacity change from 0 to 32768 [ 93.146194][ T5884] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 93.198052][ T5884] XFS (loop1): Ending clean mount [ 93.261032][ T28] audit: type=1800 audit(1768176829.484:2): pid=5884 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.9" name="file1" dev="loop1" ino=4422 res=0 errno=0 [ 93.469923][ T5899] loop2: detected capacity change from 0 to 512 [ 93.587919][ T5899] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 93.601748][ T5899] ext4 filesystem being mounted at /3/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 93.635781][ T5767] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 93.682223][ T5841] kernel write not supported for file /sequencer (pid: 5841 comm: kworker/0:4) [ 93.692003][ T5903] syzkaller1: entered promiscuous mode [ 93.739521][ T5903] syzkaller1: entered allmulticast mode [ 93.804613][ T5782] Bluetooth: hci2: command tx timeout [ 93.874697][ T5769] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 93.883853][ T5782] Bluetooth: hci0: command tx timeout [ 93.883909][ T5782] Bluetooth: hci1: command tx timeout [ 93.883942][ T5782] Bluetooth: hci3: command tx timeout [ 94.308301][ T5911] loop0: detected capacity change from 0 to 128 [ 94.354036][ T5911] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 94.383129][ T5911] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 94.443057][ T28] audit: type=1800 audit(1768176830.654:3): pid=5911 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.15" name="file1" dev="loop0" ino=94 res=0 errno=0 [ 94.780186][ T5916] loop1: detected capacity change from 0 to 1024 [ 94.810058][ T5916] ext4: Unknown parameter 'nojournal' [ 95.030940][ T5842] IPVS: starting estimator thread 0... [ 95.037461][ T5927] netlink: 8 bytes leftover after parsing attributes in process `syz.3.22'. [ 95.157316][ T5928] IPVS: using max 18 ests per chain, 43200 per kthread [ 95.334595][ T5935] loop0: detected capacity change from 0 to 512 [ 95.352769][ T5935] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 95.420819][ T5935] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #11: comm syz.0.25: invalid indirect mapped block 4294967295 (level 1) [ 95.483175][ T5919] loop2: detected capacity change from 0 to 32768 [ 95.531303][ T5935] EXT4-fs (loop0): Remounting filesystem read-only [ 95.541445][ T5935] EXT4-fs (loop0): 2 truncates cleaned up [ 95.563894][ T5935] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 95.796175][ T5919] overlayfs: upper fs needs to support d_type. [ 95.873264][ T5919] overlayfs: upper fs does not support tmpfile. [ 95.878820][ T5768] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 95.934988][ T5919] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 96.351727][ T5945] bond0: (slave veth0_virt_wifi): Enslaving as an active interface with an up link [ 96.905328][ T5960] loop1: detected capacity change from 0 to 8 [ 97.063827][ T5961] SQUASHFS error: Failed to read block 0x1ec: -5 [ 97.126648][ T5961] SQUASHFS error: Unable to read metadata cache entry [1ea] [ 97.462182][ T5968] loop3: detected capacity change from 0 to 1024 [ 97.486963][ T5968] EXT4-fs: Ignoring removed orlov option [ 97.520240][ T5954] loop0: detected capacity change from 0 to 32768 [ 97.537364][ T5968] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 97.673261][ T28] audit: type=1804 audit(1768176833.904:4): pid=5968 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.38" name="/newroot/8/bus/bus" dev="loop3" ino=18 res=1 errno=0 [ 97.700248][ T5954] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 97.768406][ T5968] usb usb1: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 97.775874][ T5968] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 97.914624][ T5954] XFS (loop0): Ending clean mount [ 97.931569][ T5954] XFS (loop0): Quotacheck needed: Please wait. [ 97.987589][ T5083] block nbd2: Receive control failed (result -107) [ 98.003584][ T5987] nbd2: detected capacity change from 0 to 10 [ 98.017099][ T55] block nbd2: Dead connection, failed to find a fallback [ 98.024371][ T55] block nbd2: shutting down sockets [ 98.031036][ T55] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 98.040943][ T55] Buffer I/O error on dev nbd2, logical block 0, async page read [ 98.055353][ T5986] nbd2: detected capacity change from 10 to 8589934592 [ 98.075640][ T97] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 98.088173][ T97] Buffer I/O error on dev nbd2, logical block 0, async page read [ 98.095597][ T5989] loop1: detected capacity change from 0 to 1024 [ 98.098999][ T97] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 98.115014][ T97] Buffer I/O error on dev nbd2, logical block 0, async page read [ 98.121095][ T5989] EXT4-fs: Ignoring removed nobh option [ 98.129028][ T5954] XFS (loop0): Quotacheck: Done. [ 98.136778][ T55] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 98.145941][ T55] Buffer I/O error on dev nbd2, logical block 0, async page read [ 98.154284][ T55] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 98.163698][ T55] Buffer I/O error on dev nbd2, logical block 0, async page read [ 98.167804][ T5989] EXT4-fs: Ignoring removed bh option [ 98.173640][ T55] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 98.187088][ T55] Buffer I/O error on dev nbd2, logical block 0, async page read [ 98.195258][ T55] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 98.204467][ T55] Buffer I/O error on dev nbd2, logical block 0, async page read [ 98.212512][ T55] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 98.222706][ T55] Buffer I/O error on dev nbd2, logical block 0, async page read [ 98.230612][ T5784] ldm_validate_partition_table(): Disk read failed. [ 98.237797][ T55] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 98.246977][ T55] Buffer I/O error on dev nbd2, logical block 0, async page read [ 98.254886][ T55] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 98.264048][ T55] Buffer I/O error on dev nbd2, logical block 0, async page read [ 98.272469][ T5784] Dev nbd2: unable to read RDB block 0 [ 98.278945][ T5784] nbd2: unable to read partition table [ 98.289487][ T5784] ldm_validate_partition_table(): Disk read failed. [ 98.296781][ T5784] Dev nbd2: unable to read RDB block 0 [ 98.302913][ T5784] nbd2: unable to read partition table [ 98.316629][ T5989] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 98.429255][ T5989] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 98.506147][ T5842] XFS (loop0): Metadata CRC error detected at xfs_refcountbt_read_verify+0x42/0xd0, xfs_refcountbt block 0x28 [ 98.544320][ T28] audit: type=1804 audit(1768176834.774:5): pid=5989 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.43" name="/newroot/13/file1/bus" dev="loop1" ino=18 res=1 errno=0 [ 98.566259][ T5766] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 98.589204][ T5989] Invalid ELF header magic: != ELF [ 98.598157][ T5842] XFS (loop0): Unmount and run xfs_repair [ 98.609663][ T5842] XFS (loop0): First 128 bytes of corrupted metadata buffer: [ 98.646464][ T5842] 00000000: 52 ff ff ff 7f 00 00 00 ff ff ff ff ff ff ff ff R............... [ 98.672376][ T5842] 00000010: 00 00 00 00 00 00 00 28 00 00 00 00 00 00 00 00 .......(........ [ 98.696465][ T5842] 00000020: c4 96 e0 5e 54 0d 4c 72 b5 91 04 d7 9d 8b 4e eb ...^T.Lr......N. [ 98.713099][ T5842] 00000030: 00 00 00 00 bd e7 de 5d 00 00 00 00 00 00 00 00 .......]........ [ 98.733885][ T5842] 00000040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 98.748469][ T5767] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 98.760120][ T5842] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 98.785146][ T5842] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 98.813071][ T5842] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 98.844392][ T5954] XFS (loop0): metadata I/O error in "xfs_btree_read_buf_block+0x1d7/0x2d0" at daddr 0x28 len 8 error 74 [ 98.887200][ T5954] XFS (loop0): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0x182e/0x1e00 (fs/xfs/libxfs/xfs_defer.c:598). Shutting down filesystem. [ 98.907771][ T5954] XFS (loop0): Please unmount the filesystem and rectify the problem(s) [ 99.247150][ T6009] loop3: detected capacity change from 0 to 512 [ 99.270140][ T6009] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 99.289675][ T6009] ext4 filesystem being mounted at /11/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 99.341606][ T5766] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 99.390034][ T5841] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 99.496243][ T6016] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 99.532870][ T5768] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 99.588281][ T5841] usb 2-1: Using ep0 maxpacket: 32 [ 99.622768][ T5841] usb 2-1: config 0 interface 0 altsetting 8 endpoint 0x81 has invalid wMaxPacketSize 0 [ 99.646454][ T5841] usb 2-1: config 0 interface 0 has no altsetting 0 [ 99.653784][ T5841] usb 2-1: New USB device found, idVendor=2179, idProduct=0077, bcdDevice= 0.00 [ 99.695497][ T5841] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 99.753189][ T5841] usb 2-1: config 0 descriptor?? [ 100.231748][ T5841] uclogic 0003:2179:0077.0001: interface is invalid, ignoring [ 100.445133][ T5841] usb 2-1: USB disconnect, device number 2 [ 100.605587][ T6041] loop2: detected capacity change from 0 to 1024 [ 100.641074][ T6041] hfsplus: unable to parse mount options [ 101.644846][ T6078] netlink: 20 bytes leftover after parsing attributes in process `syz.0.78'. [ 101.659882][ T6078] IPv6: Can't replace route, no match found [ 101.892282][ T6083] all: renamed from bridge_slave_0 (while UP) [ 103.025778][ T6091] loop1: detected capacity change from 0 to 32768 [ 103.101369][ T6091] XFS (loop1): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 103.244945][ T6091] XFS (loop1): Ending clean mount [ 103.291895][ T6091] XFS (loop1): Quotacheck needed: Please wait. [ 103.387027][ T6091] XFS (loop1): Quotacheck: Done. [ 103.406029][ T6114] loop2: detected capacity change from 0 to 64 [ 103.613636][ T5767] XFS (loop1): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 103.780069][ T6118] netlink: 38028 bytes leftover after parsing attributes in process `syz.2.93'. [ 103.816540][ T6118] netlink: 12 bytes leftover after parsing attributes in process `syz.2.93'. [ 104.354702][ T6134] loop1: detected capacity change from 0 to 1024 [ 104.379550][ T6132] overlayfs: failed to get inode (-116) [ 104.396277][ T6134] EXT4-fs: Ignoring removed nomblk_io_submit option [ 104.404193][ T6132] overlayfs: failed to get inode (-116) [ 104.422486][ T6134] EXT4-fs (loop1): Test dummy encryption mode enabled [ 104.450844][ T6134] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e815c01c, mo2=0003] [ 104.479614][ T6134] System zones: 0-1, 3-36 [ 104.513312][ T6134] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 104.555247][ T6141] loop0: detected capacity change from 0 to 256 [ 104.682165][ T6141] FAT-fs (loop0): Directory bread(block 64) failed [ 104.700773][ T6141] FAT-fs (loop0): Directory bread(block 65) failed [ 104.721095][ T6141] FAT-fs (loop0): Directory bread(block 66) failed [ 104.736526][ T6141] FAT-fs (loop0): Directory bread(block 67) failed [ 104.747101][ T6141] FAT-fs (loop0): Directory bread(block 68) failed [ 104.760410][ T6141] FAT-fs (loop0): Directory bread(block 69) failed [ 104.776701][ T6141] FAT-fs (loop0): Directory bread(block 70) failed [ 104.796480][ T6141] FAT-fs (loop0): Directory bread(block 71) failed [ 104.803157][ T6141] FAT-fs (loop0): Directory bread(block 72) failed [ 104.830172][ T6141] FAT-fs (loop0): Directory bread(block 73) failed [ 104.925900][ T6148] Illegal XDP return value 4294967294 on prog (id 23) dev syz_tun, expect packet loss! [ 105.147520][ T6134] fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-aesni" [ 105.263189][ T5767] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 105.425854][ T6157] loop2: detected capacity change from 0 to 736 [ 105.461202][ T6160] process 'syz.0.105' launched './file1' with NULL argv: empty string added [ 105.725163][ T6169] loop2: detected capacity change from 0 to 512 [ 105.769739][ T6169] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 105.803345][ T6169] ext4 filesystem being mounted at /35/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 105.846199][ T6169] EXT4-fs error (device loop2): ext4_do_update_inode:5248: inode #2: comm syz.2.109: corrupted inode contents [ 105.915974][ T6169] EXT4-fs error (device loop2): ext4_dirty_inode:6124: inode #2: comm syz.2.109: mark_inode_dirty error [ 105.943518][ T6169] EXT4-fs error (device loop2): ext4_do_update_inode:5248: inode #2: comm syz.2.109: corrupted inode contents [ 105.982436][ T6169] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #2: comm syz.2.109: mark_inode_dirty error [ 106.081543][ T5769] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 106.578750][ T6178] loop3: detected capacity change from 0 to 32768 [ 106.629928][ T6178] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 scanned by syz.3.111 (6178) [ 106.736869][ T6178] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 106.757633][ T6178] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 106.786505][ T6178] BTRFS info (device loop3): using free space tree [ 106.821529][ T6187] loop0: detected capacity change from 0 to 4096 [ 107.001546][ T3515] BTRFS warning (device loop3): checksum verify failed on logical 5287936 mirror 1 wanted 0xba2f3320fe4f0dfed931d5a5c7a64dbbccc1fca522c14bbe02198145e0728966 found 0xb3a55baeeaea4006ff4e61b6d0f3bc26a653b1c668cc957cbbff06b61ff2c8cc level 0 [ 107.076606][ T6178] BTRFS warning (device loop3): failed to read root (objectid=4): -5 [ 107.117841][ T6187] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 107.168625][ T6178] BTRFS error (device loop3): open_ctree failed: -5 [ 107.301204][ T6183] loop2: detected capacity change from 0 to 32768 [ 107.407926][ T6183] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 107.515305][ T6185] loop1: detected capacity change from 0 to 32768 [ 107.595488][ T6185] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 scanned by syz.1.114 (6185) [ 107.597584][ T6183] XFS (loop2): Ending clean mount [ 107.686417][ T6185] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 107.734083][ T6185] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 107.776811][ T6185] BTRFS info (device loop1): enabling auto defrag [ 107.794159][ T6185] BTRFS warning (device loop1): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 107.846322][ T6185] BTRFS info (device loop1): trying to use backup root at mount time [ 107.910236][ T6185] BTRFS info (device loop1): max_inline at 9 [ 107.916305][ T6185] BTRFS info (device loop1): force clearing of disk cache [ 107.957481][ T6183] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 107.966170][ T6185] BTRFS info (device loop1): turning on sync discard [ 107.988870][ T6185] BTRFS info (device loop1): turning on async discard [ 108.006153][ T6185] BTRFS info (device loop1): disabling free space tree [ 108.431636][ T6235] FAULT_FLAG_ALLOW_RETRY missing 801 [ 108.447180][ T6185] BTRFS info (device loop1): enabling ssd optimizations [ 108.469242][ T6235] CPU: 1 PID: 6235 Comm: syz.3.120 Not tainted syzkaller #0 [ 108.476614][ T6235] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 108.486732][ T6235] Call Trace: [ 108.490054][ T6235] [ 108.493021][ T6235] dump_stack_lvl+0x16c/0x230 [ 108.497766][ T6235] ? show_regs_print_info+0x20/0x20 [ 108.503032][ T6235] ? load_image+0x3b0/0x3b0 [ 108.507598][ T6235] ? assert_fault_locked+0x17f/0x3a0 [ 108.512937][ T6235] handle_userfault+0x10ad/0x12a0 [ 108.518005][ T6235] ? lockdep_hardirqs_on+0x98/0x150 [ 108.523292][ T6235] ? userfaultfd_wp_unpopulated+0xa0/0xa0 [ 108.529074][ T6235] ? do_raw_spin_unlock+0x121/0x230 [ 108.534317][ T6235] ? free_unref_page+0x190/0x2e0 [ 108.539296][ T6235] handle_mm_fault+0x312d/0x4920 [ 108.544308][ T6235] ? handle_mm_fault+0xd1/0x4920 [ 108.549390][ T6235] ? numa_migrate_prep+0x350/0x350 [ 108.554626][ T6235] ? follow_page_pte+0x6fb/0x1a70 [ 108.559701][ T6235] ? pmd_lock+0x60/0x60 [ 108.563907][ T6235] __get_user_pages+0x5ea/0x1470 [ 108.568902][ T6235] ? populate_vma_page_range+0x370/0x370 [ 108.574571][ T6235] populate_vma_page_range+0x2b6/0x370 [ 108.580061][ T6235] ? fixup_user_fault+0x710/0x710 [ 108.585115][ T6235] ? vma_set_page_prot+0x12e/0x3e0 [ 108.590267][ T6235] mprotect_fixup+0x977/0xc90 [ 108.594992][ T6235] ? change_protection+0x3220/0x3220 [ 108.600308][ T6235] ? apparmor_file_mprotect+0xfe/0x120 [ 108.606055][ T6235] ? bpf_lsm_file_mprotect+0x9/0x10 [ 108.611330][ T6235] do_mprotect_pkey+0x76e/0xc30 [ 108.616220][ T6235] ? prot_none_test+0x10/0x10 [ 108.620940][ T6235] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 108.626963][ T6235] __x64_sys_mprotect+0x80/0x90 [ 108.631839][ T6235] do_syscall_64+0x55/0xb0 [ 108.636277][ T6235] ? clear_bhb_loop+0x40/0x90 [ 108.640985][ T6235] ? clear_bhb_loop+0x40/0x90 [ 108.645693][ T6235] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 108.651613][ T6235] RIP: 0033:0x7f1d5498f749 [ 108.656099][ T6235] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 108.675749][ T6235] RSP: 002b:00007f1d52bf6038 EFLAGS: 00000246 ORIG_RAX: 000000000000000a [ 108.684194][ T6235] RAX: ffffffffffffffda RBX: 00007f1d54be5fa0 RCX: 00007f1d5498f749 [ 108.692203][ T6235] RDX: 000000000000000f RSI: 0000000000004000 RDI: 0000200000ffc000 [ 108.700210][ T6235] RBP: 00007f1d54a13f91 R08: 0000000000000000 R09: 0000000000000000 [ 108.708211][ T6235] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 108.716207][ T6235] R13: 00007f1d54be6038 R14: 00007f1d54be5fa0 R15: 00007ffc47c054c8 [ 108.724218][ T6235] [ 108.736048][ T6185] BTRFS info (device loop1): rebuilding free space tree [ 108.888850][ T6185] BTRFS info (device loop1): disabling free space tree [ 108.907235][ T6185] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 108.938210][ T6185] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 109.562142][ T5767] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 110.613314][ T6312] loop3: detected capacity change from 0 to 512 [ 110.752206][ T6312] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 110.804789][ T6312] ext4 filesystem being mounted at /30/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 111.092502][ T5766] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 111.269450][ T6332] loop3: detected capacity change from 0 to 512 [ 111.288400][ T6332] EXT4-fs: Ignoring removed nobh option [ 111.330675][ T6332] EXT4-fs error (device loop3): ext4_orphan_get:1398: inode #15: comm syz.3.131: iget: bad i_size value: 38620345925642 [ 111.386380][ T6338] netlink: 4 bytes leftover after parsing attributes in process `syz.2.133'. [ 111.418266][ T6338] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 111.443357][ T6332] EXT4-fs error (device loop3): ext4_orphan_get:1403: comm syz.3.131: couldn't read orphan inode 15 (err -117) [ 111.470365][ T6332] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 111.587290][ T28] audit: type=1800 audit(1768176847.814:6): pid=6332 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.131" name="bus" dev="loop3" ino=18 res=0 errno=0 [ 111.615375][ T6338] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 111.624882][ T6332] Trying to write to read-only block-device loop3 [ 111.697803][ T6341] comedi: valid board names for 8255 driver are: [ 111.718066][ T6341] 8255 [ 111.723229][ T6341] comedi: valid board names for vmk80xx driver are: [ 111.757181][ T6341] vmk80xx [ 111.760317][ T6341] comedi: valid board names for usbduxsigma driver are: [ 111.780327][ T6341] usbduxsigma [ 111.783813][ T6341] comedi: valid board names for usbduxfast driver are: [ 111.814043][ T6341] usbduxfast [ 111.817809][ T6341] comedi: valid board names for usbdux driver are: [ 111.850176][ T6341] usbdux [ 111.856274][ T6341] comedi: valid board names for ni6501 driver are: [ 111.871236][ T6341] ni6501 [ 111.875426][ T6341] comedi: valid board names for dt9812 driver are: [ 111.908930][ T6341] dt9812 [ 111.912093][ T6341] comedi: valid board names for ni_labpc_cs driver are: [ 111.921846][ T6341] ni_labpc_cs [ 111.927607][ T6341] comedi: valid board names for ni_daq_700 driver are: [ 111.945477][ T6341] ni_daq_700 [ 111.951543][ T6341] comedi: valid board names for labpc_pci driver are: [ 111.964982][ T6069] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 111.993619][ T6341] labpc_pci [ 112.001665][ T6341] comedi: valid board names for adl_pci9118 driver are: [ 112.009014][ T6341] pci9118dg [ 112.012356][ T6341] pci9118hg [ 112.015668][ T6341] pci9118hr [ 112.019469][ T6341] comedi: valid board names for 8255_pci driver are: [ 112.026254][ T6341] 8255_pci [ 112.029813][ T6341] comedi: valid board names for s526 driver are: [ 112.036252][ T6341] s526 [ 112.039206][ T6341] comedi: valid board names for multiq3 driver are: [ 112.047138][ T6341] multiq3 [ 112.050279][ T6341] comedi: valid board names for pcmuio driver are: [ 112.105933][ T6341] pcmuio48 [ 112.126246][ T6341] pcmuio96 [ 112.207755][ T6341] comedi: valid board names for pcmmio driver are: [ 112.214461][ T6341] pcmmio [ 112.217614][ T6341] comedi: valid board names for pcmda12 driver are: [ 112.224335][ T6341] pcmda12 [ 112.284720][ T6341] comedi: valid board names for pcmad driver are: [ 112.301938][ T6341] pcmad12 [ 112.305028][ T6341] pcmad16 [ 112.326956][ T6341] comedi: valid board names for ni_labpc driver are: [ 112.351160][ T6341] lab-pc-1200 [ 112.354686][ T6341] lab-pc-1200ai [ 112.359904][ T6341] lab-pc+ [ 112.363403][ T6341] comedi: valid board names for atmio16 driver are: [ 112.370621][ T6341] atmio16 [ 112.375939][ T6341] atmio16d [ 112.380588][ T6341] comedi: valid board names for ni_at_ao driver are: [ 112.393255][ T6341] at-ao-6 [ 112.398897][ T6341] at-ao-10 [ 112.402930][ T6341] comedi: valid board names for ni_at_a2150 driver are: [ 112.412899][ T6341] ni_at_a2150 [ 112.419073][ T6341] comedi: valid board names for adq12b driver are: [ 112.425720][ T6341] adq12b [ 112.431715][ T6341] comedi: valid board names for mpc624 driver are: [ 112.441982][ T6341] mpc624 [ 112.446001][ T6341] comedi: valid board names for c6xdigio driver are: [ 112.461447][ T6341] c6xdigio [ 112.466251][ T6341] comedi: valid board names for aio_iiro_16 driver are: [ 112.475266][ T6341] aio_iiro_16 [ 112.482247][ T6341] comedi: valid board names for aio_aio12_8 driver are: [ 112.491404][ T6348] netlink: 8 bytes leftover after parsing attributes in process `syz.0.139'. [ 112.513918][ T6341] aio_aio12_8 [ 112.524604][ T6341] aio_ai12_8 [ 112.565358][ T6341] aio_ao12_4 [ 112.575460][ T6341] comedi: valid board names for fl512 driver are: [ 112.582641][ T6341] fl512 [ 112.585687][ T6341] comedi: valid board names for dmm32at driver are: [ 112.602958][ T6341] dmm32at [ 112.606031][ T6341] comedi: valid board names for dt282x driver are: [ 112.613235][ T6341] dt2821 [ 112.616214][ T6341] dt2821-f [ 112.620057][ T6341] dt2821-g [ 112.639513][ T6341] dt2823 [ 112.654985][ T6341] dt2824-pgh [ 112.665140][ T6341] dt2824-pgl [ 112.679154][ T6341] dt2825 [ 112.682147][ T6341] dt2827 [ 112.685085][ T6341] dt2828 [ 112.704868][ T6341] dt2829 [ 112.714814][ T6341] dt21-ez [ 112.721554][ T6341] dt23-ez [ 112.724622][ T6341] dt24-ez [ 112.728583][ T6341] dt24-ez-pgl [ 112.732036][ T6341] comedi: valid board names for dt2817 driver are: [ 112.747735][ T6341] dt2817 [ 112.762559][ T6341] comedi: valid board names for dt2815 driver are: [ 112.772299][ T6295] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 112.792099][ T6341] dt2815 [ 112.795609][ T6341] comedi: valid board names for dt2814 driver are: [ 112.808528][ T6341] dt2814 [ 112.820047][ T6341] comedi: valid board names for dt2811 driver are: [ 112.829170][ T6352] netlink: 'syz.2.141': attribute type 1 has an invalid length. [ 112.833061][ T6341] dt2811-pgh [ 112.840528][ T6341] dt2811-pgl [ 112.849011][ T6341] comedi: valid board names for dt2801 driver are: [ 112.865861][ T6341] dt2801 [ 112.870904][ T6341] comedi: valid board names for das6402 driver are: [ 112.878910][ T6341] das6402-12 [ 112.882426][ T6341] das6402-16 [ 112.885816][ T6341] comedi: valid board names for das1800 driver are: [ 112.892729][ T6341] das-1701st [ 112.896125][ T6341] das-1701st-da [ 112.936601][ T6341] das-1702st [ 112.940205][ T6341] das-1702st-da [ 112.947638][ T6341] das-1702hr [ 112.958717][ T6341] das-1702hr-da [ 112.978432][ T6341] das-1701ao [ 112.986306][ T6341] das-1702ao [ 112.992930][ T6341] das-1801st [ 113.006508][ T6341] das-1801st-da [ 113.016453][ T6341] das-1802st [ 113.035716][ T6341] das-1802st-da [ 113.042230][ T6354] gretap1: entered allmulticast mode [ 113.056523][ T6341] das-1802hr [ 113.068277][ T6341] das-1802hr-da [ 113.081852][ T6354] bond1: (slave gretap1): making interface the new active one [ 113.096473][ T6341] das-1801hc [ 113.110869][ T6341] das-1802hc [ 113.115562][ T6341] das-1801ao [ 113.124961][ T6354] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 113.126612][ T6341] das-1802ao [ 113.153222][ T6341] comedi: valid board names for das800 driver are: [ 113.176792][ T6341] das-800 [ 113.182949][ T6341] cio-das800 [ 113.190115][ T6341] das-801 [ 113.196463][ T6341] cio-das801 [ 113.209724][ T6341] das-802 [ 113.212838][ T6341] cio-das802 [ 113.231547][ T6341] cio-das802/16 [ 113.235148][ T6341] comedi: valid board names for isa-das08 driver are: [ 113.253479][ T6341] isa-das08 [ 113.262295][ T6341] das08-pgm [ 113.268256][ T6341] das08-pgh [ 113.278876][ T6295] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 113.296647][ T6341] das08-pgl [ 113.299902][ T6341] das08-aoh [ 113.322847][ T6341] das08-aol [ 113.340508][ T6341] das08-aom [ 113.343769][ T6341] das08/jr-ao [ 113.358680][ T6341] das08jr-16-ao [ 113.362330][ T6341] pc104-das08 [ 113.365726][ T6341] das08jr/16 [ 113.397359][ T6341] comedi: valid board names for das16m1 driver are: [ 113.416565][ T6341] das16m1 [ 113.419641][ T6341] comedi: valid board names for dac02 driver are: [ 113.439315][ T6341] dac02 [ 113.442206][ T6341] comedi: valid board names for rti802 driver are: [ 113.472798][ T6341] rti802 [ 113.482943][ T6341] comedi: valid board names for rti800 driver are: [ 113.500466][ T6295] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 113.510941][ T6341] rti800 [ 113.518815][ T6341] rti815 [ 113.530921][ T6341] comedi: valid board names for pcm3724 driver are: [ 113.549414][ T6341] pcm3724 [ 113.552608][ T6341] comedi: valid board names for pcl818 driver are: [ 113.563826][ T6341] pcl818l [ 113.573948][ T6341] pcl818h [ 113.583019][ T6341] pcl818hd [ 113.596498][ T6341] pcl818hg [ 113.605686][ T6341] pcl818 [ 113.629783][ T6341] pcl718 [ 113.632770][ T6341] pcm3718 [ 113.635791][ T6341] comedi: valid board names for pcl816 driver are: [ 113.668284][ T6341] pcl816 [ 113.674144][ T6295] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 113.691311][ T6341] pcl814b [ 113.700308][ T6341] comedi: valid board names for pcl812 driver are: [ 113.713824][ T6341] pcl812 [ 113.720571][ T6341] pcl812pg [ 113.724561][ T6341] acl8112pg [ 113.728275][ T6341] acl8112dg [ 113.732420][ T6341] acl8112hg [ 113.735758][ T6341] a821pgl [ 113.739325][ T6341] a821pglnda [ 113.745899][ T6341] a821pgh [ 113.756038][ T6341] a822pgl [ 113.766551][ T6341] a822pgh [ 113.777055][ T6341] a823pgl [ 113.780180][ T6341] a823pgh [ 113.785828][ T6341] pcl813 [ 113.814345][ T6341] pcl813b [ 113.824558][ T6341] acl8113 [ 113.844221][ T6341] iso813 [ 113.847662][ T6341] acl8216 [ 113.850717][ T6341] a826pg [ 113.853656][ T6341] comedi: valid board names for pcl730 driver are: [ 113.860761][ T6341] pcl730 [ 113.863747][ T6341] iso730 [ 113.867905][ T6341] acl7130 [ 113.871048][ T6341] pcm3730 [ 113.874077][ T6341] pcl725 [ 113.877531][ T6341] p8r8dio [ 113.897067][ T6341] acl7225b [ 113.913030][ T6341] p16r16dio [ 113.939780][ T6341] pcl733 [ 113.942755][ T6341] pcl734 [ 113.945723][ T6341] opmm-1616-xt [ 113.961996][ T6341] pearl-mm-p [ 113.965318][ T6341] ir104-pbf [ 113.991912][ T6341] comedi: valid board names for pcl726 driver are: [ 114.022286][ T6341] pcl726 [ 114.040432][ T6341] pcl727 [ 114.043411][ T6341] pcl728 [ 114.066466][ T6341] acl6126 [ 114.069550][ T6341] acl6128 [ 114.072590][ T6341] comedi: valid board names for pcl724 driver are: [ 114.089284][ T6363] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 114.098824][ T6363] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 114.106890][ T6341] pcl724 [ 114.108941][ T6363] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 114.110570][ T6341] pcl722 [ 114.110580][ T6341] pcl731 [ 114.119449][ T6363] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 114.146907][ T6341] acl7122 [ 114.149967][ T6341] acl7124 [ 114.153018][ T6341] pet48dio [ 114.156145][ T6341] pcmio48 [ 114.236625][ T6341] onyx-mm-dio [ 114.287933][ T6341] comedi: valid board names for pcl711 driver are: [ 114.306615][ T6341] pcl711 [ 114.309710][ T6341] pcl711b [ 114.312752][ T6341] acl8112hg [ 114.315949][ T6341] acl8112dg [ 114.377631][ T6341] comedi: valid board names for amplc_pc263 driver are: [ 114.384626][ T6341] pc263 [ 114.407127][ T6341] comedi: valid board names for amplc_pc236 driver are: [ 114.451498][ T6341] pc36at [ 114.466611][ T5782] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 114.478721][ T5782] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 114.489860][ T5782] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 114.496922][ T6341] comedi: valid board names for amplc_dio200 driver are: [ 114.496935][ T6341] pc212e [ 114.496943][ T6341] pc214e [ 114.496950][ T6341] pc215e [ 114.496957][ T6341] pc218e [ 114.496964][ T6341] pc272e [ 114.496972][ T6341] comedi: valid board names for comedi_parport driver are: [ 114.496982][ T6341] comedi_parport [ 114.496990][ T6341] comedi: valid board names for comedi_test driver are: [ 114.497010][ T6341] comedi_test [ 114.497017][ T6341] comedi: valid board names for comedi_bond driver are: [ 114.497026][ T6341] comedi_bond [ 114.572379][ T5782] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 114.580217][ T5782] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 114.587667][ T5782] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 115.196019][ T6392] loop0: detected capacity change from 0 to 512 [ 115.205913][ T6392] EXT4-fs: Ignoring removed oldalloc option [ 115.247752][ T6392] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 115.324878][ T6392] EXT4-fs warning (device loop0): ext4_update_dynamic_rev:1154: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 115.382641][ T6392] EXT4-fs error (device loop0): ext4_validate_block_bitmap:439: comm syz.0.152: bg 0: block 248: padding at end of block bitmap is not set [ 115.420471][ T6392] Quota error (device loop0): write_blk: dquota write failed [ 115.456835][ T6392] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 115.493598][ T6392] EXT4-fs error (device loop0): ext4_acquire_dquot:6949: comm syz.0.152: Failed to acquire dquot type 1 [ 115.523602][ T6392] EXT4-fs (loop0): 1 truncate cleaned up [ 115.531475][ T6392] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0008-000000000000 r/w without journal. Quota mode: writeback. [ 115.547248][ T6396] loop2: detected capacity change from 0 to 8192 [ 115.598414][ T6396] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 115.660099][ T6396] REISERFS (device loop2): found reiserfs format "3.5" with non-standard journal [ 115.675590][ T6396] REISERFS (device loop2): using ordered data mode [ 115.695664][ T6396] reiserfs: using flush barriers [ 115.715723][ T6396] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 115.770470][ T5768] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0008-000000000000. [ 115.783300][ T6396] REISERFS (device loop2): checking transaction log (loop2) [ 115.859217][ T6396] REISERFS (device loop2): Using r5 hash to sort names [ 115.881473][ T6396] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage. [ 115.977760][ T6409] trusted_key: syz.0.156 sent an empty control message without MSG_MORE. [ 116.334477][ T6369] chnl_net:caif_netlink_parms(): no params data found [ 116.667430][ T5782] Bluetooth: hci0: command tx timeout [ 116.978799][ T6369] bridge0: port 1(bridge_slave_0) entered blocking state [ 116.986001][ T6369] bridge0: port 1(bridge_slave_0) entered disabled state [ 117.047824][ T6369] bridge_slave_0: entered allmulticast mode [ 117.086669][ T6369] bridge_slave_0: entered promiscuous mode [ 117.204968][ T6369] bridge0: port 2(bridge_slave_1) entered blocking state [ 117.223752][ T6369] bridge0: port 2(bridge_slave_1) entered disabled state [ 117.243364][ T6369] bridge_slave_1: entered allmulticast mode [ 117.259070][ T6369] bridge_slave_1: entered promiscuous mode [ 117.424493][ T6369] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 117.454185][ T6295] hsr_slave_0: left promiscuous mode [ 117.468769][ T6295] hsr_slave_1: left promiscuous mode [ 117.522577][ T6295] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 117.536677][ T6295] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 117.547619][ T6295] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 117.564858][ T6295] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 117.583851][ T6295] bridge_slave_1: left allmulticast mode [ 117.601270][ T6295] bridge_slave_1: left promiscuous mode [ 117.618599][ T6295] bridge0: port 2(bridge_slave_1) entered disabled state [ 117.666488][ T6295] bridge_slave_0: left allmulticast mode [ 117.673154][ T6295] bridge_slave_0: left promiscuous mode [ 117.685850][ T6295] bridge0: port 1(bridge_slave_0) entered disabled state [ 117.722421][ T6427] loop2: detected capacity change from 0 to 40427 [ 117.745831][ T6295] veth1_macvtap: left promiscuous mode [ 117.753544][ T6295] veth0_macvtap: left promiscuous mode [ 117.759913][ T6295] veth1_vlan: left promiscuous mode [ 117.766131][ T6295] veth0_vlan: left promiscuous mode [ 117.771137][ T6427] F2FS-fs (loop2): build fault injection attr: rate: 0, type: 0x7 [ 117.793546][ T6427] F2FS-fs (loop2): invalid crc value [ 117.840044][ T6427] F2FS-fs (loop2): Found nat_bits in checkpoint [ 117.968271][ T6427] F2FS-fs (loop2): Start checkpoint disabled! [ 118.021880][ T6427] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 118.103734][ T6427] syz.2.160: attempt to access beyond end of device [ 118.103734][ T6427] loop2: rw=2049, sector=45096, nr_sectors = 128 limit=40427 [ 118.676204][ T6291] kworker/u4:15: attempt to access beyond end of device [ 118.676204][ T6291] loop2: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 118.703691][ T6291] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 118.715909][ T6291] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 118.756748][ T5782] Bluetooth: hci0: command tx timeout [ 119.224282][ T6456] loop2: detected capacity change from 0 to 1024 [ 119.367765][ T6456] hfsplus: inconsistency in B*Tree (9,1,255,1,0) [ 119.374504][ T6456] hfsplus: xattr searching failed [ 119.442804][ T6303] hfsplus: b-tree write err: -5, ino 4 [ 119.495082][ T6295] team0 (unregistering): Port device team_slave_1 removed [ 119.573497][ T6295] team0 (unregistering): Port device team_slave_0 removed [ 119.617418][ T6295] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 119.673193][ T6295] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 120.155879][ T6295] bond0 (unregistering): Released all slaves [ 120.236004][ T6369] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 120.352018][ T6369] team0: Port device team_slave_0 added [ 120.392798][ T6369] team0: Port device team_slave_1 added [ 120.580400][ T6465] A link change request failed with some changes committed already. Interface gre1 may have been left with an inconsistent configuration, please check. [ 120.619166][ T6369] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 120.636867][ T6369] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 120.694286][ T6369] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 120.743402][ T6369] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 120.783474][ T6369] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 120.811583][ T6369] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 120.837906][ T5782] Bluetooth: hci0: command tx timeout [ 120.905747][ T6369] hsr_slave_0: entered promiscuous mode [ 120.923384][ T6369] hsr_slave_1: entered promiscuous mode [ 120.960214][ T6369] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 120.976449][ T6369] Cannot create hsr debugfs directory [ 121.123005][ T6295] IPVS: stop unused estimator thread 0... [ 121.334154][ T6463] loop0: detected capacity change from 0 to 32768 [ 121.458059][ T6463] ocfs2: Mounting device (7,0) on (node local, slot 0) with writeback data mode. [ 121.510665][ T6369] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 121.549964][ T6369] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 121.591198][ T6369] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 121.630328][ T6369] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 121.723667][ T28] audit: type=1800 audit(1768176857.954:7): pid=6463 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.170" name="file1" dev="loop0" ino=14674 res=0 errno=0 [ 121.807639][ T6463] syz.0.170 (6463) used greatest stack depth: 18736 bytes left [ 122.047969][ T6369] 8021q: adding VLAN 0 to HW filter on device bond0 [ 122.056186][ T5768] ocfs2: Unmounting device (7,0) on (node local) [ 122.105200][ T6369] 8021q: adding VLAN 0 to HW filter on device team0 [ 122.150153][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 122.158153][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 122.211391][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 122.218640][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 122.337294][ T5865] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 122.558966][ T5865] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 122.580827][ T5865] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 122.603023][ T5865] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 122.624768][ T5865] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 122.672357][ T6501] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 122.705185][ T5865] usb 3-1: Quirk or no altest; falling back to MIDI 1.0 [ 122.800464][ T6369] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 122.906494][ T5782] Bluetooth: hci0: command tx timeout [ 123.773639][ T6369] veth0_vlan: entered promiscuous mode [ 123.796503][ T5814] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 123.800620][ T6369] veth1_vlan: entered promiscuous mode [ 123.894713][ T6369] veth0_macvtap: entered promiscuous mode [ 123.905709][ T6369] veth1_macvtap: entered promiscuous mode [ 123.943053][ T6369] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 123.960297][ T6369] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 123.982622][ T6369] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 124.001016][ T5814] usb 1-1: Using ep0 maxpacket: 32 [ 124.003465][ T6369] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 124.026589][ T6369] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 124.029563][ T5814] usb 1-1: config 0 interface 0 has no altsetting 0 [ 124.060564][ T5814] usb 1-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 124.068399][ T6369] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 124.079918][ T5814] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 124.098194][ T6369] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 124.106577][ T5814] usb 1-1: Product: syz [ 124.111562][ T5814] usb 1-1: Manufacturer: syz [ 124.126300][ T5814] usb 1-1: SerialNumber: syz [ 124.143125][ T5814] usb 1-1: config 0 descriptor?? [ 124.174235][ T6369] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 124.193236][ T23] usb 3-1: USB disconnect, device number 2 [ 124.196272][ T6369] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 124.240386][ T6369] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 124.271423][ T6369] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 124.308925][ T6369] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 124.373515][ T6369] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 124.401658][ T6369] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 124.420687][ T6369] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 124.446651][ T6369] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 124.572929][ T5814] gs_usb 1-1:0.0: Configuring for 2 interfaces [ 124.661386][ T6303] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 124.698789][ T6303] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 124.979048][ T5814] gs_usb 1-1:0.0: Couldn't get bit timing const for channel 1 (-EPIPE) [ 124.988663][ T6293] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 125.016551][ T6293] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 125.255760][ T5814] gs_usb: probe of 1-1:0.0 failed with error -32 [ 125.297433][ T5814] usb 1-1: USB disconnect, device number 2 [ 126.603804][ T28] audit: type=1326 audit(1768176862.834:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6594 comm="syz.2.189" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7eff5512b829 code=0x7ffc0000 [ 126.663149][ T28] audit: type=1326 audit(1768176862.834:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6594 comm="syz.2.189" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff5518f749 code=0x7ffc0000 [ 126.709136][ T6589] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3884551189 (124305638048 ns) > initial count (121102246752 ns). Using initial count to start timer. [ 126.789987][ T28] audit: type=1326 audit(1768176862.834:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6594 comm="syz.2.189" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7eff5512b829 code=0x7ffc0000 [ 126.891183][ T28] audit: type=1326 audit(1768176862.834:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6594 comm="syz.2.189" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff5518f749 code=0x7ffc0000 [ 127.000183][ T28] audit: type=1326 audit(1768176862.844:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6594 comm="syz.2.189" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7eff5512b829 code=0x7ffc0000 [ 127.127646][ T28] audit: type=1326 audit(1768176862.844:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6594 comm="syz.2.189" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7eff5512b829 code=0x7ffc0000 [ 127.193689][ T28] audit: type=1326 audit(1768176862.844:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6594 comm="syz.2.189" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7eff5512b829 code=0x7ffc0000 [ 127.276584][ T28] audit: type=1326 audit(1768176862.844:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6594 comm="syz.2.189" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7eff5512b829 code=0x7ffc0000 [ 127.357611][ T28] audit: type=1326 audit(1768176862.854:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6594 comm="syz.2.189" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7eff5512b829 code=0x7ffc0000 [ 127.517990][ T28] audit: type=1326 audit(1768176862.854:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6594 comm="syz.2.189" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7eff5512b829 code=0x7ffc0000 [ 127.580871][ T28] audit: type=1326 audit(1768176862.854:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6594 comm="syz.2.189" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7eff5512b829 code=0x7ffc0000 [ 127.623543][ T6609] Zero length message leads to an empty skb [ 127.672284][ T28] audit: type=1326 audit(1768176862.854:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6594 comm="syz.2.189" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7eff5512b829 code=0x7ffc0000 [ 127.739401][ T6609] loop0: detected capacity change from 0 to 1764 [ 127.782583][ T6591] loop4: detected capacity change from 0 to 32768 [ 127.840068][ T6591] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop4 scanned by syz.4.188 (6591) [ 127.861117][ T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!! [ 127.912760][ T6591] BTRFS info (device loop4): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 127.956652][ T6591] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [ 128.006786][ T6591] BTRFS info (device loop4): using free space tree [ 128.204635][ T6591] BTRFS info (device loop4): enabling ssd optimizations [ 128.257509][ T6591] BTRFS info (device loop4): auto enabling async discard [ 128.730567][ T6369] BTRFS info (device loop4): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 129.710570][ T6662] netlink: 12 bytes leftover after parsing attributes in process `syz.2.199'. [ 129.737541][ T6662] netlink: 12 bytes leftover after parsing attributes in process `syz.2.199'. [ 131.596349][ C0] sched: RT throttling activated [ 131.826251][ T6681] loop4: detected capacity change from 0 to 131072 [ 131.854723][ T6681] F2FS-fs (loop4): Wrong CP boundary, start(512) end(1536) blocks(0) [ 131.862990][ T6681] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 131.890023][ T6681] F2FS-fs (loop4): invalid crc value [ 131.930610][ T6681] F2FS-fs (loop4): Found nat_bits in checkpoint [ 132.037381][ T6681] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 132.044554][ T6681] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4 [ 132.536799][ T5083] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 132.562174][ T5083] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 132.572141][ T5083] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 132.588045][ T5083] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 132.599094][ T5828] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 132.608389][ T5083] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 132.615924][ T5083] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 132.840490][ T5828] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 132.877590][ T5828] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 132.893189][ T5828] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 132.915599][ T5828] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0 [ 132.951950][ T5828] usb 3-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13 [ 132.965644][ T12] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 132.988382][ T5828] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 133.006836][ T5828] usb 3-1: Product: syz [ 133.011072][ T5828] usb 3-1: Manufacturer: syz [ 133.015723][ T5828] usb 3-1: SerialNumber: syz [ 133.059782][ T5828] usb 3-1: config 0 descriptor?? [ 133.073681][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.087107][ T1279] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.266234][ T12] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 133.308553][ T5828] adutux 3-1:0.0: ADU208 4242424 now attached to /dev/usb/adutux0 [ 133.443615][ T12] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 133.488409][ T23] usb 3-1: USB disconnect, device number 3 [ 133.664364][ T12] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 133.961485][ T6701] chnl_net:caif_netlink_parms(): no params data found [ 134.038973][ T6708] loop0: detected capacity change from 0 to 40427 [ 134.057511][ T6708] F2FS-fs (loop0): build fault injection attr: rate: 25, type: 0x7ffff [ 134.065963][ T6708] F2FS-fs (loop0): build fault injection attr: rate: 0, type: 0x7698c [ 134.081167][ T6708] F2FS-fs (loop0): invalid crc value [ 134.103898][ T6708] F2FS-fs (loop0): inject invalid blkaddr in f2fs_is_valid_blkaddr of f2fs_ra_meta_pages+0x1d6/0x920 [ 134.122419][ T6708] F2FS-fs (loop0): Found nat_bits in checkpoint [ 134.231492][ T6708] F2FS-fs (loop0): inject page alloc in f2fs_grab_cache_page of f2fs_ra_meta_pages+0x644/0x920 [ 134.249229][ T5814] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 134.275385][ T6701] bridge0: port 1(bridge_slave_0) entered blocking state [ 134.291881][ T6708] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 134.298509][ T6701] bridge0: port 1(bridge_slave_0) entered disabled state [ 134.326685][ T6701] bridge_slave_0: entered allmulticast mode [ 134.340642][ T6701] bridge_slave_0: entered promiscuous mode [ 134.360136][ T6708] F2FS-fs (loop0): inject too big dir depth in f2fs_add_regular_entry of f2fs_add_dentry+0xda/0x1d0 [ 134.414532][ T6708] F2FS-fs (loop0): inject page alloc in f2fs_grab_cache_page of f2fs_new_node_page+0x13a/0x910 [ 134.431426][ T6708] F2FS-fs (loop0): inject page get in f2fs_pagecache_get_page of generic_perform_write+0x2fb/0x5b0 [ 134.450638][ T6708] F2FS-fs (loop0): inject invalid blkaddr in f2fs_is_valid_blkaddr of f2fs_submit_page_write+0x5b4/0x19c0 [ 134.466988][ T6701] bridge0: port 2(bridge_slave_1) entered blocking state [ 134.474182][ T6701] bridge0: port 2(bridge_slave_1) entered disabled state [ 134.482877][ T6708] F2FS-fs (loop0): invalid blkaddr: 5648, type: 7, run fsck to fix. [ 134.486507][ T5814] usb 5-1: Using ep0 maxpacket: 32 [ 134.511919][ T6708] syz.0.210: attempt to access beyond end of device [ 134.511919][ T6708] loop0: rw=2049, sector=45096, nr_sectors = 104 limit=40427 [ 134.518479][ T5814] usb 5-1: config 0 has an invalid interface number: 132 but max is 0 [ 134.535549][ T6701] bridge_slave_1: entered allmulticast mode [ 134.556231][ T6701] bridge_slave_1: entered promiscuous mode [ 134.565740][ T5814] usb 5-1: config 0 has no interface number 0 [ 134.592043][ T5814] usb 5-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 134.606945][ T5814] usb 5-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5 [ 134.620803][ T5814] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 134.643470][ T5814] usb 5-1: Product: syz [ 134.648094][ T5814] usb 5-1: Manufacturer: syz [ 134.652737][ T5814] usb 5-1: SerialNumber: syz [ 134.667107][ T5782] Bluetooth: hci4: command tx timeout [ 134.698505][ T5768] syz-executor: attempt to access beyond end of device [ 134.698505][ T5768] loop0: rw=2049, sector=45200, nr_sectors = 16 limit=40427 [ 134.733786][ T5814] usb 5-1: config 0 descriptor?? [ 134.763335][ T5814] em28xx 5-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132) [ 134.788532][ T5768] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 134.805645][ T5768] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 134.817024][ T5814] em28xx 5-1:0.132: Video interface 132 found: [ 134.944119][ T6701] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 134.994299][ T6701] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 135.184024][ T5814] em28xx 5-1:0.132: unknown em28xx chip ID (0) [ 135.196187][ T6701] team0: Port device team_slave_0 added [ 135.278794][ T6701] team0: Port device team_slave_1 added [ 135.509389][ T6701] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 135.528031][ T6701] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 135.588882][ T6701] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 135.677245][ T6701] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 135.684335][ T6701] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 135.749816][ T6701] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 135.846464][ T5814] em28xx 5-1:0.132: failed to read eeprom (err=-110) [ 135.853396][ T5814] em28xx 5-1:0.132: em28xx_i2c_register: em28xx_i2_eeprom failed! retval [-110] [ 136.070299][ T6701] hsr_slave_0: entered promiscuous mode [ 136.096479][ T5814] em28xx 5-1:0.132: Identified as Leadtek Winfast USB II (card=7) [ 136.108213][ T6701] hsr_slave_1: entered promiscuous mode [ 136.122881][ T5814] em28xx 5-1:0.132: analog set to bulk mode. [ 136.129703][ T6701] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 136.138837][ T23] em28xx 5-1:0.132: Registering V4L2 extension [ 136.159936][ T6701] Cannot create hsr debugfs directory [ 136.166201][ T5814] usb 5-1: USB disconnect, device number 2 [ 136.196113][ T5814] em28xx 5-1:0.132: Disconnecting em28xx [ 136.228111][ T6724] loop2: detected capacity change from 0 to 65536 [ 136.328450][ T6724] XFS (loop2): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 136.515850][ T6724] XFS (loop2): Ending clean mount [ 136.547507][ T6724] XFS (loop2): Quotacheck needed: Please wait. [ 136.616759][ T23] em28xx 5-1:0.132: Config register raw data: 0xffffffed [ 136.624192][ T23] em28xx 5-1:0.132: AC97 chip type couldn't be determined [ 136.677733][ T23] em28xx 5-1:0.132: No AC97 audio processor [ 136.710517][ T23] usb 5-1: Decoder not found [ 136.715195][ T23] em28xx 5-1:0.132: failed to create media graph [ 136.748973][ T6724] XFS (loop2): Quotacheck: Done. [ 136.755420][ T5782] Bluetooth: hci4: command tx timeout [ 136.756657][ T23] em28xx 5-1:0.132: V4L2 device video103 deregistered [ 136.834474][ T23] em28xx 5-1:0.132: Remote control support is not available for this card. [ 136.888184][ T5814] em28xx 5-1:0.132: Closing input extension [ 136.954192][ T6724] XFS (loop2): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 136.984483][ T5814] em28xx 5-1:0.132: Freeing device [ 137.071468][ T12] hsr_slave_0: left promiscuous mode [ 137.101206][ T12] hsr_slave_1: left promiscuous mode [ 137.129691][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 137.136681][ T5865] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 137.150653][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 137.193270][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 137.200974][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 137.241782][ T12] bridge_slave_1: left allmulticast mode [ 137.255803][ T12] bridge_slave_1: left promiscuous mode [ 137.283902][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 137.317899][ T12] bridge_slave_0: left allmulticast mode [ 137.346039][ T12] bridge_slave_0: left promiscuous mode [ 137.356012][ T5865] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 137.368153][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 137.378540][ T5865] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 137.396916][ T5865] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 137.431993][ T5865] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 137.467608][ T5865] usb 1-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 137.486454][ T5865] usb 1-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 137.503182][ T5865] usb 1-1: Manufacturer: syz [ 137.509318][ T12] veth1_macvtap: left promiscuous mode [ 137.518455][ T5865] usb 1-1: config 0 descriptor?? [ 137.524653][ T12] veth0_macvtap: left promiscuous mode [ 137.531744][ T12] veth1_vlan: left promiscuous mode [ 137.545881][ T12] veth0_vlan: left promiscuous mode [ 138.220269][ T6781] loop2: detected capacity change from 0 to 128 [ 138.274773][ T6777] loop4: detected capacity change from 0 to 32768 [ 138.314687][ T5865] appleir 0003:05AC:8243.0002: unknown main item tag 0x0 [ 138.325963][ T5865] appleir 0003:05AC:8243.0002: No inputs registered, leaving [ 138.371683][ T6777] XFS (loop4): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 138.395177][ T5865] appleir 0003:05AC:8243.0002: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.0-1/input0 [ 138.453694][ T6777] XFS (loop4): Ending clean mount [ 138.523356][ T28] kauditd_printk_skb: 87 callbacks suppressed [ 138.523370][ T28] audit: type=1800 audit(1768176874.754:107): pid=6777 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.222" name="file1" dev="loop4" ino=4422 res=0 errno=0 [ 138.718182][ T6299] kworker/u4:19: attempt to access beyond end of device [ 138.718182][ T6299] loop2: rw=1, sector=145, nr_sectors = 424 limit=128 [ 138.753269][ T6299] kworker/u4:19: attempt to access beyond end of device [ 138.753269][ T6299] loop2: rw=1, sector=577, nr_sectors = 464 limit=128 [ 138.782608][ T6299] kworker/u4:19: attempt to access beyond end of device [ 138.782608][ T6299] loop2: rw=1, sector=569, nr_sectors = 8 limit=128 [ 138.804143][ T6369] XFS (loop4): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 138.846553][ T5782] Bluetooth: hci4: command tx timeout [ 138.893563][ T12] bond0 (unregistering): (slave veth0_virt_wifi): Releasing backup interface [ 139.590645][ T12] team0 (unregistering): Port device team_slave_1 removed [ 139.741575][ T12] team0 (unregistering): Port device team_slave_0 removed [ 139.845629][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 139.883289][ T5865] usb 1-1: USB disconnect, device number 3 [ 140.044217][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 140.116755][ T23] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 140.348504][ T23] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 140.379187][ T23] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 140.389781][ T23] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 140.407700][ T23] usb 3-1: Product: syz [ 140.416894][ T23] usb 3-1: Manufacturer: syz [ 140.426062][ T23] usb 3-1: SerialNumber: syz [ 140.610815][ T6818] loop0: detected capacity change from 0 to 32768 [ 140.649867][ T6818] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz.0.233 (6818) [ 140.733041][ T6818] BTRFS info (device loop0): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 140.743589][ T6818] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 140.763505][ T6818] BTRFS info (device loop0): using free space tree [ 140.906461][ T5782] Bluetooth: hci4: command tx timeout [ 140.953640][ T6818] BTRFS info (device loop0): enabling ssd optimizations [ 140.963724][ T6818] BTRFS info (device loop0): auto enabling async discard [ 141.150634][ T28] audit: type=1804 audit(1768176877.384:108): pid=6818 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.233" name="/newroot/60/file0/file1" dev="loop0" ino=260 res=1 errno=0 [ 141.249827][ T12] bond0 (unregistering): Released all slaves [ 141.279021][ T5768] BTRFS info (device loop0): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 141.508404][ T23] cdc_ncm 3-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 141.516049][ T23] cdc_ncm 3-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048 [ 141.524398][ T23] cdc_ncm 3-1:1.0: setting rx_max = 2048 [ 141.912277][ T6701] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 141.946899][ T23] cdc_ncm 3-1:1.0: setting tx_max = 88 [ 141.955048][ T6701] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 141.995849][ T6701] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 142.006636][ T23] cdc_ncm 3-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.2-1, CDC NCM (NO ZLP), 42:42:42:42:42:42 [ 142.048031][ T6701] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 142.101315][ T23] usb 3-1: USB disconnect, device number 4 [ 142.143331][ T23] cdc_ncm 3-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.2-1, CDC NCM (NO ZLP) [ 142.578312][ T6701] 8021q: adding VLAN 0 to HW filter on device bond0 [ 142.619451][ T6701] 8021q: adding VLAN 0 to HW filter on device team0 [ 142.641672][ T6291] bridge0: port 1(bridge_slave_0) entered blocking state [ 142.648937][ T6291] bridge0: port 1(bridge_slave_0) entered forwarding state [ 142.683057][ T6291] bridge0: port 2(bridge_slave_1) entered blocking state [ 142.690319][ T6291] bridge0: port 2(bridge_slave_1) entered forwarding state [ 142.798317][ T6873] netlink: 16 bytes leftover after parsing attributes in process `syz.2.240'. [ 143.485714][ T6701] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 143.811079][ T6914] overlayfs: failed to verify index (index/00fb210001f26af5f7cc354e72baa1a069f4b8161d44bb14388d01000000000000, ftype=8000, err=-61) [ 143.866612][ T6914] overlayfs: failed index dir cleanup (-61) [ 143.881492][ T6914] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index. [ 143.914032][ T6920] loop4: detected capacity change from 0 to 64 [ 143.987564][ T6920] BFS-fs: bfs_fill_super(): loop4 is unclean, continuing [ 144.393977][ T6701] veth0_vlan: entered promiscuous mode [ 144.464738][ T6701] veth1_vlan: entered promiscuous mode [ 144.561014][ T6701] veth0_macvtap: entered promiscuous mode [ 144.603157][ T6701] veth1_macvtap: entered promiscuous mode [ 144.673605][ T6701] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 144.706609][ T6701] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 144.746798][ T6701] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 144.778195][ T6701] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 144.806242][ T6701] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 144.828245][ T6701] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 144.843103][ T6946] sctp: [Deprecated]: syz.2.254 (pid 6946) Use of int in maxseg socket option. [ 144.843103][ T6946] Use struct sctp_assoc_value instead [ 144.888563][ T6701] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 144.919431][ T6701] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 144.985395][ T6701] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 145.003559][ T6701] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 145.056866][ T6701] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 145.091622][ T6954] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 145.127232][ T6701] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 145.150868][ T6701] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 145.174498][ T6701] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 145.196882][ T6701] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 145.206939][ T6701] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 145.208679][ T6954] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 145.306575][ T6958] TCP: tcp_parse_options: Illegal window scaling value 236 > 14 received [ 145.409555][ T6960] loop0: detected capacity change from 0 to 1024 [ 145.459459][ T6960] EXT4-fs: test_dummy_encryption requires encrypt feature [ 145.546784][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 145.572943][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 145.639840][ T6964] netlink: 'syz.4.260': attribute type 10 has an invalid length. [ 145.666665][ T6964] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 145.711168][ T6964] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 145.751835][ T6964] bond0: (slave batadv_slave_0): Enslaving as an active interface with an up link [ 145.800580][ T6303] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 145.818897][ T6303] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 146.147944][ T6977] capability: warning: `syz.5.205' uses deprecated v2 capabilities in a way that may be insecure [ 146.412242][ T5828] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 146.606821][ T5828] usb 3-1: Using ep0 maxpacket: 16 [ 146.607389][ T23] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 146.628205][ T5828] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 146.647826][ T5828] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 146.677176][ T5828] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 146.686159][ T5828] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 146.717630][ T5828] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 146.730651][ T5828] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 146.739225][ T5828] usb 3-1: Product: syz [ 146.743439][ T5828] usb 3-1: Manufacturer: syz [ 146.749567][ T5828] usb 3-1: SerialNumber: syz [ 146.869657][ T23] usb 6-1: Using ep0 maxpacket: 32 [ 146.898700][ T23] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 146.914344][ T23] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 146.929810][ T23] usb 6-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 146.940631][ T23] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 146.976279][ T23] usb 6-1: config 0 descriptor?? [ 147.197702][ T5828] cdc_ncm 3-1:1.0: invalid descriptor buffer length [ 147.214534][ T5828] cdc_ncm 3-1:1.0: CDC Union missing and no IAD found [ 147.221962][ T5828] cdc_ncm 3-1:1.0: bind() failure [ 147.235153][ T5828] usb 3-1: USB disconnect, device number 5 [ 147.478839][ T23] savu 0003:1E7D:2D5A.0003: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.5-1/input0 [ 147.780500][ T23] usb 6-1: USB disconnect, device number 2 [ 147.927586][ T28] audit: type=1326 audit(1768176884.164:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7028 comm="syz.4.276" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb830d8f749 code=0x7ffc0000 [ 147.953119][ T7029] loop2: detected capacity change from 0 to 164 [ 147.955839][ T28] audit: type=1326 audit(1768176884.164:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7028 comm="syz.4.276" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb830d8f749 code=0x7ffc0000 [ 147.990475][ T28] audit: type=1326 audit(1768176884.184:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7028 comm="syz.4.276" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb830d8f749 code=0x7ffc0000 [ 148.051039][ T28] audit: type=1326 audit(1768176884.184:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7028 comm="syz.4.276" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb830d8f749 code=0x7ffc0000 [ 148.090247][ T5784] blk_print_req_error: 24 callbacks suppressed [ 148.090264][ T5784] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 148.125304][ T28] audit: type=1326 audit(1768176884.194:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7028 comm="syz.4.276" exe="/root/syz-executor" sig=0 arch=c000003e syscall=22 compat=0 ip=0x7fb830d8f749 code=0x7ffc0000 [ 148.206414][ T28] audit: type=1326 audit(1768176884.194:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7028 comm="syz.4.276" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb830d8f749 code=0x7ffc0000 [ 148.274328][ T7039] netlink: 96 bytes leftover after parsing attributes in process `syz.0.277'. [ 148.294839][ T28] audit: type=1326 audit(1768176884.194:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7028 comm="syz.4.276" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb830d8f749 code=0x7ffc0000 [ 148.411700][ T28] audit: type=1326 audit(1768176884.214:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7028 comm="syz.4.276" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb830d8f749 code=0x7ffc0000 [ 148.516321][ T28] audit: type=1326 audit(1768176884.214:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7028 comm="syz.4.276" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb830d8f749 code=0x7ffc0000 [ 148.590714][ T28] audit: type=1326 audit(1768176884.214:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7028 comm="syz.4.276" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7fb830d8f749 code=0x7ffc0000 [ 148.663429][ T7050] netlink: 4 bytes leftover after parsing attributes in process `syz.0.281'. [ 148.689838][ T7050] netlink: 4 bytes leftover after parsing attributes in process `syz.0.281'. [ 148.780522][ T7053] loop4: detected capacity change from 0 to 512 [ 148.830809][ T7053] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 148.864158][ T7053] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 148.915300][ T7053] EXT4-fs error (device loop4): ext4_orphan_get:1398: inode #15: comm syz.4.282: inode has both inline data and extents flags [ 148.954631][ T7053] EXT4-fs error (device loop4): ext4_orphan_get:1403: comm syz.4.282: couldn't read orphan inode 15 (err -117) [ 148.979546][ T7053] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 149.143073][ T7053] EXT4-fs warning (device loop4): ext4_dirblock_csum_verify:406: inode #2: comm syz.4.282: No space for directory leaf checksum. Please run e2fsck -D. [ 149.214418][ T7053] EXT4-fs error (device loop4): __ext4_find_entry:1696: inode #2: comm syz.4.282: checksumming directory block 0 [ 149.493167][ T6369] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 149.767067][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 149.775569][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 149.785294][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 149.939632][ T7063] loop0: detected capacity change from 0 to 8192 [ 150.083694][ T7074] loop4: detected capacity change from 0 to 2048 [ 150.125547][ T7063] loop0: p1 p2 p3 p4[EZD] [ 150.149152][ T7063] loop0: partition table partially beyond EOD, truncated [ 150.187045][ T5787] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 150.216779][ T7063] loop0: p3 start 331777 is beyond EOD, truncated [ 150.285838][ T7063] loop0: p4 size 262912 extends beyond EOD, truncated [ 150.332482][ T7078] netlink: 8 bytes leftover after parsing attributes in process `syz.5.289'. [ 150.395174][ T7078] x_tables: ip6_tables: policy.0 match: invalid size 312 (kernel) != (user) 0 [ 150.732510][ T7085] loop0: detected capacity change from 0 to 1024 [ 150.769262][ T7085] EXT4-fs: inline encryption not supported [ 150.796489][ T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!! [ 150.828832][ T7085] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 150.897839][ T7085] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 150.942713][ T5779] udevd[5779]: inotify_add_watch(7, /dev/loop0p4, 10) failed: No such file or directory [ 150.960891][ T5786] udevd[5786]: inotify_add_watch(7, /dev/loop0p2, 10) failed: No such file or directory [ 150.972384][ T5784] udevd[5784]: inotify_add_watch(7, /dev/loop0p1, 10) failed: No such file or directory [ 151.071003][ T7085] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:4047: comm syz.0.290: Allocating blocks 401-513 which overlap fs metadata [ 151.137224][ T7085] EXT4-fs (loop0): Remounting filesystem read-only [ 151.165999][ T7084] EXT4-fs (loop0): pa ffff88805d746488: logic 131584, phys. 145, len 23 [ 151.332096][ T5768] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 152.083298][ T7083] loop4: detected capacity change from 0 to 32768 [ 152.140819][ T7083] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 scanned by syz.4.291 (7083) [ 152.232176][ T7083] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 152.248519][ T7083] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [ 152.306920][ T7083] BTRFS info (device loop4): using free space tree [ 152.423122][ T7083] BTRFS info (device loop4): enabling ssd optimizations [ 152.436438][ T7083] BTRFS info (device loop4): auto enabling async discard [ 152.638961][ T7092] loop5: detected capacity change from 0 to 40427 [ 152.719712][ T7092] F2FS-fs (loop5): build fault injection attr: rate: 690, type: 0x7ffff [ 152.750425][ T7092] F2FS-fs (loop5): Image doesn't support compression [ 152.767622][ T6369] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 152.786541][ T7092] F2FS-fs (loop5): Image doesn't support compression [ 152.827575][ T7092] F2FS-fs (loop5): invalid crc value [ 152.910082][ T7092] F2FS-fs (loop5): Found nat_bits in checkpoint [ 153.197447][ T7096] loop0: detected capacity change from 0 to 40427 [ 153.273162][ T7096] F2FS-fs (loop0): build fault injection attr: rate: 690, type: 0x7ffff [ 153.283968][ T5828] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 153.287049][ T7092] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 153.299744][ T7135] IPVS: Scheduler module ip_vs_sip not found [ 153.316509][ T7096] F2FS-fs (loop0): Image doesn't support compression [ 153.332677][ T7096] F2FS-fs (loop0): heap/no_heap options were deprecated [ 153.379133][ T5828] hid-generic 0000:0000:0000.0004: hidraw0: HID v0.00 Device [syz1] on syz0 [ 153.406537][ T7096] F2FS-fs (loop0): Image doesn't support compression [ 153.431246][ T7096] F2FS-fs (loop0): heap/no_heap options were deprecated [ 153.565376][ T7096] F2FS-fs (loop0): invalid crc value [ 153.637925][ T7096] F2FS-fs (loop0): Found nat_bits in checkpoint [ 153.702244][ T7147] netlink: 165 bytes leftover after parsing attributes in process `syz.2.298'. [ 153.785123][ T7149] netlink: 277 bytes leftover after parsing attributes in process `syz.2.298'. [ 153.868142][ T6701] syz-executor: attempt to access beyond end of device [ 153.868142][ T6701] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 153.882584][ T7096] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 153.942320][ T6701] F2FS-fs (loop5): Stopped filesystem due to reason: 3 [ 154.032229][ T28] kauditd_printk_skb: 42 callbacks suppressed [ 154.032244][ T28] audit: type=1804 audit(1768176890.264:161): pid=7096 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.293" name="/newroot/82/bus/file0" dev="loop0" ino=14 res=1 errno=0 [ 154.083496][ T7096] F2FS-fs (loop0): inject dquot initialize in f2fs_dquot_initialize of f2fs_new_inode+0x4ef/0x1020 [ 154.252603][ T5768] syz-executor: attempt to access beyond end of device [ 154.252603][ T5768] loop0: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 154.291944][ T5768] F2FS-fs (loop0): Remounting filesystem read-only [ 154.317822][ T5768] F2FS-fs (loop0): Remounting filesystem read-only [ 155.298015][ T7182] loop0: detected capacity change from 0 to 64 [ 155.966810][ T7203] input: syz1 as /devices/virtual/input/input5 [ 156.708137][ T7217] loop0: detected capacity change from 0 to 4096 [ 156.761504][ T7217] ntfs3: loop0: Different NTFS sector size (1024) and media sector size (512). [ 156.970916][ T7230] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 157.030011][ T28] audit: type=1800 audit(1768176893.264:162): pid=7217 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.313" name="file1" dev="loop0" ino=30 res=0 errno=0 [ 157.059678][ T7230] iommufd_mock iommufd_mock2: Adding to iommu group 1 [ 157.496866][ T7239] netlink: 'syz.2.318': attribute type 5 has an invalid length. [ 157.967283][ T7254] syzkaller1: entered promiscuous mode [ 157.999336][ T7254] syzkaller1: entered allmulticast mode [ 158.093758][ T7258] loop4: detected capacity change from 0 to 512 [ 158.128054][ T7258] EXT4-fs: Ignoring removed orlov option [ 158.258379][ T7258] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem [ 158.371657][ T7258] EXT4-fs error (device loop4): ext4_iget_extra_inode:4732: inode #15: comm syz.4.325: corrupted in-inode xattr: e_value size too large [ 158.447882][ T7258] EXT4-fs error (device loop4): ext4_orphan_get:1403: comm syz.4.325: couldn't read orphan inode 15 (err -117) [ 158.504092][ T7258] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 158.839822][ T6369] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 159.162939][ T27] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 159.381007][ T27] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 159.408420][ T27] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 159.436015][ T27] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 159.491104][ T27] usb 6-1: config 0 descriptor?? [ 159.738037][ T27] usbhid 6-1:0.0: can't add hid device: -71 [ 159.756574][ T23] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 159.767298][ T27] usbhid: probe of 6-1:0.0 failed with error -71 [ 159.798000][ T27] usb 6-1: USB disconnect, device number 3 [ 159.969087][ T23] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 160.001681][ T23] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 160.036443][ T23] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 160.057411][ T23] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 160.076747][ T23] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 160.096110][ T23] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 160.120636][ T23] usb 5-1: Product: syz [ 160.124877][ T23] usb 5-1: Manufacturer: syz [ 160.155557][ T23] cdc_wdm 5-1:1.0: skipping garbage [ 160.173230][ T7309] netlink: 'syz.0.335': attribute type 7 has an invalid length. [ 160.186491][ T23] cdc_wdm 5-1:1.0: skipping garbage [ 160.203556][ T23] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 160.216781][ T23] cdc_wdm 5-1:1.0: Unknown control protocol [ 160.347836][ T27] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 160.546426][ T27] usb 6-1: Using ep0 maxpacket: 32 [ 160.584332][ T27] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 160.617436][ T27] usb 6-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40 [ 160.643207][ T27] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 160.655687][ T27] usb 6-1: config 0 descriptor?? [ 160.682436][ T27] ldusb 6-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 160.698977][ C1] cdc_wdm 5-1:1.0: Unexpected error -71 [ 160.706662][ C1] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 160.713551][ C1] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 160.720006][ C1] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 160.726650][ C1] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 160.736671][ C1] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 160.743329][ C1] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 160.756734][ C1] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 160.763484][ C1] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 160.770663][ T23] usb 5-1: USB disconnect, device number 3 [ 160.776622][ C1] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 160.776643][ C1] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 160.776659][ C1] cdc_wdm 5-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 160.803660][ T27] ldusb 6-1:0.0: LD USB Device #1 now attached to major 180 minor 1 [ 161.128951][ T23] usb 6-1: USB disconnect, device number 4 [ 161.192968][ T23] ldusb 6-1:0.0: LD USB Device #1 now disconnected [ 161.436741][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 161.653536][ T7337] loop4: detected capacity change from 0 to 128 [ 161.667052][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 161.675659][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 161.877655][ T7337] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256 [ 161.909555][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 161.983050][ T7337] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 162.055367][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 162.169138][ T28] audit: type=1800 audit(1768176898.404:163): pid=7337 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.339" name="file1" dev="loop4" ino=94 res=0 errno=0 [ 163.011753][ T7360] loop4: detected capacity change from 0 to 8192 [ 163.032507][ T7360] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 163.047324][ T7360] REISERFS (device loop4): found reiserfs format "3.6" with non-standard journal [ 163.059126][ T7360] REISERFS (device loop4): using ordered data mode [ 163.065829][ T7360] reiserfs: using flush barriers [ 163.076444][ T7360] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 163.096973][ T7360] REISERFS (device loop4): checking transaction log (loop4) [ 163.423430][ T7360] REISERFS (device loop4): Using tea hash to sort names [ 163.435933][ T7360] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage. [ 163.669011][ T7360] REISERFS warning (device loop4): vs-13060 reiserfs_update_sd_size: stat data of object [2 5 0x0 SD] (nlink == 1) not found (pos 2) [ 163.723992][ T7360] REISERFS warning (device loop4): vs-13060 reiserfs_update_sd_size: stat data of object [2 5 0x0 SD] (nlink == 1) not found (pos 2) [ 163.775123][ T7360] REISERFS warning (device loop4): vs-13060 reiserfs_update_sd_size: stat data of object [2 5 0x0 SD] (nlink == 1) not found (pos 2) [ 163.857461][ T7360] REISERFS warning (device loop4): vs-13060 reiserfs_update_sd_size: stat data of object [2 5 0x0 SD] (nlink == 1) not found (pos 2) [ 163.918554][ T7360] REISERFS warning (device loop4): vs-13060 reiserfs_update_sd_size: stat data of object [2 5 0x0 SD] (nlink == 1) not found (pos 2) [ 163.954881][ T7374] REISERFS warning (device loop4): vs-13060 reiserfs_update_sd_size: stat data of object [2 6 0x0 SD] (nlink == 1) not found (pos 1) [ 164.013802][ T7360] REISERFS warning (device loop4): vs-13060 reiserfs_update_sd_size: stat data of object [2 5 0x0 SD] (nlink == 1) not found (pos 2) [ 164.080263][ T7360] REISERFS warning (device loop4): vs-13060 reiserfs_update_sd_size: stat data of object [2 5 0x0 SD] (nlink == 1) not found (pos 2) [ 164.097201][ T7360] REISERFS warning (device loop4): vs-13060 reiserfs_update_sd_size: stat data of object [2 5 0x0 SD] (nlink == 1) not found (pos 2) [ 164.163205][ T7360] REISERFS warning (device loop4): vs-13060 reiserfs_update_sd_size: stat data of object [2 5 0x0 SD] (nlink == 1) not found (pos 2) [ 164.232823][ T7360] REISERFS warning (device loop4): vs-13060 reiserfs_update_sd_size: stat data of object [2 5 0x0 SD] (nlink == 1) not found (pos 2) [ 164.267625][ T7360] REISERFS warning (device loop4): vs-13060 reiserfs_update_sd_size: stat data of object [2 5 0x0 SD] (nlink == 1) not found (pos 2) [ 164.308295][ T7360] REISERFS warning (device loop4): vs-13060 reiserfs_update_sd_size: stat data of object [2 5 0x0 SD] (nlink == 1) not found (pos 2) [ 164.327513][ T7360] REISERFS warning (device loop4): vs-13060 reiserfs_update_sd_size: stat data of object [2 5 0x0 SD] (nlink == 1) not found (pos 2) [ 164.342449][ T7360] REISERFS warning (device loop4): vs-13060 reiserfs_update_sd_size: stat data of object [2 5 0x0 SD] (nlink == 1) not found (pos 2) [ 164.357307][ T7360] REISERFS warning (device loop4): vs-13060 reiserfs_update_sd_size: stat data of object [2 5 0x0 SD] (nlink == 1) not found (pos 2) [ 164.372868][ T7360] REISERFS warning (device loop4): vs-13060 reiserfs_update_sd_size: stat data of object [2 5 0x0 SD] (nlink == 1) not found (pos 2) [ 164.399526][ T7360] REISERFS warning (device loop4): vs-13060 reiserfs_update_sd_size: stat data of object [2 5 0x0 SD] (nlink == 1) not found (pos 2) [ 164.440276][ T7360] REISERFS warning (device loop4): vs-13060 reiserfs_update_sd_size: stat data of object [2 5 0x0 SD] (nlink == 1) not found (pos 2) [ 164.496985][ T7360] REISERFS warning (device loop4): vs-13060 reiserfs_update_sd_size: stat data of object [2 5 0x0 SD] (nlink == 1) not found (pos 2) [ 164.547389][ T7360] REISERFS warning (device loop4): vs-13060 reiserfs_update_sd_size: stat data of object [2 5 0x0 SD] (nlink == 1) not found (pos 2) [ 164.616817][ T7360] REISERFS warning (device loop4): vs-13060 reiserfs_update_sd_size: stat data of object [2 5 0x0 SD] (nlink == 1) not found (pos 2) [ 164.658627][ T7360] REISERFS warning (device loop4): vs-13060 reiserfs_update_sd_size: stat data of object [2 5 0x0 SD] (nlink == 1) not found (pos 2) [ 164.685219][ T7360] REISERFS warning (device loop4): vs-13060 reiserfs_update_sd_size: stat data of object [2 5 0x0 SD] (nlink == 1) not found (pos 2) [ 164.709666][ T7360] REISERFS warning (device loop4): vs-13060 reiserfs_update_sd_size: stat data of object [2 5 0x0 SD] (nlink == 1) not found (pos 2) [ 164.729896][ T7360] REISERFS warning (device loop4): vs-13060 reiserfs_update_sd_size: stat data of object [2 5 0x0 SD] (nlink == 1) not found (pos 2) [ 164.745715][ T7360] REISERFS warning (device loop4): vs-13060 reiserfs_update_sd_size: stat data of object [2 5 0x0 SD] (nlink == 1) not found (pos 2) [ 164.784218][ T7360] REISERFS warning (device loop4): vs-13060 reiserfs_update_sd_size: stat data of object [2 5 0x0 SD] (nlink == 1) not found (pos 2) [ 164.827196][ T7360] REISERFS warning (device loop4): vs-13060 reiserfs_update_sd_size: stat data of object [2 5 0x0 SD] (nlink == 1) not found (pos 2) [ 164.866710][ T27] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 164.877300][ T7360] REISERFS warning (device loop4): vs-13060 reiserfs_update_sd_size: stat data of object [2 5 0x0 SD] (nlink == 1) not found (pos 2) [ 164.913389][ T7360] REISERFS warning (device loop4): vs-13060 reiserfs_update_sd_size: stat data of object [2 5 0x0 SD] (nlink == 1) not found (pos 2) [ 164.945227][ T7360] REISERFS warning (device loop4): vs-13060 reiserfs_update_sd_size: stat data of object [2 5 0x0 SD] (nlink == 1) not found (pos 2) [ 165.068656][ T27] usb 1-1: Using ep0 maxpacket: 32 [ 165.086889][ T27] usb 1-1: New USB device found, idVendor=06a2, idProduct=0003, bcdDevice=b4.8c [ 165.095996][ T27] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 165.116675][ T27] usb 1-1: Product: syz [ 165.120890][ T27] usb 1-1: Manufacturer: syz [ 165.125522][ T27] usb 1-1: SerialNumber: syz [ 165.157486][ T27] usb 1-1: config 0 descriptor?? [ 165.190498][ T27] gspca_main: gspca_topro-2.14.0 probing 06a2:0003 [ 165.795464][ T7408] netlink: 32 bytes leftover after parsing attributes in process `syz.5.354'. [ 165.828714][ T7408] netlink: 264 bytes leftover after parsing attributes in process `syz.5.354'. [ 166.529975][ T7435] loop4: detected capacity change from 0 to 1024 [ 166.548379][ T7435] hfsplus: unable to parse mount options [ 166.592088][ T27] gspca_topro: reg_r err -71 [ 166.599118][ T27] gspca_topro: Sensor soi763a [ 166.659706][ T27] usb 1-1: USB disconnect, device number 4 [ 166.902496][ T7442] loop4: detected capacity change from 0 to 2048 [ 166.924142][ T7442] UDF-fs: error (device loop4): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 166.962503][ T7442] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 167.113023][ T28] audit: type=1804 audit(1768176903.344:164): pid=7447 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.363" name="/newroot/59/file0/file1" dev="loop4" ino=1346 res=1 errno=0 [ 167.733199][ T28] audit: type=1800 audit(1768176903.964:165): pid=7442 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.363" name="file1" dev="loop4" ino=1346 res=0 errno=0 [ 168.101278][ T7476] netlink: 'syz.0.373': attribute type 10 has an invalid length. [ 168.209910][ T7476] team0: Device veth1_vlan failed to register rx_handler [ 168.663899][ T7469] loop2: detected capacity change from 0 to 32768 [ 168.702453][ T7469] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 scanned by syz.2.371 (7469) [ 168.715318][ T7468] loop5: detected capacity change from 0 to 32768 [ 168.754072][ T7469] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 168.784207][ T7469] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 168.803501][ T7469] BTRFS info (device loop2): using free space tree [ 168.853745][ T28] audit: type=1800 audit(1768176905.084:166): pid=7468 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.370" name="file1" dev="loop5" ino=7 res=0 errno=0 [ 168.992340][ T7469] BTRFS info (device loop2): enabling ssd optimizations [ 169.034883][ T7469] BTRFS info (device loop2): auto enabling async discard [ 169.847103][ T5769] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 170.070708][ T7518] loop5: detected capacity change from 0 to 8192 [ 170.146246][ T5784] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 11 /dev/loop2 scanned by udevd (5784) [ 170.164429][ T7518] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 170.263284][ T7518] REISERFS (device loop5): found reiserfs format "3.6" with non-standard journal [ 170.348535][ T7518] REISERFS (device loop5): using ordered data mode [ 170.364211][ T7518] reiserfs: using flush barriers [ 170.406638][ T7518] REISERFS (device loop5): journal params: device loop5, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 170.483866][ T7518] REISERFS (device loop5): checking transaction log (loop5) [ 170.763785][ T7507] loop4: detected capacity change from 0 to 32768 [ 170.846917][ T7518] REISERFS (device loop5): Using tea hash to sort names [ 170.855225][ T7518] REISERFS (device loop5): Created .reiserfs_priv - reserved for xattr storage. [ 170.963608][ T7507] overlayfs: upper fs needs to support d_type. [ 170.991468][ T7518] REISERFS warning (device loop5): vs-13060 reiserfs_update_sd_size: stat data of object [2 5 0x0 SD] (nlink == 2) not found (pos 4) [ 171.016923][ T7507] overlayfs: upper fs does not support tmpfile. [ 171.058259][ T7507] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 171.107388][ T5842] usb 1-1: new full-speed USB device number 5 using dummy_hcd [ 171.323681][ T5842] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 171.352617][ T5842] usb 1-1: New USB device found, idVendor=056a, idProduct=00e3, bcdDevice= 0.00 [ 171.430354][ T5842] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 171.470796][ T5842] usb 1-1: config 0 descriptor?? [ 171.824615][ T7559] netlink: 76 bytes leftover after parsing attributes in process `syz.2.388'. [ 171.845099][ T7559] netlink: 76 bytes leftover after parsing attributes in process `syz.2.388'. [ 171.913948][ T5842] wacom 0003:056A:00E3.0005: unbalanced collection at end of report description [ 171.940114][ T5842] wacom 0003:056A:00E3.0005: parse failed [ 171.947836][ T5842] wacom: probe of 0003:056A:00E3.0005 failed with error -22 [ 172.139038][ T7541] loop0: detected capacity change from 0 to 16 [ 172.146258][ T7541] erofs: Unknown parameter 'xœì™1‹Ô@Çÿ3›MÎE8l' [ 172.219103][ T23] usb 1-1: USB disconnect, device number 5 [ 172.684275][ T7582] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 172.691719][ T7582] IPv6: NLM_F_CREATE should be set when creating new route [ 172.699294][ T7582] IPv6: NLM_F_CREATE should be set when creating new route [ 172.706739][ T7582] IPv6: NLM_F_CREATE should be set when creating new route [ 174.293518][ T7608] loop0: detected capacity change from 0 to 1024 [ 174.311959][ T7608] EXT4-fs: Ignoring removed orlov option [ 174.347462][ T7608] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 174.476372][ T7615] loop4: detected capacity change from 0 to 512 [ 174.483735][ T7615] EXT4-fs: Ignoring removed orlov option [ 174.493796][ T7615] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem [ 174.511199][ T7615] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8002c119, mo2=0002] [ 174.520353][ T7615] EXT4-fs error (device loop4): ext4_iget_extra_inode:4732: inode #15: comm syz.4.410: corrupted in-inode xattr: e_value size too large [ 174.535101][ T7614] usb usb1: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 174.542932][ T7614] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 174.584831][ T7615] EXT4-fs error (device loop4): ext4_orphan_get:1403: comm syz.4.410: couldn't read orphan inode 15 (err -117) [ 174.646459][ T23] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 174.671268][ T5782] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 174.682956][ T5782] Bluetooth: hci2: Injecting HCI hardware error event [ 174.692762][ T5083] Bluetooth: hci2: hardware error 0x00 [ 174.707529][ T7615] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 174.735039][ T5768] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 174.846643][ T23] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 174.857141][ T23] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 174.879856][ T23] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 174.889276][ T23] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 174.897794][ T23] usb 3-1: SerialNumber: syz [ 174.927303][ T7581] loop5: detected capacity change from 0 to 32768 [ 175.023342][ T6369] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 175.135127][ T23] usb 3-1: 0:2 : does not exist [ 175.156567][ T23] usb 3-1: unit 5: unexpected type 0x09 [ 175.193932][ T7581] overlayfs: upper fs needs to support d_type. [ 175.231990][ T7581] overlayfs: upper fs does not support tmpfile. [ 175.234675][ T23] usb 3-1: USB disconnect, device number 6 [ 175.318536][ T7581] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 176.059883][ T7620] loop4: detected capacity change from 0 to 32768 [ 176.098157][ T7620] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 scanned by syz.4.412 (7620) [ 176.150439][ T7620] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 176.180624][ T7620] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [ 176.213857][ T7620] BTRFS info (device loop4): setting nodatacow, compression disabled [ 176.246186][ T7620] BTRFS info (device loop4): turning off barriers [ 176.257220][ T7620] BTRFS info (device loop4): enabling auto defrag [ 176.263729][ T7620] BTRFS info (device loop4): use zlib compression, level 3 [ 176.286384][ T7620] BTRFS info (device loop4): using free space tree [ 176.379134][ T5138] udevd[5138]: worker [5784] terminated by signal 33 (Unknown signal 33) [ 176.403156][ T7620] BTRFS info (device loop4): auto enabling async discard [ 176.425154][ T5138] udevd[5138]: worker [5784] failed while handling '/devices/virtual/block/loop4' [ 176.435317][ T5814] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 176.647965][ T5814] usb 3-1: Using ep0 maxpacket: 16 [ 176.687807][ T5814] usb 3-1: config 0 has an invalid interface number: 105 but max is 0 [ 176.696051][ T5814] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 176.726563][ T5814] usb 3-1: config 0 has no interface number 0 [ 176.735502][ T5814] usb 3-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28 [ 176.744847][ T5814] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 176.766558][ T5814] usb 3-1: Product: syz [ 176.771482][ T5814] usb 3-1: Manufacturer: syz [ 176.776135][ T5814] usb 3-1: SerialNumber: syz [ 176.799108][ T5814] usb 3-1: config 0 descriptor?? [ 176.820691][ T5814] usb 3-1: Found UVC 0.00 device syz (046d:08f3) [ 176.824728][ T6369] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 176.849297][ T5814] usb 3-1: No valid video chain found. [ 176.906607][ T5083] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 177.033383][ T5787] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 10 /dev/loop4 scanned by udevd (5787) [ 177.073044][ T5814] usb 3-1: USB disconnect, device number 7 [ 177.609846][ T7658] loop5: detected capacity change from 0 to 2048 [ 177.703464][ T7658] UDF-fs: error (device loop5): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 177.776612][ T7658] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found [ 177.785400][ T7658] UDF-fs: Scanning with blocksize 512 failed [ 177.988980][ T7658] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 178.377700][ T7669] netlink: 4 bytes leftover after parsing attributes in process `syz.0.424'. [ 178.660777][ T7665] loop2: detected capacity change from 0 to 32768 [ 178.699400][ T7665] XFS (loop2): DAX unsupported by block device. Turning off DAX. [ 178.714005][ T7665] XFS (loop2): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 178.762082][ T7665] XFS (loop2): Ending clean mount [ 178.777274][ T7665] XFS (loop2): Quotacheck needed: Please wait. [ 178.830985][ T7665] XFS (loop2): Quotacheck: Done. [ 179.172199][ T5769] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 180.113651][ T7706] loop0: detected capacity change from 0 to 4096 [ 180.141353][ T7706] ntfs3: loop0: Different NTFS sector size (1024) and media sector size (512). [ 180.283012][ T7706] ntfs3: loop0: ino=0, attr_set_size [ 180.308200][ T7702] loop5: detected capacity change from 0 to 32768 [ 180.322548][ T7706] ntfs3: loop0: ino=0, attr_set_size [ 180.361189][ T7702] XFS (loop5): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 180.382215][ T7706] ntfs3: loop0: ino=0, attr_set_size [ 180.587587][ T7716] netlink: 20 bytes leftover after parsing attributes in process `syz.4.434'. [ 180.640256][ T7702] XFS (loop5): Ending clean mount [ 180.698719][ T7702] XFS (loop5): Quotacheck needed: Please wait. [ 180.712581][ T7719] loop2: detected capacity change from 0 to 8 [ 180.773997][ T7719] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 180.862512][ T7719] SQUASHFS error: Unable to read directory block [631:74] [ 180.892679][ T7702] XFS (loop5): Quotacheck: Done. [ 180.896740][ T7719] SQUASHFS error: Unable to read directory block [631:74] [ 180.921994][ T7719] overlayfs: failed to look up (file) for ino (-13) [ 181.142221][ T7728] loop2: detected capacity change from 0 to 64 [ 181.209886][ T7728] BFS-fs: bfs_fill_super(): loop2 is unclean, continuing [ 181.431351][ T6701] XFS (loop5): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 181.815202][ T7738] loop2: detected capacity change from 0 to 8192 [ 181.899310][ T7738] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 181.936622][ T7743] loop0: detected capacity change from 0 to 2048 [ 181.937553][ T7738] REISERFS (device loop2): found reiserfs format "3.6" with non-standard journal [ 181.974265][ T7743] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 182.004856][ T7738] REISERFS (device loop2): using ordered data mode [ 182.025416][ T7738] reiserfs: using flush barriers [ 182.037795][ T7738] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 182.055730][ T7738] REISERFS (device loop2): checking transaction log (loop2) [ 182.301498][ T7738] REISERFS (device loop2): Using tea hash to sort names [ 182.316094][ T7738] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage. [ 182.857519][ T23] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 183.092279][ T23] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 183.126468][ T23] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 183.135672][ T23] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 183.177183][ T23] usb 5-1: config 0 descriptor?? [ 183.392336][ T23] usbhid 5-1:0.0: can't add hid device: -71 [ 183.407836][ T23] usbhid: probe of 5-1:0.0 failed with error -71 [ 183.430761][ T23] usb 5-1: USB disconnect, device number 4 [ 183.833364][ T7782] loop0: detected capacity change from 0 to 1024 [ 183.861597][ T7784] loop5: detected capacity change from 0 to 736 [ 183.876809][ T7782] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 183.936650][ T23] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 183.994092][ T7789] kvm: user requested TSC rate below hardware speed [ 184.015837][ T7782] EXT4-fs warning (device loop0): ext4_rename_delete:3778: inode #18: comm syz.0.454: Deleting old file: nlink 2, error=-2 [ 184.090695][ T5768] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 184.112168][ T7792] loop5: detected capacity change from 0 to 256 [ 184.135354][ T7792] exfat: Unknown parameter 'fsmagic' [ 184.144829][ T23] usb 5-1: Using ep0 maxpacket: 32 [ 184.158548][ T23] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 184.173753][ T23] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40 [ 184.183408][ T23] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 184.206798][ T23] usb 5-1: config 0 descriptor?? [ 184.216055][ T23] ldusb 5-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 184.242842][ T23] ldusb 5-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 184.361945][ T7799] loop5: detected capacity change from 0 to 1024 [ 184.403858][ T7799] hfsplus: invalid file type 0120411 for inode 2 [ 184.412159][ T7799] hfsplus: failed to load root directory [ 184.445273][ T7796] loop2: detected capacity change from 0 to 8192 [ 184.470659][ T7796] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 184.486051][ T7796] REISERFS (device loop2): found reiserfs format "3.6" with non-standard journal [ 184.496685][ T7796] REISERFS (device loop2): using ordered data mode [ 184.516609][ T7796] reiserfs: using flush barriers [ 184.533889][ T7796] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 184.583148][ T7796] REISERFS (device loop2): checking transaction log (loop2) [ 184.669087][ T23] usb 5-1: USB disconnect, device number 5 [ 184.696058][ T23] ldusb 5-1:0.0: LD USB Device #0 now disconnected [ 184.780694][ T7796] REISERFS (device loop2): Using tea hash to sort names [ 184.808385][ T7796] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage. [ 184.868008][ T7796] [ 184.870425][ T7796] ====================================================== [ 184.877477][ T7796] WARNING: possible circular locking dependency detected [ 184.884567][ T7796] syzkaller #0 Not tainted [ 184.889024][ T7796] ------------------------------------------------------ [ 184.896071][ T7796] syz.2.460/7796 is trying to acquire lock: [ 184.902006][ T7796] ffff888019e97090 (&sbi->lock){+.+.}-{3:3}, at: reiserfs_write_lock+0x79/0xd0 [ 184.911049][ T7796] [ 184.911049][ T7796] but task is already holding lock: [ 184.918438][ T7796] ffff888059d0be90 (&type->i_mutex_dir_key#17/3){+.+.}-{3:3}, at: open_xa_dir+0x122/0x6f0 [ 184.928437][ T7796] [ 184.928437][ T7796] which lock already depends on the new lock. [ 184.928437][ T7796] [ 184.938873][ T7796] [ 184.938873][ T7796] the existing dependency chain (in reverse order) is: [ 184.947943][ T7796] [ 184.947943][ T7796] -> #1 (&type->i_mutex_dir_key#17/3){+.+.}-{3:3}: [ 184.956711][ T7796] down_write_nested+0x9e/0x1f0 [ 184.962120][ T7796] open_xa_dir+0x122/0x6f0 [ 184.967091][ T7796] reiserfs_for_each_xattr+0x17b/0x960 [ 184.973104][ T7796] reiserfs_delete_xattrs+0x20/0x90 [ 184.978877][ T7796] reiserfs_evict_inode+0x232/0x490 [ 184.984639][ T7796] evict+0x486/0x870 [ 184.989096][ T7796] reiserfs_create+0x33a/0x680 [ 184.994426][ T7796] vfs_create+0x1f4/0x360 [ 184.999327][ T7796] do_mknodat+0x3c8/0x4f0 [ 185.004214][ T7796] __x64_sys_mknodat+0xa9/0xc0 [ 185.009551][ T7796] do_syscall_64+0x55/0xb0 [ 185.014530][ T7796] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 185.020988][ T7796] [ 185.020988][ T7796] -> #0 (&sbi->lock){+.+.}-{3:3}: [ 185.028336][ T7796] __lock_acquire+0x2ddb/0x7c80 [ 185.033754][ T7796] lock_acquire+0x197/0x410 [ 185.038805][ T7796] __mutex_lock+0x129/0xcc0 [ 185.043860][ T7796] reiserfs_write_lock+0x79/0xd0 [ 185.049355][ T7796] reiserfs_mkdir+0x310/0x970 [ 185.054591][ T7796] open_xa_dir+0x31a/0x6f0 [ 185.059576][ T7796] xattr_lookup+0x22/0x2a0 [ 185.064561][ T7796] reiserfs_xattr_set_handle+0xf9/0xd40 [ 185.070676][ T7796] reiserfs_xattr_set+0x439/0x550 [ 185.076265][ T7796] __vfs_setxattr+0x431/0x470 [ 185.081502][ T7796] __vfs_setxattr_noperm+0x12d/0x5e0 [ 185.087354][ T7796] vfs_setxattr+0x16c/0x2f0 [ 185.092417][ T7796] __se_sys_fsetxattr+0x426/0x4b0 [ 185.097997][ T7796] do_syscall_64+0x55/0xb0 [ 185.102957][ T7796] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 185.109392][ T7796] [ 185.109392][ T7796] other info that might help us debug this: [ 185.109392][ T7796] [ 185.119662][ T7796] Possible unsafe locking scenario: [ 185.119662][ T7796] [ 185.127130][ T7796] CPU0 CPU1 [ 185.132507][ T7796] ---- ---- [ 185.137902][ T7796] lock(&type->i_mutex_dir_key#17/3); [ 185.143418][ T7796] lock(&sbi->lock); [ 185.149949][ T7796] lock(&type->i_mutex_dir_key#17/3); [ 185.157981][ T7796] lock(&sbi->lock); [ 185.162070][ T7796] [ 185.162070][ T7796] *** DEADLOCK *** [ 185.162070][ T7796] [ 185.170244][ T7796] 3 locks held by syz.2.460/7796: [ 185.175291][ T7796] #0: ffff88805a652418 (sb_writers#24){.+.+}-{0:0}, at: mnt_want_write_file+0x63/0x200 [ 185.185086][ T7796] #1: ffff888059d0c530 (&sb->s_type->i_mutex_key#33){+.+.}-{3:3}, at: vfs_setxattr+0x145/0x2f0 [ 185.195561][ T7796] #2: ffff888059d0be90 (&type->i_mutex_dir_key#17/3){+.+.}-{3:3}, at: open_xa_dir+0x122/0x6f0 [ 185.205936][ T7796] [ 185.205936][ T7796] stack backtrace: [ 185.211828][ T7796] CPU: 1 PID: 7796 Comm: syz.2.460 Not tainted syzkaller #0 [ 185.219109][ T7796] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 185.229182][ T7796] Call Trace: [ 185.232491][ T7796] [ 185.235430][ T7796] dump_stack_lvl+0x16c/0x230 [ 185.240127][ T7796] ? load_image+0x3b0/0x3b0 [ 185.244666][ T7796] ? show_regs_print_info+0x20/0x20 [ 185.249898][ T7796] ? print_circular_bug+0x12b/0x1a0 [ 185.255106][ T7796] check_noncircular+0x2bd/0x3c0 [ 185.260062][ T7796] ? entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 185.266178][ T7796] ? print_deadlock_bug+0x5d0/0x5d0 [ 185.271386][ T7796] ? lockdep_lock+0xe0/0x220 [ 185.276001][ T7796] ? _find_first_zero_bit+0xd3/0x100 [ 185.281298][ T7796] __lock_acquire+0x2ddb/0x7c80 [ 185.286187][ T7796] ? lockdep_lock+0x220/0x220 [ 185.290896][ T7796] ? add_lock_to_list+0x191/0x280 [ 185.295935][ T7796] ? verify_lock_unused+0x140/0x140 [ 185.301129][ T7796] ? __lock_acquire+0x2b6b/0x7c80 [ 185.306183][ T7796] lock_acquire+0x197/0x410 [ 185.306804][ T9] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 185.310691][ T7796] ? reiserfs_write_lock+0x79/0xd0 [ 185.310720][ T7796] ? __might_sleep+0xe0/0xe0 [ 185.327896][ T7796] ? read_lock_is_recursive+0x20/0x20 [ 185.333309][ T7796] ? lockdep_init_map_type+0xa1/0x880 [ 185.338728][ T7796] __mutex_lock+0x129/0xcc0 [ 185.343264][ T7796] ? reiserfs_write_lock+0x79/0xd0 [ 185.348406][ T7796] ? __asan_memset+0x22/0x40 [ 185.353021][ T7796] ? reiserfs_write_lock+0x79/0xd0 [ 185.358245][ T7796] ? mutex_lock_nested+0x20/0x20 [ 185.363232][ T7796] ? __rwlock_init+0x150/0x150 [ 185.368047][ T7796] ? __asan_memset+0x22/0x40 [ 185.372667][ T7796] reiserfs_write_lock+0x79/0xd0 [ 185.377639][ T7796] reiserfs_mkdir+0x310/0x970 [ 185.382359][ T7796] ? reiserfs_symlink+0x7b0/0x7b0 [ 185.387422][ T7796] ? __rwlock_init+0x150/0x150 [ 185.392220][ T7796] ? down_write_nested+0x169/0x1f0 [ 185.397339][ T7796] ? do_raw_spin_unlock+0x121/0x230 [ 185.402559][ T7796] open_xa_dir+0x31a/0x6f0 [ 185.406992][ T7796] ? listxattr_filler+0x520/0x520 [ 185.412068][ T7796] xattr_lookup+0x22/0x2a0 [ 185.416498][ T7796] ? reiserfs_xattr_set_handle+0xc8/0xd40 [ 185.422255][ T7796] reiserfs_xattr_set_handle+0xf9/0xd40 [ 185.427833][ T7796] ? __mutex_unlock_slowpath+0x1a2/0x6a0 [ 185.433494][ T7796] ? chown_one_xattr+0xa0/0xa0 [ 185.438307][ T7796] ? mutex_unlock+0x10/0x10 [ 185.442860][ T7796] ? journal_begin+0x1f5/0x360 [ 185.447675][ T7796] ? reiserfs_write_unlock+0xa6/0x110 [ 185.453090][ T7796] reiserfs_xattr_set+0x439/0x550 [ 185.458139][ T7796] ? reiserfs_put_page+0x270/0x270 [ 185.463270][ T7796] ? xattr_full_name+0x6f/0x80 [ 185.468089][ T7796] ? trusted_set+0x81/0xe0 [ 185.472534][ T7796] ? trusted_get+0xd0/0xd0 [ 185.476965][ T7796] __vfs_setxattr+0x431/0x470 [ 185.481679][ T7796] __vfs_setxattr_noperm+0x12d/0x5e0 [ 185.487003][ T7796] vfs_setxattr+0x16c/0x2f0 [ 185.491662][ T7796] ? xattr_permission+0x470/0x470 [ 185.496719][ T7796] ? sb_start_write+0x110/0x1c0 [ 185.501617][ T7796] ? __se_sys_fsetxattr+0x3d4/0x4b0 [ 185.506842][ T7796] __se_sys_fsetxattr+0x426/0x4b0 [ 185.511076][ T9] usb 6-1: Using ep0 maxpacket: 16 [ 185.511887][ T7796] ? __x64_sys_fsetxattr+0xc0/0xc0 [ 185.522259][ T7796] ? lockdep_hardirqs_on+0x98/0x150 [ 185.524857][ T9] usb 6-1: config 0 has no interfaces? [ 185.527486][ T7796] ? __x64_sys_fsetxattr+0x20/0xc0 [ 185.527517][ T7796] do_syscall_64+0x55/0xb0 [ 185.527537][ T7796] ? clear_bhb_loop+0x40/0x90 [ 185.527562][ T7796] ? clear_bhb_loop+0x40/0x90 [ 185.527588][ T7796] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 185.527612][ T7796] RIP: 0033:0x7eff5518f749 [ 185.540442][ T9] usb 6-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 185.542630][ T7796] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 185.542652][ T7796] RSP: 002b:00007eff560b8038 EFLAGS: 00000246 [ 185.561885][ T9] usb 6-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 185.562315][ T7796] ORIG_RAX: 00000000000000be [ 185.580538][ T9] usb 6-1: Manufacturer: syz [ 185.590931][ T7796] RAX: ffffffffffffffda RBX: 00007eff553e5fa0 RCX: 00007eff5518f749 [ 185.590948][ T7796] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000000000000004 [ 185.590960][ T7796] RBP: 00007eff55213f91 R08: 0000000000000001 R09: 0000000000000000 [ 185.590971][ T7796] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 185.590983][ T7796] R13: 00007eff553e6038 R14: 00007eff553e5fa0 R15: 00007ffccf968398 [ 185.591005][ T7796] [ 185.676376][ T28] audit: type=1800 audit(1768176921.894:167): pid=7813 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.460" name="file1" dev="loop2" ino=5 res=0 errno=0 [ 185.711301][ T9] usb 6-1: config 0 descriptor?? [ 185.930668][ T9] usb 6-1: USB disconnect, device number 5 [ 194.510631][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.517029][ T1279] ieee802154 phy1 wpan1: encryption failed: -22