last executing test programs: 8m45.417889916s ago: executing program 32 (id=23): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, 0x0, 0x0) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB="4400000010000304fc0400"/20, @ANYRES32=0x0, @ANYBLOB="a5fdad8800000000240012800b00010062726964"], 0x44}, 0x1, 0x300000000000000, 0x0, 0x4004}, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD(0xffffffffffffffff, 0xc01064c1, &(0x7f0000000200)) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r4 = dup(r3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r4, 0x2000) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17) 8m36.249482824s ago: executing program 33 (id=34): ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(0xffffffffffffffff, 0x40045532, &(0x7f0000000040)=0x2) openat$audio(0xffffffffffffff9c, 0x0, 0x40000000040201, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000019080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0) syz_usb_connect(0x3, 0x5f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000b1f203401e0903003bd7010203010902"], 0x0) r2 = openat$vim2m(0xffffffffffffff9c, 0x0, 0x2, 0x0) writev(r2, &(0x7f0000004900), 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000193c0)='net/protocols\x00') ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'geneve0\x00'}) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0500000001000000400000004000000000000000", @ANYBLOB, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'michael_mic-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000000)="4dc07f947163300c", 0x8) r6 = accept4(r1, 0x0, 0x0, 0x80000) socket$netlink(0x10, 0x3, 0x12) sendmmsg$inet(r6, &(0x7f0000000e40), 0x0, 0x24008804) sendmmsg$alg(r6, &(0x7f0000003b80)=[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4010}], 0x1, 0x10) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000190c0)={0x0, 0x0, &(0x7f00000190c0), &(0x7f0000019140)="46a630e11d4a0bc22b21aeeb829b2b7d56e1b603dc188dab5202ace1fc0268f718c64473e726c20500000000000000", 0x6}, 0x38) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000140)={r4, &(0x7f0000000080), &(0x7f00000000c0)=""/65}, 0x20) pread64(r3, &(0x7f0000000080)=""/102356, 0x18fd4, 0xc2a) ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(0xffffffffffffffff, 0xc0884113, &(0x7f0000000080)={0x1, 0x0, 0x4, 0x10001, 0xffffffffffffffff, 0x8, 0xfffffffffffffffd, 0x7, 0x0, 0x2c, 0x80000005, 0x4}) 8m18.010132738s ago: executing program 34 (id=55): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) syz_open_dev$sndpcmc(0x0, 0x0, 0x0) r3 = socket$inet(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r3, 0x0, 0x27, &(0x7f0000000000)={@multicast1, @local}, 0xc) setsockopt$inet_msfilter(r3, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB="e0000001ac1414aa0000000003"], 0x1c) setsockopt$inet_mreqn(r3, 0x0, 0x25, &(0x7f0000000080)={@multicast1, @local}, 0xc) 8m14.558643672s ago: executing program 4 (id=70): bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r1, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r1, 0x84, 0x17, &(0x7f0000000540)=ANY=[], 0xed) close_range(r0, 0xffffffffffffffff, 0x0) 8m14.001152809s ago: executing program 4 (id=71): r0 = syz_open_dev$dri(0x0, 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000000280)={0x1, 0x0, &(0x7f0000000200)=[0x0]}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) syz_pidfd_open(r1, 0x0) write$binfmt_aout(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="03040000b5000000"], 0xc8) ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f00000004c0)={0x50, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}]}, 0x50}}, 0x0) 8m10.695753669s ago: executing program 4 (id=73): bind$netlink(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCMSET(0xffffffffffffffff, 0x5418, 0x0) r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0) openat$dsp1(0xffffffffffffff9c, &(0x7f0000000080), 0x4c040, 0x0) r1 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) close(r0) read$dsp(r1, &(0x7f00000002c0)=""/4096, 0x1000) 8m9.102633145s ago: executing program 4 (id=76): ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) syz_usb_connect(0x3, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000014da2108ab12a390eb1e000000010902240001b30000040904410017ff5d810009050f1f01040000000905830300b3"], 0x0) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002800), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000100)) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/204, 0x0}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f00000000c0)=0x1) syz_open_dev$evdev(0x0, 0x40, 0x0) 8m5.299867472s ago: executing program 4 (id=79): prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x4000010) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r1, 0x0, r3, 0x0, 0x39000, 0x0) write$binfmt_elf64(r2, &(0x7f0000000100)=ANY=[], 0xfffffe3e) open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x40008c4, 0x0, 0x0) socket$inet(0x10, 0x3, 0x0) 8m4.037338003s ago: executing program 0 (id=80): r0 = socket$l2tp6(0xa, 0x2, 0x73) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, 0x0, 0x0}, 0x94) write$cgroup_subtree(r1, &(0x7f0000000100)=ANY=[], 0x32600) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0x0) connect$l2tp6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @remote, 0x6, 0x4}, 0x20) 8m0.767376046s ago: executing program 0 (id=81): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="6000000002060108000034e40000000000000000050001000600000005000400000000000900020073797a3200000000050005000a00000011000300686173683a69702c706f72740000000014000780050014"], 0x60}, 0x1, 0x0, 0x0, 0x20000800}, 0x2) 8m0.221148223s ago: executing program 4 (id=82): r0 = socket$nl_generic(0x10, 0x3, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000300)={0x2, @pix_mp={0x7e, 0x0, 0x34324152, 0x4, 0x0, [{0x0, 0xf}, {0x20010}, {}, {0x1000000}, {0x3}, {0x2fe}, {0x0, 0x7ff}], 0xf, 0x0, 0x0, 0x2}}) syz_open_dev$tty1(0xc, 0x4, 0x4) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000004c00)=""/102392, 0x18ff8) sendto$rxrpc(0xffffffffffffffff, 0x0, 0x0, 0xc4, 0x0, 0x0) r2 = socket$inet_sctp(0x2, 0x5, 0x84) r3 = socket(0xa, 0x1, 0x0) setsockopt$IP_VS_SO_SET_ADD(r3, 0x0, 0x482, 0x0, 0x0) setsockopt$inet_sctp_SCTP_MAXSEG(r2, 0x84, 0xd, &(0x7f0000000080), 0x4) socket(0x10, 0x80002, 0x0) execve(&(0x7f0000000000)='./file1\x00', 0x0, 0x0) mknod$loop(&(0x7f00000001c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1) link(0x0, &(0x7f0000001040)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x15, 0xc, &(0x7f0000000a40)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @sk_reuseport, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000100)) 7m59.297807684s ago: executing program 0 (id=83): socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$alg(0x26, 0x5, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) mmap(&(0x7f0000f21000/0x4000)=nil, 0x4000, 0x3000000, 0x11, 0xffffffffffffffff, 0x0) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) ioctl$DRM_IOCTL_FREE_BUFS(0xffffffffffffffff, 0x4010641a, &(0x7f0000000540)={0x0, &(0x7f0000000500)}) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) bpf$PROG_LOAD(0x5, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @empty}], 0x10) socket$nl_route(0x10, 0x3, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f0000000040)=[@in={0x2, 0x4e20, @local}]}, &(0x7f0000000100)=0x14) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000840)={r2, @in6={{0xa, 0x4e20, 0x3ae, @empty, 0x129}}, 0x2, 0x2, 0x614, 0x1, 0xd, 0x7, 0x4}, 0x9c) 7m57.649825957s ago: executing program 0 (id=84): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 7m54.851909226s ago: executing program 0 (id=85): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) setsockopt$bt_l2cap_L2CAP_OPTIONS(r0, 0x6, 0x1, &(0x7f00000000c0)={0x0, 0x747, 0x3, 0x4, 0xfb, 0x8, 0x101}, 0xc) sendmmsg(r0, &(0x7f0000000640)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000300)="13c939dbbafebf94500b0042cb38d9fac34e34fc993e73fde68ed46237b35b0f14f7cb", 0x23}], 0x1, &(0x7f0000000880)}}], 0x2, 0x20004840) 7m53.628199308s ago: executing program 0 (id=86): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000040)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006000000"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r4, 0x0, 0x8}, 0x18) bpf$MAP_CREATE(0x0, 0x0, 0x50) r5 = add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f00000000c0)="ff", 0x1, 0xffffffffffffffff) r6 = add_key$keyring(&(0x7f0000000280), &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff) keyctl$KEYCTL_MOVE(0x1e, r5, 0xffffffffffffffff, r6, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r0, 0xc0a85320, &(0x7f00000003c0)={{0x80}, 'port1\x00', 0xe3, 0x1b1c27, 0x0, 0x1, 0x0, 0x0, 0x5}) r7 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) dup3(r0, r7, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r8 = socket$netlink(0x10, 0x3, 0x10) socket$inet6_udp(0xa, 0x2, 0x0) bind$netlink(r8, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) 7m44.238088633s ago: executing program 35 (id=82): r0 = socket$nl_generic(0x10, 0x3, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000300)={0x2, @pix_mp={0x7e, 0x0, 0x34324152, 0x4, 0x0, [{0x0, 0xf}, {0x20010}, {}, {0x1000000}, {0x3}, {0x2fe}, {0x0, 0x7ff}], 0xf, 0x0, 0x0, 0x2}}) syz_open_dev$tty1(0xc, 0x4, 0x4) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000004c00)=""/102392, 0x18ff8) sendto$rxrpc(0xffffffffffffffff, 0x0, 0x0, 0xc4, 0x0, 0x0) r2 = socket$inet_sctp(0x2, 0x5, 0x84) r3 = socket(0xa, 0x1, 0x0) setsockopt$IP_VS_SO_SET_ADD(r3, 0x0, 0x482, 0x0, 0x0) setsockopt$inet_sctp_SCTP_MAXSEG(r2, 0x84, 0xd, &(0x7f0000000080), 0x4) socket(0x10, 0x80002, 0x0) execve(&(0x7f0000000000)='./file1\x00', 0x0, 0x0) mknod$loop(&(0x7f00000001c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1) link(0x0, &(0x7f0000001040)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x15, 0xc, &(0x7f0000000a40)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @sk_reuseport, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000100)) 7m39.101707107s ago: executing program 5 (id=92): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x9}, 0xe) shutdown(r0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000440)=0x10) r1 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000040)={r2, 0x5}, 0x8) 7m37.887189681s ago: executing program 36 (id=86): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000040)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006000000"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r4, 0x0, 0x8}, 0x18) bpf$MAP_CREATE(0x0, 0x0, 0x50) r5 = add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f00000000c0)="ff", 0x1, 0xffffffffffffffff) r6 = add_key$keyring(&(0x7f0000000280), &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff) keyctl$KEYCTL_MOVE(0x1e, r5, 0xffffffffffffffff, r6, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r0, 0xc0a85320, &(0x7f00000003c0)={{0x80}, 'port1\x00', 0xe3, 0x1b1c27, 0x0, 0x1, 0x0, 0x0, 0x5}) r7 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) dup3(r0, r7, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r8 = socket$netlink(0x10, 0x3, 0x10) socket$inet6_udp(0xa, 0x2, 0x0) bind$netlink(r8, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) 7m37.734152659s ago: executing program 5 (id=95): r0 = socket$inet_udp(0x2, 0x2, 0x0) read(r0, &(0x7f0000000180)=""/255, 0xff) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) syz_emit_ethernet(0x32, &(0x7f0000000280)={@broadcast, @random="15cba141192f", @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x1, 0x4e20, 0x10, 0x0, @gue={{0x2, 0x0, 0x0, 0x0, 0x0, @val=0x80}}}}}}}, 0x0) 7m36.896081408s ago: executing program 5 (id=96): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000400), r4) recvmmsg(r4, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}, 0x5}], 0x1, 0x40010080, 0x0) sendmsg$ETHTOOL_MSG_STRSET_GET(r4, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000080)=ANY=[@ANYBLOB="18000000", @ANYRES16=r5, @ANYBLOB="030704707900000000000100040004000180"], 0x18}}, 0x0) 7m34.350615278s ago: executing program 5 (id=98): openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140), 0x8417f, 0x0) 7m33.261960229s ago: executing program 5 (id=99): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = dup(r1) ioctl$KVM_GET_CLOCK(r2, 0x8030ae7c, &(0x7f0000000280)) 7m32.155525627s ago: executing program 5 (id=100): sched_setaffinity(0x0, 0xff43, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, &(0x7f0000000240)=0x3) ioctl$SNDCTL_DSP_CHANNELS(r1, 0xc0045006, &(0x7f0000000080)=0x7f) ioctl$SNDCTL_DSP_SPEED(r1, 0xc0045002, &(0x7f00000000c0)) read$dsp(r1, &(0x7f00000001c0)=""/95, 0x2) 7m16.391104711s ago: executing program 37 (id=100): sched_setaffinity(0x0, 0xff43, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, &(0x7f0000000240)=0x3) ioctl$SNDCTL_DSP_CHANNELS(r1, 0xc0045006, &(0x7f0000000080)=0x7f) ioctl$SNDCTL_DSP_SPEED(r1, 0xc0045002, &(0x7f00000000c0)) read$dsp(r1, &(0x7f00000001c0)=""/95, 0x2) 6m53.545534307s ago: executing program 6 (id=128): r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000001000)={0x2, 0x4e21, @loopback}, 0x10) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r2}, 0x18) sendmsg$rds(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0, 0x0, &(0x7f0000000540)=[@rdma_map={0x30, 0x114, 0x3, {{0x0}, 0x0, 0x41}}], 0x30}, 0x0) 6m52.503153311s ago: executing program 6 (id=130): bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0x0, 0x0, &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x19}, 0x94) r0 = syz_io_uring_setup(0x53f, &(0x7f0000000440)={0x0, 0x807734, 0x400, 0x8, 0xfe}, &(0x7f00000000c0)=0x0, &(0x7f00000002c0)=0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x29, 0x0, 0x0, 0x204}]}, 0x10) syz_io_uring_setup(0x10d, &(0x7f0000000200)={0x0, 0x8453, 0x8000, 0x6, 0x88}, 0x0, 0x0) openat$cgroup_freezer_state(0xffffffffffffffff, &(0x7f0000000080), 0x2, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x50, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}) io_uring_enter(r0, 0x47bc, 0x0, 0x0, 0x0, 0x0) 6m50.34145881s ago: executing program 6 (id=132): setsockopt$RXRPC_SECURITY_KEYRING(0xffffffffffffffff, 0x110, 0x2, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) socket$unix(0x1, 0x5, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15) r1 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) r3 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0) socket$netlink(0x10, 0x3, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r3, 0xc06864a1, &(0x7f0000000d40)={0x0, 0x0, r4}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000180)={0x3ff, 0x2, 0x806}) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000006000)=[@in={0x2, 0x0, @local}]}, 0x0) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r3, 0xc00c642e, &(0x7f0000000300)) close_range(r1, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x12, 0xb, 0x0, 0x0) 6m49.094997758s ago: executing program 6 (id=134): sendmsg$RDMA_NLDEV_CMD_SYS_SET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x94) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r2 = accept4(r1, 0x0, 0x0, 0x800) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x10, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="1802000000c4000000000000000000008500000011"], 0x0, 0x1}, 0x94) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000500)={0xffffffffffffffff, 0x0, &(0x7f00000004c0)=@tcp6}, 0x20) bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="150000", @ANYRES32, @ANYBLOB="05000000000000000000", @ANYRES32=0x0, @ANYBLOB="01000000050000000300", @ANYRES32], 0x50) setsockopt$ARPT_SO_SET_ADD_COUNTERS(r2, 0x0, 0x61, &(0x7f0000000600)={'filter\x00', 0x4}, 0x68) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) syz_80211_inject_frame(&(0x7f0000000340)=@broadcast, &(0x7f0000000900)=@mgmt_frame=@probe_response={{{0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {0x8}, @device_b, @broadcast, @random="11c302284448", {0x5, 0x1}, @value=@ver_80211n={0x0, 0x0, 0x3, 0x3, 0x0, 0x2, 0x1}}, 0x3, @random=0x7, 0x2100, @val={0x0, 0x6, @default_ap_ssid}, @void, @void, @void, @val={0x6, 0x2}, @val={0x2d, 0x1a, {0xf4a2, 0x1, 0x1, 0x0, {0x8, 0x1ad1, 0x0, 0x4, 0x0, 0x1, 0x1, 0x1}, 0x300, 0x7fffffff, 0x1}}, @val={0x72, 0x6}, @val={0x71, 0x7, {0x3, 0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x2}}, [{0xdd, 0x6, "5be25a2b259d"}]}, 0x69) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 6m47.152914459s ago: executing program 6 (id=135): r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x101000, 0x108) getdents64(r0, &(0x7f00000052c0)=""/4120, 0x1018) 6m46.416638018s ago: executing program 6 (id=136): add_key$keyring(&(0x7f0000000000), 0x0, 0x0, 0x0, 0xfffffffffffffffe) r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x2200, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x844}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$inet6(0xa, 0x80002, 0x0) connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0xfffffffd, @local, 0x2}, 0x1c) sendmmsg$inet6(r4, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00) write$tcp_mem(0xffffffffffffffff, 0x0, 0x0) getsockopt$inet6_tcp_buf(0xffffffffffffffff, 0x6, 0xd, 0x0, &(0x7f0000000280)) execve(&(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000000500)={[0x0, &(0x7f0000000100)='security.']}) 6m30.995532873s ago: executing program 38 (id=136): add_key$keyring(&(0x7f0000000000), 0x0, 0x0, 0x0, 0xfffffffffffffffe) r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x2200, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x844}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$inet6(0xa, 0x80002, 0x0) connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0xfffffffd, @local, 0x2}, 0x1c) sendmmsg$inet6(r4, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00) write$tcp_mem(0xffffffffffffffff, 0x0, 0x0) getsockopt$inet6_tcp_buf(0xffffffffffffffff, 0x6, 0xd, 0x0, &(0x7f0000000280)) execve(&(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000000500)={[0x0, &(0x7f0000000100)='security.']}) 4m32.824753326s ago: executing program 7 (id=303): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) setsockopt$bt_l2cap_L2CAP_OPTIONS(r0, 0x6, 0x1, &(0x7f00000000c0)={0x0, 0x747, 0x3, 0x4, 0xfb, 0x8, 0x101}, 0xc) connect$bt_l2cap(r0, 0x0, 0x0) sendmmsg(r0, &(0x7f0000000640)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000300)="13c939dbbafebf94500b0042cb38d9fac34e34fc993e73fde68ed46237b35b0f14f7cb", 0x23}], 0x1, &(0x7f0000000880)}}], 0x2, 0x20004840) 4m31.725427635s ago: executing program 7 (id=307): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x24}}, 0x0) getsockname$packet(r1, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000000016000000", @ANYRES32=r2, @ANYBLOB="0000000200000000280012000c0001"], 0x48}}, 0x0) sendmsg$IPCTNL_MSG_EXP_DELETE(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="cc0000000202010200000000000000000100000308000940000000040400038094000a800800014000000000080001400000000108000140000000017800028006000340000000001400018008000100ac1414bb08000200e00000012c00018014000300fe8000000000000000bb14000400fe8000000000000000000000000000352c00018014000300fe88000000000000000000000000010114000400fc0100"/174], 0xcc}, 0x1, 0x0, 0x0, 0x81}, 0x800) socket$kcm(0x10, 0x2, 0x10) mmap(&(0x7f0000d30000/0x3000)=nil, 0x3000, 0x0, 0x12, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000f6e000/0x1000)=nil, 0x1000, 0x3000006, 0x12, 0xffffffffffffffff, 0x5c2a7000) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r3, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.swap.current\x00', 0x275a, 0x0) mmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x2000003, 0x28011, r4, 0xac9d4000) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000440)=@newtaction={0x58, 0x30, 0x53b, 0x0, 0x0, {0x9}, [{0x44, 0x1, [@m_sample={0x40, 0x1, 0x0, 0x0, {{0xfffffffffffffe3e}, {0x14, 0x2, 0x0, 0x1, [@TCA_SAMPLE_PSAMPLE_GROUP={0x0, 0x5, 0xd026}, @TCA_SAMPLE_TRUNC_SIZE={0x0, 0x4, 0x1}]}, {0x4}, {0xc}, {0xc, 0x4, {0x3}}}}]}]}, 0x58}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000140)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x4, 0x4, 0x4, 0x10000, 0x808, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x50) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) r6 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_SIOCETHTOOL(r6, 0x8946, &(0x7f0000000180)={'caif0\x00', &(0x7f0000000540)=@ethtool_link_settings={0x4d, 0x400, 0xf, 0x80, 0x0, 0x0, 0xc, 0x0, 0x0, 0x4, [0x0, 0x4, 0x4, 0x0, 0x0, 0x0, 0x3, 0xd]}}) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r7 = socket$nl_route(0x10, 0x3, 0x0) r8 = socket(0x10, 0x803, 0x4) syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r8) getsockname$packet(r8, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) sendmsg$nl_route_sched(r7, &(0x7f0000000280)={0x0, 0x11, &(0x7f0000000300)={&(0x7f00000003c0)=@delchain={0x3c, 0x2c, 0xf31, 0x0, 0x2000, {0x0, 0x0, 0x0, r9, {}, {0xfff2, 0xffff}, {0xffff, 0x1}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_FLAGS={0x8, 0x16, 0x2}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4008844}, 0x4010) 4m30.669174081s ago: executing program 7 (id=311): r0 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000280), 0x0) socket$tipc(0x1e, 0x5, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = socket$tipc(0x1e, 0x2, 0x0) add_key(&(0x7f0000000040)='ceph\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffd) setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000180)={0x42, 0x0, 0x2}, 0x10) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff) syz_open_dev$cec(&(0x7f0000000080), 0x0, 0x4802) syz_emit_ethernet(0x36, &(0x7f0000000000)={@local, @broadcast, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "b81923", 0x0, 0x0, 0x0, @local, @local}}}}, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup.cpu/cgroup.procs\x00', 0xa00, 0x1c2) inotify_add_watch(r5, 0x0, 0x42000200) 4m27.292624215s ago: executing program 7 (id=315): connect$inet6(0xffffffffffffffff, &(0x7f00000001c0)={0xa, 0x4e22, 0x3ff, @empty, 0x1}, 0x1c) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4) setsockopt$IP_VS_SO_SET_TIMEOUT(0xffffffffffffffff, 0x0, 0x48a, &(0x7f0000000000)={0xd, 0x8, 0x3a1}, 0xc) 4m25.861881898s ago: executing program 7 (id=319): r0 = syz_open_dev$cec(&(0x7f0000000400), 0x0, 0x80200) ioctl$CEC_ADAP_S_LOG_ADDRS(r0, 0xc05c6104, &(0x7f00000001c0)={"f2efe21e", 0x0, 0x5, 0x1, 0x0, 0x80000000, "2179d46fd08e3c0ced34c7d0c7e6d7", '\x00', '\x00', '\x00', ["1af0b1ba1cb8fd54c9c9b587", '\x00', "33af343c60abc64f2fdc9ddf", "a300"]}) r1 = syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x0) ioctl$CEC_TRANSMIT(r1, 0xc0386105, &(0x7f0000000d40)={0x2, 0x3, 0x3, 0xfffffffc, 0x0, 0x4063, "57c1169b6664ea61326ac71ae7213059", 0x0, 0x0, 0x0, 0xfd, 0x5, 0x1}) 4m23.989018957s ago: executing program 7 (id=322): syz_open_dev$dri(0x0, 0x1ff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$pppl2tp(0x18, 0x1, 0x1) r4 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r3, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r4, {0x2, 0x0, @broadcast}, 0x2, 0x0, 0x4}}, 0x2e) r5 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_SESSION_DELETE(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x34, r5, 0x1, 0x1070bd2c, 0x4, {0x5}, [@L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}, @L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0xaa8}, @L2TP_ATTR_SESSION_ID={0x8}, @L2TP_ATTR_PW_TYPE={0x6, 0x1, 0x7}]}, 0x34}, 0x1, 0x0, 0x0, 0x40811}, 0x20) 4m7.440312045s ago: executing program 39 (id=322): syz_open_dev$dri(0x0, 0x1ff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$pppl2tp(0x18, 0x1, 0x1) r4 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r3, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r4, {0x2, 0x0, @broadcast}, 0x2, 0x0, 0x4}}, 0x2e) r5 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_SESSION_DELETE(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x34, r5, 0x1, 0x1070bd2c, 0x4, {0x5}, [@L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}, @L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0xaa8}, @L2TP_ATTR_SESSION_ID={0x8}, @L2TP_ATTR_PW_TYPE={0x6, 0x1, 0x7}]}, 0x34}, 0x1, 0x0, 0x0, 0x40811}, 0x20) 10.430996259s ago: executing program 8 (id=1076): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r3 = dup(r2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r3, 0x2000) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000140)=ANY=[@ANYRESHEX, @ANYRES32], 0x10000) sendmsg$NFT_BATCH(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x68}, 0x1, 0x0, 0x0, 0x40}, 0x4810) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x68}}, 0x0) r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r5 = dup(r4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1, 0x38011, r5, 0x9988000) socket$pppoe(0x18, 0x1, 0x0) open(0x0, 0x0, 0x0) fadvise64(r4, 0x18, 0x0, 0x4) 3.399783019s ago: executing program 8 (id=1114): socket$inet6(0xa, 0x2, 0x0) r0 = signalfd(0xffffffffffffffff, &(0x7f00000002c0)={[0x7fffffff]}, 0x8) r1 = gettid() timer_create(0x0, &(0x7f0000000180)={0x0, 0x11, 0x4, @tid=r1}, &(0x7f0000000080)) read$FUSE(r0, &(0x7f0000000e00)={0x2020}, 0xffd0) timer_settime(0x0, 0x0, &(0x7f0000000300)={{0x0, 0x1}, {0x0, 0xe4c}}, 0x0) 3.327039286s ago: executing program 9 (id=1115): r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0xe22, 0x0, @rand_addr, 0x3}, 0x1c) connect$inet6(r0, &(0x7f0000000600)={0x2, 0x4e23, 0x0, @dev={0xfe, 0x80, '\x00', 0x34}, 0x4}, 0x1c) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x10000000, @local, 0x2}, 0x1c) r1 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r1, &(0x7f0000001200)=[{&(0x7f0000000080)="580000001400add427323b472545b45602117fffffff81004e230e227f000001925aa80020007b00090080007f000001e809000000ff0000f03ac71002000000ffffffffffffffffffe7ee0000000000000000", 0x53}], 0x1) 3.099192294s ago: executing program 2 (id=1117): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000001c00)={0x2, 0x4e23, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000001bc0)={0x2, 0x4e23, @loopback}, 0x10) sendto(r0, &(0x7f0000000600)="1db4d479c5faee911d50fbdf12a30d7a48b2c5c84948f3426077a9f0ca1475183db3bf52a6b2cdff59fbb22bae1b2443011fd801251bcef8f165533aacd8c7556dd502000000000000002944", 0x4c, 0x4c080, 0x0, 0x0) sendto$inet(r0, &(0x7f00000002c0)="01a4acc7", 0x4, 0x0, 0x0, 0x0) 2.63458754s ago: executing program 9 (id=1118): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x4000000) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x38, &(0x7f0000000280)=[@in6={0xa, 0x4e21, 0x7ff, @private2, 0xeb2}, @in6={0xa, 0x4e21, 0x7, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x9}]}, &(0x7f0000000180)=0x10) r1 = socket$netlink(0x10, 0x3, 0x4) writev(r1, &(0x7f0000000080)=[{&(0x7f0000000340)="480000001400190d09034beafd0d36020a841a000000230f00000000a2bc5603ca00000f7f89004e00200000000101ff00c00e03000200000000000000000300005839c90091", 0x46}], 0x1) 2.590778204s ago: executing program 2 (id=1119): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000740)={'wlan1\x00', 0x0}) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_REGISTER_FRAME(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000c80)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000003a00000008000300", @ANYRES32=r2], 0x24}}, 0x0) 2.356207292s ago: executing program 1 (id=1121): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f00000001c0)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000000200000008000300", @ANYRES32=r3, @ANYBLOB="0c00990000000000040000000800a0009e09000008009f0005000000080026008009"], 0x48}}, 0x0) 2.146908213s ago: executing program 2 (id=1122): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="9f01000083667d1040206402d14e0102030109021b000100000000090400000190f19c000905f3ed"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000600)={0x44, &(0x7f0000001000)=ANY=[@ANYBLOB="440f01"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000980)={0x34, &(0x7f00000006c0)={0x40, 0x16}, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000780)={0x44, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) 2.146737377s ago: executing program 3 (id=1123): r0 = socket(0x2000000000000021, 0x2, 0x10000000000002) connect$rxrpc(r0, &(0x7f0000000140)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x8, @multicast2}}, 0x24) sendmmsg(r0, &(0x7f0000000000)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18, 0xe000}, 0x5}], 0x1, 0x0) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f0000001400)={'gre0\x00', &(0x7f0000001340)={'ip_vti0\x00', 0x0, 0x8, 0x7800, 0x8, 0x2, {{0x5, 0x4, 0x1, 0x3, 0x14, 0x64, 0x0, 0x6, 0x4, 0x0, @rand_addr=0x64010101, @broadcast}}}}) 2.091874546s ago: executing program 8 (id=1124): ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(0xffffffffffffffff, 0xc0a85320, &(0x7f0000000180)={{0x80}, 'port0\x00', 0x5e, 0xa1c07, 0x6, 0x0, 0x100000, 0x7fffffff, 0x0, 0x0, 0x0, 0x1d}) r0 = epoll_create(0x4) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, 0xffffffffffffffff, &(0x7f0000000080)={0x40000014}) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140), 0x8417f, 0x0) 1.888972564s ago: executing program 1 (id=1125): r0 = syz_open_dev$vbi(&(0x7f0000000080), 0x1, 0x2) ioctl$VIDIOC_S_DV_TIMINGS(r0, 0xc0845657, &(0x7f0000000580)={0x0, @bt={0x72, 0x7c5, 0x1, 0x0, 0xd59f7d, 0x2, 0x9, 0xb, 0x40008, 0x0, 0x722, 0x1d3e, 0x7, 0x9, 0x2f, 0x0, {0xfff7945a, 0xfffffffd}, 0x1, 0xf1}}) 1.838540848s ago: executing program 3 (id=1126): r0 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) unshare(0x40000) sched_setscheduler(0x0, 0x0, &(0x7f00000000c0)=0x5) sendmsg$nl_route_sched(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000200)=@newqdisc={0x50, 0x24, 0xd0f, 0x70bd28, 0x0, {0x60, 0x0, 0x0, r1, {0x0, 0x2}, {0xffff, 0xffff}, {0x4}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x1c, 0x2, [@TCA_FQ_CODEL_CE_THRESHOLD_SELECTOR={0x5, 0xa, 0x3}, @TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x1}, @TCA_FQ_CODEL_INTERVAL={0x8, 0x3, 0x9}]}}]}, 0x50}, 0x1, 0x0, 0x0, 0x40001d4}, 0x8840) 1.774386274s ago: executing program 8 (id=1127): syz_mount_image$nilfs2(&(0x7f0000000380), &(0x7f0000000a40)='./file0\x00', 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0044159743df776a5de9392543da7d297b3dea"], 0xf, 0xa02, &(0x7f0000001ec0)="$eJzs3U9sXEcdAOB5a68d16mzhgKmoYmBAqmgTrCtKrmkMZRrpN7KsQppiHBTlHBpVakpUsUNRap67IGqh1wQFeLSA1JEVUQvQZQ7CoVKVVGgFQipoNYo9sx6d+zH/rG99vp9n/Tz+L2ZfTPPu943fp6dCUBl1Va/Li7OFCG89PqLj/zkD698twghHG2WaLSUW9uqhxCKtsevuxUzPv7w2XObpUWYX/2atsPZ283HToYQrobZcCM0wsL7j829ubT08vWbj16efuH02zt0+gAAUCln3/jH7x94761vTP/nF0fOhPHm/tQ/b8TtydjvPxH793n/v2hJi5btZCwrNxIj//thJCs3mtUzWlJfPTtOvaTcWIf6Rlr2bXaeALAfrN/XK2pzbdu12tzc2nX/jlvjY8XcpYvLT1zZpYYCANvmXw+HEM4IIYQQokqxcmi3eyAAQNXl44U3uJqPLNia5tEOdFf/7aXa5o+HbTDo17/6h6v+V5/3jsP22a+vpnRe6fcojWPIxxGOZI/r9fe/lh1ntMd2lo0rHJbxhmXtzH+ue1VZ+3t9HndLWfvz8bB7VVn783G6e1VZ+8cH3I5+lbX/wIDb0a+y9k80v9uvV7jtcd/q1/V3iyNZfuv1M39PH5b3eACg3UfG/wkhhBCVi+d2uwMCAOw5+fw4K1HKz+fjyfPzeXjy/HxeoDx/vEP+gQ75AMBGC7+68PNrxfr/+bc6Hi6Nu7grppM9ticfrdFr/Vsd97TV+odl3BIA1fbUTxe/89aZpZG1+X/Xr2WfZPP/prl6r8XtNO7yYLbdnPt3tr2eWkm5gztxUgDA/5Wuv2Xz/94dt2dCvXji4vL5E3F7Kqa/G6+P39n/zQG3GwDoX7fz/8+E9vn/Dzb312ut/YJD6/uL1n5BI9s/X7J/IW5Px/T74xOr++fOPbX8ve0+eQCoqDe+dfC1D357Kazd/1///3e6/59u4zfiWLsPYoHUT0j3Bzbc/z/WXs9UWbkT7eUOlZU72V6ukZWrx8jn3cjHB05kj0vjFNK4h9TfSeMap8vak02QMZaVG41xd9aeqaw9G873RHt78nloUv2NbH8+7iGVmw4AsNGVp5/5wePLy+cv+8Y3vqngN8+FEDbL2u13JmCnHf/Rkz88fuXpZx68+OTjF85fOH9pYXH+1KmHFucXHzq+el//eOvdfQBgP1jv9O92SwAAAAAAAAAAAAAAgDKD+KTxbp8jANDu7w+HEM6ILEb2QBuEECk+2gNtEGKfxcpKvuIvAMBg9bre/lY1jxbn80/rHqT04IN/nL4Tqdjtpfb+kvWL2U6Dfv2rf7jqf/X57a2/ub5I1+9/tfYDzPZX761fnjzZWv+9o13Wn5//sf7q/3NW/9dCd/Wv/Cyrv8+pcd/J6r+ry/o3nP/J/ur/S6z/nrh97Mvd1t/+/Kf1dtJyOBPZ+UyW1P/Xevv5p7X9ej7/Az2cdIt34/kDQBXVdrsBOyT1ElI/OvVDWtfnCy3r7IWsfLf9/1p2nHy9vn6l46Z+0BfjdurupHUD8/UOe21/Wp9wKjtu0WW/tuz1Myz/VSpr/3Y9jzutrP35epB7VVn7xwbcjn6VtT//vdyrytrf559VA1fW/okBt2NYHY5p2fUwXX+mYl7abmTbk5s8F/u1bwEAw+7bp2/ef+3rozfy9fnTdT39GTgZ/6a+npXL+wsTWd+xyMp/KaY/jukrMf1NTN/Jjrez/20DgGp6z+f/hBBCiMpF1T//5/4CVVb113/Vz7/a7/6e/07S6yO/j5+Mdsivt+SPbJI/1uHx41l+/nwd6JB/T3bclSjlf6ZD/mc75H+uQ/5Mh/xDHfLv7ZB/uEP+FzrkH+mQf7RDPgDD6fMx9f4OANWRj/tz/QeA/S9NrOP6DwDV8amYll3/7+uQDwAMn0/H1PUdACqk2Hymx63O2wMMjzS/dPo9j8uBhPtj+pWYfjWmab2UPpdfAfaA//7713+7VqzP93c4y+92Pvmi1v7Ju3z9nwe6bE/++b1e57NvdFnPTtU/vcX6AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABis2urXxcWZIoSXXn/xkX+e+tO7RQjhaLNEo6Xc2la9ZXu27TghvFaspR9/+Oy51vSTmBZhPhShaO4PZ283a5oMIVwNs+FGaISF9x+be3Np6eXrNx+9PP3C6bd38EcAAAAA+97/AgAA//87+jkE") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.io_queued_recursive\x00', 0x275a, 0x0) syz_mount_image$msdos(&(0x7f0000000940), &(0x7f0000001cc0)='.\x00', 0x1a4a438, &(0x7f00000008c0)=ANY=[], 0xb, 0x0, &(0x7f0000000000)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) ftruncate(r0, 0xc17a) syz_genetlink_get_family_id$nfc(&(0x7f0000002040), 0xffffffffffffffff) fdatasync(r0) 1.534758513s ago: executing program 1 (id=1128): unshare(0x8000480) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0x11, 0x0, 0x0) 1.534586185s ago: executing program 3 (id=1129): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x1) ioctl$TCSETS(r0, 0x8925, &(0x7f0000000080)={0x6, 0xffff, 0x0, 0xd, 0x0, "5dee000000594000"}) 1.449045314s ago: executing program 9 (id=1130): r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0xe22, 0x0, @rand_addr, 0x3}, 0x1c) connect$inet6(r0, &(0x7f0000000600)={0x2, 0x4e23, 0x0, @dev={0xfe, 0x80, '\x00', 0x34}, 0x4}, 0x1c) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x10000000, @local, 0x2}, 0x1c) r1 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r1, &(0x7f0000001200)=[{&(0x7f0000000080)="580000001400add427323b472545b45602117fffffff81004e230e227f000001925aa80020007b00090080007f000001e809000000ff0000f03ac71002000000ffffffffffffffffffe7ee0000000000000000020000", 0x56}], 0x1) 1.303207317s ago: executing program 2 (id=1131): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x2000008, &(0x7f0000000080), 0x0, 0x52e, &(0x7f0000000f00)="$eJzs3cFvI1cZAPBvnDib7GabFDhApZZCi7IVrJ00tI04lCIhOFVClPsSEieK4sRR7LSbqILsX4CEECBxggsXJP4AJLQSF44IqRKcQSoCIdiCBAfoINvjJDjjxFuceNf5/aTZeW/GM9/3vHnjmfHTOIAr69mIeC0i3k/T9IWImMmWF7IpDttT83XvPXh7pTklkaZv/DWJJFvW2VeSzW9km01GxFe/HPGN5HTc+v7B5nK1WtnN6uXG1k65vn9we2Nreb2yXtleXFx4eemVpZeW5gfSzpsR8eoX//i9b//kS6/+4jNv/eHOn299s5nWdLb+ZDse0vhZK9tNL16b7Npg9wMGexQ121PsVKb62+beBeYDAEBvzXP8D0XEJyPihZiJsbNPZwEAAIDHUPr56fh3EpHmm+ixHAAAAHiMFFpjYJNCKRsLMB2FQqnUHsP7kbheqNbqjU+v1fa2V9tjZWejWFjbqFbms7HCs1FMmvWFVvm4/mJXfTEinoyI785MteqllVp1ddg3PwAAAOCKuNF1/f+Pmfb1PwAAADBiZoedAAAAAHDhXP8DAADA6HP9DwAAACPtK6+/3pzSzu9fr765v7dZe/P2aqW+WdraWymt1HZ3Suu12nrrmX1b5+2vWqvtfDa29+6WG5V6o1zfP7izVdvbbtzZiMlLaRAAAABwypMfv/+7JCIOPzfVmpomhp0UcCnGj0pJNs/p/b9/oj1/95KSAi7FWB+vefda/nLnCfB4G+9e0KOvA6OnOOwEgKFLzlnfc/DOr7P5JwabDwAAMHhzH8v//v/87wUOC5eQHnCBdGK4uro+59OZYSUCXLrWff9+B/I4WYCRUuxrBCAwyv7v7//PlaYPlRAAADBw060pKZSy23vTUSiUShE3Wz8LUEzWNqqV+Yh4IiJ+O1O81qwvtLZMzr1mAAAAAAAAAAAAAAAAAAAAAAAAAADa0jSJFAAAABhpEYU/Jb9sP8t/bub56e77AxPJv1o/CTwREW/98I3v311uNHYXmsv/drS88YNs+YvDuIMBAAAAdOtcp7fm/xx2NgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACMmvcevL3Smfp4+dSg4v7lCxExmxd/PCZb88koRsT1vycxfmK7JCLGBhD/8F5EfDQvftJM6yhkXvxBvAnnxI/Z7F3Ii39jAPHhKrvfPP68ltf/CvFsa57f/8Yj/qf+QfU+/sXR8W+sR/+/2WeMp975Wbln/HsRT43nH3868ZMe8Z/rM/7Xv3Zw0Gtd+qOIuc7nT+uIdzLCcanc2Nop1/cPbm9sLa9X1ivbi4sLLy+9svTS0nx5baNayf7NjfGdp3/+/lntv577+Zdk2fRu//M5+8v7TPrPO3cffLhTOTwd/9ZzOfF/9ePsFafjF7I4n8rKzfVznfJhu3zSMz/9zTNntX/1uP3Fh/n/v9Vrp91OdZSn+/3TAQAuQH3/YHO5Wq3sjmyheZX+CKSh8AgWvjXQHaZpmjb7VM6q+xHRz36SGHBLC/n5HBd6HgGGfWQCAAAG7fikf9iZAAAAAAAAAAAAAAAAAAAAwNV1GU9Z6455/AjkZBCP0AYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGIj/BgAA//8RHtP4") mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f00000004c0)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000000), 0x0, &(0x7f0000000380)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f00000000c0)='./bus\x00') open(0x0, 0x14927e, 0x20) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x101000, 0x108) openat$incfs(0xffffffffffffff9c, &(0x7f0000000040)='.log\x00', 0x1a10c3, 0x9c37611dc13d0d03) getdents64(r0, 0x0, 0x0) 1.159807226s ago: executing program 1 (id=1132): syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000140)='./file1\x00', 0x1008400, &(0x7f0000000080)=ANY=[], 0x85, 0x676, &(0x7f0000000800)="$eJzs3c1vHGcdB/DvbNZONpTUbZM2RZUSNRIgIhI7Vgrm0oAQyqFCVTlwthInsbJJi+0it0LUvF97yB9QDr5xQEjcI8qFC9x69bESgksvmNOimZ1db/y6bhOvHT6favw8M888z/ye387s7EujDfB/6/rFNB+myPWLbyyX62ur0+211el7vXqS40kaSbNbpPhPp9P5OLmW7pKXy431cMVOx3kwP/PWJ5+tfdpda9ZLtX9jt37DWamXnE9yrC4f13g39hrvxF7DFf0Zlgm70EscjNpYkk7lXw+6W37yt2f6LQNa2/Xe88wHjoCie9/cYiI5WV/o5euA7l2xe88+0lZGHQAAAAAcgGfXs57lnBp1HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHCU1L//X9RLo1c/n6L3+//j9bbU9cPl3P52f/ik4gAAAAAAAACAA3RuPetZzqneeqeovvN/tVo5Xf39Ut7NYuaykEtZzmyWspSFTCWZGBhofHl2aWlhqt+z938GbO15ZdueV/YI9Hhdth7HrAEAAAAAAADgqfPLXN/4/h8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6DIjnWLarldK8+kUYzyYkk4+V+K8k/evWj7OGoAwAAAIAvoDPkfs+uZz3LOdXvV1Tv+V+s3vefyLu5n6XMZyntzOVm9VlA911/Y211ur22On2vXLaO+91/7yvcasR0P3vY/shnqz1auZX5asul3MjbKYqbaVQ9S2d78Wwf1y/KmIrXu8aGjOxmXZYz/7Aut/hgX5PdyT4/TJmoMjLWz8hkHVuZjed2z8Q+H53NR5pKox/s6U1H2jSJR3L++pDHO1mX5Xx+u1POR2JzJq4MnH0v7p7z5Gt//sOP77Tv371za/Hi4ZnScI7VZfd5pbU1E9MDmXjpac7EFpNVJs7016/nB/lRLuZ83sxC5vPTzGYpczmf71e12fp8LgYu+R0yde2RtTf3imS8PkO7D9ajMWWPmF6t+p7KfH6Yt3Mzc3mt+u9KpvKtXM3VzAw8wmeGeKZt7HDVd768bfAXvl5XWkl+V5eV2829Jv6ElXl9biCvg8+5E1Xb4JaNLD2/j/tRL0t/3D2U5lfqSnmMX9Xl4bA5E1MDmXhh90z8vnpaWWzfv7twZ/ad4Q73/Id1pbyOfnOo7hLl+fJ8+WBVa4+eHWXbC3XbWLVs5Gu8/sal26+xpe1Mv617pa7seKWO16/hto50pWp7adu26art7EDb5tdb7f7roafhyx+Ap9bJb5wcb/2z9ffWR61ft+603jjxvePfPv7KeMb+Ovad5uSxrzZeKf6Uj/Lzjff/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA57f43vt3Z9vtuYVNlU6n88EOTUe50vs5swM86MvPJKOa8niSw5H5/3Y6nXpLcRji2b3SKR1P53N2/0uS4XZuJtmu6dzokzDiJybgibu8dO+dy4vvvf/N+Xuzt+duz92fuXp1ZnLm6mvTl2/Nt+cmu39HHSXwJGzc9EcdCQAAAAAAAAAAADCsg/jnBDsf/cRBThUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4oq5fTPNhikxNXpos19dWp9vl0qtv7NlM0khS/CwpPk6upbtkYmC4YqfjPJifeeuTz9Y+3Rir2du/sVu/4azUS84nOVaXj2u8G194vKI/wzJhF3qJg1H7XwAAAP//DJEGHw==") read$FUSE(0xffffffffffffffff, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x4b) getdents(r0, &(0x7f0000000100)=""/97, 0x61) 1.019709952s ago: executing program 8 (id=1133): r0 = socket$rds(0x15, 0x5, 0x0) ioctl$sock_ifreq(r0, 0x8991, &(0x7f0000000080)={'vlan1\x00', @ifru_settings={0x6dd, 0x80000001, @te1=0x0}}) 1.01608564s ago: executing program 3 (id=1134): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_MSG_GETOBJ(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)={0x14, 0x13, 0xa, 0x301, 0x0, 0x0, {0x2}}, 0x14}}, 0x24004050) 1.014153596s ago: executing program 9 (id=1135): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f00000001c0)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000000200000008000300", @ANYRES32=r3, @ANYBLOB="0c00990000000000040000000800a0009e09000008009f0005000000080026008009"], 0x48}}, 0x0) 687.57393ms ago: executing program 1 (id=1136): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r0}, 0x10) statx(0xffffffffffffffff, 0x0, 0x2000, 0x10, 0x0) 630.875977ms ago: executing program 2 (id=1137): r0 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x60240) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r0, 0xc0a85320, &(0x7f0000000180)={{0x80}, 'port0\x00', 0x5e, 0xa1c07, 0x6, 0x0, 0x100000, 0x7fffffff, 0x0, 0x0, 0x0, 0x1d}) r1 = epoll_create(0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000080)={0x40000014}) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140), 0x8417f, 0x0) 587.535101ms ago: executing program 3 (id=1138): syz_mount_image$hfsplus(&(0x7f0000000100), &(0x7f0000001540)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2000050, &(0x7f0000000c00)=ANY=[], 0x1, 0x6e5, &(0x7f0000000e40)="$eJzs3c1vHGcdB/DvrNeON1TBaRMaoSBMIhWkiMSJlUK4YBBCOVSoKoeercRprGySKnFRWiFwAcEJiUP/gILkGweExD0oXLiUW68+VkLiEnGIelk0s7P27nr9lvgloZ9PNZnnmeeZZ377m2dmvOtaG+AL6+q5NB+myNVzbzwo66srs+3VldkjdXM7SVluJM3uKsWdpHiUzJXtRd+SvvUGHy1eeevTx6ufdWvNeqn6j2213wgj+i7XS6br8aZH7jm+00Ms1+HlpSTX6vWgiZ2ONdCxTNrZeg2HrjOokc7ybnbfzXULPGd6T6ei+9zcYCo5mmSy/jkg9d2hcXAR7qlv9Aq7ussBAADAC+qTu4cdAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALx4qu//b61VG91NyXSK3vf/T/S21eXn0NyOez7c1zgAAAAAAAAA4GB8/Ume5EGO9eqdovqd/5mqciKfd5Iv5b3cz0Lu5XweZD5LWcq9XEwy1TfQxIP5paV7F9f2LI3e89LIPS8d1CsGAAAAAAAAgP9Lv0pr/ff/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwPCiSse6qWk7U60yl0cx6W5aTfyWZOOx4d6EYtfHhwccBAAAAz2TyKfb58pM8yYMc69U7RfWe/yvV++XJvJc7WcpiltLOQq7X76HLd/2N1ZXZ9urK7O1yKeuD4/7gP7sKY6IeYayqjTryqapHKzeyWG05n2tVMNfT6B77bHKqF09fXH0+LGMqvl/bYWTNOq3lwf6w2acIe2Lwo4jGFj1b68ElaxmZqWMr9zzezUBRfVCTDGdi+OxsOFhzoDZVdRlfO9LFNNY++TmxDzk/Wq/L1/Pbfc35TvTnYi0TjVSZuNSbfeU1s3Umkm/+7c9v32zfuXXzxv1zh/uSdmFsk+3Dc2K2LxOvvtCZaO6y/0yViZNr9av5cX6ac5nOm7mXxfws81nKQjp1+3w9n8t/p7bO1NxA7c3tIpmoz0v3nO0kpun8qCrN50y177EspsjdXM9CXq/+u5SL+U4u53Ku9J3hk5vGXb226qpvDF/1vTP995HBn/1WXSjvbr9bv8vNbfWKN5ude6V77y/zerwvr91Z/3it1/G+62CmL0sv97IzPnLwp7k3Nr9aF8pj/Hqb58TBmqozUV5AvadEL7pXuploVs+ijfP8j51yv7TvdDo359/dZPzlofpr9bqcVitf2653z+hTsbfK+fJyJus7yeDsKNteWbvL9LV11udyt23wiVvud7JqK4relfqT3K0mwMYrdaL+GW7jSJeqtleH2k7X9/Cy7VRf28DPW7mbdq4fQP4AeBr/fHutOJWjE61/tz5pfdz6Tetm643JHx757pHTExn/x/j3mjNjrzVOF3/Nx/nF+vt/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg6d1//4Nb8+32wr3RhcbmTQOFVoa3bDfyUKGov9BnVJ9b9bcU7GrAQy5MJhnYUn3P0YGH0RoOY0Oh88vkwPPT+xLB0X1+XxaaOzrdcwNb/rJxwA+3j2csQ/NwB9fFPhYaOdiDjmX0BDisOxJwUC4s3X73wv33P/j24u35dxbeWbgzfvnylZkrl1+fvXBjsb0w0/33sKME9sP6Q/+wIwEAAAAAAAAAAAB2atQfBpx5abs/GtlQaCQZ/hsP/2chAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsCeunkvzYYpcnDk/U9ZXV2bb5dIrr/dsJmk0kuLnSfEomUt3yVTfcEX+9CidEcf5aPHKW58+Xv1sfaxmt3/SqNeb27o1yXK9ZDrJWL1+BgPjXXvm8Yr/9l5DmbDPO53O3LPFB3vjfwEAAP//qWztYw==") mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1) mkdirat(0xffffffffffffff9c, &(0x7f0000001dc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) 551.887664ms ago: executing program 9 (id=1139): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x60000) ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r0, 0x40505331, &(0x7f0000000140)={{0x8, 0xb8}, {0xf7, 0x2}, 0x9, 0x0, 0x10}) 478.833494ms ago: executing program 8 (id=1140): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x4000000) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x38, &(0x7f0000000280)=[@in6={0xa, 0x4e21, 0x7ff, @private2, 0xeb2}, @in6={0xa, 0x4e21, 0x7, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x9}]}, &(0x7f0000000180)=0x10) r1 = socket$netlink(0x10, 0x3, 0x4) writev(r1, &(0x7f0000000080)=[{&(0x7f0000000340)="480000001400190d09034beafd0d36020a841a000000230f00000000a2bc5603ca00000f7f89004e00200000000101ff00c00e03000200000000000000000300005839c90091", 0x46}], 0x1) 232.63469ms ago: executing program 2 (id=1141): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) r1 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f0000000000)={0x0, 0x0, 0x1b}) ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r3, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000700)=ANY=[@ANYBLOB="020b0f050f00000026bd7000fcdbdf25040004000900000001f8ffffffffffff0500000000000000ff0100000000000002001000000004d2000004d50000000002000a0030000000050000000000000005000500322000000a"], 0x78}}, 0x24048950) setsockopt$inet6_int(r2, 0x29, 0x8, &(0x7f0000000180)=0xffff7b6e, 0x4) r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$PPPIOCNEWUNIT(r4, 0xc004743e, &(0x7f0000000080)=0x4) ioctl$PPPIOCSMAXCID(r4, 0x40047451, 0x0) r5 = openat$ttyS3(0xffffff9c, &(0x7f00000001c0), 0x10000, 0x0) ioctl$TCSETS(r5, 0x5402, &(0x7f0000000200)={0x7, 0x0, 0x9, 0x562d, 0x10, "480517644563d2412e563933f3612496268b45"}) getsockopt$inet6_buf(r2, 0x29, 0x6, &(0x7f0000000000)=""/17, &(0x7f0000000280)=0x11) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0}) syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000740)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xc000, &(0x7f00000006c0), 0x2, 0x246, &(0x7f0000000ac0)="$eJzs3T9oM2UcB/DvXRJf+75BXnURxD8gIloor5vg8rooFKQUEUGFioiL0gq1xa1xcnHQWaWTSxE3q6N0KS6K4FS1Q10ELQ4WBx0iybVS24ja1Jz0Ph+43l3vee73HLnvkyyXBGisq0muJ2klmU7SSVIcb3B3tVw93F2f2l5I+v0nfiqG7ar9ylG/K0l6SR5KslUWeamdrG4+s/fLzmP3vbnSuff9zaenJnqRh/b3dh8/eG/ujY9mH1z94qsf5opcT/dP13X+ihH/axfJLf9Fsf+Jol33CPgn5l/78OtB7m9Ncs8w/52UqV68t5Zv2OrkgXf/qu/bP355+yTHCpy/fr8zeA/s9YHGKZN0U5QzSartspyZqT7Df9O6XL68tPzq9ItLK4sv1D1TAeelm+w++smlj6+cyP/3rSr/wMU1yP+T8xvfDrYPWnWPBpiIO6rVIP/Tz63dH/mHxpF/aC75h+aSf2gu+Yfmkn9oLvmHC6xztNEbeVj+obnkH5pL/qG5jucfAGiW/qW6n0AG6lL3/AMAAAAAAAAAAAAAAAAAAJy2PrW9cLRMquZn7yT7jyRpj6rfGv4ecXLj8O/ln4tBsz8UVbexPHvXmCcY0wc1P31903f11v/8znrrry0mvdeTXGu3T99/xeH9d3Y3/83xzvNjFviXihP7Dz812fon/bZRb/3ZneTTwfxzbdT8U+a24Xr0/NM9/hXLZ/TKr2OeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIn5PQAA//8PK23M") r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='pids.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r6, 0x0) ftruncate(r6, 0xc17a) read$FUSE(r6, &(0x7f0000005f80)={0x2020}, 0x2020) r7 = openat$procfs(0xffffffffffffff9c, &(0x7f0000001a40)='/proc/asound/timers\x00', 0x0, 0x0) read(r7, &(0x7f0000002000)=""/146, 0x92) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000040)) r8 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0) r9 = socket$inet(0x2b, 0x801, 0x0) setsockopt$IP_VS_SO_SET_ADD(r9, 0x0, 0x48f, &(0x7f0000000000)={0x11, @private, 0x11e, 0x0, 'lc\x00'}, 0x2c) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000007, 0x4010, r8, 0x5a2c6000) ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, 0x0) socket$kcm(0x29, 0x5, 0x0) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000240)={0x0, 0x0, 0x0, &(0x7f0000001d00)=""/176, 0x0, 0xffff1000}) 221.990798ms ago: executing program 1 (id=1142): r0 = landlock_create_ruleset(&(0x7f0000000080)={0x2d0, 0x0, 0x1}, 0x18, 0x0) landlock_restrict_self(r0, 0x0) r1 = landlock_create_ruleset(&(0x7f00000002c0)={0x0, 0x1}, 0x18, 0x0) landlock_restrict_self(r1, 0x0) open(&(0x7f00000000c0)='.\x00', 0x8000, 0x50) 122.908352ms ago: executing program 9 (id=1143): r0 = socket$inet6(0xa, 0x3, 0x7) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@loopback, 0x800, 0x0, 0x2000000000903, 0x4, 0x0, 0x5}, 0x56) 0s ago: executing program 3 (id=1144): r0 = openat$sequencer(0xffffff9c, &(0x7f0000000000), 0x200, 0x0) ioctl$AUTOFS_IOC_SETTIMEOUT(r0, 0x80049367, 0x0) kernel console output (not intermixed with test programs): re dquot type 1 [ 511.719542][ T7636] 9pnet_fd: Insufficient options for proto=fd [ 513.588416][ T5818] Bluetooth: hci3: command 0x0406 tx timeout [ 514.320752][ T7565] EXT4-fs (loop8): 1 truncate cleaned up [ 514.329833][ T7565] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 514.343791][ T7565] ext4 filesystem being mounted at /29/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 516.438015][ T7579] EXT4-fs error (device loop8): ext4_validate_block_bitmap:441: comm ext4lazyinit: bg 0: block 248: padding at end of block bitmap is not set [ 517.137759][ T7198] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 517.358244][ T7198] usb 3-1: Using ep0 maxpacket: 16 [ 517.361961][ T6805] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 517.445583][ T7198] usb 3-1: config 0 has an invalid interface number: 68 but max is 0 [ 517.454336][ T7198] usb 3-1: config 0 has no interface number 0 [ 517.461422][ T7198] usb 3-1: config 0 interface 68 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 517.561123][ T7198] usb 3-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=dc.c4 [ 517.570856][ T7198] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 517.579251][ T7198] usb 3-1: Product: syz [ 517.583646][ T7198] usb 3-1: Manufacturer: syz [ 517.588596][ T7198] usb 3-1: SerialNumber: syz [ 517.719734][ T7198] usb 3-1: config 0 descriptor?? [ 517.792657][ T7684] netlink: 24 bytes leftover after parsing attributes in process `syz.7.307'. [ 518.048621][ T7198] usb 3-1: can't set config #0, error -71 [ 518.111541][ T7198] usb 3-1: USB disconnect, device number 8 [ 523.084210][ T7719] loop8: detected capacity change from 0 to 512 [ 523.567018][ T5822] Bluetooth: hci1: command 0x0406 tx timeout [ 523.573385][ T5822] Bluetooth: hci5: command 0x0406 tx timeout [ 524.981801][ T7719] Quota error (device loop8): find_tree_dqentry: Cycle in quota tree detected: block 3 index 0 [ 524.992950][ T7719] Quota error (device loop8): qtree_read_dquot: Can't read quota structure for id 0 [ 525.004911][ T7719] EXT4-fs error (device loop8): ext4_acquire_dquot:6933: comm syz.8.316: Failed to acquire dquot type 1 [ 525.767762][ T7719] EXT4-fs (loop8): 1 truncate cleaned up [ 525.775914][ T7719] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 525.789140][ T7719] ext4 filesystem being mounted at /31/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 526.709416][ T1292] ieee802154 phy0 wpan0: encryption failed: -22 [ 526.716082][ T1292] ieee802154 phy1 wpan1: encryption failed: -22 [ 527.327168][ T7737] loop1: detected capacity change from 0 to 4096 [ 527.383113][ T7737] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [ 527.444113][ T6805] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 527.721529][ T7737] ntfs3(loop1): ino=1a, mi_enum_attr [ 527.721663][ T7737] ntfs3(loop1): Mark volume as dirty due to NTFS errors [ 527.826917][ T30] audit: type=1800 audit(1751833595.493:59): pid=7737 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.321" name="file1" dev="loop1" ino=30 res=0 errno=0 [ 527.827134][ T30] audit: type=1804 audit(1751833595.523:60): pid=7737 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.321" name="/newroot/29/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file1" dev="loop1" ino=30 res=1 errno=0 [ 530.448343][ T7767] loop2: detected capacity change from 0 to 4096 [ 532.844412][ T7791] loop1: detected capacity change from 0 to 512 [ 532.995250][ T7792] overlayfs: failed to resolve './file0': -2 [ 534.619860][ T7798] loop1: detected capacity change from 0 to 1024 [ 536.092898][ T7798] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 537.049175][ T7798] EXT4-fs error (device loop1): ext4_generic_delete_entry:2668: inode #2: block 16: comm syz.1.339: bad entry in directory: inode out of bounds - offset=12, inode=1282, rec_len=12, size=1024 fake=1 [ 537.207656][ T7798] EXT4-fs error (device loop1) in ext4_delete_entry:2739: Corrupt filesystem [ 537.254580][ T7798] EXT4-fs warning (device loop1): ext4_rename_delete:3726: inode #2: comm syz.1.339: Deleting old file: nlink 4, error=-117 [ 538.937427][ T6938] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 542.711671][ T7832] loop2: detected capacity change from 0 to 2048 [ 542.896062][ T7832] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [ 542.904925][ T7832] UDF-fs: Scanning with blocksize 512 failed [ 543.274461][ T7832] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 543.322578][ T7838] loop9: detected capacity change from 0 to 512 [ 543.798059][ T7838] Quota error (device loop9): find_tree_dqentry: Cycle in quota tree detected: block 3 index 0 [ 543.809915][ T7838] Quota error (device loop9): qtree_read_dquot: Can't read quota structure for id 0 [ 543.819809][ T7838] EXT4-fs error (device loop9): ext4_acquire_dquot:6933: comm syz.9.350: Failed to acquire dquot type 1 [ 544.334634][ T7838] EXT4-fs (loop9): 1 truncate cleaned up [ 544.430259][ T7838] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 544.444329][ T7838] ext4 filesystem being mounted at /36/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 544.522064][ T49] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 544.543138][ T49] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 544.568467][ T49] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 544.608476][ T7845] EXT4-fs error (device loop9): ext4_validate_block_bitmap:441: comm ext4lazyinit: bg 0: block 248: padding at end of block bitmap is not set [ 544.630104][ T49] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 544.657680][ T49] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 545.252987][ T6852] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 546.410336][ T7863] usb usb1: check_ctrlrecip: process 7863 (syz.9.355) requesting ep 01 but needs 81 [ 546.763571][ T49] Bluetooth: hci0: command tx timeout [ 547.462197][ T7851] loop1: detected capacity change from 0 to 8192 [ 548.355464][ T7851] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 548.837286][ T49] Bluetooth: hci0: command tx timeout [ 549.069325][ T7846] chnl_net:caif_netlink_parms(): no params data found [ 550.959505][ T49] Bluetooth: hci0: command tx timeout [ 553.005574][ T5869] usb 10-1: new high-speed USB device number 3 using dummy_hcd [ 553.008891][ T5818] Bluetooth: hci0: command tx timeout [ 553.299785][ T5869] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 553.310601][ T5869] usb 10-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 553.320682][ T5869] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 553.703832][ T5869] usb 10-1: config 0 descriptor?? [ 554.015190][ T5869] pwc: Askey VC010 type 2 USB webcam detected. [ 554.209653][ T7896] netlink: 'syz.2.363': attribute type 3 has an invalid length. [ 554.372868][ T5869] pwc: recv_control_msg error -32 req 02 val 2b00 [ 554.445926][ T5869] pwc: recv_control_msg error -32 req 02 val 2700 [ 554.485405][ T7846] bridge0: port 1(bridge_slave_0) entered blocking state [ 554.493333][ T7846] bridge0: port 1(bridge_slave_0) entered disabled state [ 554.501375][ T7846] bridge_slave_0: entered allmulticast mode [ 554.517889][ T7846] bridge_slave_0: entered promiscuous mode [ 554.570635][ T5869] pwc: recv_control_msg error -32 req 02 val 2c00 [ 554.681876][ T5869] pwc: recv_control_msg error -32 req 04 val 1000 [ 554.752833][ T5869] pwc: recv_control_msg error -32 req 04 val 1300 [ 554.846298][ T5869] pwc: recv_control_msg error -32 req 04 val 1400 [ 554.955919][ T5869] pwc: recv_control_msg error -32 req 02 val 2000 [ 555.003372][ T7846] bridge0: port 2(bridge_slave_1) entered blocking state [ 555.015117][ T7846] bridge0: port 2(bridge_slave_1) entered disabled state [ 555.029971][ T7846] bridge_slave_1: entered allmulticast mode [ 555.039398][ T7846] bridge_slave_1: entered promiscuous mode [ 555.081319][ T5869] pwc: recv_control_msg error -32 req 02 val 2100 [ 555.166986][ T5869] pwc: recv_control_msg error -32 req 04 val 1500 [ 555.299571][ T5869] pwc: recv_control_msg error -32 req 02 val 2500 [ 555.529523][ T5869] pwc: recv_control_msg error -71 req 02 val 2600 [ 555.606303][ T5869] pwc: recv_control_msg error -71 req 02 val 2900 [ 555.714386][ T5869] pwc: recv_control_msg error -71 req 02 val 2800 [ 555.766192][ T7902] loop8: detected capacity change from 0 to 512 [ 555.789600][ T5869] pwc: recv_control_msg error -71 req 04 val 1100 [ 555.875343][ T5869] pwc: recv_control_msg error -71 req 04 val 1200 [ 556.018673][ T5869] pwc: Registered as video103. [ 556.027098][ T5869] input: PWC snapshot button as /devices/platform/dummy_hcd.9/usb10/10-1/input/input7 [ 556.386840][ T5869] usb 10-1: USB disconnect, device number 3 [ 556.560760][ T7846] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 557.254662][ T7846] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 557.398287][ T7913] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 557.904273][ T7902] Quota error (device loop8): find_tree_dqentry: Cycle in quota tree detected: block 3 index 0 [ 557.915422][ T7902] Quota error (device loop8): qtree_read_dquot: Can't read quota structure for id 0 [ 557.925434][ T7902] EXT4-fs error (device loop8): ext4_acquire_dquot:6933: comm syz.8.364: Failed to acquire dquot type 1 [ 558.367733][ T7846] team0: Port device team_slave_0 added [ 558.404647][ T7902] EXT4-fs (loop8): 1 truncate cleaned up [ 558.412567][ T7902] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 558.425866][ T7902] ext4 filesystem being mounted at /40/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 558.458674][ T7846] team0: Port device team_slave_1 added [ 559.204030][ T7846] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 559.212468][ T7846] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 559.245870][ T7846] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 559.398161][ T3735] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 559.574575][ T7927] gretap0: entered promiscuous mode [ 559.670091][ T3735] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 559.689865][ T6805] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 559.771599][ T7846] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 559.779112][ T7846] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 559.805934][ T7846] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 559.940869][ T3735] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 560.323757][ T3735] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 561.027861][ T7935] loop1: detected capacity change from 0 to 32768 [ 561.144576][ T7935] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 561.153595][ T7935] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 561.233783][ T7941] Invalid ELF header magic: != ELF [ 561.281150][ T7935] gfs2: fsid=syz:syz.0: journal 0 mapped with 3 extents in 0ms [ 561.414785][ T5869] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 561.422085][ T5869] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 561.885016][ T7846] hsr_slave_0: entered promiscuous mode [ 561.893610][ T7846] hsr_slave_1: entered promiscuous mode [ 561.902403][ T7846] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 561.910601][ T7846] Cannot create hsr debugfs directory [ 562.472946][ T3735] bridge_slave_1: left allmulticast mode [ 562.479232][ T3735] bridge_slave_1: left promiscuous mode [ 562.485816][ T3735] bridge0: port 2(bridge_slave_1) entered disabled state [ 562.551446][ T5869] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 1129ms [ 562.560817][ T5869] gfs2: fsid=syz:syz.0: jid=0: Done [ 562.566656][ T7935] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 562.568584][ T3735] bridge_slave_0: left allmulticast mode [ 562.580169][ T3735] bridge_slave_0: left promiscuous mode [ 562.586887][ T3735] bridge0: port 1(bridge_slave_0) entered disabled state [ 564.265678][ T7935] gfs2: fsid=syz:syz.0: found 1 quota changes [ 565.212461][ T3735] bond1 (unregistering): (slave ip6erspan0): Releasing active interface [ 565.703807][ T3735] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 565.767622][ T3735] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 565.832607][ T3735] bond0 (unregistering): Released all slaves [ 565.855063][ T3735] bond1 (unregistering): Released all slaves [ 566.936736][ T5876] usb 9-1: new high-speed USB device number 2 using dummy_hcd [ 567.108031][ T3735] hsr_slave_0: left promiscuous mode [ 567.147002][ T3735] hsr_slave_1: left promiscuous mode [ 567.154883][ T3735] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 567.162863][ T3735] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 567.186962][ T5876] usb 9-1: Using ep0 maxpacket: 8 [ 567.218853][ T7962] loop2: detected capacity change from 0 to 4096 [ 567.251172][ T3735] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 567.259671][ T3735] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 567.314547][ T5876] usb 9-1: config index 0 descriptor too short (expected 301, got 45) [ 567.323379][ T5876] usb 9-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 567.333645][ T5876] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 567.343952][ T5876] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 567.354433][ T5876] usb 9-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 567.368049][ T5876] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 567.377600][ T5876] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 567.427387][ T3735] veth1_macvtap: left promiscuous mode [ 567.433293][ T3735] veth0_macvtap: left promiscuous mode [ 567.439513][ T3735] veth1_vlan: left promiscuous mode [ 567.441845][ T7971] loop9: detected capacity change from 0 to 512 [ 567.444970][ T3735] veth0_vlan: left promiscuous mode [ 568.002576][ T5876] usb 9-1: usb_control_msg returned -32 [ 568.008811][ T5876] usbtmc 9-1:16.0: can't read capabilities [ 568.093803][ T7971] Quota error (device loop9): find_tree_dqentry: Cycle in quota tree detected: block 3 index 0 [ 568.105047][ T7971] Quota error (device loop9): qtree_read_dquot: Can't read quota structure for id 0 [ 568.116130][ T7971] EXT4-fs error (device loop9): ext4_acquire_dquot:6933: comm syz.9.380: Failed to acquire dquot type 1 [ 568.187397][ T7962] ntfs3(loop2): ino=5, "/" mi_enum_attr [ 568.193271][ T7962] ntfs3(loop2): Mark volume as dirty due to NTFS errors [ 568.246250][ T7971] EXT4-fs (loop9): 1 truncate cleaned up [ 568.254493][ T7971] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 568.267638][ T7971] ext4 filesystem being mounted at /45/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 568.488592][ T3735] pim6reg (unregistering): left allmulticast mode [ 568.504212][ T7980] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 568.510986][ T7980] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 568.545065][ T7980] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 568.551672][ T7980] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 568.587558][ T7983] usbtmc 9-1:16.0: stb usb_control_msg returned -32 [ 568.627075][ T5869] usb 9-1: USB disconnect, device number 2 [ 568.824510][ T7980] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 568.831130][ T7980] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 568.955702][ T7980] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 568.963319][ T7980] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 569.076083][ T7980] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 569.082691][ T7980] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 569.327433][ T7980] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 569.377356][ T6852] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 569.391040][ T3735] team0 (unregistering): Port device team_slave_1 removed [ 569.532078][ T3735] team0 (unregistering): Port device team_slave_0 removed [ 570.447598][ T5818] Bluetooth: hci3: command 0x0406 tx timeout [ 570.678432][ T5818] Bluetooth: hci1: command 0x0406 tx timeout [ 570.897316][ T5818] Bluetooth: hci5: command 0x0406 tx timeout [ 570.998530][ T5818] Bluetooth: hci4: command 0x0406 tx timeout [ 571.270986][ T49] Bluetooth: hci0: command 0x0c1a tx timeout [ 572.511089][ T3735] IPVS: stop unused estimator thread 0... [ 572.599198][ T5818] Bluetooth: hci3: command 0x0406 tx timeout [ 572.757297][ T5818] Bluetooth: hci1: command 0x0406 tx timeout [ 572.918894][ T5818] Bluetooth: hci5: command 0x0406 tx timeout [ 573.091894][ T5818] Bluetooth: hci4: command 0x0406 tx timeout [ 573.151055][ T5869] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 573.164005][ T5869] hid-generic 0000:0000:0000.0003: hidraw0: HID v0.00 Device [syz1] on syz0 [ 573.347153][ T5818] Bluetooth: hci0: command 0x0c1a tx timeout [ 573.439212][ T8010] loop1: detected capacity change from 0 to 1024 [ 573.577854][ T8010] EXT4-fs: Ignoring removed nomblk_io_submit option [ 573.703573][ T8010] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 573.832390][ T8010] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 574.945678][ T6938] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 575.004167][ T7846] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 575.158251][ T7846] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 575.289841][ T7846] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 575.409660][ T49] Bluetooth: hci0: command 0x0c1a tx timeout [ 575.445283][ T7846] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 576.405961][ T8033] loop9: detected capacity change from 0 to 512 [ 576.704212][ T8033] Quota error (device loop9): find_tree_dqentry: Cycle in quota tree detected: block 3 index 0 [ 576.715335][ T8033] Quota error (device loop9): qtree_read_dquot: Can't read quota structure for id 0 [ 576.725387][ T8033] EXT4-fs error (device loop9): ext4_acquire_dquot:6933: comm syz.9.391: Failed to acquire dquot type 1 [ 576.868064][ T8033] EXT4-fs (loop9): 1 truncate cleaned up [ 576.875914][ T8033] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 576.889125][ T8033] ext4 filesystem being mounted at /48/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 577.142004][ T7846] 8021q: adding VLAN 0 to HW filter on device bond0 [ 577.500011][ T49] Bluetooth: hci0: command 0x0c1a tx timeout [ 577.820081][ T6852] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 579.518685][ T8054] loop9: detected capacity change from 0 to 256 [ 580.061081][ T8036] fido_id[8036]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 580.173316][ T7846] 8021q: adding VLAN 0 to HW filter on device team0 [ 580.334366][ T7624] bridge0: port 1(bridge_slave_0) entered blocking state [ 580.342032][ T7624] bridge0: port 1(bridge_slave_0) entered forwarding state [ 580.469197][ T7624] bridge0: port 2(bridge_slave_1) entered blocking state [ 580.476784][ T7624] bridge0: port 2(bridge_slave_1) entered forwarding state [ 580.737178][ T8057] loop1: detected capacity change from 0 to 256 [ 580.994171][ T8057] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x89cb6648, utbl_chksum : 0xe619d30d) [ 581.146394][ T30] audit: type=1800 audit(1751833648.843:61): pid=8057 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.397" name="file2" dev="loop1" ino=1048631 res=0 errno=0 [ 581.413678][ T30] audit: type=1800 audit(1751833648.923:62): pid=8057 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.397" name="file2" dev="loop1" ino=1048631 res=0 errno=0 [ 582.237935][ T8076] netlink: 4 bytes leftover after parsing attributes in process `syz.9.399'. [ 583.062661][ T8082] mac80211_hwsim hwsim26 wlan1: entered allmulticast mode [ 583.150536][ T7846] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 583.374000][ T8086] loop2: detected capacity change from 0 to 512 [ 583.622279][ T7846] veth0_vlan: entered promiscuous mode [ 583.648018][ T8086] Quota error (device loop2): find_tree_dqentry: Cycle in quota tree detected: block 3 index 0 [ 583.659163][ T8086] Quota error (device loop2): qtree_read_dquot: Can't read quota structure for id 0 [ 583.669037][ T8086] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.404: Failed to acquire dquot type 1 [ 583.719779][ T7846] veth1_vlan: entered promiscuous mode [ 583.721361][ T8086] EXT4-fs (loop2): 1 truncate cleaned up [ 583.734025][ T8086] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 583.748242][ T8086] ext4 filesystem being mounted at /43/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 584.011127][ T7846] veth0_macvtap: entered promiscuous mode [ 584.048696][ T7846] veth1_macvtap: entered promiscuous mode [ 584.218156][ T7846] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 584.333202][ T7846] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 584.399130][ T6860] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 584.434353][ T7846] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 584.443788][ T7846] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 584.454079][ T7846] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 584.464288][ T7846] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 587.435900][ T30] audit: type=1326 audit(1751833655.133:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8106 comm="syz.9.408" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f044fd8e929 code=0x0 [ 588.480106][ T1292] ieee802154 phy0 wpan0: encryption failed: -22 [ 588.487239][ T1292] ieee802154 phy1 wpan1: encryption failed: -22 [ 589.249847][ T8121] loop2: detected capacity change from 0 to 47 [ 592.393520][ T8148] loop8: detected capacity change from 0 to 512 [ 592.654013][ T8148] Quota error (device loop8): find_tree_dqentry: Cycle in quota tree detected: block 3 index 0 [ 592.665396][ T8148] Quota error (device loop8): qtree_read_dquot: Can't read quota structure for id 0 [ 592.675859][ T8148] EXT4-fs error (device loop8): ext4_acquire_dquot:6933: comm syz.8.416: Failed to acquire dquot type 1 [ 592.896007][ T8148] EXT4-fs (loop8): 1 truncate cleaned up [ 592.962179][ T8148] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 592.975882][ T8148] ext4 filesystem being mounted at /51/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 593.882020][ T8157] loop2: detected capacity change from 0 to 4096 [ 593.982947][ T8157] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512). [ 594.249814][ T6805] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 594.373836][ T8157] ntfs3(loop2): ino=1a, mi_enum_attr [ 594.380201][ T8157] ntfs3(loop2): Mark volume as dirty due to NTFS errors [ 594.876643][ T8157] ntfs3(loop2): ino=1e, "file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" ntfs_sync_inode failed, -22. [ 596.361519][ T7633] ntfs3(loop2): ino=1e, ntfs3_write_inode failed, -22. [ 602.076884][ T7626] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 602.085068][ T7626] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 602.368217][ T5869] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 602.647601][ T5869] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 602.659242][ T5869] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 24623, setting to 1024 [ 602.671010][ T5869] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1024 [ 602.681484][ T5869] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 602.690867][ T5869] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 602.791005][ T3735] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 602.799329][ T3735] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 603.037971][ T8199] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 603.230558][ T5869] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 603.892656][ T5869] usb 3-1: USB disconnect, device number 9 [ 604.144855][ T8212] loop1: detected capacity change from 0 to 512 [ 604.525807][ T8212] Quota error (device loop1): find_tree_dqentry: Cycle in quota tree detected: block 3 index 0 [ 604.538790][ T8212] Quota error (device loop1): qtree_read_dquot: Can't read quota structure for id 0 [ 604.548919][ T8212] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.428: Failed to acquire dquot type 1 [ 604.648722][ T8212] EXT4-fs (loop1): 1 truncate cleaned up [ 604.656881][ T8212] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 604.670873][ T8212] ext4 filesystem being mounted at /61/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 605.834470][ T8215] loop9: detected capacity change from 0 to 4096 [ 605.940863][ T8215] ntfs3(loop9): Different NTFS sector size (1024) and media sector size (512). [ 606.261807][ T5818] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 606.289126][ T5818] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 606.301505][ T5818] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 606.331319][ T5818] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 606.334259][ T6938] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 606.360256][ T5818] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 606.589515][ T8215] ntfs3(loop9): ino=1a, mi_enum_attr [ 606.595114][ T8215] ntfs3(loop9): Mark volume as dirty due to NTFS errors [ 607.181024][ T8215] ntfs3(loop9): ino=1e, "file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" ntfs_sync_inode failed, -22. [ 608.477530][ T49] Bluetooth: hci2: command tx timeout [ 608.639295][ T7617] ntfs3(loop9): ino=1e, ntfs3_write_inode failed, -22. [ 609.547319][ T8226] chnl_net:caif_netlink_parms(): no params data found [ 610.169079][ T8244] loop9: detected capacity change from 0 to 4096 [ 610.448729][ T8254] NILFS (loop9): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 610.537704][ T49] Bluetooth: hci2: command tx timeout [ 611.074996][ T5869] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 611.218531][ T5869] hid-generic 0000:0000:0000.0004: hidraw0: HID v0.00 Device [syz1] on syz0 [ 611.306329][ T8261] loop8: detected capacity change from 0 to 1024 [ 611.479743][ T8261] EXT4-fs: Ignoring removed nomblk_io_submit option [ 611.612880][ T8261] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 612.041911][ T8261] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 612.269280][ T7617] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 612.698979][ T49] Bluetooth: hci2: command tx timeout [ 613.106372][ T7617] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 613.259269][ T8263] fido_id[8263]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 613.793865][ T6805] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 614.112226][ T7617] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 614.287844][ T8226] bridge0: port 1(bridge_slave_0) entered blocking state [ 614.288200][ T8226] bridge0: port 1(bridge_slave_0) entered disabled state [ 614.288752][ T8226] bridge_slave_0: entered allmulticast mode [ 614.319118][ T8226] bridge_slave_0: entered promiscuous mode [ 614.341818][ T8281] loop8: detected capacity change from 0 to 512 [ 614.476076][ T7617] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 614.541895][ T8226] bridge0: port 2(bridge_slave_1) entered blocking state [ 614.542254][ T8226] bridge0: port 2(bridge_slave_1) entered disabled state [ 614.542902][ T8226] bridge_slave_1: entered allmulticast mode [ 614.546013][ T8226] bridge_slave_1: entered promiscuous mode [ 614.556947][ T8281] Quota error (device loop8): find_tree_dqentry: Cycle in quota tree detected: block 3 index 0 [ 614.557408][ T8281] Quota error (device loop8): qtree_read_dquot: Can't read quota structure for id 0 [ 614.557511][ T8281] EXT4-fs error (device loop8): ext4_acquire_dquot:6933: comm syz.8.441: Failed to acquire dquot type 1 [ 614.654135][ T8281] EXT4-fs (loop8): 1 truncate cleaned up [ 614.656347][ T8281] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 614.657814][ T8281] ext4 filesystem being mounted at /58/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 614.759094][ T49] Bluetooth: hci2: command tx timeout [ 615.223548][ T8226] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 615.338043][ T8226] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 615.395808][ T6805] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 615.858848][ T8289] loop9: detected capacity change from 0 to 4096 [ 615.892142][ T8226] team0: Port device team_slave_0 added [ 615.907636][ T7617] bridge_slave_1: left allmulticast mode [ 615.913529][ T7617] bridge_slave_1: left promiscuous mode [ 615.921336][ T7617] bridge0: port 2(bridge_slave_1) entered disabled state [ 615.959362][ T8289] ntfs3(loop9): Different NTFS sector size (1024) and media sector size (512). [ 616.032200][ T7617] bridge_slave_0: left allmulticast mode [ 616.038732][ T7617] bridge_slave_0: left promiscuous mode [ 616.045247][ T7617] bridge0: port 1(bridge_slave_0) entered disabled state [ 620.061462][ T8289] ntfs3(loop9): Failed to read $UpCase (-4). [ 620.679097][ T7617] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 620.748324][ T7617] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 620.823621][ T7617] bond0 (unregistering): Released all slaves [ 620.960974][ T8226] team0: Port device team_slave_1 added [ 623.161167][ T2231] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 623.201840][ T2231] hid-generic 0000:0000:0000.0005: hidraw0: HID v0.00 Device [syz1] on syz0 [ 623.255068][ T8226] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 623.262661][ T8226] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 623.289436][ T8226] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 623.291491][ T8318] loop2: detected capacity change from 0 to 1024 [ 623.723383][ T8226] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 623.734203][ T8226] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 623.762325][ T8226] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 623.850907][ T8321] netlink: 'syz.9.452': attribute type 10 has an invalid length. [ 623.859157][ T8321] netlink: 40 bytes leftover after parsing attributes in process `syz.9.452'. [ 623.884288][ T8321] team0: Port device netdevsim1 added [ 623.928843][ T8318] EXT4-fs: Ignoring removed nomblk_io_submit option [ 623.989548][ T8318] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 624.162656][ T8318] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 624.933208][ T8339] loop8: detected capacity change from 0 to 512 [ 624.947541][ T8326] fido_id[8326]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 625.118968][ T7617] hsr_slave_0: left promiscuous mode [ 625.169685][ T7617] hsr_slave_1: left promiscuous mode [ 625.173104][ T8339] Quota error (device loop8): find_tree_dqentry: Cycle in quota tree detected: block 3 index 0 [ 625.178441][ T7617] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 625.187282][ T8339] Quota error (device loop8): qtree_read_dquot: Can't read quota structure for id 0 [ 625.193253][ T7617] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 625.219428][ T8339] EXT4-fs error (device loop8): ext4_acquire_dquot:6933: comm syz.8.454: Failed to acquire dquot type 1 [ 625.276578][ T6860] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 625.276933][ T7617] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 625.293731][ T7617] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 625.352740][ T8339] EXT4-fs (loop8): 1 truncate cleaned up [ 625.360882][ T8339] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 625.375855][ T8339] ext4 filesystem being mounted at /60/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 625.424693][ T7617] veth1_macvtap: left promiscuous mode [ 625.430622][ T7617] veth0_macvtap: left promiscuous mode [ 625.436669][ T7617] veth1_vlan: left promiscuous mode [ 625.442258][ T7617] veth0_vlan: left promiscuous mode [ 626.244745][ T6805] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 626.736925][ T7617] team0 (unregistering): Port device team_slave_1 removed [ 626.793970][ T7617] team0 (unregistering): Port device team_slave_0 removed [ 627.231033][ T8226] hsr_slave_0: entered promiscuous mode [ 627.240971][ T8226] hsr_slave_1: entered promiscuous mode [ 627.249525][ T8226] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 627.257399][ T8226] Cannot create hsr debugfs directory [ 627.769198][ T8356] loop8: detected capacity change from 0 to 4096 [ 627.868285][ T8356] ntfs3(loop8): Different NTFS sector size (1024) and media sector size (512). [ 628.371223][ T8356] ntfs3(loop8): ino=1a, mi_enum_attr [ 628.377260][ T8356] ntfs3(loop8): Mark volume as dirty due to NTFS errors [ 628.572901][ T8369] binder: 8368:8369 ioctl 4018620d 0 returned -22 [ 633.223819][ T7626] ntfs3(loop8): ino=1e, ntfs3_write_inode failed, -22. [ 634.509875][ T8380] loop8: detected capacity change from 0 to 512 [ 634.552820][ T8226] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 634.712461][ T8380] Quota error (device loop8): find_tree_dqentry: Cycle in quota tree detected: block 3 index 0 [ 634.716899][ T8226] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 634.723533][ T8380] Quota error (device loop8): qtree_read_dquot: Can't read quota structure for id 0 [ 634.740704][ T8380] EXT4-fs error (device loop8): ext4_acquire_dquot:6933: comm syz.8.467: Failed to acquire dquot type 1 [ 634.895601][ T8226] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 634.913168][ T8380] EXT4-fs (loop8): 1 truncate cleaned up [ 634.922124][ T8380] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 634.935458][ T8380] ext4 filesystem being mounted at /62/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 635.003494][ T8226] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 635.511184][ T8380] overlayfs: failed to resolve './file1': -2 [ 636.860573][ T8226] 8021q: adding VLAN 0 to HW filter on device bond0 [ 636.949287][ T6805] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 637.203518][ T8226] 8021q: adding VLAN 0 to HW filter on device team0 [ 637.307921][ T7640] bridge0: port 1(bridge_slave_0) entered blocking state [ 637.315569][ T7640] bridge0: port 1(bridge_slave_0) entered forwarding state [ 637.530499][ T7640] bridge0: port 2(bridge_slave_1) entered blocking state [ 637.538197][ T7640] bridge0: port 2(bridge_slave_1) entered forwarding state [ 637.778446][ T8397] trusted_key: syz.8.472 sent an empty control message without MSG_MORE. [ 638.690833][ T8226] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 642.994957][ T8409] loop1: detected capacity change from 0 to 4096 [ 643.043072][ T8409] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [ 644.239686][ T8425] loop9: detected capacity change from 0 to 512 [ 644.524435][ T8409] ntfs3(loop1): ino=1a, mi_enum_attr [ 644.530302][ T8409] ntfs3(loop1): Mark volume as dirty due to NTFS errors [ 644.570256][ T8226] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 644.697071][ T8425] Quota error (device loop9): find_tree_dqentry: Cycle in quota tree detected: block 3 index 0 [ 644.708622][ T8425] Quota error (device loop9): qtree_read_dquot: Can't read quota structure for id 0 [ 644.719102][ T8425] EXT4-fs error (device loop9): ext4_acquire_dquot:6933: comm syz.9.481: Failed to acquire dquot type 1 [ 644.847481][ T8425] EXT4-fs (loop9): 1 truncate cleaned up [ 644.855686][ T8425] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 644.869241][ T8425] ext4 filesystem being mounted at /68/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 645.179063][ T8425] overlayfs: failed to resolve './file1': -2 [ 645.485433][ T8226] veth0_vlan: entered promiscuous mode [ 645.575800][ T3987] ntfs3(loop1): ino=1e, ntfs3_write_inode failed, -22. [ 645.626906][ T8437] loop2: detected capacity change from 0 to 1024 [ 645.732873][ T8226] veth1_vlan: entered promiscuous mode [ 645.819799][ T6852] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 645.873020][ T8437] hfsplus: invalid attributes max_key_len 1024 [ 645.923524][ T8437] hfsplus: failed to load attributes file [ 646.123085][ T8226] veth0_macvtap: entered promiscuous mode [ 646.269211][ T8226] veth1_macvtap: entered promiscuous mode [ 646.781307][ T8226] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 647.149195][ T8226] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 647.373907][ T8226] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 647.386302][ T8226] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 647.396308][ T8226] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 647.406262][ T8226] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 649.510875][ T1292] ieee802154 phy0 wpan0: encryption failed: -22 [ 649.517795][ T1292] ieee802154 phy1 wpan1: encryption failed: -22 [ 650.732054][ T8454] syz.8.488 (8454) used greatest stack depth: 2472 bytes left [ 651.574866][ T8477] loop2: detected capacity change from 0 to 512 [ 651.813206][ T8477] Quota error (device loop2): find_tree_dqentry: Cycle in quota tree detected: block 3 index 0 [ 651.824735][ T8477] Quota error (device loop2): qtree_read_dquot: Can't read quota structure for id 0 [ 651.835074][ T8477] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.495: Failed to acquire dquot type 1 [ 651.904522][ T8477] EXT4-fs (loop2): 1 truncate cleaned up [ 651.913961][ T8477] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 651.928977][ T8477] ext4 filesystem being mounted at /67/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 651.970437][ T8470] loop1: detected capacity change from 0 to 4096 [ 652.028274][ T8477] overlayfs: failed to resolve './file1': -2 [ 652.107839][ T8470] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [ 652.311264][ T6860] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 652.411112][ T8483] loop9: detected capacity change from 0 to 2048 [ 652.508598][ T8470] ntfs3(loop1): ino=1a, mi_enum_attr [ 652.514203][ T8470] ntfs3(loop1): Mark volume as dirty due to NTFS errors [ 652.537770][ T8483] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 652.658319][ T30] audit: type=1800 audit(1751833720.343:64): pid=8483 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.9.496" name="file1" dev="loop9" ino=1415 res=0 errno=0 [ 652.812597][ T8489] 9pnet_fd: Insufficient options for proto=fd [ 653.388561][ T7633] ntfs3(loop1): ino=1e, ntfs3_write_inode failed, -22. [ 655.705771][ T8509] ieee802154 phy0 wpan0: encryption failed: -22 [ 658.752884][ T8536] overlayfs: failed to resolve './file0': -2 [ 660.742662][ T8550] 9pnet_fd: Insufficient options for proto=fd [ 661.896886][ T2231] usb 3-1: new full-speed USB device number 10 using dummy_hcd [ 662.730361][ T2231] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 662.739673][ T2231] usb 3-1: config 0 has no interface number 0 [ 662.748748][ T2231] usb 3-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 662.759321][ T2231] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 663.437698][ T8565] 9pnet_virtio: no channels available for device 127.0.0.1 [ 663.458487][ T8556] loop1: detected capacity change from 0 to 4096 [ 663.527554][ T2231] usb 3-1: config 0 descriptor?? [ 663.577714][ T8556] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [ 663.601050][ T2231] usb 3-1: selecting invalid altsetting 1 [ 663.607771][ T2231] dvb_ttusb_budget: ttusb_init_controller: error [ 663.614297][ T2231] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 663.957449][ T8556] ntfs3(loop1): ino=1a, mi_enum_attr [ 663.963213][ T8556] ntfs3(loop1): Mark volume as dirty due to NTFS errors [ 664.344210][ T2231] DVB: Unable to find symbol cx22700_attach() [ 664.533120][ T7626] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 664.541393][ T7626] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 664.782000][ T7633] ntfs3(loop1): ino=1e, ntfs3_write_inode failed, -22. [ 664.908328][ T2231] DVB: Unable to find symbol tda10046_attach() [ 664.914730][ T2231] dvb_ttusb_budget: no frontend driver found for device [0b48:1005] [ 665.034708][ T2231] usb 3-1: USB disconnect, device number 10 [ 665.119630][ T8586] overlayfs: failed to resolve './file0': -2 [ 666.910898][ T5818] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 666.921568][ T5818] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 666.943630][ T5818] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 666.971503][ T5818] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 667.007657][ T5818] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 667.272441][ T8600] loop1: detected capacity change from 0 to 512 [ 667.739333][ T8606] 9pnet_fd: Insufficient options for proto=fd [ 667.884103][ T8600] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 667.897619][ T8600] ext4 filesystem being mounted at /83/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 668.098713][ T8613] cgroup: subsys name conflicts with all [ 668.309279][ T8615] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 669.077583][ T5818] Bluetooth: hci0: command tx timeout [ 670.619268][ T6938] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 670.851110][ T8616] loop8: detected capacity change from 0 to 4096 [ 670.957937][ T8597] chnl_net:caif_netlink_parms(): no params data found [ 671.066985][ T8616] ntfs3(loop8): Different NTFS sector size (1024) and media sector size (512). [ 671.158223][ T5818] Bluetooth: hci0: command tx timeout [ 671.571871][ T8616] ntfs3(loop8): Failed to read $UpCase (-4). [ 673.234994][ T8634] overlayfs: failed to resolve './file0': -2 [ 673.266833][ T5818] Bluetooth: hci0: command tx timeout [ 673.599116][ T8637] netlink: 8 bytes leftover after parsing attributes in process `syz.1.531'. [ 673.747750][ T7626] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 674.275762][ T7626] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 674.357118][ T8597] bridge0: port 1(bridge_slave_0) entered blocking state [ 674.364748][ T8597] bridge0: port 1(bridge_slave_0) entered disabled state [ 674.372852][ T8597] bridge_slave_0: entered allmulticast mode [ 674.382908][ T8597] bridge_slave_0: entered promiscuous mode [ 674.477110][ T7626] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 674.576816][ T8597] bridge0: port 2(bridge_slave_1) entered blocking state [ 674.584407][ T8597] bridge0: port 2(bridge_slave_1) entered disabled state [ 674.592555][ T8597] bridge_slave_1: entered allmulticast mode [ 674.698810][ T8597] bridge_slave_1: entered promiscuous mode [ 674.781618][ T7626] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 675.122460][ T8658] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 675.298029][ T8597] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 675.326658][ T5818] Bluetooth: hci0: command tx timeout [ 675.383480][ T8597] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 675.862580][ T8597] team0: Port device team_slave_0 added [ 675.883977][ T8666] loop2: detected capacity change from 0 to 2048 [ 675.901864][ T8597] team0: Port device team_slave_1 added [ 676.022789][ T8672] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 676.159834][ T8670] loop8: detected capacity change from 0 to 512 [ 676.171085][ T7626] bridge_slave_1: left allmulticast mode [ 676.178693][ T8672] NILFS (loop2): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3) [ 676.178805][ T7626] bridge_slave_1: left promiscuous mode [ 676.189800][ T8672] NILFS error (device loop2): nilfs_bmap_propagate: broken bmap (inode number=4) [ 676.196070][ T7626] bridge0: port 2(bridge_slave_1) entered disabled state [ 676.266148][ T7626] bridge_slave_0: left allmulticast mode [ 676.272400][ T7626] bridge_slave_0: left promiscuous mode [ 676.279194][ T7626] bridge0: port 1(bridge_slave_0) entered disabled state [ 676.349347][ T8663] loop9: detected capacity change from 0 to 4096 [ 676.429419][ T8672] Remounting filesystem read-only [ 676.563676][ T8663] ntfs3(loop9): Different NTFS sector size (1024) and media sector size (512). [ 676.798028][ T8670] Quota error (device loop8): find_tree_dqentry: Cycle in quota tree detected: block 3 index 0 [ 676.808991][ T8670] Quota error (device loop8): qtree_read_dquot: Can't read quota structure for id 0 [ 676.818760][ T8670] EXT4-fs error (device loop8): ext4_acquire_dquot:6933: comm syz.8.542: Failed to acquire dquot type 1 [ 676.900922][ T7626] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 676.936176][ T7626] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 676.959696][ T8670] EXT4-fs (loop8): 1 truncate cleaned up [ 676.992888][ T8670] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 677.007399][ T8670] ext4 filesystem being mounted at /81/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 677.037420][ T7626] bond0 (unregistering): Released all slaves [ 677.184903][ T8663] ntfs3(loop9): ino=1a, mi_enum_attr [ 677.191784][ T8663] ntfs3(loop9): Mark volume as dirty due to NTFS errors [ 677.229164][ T8670] overlayfs: failed to resolve './file1': -2 [ 677.272139][ T5869] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 677.339391][ T8597] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 677.347222][ T8597] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 677.373845][ T8597] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 677.545260][ T5869] usb 2-1: New USB device found, idVendor=04fc, idProduct=504a, bcdDevice=43.02 [ 677.555134][ T5869] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 677.563631][ T5869] usb 2-1: Product: syz [ 677.568147][ T5869] usb 2-1: Manufacturer: syz [ 677.572975][ T5869] usb 2-1: SerialNumber: syz [ 677.648639][ T5869] usb 2-1: config 0 descriptor?? [ 677.680177][ T5869] gspca_main: sunplus-2.14.0 probing 04fc:504a [ 677.691028][ T6805] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 677.768049][ T8597] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 677.775423][ T8597] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 677.805267][ T8597] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 677.860264][ T7619] ntfs3(loop9): ino=1e, ntfs3_write_inode failed, -22. [ 678.394361][ T7626] hsr_slave_0: left promiscuous mode [ 678.435231][ T7626] hsr_slave_1: left promiscuous mode [ 678.443498][ T7626] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 678.451506][ T7626] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 678.569680][ T7626] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 678.577825][ T7626] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 678.698650][ T5869] gspca_sunplus: reg_w_riv err -71 [ 678.704291][ T5869] sunplus 2-1:0.0: probe with driver sunplus failed with error -71 [ 678.751641][ T5869] usb 2-1: USB disconnect, device number 3 [ 678.765747][ T7626] veth1_macvtap: left promiscuous mode [ 678.771678][ T7626] veth0_macvtap: left promiscuous mode [ 678.777829][ T7626] veth1_vlan: left promiscuous mode [ 678.783398][ T7626] veth0_vlan: left promiscuous mode [ 680.392435][ T8712] loop8: detected capacity change from 0 to 128 [ 680.453820][ T8712] FAT-fs (loop8): Invalid FSINFO signature: 0x41615252, 0x00067272 (sector = 1) [ 680.640925][ T8716] overlayfs: failed to resolve './file0': -2 [ 680.914168][ T7626] team0 (unregistering): Port device team_slave_1 removed [ 680.973135][ T7626] team0 (unregistering): Port device team_slave_0 removed [ 681.456254][ T8718] loop1: detected capacity change from 0 to 4096 [ 681.547016][ T8718] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [ 681.781253][ T8597] hsr_slave_0: entered promiscuous mode [ 681.793851][ T8597] hsr_slave_1: entered promiscuous mode [ 681.802782][ T8597] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 681.810700][ T8597] Cannot create hsr debugfs directory [ 681.841711][ T8710] netlink: 16 bytes leftover after parsing attributes in process `syz.9.552'. [ 682.148016][ T8718] ntfs3(loop1): ino=1a, mi_enum_attr [ 682.153619][ T8718] ntfs3(loop1): Mark volume as dirty due to NTFS errors [ 682.697416][ T7633] ntfs3(loop1): ino=1e, ntfs3_write_inode failed, -22. [ 682.873028][ T8735] bridge_slave_0: left allmulticast mode [ 682.880711][ T8735] bridge_slave_0: left promiscuous mode [ 682.887582][ T8735] bridge0: port 1(bridge_slave_0) entered disabled state [ 682.962915][ T8735] bridge_slave_1: left allmulticast mode [ 682.969094][ T8735] bridge_slave_1: left promiscuous mode [ 682.975723][ T8735] bridge0: port 2(bridge_slave_1) entered disabled state [ 683.043742][ T8735] bond0: (slave bond_slave_0): Releasing backup interface [ 683.092329][ T8735] bond0: (slave bond_slave_1): Releasing backup interface [ 683.132687][ T8735] team0: Port device team_slave_0 removed [ 683.180932][ T8735] team0: Port device team_slave_1 removed [ 683.191702][ T8735] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 683.199752][ T8735] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 683.214759][ T8735] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 683.225482][ T8735] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 684.545529][ T8753] loop1: detected capacity change from 0 to 512 [ 684.596574][ T8597] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 684.682556][ T8597] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 684.747785][ T8753] Quota error (device loop1): find_tree_dqentry: Cycle in quota tree detected: block 3 index 0 [ 684.761946][ T8753] Quota error (device loop1): qtree_read_dquot: Can't read quota structure for id 0 [ 684.772586][ T8753] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.566: Failed to acquire dquot type 1 [ 684.823712][ T8597] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 684.879682][ T8597] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 684.905991][ T8753] EXT4-fs (loop1): 1 truncate cleaned up [ 684.914063][ T8753] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 684.927908][ T8753] ext4 filesystem being mounted at /93/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 685.095322][ T8753] overlayfs: failed to resolve './file1': -2 [ 685.559509][ T6938] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 686.282947][ T8597] 8021q: adding VLAN 0 to HW filter on device bond0 [ 686.522166][ T8597] 8021q: adding VLAN 0 to HW filter on device team0 [ 686.635322][ T7633] bridge0: port 1(bridge_slave_0) entered blocking state [ 686.643008][ T7633] bridge0: port 1(bridge_slave_0) entered forwarding state [ 686.800468][ T7633] bridge0: port 2(bridge_slave_1) entered blocking state [ 686.808100][ T7633] bridge0: port 2(bridge_slave_1) entered forwarding state [ 688.529757][ T8597] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 688.580979][ T8803] loop1: detected capacity change from 0 to 512 [ 688.702188][ T8803] Quota error (device loop1): find_tree_dqentry: Cycle in quota tree detected: block 3 index 0 [ 688.714232][ T8803] Quota error (device loop1): qtree_read_dquot: Can't read quota structure for id 0 [ 688.724102][ T8803] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.581: Failed to acquire dquot type 1 [ 688.851024][ T8803] EXT4-fs (loop1): 1 truncate cleaned up [ 688.861857][ T8803] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 688.876300][ T8803] ext4 filesystem being mounted at /96/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 688.995939][ T8597] veth0_vlan: entered promiscuous mode [ 689.080995][ T8597] veth1_vlan: entered promiscuous mode [ 689.222491][ T6938] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 689.372798][ T8597] veth0_macvtap: entered promiscuous mode [ 689.423145][ T8597] veth1_macvtap: entered promiscuous mode [ 689.552732][ T8597] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 689.643431][ T8597] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 689.714990][ T8597] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 689.725676][ T8597] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 689.734841][ T8597] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 689.744023][ T8597] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 690.896278][ T5818] Bluetooth: hci1: ACL packet for unknown connection handle 201 [ 690.963794][ T8837] loop8: detected capacity change from 0 to 512 [ 691.078508][ T8837] Quota error (device loop8): find_tree_dqentry: Cycle in quota tree detected: block 3 index 0 [ 691.090486][ T8837] Quota error (device loop8): qtree_read_dquot: Can't read quota structure for id 0 [ 691.100350][ T8837] EXT4-fs error (device loop8): ext4_acquire_dquot:6933: comm syz.8.594: Failed to acquire dquot type 1 [ 691.153072][ T8837] EXT4-fs (loop8): 1 truncate cleaned up [ 691.161537][ T8837] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 691.174675][ T8837] ext4 filesystem being mounted at /94/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 691.526171][ T6805] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 691.733054][ T8845] loop1: detected capacity change from 0 to 4096 [ 691.839246][ T8856] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 692.424750][ T5869] usb 2-1: new full-speed USB device number 4 using dummy_hcd [ 692.871168][ T8861] netlink: 'syz.9.600': attribute type 12 has an invalid length. [ 692.898653][ T5869] usb 2-1: config 0 has an invalid interface number: 77 but max is 0 [ 692.907187][ T5869] usb 2-1: config 0 has no interface number 0 [ 692.913516][ T5869] usb 2-1: config 0 interface 77 altsetting 1 endpoint 0x2 has invalid maxpacket 544, setting to 64 [ 692.925512][ T5869] usb 2-1: config 0 interface 77 has no altsetting 0 [ 692.962717][ T5818] Bluetooth: hci1: Malformed LE Event: 0x0d [ 694.387648][ T5869] usb 2-1: New USB device found, idVendor=11ff, idProduct=9d64, bcdDevice=33.bd [ 694.397999][ T5869] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 694.406259][ T5869] usb 2-1: Product: syz [ 694.410815][ T5869] usb 2-1: Manufacturer: syz [ 694.415632][ T5869] usb 2-1: SerialNumber: syz [ 695.086600][ T5869] usb 2-1: config 0 descriptor?? [ 695.106815][ T8859] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 700.250676][ T5869] usb 2-1: USB disconnect, device number 4 [ 700.308173][ T8878] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 700.853622][ T8883] loop8: detected capacity change from 0 to 1024 [ 702.253350][ T3735] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 702.261760][ T3735] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 702.368658][ T3830] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 702.380160][ T3830] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 703.062155][ T8913] loop9: detected capacity change from 0 to 512 [ 703.206979][ T5876] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 703.250976][ T8913] Quota error (device loop9): find_tree_dqentry: Cycle in quota tree detected: block 3 index 0 [ 703.262148][ T8913] Quota error (device loop9): qtree_read_dquot: Can't read quota structure for id 0 [ 703.272111][ T8913] EXT4-fs error (device loop9): ext4_acquire_dquot:6933: comm syz.9.618: Failed to acquire dquot type 1 [ 703.311736][ T8913] EXT4-fs (loop9): 1 truncate cleaned up [ 703.319828][ T8913] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 703.336174][ T8913] ext4 filesystem being mounted at /100/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 703.446219][ T8922] loop3: detected capacity change from 0 to 128 [ 703.473111][ T5876] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 703.484026][ T5876] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 703.508653][ T5876] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 703.518346][ T5876] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 703.526956][ T5876] usb 2-1: SerialNumber: syz [ 703.536942][ T8922] ufs: ufs_fill_super(): fragment size 3263967611 is not a power of 2 [ 703.579405][ T8919] EXT4-fs error (device loop9): ext4_validate_block_bitmap:441: comm ext4lazyinit: bg 0: block 248: padding at end of block bitmap is not set [ 703.753449][ T8922] loop3: detected capacity change from 0 to 16 [ 703.801358][ T5876] usb 2-1: 0:2 : does not exist [ 703.804736][ T8922] erofs: Unknown parameter 'T [ 703.804736][ T8922] NOTRACK [ 703.804736][ T8922] CONNSECMARK [ 703.804736][ T8922] CLASSIFY [ 703.804736][ T8922] CHECKSUM [ 703.804736][ T8922] DNAT [ 703.804736][ T8922] SNAT [ 703.804736][ T8922] SET [ 703.804736][ T8922] SET [ 703.804736][ T8922] SET [ 703.804736][ T8922] SET [ 703.804736][ T8922] CONNMARK [ 703.804736][ T8922] CONNMARK [ 703.804736][ T8922] MARK [ 703.804736][ T8922] %[-# [ 703.804736][ T8922] ptc3;{7?|0|8G|4|<'|2|:g|6|>|1|9W|5|' [ 703.886871][ T6852] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 703.972553][ T5876] usb 2-1: USB disconnect, device number 5 [ 704.709398][ T8922] loop3: detected capacity change from 0 to 32768 [ 704.725764][ T8922] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.622 (8922) [ 704.753340][ T8922] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 704.764928][ T8922] BTRFS info (device loop3): using sha256 (sha256-x86_64) checksum algorithm [ 704.776174][ T8922] BTRFS info (device loop3): disk space caching is enabled [ 704.783785][ T8922] BTRFS warning (device loop3): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 704.970738][ T7624] BTRFS error (device loop3): bad fsid on logical 5337088 mirror 1 [ 704.979576][ T8922] BTRFS error (device loop3): failed to load root extent [ 705.001768][ T8922] BTRFS error (device loop3): open_ctree failed: -5 [ 705.620810][ T8957] loop1: detected capacity change from 0 to 64 [ 706.005537][ T8965] loop9: detected capacity change from 0 to 512 [ 706.130032][ T8960] loop3: detected capacity change from 0 to 4096 [ 706.159313][ T8960] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512). [ 706.205696][ T8965] Quota error (device loop9): find_tree_dqentry: Cycle in quota tree detected: block 3 index 0 [ 706.217252][ T8965] Quota error (device loop9): qtree_read_dquot: Can't read quota structure for id 0 [ 706.227131][ T8965] EXT4-fs error (device loop9): ext4_acquire_dquot:6933: comm syz.9.635: Failed to acquire dquot type 1 [ 706.291995][ T8965] EXT4-fs (loop9): 1 truncate cleaned up [ 706.300430][ T8965] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 706.313630][ T8965] ext4 filesystem being mounted at /103/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 706.361298][ T8960] ntfs3(loop3): ino=1a, mi_enum_attr [ 706.369085][ T8960] ntfs3(loop3): Mark volume as dirty due to NTFS errors [ 706.553622][ T6852] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 706.631581][ T8978] loop8: detected capacity change from 0 to 256 [ 706.731522][ T8980] loop9: detected capacity change from 0 to 512 [ 706.745628][ T8980] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 706.759333][ T8980] EXT4-fs (loop9): encrypted files will use data=ordered instead of data journaling mode [ 706.778538][ T7617] ntfs3(loop3): ino=1e, ntfs3_write_inode failed, -22. [ 706.817463][ T8980] EXT4-fs warning (device loop9): ext4_expand_extra_isize_ea:2848: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 706.851495][ T8980] EXT4-fs (loop9): 1 truncate cleaned up [ 706.859439][ T8980] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 706.893539][ T8978] exFAT-fs (loop8): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x89cb6648, utbl_chksum : 0xe619d30d) [ 707.267533][ T6852] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 707.752285][ T5876] usb 9-1: new high-speed USB device number 3 using dummy_hcd [ 707.859715][ T9004] netlink: 8 bytes leftover after parsing attributes in process `syz.1.650'. [ 707.950782][ T5876] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 707.963296][ T5876] usb 9-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 707.973343][ T5876] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 708.017648][ T5876] usb 9-1: config 0 descriptor?? [ 708.584211][ T9007] loop3: detected capacity change from 0 to 512 [ 709.060016][ T5876] keytouch 0003:0926:3333.0006: fixing up Keytouch IEC report descriptor [ 709.121495][ T5876] input: HID 0926:3333 as /devices/platform/dummy_hcd.8/usb9/9-1/9-1:0.0/0003:0926:3333.0006/input/input8 [ 709.644449][ T9007] Quota error (device loop3): find_tree_dqentry: Cycle in quota tree detected: block 3 index 0 [ 709.657368][ T9007] Quota error (device loop3): qtree_read_dquot: Can't read quota structure for id 0 [ 709.673081][ T9007] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.651: Failed to acquire dquot type 1 [ 709.716842][ T5876] keytouch 0003:0926:3333.0006: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.8-1/input0 [ 709.734268][ T9007] EXT4-fs (loop3): 1 truncate cleaned up [ 709.737557][ T5876] usb 9-1: USB disconnect, device number 3 [ 709.742373][ T9007] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 709.764319][ T9007] ext4 filesystem being mounted at /6/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 710.251338][ T9020] loop1: detected capacity change from 0 to 256 [ 710.398770][ T8597] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 710.402440][ T9020] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x89cb6648, utbl_chksum : 0xe619d30d) [ 710.517169][ T30] audit: type=1800 audit(1751833778.193:65): pid=9020 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.656" name="file2" dev="loop1" ino=1048640 res=0 errno=0 [ 710.538704][ T30] audit: type=1800 audit(1751833778.203:66): pid=9020 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.656" name="file2" dev="loop1" ino=1048640 res=0 errno=0 [ 710.939724][ T1292] ieee802154 phy0 wpan0: encryption failed: -22 [ 711.366216][ T9037] netlink: 12 bytes leftover after parsing attributes in process `syz.3.664'. [ 711.871816][ T9047] loop1: detected capacity change from 0 to 512 [ 712.030540][ T9047] Quota error (device loop1): find_tree_dqentry: Cycle in quota tree detected: block 3 index 0 [ 712.042117][ T9047] Quota error (device loop1): qtree_read_dquot: Can't read quota structure for id 0 [ 712.051960][ T9047] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.668: Failed to acquire dquot type 1 [ 712.106924][ T9047] EXT4-fs (loop1): 1 truncate cleaned up [ 712.114765][ T9047] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 712.127999][ T9047] ext4 filesystem being mounted at /114/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 712.180670][ T30] audit: type=1800 audit(1751833779.883:67): pid=9055 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.671" name="file2" dev="tmpfs" ino=654 res=0 errno=0 [ 712.425413][ T9048] loop3: detected capacity change from 0 to 4096 [ 712.429533][ T9059] lo speed is unknown, defaulting to 1000 [ 712.438463][ T9059] lo speed is unknown, defaulting to 1000 [ 712.445374][ T9059] lo speed is unknown, defaulting to 1000 [ 712.468089][ T9059] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 712.497597][ T9048] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512). [ 712.503980][ T9059] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 712.579005][ T9059] lo speed is unknown, defaulting to 1000 [ 712.587937][ T9059] lo speed is unknown, defaulting to 1000 [ 712.596322][ T9059] lo speed is unknown, defaulting to 1000 [ 712.605953][ T9059] lo speed is unknown, defaulting to 1000 [ 712.618954][ T9059] lo speed is unknown, defaulting to 1000 [ 712.766151][ T9048] ntfs3(loop3): ino=1a, mi_enum_attr [ 712.772081][ T9048] ntfs3(loop3): Mark volume as dirty due to NTFS errors [ 712.823058][ T6938] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 713.148175][ T9072] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 713.168960][ T9074] netlink: 48 bytes leftover after parsing attributes in process `syz.9.678'. [ 713.178780][ T9074] (unnamed net_device) (uninitialized): option packets_per_slave: invalid value (18446744073709551615) [ 713.190322][ T9074] (unnamed net_device) (uninitialized): option packets_per_slave: allowed values 0 - 65535 [ 713.238487][ T7626] ntfs3(loop3): ino=1e, ntfs3_write_inode failed, -22. [ 714.206262][ T9093] loop8: detected capacity change from 0 to 512 [ 714.211808][ T9094] loop9: detected capacity change from 0 to 256 [ 714.303349][ T9094] exFAT-fs (loop9): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x89cb6648, utbl_chksum : 0xe619d30d) [ 714.318347][ T9093] Quota error (device loop8): find_tree_dqentry: Cycle in quota tree detected: block 3 index 0 [ 714.329529][ T9093] Quota error (device loop8): qtree_read_dquot: Can't read quota structure for id 0 [ 714.339478][ T9093] EXT4-fs error (device loop8): ext4_acquire_dquot:6933: comm syz.8.686: Failed to acquire dquot type 1 [ 714.426144][ T9093] EXT4-fs (loop8): 1 truncate cleaned up [ 714.434128][ T9093] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 714.447738][ T9093] ext4 filesystem being mounted at /117/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 714.519711][ T30] audit: type=1800 audit(1751833782.223:68): pid=9094 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.9.687" name="file2" dev="loop9" ino=1048641 res=0 errno=0 [ 714.770373][ T9053] EXT4-fs error (device loop8): ext4_validate_block_bitmap:441: comm ext4lazyinit: bg 0: block 248: padding at end of block bitmap is not set [ 715.081596][ T6805] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 715.141267][ T9109] loop9: detected capacity change from 0 to 64 [ 715.651434][ T9119] loop9: detected capacity change from 0 to 1024 [ 715.679154][ T9124] netlink: 4 bytes leftover after parsing attributes in process `syz.8.694'. [ 715.712201][ T9119] EXT4-fs (loop9): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 715.940020][ T9119] EXT4-fs error (device loop9): ext4_read_block_bitmap_nowait:483: comm syz.9.695: Invalid block bitmap block 0 in block_group 0 [ 716.101613][ T9119] EXT4-fs (loop9): Remounting filesystem read-only [ 716.167700][ T9119] __quota_error: 1 callbacks suppressed [ 716.167783][ T9119] Quota error (device loop9): write_blk: dquota write failed [ 716.183468][ T9119] Quota error (device loop9): qtree_write_dquot: Error -117 occurred while creating quota [ 716.195619][ T9119] EXT4-fs (loop9): 1 orphan inode deleted [ 716.209520][ T9119] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 717.004242][ T9135] netlink: 8 bytes leftover after parsing attributes in process `syz.8.701'. [ 717.178172][ T9138] loop3: detected capacity change from 0 to 512 [ 717.270879][ T9138] EXT4-fs: Ignoring removed i_version option [ 717.372375][ T9138] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 717.445968][ T30] audit: type=1326 audit(1751833785.143:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9137 comm="syz.3.700" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f82f098e929 code=0x7ffc0000 [ 717.454633][ T9145] loop8: detected capacity change from 0 to 512 [ 717.473371][ T30] audit: type=1326 audit(1751833785.183:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9137 comm="syz.3.700" exe="/root/syz-executor" sig=0 arch=c000003e syscall=428 compat=0 ip=0x7f82f098e929 code=0x7ffc0000 [ 717.497944][ T30] audit: type=1326 audit(1751833785.183:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9137 comm="syz.3.700" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f82f098e929 code=0x7ffc0000 [ 717.520723][ T30] audit: type=1326 audit(1751833785.183:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9137 comm="syz.3.700" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f82f098e929 code=0x7ffc0000 [ 717.546672][ T30] audit: type=1326 audit(1751833785.183:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9137 comm="syz.3.700" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f82f098e929 code=0x7ffc0000 [ 717.570989][ T30] audit: type=1326 audit(1751833785.183:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9137 comm="syz.3.700" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f82f098d197 code=0x7ffc0000 [ 717.593639][ T30] audit: type=1326 audit(1751833785.273:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9137 comm="syz.3.700" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f82f098e929 code=0x7ffc0000 [ 717.616289][ T30] audit: type=1326 audit(1751833785.273:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9137 comm="syz.3.700" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f82f098e929 code=0x7ffc0000 [ 717.685015][ T6852] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 717.705839][ T9145] EXT4-fs error (device loop8): ext4_acquire_dquot:6933: comm syz.8.704: Failed to acquire dquot type 1 [ 717.754253][ T8597] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 717.794390][ T9145] EXT4-fs (loop8): 1 truncate cleaned up [ 717.802536][ T9145] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 717.815740][ T9145] ext4 filesystem being mounted at /120/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 718.665810][ T6805] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 719.181955][ T9169] netlink: 'syz.9.712': attribute type 2 has an invalid length. [ 719.190586][ T9169] netlink: 'syz.9.712': attribute type 1 has an invalid length. [ 719.646819][ T5876] usb 9-1: new full-speed USB device number 4 using dummy_hcd [ 719.649632][ T9178] loop9: detected capacity change from 0 to 1024 [ 719.757003][ T9178] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 719.822286][ T5876] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 719.833708][ T5876] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 719.844050][ T5876] usb 9-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00 [ 719.853538][ T5876] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 719.866473][ T5876] usb 9-1: config 0 descriptor?? [ 720.249530][ T9189] loop3: detected capacity change from 0 to 512 [ 720.303830][ T5876] isku 0003:1E7D:319C.0007: unknown main item tag 0x0 [ 720.309082][ T6852] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 720.312884][ T5876] isku 0003:1E7D:319C.0007: unknown main item tag 0x0 [ 720.328086][ T5876] isku 0003:1E7D:319C.0007: unknown main item tag 0x0 [ 720.335181][ T5876] isku 0003:1E7D:319C.0007: unknown main item tag 0x0 [ 720.342645][ T5876] isku 0003:1E7D:319C.0007: unknown main item tag 0x0 [ 720.349856][ T5876] isku 0003:1E7D:319C.0007: unknown main item tag 0x0 [ 720.357183][ T5876] isku 0003:1E7D:319C.0007: unknown main item tag 0x0 [ 720.369424][ T9189] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.720: Failed to acquire dquot type 1 [ 720.420286][ T9189] EXT4-fs (loop3): 1 truncate cleaned up [ 720.428363][ T9189] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 720.441573][ T9189] ext4 filesystem being mounted at /18/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 720.472929][ T9189] overlayfs: missing 'lowerdir' [ 720.562605][ T5876] isku 0003:1E7D:319C.0007: hidraw0: USB HID v0.00 Device [HID 1e7d:319c] on usb-dummy_hcd.8-1/input0 [ 720.625757][ T5876] usb 9-1: USB disconnect, device number 4 [ 720.774291][ T8597] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 721.502679][ T9214] loop8: detected capacity change from 0 to 256 [ 722.310018][ T9210] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 722.908352][ T9224] loop9: detected capacity change from 0 to 8 [ 723.069241][ T9224] SQUASHFS error: Failed to read block 0x63a: -5 [ 723.075841][ T9224] SQUASHFS error: Unable to read metadata cache entry [638] [ 723.083597][ T9224] SQUASHFS error: Unable to read directory block [26067d:0] [ 723.095226][ T9229] loop1: detected capacity change from 0 to 512 [ 723.242535][ T9229] __quota_error: 24 callbacks suppressed [ 723.242615][ T9229] Quota error (device loop1): find_tree_dqentry: Cycle in quota tree detected: block 3 index 0 [ 723.259867][ T9229] Quota error (device loop1): qtree_read_dquot: Can't read quota structure for id 0 [ 723.276171][ T9229] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.736: Failed to acquire dquot type 1 [ 723.402159][ T9229] EXT4-fs (loop1): 1 truncate cleaned up [ 723.410950][ T9229] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 723.424076][ T9229] ext4 filesystem being mounted at /128/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 723.462307][ T9240] loop3: detected capacity change from 0 to 512 [ 723.476974][ T9240] EXT4-fs: Ignoring removed mblk_io_submit option [ 723.512750][ T9240] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -13 [ 723.532099][ T9229] overlayfs: missing 'lowerdir' [ 723.550260][ T9240] EXT4-fs error (device loop3): ext4_clear_blocks:876: inode #13: comm syz.3.739: attempt to clear invalid blocks 2 len 1 [ 723.571472][ T9240] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters [ 723.588333][ T9240] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #13: comm syz.3.739: invalid indirect mapped block 1819239214 (level 0) [ 723.605957][ T9240] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #13: comm syz.3.739: invalid indirect mapped block 1819239214 (level 1) [ 723.632898][ T9240] EXT4-fs (loop3): 1 truncate cleaned up [ 723.641062][ T9240] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 723.763970][ T8597] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 723.886873][ T6938] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 724.214299][ T9250] team0: No ports can be present during mode change [ 725.436632][ T9259] loop9: detected capacity change from 0 to 40427 [ 725.449207][ T9259] F2FS-fs (loop9): Invalid log_blocksize (268), supports only 12 [ 725.457522][ T9259] F2FS-fs (loop9): Can't find valid F2FS filesystem in 1th superblock [ 725.485929][ T9259] F2FS-fs (loop9): invalid crc value [ 725.831054][ T9259] F2FS-fs (loop9): Try to recover 1th superblock, ret: 0 [ 725.838694][ T9259] F2FS-fs (loop9): Mounted with checkpoint version = 48b305e5 [ 725.860647][ T30] audit: type=1800 audit(1751833793.563:98): pid=9259 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.9.748" name="file1" dev="loop9" ino=10 res=0 errno=0 [ 725.896633][ T9275] loop8: detected capacity change from 0 to 512 [ 725.950991][ T9259] syz.9.748: attempt to access beyond end of device [ 725.950991][ T9259] loop9: rw=2049, sector=77824, nr_sectors = 968 limit=40427 [ 726.081128][ T9275] Quota error (device loop8): find_tree_dqentry: Cycle in quota tree detected: block 3 index 0 [ 726.092819][ T9275] Quota error (device loop8): qtree_read_dquot: Can't read quota structure for id 0 [ 726.102781][ T9275] EXT4-fs error (device loop8): ext4_acquire_dquot:6933: comm syz.8.753: Failed to acquire dquot type 1 [ 726.135563][ T9280] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 726.140014][ T9275] EXT4-fs (loop8): 1 truncate cleaned up [ 726.143160][ T9280] IPv6: NLM_F_CREATE should be set when creating new route [ 726.150908][ T9275] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 726.169294][ T9275] ext4 filesystem being mounted at /126/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 726.201998][ T9275] overlayfs: missing 'lowerdir' [ 726.600539][ T6805] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 727.025395][ T9293] loop8: detected capacity change from 0 to 512 [ 727.117231][ T2231] usb 2-1: new full-speed USB device number 6 using dummy_hcd [ 727.172061][ T9293] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 727.185406][ T9293] ext4 filesystem being mounted at /127/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 727.215154][ T30] audit: type=1326 audit(1751833794.903:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9291 comm="syz.8.757" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ae278e929 code=0x7ffc0000 [ 727.238145][ T30] audit: type=1326 audit(1751833794.903:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9291 comm="syz.8.757" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f7ae278e929 code=0x7ffc0000 [ 727.302522][ T30] audit: type=1800 audit(1751833795.003:101): pid=9293 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.8.757" name="memory.events" dev="loop8" ino=18 res=0 errno=0 [ 727.324676][ T30] audit: type=1326 audit(1751833795.003:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9291 comm="syz.8.757" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ae278e929 code=0x7ffc0000 [ 727.347416][ T30] audit: type=1326 audit(1751833795.003:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9291 comm="syz.8.757" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ae278e929 code=0x7ffc0000 [ 727.421970][ T2231] usb 2-1: unable to get BOS descriptor or descriptor too short [ 727.432764][ T2231] usb 2-1: not running at top speed; connect to a high speed hub [ 727.470932][ T2231] usb 2-1: config 128 interface 0 has no altsetting 0 [ 727.497819][ T2231] usb 2-1: New USB device found, idVendor=15a4, idProduct=901b, bcdDevice=7a.d1 [ 727.507396][ T2231] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 727.515642][ T2231] usb 2-1: Product: syz [ 727.520147][ T2231] usb 2-1: Manufacturer: syz [ 727.524963][ T2231] usb 2-1: SerialNumber: syz [ 727.891324][ T2231] usb 2-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 727.917929][ T2231] dvb_usb_af9015 2-1:128.0: probe with driver dvb_usb_af9015 failed with error -22 [ 727.949154][ T2231] usb 2-1: USB disconnect, device number 6 [ 728.131275][ T6805] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 729.141399][ T9317] loop1: detected capacity change from 0 to 512 [ 729.255370][ T9317] __quota_error: 14 callbacks suppressed [ 729.255448][ T9317] Quota error (device loop1): find_tree_dqentry: Cycle in quota tree detected: block 3 index 0 [ 729.272751][ T9317] Quota error (device loop1): qtree_read_dquot: Can't read quota structure for id 0 [ 729.282637][ T9317] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.767: Failed to acquire dquot type 1 [ 729.326010][ T9317] EXT4-fs (loop1): 1 truncate cleaned up [ 729.334092][ T9317] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 729.347685][ T9317] ext4 filesystem being mounted at /134/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 729.629663][ T9317] overlayfs: missing 'lowerdir' [ 730.182612][ T6938] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 730.702985][ T9340] loop3: detected capacity change from 0 to 47 [ 731.075266][ T9345] loop3: detected capacity change from 0 to 16 [ 731.111520][ T9345] erofs (device loop3): mounted with root inode @ nid 36. [ 731.178802][ T9345] erofs (device loop3): xattr_isize 12 of nid 46 is not supported yet [ 731.238675][ T9351] overlayfs: failed to decode file handle (len=6, type=248, flags=0, err=-22) [ 731.487214][ T9354] loop8: detected capacity change from 0 to 512 [ 731.624617][ T9354] Quota error (device loop8): find_tree_dqentry: Cycle in quota tree detected: block 3 index 0 [ 731.635969][ T9354] Quota error (device loop8): qtree_read_dquot: Can't read quota structure for id 0 [ 731.645843][ T9354] EXT4-fs error (device loop8): ext4_acquire_dquot:6933: comm syz.8.782: Failed to acquire dquot type 1 [ 731.742124][ T9354] EXT4-fs (loop8): 1 truncate cleaned up [ 731.750300][ T9354] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 731.765499][ T9354] ext4 filesystem being mounted at /131/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 731.913649][ T9354] overlayfs: missing 'lowerdir' [ 732.431212][ T6805] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 733.552625][ T9376] overlayfs: failed to clone upperpath [ 734.352891][ T9396] loop1: detected capacity change from 0 to 512 [ 734.380169][ T9395] loop8: detected capacity change from 0 to 2048 [ 734.474157][ T9395] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 734.494400][ T9396] Quota error (device loop1): find_tree_dqentry: Cycle in quota tree detected: block 3 index 0 [ 734.505525][ T9396] Quota error (device loop1): qtree_read_dquot: Can't read quota structure for id 0 [ 734.515438][ T9396] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.798: Failed to acquire dquot type 1 [ 734.603443][ T9396] EXT4-fs (loop1): 1 truncate cleaned up [ 734.611618][ T9396] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 734.625696][ T9396] ext4 filesystem being mounted at /139/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 734.722927][ T9396] overlayfs: missing 'lowerdir' [ 735.060934][ T6938] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 735.496900][ T5876] usb 9-1: new high-speed USB device number 5 using dummy_hcd [ 735.586778][ T2231] usb 4-1: new full-speed USB device number 2 using dummy_hcd [ 735.695898][ T5876] usb 9-1: Using ep0 maxpacket: 16 [ 735.727591][ T5876] usb 9-1: config 8 has an invalid interface number: 39 but max is 0 [ 735.736061][ T5876] usb 9-1: config 8 has no interface number 0 [ 735.742694][ T5876] usb 9-1: config 8 interface 39 altsetting 1 has an endpoint descriptor with address 0xDF, changing to 0x8F [ 735.756802][ T5876] usb 9-1: config 8 interface 39 altsetting 1 endpoint 0x8F has invalid wMaxPacketSize 0 [ 735.767344][ T5876] usb 9-1: config 8 interface 39 altsetting 1 bulk endpoint 0x8F has invalid maxpacket 0 [ 735.777778][ T5876] usb 9-1: config 8 interface 39 has no altsetting 0 [ 735.809695][ T2231] usb 4-1: not running at top speed; connect to a high speed hub [ 735.843902][ T2231] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 735.855066][ T2231] usb 4-1: config 0 has no interfaces? [ 735.866014][ T5876] usb 9-1: New USB device found, idVendor=05ac, idProduct=c704, bcdDevice=62.77 [ 735.876020][ T5876] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 735.885567][ T5876] usb 9-1: Product: syz [ 735.890828][ T5876] usb 9-1: Manufacturer: syz [ 735.895665][ T5876] usb 9-1: SerialNumber: syz [ 735.955294][ T2231] usb 4-1: New USB device found, idVendor=05ac, idProduct=d181, bcdDevice=b4.a2 [ 735.968588][ T2231] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 735.978271][ T2231] usb 4-1: Product: syz [ 735.982662][ T2231] usb 4-1: Manufacturer: syz [ 735.987636][ T2231] usb 4-1: SerialNumber: syz [ 736.084159][ T2231] usb 4-1: config 0 descriptor?? [ 736.360819][ T2231] usb 4-1: USB disconnect, device number 2 [ 736.791433][ T5876] ipheth 9-1:8.39: ipheth_enable_ncm: usb_control_msg: -71 [ 736.816261][ T5876] ipheth 9-1:8.39: Apple iPhone USB Ethernet device attached [ 736.844704][ T9437] loop9: detected capacity change from 0 to 512 [ 736.858854][ T5876] usb 9-1: USB disconnect, device number 5 [ 736.918158][ T5876] ipheth 9-1:8.39: Apple iPhone USB Ethernet now disconnected [ 736.973402][ T9437] Quota error (device loop9): find_tree_dqentry: Cycle in quota tree detected: block 3 index 0 [ 736.988488][ T9437] Quota error (device loop9): qtree_read_dquot: Can't read quota structure for id 0 [ 736.999978][ T9437] EXT4-fs error (device loop9): ext4_acquire_dquot:6933: comm syz.9.813: Failed to acquire dquot type 1 [ 737.041184][ T9437] EXT4-fs (loop9): 1 truncate cleaned up [ 737.049444][ T9437] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 737.062608][ T9437] ext4 filesystem being mounted at /137/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 737.192535][ T9443] syz.2.814 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 737.215504][ T9437] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 737.224901][ T9437] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 737.431927][ T6852] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 737.684302][ T9449] loop3: detected capacity change from 0 to 4096 [ 737.695109][ T9449] ntfs3(loop3): Different NTFS sector size (4096) and media sector size (512). [ 737.831369][ T9449] ntfs3(loop3): ino=19, mi_enum_attr [ 737.837254][ T9449] ntfs3(loop3): Mark volume as dirty due to NTFS errors [ 738.025408][ T9458] loop8: detected capacity change from 0 to 8 [ 738.035152][ T9458] Dev loop8: unable to read RDB block 8 [ 738.041580][ T9458] loop8: unable to read partition table [ 738.050156][ T9458] loop8: partition table beyond EOD, truncated [ 738.056923][ T9458] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 738.887049][ T9474] loop8: detected capacity change from 0 to 512 [ 738.996753][ T9474] Quota error (device loop8): find_tree_dqentry: Cycle in quota tree detected: block 3 index 0 [ 739.007879][ T9474] Quota error (device loop8): qtree_read_dquot: Can't read quota structure for id 0 [ 739.017781][ T9474] EXT4-fs error (device loop8): ext4_acquire_dquot:6933: comm syz.8.827: Failed to acquire dquot type 1 [ 739.111696][ T9474] EXT4-fs (loop8): 1 truncate cleaned up [ 739.120189][ T9474] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 739.138001][ T9474] ext4 filesystem being mounted at /137/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 739.344360][ T9474] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 739.353519][ T9474] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 739.724932][ T6805] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 740.116692][ T2231] usb 2-1: new full-speed USB device number 7 using dummy_hcd [ 740.313523][ T2231] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 740.325159][ T2231] usb 2-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00 [ 740.338082][ T2231] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 740.417644][ T2231] usb 2-1: config 0 descriptor?? [ 740.425325][ T9496] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 740.915953][ T2231] elan 0003:04F3:0755.0008: unknown main item tag 0x0 [ 740.923494][ T2231] elan 0003:04F3:0755.0008: unknown main item tag 0x0 [ 740.930860][ T2231] elan 0003:04F3:0755.0008: unknown main item tag 0x0 [ 740.938047][ T2231] elan 0003:04F3:0755.0008: unknown main item tag 0x0 [ 740.945120][ T2231] elan 0003:04F3:0755.0008: unknown main item tag 0x0 [ 741.091808][ T2231] elan 0003:04F3:0755.0008: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.1-1/input0 [ 741.162931][ T2231] usb 2-1: USB disconnect, device number 7 [ 741.687775][ T9528] overlayfs: failed to resolve './file0': -2 [ 741.881841][ T9526] loop9: detected capacity change from 0 to 4096 [ 741.900817][ T9530] netlink: 24 bytes leftover after parsing attributes in process `syz.8.848'. [ 741.920225][ T9526] ntfs3(loop9): Different NTFS sector size (4096) and media sector size (512). [ 742.081554][ T9535] loop3: detected capacity change from 0 to 512 [ 742.118875][ T9535] EXT4-fs: Ignoring removed i_version option [ 742.148321][ T9535] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 742.217808][ T9526] ntfs3(loop9): ino=19, mi_enum_attr [ 742.223413][ T9526] ntfs3(loop9): Mark volume as dirty due to NTFS errors [ 742.284950][ T9535] EXT4-fs (loop3): 1 truncate cleaned up [ 742.293556][ T9535] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 742.381211][ T30] audit: type=1800 audit(1751833810.073:118): pid=9526 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.9.845" name="file1" dev="loop9" ino=33 res=0 errno=0 [ 742.739777][ T9547] netlink: 4 bytes leftover after parsing attributes in process `syz.1.854'. [ 743.668447][ T9559] overlayfs: missing 'lowerdir' [ 743.951468][ T2231] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 744.119739][ T2231] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 744.130490][ T2231] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 744.141132][ T2231] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 744.189464][ T2231] usb 2-1: config 0 descriptor?? [ 744.209965][ T2231] pwc: Askey VC010 type 2 USB webcam detected. [ 744.477249][ T2231] pwc: send_video_command error -71 [ 744.482902][ T2231] pwc: Failed to set video mode CIF@30 fps; return code = -71 [ 744.491701][ T2231] Philips webcam 2-1:0.0: probe with driver Philips webcam failed with error -71 [ 744.552240][ T2231] usb 2-1: USB disconnect, device number 8 [ 744.991674][ T9585] netlink: 'syz.2.871': attribute type 1 has an invalid length. [ 745.004814][ T9586] netlink: 56 bytes leftover after parsing attributes in process `syz.9.872'. [ 745.060475][ T2231] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 745.103290][ T8597] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 745.190323][ T9585] macvlan2: entered promiscuous mode [ 745.195883][ T9585] macvlan2: entered allmulticast mode [ 745.205554][ T9585] bond1: entered promiscuous mode [ 745.213263][ T9585] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 745.235010][ T2231] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 745.246182][ T2231] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 745.255639][ T2231] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 745.309094][ T2231] usb 2-1: config 0 descriptor?? [ 745.315266][ T9585] bond1: left promiscuous mode [ 745.340402][ T2231] pwc: Askey VC010 type 2 USB webcam detected. [ 745.429470][ T9592] loop9: detected capacity change from 0 to 512 [ 745.519853][ T9592] Quota error (device loop9): find_tree_dqentry: Cycle in quota tree detected: block 3 index 0 [ 745.531088][ T9592] Quota error (device loop9): qtree_read_dquot: Can't read quota structure for id 0 [ 745.541150][ T9592] EXT4-fs error (device loop9): ext4_acquire_dquot:6933: comm syz.9.874: Failed to acquire dquot type 1 [ 745.636960][ T9592] EXT4-fs (loop9): 1 truncate cleaned up [ 745.646124][ T9592] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 745.659691][ T9592] ext4 filesystem being mounted at /153/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 745.747206][ T2231] pwc: recv_control_msg error -32 req 02 val 2b00 [ 745.762880][ T2231] pwc: recv_control_msg error -32 req 02 val 2700 [ 745.794108][ T2231] pwc: recv_control_msg error -32 req 02 val 2c00 [ 745.813387][ T9592] overlayfs: missing 'lowerdir' [ 745.816809][ T2231] pwc: recv_control_msg error -32 req 04 val 1000 [ 745.867361][ T2231] pwc: recv_control_msg error -32 req 04 val 1300 [ 745.883345][ T2231] pwc: recv_control_msg error -32 req 04 val 1400 [ 745.909867][ T2231] pwc: recv_control_msg error -32 req 02 val 2000 [ 745.930392][ T2231] pwc: recv_control_msg error -32 req 02 val 2100 [ 745.943693][ T2231] pwc: recv_control_msg error -32 req 04 val 1500 [ 745.966967][ T2231] pwc: recv_control_msg error -32 req 02 val 2500 [ 746.164787][ T6852] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 746.193050][ T2231] pwc: recv_control_msg error -32 req 02 val 2600 [ 746.227111][ T2231] pwc: recv_control_msg error -32 req 02 val 2900 [ 746.282120][ T5818] Bluetooth: hci5: unexpected event for opcode 0x0809 [ 746.439583][ T2231] pwc: recv_control_msg error -71 req 04 val 1100 [ 746.467982][ T2231] pwc: recv_control_msg error -71 req 04 val 1200 [ 746.498200][ T2231] pwc: Registered as video103. [ 746.505363][ T2231] input: PWC snapshot button as /devices/platform/dummy_hcd.1/usb2/2-1/input/input9 [ 746.570876][ T2231] usb 2-1: USB disconnect, device number 9 [ 747.202687][ T9615] loop9: detected capacity change from 0 to 2048 [ 747.351240][ T9621] NILFS (loop9): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 747.462606][ T9621] NILFS (loop9): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3) [ 747.474208][ T9621] NILFS error (device loop9): nilfs_bmap_propagate: broken bmap (inode number=4) [ 747.517458][ T9621] Remounting filesystem read-only [ 747.702173][ T6852] NILFS (loop9): disposed unprocessed dirty file(s) when stopping log writer [ 747.784704][ T9628] syz.8.889 uses obsolete (PF_INET,SOCK_PACKET) [ 747.833269][ T9630] loop1: detected capacity change from 0 to 1024 [ 748.055679][ T9630] hfsplus: xattr searching failed [ 748.085481][ T9636] loop9: detected capacity change from 0 to 512 [ 748.211922][ T9636] Quota error (device loop9): find_tree_dqentry: Cycle in quota tree detected: block 3 index 0 [ 748.223931][ T9636] Quota error (device loop9): qtree_read_dquot: Can't read quota structure for id 0 [ 748.233790][ T9636] EXT4-fs error (device loop9): ext4_acquire_dquot:6933: comm syz.9.890: Failed to acquire dquot type 1 [ 748.266115][ T9636] EXT4-fs (loop9): 1 truncate cleaned up [ 748.274214][ T9636] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 748.287387][ T9636] ext4 filesystem being mounted at /156/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 748.391711][ T9636] overlayfs: missing 'lowerdir' [ 748.498426][ T3830] hfsplus: b-tree write err: -5, ino 3 [ 748.534467][ T9642] loop3: detected capacity change from 0 to 64 [ 748.584396][ T9640] EXT4-fs error (device loop9): ext4_validate_block_bitmap:441: comm ext4lazyinit: bg 0: block 248: padding at end of block bitmap is not set [ 748.677799][ T9642] MINIX-fs: deleted inode referenced: 1 [ 748.750971][ T6852] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 749.513691][ T9663] netlink: 8 bytes leftover after parsing attributes in process `syz.8.902'. [ 749.964113][ T9671] loop1: detected capacity change from 0 to 512 [ 750.107253][ T9671] Quota error (device loop1): find_tree_dqentry: Cycle in quota tree detected: block 3 index 0 [ 750.118297][ T9671] Quota error (device loop1): qtree_read_dquot: Can't read quota structure for id 0 [ 750.128136][ T9671] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.905: Failed to acquire dquot type 1 [ 750.160764][ T9671] EXT4-fs (loop1): 1 truncate cleaned up [ 750.169082][ T9671] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 750.182251][ T9671] ext4 filesystem being mounted at /160/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 750.383400][ T9671] overlayfs: missing 'workdir' [ 750.996141][ T9677] loop3: detected capacity change from 0 to 40427 [ 751.009176][ T9677] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 751.019369][ T9677] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 751.045830][ T6938] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 751.081495][ T9677] F2FS-fs (loop3): invalid crc value [ 751.155814][ T9688] loop9: detected capacity change from 0 to 22 [ 751.277848][ T9688] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 751.367866][ T9677] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 751.375188][ T9677] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 752.691907][ T9705] loop9: detected capacity change from 0 to 2048 [ 752.746627][ T9705] UDF-fs: error (device loop9): udf_read_tagged: read failed, block=3932051, location=3932051 [ 752.945897][ T9705] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 753.464233][ T9716] loop1: detected capacity change from 0 to 512 [ 753.507128][ T7198] usb 10-1: new high-speed USB device number 4 using dummy_hcd [ 753.623790][ T9716] Quota error (device loop1): find_tree_dqentry: Cycle in quota tree detected: block 3 index 0 [ 753.634995][ T9716] Quota error (device loop1): qtree_read_dquot: Can't read quota structure for id 0 [ 753.644980][ T9716] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.922: Failed to acquire dquot type 1 [ 753.709268][ T7198] usb 10-1: Using ep0 maxpacket: 32 [ 753.726911][ T9716] EXT4-fs (loop1): 1 truncate cleaned up [ 753.734817][ T9716] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 753.748667][ T9716] ext4 filesystem being mounted at /164/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 753.779076][ T7198] usb 10-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7 [ 753.788846][ T7198] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 753.825206][ T9716] overlayfs: missing 'workdir' [ 753.840407][ T7198] usb 10-1: config 0 descriptor?? [ 753.857181][ T7198] gspca_main: sunplus-2.14.0 probing 041e:400b [ 754.118490][ T6938] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 754.762943][ T7198] gspca_sunplus: reg_w_riv err -71 [ 754.769811][ T7198] sunplus 10-1:0.0: probe with driver sunplus failed with error -71 [ 754.898389][ T7198] usb 10-1: USB disconnect, device number 4 [ 756.463871][ T9754] overlayfs: failed to resolve './file0': -2 [ 757.545152][ T5818] Bluetooth: hci0: ACL packet for unknown connection handle 0 [ 757.615661][ T9776] bridge0: port 3(syz_tun) entered blocking state [ 757.622835][ T9776] bridge0: port 3(syz_tun) entered disabled state [ 757.630195][ T9776] syz_tun: entered allmulticast mode [ 757.640385][ T9776] syz_tun: entered promiscuous mode [ 757.647936][ T9776] bridge0: port 3(syz_tun) entered blocking state [ 757.654799][ T9776] bridge0: port 3(syz_tun) entered forwarding state [ 757.677276][ T7198] IPVS: starting estimator thread 0... [ 757.768601][ T9777] IPVS: using max 240 ests per chain, 12000 per kthread [ 758.243512][ T9785] loop9: detected capacity change from 0 to 512 [ 758.370348][ T9785] Quota error (device loop9): find_tree_dqentry: Cycle in quota tree detected: block 3 index 0 [ 758.381682][ T9785] Quota error (device loop9): qtree_read_dquot: Can't read quota structure for id 0 [ 758.396706][ T9785] EXT4-fs error (device loop9): ext4_acquire_dquot:6933: comm syz.9.951: Failed to acquire dquot type 1 [ 758.464267][ T9785] EXT4-fs (loop9): 1 truncate cleaned up [ 758.472706][ T9785] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 758.485661][ T9785] ext4 filesystem being mounted at /165/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 758.912919][ T6852] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 760.200226][ T9815] loop9: detected capacity change from 0 to 512 [ 760.250875][ T9819] loop1: detected capacity change from 0 to 512 [ 760.287912][ T9815] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 760.301770][ T9815] ext4 filesystem being mounted at /168/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 760.360667][ T9819] Quota error (device loop1): find_tree_dqentry: Cycle in quota tree detected: block 3 index 0 [ 760.372336][ T9819] Quota error (device loop1): qtree_read_dquot: Can't read quota structure for id 0 [ 760.382231][ T9819] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.965: Failed to acquire dquot type 1 [ 760.416644][ T9819] EXT4-fs (loop1): 1 truncate cleaned up [ 760.423772][ T9819] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 760.439942][ T9819] ext4 filesystem being mounted at /174/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 760.654059][ T9826] overlayfs: unescaped trailing colons in lowerdir mount option. [ 760.794779][ T6852] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 760.976850][ T6938] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 761.288371][ T30] audit: type=1326 audit(1751833828.983:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9837 comm="syz.1.971" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fda551858e7 code=0x7ffc0000 [ 761.311311][ T30] audit: type=1326 audit(1751833828.983:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9837 comm="syz.1.971" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fda5512ab19 code=0x7ffc0000 [ 761.334050][ T30] audit: type=1326 audit(1751833828.983:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9837 comm="syz.1.971" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fda551858e7 code=0x7ffc0000 [ 761.360192][ T30] audit: type=1326 audit(1751833828.983:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9837 comm="syz.1.971" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fda5512ab19 code=0x7ffc0000 [ 761.384005][ T30] audit: type=1326 audit(1751833828.983:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9837 comm="syz.1.971" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fda551858e7 code=0x7ffc0000 [ 761.407152][ T30] audit: type=1326 audit(1751833828.983:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9837 comm="syz.1.971" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fda5512ab19 code=0x7ffc0000 [ 761.429818][ T30] audit: type=1326 audit(1751833828.993:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9837 comm="syz.1.971" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda5518e929 code=0x7ffc0000 [ 761.452492][ T30] audit: type=1326 audit(1751833828.993:126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9837 comm="syz.1.971" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fda551858e7 code=0x7ffc0000 [ 762.472700][ T9860] overlayfs: failed to resolve './file0': -2 [ 763.040075][ T9856] loop1: detected capacity change from 0 to 40427 [ 763.116985][ T9856] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 763.124999][ T9856] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 763.150774][ T9856] F2FS-fs (loop1): invalid crc value [ 763.568910][ T9856] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 763.576228][ T9856] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 764.075949][ T7198] kernel write not supported for file bpf-prog (pid: 7198 comm: kworker/1:6) [ 764.688672][ T9890] overlayfs: failed to resolve './file0': -2 [ 764.712200][ T2231] usb 10-1: new high-speed USB device number 5 using dummy_hcd [ 764.876842][ T2231] usb 10-1: Using ep0 maxpacket: 16 [ 764.915036][ T2231] usb 10-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 764.927366][ T2231] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 764.989349][ T2231] usb 10-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 764.999324][ T2231] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 765.007776][ T2231] usb 10-1: Product: syz [ 765.012256][ T2231] usb 10-1: Manufacturer: syz [ 765.017401][ T2231] usb 10-1: SerialNumber: syz [ 765.037783][ T2231] usb 10-1: config 0 descriptor?? [ 765.073127][ T2231] em28xx 10-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 765.083001][ T2231] em28xx 10-1:0.0: Audio interface 0 found (Vendor Class) [ 765.250757][ T9895] netlink: 56 bytes leftover after parsing attributes in process `syz.1.988'. [ 765.679369][ T2231] em28xx 10-1:0.0: unknown em28xx chip ID (48) [ 765.881558][ T2231] em28xx 10-1:0.0: Config register raw data: 0xfffffffb [ 765.897287][ T2231] em28xx 10-1:0.0: AC97 chip type couldn't be determined [ 765.904683][ T2231] em28xx 10-1:0.0: No AC97 audio processor [ 765.935333][ T2231] usb 10-1: USB disconnect, device number 5 [ 765.943354][ T2231] em28xx 10-1:0.0: Disconnecting em28xx [ 765.959778][ T2231] em28xx 10-1:0.0: Freeing device [ 766.843353][ T9914] loop9: detected capacity change from 0 to 512 [ 766.979342][ T9914] __quota_error: 16 callbacks suppressed [ 766.979420][ T9914] Quota error (device loop9): find_tree_dqentry: Cycle in quota tree detected: block 3 index 0 [ 766.998685][ T9914] Quota error (device loop9): qtree_read_dquot: Can't read quota structure for id 0 [ 767.008901][ T9914] EXT4-fs error (device loop9): ext4_acquire_dquot:6933: comm syz.9.1006: Failed to acquire dquot type 1 [ 767.096145][ T9914] EXT4-fs (loop9): 1 truncate cleaned up [ 767.104384][ T9914] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 767.117746][ T9914] ext4 filesystem being mounted at /175/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 767.513218][ T6852] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 767.887555][ T2231] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 767.966999][ T9935] 9pnet_fd: Insufficient options for proto=fd [ 768.070658][ T2231] usb 4-1: Using ep0 maxpacket: 32 [ 768.092239][ T2231] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 768.103715][ T2231] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 768.117582][ T2231] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 768.128560][ T2231] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 768.248748][ T2231] usb 4-1: config 0 descriptor?? [ 768.326668][ T30] audit: type=1326 audit(1751833836.013:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9938 comm="syz.8.1016" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ae278e929 code=0x7ffc0000 [ 768.378857][ T9937] loop1: detected capacity change from 0 to 512 [ 768.390119][ T5869] IPVS: starting estimator thread 0... [ 768.435292][ T9937] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 768.457819][ T30] audit: type=1326 audit(1751833836.063:144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9938 comm="syz.8.1016" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f7ae278e929 code=0x7ffc0000 [ 768.480831][ T30] audit: type=1326 audit(1751833836.063:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9938 comm="syz.8.1016" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ae278e929 code=0x7ffc0000 [ 768.503764][ T30] audit: type=1326 audit(1751833836.073:146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9938 comm="syz.8.1016" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ae278e929 code=0x7ffc0000 [ 768.527999][ T30] audit: type=1326 audit(1751833836.093:147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9938 comm="syz.8.1016" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f7ae278e929 code=0x7ffc0000 [ 768.550951][ T30] audit: type=1326 audit(1751833836.093:148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9938 comm="syz.8.1016" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ae278e929 code=0x7ffc0000 [ 768.579630][ T9933] loop9: detected capacity change from 0 to 8192 [ 768.599222][ T9937] EXT4-fs (loop1): warning: maximal mount count reached, running e2fsck is recommended [ 768.613713][ T9940] IPVS: using max 240 ests per chain, 12000 per kthread [ 768.640299][ T9937] EXT4-fs error (device loop1): ext4_orphan_get:1393: comm syz.1.1015: inode #15: comm syz.1.1015: iget: illegal inode # [ 768.669406][ T9937] EXT4-fs (loop1): Remounting filesystem read-only [ 768.677950][ T9933] FAT-fs (loop9): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 768.678578][ T9937] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 768.725391][ T9931] cgroup2: Unknown parameter 'p;Aklevents' [ 768.797679][ T2231] usbhid 4-1:0.0: can't add hid device: -71 [ 768.804290][ T2231] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 768.836684][ T2231] usb 4-1: USB disconnect, device number 3 [ 769.007820][ T6938] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 769.257185][ T5818] Bluetooth: hci1: unexpected event for opcode 0x0428 [ 769.501863][ T9955] overlayfs: failed to resolve './file0': -2 [ 769.958071][ T9966] loop9: detected capacity change from 0 to 16 [ 770.044513][ T9966] cramfs: Error -3 while decompressing! [ 770.050673][ T9966] cramfs: ffffffff95549fc8(453)->ffff888116f32000(4096) [ 770.417563][ T30] audit: type=1326 audit(1751833838.113:149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9974 comm="syz.9.1032" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f044fd8e929 code=0x7ffc0000 [ 770.441639][ T30] audit: type=1326 audit(1751833838.123:150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9974 comm="syz.9.1032" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f044fd8e929 code=0x7ffc0000 [ 771.388526][ T9986] loop3: detected capacity change from 0 to 512 [ 771.416895][ T7198] usb 10-1: new full-speed USB device number 6 using dummy_hcd [ 771.623896][ T9986] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.1037: Failed to acquire dquot type 1 [ 771.652743][ T7198] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 771.656017][ T9986] EXT4-fs (loop3): 1 truncate cleaned up [ 771.663562][ T7198] usb 10-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E [ 771.671758][ T9986] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 771.681042][ T7198] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10 [ 771.694172][ T9986] ext4 filesystem being mounted at /75/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 771.706837][ T7198] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 771.706978][ T7198] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 771.820197][ T7198] usb 10-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46 [ 771.830114][ T7198] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35 [ 771.838989][ T7198] usb 10-1: Product: syz [ 771.843468][ T7198] usb 10-1: Manufacturer: syz [ 771.848502][ T7198] usb 10-1: SerialNumber: syz [ 772.023771][ T7198] usb 10-1: config 0 descriptor?? [ 772.280714][ T7198] radio-si470x 10-1:0.0: DeviceID=0x6465 ChipID=0x7669 [ 772.336950][ T2231] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 772.377677][ T1292] ieee802154 phy0 wpan0: encryption failed: -22 [ 772.418012][ T8597] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 772.481017][ T7198] radio-si470x 10-1:0.0: software version 100, hardware version 101 [ 772.548829][ T2231] usb 2-1: Using ep0 maxpacket: 16 [ 772.604252][ T2231] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 772.616485][ T2231] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 772.689530][ T7198] radio-si470x 10-1:0.0: si470x_set_report: usb_control_msg returned -71 [ 772.695044][ T2231] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 772.699256][ T7198] radio-si470x 10-1:0.0: submitting int urb failed (-90) [ 772.707897][ T2231] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 772.727284][ T2231] usb 2-1: Product: syz [ 772.733024][ T2231] usb 2-1: Manufacturer: syz [ 772.737972][ T2231] usb 2-1: SerialNumber: syz [ 772.745516][ T7198] radio-si470x 10-1:0.0: si470x_set_report: usb_control_msg returned -71 [ 772.755734][ T7198] radio-si470x 10-1:0.0: probe with driver radio-si470x failed with error -22 [ 772.776073][ T2231] usb 2-1: config 0 descriptor?? [ 772.814657][ T2231] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 772.830050][ T2231] em28xx 2-1:0.0: Audio interface 0 found (Vendor Class) [ 772.845519][ T7198] usb 10-1: USB disconnect, device number 6 [ 772.981410][T10001] lo speed is unknown, defaulting to 1000 [ 773.340780][ T5818] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 773.349716][ T5818] Bluetooth: hci1: Injecting HCI hardware error event [ 773.360042][ T5818] Bluetooth: hci1: hardware error 0x00 [ 774.506170][T10008] lo speed is unknown, defaulting to 1000 [ 774.629321][ T2231] em28xx 2-1:0.0: unknown em28xx chip ID (0) [ 774.697269][ T2231] em28xx 2-1:0.0: Config register raw data: 0xfffffffb [ 775.422480][ T5818] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 775.580239][ T2231] em28xx 2-1:0.0: Unknown AC97 audio processor detected! [ 775.791329][T10030] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1050'. [ 775.814837][T10028] netlink: 'syz.8.1049': attribute type 4 has an invalid length. [ 775.852436][ T2231] em28xx 2-1:0.0: couldn't setup AC97 register 2 [ 775.860286][ T2231] em28xx 2-1:0.0: couldn't setup AC97 register 4 [ 775.868261][ T2231] em28xx 2-1:0.0: couldn't setup AC97 register 6 [ 775.876136][ T2231] em28xx 2-1:0.0: couldn't setup AC97 register 54 [ 775.906065][ T2231] em28xx 2-1:0.0: couldn't setup AC97 register 56 [ 775.929476][ T2231] usb 2-1: USB disconnect, device number 10 [ 775.941182][ T7198] lo speed is unknown, defaulting to 1000 [ 775.947562][ T7198] syz0: Port: 1 Link DOWN [ 776.346739][T10035] overlayfs: failed to resolve './file0': -2 [ 777.008128][T10049] loop1: detected capacity change from 0 to 2048 [ 777.050808][T10049] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=3932051, location=3932051 [ 777.139398][T10049] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 777.436125][T10057] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1062'. [ 778.122967][T10075] loop1: detected capacity change from 0 to 512 [ 778.193285][T10075] __quota_error: 7 callbacks suppressed [ 778.193362][T10075] Quota error (device loop1): find_tree_dqentry: Cycle in quota tree detected: block 3 index 0 [ 778.210412][T10075] Quota error (device loop1): qtree_read_dquot: Can't read quota structure for id 0 [ 778.220346][T10075] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.1067: Failed to acquire dquot type 1 [ 778.261651][T10075] EXT4-fs (loop1): 1 truncate cleaned up [ 778.274526][T10075] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 778.288701][T10075] ext4 filesystem being mounted at /192/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 778.579731][T10078] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm ext4lazyinit: bg 0: block 248: padding at end of block bitmap is not set [ 778.742751][ T6938] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 780.126755][ T2231] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 780.328257][ T2231] usb 4-1: Using ep0 maxpacket: 16 [ 780.389753][ T2231] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 780.405519][ T2231] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 780.496498][ T2231] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 780.509604][ T2231] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 780.519465][ T2231] usb 4-1: Product: syz [ 780.527101][ T2231] usb 4-1: Manufacturer: syz [ 780.531938][ T2231] usb 4-1: SerialNumber: syz [ 780.583969][T10111] loop1: detected capacity change from 0 to 512 [ 780.619353][ T2231] usb 4-1: config 0 descriptor?? [ 780.671662][ T2231] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 780.681481][ T2231] em28xx 4-1:0.0: Audio interface 0 found (Vendor Class) [ 780.793017][T10111] Quota error (device loop1): find_tree_dqentry: Cycle in quota tree detected: block 3 index 0 [ 780.804524][T10111] Quota error (device loop1): qtree_read_dquot: Can't read quota structure for id 0 [ 780.816154][T10111] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.1084: Failed to acquire dquot type 1 [ 780.877591][T10111] EXT4-fs (loop1): 1 truncate cleaned up [ 780.885353][T10111] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 780.898932][T10111] ext4 filesystem being mounted at /195/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 781.294883][ T2231] em28xx 4-1:0.0: unknown em28xx chip ID (0) [ 781.327131][ T2231] em28xx 4-1:0.0: Config register raw data: 0xfffffffb [ 781.431307][ T6938] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 781.543981][T10124] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 781.957227][ T2231] em28xx 4-1:0.0: AC97 command still being executed: not handled properly! [ 781.966130][ T2231] em28xx 4-1:0.0: Unknown AC97 audio processor detected! [ 782.150009][ T2231] em28xx 4-1:0.0: couldn't setup AC97 register 2 [ 782.166793][ T2231] em28xx 4-1:0.0: couldn't setup AC97 register 4 [ 782.211995][ T2231] em28xx 4-1:0.0: couldn't setup AC97 register 6 [ 782.222451][ T2231] em28xx 4-1:0.0: couldn't setup AC97 register 54 [ 782.233541][ T2231] em28xx 4-1:0.0: couldn't setup AC97 register 56 [ 782.262031][ T2231] usb 4-1: USB disconnect, device number 4 [ 782.730316][T10137] input: syz1 as /devices/virtual/input/input10 [ 783.619766][T10149] overlayfs: failed to resolve './file0': -2 [ 786.124522][T10185] loop1: detected capacity change from 0 to 512 [ 786.337175][T10185] Quota error (device loop1): find_tree_dqentry: Cycle in quota tree detected: block 3 index 0 [ 786.350418][T10185] Quota error (device loop1): qtree_read_dquot: Can't read quota structure for id 0 [ 786.360831][T10185] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.1113: Failed to acquire dquot type 1 [ 786.483771][T10185] EXT4-fs (loop1): 1 truncate cleaned up [ 786.492058][T10185] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 786.505378][T10185] ext4 filesystem being mounted at /203/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 786.879137][T10200] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1119'. [ 786.990515][ T6938] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 788.340704][T10226] overlayfs: failed to resolve './file0': -2 [ 788.363554][T10228] loop1: detected capacity change from 0 to 1024 [ 788.957409][T10240] loop3: detected capacity change from 0 to 1024 [ 789.270072][T10250] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 789.292935][ T3735] ===================================================== [ 789.300595][ T3735] BUG: KMSAN: uninit-value in hfsplus_cat_case_cmp_key+0xd9/0x190 [ 789.313331][ T3735] hfsplus_cat_case_cmp_key+0xd9/0x190 [ 789.320624][ T3735] hfs_find_rec_by_key+0xab/0x240 [ 789.326996][ T3735] __hfsplus_brec_find+0x274/0x840 [ 789.332356][ T3735] hfsplus_brec_find+0x4df/0x9f0 [ 789.337607][ T3735] hfsplus_brec_read+0x46/0x1f0 [ 789.342680][ T3735] hfsplus_find_cat+0xb5/0x4f0 [ 789.347804][ T3735] hfsplus_cat_write_inode+0x2ca/0xe20 [ 789.353464][ T3735] hfsplus_write_inode+0x178/0x960 [ 789.359684][ T3735] __writeback_single_inode+0x88f/0x1190 [ 789.365531][ T3735] writeback_sb_inodes+0xaa9/0x1c90 [ 789.371575][ T3735] wb_writeback+0x4ce/0xc00 [ 789.376265][ T3735] wb_workfn+0x397/0x1910 [ 789.381644][ T3735] process_scheduled_works+0xb8e/0x1d80 [ 789.387531][ T3735] worker_thread+0xedf/0x1590 [ 789.392418][ T3735] kthread+0xd5c/0xf00 [ 789.396833][ T3735] ret_from_fork+0x1e0/0x310 [ 789.401591][ T3735] ret_from_fork_asm+0x1a/0x30 [ 789.406761][ T3735] [ 789.409185][ T3735] Uninit was created at: [ 789.418229][ T3735] __kmalloc_noprof+0x95f/0x1310 [ 789.423356][ T3735] hfsplus_find_init+0x90/0x1d0 [ 789.429876][ T3735] hfsplus_cat_write_inode+0x1a8/0xe20 [ 789.435543][ T3735] hfsplus_write_inode+0x178/0x960 [ 789.440914][ T3735] __writeback_single_inode+0x88f/0x1190 [ 789.446982][ T3735] writeback_sb_inodes+0xaa9/0x1c90 [ 789.452381][ T3735] wb_writeback+0x4ce/0xc00 [ 789.457152][ T3735] wb_workfn+0x397/0x1910 [ 789.461653][ T3735] process_scheduled_works+0xb8e/0x1d80 [ 789.467689][ T3735] worker_thread+0xedf/0x1590 [ 789.472582][ T3735] kthread+0xd5c/0xf00 [ 789.476957][ T3735] ret_from_fork+0x1e0/0x310 [ 789.481715][ T3735] ret_from_fork_asm+0x1a/0x30 [ 789.486798][ T3735] [ 789.489272][ T3735] CPU: 0 UID: 0 PID: 3735 Comm: kworker/u8:13 Not tainted 6.16.0-rc4-syzkaller-00324-g1f988d0788f5 #0 PREEMPT(undef) [ 789.502011][ T3735] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 789.512446][ T3735] Workqueue: writeback wb_workfn (flush-7:3) [ 789.523363][ T3735] ===================================================== [ 789.531948][ T3735] Disabling lock debugging due to kernel taint [ 789.538314][ T3735] Kernel panic - not syncing: kmsan.panic set ... [ 789.544894][ T3735] CPU: 0 UID: 0 PID: 3735 Comm: kworker/u8:13 Tainted: G B 6.16.0-rc4-syzkaller-00324-g1f988d0788f5 #0 PREEMPT(undef) [ 789.559023][ T3735] Tainted: [B]=BAD_PAGE [ 789.563296][ T3735] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 789.573516][ T3735] Workqueue: writeback wb_workfn (flush-7:3) [ 789.579762][ T3735] Call Trace: [ 789.583167][ T3735] [ 789.586215][ T3735] __dump_stack+0x26/0x30 [ 789.590746][ T3735] dump_stack_lvl+0x53/0x270 [ 789.595539][ T3735] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 789.601576][ T3735] dump_stack+0x1e/0x25 [ 789.605922][ T3735] panic+0x4bd/0xd50 [ 789.610075][ T3735] kmsan_report+0x31c/0x320 [ 789.614813][ T3735] ? __msan_warning+0x1b/0x30 [ 789.619691][ T3735] ? hfsplus_cat_case_cmp_key+0xd9/0x190 [ 789.625534][ T3735] ? hfs_find_rec_by_key+0xab/0x240 [ 789.630960][ T3735] ? __hfsplus_brec_find+0x274/0x840 [ 789.636481][ T3735] ? hfsplus_brec_find+0x4df/0x9f0 [ 789.641815][ T3735] ? hfsplus_brec_read+0x46/0x1f0 [ 789.647061][ T3735] ? hfsplus_find_cat+0xb5/0x4f0 [ 789.652211][ T3735] ? hfsplus_cat_write_inode+0x2ca/0xe20 [ 789.658047][ T3735] ? hfsplus_write_inode+0x178/0x960 [ 789.663523][ T3735] ? __writeback_single_inode+0x88f/0x1190 [ 789.669538][ T3735] ? writeback_sb_inodes+0xaa9/0x1c90 [ 789.675107][ T3735] ? wb_writeback+0x4ce/0xc00 [ 789.679965][ T3735] ? wb_workfn+0x397/0x1910 [ 789.684705][ T3735] ? process_scheduled_works+0xb8e/0x1d80 [ 789.690622][ T3735] ? worker_thread+0xedf/0x1590 [ 789.695665][ T3735] ? kthread+0xd5c/0xf00 [ 789.700060][ T3735] ? ret_from_fork+0x1e0/0x310 [ 789.704983][ T3735] ? ret_from_fork_asm+0x1a/0x30 [ 789.710124][ T3735] ? kmsan_get_metadata+0xfb/0x160 [ 789.715440][ T3735] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 789.721455][ T3735] ? kmsan_get_metadata+0xfb/0x160 [ 789.726764][ T3735] ? kmsan_internal_memmove_metadata+0x91/0x230 [ 789.733236][ T3735] ? kmsan_get_metadata+0xfb/0x160 [ 789.738540][ T3735] ? kmsan_internal_memmove_metadata+0x91/0x230 [ 789.744976][ T3735] ? kmsan_get_metadata+0xfb/0x160 [ 789.750301][ T3735] __msan_warning+0x1b/0x30 [ 789.754980][ T3735] hfsplus_cat_case_cmp_key+0xd9/0x190 [ 789.760732][ T3735] hfs_find_rec_by_key+0xab/0x240 [ 789.765962][ T3735] ? __pfx_hfsplus_cat_case_cmp_key+0x10/0x10 [ 789.772230][ T3735] __hfsplus_brec_find+0x274/0x840 [ 789.777549][ T3735] ? __pfx_hfs_find_rec_by_key+0x10/0x10 [ 789.783405][ T3735] hfsplus_brec_find+0x4df/0x9f0 [ 789.788539][ T3735] ? __pfx_hfs_find_rec_by_key+0x10/0x10 [ 789.794412][ T3735] hfsplus_brec_read+0x46/0x1f0 [ 789.799462][ T3735] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 789.805481][ T3735] hfsplus_find_cat+0xb5/0x4f0 [ 789.810423][ T3735] ? kmsan_get_metadata+0xfb/0x160 [ 789.815736][ T3735] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 789.821763][ T3735] ? should_fail_ex+0x45/0x8a0 [ 789.826796][ T3735] ? kmsan_get_metadata+0xfb/0x160 [ 789.832122][ T3735] ? kmsan_get_metadata+0xfb/0x160 [ 789.837434][ T3735] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 789.843955][ T3735] ? kmsan_get_metadata+0xfb/0x160 [ 789.849271][ T3735] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 789.855289][ T3735] ? kmsan_get_metadata+0xfb/0x160 [ 789.860594][ T3735] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 789.867125][ T3735] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 789.873383][ T3735] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 789.879398][ T3735] ? kmsan_get_metadata+0xfb/0x160 [ 789.884708][ T3735] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 789.890728][ T3735] hfsplus_cat_write_inode+0x2ca/0xe20 [ 789.896383][ T3735] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 789.902735][ T3735] ? _raw_spin_unlock+0x30/0x50 [ 789.907763][ T3735] ? kmsan_get_metadata+0xfb/0x160 [ 789.913074][ T3735] ? kmsan_get_shadow_origin_ptr+0x35/0xb0 [ 789.919088][ T3735] ? kmsan_get_metadata+0xfb/0x160 [ 789.924406][ T3735] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 789.930947][ T3735] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 789.937214][ T3735] ? kmsan_get_metadata+0xfb/0x160 [ 789.942523][ T3735] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 789.949053][ T3735] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 789.955317][ T3735] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 789.961360][ T3735] hfsplus_write_inode+0x178/0x960 [ 789.966635][ T3735] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 789.973158][ T3735] ? kmsan_get_metadata+0xfb/0x160 [ 789.978464][ T3735] ? kmsan_get_metadata+0xfb/0x160 [ 789.983772][ T3735] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 789.989781][ T3735] ? __pfx_hfsplus_write_inode+0x10/0x10 [ 789.995630][ T3735] ? __pfx_hfsplus_write_inode+0x10/0x10 [ 790.001444][ T3735] __writeback_single_inode+0x88f/0x1190 [ 790.007309][ T3735] writeback_sb_inodes+0xaa9/0x1c90 [ 790.012838][ T3735] wb_writeback+0x4ce/0xc00 [ 790.017542][ T3735] ? queue_io+0x4d1/0x790 [ 790.022069][ T3735] wb_workfn+0x397/0x1910 [ 790.026570][ T3735] ? kmsan_get_metadata+0xfb/0x160 [ 790.031917][ T3735] ? __pfx_wb_workfn+0x10/0x10 [ 790.036845][ T3735] process_scheduled_works+0xb8e/0x1d80 [ 790.042658][ T3735] worker_thread+0xedf/0x1590 [ 790.047570][ T3735] kthread+0xd5c/0xf00 [ 790.051791][ T3735] ? __pfx_worker_thread+0x10/0x10 [ 790.057154][ T3735] ? __pfx_kthread+0x10/0x10 [ 790.061905][ T3735] ret_from_fork+0x1e0/0x310 [ 790.066652][ T3735] ? __pfx_kthread+0x10/0x10 [ 790.071405][ T3735] ret_from_fork_asm+0x1a/0x30 [ 790.076401][ T3735] [ 790.079822][ T3735] Kernel Offset: disabled [ 790.084207][ T3735] Rebooting in 86400 seconds..