last executing test programs: 2m50.777147832s ago: executing program 4 (id=38): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) capset(&(0x7f0000000000)={0x20071026}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x83, 0xffffffff}) r0 = socket$netlink(0x10, 0x3, 0xc) bind$netlink(r0, &(0x7f0000000040)={0x10, 0x0, 0x25dfdbfb, 0x20}, 0xc) 2m50.412795057s ago: executing program 4 (id=41): r0 = socket$netlink(0x10, 0x3, 0x4) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x20, &(0x7f0000000040)=[@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in={0x2, 0x4e24, @remote}]}, &(0x7f0000000080)=0x10) writev(r0, &(0x7f00000002c0)=[{&(0x7f00000001c0)="4800000014001d0d09074beafd0d8c560284606088ffe0064e204e20590000a2bc5603ca00000f7f8907000020008d42188fedc22e6ee11ac3439693b948e142ff0000000309ff5b", 0x48}], 0x1) 2m49.306108322s ago: executing program 4 (id=52): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0b000000080000000c0000000300000001"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r0}, 0x38) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r1}, 0xc) 2m48.992505543s ago: executing program 4 (id=56): syz_mount_image$vfat(&(0x7f0000000100), &(0x7f00000001c0)='./file0\x00', 0x2048c5, &(0x7f0000000b00)={[{@fat=@uid={'uid', 0x3d, 0xee00}}, {@shortname_winnt}, {@numtail}, {@fat=@nfs_nostale_ro}, {@uni_xlate}, {@shortname_lower}, {@fat=@sys_immutable}, {@fat=@showexec}, {@shortname_win95}, {@shortname_winnt}, {@fat=@quiet}, {@utf8no}]}, 0x0, 0x29f, &(0x7f0000000840)="$eJzs3UFrE1sYxvGnSdukKW2yKBfuhct9uW50M7TxEwRpQQwotRF1IUztREPGpGRiJCK2O7d+juLSlYL6Bbpx517cFEFw04UYaZKxaRswra1Tzf8HYU7OOe/MmZyZ8M5AJlvXn94rFwOn6NYVS5pi0rq2pcxOqWuku4y1y+Pqta5zk5/f/Xv1xs1LuXx+ftFsIbd0Pmtm0/+9evDo2f9v6pPXnk+/TGgzc2vrU/b95l+bf299XQrXXpVcW65W6+6y79lKKSg7Zld8zw08K1UCr1a3nvaiX11dbZpbWZlKrda8IDC30rSy17R61eq1prl33FLFHMexqZSGTfzQEYWNxUU3dyKDQRQm+lXWajk33rexsPErBgUAAE6XqPL/u6XASoFVqnvy+4P5f0yHyP+loc7/D4/8fxjs5P+p7vm7F/k/AAAAAAAAAAAAAAAAAAAAAAC/g+1WK91qtdLhMnwlJCUlhe+jHidOBvM/3Hp+uJeU/CeNQqPQWXbac0WV5MvT7Jj0pX08dHXKCxfz87PWltFrf60bv9YoxJUI40OZ/vFznXjrjV/TmFK9288qrZn+8dk+8Y3CuM6eaSW6W/bkKK23t1WVr5X2cb0b/3jO7MLl/L74iXY/AAAAAAD+BI59d+D6vd3uWPjYkH3tncrd+wNK/+D+wL7r61H9MxrdfgMAAAAAMEyC5sOy6/tebQgK4f8fHMsKo//okoN2HpXUrXlxWuZikEJM0lHD4z83yx8l7amZiXy6j6Pw4X7nDBikc5TfSgAAAABOQpj0j0Q9EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAhtigDw8L+x/l2WM9m4tHs5cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA6fAtAAD//2kbF4o=") mount$bpf(0x200000000000, &(0x7f0000000000)='.\x00', 0x0, 0x8b7848, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f00000002c0)='\x00', 0x89901) mount_setattr(r0, &(0x7f0000000100)='.\x00', 0x9000, &(0x7f0000001dc0)={0x0, 0xf9, 0x20000}, 0x20) 2m48.16836014s ago: executing program 4 (id=63): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_audit(0x10, 0x3, 0x9) bind$netlink(r1, &(0x7f00000007c0)={0x10, 0x0, 0x25dfdbfd, 0x8000000}, 0xc) close_range(r0, 0xffffffffffffffff, 0x0) 2m47.567259941s ago: executing program 4 (id=68): r0 = socket(0xa, 0x3, 0xff) recvmmsg(r0, &(0x7f0000002040), 0x400000000000233, 0x10022, 0x0) setsockopt$sock_int(r0, 0x1, 0x1d, &(0x7f0000000000)=0x1f, 0x4) syz_emit_ethernet(0x46, &(0x7f0000000280)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb86dd6c00000000102c0100000000000000000000000007000500ff020000000000000000000000000001ff"], 0x0) 2m47.120908651s ago: executing program 32 (id=68): r0 = socket(0xa, 0x3, 0xff) recvmmsg(r0, &(0x7f0000002040), 0x400000000000233, 0x10022, 0x0) setsockopt$sock_int(r0, 0x1, 0x1d, &(0x7f0000000000)=0x1f, 0x4) syz_emit_ethernet(0x46, &(0x7f0000000280)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb86dd6c00000000102c0100000000000000000000000007000500ff020000000000000000000000000001ff"], 0x0) 2m29.155022204s ago: executing program 1 (id=158): r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000001440)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000100)={0x1d, r1, 0x0, {0x2, 0x1, 0x4}, 0xfe}, 0x18) sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x48005) 2m28.813754668s ago: executing program 1 (id=161): timer_settime(0x0, 0x1, 0x0, 0x0) syz_mount_image$squashfs(&(0x7f00000001c0), &(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="3d0d8f929d36bc9c19d99c138002cdf0e58683ee6a6abe3f845d219f9f86cc41c0ed8b279cd28575a6a50679baf75e3aa7774f87987e5460c109d882afd2c2bfb760eaaae9b071cf23", @ANYRES16=0x0], 0x1, 0x195, &(0x7f0000000440)="$eJzsVb1OKkEU/mYZduEW997amFhoFAphWdTYaWV4AGsjwRWJiz8siUIosOIdLG14Ed/BQmODhTGxwN6MmZ2z62JiYYLJauZL4Du/e85h2DMH/qlvAXgd92rYRIAU/uKWMXAAc0zZtizFT6biAumPXHGe7FfEd8R+p3tY9Ty39VFgn7u+KkztQckWdr6/hDzMBEz6ywV6ZZCUfhIjpKb993tXNy4MPAe77Gbcq0lhF4AQQgDheYDFY2Qz11EMMMODD0tBRDEyUypLAIrt5knR73SXG81q3a27R45TXrNXbHvVKe43PNdW3yxWwqC6kvMA5E7NxvxpAPdZFfMHk2Cx1sjP4rlmbDnn5idzDcaj3JAz5JO5tNshf4JtLAa+sz4TBED8o4hgpAoYLkkp8Vh/arZM4CjUjr29ARjkvSIswB6CwwBXaSOkQ0WmRopbXu+HbQ+IF4grxEPiEXF4Z4V3EQ+e8EBarg+YOK+2262SNCkpsjmRzfkfVTao6os5OdysBQ0NDQ0NDQ2NH4a3AAAA//+8o2BX") syz_mount_image$ext4(&(0x7f0000001140)='ext4\x00', &(0x7f00000007c0)='./file1\x00', 0x400c84, &(0x7f0000000340), 0x1, 0x792, &(0x7f0000020c00)="$eJzs3ctrXGUbAPDnTJKmTft9iSBouzEgaKA0sTW2CgoVFyJYKOjadkimoWaSCZlJaUJAiwhuBBUXgm66cuGl7tx6ATfqf+FCLFXTYsWFjJzJTDNpZtLJbSaa3w9O8r7nMs/7zLm9M+dwJoA9azD9k4k4HBHvJBH91fFJRPRUSt0Rp5fnu720OJYOSZTLL/2WVOa5tbQ4FnXLpA5WKw9GxDdvRhzNrI1bnF+YzObzudlqfaQ0NTNSnF84dnEqO5GbyE2fPD46euLUE6dObl+uf/y4cOj6u88/+vnpv9544Nrb3yZxOg5Vp9XnsWnPrK4OxmD1PelJ38JVnttysN0l6XQD2JR01+xa3svjcPRHV6UEAPyXvRYRZQBgj0mc/wFgj6l9D3BraXGsNnT2G4n2uvFsROxfzr92fXN5Snf1mt3+ynXQvlvJqisjSUQMbEP8wYj46MtXPk2H2K7rkAAteP1KRJwfGFx7/E/W3LOwUY+tM21f9f/gXePT+K5AQ3t8lfZ/nmzU/8vc6f9Eg/5Pb4N9dzMa7f+rRhzYhiDruPFxxNN197bdrsu/ohwDXdXa/yp9vp7kwsV8Lj22/T8ihqKnN60fXyfG0M2/bzabVt//+/29Vz9J46f/V+bI/NLdu3qZ8Wwpu7WsV9y4EnGku1H+yZ31nzTp/55tMcYLT731YbNpaf5pvrVhbf5RvTtpZ5SvRjzScP2v3NGWrHt/4khlcxipbRQNfPHTB33N4tev/3RI49c+C7RDuv771s9/IKm/X7O48Rg/XO3/utm0e+ffePvfl7xcKdf6EZezpdLs8Yh9yYtrx59YWfZy9qFqaXn+NP+hhxvv/+tt/+lnwvMt5t99/dfPNp//zkrzH9/Q+t944drtya5m8Vtb/6OV0lB1TCvHv1YbuJX3DgAAAAAAAAAAAAAAAAAAAAAAAABalYmIQ5Fkhu+UM5nh4eXf8L4/+jL5QrF09EJhbno8Kr+VPRA9mdqjLvvTem9EVJ9/OlD3fNQTdfX0dR+PiPsi4v3eA0ntOYrjHc4dAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGoONvn9/9TPvZ1uHQCwY/Z3ugEAQNs5/wPA3uP8DwB7T2vn/64dbwcA0D4+/wPA3uP8DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwA47e+ZMOpT/XFocS+vjl+bnJguXjo3nipPDU3Njw2OF2ZnhiUJhIp8bHitM3ev18oXCzGhMz10eKeWKpZHi/MK5qcLcdOncxansRO5crqctWQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAxhTnFyaz+XxuVmEThfLuaEbnC13VzWm3tKethWRri898/92RXZDF3YUOH5gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/iX+CQAA///iziCi") newfstatat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x100) 2m28.288183683s ago: executing program 1 (id=166): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0xe, &(0x7f0000000080)={[{@quota}, {@quota}, {@barrier_val={'barrier', 0x3d, 0x3}}, {@orlov}, {@test_dummy_encryption_v1}, {@jqfmt_vfsv1}]}, 0x3, 0x448, &(0x7f0000000440)="$eJzs3M1vG0UbAPBnN3H6tmnfhFI++gEECiLiI2nSAr2CQOIAEhIcyjEkaVXqNqgJEq0qKAiVI6rEHXFE4i/gBBcEnJC4wh1VqlAvLZwWrb3bOK6d1q5dF/z7SZvM7I4183h37JmdbAIYWlP5jyRie0T8FhET9ezGAlP1X9eunFv868q5xSSy7M0/k1q5q1fOLZZFy9eNF5npNCL9NIm9LepdPXP2xEK1uny6yM+unXxvdvXM2WePn1w4tnxs+dT84cOHDs698Pz8cz2JM2/T1T0fruzb/erbF19fPHLxnZ++Scr4m+LokanNDj6RZT2ubrB2NKST0QE2hI6MRER+uiq1/j8RI7F+8ibilU8G2jigr7Isy8bbHz6fAf9hSQy6BcBglF/0+fy33O7Q0OOucPnF+gQoj/tasdWPjEZalKk0zW97aSoijpz/+8t8i/7chwAA2OC7fPzzTKvxXxr3N5T7f7E2NBkR90TEzoi4NyJ2RcR9EbWyD0TEgx3W37xIcuP4J73UVWC3KB//jaf1ta2N479y9BeTI0VuRy3+SnL0eHX5QPGeTEdlS56f26SO71/+9fN2xxrHf/mW11+OBYt2XBrdsvE1SwtrC7cTc6PLH0fsGW0Vf3J9JSCJiN0RsafLOo4/9fW+dsduHv8merDOlH0V8WR9bfN8NMVfSjZfn5z9X1SXD8yWV8WNfv7lwhvt6r+t+HsgP//bovX5L0wmjeu1q53XceH3z9rOabq9/seSt2rpsWLfBwtra6fnIsaS1+qNbtw/v/7aMl+Wz+Of3t+6/++M9Xdib0TkF/FDEfFwRDxStP3RiHgsIvZvEv+PLz3+bvfx91ce/1JH5389MRbNe1onRk788O2GSic7iT8//4dqqeliz618/t1Ku7q7mgEAAODfJ42I7ZGkM9fTaTozU/97+V2xLa2urK49fXTl/VNL9WcEJqOSlne6Jhruh84V0/oyP9+UP1jcN/5iZGstP7O4Ul0adPAw5Mbb9P/cHyODbh3Qd57XguGl/8Pw0v9heOn/MLxa9P+tg2gHcOe1+v7/aADtAO68pv5v2Q+GiPk/DC/9H4aX/g9DaXVr3Pwh+YEnyg+ou6U9XSSyLKLfdVU6+McHt52I9C54VyX6lhjwBxMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAECP/BMAAP//qlXhwA==") r0 = open(&(0x7f0000001b80)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000001c0)=0x20000008) link(&(0x7f00000001c0)='./file1\x00', &(0x7f0000000240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') 2m27.324033989s ago: executing program 1 (id=173): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000002c0)=0x20) mkdir(&(0x7f0000000000)='./control\x00', 0x0) rmdir(&(0x7f00000003c0)='./control\x00') 2m26.944466425s ago: executing program 1 (id=177): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000000)={r0}, 0x4) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x11, &(0x7f0000000140)=ANY=[@ANYBLOB="180200000100000000000000000000008500000087000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r1, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547e9f17dbe9abc89b6e0704", 0x0, 0x3696, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 2m26.296669399s ago: executing program 1 (id=186): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$team(&(0x7f00000044c0), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000004700)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_OPTIONS_SET(r0, &(0x7f0000004bc0)={0x0, 0x0, &(0x7f0000004b80)={&(0x7f00000002c0)={0x20, r1, 0x405, 0x70bd25, 0x25dfdbfe, {}, [{{0x8, 0x1, r2}, {0x4}}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000431}, 0x4008004) 2m25.84139007s ago: executing program 33 (id=186): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$team(&(0x7f00000044c0), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000004700)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_OPTIONS_SET(r0, &(0x7f0000004bc0)={0x0, 0x0, &(0x7f0000004b80)={&(0x7f00000002c0)={0x20, r1, 0x405, 0x70bd25, 0x25dfdbfe, {}, [{{0x8, 0x1, r2}, {0x4}}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000431}, 0x4008004) 1m19.966678385s ago: executing program 3 (id=589): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_MSG_GETFLOWTABLE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000680)={0x2c, 0x17, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}]}, 0x2c}, 0x1, 0x0, 0x0, 0x81}, 0x0) 1m19.690287904s ago: executing program 3 (id=590): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000380), 0x80042, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x3) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000c80)={0x0, 0x0, &(0x7f0000000c40)={&(0x7f0000000380)=@delqdisc={0x434, 0x25, 0x100, 0x70bd29, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0x2, 0xf}, {0xa, 0x7}, {0x0, 0x3}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x408, 0x2, [@TCA_TBF_PTAB={0x404, 0x3, [0x3, 0xfffffff8, 0x4, 0x40, 0x2, 0x2, 0x5, 0x7fff, 0x4, 0x1, 0x6, 0x1c8, 0x7, 0x0, 0x5, 0x0, 0x8, 0x9, 0x9, 0x9, 0xf4, 0x200, 0x1, 0x5, 0x6, 0xfff, 0x9, 0x1, 0x80, 0x10000, 0x0, 0x6, 0xff, 0x4, 0x6, 0x9, 0xe6c1, 0x6, 0x65, 0x6, 0x5, 0x71, 0x1f146d7e, 0x80000001, 0x89, 0xe9, 0x80000001, 0x2, 0xff, 0x8, 0xffff8dc2, 0x400, 0x0, 0x2, 0xffff, 0x10001, 0x3ff, 0x0, 0x5, 0xa000000, 0x0, 0x5, 0x8, 0x3, 0x0, 0x401, 0x5, 0x9, 0x4ad1, 0x1, 0x25ae, 0x1, 0xfff, 0x6, 0xe, 0xffffffff, 0x7, 0x5, 0x3ff, 0xfff, 0x8, 0xf, 0x0, 0x4, 0x626cfd3b, 0x0, 0x60df8662, 0x2, 0x5, 0x4, 0xc6, 0x8, 0x7, 0xfffffffa, 0x9, 0x4, 0x1, 0x3, 0x0, 0x7, 0x2, 0xffff8000, 0xe13, 0x8, 0x7, 0xc, 0xfdc1, 0x7ff, 0x4, 0xfffffff0, 0x4, 0x8003, 0x40, 0x1, 0x1f21, 0x3, 0x665195e5, 0x5, 0x7, 0x5, 0x9, 0x7, 0x4, 0x1ac, 0x101, 0x400, 0x2, 0x1, 0xd, 0x9, 0x7, 0xc5, 0x99, 0x4, 0x2e9, 0x4, 0x3, 0x401, 0xfffffffe, 0x7, 0x80000000, 0x8, 0x0, 0x4, 0x37, 0x4, 0x31, 0x2, 0x2, 0x3, 0x6, 0x1, 0x690c, 0x0, 0x9, 0x2, 0xe, 0xb, 0x8, 0x5597, 0x3, 0x2, 0x7fff, 0x62, 0xf6, 0x5, 0x0, 0x7fffffff, 0x9, 0x9, 0x2, 0x100, 0x6, 0x101, 0x5, 0x2, 0x3, 0x4, 0xfc8d, 0x8, 0x3ff, 0x3, 0xaeb3, 0x3, 0x5, 0x9, 0xfc, 0x8000, 0x1, 0x7, 0x20000, 0x4, 0x2, 0x6, 0x65, 0x85, 0x0, 0x2, 0x2, 0x6, 0x7, 0xd92, 0x40, 0xfff, 0xe1, 0x8, 0x426, 0x5, 0x9, 0x1, 0x1000, 0x9, 0x36ae765f, 0x401, 0x9, 0x200000, 0x3, 0x4, 0x5, 0x0, 0x89, 0x5, 0x80000000, 0x4007, 0x1, 0x41632842, 0x6, 0x10, 0x2, 0x8001, 0x5, 0x100, 0x8, 0x9, 0xfe64, 0xd, 0x1c2, 0x2, 0x6, 0x2, 0x80000001, 0xa, 0x6, 0xfffffffc, 0x5, 0x3, 0x7f, 0x8001, 0x5, 0x3, 0x6, 0x8001, 0x10001, 0x5, 0xb, 0x7]}]}}]}, 0x434}, 0x1, 0x0, 0x0, 0x40000}, 0x8010) ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) 1m19.30931015s ago: executing program 3 (id=592): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_int(r0, 0x0, 0xb, &(0x7f0000000040)=0x3, 0x4) setsockopt$IP_VS_SO_SET_STARTDAEMON(r0, 0x0, 0x1a, &(0x7f0000000240)={0x1, 'veth0_to_team\x00'}, 0x18) syz_emit_ethernet(0x46, &(0x7f0000000280)={@multicast, @local, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x2, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0xb, 0x0, 0x0, 0x0, 0x80, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x64, 0x1000, 0x0, 0x1, 0xa, @local, @rand_addr=0x64010102}, "9e10ca7a9ffbf5df"}}}}}, 0x0) 1m19.15450296s ago: executing program 3 (id=593): syz_mount_image$udf(&(0x7f0000000040), &(0x7f0000000f80)='./mnt\x00', 0x0, &(0x7f0000002480)=ANY=[@ANYBLOB='mode=00000000000000000000202,umask=00000000000000000000002,dmode=00000000000000000100002,gid=forget,longad,shortad,novrs,iocharset=cp437,uid=forget,umask=00000000000000000000006,dmode=00000000000000000000010,gid=', @ANYRESDEC=0x0, @ANYRES32=0x0], 0x1, 0xc58, &(0x7f00000000c0)="$eJzs3UFsHNd9B+D/G+2KSxutmDhRnTQuNm2RyorlypJiKlbhrmqabQBZFkIxtwBciZS6NUUSJNXIRtoyvfTQQ4Ci6CEnAq1RIEUDowmCHpnWBZKLD0WAAj0RLWwERQ9sESCngMHMvqWWNGnToihR0vfZ1G939r2Z9+atZ2RBb14AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABG/9/L5k8+l+90KAOBeujj25ZOn3P8B4JFy2f//AwAAAAAAAAAAAADAQZeiiCcixdzFtTRRve9qXOjUb94aHxndvtpgqmoeqsqXP43nTp0+84Xnh8/28kJn5gPq322fjlfHLp9vvjR7Y25+amFharI5PtO5Ojs5tes97LX+VserE9C88drNyWvXFpqnnj296eNbQ+8NPH506Nzw0yee6pUdHxkdHbtdpNFfvnbHDenaaYbH4SjiRKR45js/Se2IKGLv56Jxb8d+q8GqE8erToyPjFYdme60ZxbLDy/1TkQR0eyr1Oqdo+3HImr1e9qHnbUilsrmlw0+XnZvbK49374yPdW81J5f7Cx2ZmcupW5ry/40o4izKWI5IlYH3r+7ehRRixTfOrKWrkTEod55+Hw1MXjndhT72MddKNvZrEcsFw/AmB1gA1HEK5Hip28fi6v5OlNdaz4X8UqZ3494s8wXI1L5xTgT8e423yMeTLUo4i/L8T+3liar60HvunLhK80vzVyb7Svbu658xPvD+64U9+n+MLgl740Dfm1qRBHt6oq/lu78NzsAAAAAAAAAAAAAAAAA3G2DUcSnIsXL//7H1bziqOalHzk3/PtDv9Q/Z/zJD9lPWfbZiFgqdjcn93CeGHgpXUrpPs8lfpQ1oog/yfP/vnG/GwMAAAAAAAAAAAAAAAAAAPBIK+LHkeKFd46l5ehfU7wzc715uX1lursqbG/t396a6evr6+vN1M1WzomcSzmXc67kXO1mNe+/ql/k+jknci7lXM65knM1ZxzK9XO2ck7kXMq5nHMl52rOqOX6OVs5J3Iu5VzOuZJzNWcckLV7AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeJkUU8fNI8c2vraVIEdGKmIhurgzc79YBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKWBVMR3I0XzD1ob22oRkap/u46Vv5yJ1uEyPx6t4TJfjNb5nO0qa61v3If2szf1VMSPIsVA462NAc/jX+++2/gaxJtfv/3u07VuHup9OPTewONHj5wbHv21J3d6nbZrwPELnZmbt5rjI6OjY32ba/noH+/bNpSPW9ydrhMRC6+/8Vp7enpq/s5flF+BHT5aX1//s/Ioez3EAXmRajv29JF8UQ7tAWjGPnawtqvC9QPQ1H0ZXB525f3/3Ujx2+/8Z++GX93/axslNu7w8bM/vX3/f2HrjnZ5/69trZfv/+U9fbv7/xN9217Ivxup1yIaizfm6kcjGguvv3Gic6N9fer61MyZkye/ODz8xdMn64cjGtc601N9r/Z+rgAAAAAAAAAAAAAAAADuqVTE70aK9o/WUjMiblXztYbODT994qlDcaiab7Vp3varY5fPN1+avTE3P7WwMDXZHJ/pXJ2dnNrt4RrVdK/xkdF96cyHGtzn9g82Xpqde32+c/0PF7f9/LHG+SsLi/Ptq9t/HINRRLT6txyvGjw+Mlo1errTnqmqXtp2Mv1HV09F/FekuHqmmT6bt+X5/1tn+G+a/7+0dUf7NP//Y33bymOmVMTPIsVv/dWT8dmqnY/F+85ZLvd3keL42c/kcnG4LNdrQ/e5At2ZgWXZ/4sU//TzzWV78yGfuF32uV2f2AdEOf5HIsV3/+Lb8et52+bnP2w//o9t3dE+jf8n+rY9tul5BXvuOnn8T0SKF594K34jb/ug53/0nr1xLBfeeD7HPo3/J/u2DeXj/ubd6ToAAAAAAAAAAMADrZ6K+PtI8YPRWno+b9vN3/+b3Lqjffr7X7/St23y7qxX9KEv9nxSAQAAAOCAqKcifhwpri++tTGHevP87775n79ze/7nSNryafXnfL9cPTfgbv75X7+hfNyJvXcbAAAAAAAAAAAAAAAAAAAADpSUing+r6c+Uc3nn9xxPfWVSPHy/zyTy6WjZbneOvBD1a+Ni7MzJ85PT89ebS+2r0xPNcfm2lenyrqfiBRrf/uZXLeo1lfvrTffXeO9UYuIai32+Ugx+g+9st212Htrk3fXA++uxV6W/Vik+O9/3Fy2t471J2+XPVWW/ZtI8dV/3r7s0dtlT5dlvx0pfvjVZq/sY2XZ3vNRu88kbfxRRDx7dbbYh1EBAAAAAAAAAAAAAAAAAADgUVNPRfx5pPjfG8sbc/nz+v/1vreVN7/et97/Freqdf6HqvX/d3p9J+v/V88VWNrpqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8HBKUcQbkWLu4lpaGSjfdzUudGZu3hofGd2+2mCqah6qypc/jedOnT7zheeHz/byg+vfbZ+KV8cun2++NHtjbn5qYWFqsjk+07k6Ozm16z3sXL9xRy06Xp2A5o3Xbk5eu7bQPPXs6U0f3xp6b+Dxo0Pnhp8+8VSv7PjI6OhYX5la/Y6OvK20w/bDUcRfR4pnvvOT9IOBiCI+8Fzsyod8d/bbYNWJ41UnxkdGq45Md9ozi+WHl3onooho9lVq9c7RPRiLPWlFLJXNLxt8vOze2Fx7vn1leqp5qT2/2FnszM5cSt3Wlv1pRhFnU8RyRKwOvH939SjitUjxrSNr6V8GIg71zsPnL459+eSpndtR7GMfd6FsZ7MesVw8AGN2gA1EEd+LFD99+1j860BELbo/8bmIV8r8fsSb0R3vVH4xzkS8u833iAdTLYr4/3L8z62ltwfK60HvunLhK80vzVyb7Svbu64cqPvD9/7jo9YYvBuH3bUDfm1qRBE/rK74a+nf/HcNAAAAAAAAAAAAAAAAcIAU8auR4oV3jqVqfvDGnOLOzPXm5faV6e60vt7cv96c6fX19fVm6mYr50TOpZzLOVdyruaMItfP2Sqzsb4+kd8v5VzOuZJzNWccyvVztnJO5FzKuZxzJedqzqjl+jlbOSdyLuVczrmSczVnHJC5ewAAAAAAAAAAAAAAAAAAwMOlqP5J8c2vraX1ge760hPRzRXrgT70fhEAAP//cjv0Pg==") syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000140), 0x8, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) 1m18.415184631s ago: executing program 3 (id=600): r0 = syz_usb_connect(0x5, 0x24, &(0x7f0000000440)=ANY=[@ANYBLOB="120100003d2ab420720c0d009b27010203010902120001000000000904"], 0x0) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000500)={0x44, &(0x7f0000000800)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac3(r0, 0x0, &(0x7f0000000480)={0x44, &(0x7f0000000580)={0x40, 0xe}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) 1m17.475662744s ago: executing program 3 (id=608): r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x7c8}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) ioctl$UFFDIO_WRITEPROTECT(r0, 0xc018aa06, &(0x7f0000000040)={{&(0x7f0000cdd000/0x4000)=nil, 0x4000}, 0x2}) 1m16.873199496s ago: executing program 34 (id=608): r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x7c8}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) ioctl$UFFDIO_WRITEPROTECT(r0, 0xc018aa06, &(0x7f0000000040)={{&(0x7f0000cdd000/0x4000)=nil, 0x4000}, 0x2}) 8.850822537s ago: executing program 5 (id=1051): syz_mount_image$hfs(&(0x7f0000000180), &(0x7f0000000100)='./file0\x00', 0x40, &(0x7f0000000680)=ANY=[@ANYBLOB="71756965742c636f6465706167653d69736f383835392d31352c706172743d3078303030303030300000000000000000662c00a20000000700000000ede9debf530c3cc4d04b548919aca0c2937d4da1fc31dc42fc2e3e", @ANYRESDEC=0x0, @ANYRESOCT=0x0, @ANYBLOB="7c5ec6079a6b37b673a2fb58b49c73a7350127c3faea004cd46621dc800a8f960e2645602412608d04e7f9ac56f9f325db8573043938396e6e7d674d4ada3ca9909b9c2e47c38447332a34606d919b606de68d84a9e47a93b50b4afc711641b93f8a26ec4cb4a68ea1c6b58229ec51c22f051d12bcc46bc76e218e1e5ee4407fda18ad5b972bccaa9ea0a9", @ANYRES32], 0x11, 0x2d8, &(0x7f0000000a00)="$eJzs3U9rE08cx/HPbNI2/TX0t/3z4wceqwW9SK0X8RKRPAjxIGoToRgqagX1YhVPInr37lPwKQheFO/izZMPIIKwMrObTTbdP0lpNkbfLzBMdmd2vrP/ZiZgRwD+WpebX9+e/2b/GamiivTiouRJqklVSf/p/9qDvf3d/U67lXOcbuDYUkZhSXMo085eO61sTVGJiG+/VVUf3IbJCDjHCB/WStp2T1qInk63v1Z6ZPmeHrHcwTHHMWtMV1091PK04wAATFfU/3tRP1+Pxu+eJ21G3f5v2f8fVXfaAUxckLt3oP93M4DA2Ov7r9vVn++5KZzd7/VmiaPUPDf0fV7hnZUYYJqiWaWLxVu8tdtpn92502l5eqZGZCDbuvtshbduT0G0Gylz0xzh0b4s5mQx6SPKJdeGOduG7Yz417JrHO1sj8t8MJ/MNePrjVrx+K8aGHuZ3JXyh65UGP9W9hFdK32bS9Fro9FoeIksK66SE1ENkYJW1tJnJOrdUStK/kDgF8XpSq0OlQpbd66g1FpY6tJiotR271tGqfVEXbY18d2cXd+kmVfmitnQd71Tc2D879n4NpX7ZPafGrMZdgXujIftmU+vruqO6R/qOQ50tZ7cEp/FhazQf+S/0zDkSc6+l7qpC1q+/+jx7Uqn075nEzdSEnfr8Za551JqnpxEbZzMYyQ89bfooL9rQeEPkYdK9TqlCcWTmjhzrAe074/CzPYpK6WBY98Jf1Ki+bHcG2kaiZLeUZiq/kUvzPq+lIBQNjfuCud/A/OVLTfYsx9+zji9cEAWHTGwY+x4BlRLlF91qX/GmsEtZc/gRp1znTwtnYo3/QwKavSjOGdDkDf0s0xTn3Wd3/8BAAAAAAAAAAAAAAAAAABmTRn/nWDabQQAAAAAAAAAAAAAAAAAAAAAYNbF6/+qt/6vRlv/d/gvf1fCFV6OZf3f13ti/V9g8n4FAAD//8nihik=") creat(&(0x7f0000000000)='./file2\x00', 0xd931d3864d39dcdb) prlimit64(0x0, 0xe, 0x0, 0x0) truncate(&(0x7f0000000000)='./file2\x00', 0x881bfd) 5.620948867s ago: executing program 5 (id=1066): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340), 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000005c0)={r0}, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000010c0)={0x6, 0x11, &(0x7f0000000100)=@framed={{0x18, 0x2, 0x0, 0x0, 0xfffff963}, [@call={0x85, 0x0, 0x0, 0x41}, @snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}}]}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x0, 0x2100, 0x0, &(0x7f0000000100), 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50) 3.771579883s ago: executing program 7 (id=1077): r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_int(r0, 0x0, 0xf, &(0x7f0000d10ffc)=0xfffffffffffffff9, 0x4) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x1, 0x5, @rand_addr=' \x01\x00', 0x8}, 0x1c) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000180)=[@in6={0xa, 0x0, 0x0, @remote, 0x1}, @in6={0xa, 0x4e24, 0x3b, @mcast1, 0x8}], 0x38) 3.534092809s ago: executing program 6 (id=1079): r0 = fsopen(&(0x7f0000000080)='debugfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) fsmount(r0, 0x0, 0xb) fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000040)='ro\x00', 0x0, 0x0) 3.430995286s ago: executing program 7 (id=1081): r0 = socket$vsock_stream(0x28, 0x1, 0x0) creat(&(0x7f0000000280)='./bus\x00', 0x2) r1 = dup2(r0, r0) mount$9p_fd(0x0, &(0x7f0000000340)='./bus\x00', &(0x7f0000000380), 0x800810, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 3.157424635s ago: executing program 6 (id=1083): r0 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000200), 0xffffffffffffffff) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r1, 0x8933, &(0x7f0000000100)={'wpan1\x00', 0x0}) sendmsg$NL802154_CMD_NEW_SEC_KEY(r1, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)={0x4c, r0, 0x1, 0x72bd27, 0x0, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r2}, @NL802154_ATTR_SEC_KEY={0x30, 0x25, 0x0, 0x1, [@NL802154_KEY_ATTR_BYTES={0x14, 0x4, "9831a1f52ac9dc8bc7957ecae6af06dc"}, @NL802154_KEY_ATTR_USAGE_FRAMES={0x5, 0x2, 0x9}, @NL802154_KEY_ATTR_ID={0x10, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_IMPLICIT={0x4}, @NL802154_KEY_ID_ATTR_MODE={0x8}]}]}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4091}, 0x0) 3.07405583s ago: executing program 5 (id=1084): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000080)={r2, 0x7, 0x1}) 3.030106873s ago: executing program 7 (id=1086): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'netdevsim0\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000000)=@newlink={0x48, 0x10, 0x503, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x1}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r1}, @IFLA_ADDRESS={0xa, 0x1, @random="4922c9c66f94"}]}, 0x48}}, 0x40000) 2.772010961s ago: executing program 6 (id=1087): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xc, 0x4008031, 0xffffffffffffffff, 0x1000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) newfstatat(0xffffffffffffff9c, 0x0, 0x0, 0x4000) 2.704875996s ago: executing program 0 (id=1088): keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='new default user:syz 000040'], 0x2a, 0x0) r0 = add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe) keyctl$revoke(0x3, r0) keyctl$read(0xb, r0, &(0x7f0000000240)=""/112, 0x349b7f55) 2.504748779s ago: executing program 7 (id=1089): r0 = syz_io_uring_setup(0xf00, &(0x7f0000000080)={0x0, 0x0, 0xc00, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0, &(0x7f0000000180)=0x0) syz_io_uring_submit(r1, r2, r3, &(0x7f00000001c0)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffff9c, &(0x7f0000000200)={0x42, 0x0, 0x28}, &(0x7f0000000240)='./file1\x00', 0x18, 0x0, 0x12345}) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x1, 0x21, 0x1, 0x0, 0x0) 2.428398175s ago: executing program 5 (id=1090): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_IBSS(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000280)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010100000000000000002b00000008000300", @ANYRES32=r2, @ANYBLOB="050034006e000000080026008a09000008009f0006"], 0x3c}, 0x1, 0x0, 0x0, 0x40}, 0x4800) 2.304120223s ago: executing program 0 (id=1091): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000040)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f00000002c0)={0x3, 0x40, 0xfa02, {{0x6000000, 0x4e20, 0x0, @mcast2}, {0xa, 0x0, 0x0, @remote}, r1, 0xfffffffe}}, 0x48) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f0000000000)={0x7, 0x8, 0xfa00, {r1, 0x6}}, 0x10) 2.278178795s ago: executing program 2 (id=1092): syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x7) r0 = socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0) 2.147422593s ago: executing program 5 (id=1093): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000080)=0x5, 0x35) setsockopt$inet6_int(r0, 0x29, 0x8, &(0x7f00000000c0)=0x4d, 0x4) getsockopt$inet6_buf(r0, 0x29, 0x6, &(0x7f0000000180)=""/9, &(0x7f00000001c0)=0xffffff18) 1.976770745s ago: executing program 0 (id=1094): syz_mount_image$nilfs2(&(0x7f0000000dc0), &(0x7f0000000400)='./file0\x00', 0x94, &(0x7f0000003280)=ANY=[@ANYBLOB="0001def4774774366f0b8a20db13db64e85fc9322c3fe018b91ff1291b4f4c56de7e4543f49818e1307d98d09daa1e2a7dbf88003e9401dc73aad0b7dbb5685565c7825ba8340621faeae92abed19c524ab06c4303258d253722e159642af447aeb096c6a26d345d82f2925163331b0e9157441a9c61dd1051d3b970f9ac12f5975cf1ad4e45acef1a54921c492a77bcb1858b68758ed339608b8e43c733219f1f9e0b867840f821e03bc0e8a497c4d5dde436000090a397637dedb2f3"], 0x1, 0xd99, &(0x7f0000006900)="$eJzs3UtvXNUdAPBzx544LxqHmMZN09glpbiP2CRYpbsaKV2gSqgSnwClgYYa+ghdgIKUsOi2kRAfoIh9F31mgRSxSsWmVb8AYtVNipBoG1UCI9vnjMf/zOjOOLbH4/n9pDtn7v2fe88587hz575OAkZWY+1xcXG6SuntW29dvDcz/r/VKTOtHLNrj+N5bCml1GzNl9JkWN7SxHr62SfXLrWnn+e0ShdSlarW9PTs3da8R1JK19Nsup0m03Mfn7z50gfPLL934saJi2/M3dmZ1gMAwGi596N3f/m3x3947fj/f39mKU20ppft86U8fjRv9y9V6+M5af0PqNrSqm28OBDyjeehEfKNdcjXXk4z5BvvUv6BsNxml3wTNeWPtU3r1G4YZhv/46vG/KbxRmN+fv0/+aoPxw5U869cWX7h6oAqCmy7T2fyLj6DwTByw8qxQa+BANbF44b3uR73LDyY1tLGeyv/7tONzvPDNtjtz7/yh6v8d29Y47B99uunqbSrfI+O5vF4HGE8zNfv978sLx6PaPZYz27HEYbl+EK3eo7tcj22qlv94+div/paTsvrcCbE278/8T0dlvcY6Oye/f8Gw8gOK4NeAQF7VjxvbiUr8XheX4xP1MQP1sQP1cQP18SP1MRhlP3h1d+mm9XG//z4n77f/WFlP9tDOf1Sn/WJ+yP7LT+e99uvBy0/nk8Me9rcf09/+uvbf4/n/38ezv8/m39LJ/MKouwvjPvVW+f+hwuDG13yPRyq81CH/GvPpzbnq6Y2lpPa1jP31WN683zHuuU7vTnfZMh3OG+LHAz1jdsnh8N8ZfujrFfL6zUe2tsM7TgQ6lHemeM5PRjac7xbu8KO7AMhXzMPJ0K7pkK7HgnzfTm0q5re3K64/7zU52SYHo+TlHzhbbvvdym+F/G6jEdz+mZO38np+zn9qEO5o6h8Hrud/18+n9OpWb1wZfnyE3m8fE7vjDUnVqef3+V6Aw+u1+t/ptPm63+OtqY3G+3rhWMb06v29cJkmH6hy/Qn83j5Pfvp2KG16fOXfr78k+1uPIy4q6+9/rPnl5cv/8oTTzzxpPVk0GsmYKctvPryLxauvvb6uSsvP//i5Rcvv3L+ie9/78mnnlpcWNuqX2jftgf2l40f/UHXBAAAAAAAAAAAAOhZdajz5JzW3d+2XE9erk+P18czHMr7Vj4N5T4G5frPbvd1KddvHt+FOrL9duNyokG3Eejs3+7/azCM7LCy4i7+wN4w6P7/yn0PS3r03D+Prw4l292nN68v4/0L4UHs9f7nlL+/+v9r9X/V8/ov9Jg1ubVy/3jv0D/aik2nei0/tr/cB3aqv/L/lMsvrXks9Vb+yu9C+fFGpT36cyj/cI/l39f+01sr/y+5/PKyzZ3ttfz1GleNzfWI+43LfQDjfuPir6H95d5+fbd/ix213crlwygbln4m+zUs/X92U5Zb1oN59dw6Tlfuvx37O+i3/uW+3+V34JGw/Krm903/n8Otrv/P8vlb0P8n7DsfOv5nMIzssLKyMtCuT0a135W9YtCv/6C3IQdd/qBf/zqx/8/4fyn2/xnjsf/PGI/9f8Z47F8rxmP/n/H1jP1/xvjJsNzYP+h0TfwrNfFTNfGv1sRP18Tj/7cYn62Jn6mJz9TEH66JP1oTP1sT/0ZN/LGa+OM18bma+H739ZyOavthlMV+I33/YXSU4z/dvv9TNXFgeMV+neP3+5s1cWB4lfM8fL9hBFWd79gR97eX/bhv5vSdnL6f0492rILshm/l9Ns5/U5Ov5vTczmdz+lCTvUNOdx+869TZ25WG+f5HQvxXs8njdcDxPvEnO+xPvH4XL/ns57ssZydKn+Ll4MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADI3G2uPi4nSV0tu33rr4n6kf/Hh1ykwrx+za43geW0opNVNKVR4fD8u7PrGefvbJtUud0ipdWHss4+nZu615j6zOn2bT7TSZnvv45M2XPnhm+b0TN05cfGPuzs60HgAAAEbDFwEAAP//ManlwQ==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x400, 0x0) setreuid(0xffffffffffffffff, 0xee01) ioctl$FS_IOC_SETFLAGS(r0, 0x40086e81, 0x0) 1.868873013s ago: executing program 5 (id=1095): r0 = syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x181440) r1 = syz_usb_connect(0x0, 0x36, &(0x7f0000001340)=ANY=[@ANYBLOB="1201000014da2108ab12a390eb1e000000010902240001b30000040904410017ff5d810009050f1f01040000000905830300b3"], 0x0) syz_usb_ep_write$ath9k_ep2(r1, 0x83, 0x8, &(0x7f0000000080)=ANY=[]) ioctl$MON_IOCX_MFETCH(r0, 0xc0109207, &(0x7f0000000180)={0x0, 0x0, 0xffffffff}) 1.480954059s ago: executing program 7 (id=1096): r0 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, r1, {0x0, 0xfff3}, {0xffff, 0xffff}, {0xffe0, 0x9}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x6, 0x7}}]}}]}, 0x48}}, 0x4c840) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000077c0)=@newtfilter={0x40, 0x2c, 0xf3f, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r1, {0xfff3, 0xfff3}, {0x0, 0xfff3}, {0x2, 0x300}}, [@filter_kind_options=@f_fw={{0x7}, {0x14, 0x2, [@TCA_FW_CLASSID={0x8, 0x1, {0xb}}, @TCA_FW_MASK={0xfffffdac, 0x5, 0x7}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x20041090}, 0x0) 1.468793989s ago: executing program 0 (id=1097): r0 = socket(0x11, 0x800000003, 0x0) r1 = socket(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000600)={'team0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000d40)=@newqdisc={0x88, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0x2, [], 0x1}}}}]}, 0x88}}, 0x0) 1.364757967s ago: executing program 2 (id=1098): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x2, 0x0, 0x7fff0001}]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0xf, 0x4, 0x4, 0x7}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000001100)={r0, &(0x7f0000000100), &(0x7f0000000000)=""/95, 0x2}, 0x20) 1.187598229s ago: executing program 2 (id=1099): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in6=@private2, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x0, 0x1, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in6=@ipv4={'\x00', '\xff\xff', @local}, 0x0, 0x32}, 0x0, @in=@multicast1, 0x0, 0x0, 0x3}}, 0xe8) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000180)={{{@in6=@mcast1, @in6=@loopback, 0x3, 0x5, 0x0, 0x0, 0x2}}, {{@in6=@loopback, 0x0, 0x6c}, 0x0, @in, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000}}, 0xe8) close(r0) 1.02685267s ago: executing program 6 (id=1100): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0x0, 0x8}}, [@qdisc_kind_options=@q_fq={{0x7}, {0xc, 0x2, [@TCA_FQ_INITIAL_QUANTUM={0x8, 0xe}]}}]}, 0x38}}, 0x0) 861.278181ms ago: executing program 2 (id=1101): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000018c0)={'team0\x00', 0x0}) r2 = socket$inet_udp(0x2, 0x2, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x40, 0x10, 0x49920d862a92153b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0x41, 0x15001}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @gtp={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GTP_FD1={0x8, 0x2, @udp=r2}]}}}, @IFLA_MASTER={0x8, 0xa, r1}]}, 0x40}}, 0x2400c080) 791.298546ms ago: executing program 0 (id=1102): syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = socket(0x23, 0x5, 0x0) listen(r0, 0x0) accept4$unix(r0, 0x0, 0x0, 0x0) 710.215061ms ago: executing program 7 (id=1103): syz_mount_image$hfs(&(0x7f0000000180), &(0x7f0000000100)='./file0\x00', 0x40, &(0x7f0000000680)=ANY=[@ANYBLOB="71756965742c636f6465706167653d69736f383835392d31352c706172743d3078303030303030300000000000000000662c00a20000000700000000ede9debf530c3cc4d04b548919aca0c2937d4da1fc31dc42fc2e3e", @ANYRESDEC=0x0, @ANYRESOCT=0x0, @ANYBLOB="7c5ec6079a6b37b673a2fb58b49c73a7350127c3faea004cd46621dc800a8f960e2645602412608d04e7f9ac56f9f325db8573043938396e6e7d674d4ada3ca9909b9c2e47c38447332a34606d919b606de68d84a9e47a93b50b4afc711641b93f8a26ec4cb4a68ea1c6b58229ec51c22f051d12bcc46bc76e218e1e5ee4407fda18ad5b972bccaa9ea0a9", @ANYRES32], 0x11, 0x2d8, &(0x7f0000000a00)="$eJzs3U9rE08cx/HPbNI2/TX0t/3z4wceqwW9SK0X8RKRPAjxIGoToRgqagX1YhVPInr37lPwKQheFO/izZMPIIKwMrObTTbdP0lpNkbfLzBMdmd2vrP/ZiZgRwD+WpebX9+e/2b/GamiivTiouRJqklVSf/p/9qDvf3d/U67lXOcbuDYUkZhSXMo085eO61sTVGJiG+/VVUf3IbJCDjHCB/WStp2T1qInk63v1Z6ZPmeHrHcwTHHMWtMV1091PK04wAATFfU/3tRP1+Pxu+eJ21G3f5v2f8fVXfaAUxckLt3oP93M4DA2Ov7r9vVn++5KZzd7/VmiaPUPDf0fV7hnZUYYJqiWaWLxVu8tdtpn92502l5eqZGZCDbuvtshbduT0G0Gylz0xzh0b4s5mQx6SPKJdeGOduG7Yz417JrHO1sj8t8MJ/MNePrjVrx+K8aGHuZ3JXyh65UGP9W9hFdK32bS9Fro9FoeIksK66SE1ENkYJW1tJnJOrdUStK/kDgF8XpSq0OlQpbd66g1FpY6tJiotR271tGqfVEXbY18d2cXd+kmVfmitnQd71Tc2D879n4NpX7ZPafGrMZdgXujIftmU+vruqO6R/qOQ50tZ7cEp/FhazQf+S/0zDkSc6+l7qpC1q+/+jx7Uqn075nEzdSEnfr8Za551JqnpxEbZzMYyQ89bfooL9rQeEPkYdK9TqlCcWTmjhzrAe074/CzPYpK6WBY98Jf1Ki+bHcG2kaiZLeUZiq/kUvzPq+lIBQNjfuCud/A/OVLTfYsx9+zji9cEAWHTGwY+x4BlRLlF91qX/GmsEtZc/gRp1znTwtnYo3/QwKavSjOGdDkDf0s0xTn3Wd3/8BAAAAAAAAAAAAAAAAAABmTRn/nWDabQQAAAAAAAAAAAAAAAAAAAAAYNbF6/+qt/6vRlv/d/gvf1fCFV6OZf3f13ti/V9g8n4FAAD//8nihik=") creat(&(0x7f0000000000)='./file2\x00', 0xd931d3864d39dcdb) prlimit64(0x0, 0xe, 0x0, 0x0) truncate(&(0x7f0000000000)='./file2\x00', 0x881bfd) 591.44862ms ago: executing program 6 (id=1104): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=@base={0xa, 0x7, 0xfff, 0x9, 0x0, 0xffffffffffffffff, 0x7}, 0x50) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x2000}, 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x15, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000080850000008200000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_GET_PROG_INFO(0xa, &(0x7f00000021c0)={r2, 0x0, 0x0}, 0x10) 236.413294ms ago: executing program 2 (id=1105): bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000750000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000e00000095"], 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_BIND_MAP(0xa, &(0x7f0000002b80)={r0}, 0xc) 234.615434ms ago: executing program 6 (id=1106): openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0) name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="14"], &(0x7f0000000000), 0x0) unlinkat(0xffffffffffffff9c, &(0x7f0000000480)='./file1\x00', 0x0) open_by_handle_at(0xffffffffffffff9c, &(0x7f00000000c0)=ANY=[], 0x0) 83.030804ms ago: executing program 0 (id=1107): r0 = add_key$keyring(&(0x7f00000001c0), &(0x7f0000000240)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$chown(0x4, r0, 0xee01, 0xee01) keyctl$setperm(0x5, r0, 0xd012117) keyctl$KEYCTL_MOVE(0x1e, r0, r0, r0, 0x0) 0s ago: executing program 2 (id=1108): sendmsg$tipc(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f00000008c0), 0x10, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x20) r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r0, &(0x7f0000000000), 0x10) sendmsg$can_bcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000005900)={0x5, 0x1, 0x0, {}, {0x0, 0x2710}, {}, 0x2, @can={{}, 0x7, 0x0, 0x0, 0x0, "f01881a1debdfbff"}}, 0x38}, 0x300, 0x0, 0x0, 0x8800}, 0x0) kernel console output (not intermixed with test programs): /misc/uhid/report_descriptor': No such file or directory [ 150.271653][ T5411] netdevsim netdevsim6 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 150.307330][ T7] usb 1-1: USB disconnect, device number 3 [ 150.321560][ T7] snd_usb_pod 1-1:1.1: Line 6 Pocket POD now disconnected [ 150.333014][ T4267] XFS (loop2): Unmounting Filesystem [ 150.395492][ T5411] netdevsim netdevsim6 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 150.498413][ T5411] netdevsim netdevsim6 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 150.593608][ T5411] netdevsim netdevsim6 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 150.640377][ T5457] pimreg: tun_chr_ioctl cmd 2148553947 [ 150.814902][ T5464] device erspan0 entered promiscuous mode [ 151.605925][ T5486] loop6: detected capacity change from 0 to 512 [ 151.665093][ T5486] EXT4-fs: Ignoring removed bh option [ 151.710336][ T5124] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 151.745554][ T5486] EXT4-fs (loop6): mounting ext3 file system using the ext4 subsystem [ 151.815496][ T5486] EXT4-fs (loop6): 1 truncate cleaned up [ 151.830170][ T5486] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none. [ 151.936593][ T5124] usb 1-1: Using ep0 maxpacket: 8 [ 151.943699][ T5124] usb 1-1: config 179 has an invalid interface number: 65 but max is 0 [ 151.980120][ T5124] usb 1-1: config 179 has no interface number 0 [ 151.990372][ T5124] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 152.013509][ T26] audit: type=1800 audit(1775564035.101:8): pid=5486 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.346" name="file1" dev="loop6" ino=15 res=0 errno=0 [ 152.043616][ T5466] loop3: detected capacity change from 0 to 40427 [ 152.076090][ T5124] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 152.142009][ T5466] F2FS-fs (loop3): invalid crc value [ 152.157695][ T5124] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 152.209251][ T5124] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 152.240081][ T5124] usb 1-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 152.259737][ T5466] F2FS-fs (loop3): Found nat_bits in checkpoint [ 152.281230][ T5124] usb 1-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 152.331225][ T5124] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 152.406419][ T5484] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 152.512116][ T4956] EXT4-fs (loop6): unmounting filesystem. [ 152.524405][ T5466] F2FS-fs (loop3): Cannot turn on quotas: -2 on 1 [ 152.580583][ T5466] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 152.786404][ T5466] syz.3.339: attempt to access beyond end of device [ 152.786404][ T5466] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 152.857850][ T4757] input: Generic X-Box pad as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:179.65/input/input7 [ 153.046437][ T5124] usb 1-1: USB disconnect, device number 4 [ 153.046513][ C1] xpad 1-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 153.046559][ C1] xpad 1-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 153.111266][ T5124] xpad 1-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 153.418789][ T5518] loop2: detected capacity change from 0 to 1024 [ 153.667256][ T5519] loop6: detected capacity change from 0 to 4096 [ 154.160340][ T4956] ntfs3: loop6: ntfs_evict_inode r=5 failed, -22. [ 154.166894][ T4956] ntfs3: loop6: Mark volume as dirty due to NTFS errors [ 154.260366][ T4322] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 154.324553][ T5533] loop3: detected capacity change from 0 to 4096 [ 154.346695][ T5538] loop6: detected capacity change from 0 to 512 [ 154.369101][ T5538] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode [ 154.431955][ T5538] EXT4-fs (loop6): 1 truncate cleaned up [ 154.452184][ T4322] usb 3-1: config 220 has too many interfaces: 184, using maximum allowed: 32 [ 154.510374][ T4322] usb 3-1: config 220 has 1 interface, different from the descriptor's value: 184 [ 154.569160][ T5538] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback. [ 154.610307][ T4322] usb 3-1: New USB device found, idVendor=0c45, idProduct=8008, bcdDevice=e1.85 [ 154.619717][ T4322] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 154.713898][ T4322] gspca_main: sn9c2028-2.14.0 probing 0c45:8008 [ 154.804307][ T4266] ntfs3: loop3: ntfs_evict_inode r=5 failed, -22. [ 154.829073][ T4956] EXT4-fs (loop6): unmounting filesystem. [ 154.835266][ T4266] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 154.909746][ T4322] gspca_sn9c2028: read1 error -32 [ 154.916582][ T4322] gspca_sn9c2028: read1 error -32 [ 155.158915][ T7] usb 3-1: USB disconnect, device number 7 [ 155.404797][ T5563] loop0: detected capacity change from 0 to 256 [ 155.434471][ T5563] exfat: Deprecated parameter 'utf8' [ 155.501953][ T5563] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xffade8b4, utbl_chksum : 0xe619d30d) [ 155.553091][ T5567] netlink: 340 bytes leftover after parsing attributes in process `syz.5.368'. [ 156.012117][ T5581] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only [ 156.070478][ T5581] overlayfs: NFS export requires an index dir, falling back to nfs_export=off. [ 156.096864][ T5584] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 156.136603][ T5584] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 156.162568][ T5584] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 156.345572][ T5584] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 156.414469][ T5584] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 156.437183][ T5584] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 157.089287][ T5612] loop5: detected capacity change from 0 to 256 [ 157.116834][ T5612] exfat: Deprecated parameter 'utf8' [ 157.122458][ T5606] relay: one or more items not logged [item size (56) > sub-buffer size (3)] [ 157.289716][ T5612] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0xffade8b4, utbl_chksum : 0xe619d30d) [ 157.591526][ T7] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 157.626652][ T5587] loop6: detected capacity change from 0 to 32768 [ 157.790585][ T7] usb 3-1: Using ep0 maxpacket: 8 [ 157.829780][ T7] usb 3-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 157.874666][ T7] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 157.979662][ T7] pvrusb2: Hardware description: Terratec Grabster AV400 [ 158.015102][ T7] pvrusb2: ********** [ 158.048571][ T7] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 158.079374][ T7] pvrusb2: Important functionality might not be entirely working. [ 158.094703][ T7] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 158.114767][ T7] pvrusb2: ********** [ 158.127783][ T5587] XFS (loop6): Mounting V5 Filesystem [ 158.178184][ T2309] pvrusb2: Invalid write control endpoint [ 158.266411][ T5642] loop0: detected capacity change from 0 to 2048 [ 158.356656][ T5587] XFS (loop6): Ending clean mount [ 158.404936][ T5587] XFS (loop6): Quotacheck needed: Please wait. [ 158.425420][ T4277] usb 3-1: USB disconnect, device number 8 [ 158.481156][ T5642] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 158.494636][ T2309] pvrusb2: Invalid write control endpoint [ 158.503040][ T2309] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 158.543734][ T2309] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 158.584701][ T2309] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 158.589062][ T5587] XFS (loop6): Quotacheck: Done. [ 158.640058][ T2309] pvrusb2: Device being rendered inoperable [ 158.685165][ T2309] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 158.702982][ T2309] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 158.757352][ T2309] pvrusb2: Attached sub-driver cx25840 [ 158.774944][ T2309] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 158.817358][ T2309] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 158.907516][ T4956] XFS (loop6): Unmounting Filesystem [ 159.131277][ T5652] loop0: detected capacity change from 0 to 2048 [ 159.186317][ T5652] UDF-fs: warning (device loop0): udf_fill_super: No partition found (2) [ 159.346706][ T5625] loop5: detected capacity change from 0 to 40427 [ 159.449437][ T5625] F2FS-fs (loop5): invalid crc value [ 159.489356][ T5625] F2FS-fs (loop5): Found nat_bits in checkpoint [ 159.761862][ T5625] F2FS-fs (loop5): Start checkpoint disabled! [ 159.833173][ T5625] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6 [ 160.678439][ T5655] loop2: detected capacity change from 0 to 32768 [ 160.912141][ T5655] XFS (loop2): Mounting V5 Filesystem [ 161.070566][ T5695] loop3: detected capacity change from 0 to 4096 [ 161.080292][ T5655] XFS (loop2): Ending clean mount [ 161.195189][ T5696] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 161.328997][ T5671] loop6: detected capacity change from 0 to 32768 [ 161.481304][ T5671] [ 161.481304][ T5671] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 161.481304][ T5671] [ 161.513302][ T5695] NILFS (loop3): DAT doesn't have a block to manage vblocknr = 648518346341351424 [ 161.566048][ T26] audit: type=1800 audit(1775564044.651:9): pid=5671 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.399" name="file1" dev="loop6" ino=4 res=0 errno=0 [ 161.580457][ T5695] NILFS error (device loop3): nilfs_bmap_truncate: broken bmap (inode number=12) [ 161.612458][ T4267] XFS (loop2): Unmounting Filesystem [ 161.636799][ T5672] loop0: detected capacity change from 0 to 32768 [ 161.649716][ T5690] loop5: detected capacity change from 0 to 32768 [ 161.691833][ T5690] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 scanned by syz.5.406 (5690) [ 161.710259][ T5695] Remounting filesystem read-only [ 161.740054][ T5695] NILFS (loop3): error -5 truncating bmap (ino=12) [ 161.782260][ T5690] BTRFS info (device loop5): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 161.820767][ T5690] BTRFS info (device loop5): using crc32c (crc32c-intel) checksum algorithm [ 161.893554][ T5672] XFS (loop0): DAX unsupported by block device. Turning off DAX. [ 161.930746][ T5690] BTRFS info (device loop5): setting nodatasum [ 161.937257][ T5690] BTRFS info (device loop5): force zlib compression, level 3 [ 161.945852][ T5690] BTRFS info (device loop5): setting incompat feature flag for COMPRESS_LZO (0x8) [ 161.956517][ T5690] BTRFS info (device loop5): use lzo compression, level 0 [ 161.965404][ T5690] BTRFS info (device loop5): turning on flush-on-commit [ 161.973306][ T5690] BTRFS info (device loop5): enabling auto defrag [ 161.979827][ T5690] BTRFS info (device loop5): max_inline at 4096 [ 161.986834][ T5690] BTRFS info (device loop5): using free space tree [ 161.998227][ T5672] XFS (loop0): Mounting V5 Filesystem [ 162.036556][ T4347] [ 162.036556][ T4347] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 162.036556][ T4347] [ 162.079655][ T4347] [ 162.079655][ T4347] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 162.079655][ T4347] [ 162.154688][ T4956] [ 162.154688][ T4956] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 162.154688][ T4956] [ 162.172332][ T5672] XFS (loop0): Ending clean mount [ 162.195479][ T108] [ 162.195479][ T108] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 162.195479][ T108] [ 162.213015][ T4266] NILFS (loop3): disposed unprocessed dirty file(s) when detaching log writer [ 162.263827][ T5672] XFS (loop0): Quotacheck needed: Please wait. [ 162.334114][ T5690] BTRFS info (device loop5): enabling ssd optimizations [ 162.350423][ T4956] [ 162.350423][ T4956] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 162.350423][ T4956] [ 162.466424][ T5672] XFS (loop0): Quotacheck: Done. [ 162.916136][ T4276] XFS (loop0): Unmounting Filesystem [ 162.960957][ T4551] BTRFS info (device loop5): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 162.996846][ T5735] loop2: detected capacity change from 0 to 8192 [ 163.163350][ T5735] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 163.163482][ T5735] REISERFS (device loop2): found reiserfs format "3.5" with non-standard journal [ 163.163673][ T5735] REISERFS (device loop2): using ordered data mode [ 163.163685][ T5735] reiserfs: using flush barriers [ 163.172403][ T5735] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 163.173040][ T5735] REISERFS (device loop2): checking transaction log (loop2) [ 163.269746][ T5735] REISERFS (device loop2): Using r5 hash to sort names [ 163.458191][ T5735] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage. [ 163.774992][ T5750] loop3: detected capacity change from 0 to 128 [ 163.845445][ T5750] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 163.952951][ T5750] hpfs: filesystem error: improperly stopped [ 163.959849][ T5750] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 164.052257][ T5750] hpfs: You really don't want any checks? You are crazy... [ 164.070301][ T5750] hpfs: hpfs_map_sector(): read error [ 164.075821][ T5750] hpfs: code page support is disabled [ 164.143195][ T5750] hpfs: hpfs_map_4sectors(): unaligned read [ 164.149643][ T5750] hpfs: hpfs_map_4sectors(): unaligned read [ 164.196382][ T5750] hpfs: filesystem error: unable to find root dir [ 165.599969][ C1] sched: RT throttling activated [ 165.686740][ T5773] loop0: detected capacity change from 0 to 8192 [ 165.761205][ T5773] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 165.856221][ T5773] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 165.927961][ T5773] REISERFS (device loop0): using ordered data mode [ 165.962858][ T5773] reiserfs: using flush barriers [ 166.068096][ T5773] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 7, max trans age 7 [ 166.156743][ T5773] REISERFS (device loop0): checking transaction log (loop0) [ 166.214528][ T5773] REISERFS (device loop0): Using r5 hash to sort names [ 166.266504][ T5773] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 166.350319][ T5773] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 166.508883][ T5773] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 166.625106][ T5773] REISERFS warning (device loop0): sh-2029: %s: bitmap block (#%u) reading failed reiserfs_read_bitmap_block: reiserfs_read_bitmap_block [ 166.694999][ T5764] loop6: detected capacity change from 0 to 262144 [ 166.715446][ T5764] F2FS-fs (loop6): invalid crc value [ 166.736482][ T5764] F2FS-fs (loop6): Found nat_bits in checkpoint [ 166.793834][ T5773] overlayfs: upper fs needs to support d_type. [ 166.828609][ T5764] F2FS-fs (loop6): Start checkpoint disabled! [ 166.842099][ T5764] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5 [ 166.942886][ T5773] overlayfs: upper fs does not support tmpfile. [ 166.949430][ T5773] REISERFS warning (device loop0): sh-2029: %s: bitmap block (#%u) reading failed reiserfs_read_bitmap_block: reiserfs_read_bitmap_block [ 167.021787][ T5773] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 167.054985][ T5773] REISERFS warning (device loop0): sh-2029: %s: bitmap block (#%u) reading failed reiserfs_read_bitmap_block: reiserfs_read_bitmap_block [ 167.154244][ T5773] REISERFS warning (device loop0): sh-2029: %s: bitmap block (#%u) reading failed reiserfs_read_bitmap_block: reiserfs_read_bitmap_block [ 167.217981][ T5773] REISERFS warning (device loop0): sh-2029: %s: bitmap block (#%u) reading failed reiserfs_read_bitmap_block: reiserfs_read_bitmap_block [ 167.311140][ T5773] overlayfs: failed to set xattr on upper [ 167.356784][ T5773] overlayfs: ...falling back to index=off,metacopy=off. [ 167.509715][ T4276] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 167.564780][ T4276] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 167.911866][ T4276] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 168.445657][ T5812] loop6: detected capacity change from 0 to 8192 [ 168.494320][ T5812] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 168.540497][ T5812] REISERFS (device loop6): found reiserfs format "3.5" with non-standard journal [ 168.630677][ T5812] REISERFS (device loop6): using ordered data mode [ 168.637710][ T5812] reiserfs: using flush barriers [ 168.714461][ T5812] REISERFS (device loop6): journal params: device loop6, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 168.772793][ T5812] REISERFS (device loop6): checking transaction log (loop6) [ 168.823568][ T5812] REISERFS (device loop6): Using r5 hash to sort names [ 168.845139][ T5812] REISERFS (device loop6): Created .reiserfs_priv - reserved for xattr storage. [ 169.054412][ T5803] Can't find ip_set type hash:ip,por [ 169.680150][ T4322] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 169.873345][ T4322] usb 3-1: Using ep0 maxpacket: 16 [ 169.883293][ T4322] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 169.938287][ T4322] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 169.985779][ T4322] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 170.047044][ T4322] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 170.092959][ T4322] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 170.141949][ T4322] usb 3-1: config 0 descriptor?? [ 170.596360][ T4322] microsoft 0003:045E:07DA.0003: No inputs registered, leaving [ 170.645017][ T4322] microsoft 0003:045E:07DA.0003: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0 [ 170.677658][ T4322] microsoft 0003:045E:07DA.0003: no inputs found [ 170.690029][ T4322] microsoft 0003:045E:07DA.0003: could not initialize ff, continuing anyway [ 170.776266][ T5859] overlayfs: upper fs does not support tmpfile. [ 170.823982][ T5841] loop3: detected capacity change from 0 to 32768 [ 170.837281][ T4322] usb 3-1: USB disconnect, device number 9 [ 170.938994][ T5863] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 170.979316][ T5863] device batadv_slave_0 entered promiscuous mode [ 170.999839][ T5841] XFS (loop3): Mounting V5 Filesystem [ 171.048993][ T5863] A link change request failed with some changes committed already. Interface batadv_slave_0 may have been left with an inconsistent configuration, please check. [ 171.135861][ T5841] XFS (loop3): Ending clean mount [ 171.155294][ T5848] loop0: detected capacity change from 0 to 32768 [ 171.242477][ T5861] fido_id[5861]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory [ 171.350908][ T4266] XFS (loop3): Unmounting Filesystem [ 171.368285][ T5848] XFS (loop0): Mounting V5 Filesystem [ 171.556511][ T5848] XFS (loop0): Ending clean mount [ 171.607952][ T5895] raw_sendmsg: syz.6.444 forgot to set AF_INET. Fix it! [ 171.894996][ T4276] XFS (loop0): Unmounting Filesystem [ 172.095843][ T5905] loop6: detected capacity change from 0 to 128 [ 172.235733][ T5905] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none. [ 172.310691][ T5905] ext4 filesystem being mounted at /34/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 172.559250][ T4956] EXT4-fs (loop6): unmounting filesystem. [ 173.012387][ T5926] loop2: detected capacity change from 0 to 512 [ 173.059851][ T5904] loop5: detected capacity change from 0 to 32768 [ 173.628256][ T5924] loop6: detected capacity change from 0 to 32768 [ 173.707006][ T5937] program syz.3.458 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 174.290129][ T7] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 174.490241][ T7] usb 4-1: Using ep0 maxpacket: 16 [ 174.503079][ T7] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 174.529330][ T7] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 174.555811][ T7] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 174.578457][ T7] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 174.638184][ T7] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 174.674905][ T7] usb 4-1: config 0 descriptor?? [ 174.717673][ T5953] loop2: detected capacity change from 0 to 256 [ 174.948391][ T5957] loop5: detected capacity change from 0 to 128 [ 175.017091][ T5957] VFS: Found a Xenix FS (block size = 512) on device loop5 [ 175.106215][ T7] microsoft 0003:045E:07DA.0004: unknown main item tag 0x0 [ 175.142566][ T7] microsoft 0003:045E:07DA.0004: ignoring exceeding usage max [ 175.207753][ T7] input: HID 045e:07da as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:045E:07DA.0004/input/input8 [ 175.287580][ T4551] sysv_free_block: trying to free block not in datazone [ 175.317811][ T4551] sysv_free_inode: inode 0,1,2 or nonexistent inode [ 175.369707][ T7] microsoft 0003:045E:07DA.0004: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.3-1/input0 [ 175.472209][ T7] usb 4-1: USB disconnect, device number 4 [ 175.563219][ T5962] loop6: detected capacity change from 0 to 8192 [ 175.977427][ T5976] fido_id[5976]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory [ 176.480944][ T5991] netlink: 12 bytes leftover after parsing attributes in process `syz.2.473'. [ 176.630919][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 176.738887][ T5996] loop3: detected capacity change from 0 to 1024 [ 176.808857][ T6000] program syz.6.479 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 176.991378][ T6005] netlink: 8 bytes leftover after parsing attributes in process `syz.2.480'. [ 177.047893][ T6005] netlink: 'syz.2.480': attribute type 21 has an invalid length. [ 177.075226][ T5973] loop0: detected capacity change from 0 to 40427 [ 177.130195][ T5973] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 177.139444][ T5973] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 177.210983][ T5973] F2FS-fs (loop0): invalid crc_offset: 33558524 [ 177.275552][ T5973] F2FS-fs (loop0): Found nat_bits in checkpoint [ 177.413207][ T6016] loop2: detected capacity change from 0 to 2048 [ 177.430278][ T14] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 177.501771][ T6021] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 177.588290][ T26] audit: type=1800 audit(1775564060.671:10): pid=6016 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.484" name="file1" dev="loop2" ino=15 res=0 errno=0 [ 177.613667][ T5973] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 177.630068][ T14] usb 7-1: Using ep0 maxpacket: 16 [ 177.637391][ T14] usb 7-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 177.641143][ T5973] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 177.708746][ T14] usb 7-1: config 0 interface 0 has no altsetting 0 [ 177.746399][ T14] usb 7-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00 [ 177.796262][ T14] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 177.851647][ T14] usb 7-1: config 0 descriptor?? [ 177.866137][ T5973] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 177.880471][ T5973] F2FS-fs (loop0): Should run fsck to repair first. [ 178.274158][ T14] nzxt-smart2 0003:1E71:2009.0005: hidraw0: USB HID v0.05 Device [HID 1e71:2009] on usb-dummy_hcd.6-1/input0 [ 178.328503][ T6035] lo speed is unknown, defaulting to 1000 [ 178.371568][ T6035] lo speed is unknown, defaulting to 1000 [ 178.392615][ T6035] lo speed is unknown, defaulting to 1000 [ 178.436011][ T6035] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 178.500371][ T6040] netlink: 16 bytes leftover after parsing attributes in process `syz.5.491'. [ 178.582361][ T6035] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 178.698220][ T14] usb 7-1: USB disconnect, device number 3 [ 178.896177][ T6035] lo speed is unknown, defaulting to 1000 [ 178.935463][ T6035] lo speed is unknown, defaulting to 1000 [ 178.951032][ T6041] fido_id[6041]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.6/usb7/report_descriptor': No such file or directory [ 178.990926][ T6035] lo speed is unknown, defaulting to 1000 [ 179.015666][ T6035] lo speed is unknown, defaulting to 1000 [ 179.043255][ T6035] lo speed is unknown, defaulting to 1000 [ 179.140258][ T22] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 179.340117][ T22] usb 6-1: Using ep0 maxpacket: 16 [ 179.357067][ T22] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 179.453284][ T22] usb 6-1: New USB device found, idVendor=041e, idProduct=3100, bcdDevice= 0.00 [ 179.487453][ T22] usb 6-1: New USB device strings: Mfr=34, Product=0, SerialNumber=0 [ 179.530059][ T22] usb 6-1: Manufacturer: syz [ 179.560791][ T22] usb 6-1: config 0 descriptor?? [ 179.889441][ T6069] loop0: detected capacity change from 0 to 256 [ 179.985114][ T22] input: syz as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:041E:3100.0006/input/input9 [ 180.125966][ T22] creative-sb0540 0003:041E:3100.0006: input,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.5-1/input0 [ 180.232457][ T6075] loop6: detected capacity change from 0 to 2048 [ 180.271731][ T6075] UDF-fs: error (device loop6): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 180.355943][ T6075] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 180.431549][ T4759] usb 6-1: USB disconnect, device number 5 [ 180.543667][ T6082] batman_adv: batadv0: Adding interface: gretap1 [ 180.602332][ T6082] batman_adv: batadv0: The MTU of interface gretap1 is too small (1462) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 180.705593][ T6077] fido_id[6077]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory [ 180.753679][ T6082] batman_adv: batadv0: Interface activated: gretap1 [ 180.828255][ T6086] loop3: detected capacity change from 0 to 1024 [ 180.940445][ T6086] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 181.295640][ T6097] program syz.6.510 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 181.661167][ T6109] loop4: detected capacity change from 0 to 7 [ 181.694218][ T6109] Dev loop4: unable to read RDB block 7 [ 181.694284][ T6109] loop4: unable to read partition table [ 181.694477][ T6109] loop4: partition table beyond EOD, truncated [ 181.694519][ T6109] loop_reread_partitions: partition scan of loop4 (úùƒå¡™‰ü¾SêjºÐ œëÜ%õ«`ÉæÖ€ù…ˆŠ5) failed (rc=-5) [ 181.732849][ T6109] Dev loop4: unable to read RDB block 7 [ 181.732889][ T6109] loop4: unable to read partition table [ 181.733084][ T6109] loop4: partition table beyond EOD, truncated [ 181.766272][ T6112] netlink: 268 bytes leftover after parsing attributes in process `syz.2.515'. [ 182.248893][ T6129] dmxdev: DVB (dvb_dmxdev_filter_start): could not set feed [ 182.291786][ T6129] dvb_demux: dvb_demux_feed_del: feed not in list (type=1 state=0 pid=ffff) [ 182.481874][ T6134] loop2: detected capacity change from 0 to 8 [ 182.731777][ T6137] mkiss: ax0: crc mode is auto. [ 183.931937][ T6178] loop3: detected capacity change from 0 to 512 [ 184.043514][ T6178] FAT-fs (loop3): error, clusters badly computed (0 != 1) [ 184.091505][ T6178] FAT-fs (loop3): Filesystem has been set read-only [ 184.105289][ T6186] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2 [ 184.147410][ T6188] FAT-fs (loop3): error, fat_bmap_cluster: request beyond EOF (i_pos 51) [ 184.192360][ T6190] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2 [ 184.203999][ T6190] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2 [ 184.214145][ T6190] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2 [ 184.222306][ T6190] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2 [ 184.234345][ T6190] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2 [ 184.242866][ T6190] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2 [ 184.250307][ T6190] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2 [ 184.259797][ T6190] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2 [ 184.270060][ T6190] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2 [ 184.808899][ T6206] loop5: detected capacity change from 0 to 256 [ 184.902391][ T6206] FAT-fs (loop5): Directory bread(block 64) failed [ 184.941141][ T6206] FAT-fs (loop5): Directory bread(block 65) failed [ 184.982378][ T6206] FAT-fs (loop5): Directory bread(block 66) failed [ 184.989462][ T6206] FAT-fs (loop5): Directory bread(block 67) failed [ 185.036784][ T6206] FAT-fs (loop5): Directory bread(block 68) failed [ 185.054961][ T6206] FAT-fs (loop5): Directory bread(block 69) failed [ 185.077252][ T6206] FAT-fs (loop5): Directory bread(block 70) failed [ 185.099621][ T6206] FAT-fs (loop5): Directory bread(block 71) failed [ 185.118264][ T6206] FAT-fs (loop5): Directory bread(block 72) failed [ 185.136985][ T6206] FAT-fs (loop5): Directory bread(block 73) failed [ 185.395176][ T6212] netlink: 'syz.3.548': attribute type 11 has an invalid length. [ 185.420552][ T6212] netlink: 36 bytes leftover after parsing attributes in process `syz.3.548'. [ 186.150139][ T22] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 186.380160][ T22] usb 4-1: Using ep0 maxpacket: 16 [ 186.388354][ T22] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 186.412488][ T22] usb 4-1: config 0 has no interface number 0 [ 186.419630][ T22] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 186.460925][ T22] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 186.481355][ T22] usb 4-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00 [ 186.545218][ T22] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 186.577475][ T22] usb 4-1: config 0 descriptor?? [ 186.619682][ T6254] loop2: detected capacity change from 0 to 512 [ 186.757119][ T6254] EXT4-fs error (device loop2): ext4_orphan_get:1399: inode #15: comm syz.2.566: inode has both inline data and extents flags [ 186.784804][ T6254] EXT4-fs error (device loop2): ext4_orphan_get:1404: comm syz.2.566: couldn't read orphan inode 15 (err -117) [ 186.849876][ T6254] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 186.934423][ T6254] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2800: Unable to expand inode 2. Delete some EAs or run e2fsck. [ 187.112608][ T4267] EXT4-fs (loop2): unmounting filesystem. [ 187.236358][ T22] uclogic 0003:28BD:0071.0007: pen parameters not found [ 187.255670][ T22] uclogic 0003:28BD:0071.0007: interface is invalid, ignoring [ 187.294002][ T22] usb 4-1: USB disconnect, device number 5 [ 187.852646][ T6283] netlink: 104 bytes leftover after parsing attributes in process `syz.2.576'. [ 187.861612][ T4323] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 187.910398][ T6285] lo speed is unknown, defaulting to 1000 [ 187.938698][ T6263] loop5: detected capacity change from 0 to 32768 [ 187.971870][ T6285] lo speed is unknown, defaulting to 1000 [ 187.978390][ T6285] lo speed is unknown, defaulting to 1000 [ 188.050158][ T4323] usb 1-1: Using ep0 maxpacket: 16 [ 188.058247][ T4323] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 188.074870][ T6285] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 188.134651][ T4323] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 188.165067][ T6263] XFS (loop5): Mounting V5 Filesystem [ 188.204001][ T4323] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 188.258248][ T6285] lo speed is unknown, defaulting to 1000 [ 188.264943][ T4323] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 188.304853][ T6285] lo speed is unknown, defaulting to 1000 [ 188.330648][ T4323] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 188.349625][ T6285] lo speed is unknown, defaulting to 1000 [ 188.362083][ T6263] XFS (loop5): Ending clean mount [ 188.376623][ T4323] usb 1-1: config 0 descriptor?? [ 188.385793][ T6285] lo speed is unknown, defaulting to 1000 [ 188.411014][ T6263] XFS (loop5): Quotacheck needed: Please wait. [ 188.459140][ T6285] lo speed is unknown, defaulting to 1000 [ 188.566350][ T6263] XFS (loop5): Quotacheck: Done. [ 188.820514][ T4323] microsoft 0003:045E:07DA.0008: unknown main item tag 0x0 [ 188.827927][ T4323] microsoft 0003:045E:07DA.0008: ignoring exceeding usage max [ 188.886119][ T4551] XFS (loop5): Unmounting Filesystem [ 188.917434][ T4323] input: HID 045e:07da as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:045E:07DA.0008/input/input10 [ 189.049062][ T4323] microsoft 0003:045E:07DA.0008: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.0-1/input0 [ 189.090430][ T4323] usb 1-1: USB disconnect, device number 5 [ 189.321191][ T4322] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 189.360271][ T4321] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 189.462695][ T6324] fido_id[6324]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 189.520175][ T4322] usb 3-1: Using ep0 maxpacket: 32 [ 189.533092][ T4322] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 189.565228][ T4322] usb 3-1: config 0 has no interface number 0 [ 189.583202][ T4321] usb 7-1: Using ep0 maxpacket: 8 [ 189.597698][ T4321] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 189.614753][ T4322] usb 3-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=93.d8 [ 189.640155][ T4322] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 189.648515][ T4321] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 189.679464][ T4322] usb 3-1: Product: syz [ 189.688397][ T4321] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 189.709902][ T4322] usb 3-1: Manufacturer: syz [ 189.714949][ T4322] usb 3-1: SerialNumber: syz [ 189.736539][ T4322] usb 3-1: config 0 descriptor?? [ 189.741753][ T4321] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 189.758887][ T4322] usb 3-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state [ 189.791087][ T4321] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 189.805999][ T4322] usb 3-1: selecting invalid altsetting 1 [ 189.812164][ T4322] usb 3-1: dvb_usb_ce6230: usb_set_interface() failed=-22 [ 189.830591][ T4321] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 189.862690][ T4322] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 189.910653][ T4322] dvbdev: DVB: registering new adapter (Intel CE9500 reference design) [ 189.941605][ T4322] usb 3-1: media controller created [ 190.046428][ T4322] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 190.089916][ T4321] usb 7-1: GET_CAPABILITIES returned 0 [ 190.095968][ T4321] usbtmc 7-1:16.0: can't read capabilities [ 190.228156][ T4322] usb 3-1: dvb_usb_ce6230: usb_control_msg() failed=-71 [ 190.255992][ T4322] zl10353_read_register: readreg error (reg=127, ret==-71) [ 190.281112][ T4322] usb 3-1: dvb_usb_ce6230: usb_set_interface() failed=-71 [ 190.307105][ T6341] loop3: detected capacity change from 0 to 2048 [ 190.333445][ T4323] usb 7-1: USB disconnect, device number 4 [ 190.369086][ T6341] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 190.448353][ T4322] usb 3-1: USB disconnect, device number 10 [ 190.459851][ T6341] overlayfs: upper fs needs to support d_type. [ 190.516404][ T6341] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 190.586135][ T6341] overlayfs: failed to set xattr on upper [ 190.624102][ T6341] overlayfs: ...falling back to index=off,metacopy=off. [ 190.846664][ T6356] loop0: detected capacity change from 0 to 128 [ 190.889997][ T4266] UDF-fs: error (device loop3): udf_read_inode: (ino 1317) failed !bh [ 190.931284][ T4266] UDF-fs: error (device loop3): udf_read_inode: (ino 1317) failed !bh [ 190.942468][ T6356] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 190.994981][ T6356] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 191.172149][ T6360] overlayfs: failed to create directory ./bus/work (errno: 28); mounting read-only [ 191.246550][ T6365] loop2: detected capacity change from 0 to 1024 [ 191.674825][ T9] hfsplus: b-tree write err: -5, ino 25 [ 191.709231][ T9] hfsplus: b-tree write err: -5, ino 4 [ 191.731420][ T9] hfsplus: b-tree write err: -5, ino 2 [ 191.806540][ T6377] loop0: detected capacity change from 0 to 1024 [ 191.866494][ T6377] EXT4-fs: Ignoring removed orlov option [ 191.998481][ T6377] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 192.277282][ T41] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 192.302340][ T4276] EXT4-fs (loop0): unmounting filesystem. [ 192.567338][ T41] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 192.785696][ T41] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 193.005495][ T41] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 193.149638][ T6415] loop6: detected capacity change from 0 to 4096 [ 193.279763][ T6417] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 193.478708][ T6423] loop2: detected capacity change from 0 to 512 [ 193.515366][ T4273] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 193.530520][ T4273] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 193.560755][ T4273] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 193.570988][ T6423] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256 [ 193.582435][ T4273] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 193.591620][ T4273] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 193.598943][ T4273] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 194.106186][ T6424] lo speed is unknown, defaulting to 1000 [ 194.553478][ T1267] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.560114][ T1267] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.153341][ T6424] chnl_net:caif_netlink_parms(): no params data found [ 195.671183][ T4285] Bluetooth: hci0: command 0x0409 tx timeout [ 195.690324][ T7] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 195.840133][ T14] usb 1-1: new full-speed USB device number 6 using dummy_hcd [ 195.910413][ T7] usb 6-1: config 0 has an invalid interface number: 255 but max is 0 [ 195.919071][ T7] usb 6-1: config 0 has no interface number 0 [ 195.935877][ T7] usb 6-1: too many endpoints for config 0 interface 255 altsetting 255: 255, using maximum allowed: 30 [ 195.935916][ T6467] loop6: detected capacity change from 0 to 32768 [ 195.954756][ T7] usb 6-1: config 0 interface 255 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255 [ 195.976480][ T7] usb 6-1: config 0 interface 255 has no altsetting 0 [ 195.994585][ T7] usb 6-1: New USB device found, idVendor=0bda, idProduct=0177, bcdDevice=7d.0b [ 196.014870][ T6467] (syz.6.635,6467,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 196.032185][ T6467] (syz.6.635,6467,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 196.048759][ T14] usb 1-1: config 246 has an invalid interface number: 166 but max is 0 [ 196.070528][ T7] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 196.079909][ T14] usb 1-1: config 246 has an invalid descriptor of length 0, skipping remainder of the config [ 196.134779][ T6467] JBD2: Ignoring recovery information on journal [ 196.159072][ T7] usb 6-1: config 0 descriptor?? [ 196.181573][ T14] usb 1-1: config 246 has no interface number 0 [ 196.209178][ T7] ums-realtek 6-1:0.255: USB Mass Storage device detected [ 196.220097][ T14] usb 1-1: config 246 interface 166 altsetting 118 endpoint 0xB has invalid wMaxPacketSize 0 [ 196.221322][ T6467] ocfs2: Mounting device (7,6) on (node local, slot 0) with ordered data mode. [ 196.264775][ T14] usb 1-1: config 246 interface 166 altsetting 118 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 196.334739][ T14] usb 1-1: config 246 interface 166 has no altsetting 0 [ 196.400964][ T14] usb 1-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice= 9.63 [ 196.434313][ T14] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 196.437500][ T4277] usb 6-1: USB disconnect, device number 6 [ 196.481736][ T14] usb 1-1: Product: syz [ 196.485998][ T14] usb 1-1: Manufacturer: syz [ 196.517777][ T14] usb 1-1: SerialNumber: syz [ 196.579863][ T6424] bridge0: port 1(bridge_slave_0) entered blocking state [ 196.602317][ T6424] bridge0: port 1(bridge_slave_0) entered disabled state [ 196.619260][ T6424] device bridge_slave_0 entered promiscuous mode [ 196.701298][ T6424] bridge0: port 2(bridge_slave_1) entered blocking state [ 196.724945][ T6424] bridge0: port 2(bridge_slave_1) entered disabled state [ 196.735842][ T6424] device bridge_slave_1 entered promiscuous mode [ 196.827070][ T6495] loop2: detected capacity change from 0 to 256 [ 196.835069][ T6495] exfat: Deprecated parameter 'namecase' [ 196.848349][ T4956] ocfs2: Unmounting device (7,6) on (node local) [ 196.884270][ T6495] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d) [ 197.154309][ T14] usb 1-1: Limiting number of CPorts to U8_MAX [ 197.188854][ T14] usb 1-1: Not enough endpoints found in device, aborting! [ 197.276495][ T6424] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 197.479070][ T41] device hsr_slave_0 left promiscuous mode [ 197.488829][ T126] usb 1-1: USB disconnect, device number 6 [ 197.542971][ T41] device hsr_slave_1 left promiscuous mode [ 197.554495][ T41] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 197.614232][ T41] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 197.676071][ T41] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 197.700128][ T41] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 197.709443][ T41] device bridge_slave_1 left promiscuous mode [ 197.728321][ T41] bridge0: port 2(bridge_slave_1) entered disabled state [ 197.750415][ T4273] Bluetooth: hci0: command 0x041b tx timeout [ 197.762498][ T41] device bridge_slave_0 left promiscuous mode [ 197.809276][ T41] bridge0: port 1(bridge_slave_0) entered disabled state [ 197.908261][ T41] device veth1_macvtap left promiscuous mode [ 197.920848][ T41] device veth0_macvtap left promiscuous mode [ 197.932869][ T41] device veth1_vlan left promiscuous mode [ 197.943947][ T41] device veth0_vlan left promiscuous mode [ 198.374694][ T6513] loop6: detected capacity change from 0 to 32768 [ 198.403237][ T6513] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop6 scanned by syz.6.640 (6513) [ 198.485000][ T6513] BTRFS info (device loop6): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 198.514796][ T6513] BTRFS info (device loop6): using sha256 (sha256-avx2) checksum algorithm [ 198.527162][ T6513] BTRFS info (device loop6): using free space tree [ 198.781110][ T6513] BTRFS info (device loop6): enabling ssd optimizations [ 198.990785][ T4956] BTRFS info (device loop6): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 199.262859][ T6543] loop2: detected capacity change from 0 to 32768 [ 199.420503][ T4588] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 10 /dev/loop6 scanned by udevd (4588) [ 199.482675][ T6543] XFS (loop2): Mounting V5 Filesystem [ 199.626667][ T6543] XFS (loop2): Starting recovery (logdev: internal) [ 199.702967][ T6543] XFS (loop2): Ending recovery (logdev: internal) [ 199.830290][ T4273] Bluetooth: hci0: command 0x040f tx timeout [ 199.968270][ T4267] XFS (loop2): Unmounting Filesystem [ 200.065229][ T6569] loop6: detected capacity change from 0 to 256 [ 200.183428][ T6569] exFAT-fs (loop6): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 200.796607][ T41] team0 (unregistering): Port device team_slave_1 removed [ 201.144118][ T41] team0 (unregistering): Port device team_slave_0 removed [ 201.234548][ T41] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 201.304932][ T41] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 201.874908][ T41] bond0 (unregistering): Released all slaves [ 201.914236][ T4285] Bluetooth: hci0: command 0x0419 tx timeout [ 202.005891][ T6584] loop6: detected capacity change from 0 to 16 [ 202.024636][ T6584] MTD: Attempt to mount non-MTD device "/dev/loop6" [ 202.072530][ T6584] cramfs: empty filesystem [ 202.127414][ T6424] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 202.179203][ T6532] device gretap0 entered promiscuous mode [ 202.201248][ T6532] device gretap0 left promiscuous mode [ 202.246615][ T6424] team0: Port device team_slave_0 added [ 202.287819][ T6424] team0: Port device team_slave_1 added [ 202.413028][ T6424] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 202.437558][ T6424] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 202.500047][ T6424] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 202.524345][ T6424] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 202.586308][ T6424] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 202.703055][ T6424] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 202.729808][ T6595] netlink: 8 bytes leftover after parsing attributes in process `syz.6.663'. [ 202.744874][ T6597] netlink: 36 bytes leftover after parsing attributes in process `syz.5.664'. [ 202.780875][ T6595] netlink: 28 bytes leftover after parsing attributes in process `syz.6.663'. [ 203.021461][ T6424] device hsr_slave_0 entered promiscuous mode [ 203.064721][ T6424] device hsr_slave_1 entered promiscuous mode [ 203.088657][ T6424] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 203.137699][ T6424] Cannot create hsr debugfs directory [ 203.386515][ T6586] loop2: detected capacity change from 0 to 32768 [ 203.448842][ T6607] loop6: detected capacity change from 0 to 4096 [ 203.495861][ T6586] ERROR: (device loop2): dtReadFirst: stbl[0] out of bound [ 203.495861][ T6586] [ 203.533845][ T6609] loop0: detected capacity change from 0 to 4096 [ 203.613541][ T6613] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 203.626601][ T6586] ERROR: (device loop2): remounting filesystem as read-only [ 203.750216][ T6614] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 203.829086][ T6609] syz.0.667: attempt to access beyond end of device [ 203.829086][ T6609] loop0: rw=0, sector=781374535348781056, nr_sectors = 2 limit=4096 [ 203.950326][ T6609] syz.0.667: attempt to access beyond end of device [ 203.950326][ T6609] loop0: rw=0, sector=12028111102284383530, nr_sectors = 2 limit=4096 [ 204.029730][ T6609] NILFS (loop0): nilfs_ioctl_move_inode_block: invalid virtual block address (data): ino=6537792126923791912, cno=1244419967719, offset=0, blocknr=0, vblocknr=0 [ 204.084160][ T6424] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 204.114068][ T6609] NILFS (loop0): error -2 preparing GC: cannot read source blocks [ 204.137482][ T6424] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 204.150988][ T6621] loop5: detected capacity change from 0 to 1024 [ 204.226844][ T6424] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 204.267122][ T6621] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 204.320615][ T6424] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 204.442341][ T6621] EXT4-fs error (device loop5): ext4_get_first_dir_block:3605: inode #11: comm syz.5.670: directory missing '..' [ 204.722974][ T4551] EXT4-fs (loop5): unmounting filesystem. [ 204.881590][ T6424] 8021q: adding VLAN 0 to HW filter on device bond0 [ 204.943142][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 204.988200][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 205.029743][ T6424] 8021q: adding VLAN 0 to HW filter on device team0 [ 205.102623][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 205.120628][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 205.148915][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 205.157045][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 205.195926][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 205.223394][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 205.252885][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 205.260554][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 205.320053][ T4277] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 205.347962][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 205.359429][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 205.395674][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 205.415885][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 205.475899][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 205.500890][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 205.525102][ T6651] xt_hashlimit: Unknown mode mask 883EBBD7, kernel too old? [ 205.535127][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 205.540196][ T4277] usb 3-1: Using ep0 maxpacket: 8 [ 205.553477][ T4277] usb 3-1: config index 0 descriptor too short (expected 301, got 45) [ 205.563200][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 205.572506][ T4277] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 205.601045][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 205.609764][ T4277] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 205.631213][ T4277] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 205.641921][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 205.652408][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 205.687622][ T4277] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 205.693106][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 205.711581][ T4277] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 205.721202][ T4277] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 205.751476][ T6424] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 205.948781][ T4277] usb 3-1: GET_CAPABILITIES returned 0 [ 205.954751][ T4277] usbtmc 3-1:16.0: can't read capabilities [ 206.182343][ T4277] usb 3-1: USB disconnect, device number 11 [ 206.486500][ T126] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 206.593622][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 206.602086][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 206.627887][ T6424] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 206.682218][ T126] usb 6-1: Using ep0 maxpacket: 32 [ 206.689661][ T126] usb 6-1: config 0 has an invalid interface number: 1 but max is 0 [ 206.728394][ T126] usb 6-1: config 0 has no interface number 0 [ 206.758655][ T126] usb 6-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=93.d8 [ 206.810180][ T126] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 206.830103][ T126] usb 6-1: Product: syz [ 206.834360][ T126] usb 6-1: Manufacturer: syz [ 206.859420][ T126] usb 6-1: SerialNumber: syz [ 206.892524][ T126] usb 6-1: config 0 descriptor?? [ 206.934883][ T126] usb 6-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state [ 206.964785][ T126] usb 6-1: selecting invalid altsetting 1 [ 206.985047][ T126] usb 6-1: dvb_usb_ce6230: usb_set_interface() failed=-22 [ 207.016634][ T126] usb 6-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 207.062479][ T126] dvbdev: DVB: registering new adapter (Intel CE9500 reference design) [ 207.100169][ T126] usb 6-1: media controller created [ 207.178616][ T126] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 207.330896][ T6668] loop6: detected capacity change from 0 to 32768 [ 207.381909][ T126] usb 6-1: dvb_usb_ce6230: usb_control_msg() failed=-71 [ 207.389097][ T126] zl10353_read_register: readreg error (reg=127, ret==-71) [ 207.417436][ T6668] ocfs2: Slot 0 on device (7,6) was already allocated to this node! [ 207.431970][ T126] usb 6-1: dvb_usb_ce6230: usb_set_interface() failed=-71 [ 207.442012][ T6668] JBD2: Ignoring recovery information on journal [ 207.471076][ T126] usb 6-1: USB disconnect, device number 7 [ 207.572260][ T6668] ocfs2: Mounting device (7,6) on (node local, slot 0) with ordered data mode. [ 207.784065][ T4956] ocfs2: Unmounting device (7,6) on (node local) [ 208.163327][ T6708] loop0: detected capacity change from 0 to 256 [ 208.263800][ T6708] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x23633d53, utbl_chksum : 0xe619d30d) [ 208.271129][ T4328] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 208.313746][ T4328] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 208.403361][ T4297] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 208.441097][ T4297] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 208.451551][ T6424] device veth0_vlan entered promiscuous mode [ 208.523595][ T4297] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 208.549572][ T4297] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 208.587738][ T6424] device veth1_vlan entered promiscuous mode [ 208.723233][ T4328] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 208.757431][ T4328] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 208.821030][ T4328] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 208.870730][ T4328] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 208.895875][ T6424] device veth0_macvtap entered promiscuous mode [ 208.937606][ T6424] device veth1_macvtap entered promiscuous mode [ 209.010944][ T6424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 209.066667][ T6424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 209.107816][ T6424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 209.149262][ T6424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 209.179897][ T6424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 209.220647][ T6424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 209.249574][ T6723] ipt_CLUSTERIP: Please specify destination IP [ 209.277881][ T6424] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 209.307334][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 209.324541][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 209.359144][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 209.396032][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 209.454097][ T6424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 209.488649][ T6424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 209.529263][ T6424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 209.567658][ T6712] loop6: detected capacity change from 0 to 32768 [ 209.579055][ T6424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 209.616884][ T6424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 209.655521][ T6712] BTRFS info (device loop6): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 209.666129][ T6424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 209.682817][ T6712] BTRFS info (device loop6): using sha256 (sha256-avx2) checksum algorithm [ 209.700211][ T6424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 209.726090][ T6424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 209.732383][ T6712] BTRFS info (device loop6): using free space tree [ 209.759771][ T6424] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 209.795977][ T4328] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 209.810933][ T4328] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 209.833734][ T6424] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 209.844400][ T14] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 209.881935][ T6424] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 209.986007][ T6424] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 210.050889][ T14] usb 1-1: too many configurations: 9, using maximum allowed: 8 [ 210.085885][ T6712] BTRFS info (device loop6): enabling ssd optimizations [ 210.091575][ T14] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 210.110245][ T6424] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 210.119362][ T14] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 210.141970][ T14] usb 1-1: config 0 interface 0 has no altsetting 0 [ 210.161364][ T14] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 210.170877][ T14] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 210.183377][ T14] usb 1-1: config 0 interface 0 has no altsetting 0 [ 210.200974][ T14] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 210.211744][ T14] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 210.232699][ T14] usb 1-1: config 0 interface 0 has no altsetting 0 [ 210.271515][ T14] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 210.286336][ T14] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 210.319551][ T14] usb 1-1: config 0 interface 0 has no altsetting 0 [ 210.389878][ T6731] loop5: detected capacity change from 0 to 32768 [ 210.409913][ T14] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 210.454435][ T14] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 210.480626][ T6731] BTRFS warning: duplicate device /dev/loop5 devid 1 generation 8 scanned by syz.5.698 (6731) [ 210.529409][ T14] usb 1-1: config 0 interface 0 has no altsetting 0 [ 210.550839][ T4956] BTRFS info (device loop6): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 210.581046][ T14] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 210.606251][ T14] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 210.619530][ T14] usb 1-1: config 0 interface 0 has no altsetting 0 [ 210.663837][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 210.697008][ T14] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 210.716631][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 210.739821][ T14] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 210.766871][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 210.788402][ T14] usb 1-1: config 0 interface 0 has no altsetting 0 [ 210.845897][ T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 210.882600][ T14] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 210.899638][ T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 210.909879][ T14] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 210.949254][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 210.966907][ T4396] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop5 scanned by udevd (4396) [ 211.003383][ T14] usb 1-1: config 0 interface 0 has no altsetting 0 [ 211.065830][ T14] usb 1-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 211.092520][ T14] usb 1-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 211.127624][ T14] usb 1-1: Product: syz [ 211.143473][ T14] usb 1-1: Manufacturer: syz [ 211.148168][ T14] usb 1-1: SerialNumber: syz [ 211.184650][ T14] usb 1-1: config 0 descriptor?? [ 211.328211][ T14] yurex 1-1:0.0: USB YUREX device now attached to Yurex #0 [ 211.572719][ T4761] usb 1-1: USB disconnect, device number 7 [ 211.631670][ T4761] yurex 1-1:0.0: USB YUREX #0 now disconnected [ 211.990008][ T4273] Bluetooth: hci1: command 0x0406 tx timeout [ 212.000208][ T4285] Bluetooth: hci3: command 0x0406 tx timeout [ 212.030055][ T4756] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 212.248432][ T4756] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 212.298920][ T4756] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 212.357483][ T4756] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 212.407113][ T4756] usb 8-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.de [ 212.444903][ T4756] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 212.454009][ T6791] netlink: 92 bytes leftover after parsing attributes in process `syz.6.708'. [ 212.499626][ T6791] netlink: 24 bytes leftover after parsing attributes in process `syz.6.708'. [ 212.509499][ T4756] usb 8-1: config 0 descriptor?? [ 212.754635][ T4756] ath6kl: Failed to submit usb control message: -71 [ 212.765866][ T4756] ath6kl: unable to send the bmi data to the device: -71 [ 212.813930][ T6798] netlink: 4 bytes leftover after parsing attributes in process `syz.0.709'. [ 212.820122][ T4756] ath6kl: Unable to send get target info: -71 [ 212.875929][ T4756] ath6kl: Failed to init ath6kl core: -71 [ 213.010828][ T4756] ath6kl_usb: probe of 8-1:0.0 failed with error -71 [ 213.030692][ T4756] usb 8-1: USB disconnect, device number 2 [ 213.112130][ T4325] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 213.310303][ T4325] usb 6-1: Using ep0 maxpacket: 16 [ 213.319413][ T4325] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 213.332354][ T6810] loop0: detected capacity change from 0 to 512 [ 213.348788][ T4325] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 213.420572][ T4325] usb 6-1: New USB device found, idVendor=1b1c, idProduct=1b02, bcdDevice= 0.00 [ 213.429783][ T4325] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 213.518630][ T4325] usb 6-1: config 0 descriptor?? [ 213.954931][ T4325] corsair 0003:1B1C:1B02.0009: unknown main item tag 0x0 [ 213.982945][ T4325] corsair 0003:1B1C:1B02.0009: unknown main item tag 0x0 [ 214.020522][ T4325] corsair 0003:1B1C:1B02.0009: unknown main item tag 0x0 [ 214.041408][ T4325] corsair 0003:1B1C:1B02.0009: unknown main item tag 0x0 [ 214.067466][ T4325] corsair 0003:1B1C:1B02.0009: unknown main item tag 0x0 [ 214.098049][ T4325] corsair 0003:1B1C:1B02.0009: hidraw0: USB HID v0.00 Device [HID 1b1c:1b02] on usb-dummy_hcd.5-1/input0 [ 214.363890][ T4325] usb 6-1: USB disconnect, device number 8 [ 214.466971][ T6833] fido_id[6833]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory [ 215.178371][ T6851] loop0: detected capacity change from 0 to 512 [ 215.220613][ T6851] EXT4-fs: Ignoring removed orlov option [ 215.240136][ T6851] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 215.367477][ T6851] EXT4-fs (loop0): 1 orphan inode deleted [ 215.397449][ T6851] EXT4-fs (loop0): 1 truncate cleaned up [ 215.409838][ T6851] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 215.489715][ T6851] EXT4-fs error (device loop0): ext4_check_all_de:666: inode #12: block 7: comm syz.0.723: bad entry in directory: rec_len is too small for name_len - offset=0, inode=13, rec_len=16, size=124 fake=0 [ 215.559722][ T6865] loop6: detected capacity change from 0 to 2048 [ 215.585856][ T6865] NILFS (loop6): broken superblock, retrying with spare superblock (blocksize = 1024) [ 215.710909][ T6871] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 215.728172][ T6867] EXT4-fs error (device loop0): ext4_check_all_de:666: inode #12: block 7: comm syz.0.723: bad entry in directory: rec_len is too small for name_len - offset=0, inode=13, rec_len=16, size=124 fake=0 [ 215.792999][ T6873] loop5: detected capacity change from 0 to 256 [ 215.909506][ T6873] FAT-fs (loop5): Directory bread(block 64) failed [ 215.940246][ T6873] FAT-fs (loop5): Directory bread(block 65) failed [ 215.960167][ T6873] FAT-fs (loop5): Directory bread(block 66) failed [ 215.967162][ T6873] FAT-fs (loop5): Directory bread(block 67) failed [ 216.054436][ T4276] EXT4-fs (loop0): unmounting filesystem. [ 216.060486][ T6873] FAT-fs (loop5): Directory bread(block 68) failed [ 216.067359][ T6873] FAT-fs (loop5): Directory bread(block 69) failed [ 216.114086][ T6873] FAT-fs (loop5): Directory bread(block 70) failed [ 216.140308][ T6873] FAT-fs (loop5): Directory bread(block 71) failed [ 216.169730][ T6873] FAT-fs (loop5): Directory bread(block 72) failed [ 216.256122][ T6873] FAT-fs (loop5): Directory bread(block 73) failed [ 216.649759][ T6890] loop6: detected capacity change from 0 to 512 [ 216.916311][ T6897] loop2: detected capacity change from 0 to 512 [ 216.990949][ T6897] EXT4-fs: Ignoring removed bh option [ 217.060855][ T6897] EXT4-fs (loop2): warning: mounting unchecked fs, running e2fsck is recommended [ 217.155362][ T6897] EXT4-fs (loop2): 1 truncate cleaned up [ 217.173963][ T6908] loop7: detected capacity change from 0 to 128 [ 217.215679][ T6897] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 217.253679][ T6908] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 217.291358][ T26] audit: type=1800 audit(1775564100.371:11): pid=6897 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.740" name="file1" dev="loop2" ino=13 res=0 errno=0 [ 217.346137][ T6908] hpfs: filesystem error: improperly stopped [ 217.371927][ T6908] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 217.394776][ T6908] hpfs: You really don't want any checks? You are crazy... [ 217.423851][ T6908] hpfs: hpfs_map_sector(): read error [ 217.441620][ T6908] hpfs: code page support is disabled [ 217.462831][ T4267] EXT4-fs (loop2): unmounting filesystem. [ 217.477550][ T6908] hpfs: hpfs_map_4sectors(): unaligned read [ 217.498537][ T6908] hpfs: hpfs_map_4sectors(): unaligned read [ 217.520547][ T6908] hpfs: filesystem error: unable to find root dir [ 217.585262][ T6908] hpfs: hpfs_map_4sectors(): unaligned read [ 217.649418][ T6908] hpfs: hpfs_map_sector(): read error [ 217.682483][ T6918] Bluetooth: MGMT ver 1.22 [ 217.972124][ T6926] loop7: detected capacity change from 0 to 1024 [ 217.988489][ T6926] EXT4-fs: inline encryption not supported [ 218.030096][ T4756] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 218.170926][ T6926] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: none. [ 218.214560][ T6926] ext4 filesystem being mounted at /6/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 218.231674][ T4756] usb 6-1: too many configurations: 9, using maximum allowed: 8 [ 218.263932][ T4756] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 218.338011][ T6912] loop0: detected capacity change from 0 to 32768 [ 218.345107][ T4756] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 218.345145][ T4756] usb 6-1: config 0 interface 0 has no altsetting 0 [ 218.348635][ T4756] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 218.460927][ T6912] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 scanned by syz.0.744 (6912) [ 218.479498][ T4756] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 218.537875][ T4756] usb 6-1: config 0 interface 0 has no altsetting 0 [ 218.559547][ T6424] EXT4-fs (loop7): unmounting filesystem. [ 218.574834][ T4756] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 218.600114][ T4756] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 218.634720][ T4756] usb 6-1: config 0 interface 0 has no altsetting 0 [ 218.662579][ T6912] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 218.674586][ T4756] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 218.681043][ T6912] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 218.726468][ T6912] BTRFS info (device loop0): enabling auto defrag [ 218.742271][ T4756] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 218.786278][ T6912] BTRFS info (device loop0): use no compression [ 218.801807][ T4756] usb 6-1: config 0 interface 0 has no altsetting 0 [ 218.830257][ T6912] BTRFS info (device loop0): force clearing of disk cache [ 218.837506][ T6912] BTRFS info (device loop0): max_inline at 4096 [ 218.847516][ T4756] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 218.894236][ T6912] BTRFS info (device loop0): disabling free space tree [ 218.898829][ T4756] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 218.973742][ T6951] loop2: detected capacity change from 0 to 512 [ 218.986030][ T4756] usb 6-1: config 0 interface 0 has no altsetting 0 [ 219.012707][ T4756] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 219.030971][ T4756] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 219.042361][ T4756] usb 6-1: config 0 interface 0 has no altsetting 0 [ 219.057932][ T6951] EXT4-fs (loop2): 1 truncate cleaned up [ 219.069786][ T4756] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 219.089658][ T4756] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 219.110145][ T6951] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 219.172684][ T4756] usb 6-1: config 0 interface 0 has no altsetting 0 [ 219.200951][ T4756] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 219.212154][ T4756] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 219.224041][ T4756] usb 6-1: config 0 interface 0 has no altsetting 0 [ 219.234732][ T4756] usb 6-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 219.254403][ T4756] usb 6-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 219.274759][ T4756] usb 6-1: Product: syz [ 219.279017][ T4756] usb 6-1: Manufacturer: syz [ 219.295026][ T4756] usb 6-1: SerialNumber: syz [ 219.323941][ T4756] usb 6-1: config 0 descriptor?? [ 219.350965][ T4756] yurex 6-1:0.0: USB YUREX device now attached to Yurex #0 [ 219.363970][ T6912] BTRFS info (device loop0): enabling ssd optimizations [ 219.401584][ T6912] BTRFS info (device loop0): rebuilding free space tree [ 219.521751][ T6912] BTRFS info (device loop0): disabling free space tree [ 219.539248][ T6912] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 219.590647][ T6912] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 219.718016][ C1] usb 6-1: yurex_control_callback - control failed: -71 [ 219.731540][ T6759] usb 6-1: USB disconnect, device number 9 [ 219.749183][ T6759] yurex 6-1:0.0: USB YUREX #0 now disconnected [ 219.770774][ T6981] ax25_connect(): syz.6.759 uses autobind, please contact jreuter@yaina.de [ 219.938972][ T4267] EXT4-fs (loop2): unmounting filesystem. [ 219.939151][ T6984] loop7: detected capacity change from 0 to 256 [ 219.985634][ T4276] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 220.814388][ T7002] program syz.0.762 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 221.228037][ T7015] loop5: detected capacity change from 0 to 1024 [ 221.293159][ T7015] EXT4-fs: inline encryption not supported [ 221.345433][ T7015] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 221.370170][ T7015] ext4 filesystem being mounted at /143/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 221.456802][ T7015] EXT4-fs error (device loop5): ext4_free_blocks:6220: comm syz.5.770: Freeing blocks not in datazone - block = 0, count = 16 [ 221.657357][ T4551] EXT4-fs (loop5): unmounting filesystem. [ 222.022232][ T7040] loop6: detected capacity change from 0 to 16 [ 222.092696][ T7040] erofs: (device loop6): mounted with root inode @ nid 36. [ 222.189050][ T7040] erofs: (device loop6): z_erofs_readahead: readahead error at page 3 @ nid 89 [ 222.288337][ T7045] loop7: detected capacity change from 0 to 1024 [ 222.302204][ T7040] syz.6.779: attempt to access beyond end of device [ 222.302204][ T7040] loop6: rw=524288, sector=34359738360, nr_sectors = 8 limit=16 [ 222.346932][ T7045] EXT4-fs: Ignoring removed nobh option [ 222.415088][ T7045] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: none. [ 222.432708][ T7040] erofs: (device loop6): z_erofs_readahead: readahead error at page 4 @ nid 89 [ 222.444202][ T7043] loop5: detected capacity change from 0 to 4096 [ 222.473944][ T7043] ntfs3: loop5: Different NTFS' sector size (1024) and media sector size (512) [ 222.506038][ T7040] syz.6.779: attempt to access beyond end of device [ 222.506038][ T7040] loop6: rw=524288, sector=16, nr_sectors = 40 limit=16 [ 222.554250][ T7040] syz.6.779: attempt to access beyond end of device [ 222.554250][ T7040] loop6: rw=0, sector=34359738360, nr_sectors = 8 limit=16 [ 222.620042][ T26] audit: type=1800 audit(1775564105.701:12): pid=7040 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.779" name="file2" dev="loop6" ino=89 res=0 errno=0 [ 222.672317][ T6424] EXT4-fs (loop7): unmounting filesystem. [ 222.721635][ T7040] syz.6.779 (7040) used greatest stack depth: 20400 bytes left [ 222.962188][ T7013] loop0: detected capacity change from 0 to 40427 [ 223.040709][ T7013] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 223.079885][ T7013] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 223.118899][ T7013] F2FS-fs (loop0): invalid crc value [ 223.182399][ T7013] F2FS-fs (loop0): Found nat_bits in checkpoint [ 223.433670][ T7013] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 223.465565][ T7013] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 224.150268][ T4322] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 224.343350][ T4322] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 224.386138][ T4322] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 224.437735][ T4322] usb 3-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 224.458806][ T4322] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 224.510560][ T4322] usb 3-1: config 0 descriptor?? [ 224.821947][ T7083] loop7: detected capacity change from 0 to 32768 [ 224.902139][ T26] audit: type=1800 audit(1775564107.991:13): pid=7083 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.792" name="file1" dev="loop7" ino=7 res=0 errno=0 [ 224.935010][ T4322] cm6533_jd 0003:0D8C:0022.000A: item fetching failed at offset 3/5 [ 224.968745][ T4322] cm6533_jd 0003:0D8C:0022.000A: parse failed [ 224.995598][ T4322] cm6533_jd: probe of 0003:0D8C:0022.000A failed with error -22 [ 225.155740][ T4322] usb 3-1: USB disconnect, device number 12 [ 225.224432][ T7085] loop5: detected capacity change from 0 to 32768 [ 225.411768][ T7085] XFS (loop5): Mounting V5 Filesystem [ 225.526822][ T7085] XFS (loop5): Ending clean mount [ 225.541605][ T7085] XFS (loop5): Quotacheck needed: Please wait. [ 225.687889][ T7085] XFS (loop5): Quotacheck: Done. [ 225.745414][ T7085] XFS (loop5): User initiated shutdown received. [ 225.816955][ T7085] XFS (loop5): Metadata I/O Error (0x4) detected at xfs_fs_goingdown+0x6d/0x150 (fs/xfs/xfs_fsops.c:495). Shutting down filesystem. [ 225.857081][ T7085] XFS (loop5): Please unmount the filesystem and rectify the problem(s) [ 226.006687][ T4551] XFS (loop5): Unmounting Filesystem [ 226.668716][ T7135] loop6: detected capacity change from 0 to 1024 [ 226.714477][ T7135] EXT4-fs: inline encryption not supported [ 226.816623][ T7123] loop2: detected capacity change from 0 to 32768 [ 226.826613][ T7135] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none. [ 226.852600][ T7135] ext4 filesystem being mounted at /118/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 226.877518][ T7123] JBD2: Ignoring recovery information on journal [ 226.917033][ T4322] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 226.972787][ T4322] hid-generic 0000:0000:0000.000B: hidraw0: HID v0.00 Device [syz1] on syz0 [ 227.109712][ T7123] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 227.357340][ T4285] Bluetooth: hci2: command 0x0406 tx timeout [ 227.450463][ T7151] fido_id[7151]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 227.739141][ T7160] loop0: detected capacity change from 0 to 256 [ 227.770960][ T7160] exfat: Deprecated parameter 'utf8' [ 227.844566][ T4956] EXT4-fs (loop6): unmounting filesystem. [ 227.853977][ T7160] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d) [ 227.925807][ T4267] ocfs2: Unmounting device (7,2) on (node local) [ 228.524503][ T7173] loop7: detected capacity change from 0 to 2048 [ 228.615412][ T7180] NILFS (loop7): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 228.635744][ T4756] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 228.687512][ T7173] NILFS (loop7): bad btree node (ino=16, blocknr=12): level = 0, flags = 0x0, nchildren = 0 [ 228.770146][ T7173] NILFS error (device loop7): nilfs_bmap_last_key: broken bmap (inode number=16) [ 228.852582][ T7173] Remounting filesystem read-only [ 228.858381][ T7173] NILFS (loop7): error -5 truncating bmap (ino=16) [ 228.868604][ T4756] usb 1-1: Using ep0 maxpacket: 32 [ 228.876257][ T7186] loop6: detected capacity change from 0 to 256 [ 228.877658][ T4756] usb 1-1: config 0 has an invalid interface number: 51 but max is 0 [ 228.920108][ T4756] usb 1-1: config 0 has no interface number 0 [ 228.947559][ T4756] usb 1-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 228.971424][ T4756] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 229.009230][ T7186] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010000, chksum : 0xffade8b4, utbl_chksum : 0xe619d30d) [ 229.039343][ T4756] usb 1-1: Product: syz [ 229.059577][ T4756] usb 1-1: Manufacturer: syz [ 229.090151][ T4756] usb 1-1: SerialNumber: syz [ 229.106286][ T4756] usb 1-1: config 0 descriptor?? [ 229.126549][ T6424] NILFS (loop7): disposed unprocessed dirty file(s) when detaching log writer [ 229.142132][ T4756] quatech2 1-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 229.351585][ T4756] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 229.420214][ T4756] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 229.629189][ T7167] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 229.673635][ T7167] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 229.896417][ T7178] loop2: detected capacity change from 0 to 32768 [ 229.926476][ C1] usb 1-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 229.934758][ T4756] usb 1-1: USB disconnect, device number 8 [ 229.955711][ T4756] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 229.969428][ T7178] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 scanned by syz.2.810 (7178) [ 230.036686][ T4756] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 230.082496][ T4756] quatech2 1-1:0.51: device disconnected [ 230.091366][ T7178] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 230.134184][ T7178] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 230.165592][ T7178] BTRFS info (device loop2): enabling auto defrag [ 230.191009][ T7178] BTRFS info (device loop2): use no compression [ 230.217791][ T7178] BTRFS info (device loop2): force clearing of disk cache [ 230.268447][ T7178] BTRFS info (device loop2): max_inline at 4096 [ 230.279632][ T7178] BTRFS info (device loop2): disabling free space tree [ 230.540252][ T7178] BTRFS info (device loop2): enabling ssd optimizations [ 230.556715][ T7178] BTRFS info (device loop2): rebuilding free space tree [ 230.638387][ T7178] BTRFS info (device loop2): disabling free space tree [ 230.670781][ T7178] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 230.736821][ T7178] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 230.969570][ T7198] loop6: detected capacity change from 0 to 40427 [ 231.086057][ T4267] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 231.087184][ T7198] F2FS-fs (loop6): Found nat_bits in checkpoint [ 231.432760][ T7198] F2FS-fs (loop6): Cannot turn on quotas: -2 on 2 [ 231.455517][ T7198] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5 [ 231.615924][ T26] audit: type=1800 audit(1775564370.694:14): pid=7198 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.823" name="file2" dev="loop6" ino=10 res=0 errno=0 [ 231.749700][ T7198] syz.6.823: attempt to access beyond end of device [ 231.749700][ T7198] loop6: rw=34817, sector=77824, nr_sectors = 128 limit=40427 [ 232.005178][ T4956] syz-executor: attempt to access beyond end of device [ 232.005178][ T4956] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 232.500178][ T27] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 232.692036][ T27] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 232.724456][ T27] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 232.772475][ T27] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 232.840046][ T27] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 232.878905][ T27] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 232.908803][ T27] usb 1-1: config 0 descriptor?? [ 233.341258][ T7299] loop5: detected capacity change from 0 to 64 [ 233.350591][ T27] plantronics 0003:047F:FFFF.000C: unknown main item tag 0x4 [ 233.369134][ T27] plantronics 0003:047F:FFFF.000C: No inputs registered, leaving [ 233.378807][ T7300] netlink: 8 bytes leftover after parsing attributes in process `syz.7.845'. [ 233.410196][ T7300] netlink: 8 bytes leftover after parsing attributes in process `syz.7.845'. [ 233.458111][ T26] audit: type=1800 audit(1775564372.534:15): pid=7299 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.844" name="file1" dev="loop5" ino=8 res=0 errno=0 [ 233.521982][ T27] plantronics 0003:047F:FFFF.000C: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 233.574894][ T26] audit: type=1326 audit(1775564372.654:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7303 comm="syz.6.846" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd890d9c819 code=0x0 [ 233.712003][ T4756] usb 1-1: USB disconnect, device number 9 [ 233.948729][ T7308] fido_id[7308]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 234.050197][ T4320] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 234.260180][ T4320] usb 8-1: Using ep0 maxpacket: 8 [ 234.267358][ T4320] usb 8-1: config index 0 descriptor too short (expected 301, got 45) [ 234.303461][ T4320] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 234.344784][ T4320] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 234.401495][ T4320] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 234.461212][ T4320] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 234.525618][ T4320] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 234.561085][ T4320] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 234.800417][ T4320] usb 8-1: GET_CAPABILITIES returned 0 [ 234.806386][ T4320] usbtmc 8-1:16.0: can't read capabilities [ 234.873921][ T7344] device ipvlan2 entered promiscuous mode [ 234.923100][ T7344] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 234.953191][ T7344] bond0: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 235.089534][ T4320] usb 8-1: USB disconnect, device number 3 [ 235.185713][ T7349] netlink: 40 bytes leftover after parsing attributes in process `syz.5.859'. [ 235.231713][ T7349] netlink: 2 bytes leftover after parsing attributes in process `syz.5.859'. [ 235.487383][ T7356] tipc: Started in network mode [ 235.506838][ T7356] tipc: Node identity ac14140f, cluster identity 4711 [ 235.531069][ T7356] tipc: New replicast peer: 255.255.255.255 [ 235.545728][ T7356] tipc: Enabled bearer , priority 10 [ 235.580401][ T7361] netlink: 12 bytes leftover after parsing attributes in process `syz.0.862'. [ 235.973029][ T7371] loop5: detected capacity change from 0 to 512 [ 236.088185][ T7371] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 236.550696][ T4761] tipc: Node number set to 2886997007 [ 236.672233][ T4551] EXT4-fs (loop5): unmounting filesystem. [ 237.138866][ T7407] netlink: 'syz.5.879': attribute type 3 has an invalid length. [ 237.180206][ T7407] netlink: 812 bytes leftover after parsing attributes in process `syz.5.879'. [ 237.273608][ T7409] loop6: detected capacity change from 0 to 128 [ 237.445168][ T7415] loop7: detected capacity change from 0 to 128 [ 237.556888][ T7416] netlink: 8 bytes leftover after parsing attributes in process `syz.5.883'. [ 237.709202][ T7419] netlink: 24 bytes leftover after parsing attributes in process `syz.6.884'. [ 238.046360][ T7429] loop5: detected capacity change from 0 to 2048 [ 238.091012][ T7431] loop6: detected capacity change from 0 to 2048 [ 238.135239][ T7429] loop5: p1 < > p3 [ 238.157308][ T7431] UDF-fs: error (device loop6): udf_process_sequence: Primary Volume Descriptor not found! [ 238.167701][ T7429] loop5: p3 size 134217728 extends beyond EOD, truncated [ 238.185450][ T7433] loop2: detected capacity change from 0 to 2048 [ 238.263977][ T7433] UDF-fs: error (device loop2): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 238.351248][ T7433] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 238.747472][ T7405] loop0: detected capacity change from 0 to 40427 [ 238.817648][ T7405] F2FS-fs (loop0): invalid crc value [ 238.833457][ T4396] udevd[4396]: inotify_add_watch(7, /dev/loop5p3, 10) failed: No such file or directory [ 238.899676][ T7405] F2FS-fs (loop0): Found nat_bits in checkpoint [ 238.915204][ T4273] Bluetooth: hci1: Invalid handle: 0xff00 > 0x0eff [ 239.168803][ T7405] F2FS-fs (loop0): Start checkpoint disabled! [ 239.215390][ T7405] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 239.367600][ T7458] loop5: detected capacity change from 0 to 256 [ 239.443346][ T7460] loop6: detected capacity change from 0 to 256 [ 239.506514][ T7460] exFAT-fs (loop6): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 239.551460][ T7458] FAT-fs (loop5): Directory bread(block 64) failed [ 239.558184][ T7458] FAT-fs (loop5): Directory bread(block 65) failed [ 239.565937][ T7460] exFAT-fs (loop6): Medium has reported failures. Some data may be lost. [ 239.620248][ T7458] FAT-fs (loop5): Directory bread(block 66) failed [ 239.666417][ T7458] FAT-fs (loop5): Directory bread(block 67) failed [ 239.666816][ T7460] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 239.700354][ T7458] FAT-fs (loop5): Directory bread(block 68) failed [ 239.707676][ T7458] FAT-fs (loop5): Directory bread(block 69) failed [ 239.760380][ T7458] FAT-fs (loop5): Directory bread(block 70) failed [ 239.810142][ T7458] FAT-fs (loop5): Directory bread(block 71) failed [ 239.816905][ T7458] FAT-fs (loop5): Directory bread(block 72) failed [ 239.824845][ T4640] kworker/u4:8: attempt to access beyond end of device [ 239.824845][ T4640] loop0: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 239.864536][ T7458] FAT-fs (loop5): Directory bread(block 73) failed [ 240.025039][ T7458] syz.5.899: attempt to access beyond end of device [ 240.025039][ T7458] loop5: rw=524288, sector=1192, nr_sectors = 4 limit=256 [ 240.028254][ T26] audit: type=1800 audit(1775564379.104:17): pid=7458 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.899" name="file1" dev="loop5" ino=1048650 res=0 errno=0 [ 240.125048][ T7458] syz.5.899: attempt to access beyond end of device [ 240.125048][ T7458] loop5: rw=0, sector=1192, nr_sectors = 4 limit=256 [ 240.207950][ T7458] syz.5.899: attempt to access beyond end of device [ 240.207950][ T7458] loop5: rw=0, sector=1192, nr_sectors = 4 limit=256 [ 240.689880][ T7490] loop0: detected capacity change from 0 to 512 [ 240.724659][ T7490] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 240.770141][ T4756] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 240.778074][ T7490] EXT4-fs (loop0): 1 truncate cleaned up [ 240.784571][ T7490] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 240.833202][ T7490] EXT4-fs error (device loop0): ext4_xattr_block_get:543: inode #15: comm syz.0.903: corrupted xattr block 33 [ 240.880356][ T7490] EXT4-fs (loop0): Remounting filesystem read-only [ 240.977012][ T4756] usb 3-1: config 0 has no interfaces? [ 240.988871][ T4756] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 241.019798][ T4756] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 241.046601][ T4756] usb 3-1: config 0 descriptor?? [ 241.057449][ T4276] EXT4-fs (loop0): unmounting filesystem. [ 241.269726][ T7483] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 241.310319][ T7483] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 241.321572][ T4756] usb 3-1: USB disconnect, device number 13 [ 241.450883][ T7511] netlink: 12 bytes leftover after parsing attributes in process `syz.0.917'. [ 241.737069][ T7520] loop6: detected capacity change from 0 to 1024 [ 241.910451][ T4756] usb 3-1: new full-speed USB device number 14 using dummy_hcd [ 241.974866][ T7520] hfsplus: b-tree write err: -5, ino 3 [ 242.130675][ T4756] usb 3-1: New USB device found, idVendor=06b9, idProduct=4061, bcdDevice= 1.88 [ 242.160111][ T4756] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 242.169595][ T4756] usb 3-1: Product: syz [ 242.183253][ T7534] loop5: detected capacity change from 0 to 512 [ 242.193374][ T4756] usb 3-1: Manufacturer: syz [ 242.198348][ T4756] usb 3-1: SerialNumber: syz [ 242.220275][ T4756] usb 3-1: config 0 descriptor?? [ 242.226825][ T7534] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 242.239517][ T4756] hub 3-1:0.0: bad descriptor, ignoring hub [ 242.257206][ T41] hfsplus: bad catalog file entry [ 242.261707][ T4756] hub: probe of 3-1:0.0 failed with error -5 [ 242.317507][ T7534] EXT4-fs error (device loop5): ext4_orphan_get:1425: comm syz.5.927: bad orphan inode 131083 [ 242.358380][ T7534] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 242.395546][ T7537] net_ratelimit: 823 callbacks suppressed [ 242.395566][ T7537] A link change request failed with some changes committed already. Interface macsec0 may have been left with an inconsistent configuration, please check. [ 242.441520][ T4756] speedtch 3-1:0.0: speedtch_bind: wrong device class 9 [ 242.453883][ T26] audit: type=1800 audit(1775564381.534:18): pid=7534 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.927" name="file1" dev="loop5" ino=15 res=0 errno=0 [ 242.459211][ T4756] speedtch 3-1:0.0: usbatm_usb_probe: bind failed: -19! [ 242.601063][ T4756] usb 3-1: USB disconnect, device number 14 [ 242.696076][ T4551] EXT4-fs (loop5): unmounting filesystem. [ 243.503384][ T7571] loop7: detected capacity change from 0 to 8192 [ 243.518302][ T7571] FAT-fs (loop7): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 243.601333][ T7578] loop6: detected capacity change from 0 to 64 [ 244.042105][ T7558] loop0: detected capacity change from 0 to 32768 [ 244.078872][ T7586] netlink: 16 bytes leftover after parsing attributes in process `syz.6.949'. [ 244.159274][ T7558] XFS (loop0): Mounting V5 Filesystem [ 244.375236][ T7558] XFS (loop0): Ending clean mount [ 244.401983][ T7558] XFS (loop0): Quotacheck needed: Please wait. [ 244.598410][ T7558] XFS (loop0): Quotacheck: Done. [ 245.504754][ T7601] loop7: detected capacity change from 0 to 131072 [ 245.557906][ T4276] XFS (loop0): Unmounting Filesystem [ 245.565188][ T7601] F2FS-fs (loop7): invalid crc value [ 245.712577][ T7601] F2FS-fs (loop7): Found nat_bits in checkpoint [ 245.742109][ T7594] loop5: detected capacity change from 0 to 32768 [ 245.751286][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 245.777692][ T7601] F2FS-fs (loop7): Cannot turn on quotas: -2 on 2 [ 245.797048][ T7601] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e4 [ 245.848322][ T7601] F2FS-fs (loop7): access invalid blkaddr:36 [ 245.855724][ T7601] CPU: 1 PID: 7601 Comm: syz.7.952 Not tainted syzkaller #0 [ 245.863211][ T7601] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 245.873893][ T7601] Call Trace: [ 245.877245][ T7601] [ 245.880246][ T7601] dump_stack_lvl+0x188/0x24e [ 245.885292][ T7601] ? show_regs_print_info+0x12/0x12 [ 245.890681][ T7601] ? f2fs_get_next_page_offset+0x6a0/0x6a0 [ 245.896749][ T7601] f2fs_is_valid_blkaddr+0xc7e/0x1250 [ 245.902297][ T7601] f2fs_get_read_data_page+0x40f/0x640 [ 245.907848][ T7601] ? f2fs_reserve_block+0x240/0x240 [ 245.913145][ T7601] ? folio_unlock+0x114/0x2e0 [ 245.917915][ T7601] f2fs_get_new_data_page+0x408/0x600 [ 245.923611][ T7601] ? lock_page+0x2b0/0x2b0 [ 245.928123][ T7601] ? has_not_enough_free_secs+0xe10/0xe10 [ 245.933928][ T7601] ? memset+0x1e/0x40 [ 245.938170][ T7601] f2fs_add_regular_entry+0x585/0xbf0 [ 245.944417][ T7601] f2fs_add_dentry+0xd6/0x1c0 [ 245.949483][ T7601] f2fs_do_add_link+0x1cd/0x2a0 [ 245.954425][ T7601] ? f2fs_add_dentry+0x1c0/0x1c0 [ 245.959557][ T7601] ? up_read+0x20/0x20 [ 245.963750][ T7601] ? f2fs_lookup+0x4be/0x800 [ 245.968452][ T7601] ? down_read+0x1a8/0x2d0 [ 245.973124][ T7601] f2fs_create+0x6d7/0x9e0 [ 245.977760][ T7601] ? f2fs_lookup+0x800/0x800 [ 245.982444][ T7601] path_openat+0x1181/0x2ee0 [ 245.987246][ T7601] ? do_filp_open+0x430/0x430 [ 245.992099][ T7601] do_filp_open+0x1f1/0x430 [ 245.996773][ T7601] ? vfs_tmpfile+0x480/0x480 [ 246.001467][ T7601] ? _raw_spin_unlock+0x24/0x40 [ 246.006579][ T7601] ? alloc_fd+0x58f/0x630 [ 246.011137][ T7601] do_sys_openat2+0x150/0x4b0 [ 246.015981][ T7601] ? do_sys_open+0xe0/0xe0 [ 246.020580][ T7601] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 246.026825][ T7601] ? lock_chain_count+0x20/0x20 [ 246.031848][ T7601] __x64_sys_openat+0x135/0x160 [ 246.037100][ T7601] do_syscall_64+0x4c/0xa0 [ 246.041673][ T7601] ? clear_bhb_loop+0x60/0xb0 [ 246.046481][ T7601] ? clear_bhb_loop+0x60/0xb0 [ 246.051410][ T7601] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 246.057665][ T7601] RIP: 0033:0x7f0ff4b9c819 [ 246.062784][ T7601] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 246.082980][ T7601] RSP: 002b:00007f0ff59f8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 246.091824][ T7601] RAX: ffffffffffffffda RBX: 00007f0ff4e15fa0 RCX: 00007f0ff4b9c819 [ 246.100052][ T7601] RDX: 0000000000880cc2 RSI: 0000200000000100 RDI: ffffffffffffff9c [ 246.108272][ T7601] RBP: 00007f0ff4c32c91 R08: 0000000000000000 R09: 0000000000000000 [ 246.116404][ T7601] R10: 0000000000000020 R11: 0000000000000246 R12: 0000000000000000 [ 246.124530][ T7601] R13: 00007f0ff4e16038 R14: 00007f0ff4e15fa0 R15: 00007ffee1c33028 [ 246.132682][ T7601] [ 246.225550][ T7594] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode. [ 246.601488][ T4551] ocfs2: Unmounting device (7,5) on (node local) [ 246.720099][ T14] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 246.900368][ T14] usb 3-1: Using ep0 maxpacket: 16 [ 246.908565][ T14] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 246.964854][ T14] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 247.008422][ T14] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 247.086178][ T14] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 247.127384][ T14] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 247.187899][ T14] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 247.237760][ T14] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 247.260911][ T14] usb 3-1: Manufacturer: syz [ 247.312131][ T14] usb 3-1: config 0 descriptor?? [ 247.519866][ T7655] netlink: 27 bytes leftover after parsing attributes in process `syz.5.968'. [ 247.850137][ T14] rc_core: IR keymap rc-hauppauge not found [ 247.856443][ T14] Registered IR keymap rc-empty [ 247.868590][ T14] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 247.921498][ T14] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 247.961769][ T14] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0 [ 248.007581][ T14] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input11 [ 248.086251][ T14] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 248.097419][ C0] mceusb 3-1:0.0: long-range (0x4) receiver active [ 248.159597][ T14] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 248.216693][ T14] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 248.268929][ T14] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 248.325608][ T14] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 248.366789][ T14] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 248.410169][ T14] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 248.434744][ T7649] loop7: detected capacity change from 0 to 32768 [ 248.441324][ T14] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 248.473421][ T14] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 248.536140][ T14] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 248.581378][ T14] mceusb 3-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 248.601115][ T14] mceusb 3-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x4 active) [ 248.617991][ T14] usb 3-1: USB disconnect, device number 15 [ 248.639691][ T7649] XFS (loop7): Mounting V5 Filesystem [ 248.781264][ T7682] overlayfs: invalid origin (0000) [ 248.919662][ T7649] XFS (loop7): Ending clean mount [ 249.113927][ T7661] loop5: detected capacity change from 0 to 40427 [ 249.144729][ T6424] XFS (loop7): Unmounting Filesystem [ 249.161584][ T7661] F2FS-fs (loop5): Small segment_count (9 < 1 * 24) [ 249.168375][ T7661] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 249.259640][ T7661] F2FS-fs (loop5): Found nat_bits in checkpoint [ 249.366291][ T4320] kernel write not supported for file /vcs (pid: 4320 comm: kworker/1:5) [ 249.470846][ T7661] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 249.477988][ T7661] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 249.767160][ T4551] syz-executor: attempt to access beyond end of device [ 249.767160][ T4551] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 249.867180][ T7676] loop6: detected capacity change from 0 to 32768 [ 249.963993][ T7676] JFS: Invalid stbl[0] = -1 for inode 2, block = 0 [ 250.220843][ T26] audit: type=1326 audit(1775564389.304:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7708 comm="syz.0.985" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff3e9d9c819 code=0x7ffc0000 [ 250.331911][ T7710] mmap: syz.0.985 (7710) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 250.366189][ T26] audit: type=1326 audit(1775564389.334:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7708 comm="syz.0.985" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff3e9d9c819 code=0x7ffc0000 [ 250.490099][ T26] audit: type=1326 audit(1775564389.334:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7708 comm="syz.0.985" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff3e9d9c819 code=0x7ffc0000 [ 250.573730][ T26] audit: type=1326 audit(1775564389.374:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7708 comm="syz.0.985" exe="/root/syz-executor" sig=0 arch=c000003e syscall=29 compat=0 ip=0x7ff3e9d9c819 code=0x7ffc0000 [ 250.722161][ T26] audit: type=1326 audit(1775564389.374:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7708 comm="syz.0.985" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff3e9d9c819 code=0x7ffc0000 [ 250.839533][ T7726] loop6: detected capacity change from 0 to 512 [ 250.862763][ T26] audit: type=1326 audit(1775564389.374:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7708 comm="syz.0.985" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff3e9d9c819 code=0x7ffc0000 [ 250.881834][ T7724] loop2: detected capacity change from 0 to 512 [ 250.991014][ T7724] EXT4-fs: Ignoring removed nobh option [ 251.008201][ T7726] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode [ 251.021172][ T26] audit: type=1326 audit(1775564389.374:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7708 comm="syz.0.985" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff3e9d9c819 code=0x7ffc0000 [ 251.062548][ T7724] EXT4-fs error (device loop2): __ext4_iget:5091: inode #11: block 1: comm syz.2.991: invalid block [ 251.112020][ T26] audit: type=1326 audit(1775564389.374:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7708 comm="syz.0.985" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff3e9d9c819 code=0x7ffc0000 [ 251.138187][ T7726] EXT4-fs error (device loop6): ext4_orphan_get:1425: comm syz.6.990: bad orphan inode 131083 [ 251.152213][ T7724] EXT4-fs error (device loop2): ext4_orphan_get:1404: comm syz.2.991: couldn't read orphan inode 11 (err -117) [ 251.190431][ T26] audit: type=1326 audit(1775564389.384:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7708 comm="syz.0.985" exe="/root/syz-executor" sig=0 arch=c000003e syscall=30 compat=0 ip=0x7ff3e9d9c819 code=0x7ffc0000 [ 251.213517][ T26] audit: type=1326 audit(1775564389.384:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7708 comm="syz.0.985" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff3e9d9c819 code=0x7ffc0000 [ 251.244993][ T7726] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none. [ 251.253768][ T7724] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 251.517347][ T4267] EXT4-fs (loop2): unmounting filesystem. [ 251.615245][ T4956] EXT4-fs (loop6): unmounting filesystem. [ 251.909302][ T7751] loop5: detected capacity change from 0 to 256 [ 251.932574][ T7740] loop7: detected capacity change from 0 to 8192 [ 251.958470][ T7751] FAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 252.001354][ T7740] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 252.054501][ T7740] REISERFS (device loop7): found reiserfs format "3.6" with non-standard journal [ 252.073352][ T7740] REISERFS (device loop7): using ordered data mode [ 252.127077][ T7760] FAT-fs (loop5): error, corrupted file size (i_pos 196, 16779264) [ 252.131831][ T7740] reiserfs: using flush barriers [ 252.167346][ T7740] REISERFS (device loop7): journal params: device loop7, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 252.190433][ T7740] REISERFS (device loop7): checking transaction log (loop7) [ 252.214594][ T7760] FAT-fs (loop5): Filesystem has been set read-only [ 252.320999][ T7761] loop6: detected capacity change from 0 to 1024 [ 252.353644][ T7760] FAT-fs (loop5): error, corrupted file size (i_pos 196, 16779008) [ 252.368819][ T7761] EXT4-fs: Ignoring removed nomblk_io_submit option [ 252.460185][ T7760] FAT-fs (loop5): error, corrupted file size (i_pos 196, 16779008) [ 252.506247][ T7761] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none. [ 252.611985][ T7770] loop2: detected capacity change from 0 to 256 [ 252.631048][ T7740] REISERFS (device loop7): Using r5 hash to sort names [ 252.711222][ T7740] REISERFS (device loop7): Created .reiserfs_priv - reserved for xattr storage. [ 252.913325][ T4956] EXT4-fs (loop6): unmounting filesystem. [ 253.282079][ T7778] loop0: detected capacity change from 0 to 1024 [ 253.502549][ T7785] netlink: 4 bytes leftover after parsing attributes in process `syz.7.1006'. [ 253.565039][ T7780] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.1007: bg 0: block 393: padding at end of block bitmap is not set [ 253.637528][ T41] hfsplus: b-tree write err: -5, ino 25 [ 253.644122][ T41] hfsplus: b-tree write err: -5, ino 4 [ 253.721253][ T41] hfsplus: b-tree write err: -5, ino 2 [ 253.771401][ T7780] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6180: Corrupt filesystem [ 253.780764][ T41] hfsplus: b-tree write err: -5, ino 26 [ 253.843423][ T7780] EXT4-fs (loop2): 2 truncates cleaned up [ 253.901678][ T7780] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 254.156252][ T4267] EXT4-fs (loop2): unmounting filesystem. [ 254.215516][ T7777] set_capacity_and_notify: 1 callbacks suppressed [ 254.215534][ T7777] loop6: detected capacity change from 0 to 32768 [ 254.305012][ T7777] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop6 scanned by syz.6.1004 (7777) [ 254.419775][ T7777] BTRFS info (device loop6): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 254.454289][ T7777] BTRFS info (device loop6): using sha256 (sha256-avx2) checksum algorithm [ 254.506928][ T7777] BTRFS info (device loop6): setting nodatacow, compression disabled [ 254.526195][ T7777] BTRFS info (device loop6): force clearing of disk cache [ 254.577784][ T7808] process 'syz.5.1015' launched '/dev/fd/3' with NULL argv: empty string added [ 254.578698][ T7777] BTRFS info (device loop6): enabling ssd optimizations [ 254.625904][ T7777] BTRFS info (device loop6): using spread ssd allocation scheme [ 254.648637][ T7777] BTRFS info (device loop6): turning off barriers [ 254.681041][ T7777] BTRFS info (device loop6): disabling free space tree [ 254.720102][ T7777] BTRFS info (device loop6): not using ssd optimizations [ 254.749367][ T7777] BTRFS info (device loop6): not using spread ssd allocation scheme [ 255.075059][ T7777] BTRFS info (device loop6): rebuilding free space tree [ 255.176334][ T7777] BTRFS info (device loop6): disabling free space tree [ 255.200067][ T7777] BTRFS info (device loop6): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 255.240694][ T7777] BTRFS info (device loop6): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 255.300125][ T4761] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 255.500021][ T4761] usb 6-1: Using ep0 maxpacket: 8 [ 255.510380][ T4761] usb 6-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 255.546834][ T4761] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 255.580082][ T4761] usb 6-1: Product: syz [ 255.596280][ T4761] usb 6-1: Manufacturer: syz [ 255.633689][ T4761] usb 6-1: SerialNumber: syz [ 255.674799][ T4761] usb 6-1: config 0 descriptor?? [ 255.754860][ T4956] BTRFS info (device loop6): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 255.926397][ T4761] usb 6-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 255.997453][ T1267] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.004570][ T1267] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.361841][ T4761] dvb_usb_rtl28xxu: probe of 6-1:0.0 failed with error -71 [ 256.390495][ T4761] usb 6-1: USB disconnect, device number 10 [ 256.600219][ T4322] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 256.820311][ T4322] usb 3-1: Using ep0 maxpacket: 8 [ 256.829752][ T4322] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 176, changing to 11 [ 256.881160][ T4322] usb 3-1: config 0 interface 0 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 256.927565][ T4322] usb 3-1: config 0 interface 0 has no altsetting 0 [ 256.996497][ T4322] usb 3-1: New USB device found, idVendor=057e, idProduct=2019, bcdDevice= 0.00 [ 257.039828][ T4322] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 257.105067][ T4322] usb 3-1: config 0 descriptor?? [ 257.369857][ T4322] usbhid 3-1:0.0: can't add hid device: -71 [ 257.378506][ T4322] usbhid: probe of 3-1:0.0 failed with error -71 [ 257.388728][ T7883] loop0: detected capacity change from 0 to 8192 [ 257.405793][ T7888] netlink: 60 bytes leftover after parsing attributes in process `syz.7.1033'. [ 257.430776][ T4322] usb 3-1: USB disconnect, device number 16 [ 257.493892][ T7888] netlink: 60 bytes leftover after parsing attributes in process `syz.7.1033'. [ 257.516101][ T7890] netlink: 60 bytes leftover after parsing attributes in process `syz.7.1033'. [ 257.565319][ T7893] netlink: 60 bytes leftover after parsing attributes in process `syz.7.1033'. [ 257.597334][ T7883] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 0) [ 257.638421][ T7883] FAT-fs (loop0): Filesystem has been set read-only [ 257.918596][ T7902] 9p: Unknown Cache mode readahead [ 258.167388][ T7901] loop0: detected capacity change from 0 to 8192 [ 258.197930][ T7901] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 258.212161][ T7901] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 258.223069][ T7901] REISERFS (device loop0): using ordered data mode [ 258.229753][ T7901] reiserfs: using flush barriers [ 258.236988][ T7901] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 258.254420][ T7901] REISERFS (device loop0): checking transaction log (loop0) [ 258.503829][ T7901] REISERFS (device loop0): Using tea hash to sort names [ 258.540692][ T7901] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 258.720080][ T4761] usb 8-1: new high-speed USB device number 4 using dummy_hcd [ 258.806461][ T26] kauditd_printk_skb: 12 callbacks suppressed [ 258.806477][ T26] audit: type=1800 audit(1775564397.884:41): pid=7901 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1036" name="file1" dev="loop0" ino=4 res=0 errno=0 [ 258.942118][ T4761] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 258.971578][ T4761] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 258.993040][ T4761] usb 8-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00 [ 259.023687][ T4761] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 259.056603][ T4761] usb 8-1: config 0 descriptor?? [ 259.087915][ T7930] loop5: detected capacity change from 0 to 4096 [ 259.115402][ T7930] ntfs3: loop5: Different NTFS' sector size (2048) and media sector size (512) [ 259.540429][ T4761] hid-steam 0003:28DE:1142.000D: item fetching failed at offset 4/5 [ 259.566328][ T4761] hid-steam 0003:28DE:1142.000D: steam_probe:parse of hid interface failed [ 259.595406][ T4761] hid-steam: probe of 0003:28DE:1142.000D failed with error -22 [ 259.858366][ T7928] loop2: detected capacity change from 0 to 32768 [ 260.020379][ T7928] XFS (loop2): Mounting V5 Filesystem [ 260.148758][ T7928] XFS (loop2): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 260.252058][ T7928] XFS (loop2): Starting recovery (logdev: internal) [ 260.347661][ T7928] XFS (loop2): Ending recovery (logdev: internal) [ 260.468646][ T7961] loop5: detected capacity change from 0 to 64 [ 260.690572][ T4267] XFS (loop2): Unmounting Filesystem [ 260.781547][ T7962] loop6: detected capacity change from 0 to 8192 [ 260.850334][ T7962] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 260.925742][ T7962] REISERFS (device loop6): found reiserfs format "3.6" with non-standard journal [ 260.946429][ T7962] REISERFS (device loop6): using ordered data mode [ 260.955095][ T7962] reiserfs: using flush barriers [ 260.978234][ T7962] REISERFS (device loop6): journal params: device loop6, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 260.995629][ T7962] REISERFS (device loop6): checking transaction log (loop6) [ 261.087242][ T7938] loop0: detected capacity change from 0 to 40427 [ 261.171757][ T7938] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 261.227412][ T7938] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 261.307930][ T7962] REISERFS (device loop6): Using tea hash to sort names [ 261.323371][ T7938] F2FS-fs (loop0): Found nat_bits in checkpoint [ 261.345200][ T7962] REISERFS warning (device loop6): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 4) not found (pos 2) [ 261.438816][ T7962] REISERFS (device loop6): Created .reiserfs_priv - reserved for xattr storage. [ 261.528034][ T5124] usb 8-1: USB disconnect, device number 4 [ 261.595031][ T7938] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 261.610089][ T7938] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 261.843638][ T7977] loop2: detected capacity change from 0 to 512 [ 261.957330][ T7977] EXT4-fs (loop2): 1 truncate cleaned up [ 262.000105][ T7977] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 262.266398][ T4267] EXT4-fs (loop2): unmounting filesystem. [ 262.410088][ T5124] usb 8-1: new high-speed USB device number 5 using dummy_hcd [ 262.610364][ T5124] usb 8-1: Using ep0 maxpacket: 32 [ 262.625713][ T5124] usb 8-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 262.670389][ T5124] usb 8-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 262.724621][ T5124] usb 8-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 262.744661][ T5124] usb 8-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 262.764932][ T5124] usb 8-1: Product: syz [ 262.769279][ T5124] usb 8-1: Manufacturer: syz [ 262.788623][ T5124] hub 8-1:4.0: USB hub found [ 262.993384][ T5124] hub 8-1:4.0: 2 ports detected [ 263.026071][ T8000] loop6: detected capacity change from 0 to 512 [ 263.612501][ T5124] usb 8-1: USB disconnect, device number 5 [ 263.621211][ T4297] kworker/u4:5: attempt to access beyond end of device [ 263.621211][ T4297] loop5: rw=1, sector=4172, nr_sectors = 1 limit=64 [ 263.674859][ T4297] buffer_io_error: 23 callbacks suppressed [ 263.674875][ T4297] Buffer I/O error on dev loop5, logical block 4172, lost async page write [ 263.728984][ T4297] kworker/u4:5: attempt to access beyond end of device [ 263.728984][ T4297] loop5: rw=1, sector=4173, nr_sectors = 16 limit=64 [ 263.764998][ T4297] kworker/u4:5: attempt to access beyond end of device [ 263.764998][ T4297] loop5: rw=1, sector=4189, nr_sectors = 1 limit=64 [ 263.809857][ T4297] Buffer I/O error on dev loop5, logical block 4189, lost async page write [ 263.839443][ T4297] kworker/u4:5: attempt to access beyond end of device [ 263.839443][ T4297] loop5: rw=1, sector=4190, nr_sectors = 1 limit=64 [ 263.879058][ T4297] Buffer I/O error on dev loop5, logical block 4190, lost async page write [ 263.902545][ T4297] kworker/u4:5: attempt to access beyond end of device [ 263.902545][ T4297] loop5: rw=1, sector=4191, nr_sectors = 1 limit=64 [ 263.942317][ T4297] Buffer I/O error on dev loop5, logical block 4191, lost async page write [ 264.008195][ T4297] kworker/u4:5: attempt to access beyond end of device [ 264.008195][ T4297] loop5: rw=1, sector=4192, nr_sectors = 1 limit=64 [ 264.038014][ T4297] Buffer I/O error on dev loop5, logical block 4192, lost async page write [ 264.053545][ T4297] kworker/u4:5: attempt to access beyond end of device [ 264.053545][ T4297] loop5: rw=1, sector=4193, nr_sectors = 1 limit=64 [ 264.069667][ T4297] Buffer I/O error on dev loop5, logical block 4193, lost async page write [ 264.107049][ T4297] kworker/u4:5: attempt to access beyond end of device [ 264.107049][ T4297] loop5: rw=1, sector=4196, nr_sectors = 1 limit=64 [ 264.135676][ T4297] Buffer I/O error on dev loop5, logical block 4196, lost async page write [ 264.169517][ T4297] kworker/u4:5: attempt to access beyond end of device [ 264.169517][ T4297] loop5: rw=1, sector=4197, nr_sectors = 1 limit=64 [ 264.234877][ T4297] Buffer I/O error on dev loop5, logical block 4197, lost async page write [ 264.264632][ T4297] kworker/u4:5: attempt to access beyond end of device [ 264.264632][ T4297] loop5: rw=1, sector=4198, nr_sectors = 1 limit=64 [ 264.293658][ T8006] loop0: detected capacity change from 0 to 32768 [ 264.295064][ T4297] Buffer I/O error on dev loop5, logical block 4198, lost async page write [ 264.316181][ T4297] Buffer I/O error on dev loop5, logical block 4359, lost async page write [ 264.394891][ T8006] JBD2: Ignoring recovery information on journal [ 264.409600][ T8007] loop2: detected capacity change from 0 to 32768 [ 264.521267][ T8006] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 264.576141][ T8007] BTRFS: device fsid 3d39d0ba-bdae-447e-827b-b091e1a68885 devid 1 transid 8 /dev/loop2 scanned by syz.2.1063 (8007) [ 264.642334][ T8007] BTRFS info (device loop2): first mount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885 [ 264.690103][ T8007] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 264.749143][ T8007] BTRFS info (device loop2): setting nodatacow, compression disabled [ 264.784392][ T8007] BTRFS info (device loop2): turning on flush-on-commit [ 264.794068][ T4276] ocfs2: Unmounting device (7,0) on (node local) [ 264.854369][ T8007] BTRFS info (device loop2): using free space tree [ 265.255702][ T8007] BTRFS info (device loop2): enabling ssd optimizations [ 265.823760][ T4267] BTRFS info (device loop2): last unmount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885 [ 266.306603][ T8094] device netdevsim0 entered promiscuous mode [ 266.332849][ T8095] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1085'. [ 266.912116][ T8110] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1090'. [ 267.434533][ T8124] loop0: detected capacity change from 0 to 4096 [ 267.508704][ T8130] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 267.720144][ T5124] usb 6-1: new high-speed USB device number 11 using dummy_hcd [ 267.951353][ T5124] usb 6-1: Using ep0 maxpacket: 8 [ 267.995245][ T5124] usb 6-1: config 179 has an invalid interface number: 65 but max is 0 [ 268.032458][ T5124] usb 6-1: config 179 has no interface number 0 [ 268.054858][ T5124] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 268.099112][ T5124] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 268.130197][ T5124] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 268.158700][ T5124] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 268.187794][ T5124] usb 6-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 268.228497][ T5124] usb 6-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 268.248791][ T5124] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 268.271097][ T8129] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 268.284604][ T8140] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1096'. [ 268.539164][ T8149] team0: Device gtp0 is up. Set it down before adding it as a team port [ 268.668022][ T8155] loop7: detected capacity change from 0 to 64 [ 268.828558][ T5124] usb 6-1: USB disconnect, device number 11 [ 268.834681][ C1] xpad 6-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 268.834734][ C1] xpad 6-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 269.113695][ T11] wlan1: Trigger new scan to find an IBSS to join [ 269.211393][ T11] ------------[ cut here ]------------ [ 269.217847][ T11] no supported rates for sta (null) (0xffffffff, band 0) in rate_mask 0xffffffff with flags 0x20 [ 269.229650][ T11] WARNING: CPU: 0 PID: 11 at net/mac80211/rate.c:385 __rate_control_send_low+0x635/0x880 [ 269.239838][ T11] Modules linked in: [ 269.243842][ T11] CPU: 0 PID: 11 Comm: kworker/u4:1 Not tainted syzkaller #0 [ 269.251321][ T11] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 269.261665][ T11] Workqueue: events_unbound cfg80211_wiphy_work [ 269.268103][ T11] RIP: 0010:__rate_control_send_low+0x635/0x880 [ 269.274483][ T11] Code: 30 42 0f b6 04 28 84 c0 0f 85 e6 01 00 00 41 8b 0e 48 c7 c7 20 a9 a6 8b 48 8b 74 24 10 44 8b 44 24 1c 45 89 e1 e8 fb ef a4 f7 <0f> 0b e9 78 fe ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c 03 fa ff [ 269.294751][ T11] RSP: 0018:ffffc90000107400 EFLAGS: 00010246 [ 269.301041][ T11] RAX: 012bb82ee4a70800 RBX: 000000000000000c RCX: ffff88813feb3b80 [ 269.309350][ T11] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002 [ 269.317627][ T11] RBP: 0000000000000084 R08: ffffc90000107087 R09: 1ffff92000020e10 [ 269.325893][ T11] R10: dffffc0000000000 R11: fffff52000020e11 R12: 0000000000000020 [ 269.334073][ T11] R13: dffffc0000000000 R14: ffff888051083358 R15: ffff8880574682a8 [ 269.342235][ T11] FS: 0000000000000000(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 [ 269.351275][ T11] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 269.358025][ T11] CR2: 00007ff3eab4da08 CR3: 000000005ae67000 CR4: 00000000003506f0 [ 269.366288][ T11] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 269.374384][ T11] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 269.382648][ T11] Call Trace: [ 269.385976][ T11] [ 269.388976][ T11] rate_control_send_low+0x194/0x790 [ 269.394575][ T11] rate_control_get_rate+0x207/0x5c0 [ 269.399967][ T11] ieee80211_tx_h_rate_ctrl+0xb1a/0x1750 [ 269.405864][ T11] ? ieee80211_tx_h_select_key+0x17b0/0x17b0 [ 269.411980][ T11] ? ieee80211_queue_skb+0xc2/0x21c0 [ 269.417343][ T11] invoke_tx_handlers_late+0xb6/0x1810 [ 269.422917][ T11] ? ieee80211_tx_h_select_key+0x126d/0x17b0 [ 269.428962][ T11] ? sta_info_get+0x289/0x2a0 [ 269.433931][ T11] ? invoke_tx_handlers_early+0xa11/0x1d40 [ 269.440114][ T11] ieee80211_tx+0x2d4/0x460 [ 269.444811][ T11] ? ieee80211_skb_resize+0x630/0x630 [ 269.450389][ T11] ? ieee80211_set_qos_hdr+0x1c6/0x510 [ 269.455955][ T11] ? __bpf_trace_tasklet+0x10/0x10 [ 269.461363][ T11] ? ieee80211_xmit+0x30c/0x3f0 [ 269.466276][ T11] ? __ieee80211_tx_skb_tid_band+0x48c/0x610 [ 269.472350][ T11] __ieee80211_tx_skb_tid_band+0x4d1/0x610 [ 269.478248][ T11] ? ieee80211_scan_state_send_probe+0x4b4/0x930 [ 269.484809][ T11] ieee80211_scan_state_send_probe+0x560/0x930 [ 269.491229][ T11] ieee80211_scan_work+0x4d3/0x1bc0 [ 269.496542][ T11] ? _raw_spin_lock_irq+0xb7/0xf0 [ 269.501782][ T11] ? _raw_spin_lock_irqsave+0x100/0x100 [ 269.507411][ T11] cfg80211_wiphy_work+0x221/0x260 [ 269.512674][ T11] ? process_one_work+0x7b0/0x1160 [ 269.517942][ T11] process_one_work+0x8a2/0x1160 [ 269.523263][ T11] ? worker_detach_from_pool+0x240/0x240 [ 269.529155][ T11] ? _raw_spin_lock_irq+0xb7/0xf0 [ 269.534308][ T11] ? _raw_spin_lock_irqsave+0x100/0x100 [ 269.539974][ T11] ? kthread_data+0x4b/0xc0 [ 269.544649][ T11] worker_thread+0xaa2/0x1270 [ 269.549695][ T11] kthread+0x29d/0x330 [ 269.553886][ T11] ? worker_clr_flags+0x1a0/0x1a0 [ 269.559174][ T11] ? kthread_blkcg+0xd0/0xd0 [ 269.564293][ T11] ret_from_fork+0x1f/0x30 [ 269.568895][ T11] [ 269.572139][ T11] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 269.579479][ T11] CPU: 0 PID: 11 Comm: kworker/u4:1 Not tainted syzkaller #0 [ 269.587108][ T11] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 269.597416][ T11] Workqueue: events_unbound cfg80211_wiphy_work [ 269.604183][ T11] Call Trace: [ 269.607514][ T11] [ 269.610496][ T11] dump_stack_lvl+0x188/0x24e [ 269.615247][ T11] ? memcpy+0x3c/0x60 [ 269.619405][ T11] ? show_regs_print_info+0x12/0x12 [ 269.624762][ T11] ? load_image+0x400/0x400 [ 269.629430][ T11] panic+0x2e5/0x730 [ 269.633481][ T11] ? bpf_jit_dump+0xd0/0xd0 [ 269.638071][ T11] ? ret_from_fork+0x1f/0x30 [ 269.642826][ T11] __warn+0x2f8/0x4f0 [ 269.646963][ T11] ? __rate_control_send_low+0x635/0x880 [ 269.652656][ T11] ? __rate_control_send_low+0x635/0x880 [ 269.658346][ T11] report_bug+0x2ba/0x4f0 [ 269.662747][ T11] ? __rate_control_send_low+0x635/0x880 [ 269.668443][ T11] handle_bug+0x3a/0x70 [ 269.672692][ T11] exc_invalid_op+0x16/0x40 [ 269.677264][ T11] asm_exc_invalid_op+0x16/0x20 [ 269.682176][ T11] RIP: 0010:__rate_control_send_low+0x635/0x880 [ 269.688570][ T11] Code: 30 42 0f b6 04 28 84 c0 0f 85 e6 01 00 00 41 8b 0e 48 c7 c7 20 a9 a6 8b 48 8b 74 24 10 44 8b 44 24 1c 45 89 e1 e8 fb ef a4 f7 <0f> 0b e9 78 fe ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c 03 fa ff [ 269.708241][ T11] RSP: 0018:ffffc90000107400 EFLAGS: 00010246 [ 269.714430][ T11] RAX: 012bb82ee4a70800 RBX: 000000000000000c RCX: ffff88813feb3b80 [ 269.722465][ T11] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002 [ 269.730499][ T11] RBP: 0000000000000084 R08: ffffc90000107087 R09: 1ffff92000020e10 [ 269.738616][ T11] R10: dffffc0000000000 R11: fffff52000020e11 R12: 0000000000000020 [ 269.746733][ T11] R13: dffffc0000000000 R14: ffff888051083358 R15: ffff8880574682a8 [ 269.754894][ T11] rate_control_send_low+0x194/0x790 [ 269.760251][ T11] rate_control_get_rate+0x207/0x5c0 [ 269.765607][ T11] ieee80211_tx_h_rate_ctrl+0xb1a/0x1750 [ 269.771406][ T11] ? ieee80211_tx_h_select_key+0x17b0/0x17b0 [ 269.777630][ T11] ? ieee80211_queue_skb+0xc2/0x21c0 [ 269.782981][ T11] invoke_tx_handlers_late+0xb6/0x1810 [ 269.788518][ T11] ? ieee80211_tx_h_select_key+0x126d/0x17b0 [ 269.794728][ T11] ? sta_info_get+0x289/0x2a0 [ 269.799551][ T11] ? invoke_tx_handlers_early+0xa11/0x1d40 [ 269.805515][ T11] ieee80211_tx+0x2d4/0x460 [ 269.810112][ T11] ? ieee80211_skb_resize+0x630/0x630 [ 269.815668][ T11] ? ieee80211_set_qos_hdr+0x1c6/0x510 [ 269.821215][ T11] ? __bpf_trace_tasklet+0x10/0x10 [ 269.826481][ T11] ? ieee80211_xmit+0x30c/0x3f0 [ 269.831415][ T11] ? __ieee80211_tx_skb_tid_band+0x48c/0x610 [ 269.837712][ T11] __ieee80211_tx_skb_tid_band+0x4d1/0x610 [ 269.843667][ T11] ? ieee80211_scan_state_send_probe+0x4b4/0x930 [ 269.850104][ T11] ieee80211_scan_state_send_probe+0x560/0x930 [ 269.856352][ T11] ieee80211_scan_work+0x4d3/0x1bc0 [ 269.861630][ T11] ? _raw_spin_lock_irq+0xb7/0xf0 [ 269.866703][ T11] ? _raw_spin_lock_irqsave+0x100/0x100 [ 269.872569][ T11] cfg80211_wiphy_work+0x221/0x260 [ 269.877750][ T11] ? process_one_work+0x7b0/0x1160 [ 269.883075][ T11] process_one_work+0x8a2/0x1160 [ 269.888086][ T11] ? worker_detach_from_pool+0x240/0x240 [ 269.893872][ T11] ? _raw_spin_lock_irq+0xb7/0xf0 [ 269.899083][ T11] ? _raw_spin_lock_irqsave+0x100/0x100 [ 269.904695][ T11] ? kthread_data+0x4b/0xc0 [ 269.909384][ T11] worker_thread+0xaa2/0x1270 [ 269.914168][ T11] kthread+0x29d/0x330 [ 269.918302][ T11] ? worker_clr_flags+0x1a0/0x1a0 [ 269.923402][ T11] ? kthread_blkcg+0xd0/0xd0 [ 269.928399][ T11] ret_from_fork+0x1f/0x30 [ 269.932901][ T11] [ 269.936551][ T11] Kernel Offset: disabled [ 269.941033][ T11] Rebooting in 86400 seconds..