last executing test programs: 5m11.672573522s ago: executing program 1 (id=1642): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000380)=0x7) sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffc000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup(r3) setsockopt$IPT_SO_SET_REPLACE(r4, 0x4000000000000, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0xe501, 0x3, 0x298, 0x128, 0x6affffff, 0x3403000b, 0x0, 0x7, 0x200, 0x230, 0x230, 0x200, 0x223, 0x3, 0x0, {[{{@ip={@remote, @local, 0x0, 0x0, 'bond_slave_1\x00', 'veth1_to_team\x00'}, 0x0, 0xe0, 0x128, 0x0, {0x1000000}, [@common=@unspec=@quota={{0x38}, {0x1, 0x0, 0x0, {0x3}}}, @common=@unspec=@time={{0x38}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'pptp\x00'}}}, {{@uncond, 0x0, 0x70, 0xd8}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x2, 0x0, 0x0, 0x0, 'syz0\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x2f8) 5m9.439374937s ago: executing program 1 (id=1652): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) bind$inet(r1, &(0x7f0000000380)={0x2, 0x4e21, @multicast1}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='bbr', 0x3) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000280)='htcp', 0x4) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000000)=[@mss, @sack_perm, @window={0x3, 0x7}, @mss={0x2, 0xfff}, @window={0x3, 0x0, 0x401}, @window], 0x20000000000000e4) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f00000001c0), 0x4) sendto$inet(r1, &(0x7f0000000000), 0xffffffffffffff94, 0xb, 0x0, 0x0) recvfrom$inet(r1, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0xc9100120, 0x0, 0xfffffffffffffd25) 5m8.332386628s ago: executing program 1 (id=1657): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='debugfs\x00', 0x0, 0x0) mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x8020, &(0x7f0000000280)=ANY=[]) 5m8.20988335s ago: executing program 1 (id=1658): openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0) syz_mount_image$ext4(&(0x7f0000000bc0)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x0, &(0x7f00000000c0), 0x2, 0xbd1, &(0x7f0000001340)="$eJzs3M1rHOcZAPBnRquVbKtduZRS91KVUmwoXUsuMrUp1C4uvfRQaK8Fq/LKCK0/kFRcyTqskn8gX+dALoEkJiGH+OxLQnLNJbGvCTkETFCsBEJIFGY/pI2lleR4V6PIvx+8mvedd7TP8+ywO/PC7gbwxBrJ/qQRxyLiYhJRau5PI6JY7w1G1BrHra4sTX65sjSZxNravz5LIomIBytLk63HSprbI83BYES8/9ckfvb05rhzC4szE9VqZbY5Pjl/5frJuYXFP0xfmbhcuVy5Onb6T+Onxk+PnhnvWq1ffXTu9he/+fsnta9f/ebW58+/nMS5GGrOtdfRLSMxsv6ctCtExES3g+Wkr1lPe51JYYd/SnucFAAAHaVt93C/iFL0xcbNWyne/iDX5AAAAICuWOuLWAMAAAAOuMT6HwAAAA641ucAHqwsTbZavp9I2Fv3z0fEcKP+1WZrzBSiVt8ORn9EHH6QRPvXWpPGvz22kYj4+N6ZN7IWPfoe8nZqyxHxy63Of1Kvf7j+Le7N9acRMdqF+CMPjX9M9Z/rQvy86wfgyXTnfONCtvn6l67f/8QW17/CFteuHyLv61/r/m910/3fRv19He7//rnLGDdfefFGp7ms/j/f/tvrrZbFz7aPVdQjuL8c8avCVvUn6/UnHeq/uMsYpW9vVDrN5V3/2ksRx2Pr+luS7X+f6OTUdLUy2vi7ZYzl98Zf6xQ/7/qz83+4Q/2t33/qdP6v7zLGfy5ceHPTznsb3e3rTz8tJv+u94rNPf+fmJ+fHYsoJv/YvP/U9rm0jmk9Rlb/id9u//rfqv7sPaHWfB6ytcByc5uNn3oo5l9u3XyrUz6t9V+e5/9Sh/PfXv+7hc3n/5ldxvjdO8+d6DTXvv7NWha/tRYGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgJY0IoYiScvr/TQtlyOORMTP43BavTY3//upa/+7eimbixiO/nRquloZjYhSY5xk47F6f2N86qHxHyPiaES8UDpUH5cnr1Uv5V08AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA645ExFAkaTki0ohYLaVpuZx3VgAAAEDXDeedAAAAANBz1v8AAABw8Fn/AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0GNHf33nbhIRtbOH6i1TbM7155oZ0Gtp3gkAuenLOwEgN4W8EwBy84hrfLcLcAAlO8wPdpwZ6HouAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOxfx4/duZtERO3soXrLFJtz/blmBvRa2tZPcswD2Ht9200W9i4PYO95icOTyxof2GntP7hxTO37MwM9ywkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/Weo3pK0HBHF5r5yOeInETEc/cnUdLUyGhE/jYgPS/0D2Xgs55wBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADovrmFxZmJarUym3XSaHbW9/Sg09eM3MMQvekkjbxr+yWfg90ZeHanY/4bjxmiGPui0n3ayfNdCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAvMwtLM5MVKuV2bm8MwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADyNrewODNRrVZme9jJu0YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPLzXQAAAP//jAsGRw==") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x28011, r0, 0x0) setxattr$security_capability(0x0, &(0x7f0000000280), 0x0, 0x0, 0x0) creat(&(0x7f0000000580)='./bus\x00', 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r1 = open(&(0x7f0000000180)='./bus\x00', 0x14113e, 0x6ceac77f206eabb9) write$binfmt_script(r1, &(0x7f0000000080), 0x208e24b) setreuid(0x0, 0x0) mremap(&(0x7f0000040000/0x4000)=nil, 0x4000, 0x4000, 0x3, &(0x7f0000009000/0x4000)=nil) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x9) 5m7.472121543s ago: executing program 1 (id=1666): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r3, &(0x7f0000000740)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000000)={0x20, 0x11, 0x1, 0x0, 0x25dfdbff, "", [@nested={0x10, 0x0, 0x0, 0x0, [@typed={0xc, 0x0, 0x0, 0x0, @binary="56ccabd869c20338"}]}]}, 0x20}], 0x1, 0x0, 0x0, 0xc010}, 0x40080) 5m6.00720482s ago: executing program 1 (id=1672): syz_mount_image$hfsplus(&(0x7f00000004c0), &(0x7f0000000040)='./file0\x00', 0x4008, &(0x7f00000002c0)=ANY=[], 0x1, 0x678, &(0x7f00000010c0)="$eJzs3c1vHGcdB/DvrteON5TUTZM2RZUSNeJFtUjsWC6YCwEh5EOFqnLgbCUOsbJJi+0it0LU5fXaQ/6AcvCNExL3SOXCBW69+lgJgYR6wYjDop2dXW/sXb/EitduP59o9nlmnpnn+T2/ndnZXSvaAF9Y85OpPUol85Ovr7XWNzdmGpsbM/c79SRnklSTWrtI5T/NZvPj5GbaS15qbSy7qwwa5+HS3JuffLb5aXutVi7F/tW9jjuY9XLJlSQjZfnkXT3e3639+hvfr89Kd4athF3tJA6GbTRJs/DPh+0tP/vrM92WHvV+R+975gOnQKV939xlIjlbXuit9wHtu2L7nn2qrQ87AAAAADgGz25lK2s5N+w4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4DQpf/+/Ui7VdjmaK6l0fv9/rGxLWT9ZLh9u90dPKw4AAAAAAAAAOKozB9/18la2spZz3Q3/Lv7m3+7hQvH4pbyTlSxmOdeyloWsZjXLmU4y0dPR2NrC6urydF7Z98gbfY+8ccA51Q8+NwAAAAAAAAD4AvlV5nv+/g8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACdAJRlpF8VyoVOfSLWWZDzJWGu/9eTvnfpp9mjYAQAAAMAxeHYrW1nLuc56s1J85n+h+Nw/nnfyIKtZymoaWczt4ruA9qf+6ubGTGNzY+Z+a9nd7/f+dagwih7T/u6h/8iXij3quZOlYsu13MpbaeR2qsWRLZc68fSP64NWTJXvlg4Y2e2ybM38w7Lc5f1DTXaQwV+mvN1v40SRkdFuRqZ6Yntu70wc8tnZOdJ0qt1gL+wYaccknijnZ8uyNZ/fDcr5setE35uJyz2hvbB3zpOv//mPP7nbeHDv7p2VyZMxpf2tl+VIWTaLx/ruc2Km5zp88fOYiYGmikxc7K7P54f5cSZzJW9kOUv5eRaymsVcyQ+K2kJ5Pld6LvkBmbr52Nob+0UyVl6r7SfrcDG9Uhx7Lkv5Ud7K7SzmteLfjUznW5nNbOZ6nuGLB3ilrQ646ptf7hv81W+UlXqS35flydDK63M9ee19zZ0o2nq3bGfp/NHuR7U+odS+UlZaY/y6LE+GnZmY7snE83tn4g/Fy8pK48G95bsL2ze70b2GO/9hWWldR789MXeJlOfL+e4T+PjZ0Wp7vm/bdNF2odtW3dV2sdvWvlLXB16pY+V7uN093SjaXuzbNlO0Xepp6/d+C4AT7+yrZ8fq/6j/rf5R/Tf1u/XXx79/5ttnXh7L6F9Gv1ObGvla9eXKn/JRfrn9+R8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHhyK+++d2+h0Vhc3lFpNpvvD2g6zZXOz5kd46AvPZMMa8pjSdpb/tdsG1bm/9tsNsstlRNxJuxZKVJ1Js2nPlYtSb+my71bPhjK+TPkFybgqbu+ev/t6yvvvvfNpfvNkcWfLj6Ym52dm5qbfW3m+p2lxuJU+3HYUQJPw/ZNf9iRAAAAAAAAAAAAAAd1kP8P8NVXy50n2sXufepJBvczePTxY5kjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcLrNT6b2KJVMT12baq1vbsw0Wkunvr1nLUk1SeUXSeXj5GbaSyZ6uqsMGufh0tybn3y2+el2X7XO/tW9jjuY9XLJlSQjZdlRP2J/t3b0d3iV7gxbCbvaSVwyfqRu4aj+HwAA//8sFQQa") r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r2, &(0x7f0000000180)=ANY=[@ANYBLOB="1500000065ffff097b00000800395032303030"], 0x15) r3 = dup(r2) write$FUSE_BMAP(r3, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r3, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000300)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r3}}) r4 = open_tree(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0) umount2(&(0x7f0000000080)='./file0\x00', 0x1) fstat(r4, 0x0) unlinkat(r0, &(0x7f0000000280)='./file0\x00', 0x200) 5m5.626021399s ago: executing program 32 (id=1672): syz_mount_image$hfsplus(&(0x7f00000004c0), &(0x7f0000000040)='./file0\x00', 0x4008, &(0x7f00000002c0)=ANY=[], 0x1, 0x678, &(0x7f00000010c0)="$eJzs3c1vHGcdB/DvrteON5TUTZM2RZUSNeJFtUjsWC6YCwEh5EOFqnLgbCUOsbJJi+0it0LU5fXaQ/6AcvCNExL3SOXCBW69+lgJgYR6wYjDop2dXW/sXb/EitduP59o9nlmnpnn+T2/ndnZXSvaAF9Y85OpPUol85Ovr7XWNzdmGpsbM/c79SRnklSTWrtI5T/NZvPj5GbaS15qbSy7qwwa5+HS3JuffLb5aXutVi7F/tW9jjuY9XLJlSQjZfnkXT3e3639+hvfr89Kd4athF3tJA6GbTRJs/DPh+0tP/vrM92WHvV+R+975gOnQKV939xlIjlbXuit9wHtu2L7nn2qrQ87AAAAADgGz25lK2s5N+w4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4DQpf/+/Ui7VdjmaK6l0fv9/rGxLWT9ZLh9u90dPKw4AAAAAAAAAOKozB9/18la2spZz3Q3/Lv7m3+7hQvH4pbyTlSxmOdeyloWsZjXLmU4y0dPR2NrC6urydF7Z98gbfY+8ccA51Q8+NwAAAAAAAAD4AvlV5nv+/g8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACdAJRlpF8VyoVOfSLWWZDzJWGu/9eTvnfpp9mjYAQAAAMAxeHYrW1nLuc56s1J85n+h+Nw/nnfyIKtZymoaWczt4ruA9qf+6ubGTGNzY+Z+a9nd7/f+dagwih7T/u6h/8iXij3quZOlYsu13MpbaeR2qsWRLZc68fSP64NWTJXvlg4Y2e2ybM38w7Lc5f1DTXaQwV+mvN1v40SRkdFuRqZ6Yntu70wc8tnZOdJ0qt1gL+wYaccknijnZ8uyNZ/fDcr5setE35uJyz2hvbB3zpOv//mPP7nbeHDv7p2VyZMxpf2tl+VIWTaLx/ruc2Km5zp88fOYiYGmikxc7K7P54f5cSZzJW9kOUv5eRaymsVcyQ+K2kJ5Pld6LvkBmbr52Nob+0UyVl6r7SfrcDG9Uhx7Lkv5Ud7K7SzmteLfjUznW5nNbOZ6nuGLB3ilrQ646ptf7hv81W+UlXqS35flydDK63M9ee19zZ0o2nq3bGfp/NHuR7U+odS+UlZaY/y6LE+GnZmY7snE83tn4g/Fy8pK48G95bsL2ze70b2GO/9hWWldR789MXeJlOfL+e4T+PjZ0Wp7vm/bdNF2odtW3dV2sdvWvlLXB16pY+V7uN093SjaXuzbNlO0Xepp6/d+C4AT7+yrZ8fq/6j/rf5R/Tf1u/XXx79/5ttnXh7L6F9Gv1ObGvla9eXKn/JRfrn9+R8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHhyK+++d2+h0Vhc3lFpNpvvD2g6zZXOz5kd46AvPZMMa8pjSdpb/tdsG1bm/9tsNsstlRNxJuxZKVJ1Js2nPlYtSb+my71bPhjK+TPkFybgqbu+ev/t6yvvvvfNpfvNkcWfLj6Ym52dm5qbfW3m+p2lxuJU+3HYUQJPw/ZNf9iRAAAAAAAAAAAAAAd1kP8P8NVXy50n2sXufepJBvczePTxY5kjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcLrNT6b2KJVMT12baq1vbsw0Wkunvr1nLUk1SeUXSeXj5GbaSyZ6uqsMGufh0tybn3y2+el2X7XO/tW9jjuY9XLJlSQjZdlRP2J/t3b0d3iV7gxbCbvaSVwyfqRu4aj+HwAA//8sFQQa") r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r2, &(0x7f0000000180)=ANY=[@ANYBLOB="1500000065ffff097b00000800395032303030"], 0x15) r3 = dup(r2) write$FUSE_BMAP(r3, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r3, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000300)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r3}}) r4 = open_tree(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0) umount2(&(0x7f0000000080)='./file0\x00', 0x1) fstat(r4, 0x0) unlinkat(r0, &(0x7f0000000280)='./file0\x00', 0x200) 4m32.757566332s ago: executing program 4 (id=1851): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = dup(r0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @loopback, 0x3}], 0x1c) sendmsg$inet6(r0, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0x8, @loopback, 0x4}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x4048043) r2 = dup(r0) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000000)='ip6gretap0\x00', 0x10) writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000100)='B', 0x1}], 0x1) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000200)={0x0, @in6={{0xa, 0xce20, 0x6, @empty, 0x2d}}, 0x7, 0x1, 0xf06, 0x3, 0xb4, 0x7f, 0x9}, 0x9c) pipe2$9p(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RSETATTR(r4, &(0x7f0000000000)={0x7, 0x1b, 0x2}, 0xffffff9a) splice(r3, 0x0, r0, 0x0, 0x20000000000002, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in6={{0xa, 0x4e60, 0xeffffff2, @empty, 0x5}}, 0x10001fc, 0x806, 0xffff1896, 0x3, 0x26, 0xffffffb9, 0x1a}, 0x9c) 4m31.465676951s ago: executing program 4 (id=1862): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f00000000c0)={'rose0\x00', 0x112}) ioctl$TUNATTACHFILTER(r4, 0x400454ce, 0x0) 4m31.143910164s ago: executing program 4 (id=1867): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x80, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = syz_open_procfs(0x0, &(0x7f0000000040)='smaps\x00') read$FUSE(r3, &(0x7f0000000080)={0x2020}, 0x2020) 4m30.345521674s ago: executing program 4 (id=1869): r0 = syz_mount_image$ext4(&(0x7f0000000440)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f00000003c0)={[{@nojournal_checksum}, {@dioread_lock}, {@resgid}, {}, {@resgid}, {@inlinecrypt}, {@debug}, {@usrquota}]}, 0x3, 0x570, &(0x7f0000000680)="$eJzs3V1rHFUYAOB3Nkm/tSmUoiIS6IWV2k2T+FFBsF6KFgt6X5dkGmo23ZLdlCYW2l7YG2+kCCIWxB/gvZfFP+CvKGihSAl64U1kNrPtNtnN52q2zvPAtOfMzObM2TPv2Xd2dtkACmsk+6cU8WLcjK+TiMNt2wYj3ziyst/So+uT2ZLE8vInfySR5Ota+yf5/wfzygsR8cuXESdLa9utLyzOVKrVdC6vjzZmr4zWFxZPXZqtTKfT6eXxiYkzb06Mv/P2Wz3r62vn//ru43sfnPnq+NK3Pz04cieJs3Eo39bejx242V4ZiZH8ORmKs6t2HOtBY/0k2e0DYFsG8jgfimwOOBwDedQD/383ImIZKKhE/ENBtfKA1rV9j66DnxkP31+5AFrb/8GV90ZiX/Pa6MBS8tSVUXa9O9yD9rM2fv797p1siQ3eh7jRg/YAWm7eiojTg4Nr578kn/+273TzzeP1rW6jaK8/sJvuZfnP653yn9Lj/Cc65D8HO8Tudmwc/6UHPWimqyz/e7dj/vt46hoeyGvPNXO+oeTipWp6OiKej4gTMbQ3q693P+fM0v3lbtva879sydpv5YL5cTwY3Pv0Y6YqjcpO+tzu4a2Il57kv0msmf/3NXPd1eOfPR/nN9nGsfTuK922bdz/dr3PgJd/jHi14/g/uaOVrH9/crR5Poy2zoq1/rx97Ndu7W+t/72Xjf+B9fs/nLTfr61vvY0f9v2ddtu23fN/T/Jps7wnX3et0mjMjUXsST5au378yWNb9db+Wf9PHF9//ut0/u+PiM822f/bR2933bUfxn9qS+O/9cL9D7/4vlv7mxv/N5qlE/mazcx/mz3AnTx3AAAAAAAA0G9KEXEoklL5cblUKpdXPt9xNA6UqrV64+TF2vzlqWh+V3Y4hkqtO92H2z4PMZZ/HrZVH19Vn4iIIxHxzcD+Zr08WatO7XbnAQAAAAAAAAAAAAAAAAAAoE8c7PL9/8xvA7t9dMC/zk9+Q3FtGP+9+KUnoC95/Yfi6hL/pgUoAIEOxSX+objEPxSX+IfiEv9QXOIfAAAAAAAAAAAAAAAAAAAAAAAAAAAAeur8uXPZsrz06PpkVp+6ujA/U7t6aiqtz5Rn5yfLk7W5K+XpWm26mpYna7Mb/b1qrXZlbDzmr4020npjtL6weGG2Nn+5ceHSbGU6vZAO/Se9AgAAAAAAAAAAAAAAAAAAgGdLfWFxplKtpnMKXQvvxW4fxucv7+ThSedRTto6uGJbTQz2yzAp9LSwyxMTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALT5JwAA//821zOC") open(&(0x7f0000000680)='./bus\x00', 0x4001410c2, 0x2e) mount(&(0x7f00000004c0)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0) r1 = open(&(0x7f0000000300)='./file1\x00', 0x14927e, 0x0) fallocate(r1, 0x0, 0x0, 0x1001f0) writev(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000140)='15', 0x2}], 0x8) r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r2, 0xc0505405, &(0x7f0000001300)={{0x3}, 0x3, 0x58b1, 0xffffffffffffffff}) fcntl$setstatus(r0, 0x4, 0x6c00) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) ioctl$LOOP_SET_STATUS64(r3, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x40, 0x8005, 0x0, 0x0, 0xa, 0x4, "ef359f413bb93852f7d6a4ae6dddfbd1000000000000ff91031905b9aaaaf755a3f6a004000000000001000200", "036c47c6780820d1cbf733970000cf33768bbd9bffbcc2542ded71038259ca171ce1a310ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x204, 0xffffffffffffffff]}) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x0) write$bt_hci(r1, &(0x7f0000000100)={0x1, @delete_stored_link_key={{0xc12, 0x7}, {@any, 0x81}}}, 0xb) 4m29.029665215s ago: executing program 4 (id=1877): mkdirat(0xffffffffffffff9c, &(0x7f00000021c0)='./file0\x00', 0xb9) setreuid(0x0, 0x0) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000040)={0x15, 0x65, 0xffff, 0x1000, 0x8, '9P2000.u'}, 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18, 0x0, 0x0, {0x2}}, 0x18) write$FUSE_INIT(r2, &(0x7f0000000280)={0x50, 0x0, 0x0, {0x7, 0x21, 0x0, 0x0, 0xfff9, 0x1000, 0x0, 0x7, 0x0, 0x0, 0x20, 0x8}}, 0x50) mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000000c0), 0xc00, &(0x7f0000000500)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) read$FUSE(r0, &(0x7f0000000740)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) fchownat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', r3, r4, 0x1000) openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) mount$tmpfs(0x0, 0x0, 0x0, 0x2a44a9, 0x0) umount2(&(0x7f0000000080)='./file0\x00', 0xa) 4m28.429353995s ago: executing program 4 (id=1886): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x4000) r2 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup.cpu/cgroup.procs\x00', 0xe02, 0x1c0) r3 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000200)='/proc/sys/net/ipv4/tcp_rmem\x00', 0x1, 0x0) write$UHID_CREATE2(0xffffffffffffffff, 0x0, 0x118) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, 0x0) sendfile(r3, r2, 0x0, 0x3a) 4m28.098837829s ago: executing program 33 (id=1886): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x4000) r2 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup.cpu/cgroup.procs\x00', 0xe02, 0x1c0) r3 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000200)='/proc/sys/net/ipv4/tcp_rmem\x00', 0x1, 0x0) write$UHID_CREATE2(0xffffffffffffffff, 0x0, 0x118) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, 0x0) sendfile(r3, r2, 0x0, 0x3a) 3.431536596s ago: executing program 5 (id=3819): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000380)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r4, 0xc05064a7, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)=[0x0, 0x0], &(0x7f0000000340), 0x0, 0x2, 0x0, 0x0, r5}) ioctl$DRM_IOCTL_MODE_SETPROPERTY(r4, 0xc01064ab, &(0x7f0000000440)={0x1, r6, r5}) 3.273326922s ago: executing program 5 (id=3824): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) sendto$inet(r2, 0x0, 0x0, 0x80, 0x0, 0x0) write$UHID_CREATE2(0xffffffffffffffff, 0x0, 0x118) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r3, &(0x7f0000000500)={0xa, 0x4e22, 0xc, @ipv4={'\x00', '\xff\xff', @loopback}, 0x5}, 0x1c) connect$inet6(r3, &(0x7f0000000080)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0x106}, 0x1c) 3.041628205s ago: executing program 2 (id=3829): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000000780)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) 2.550640094s ago: executing program 2 (id=3837): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$tipc(0x1e, 0x2, 0x0) r5 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r5, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10) setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10) 2.50151474s ago: executing program 0 (id=3839): r0 = syz_open_dev$audion(0x0, 0xfb, 0xc82) syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000480)='./file1\x00', 0x0, &(0x7f0000000280), 0x1, 0x792, &(0x7f0000001a40)="$eJzs3ctrXFUYAPDvTl5NWk0EQesqINhA6cTU2Cq4qLgQwUJB17ZhMg01k0zJTEoTAraI4EZQcSHopmsfdefWx1b/CxdSKZoWKy4kciczybSZSSdpZiaQ3w9O5pz7yDnfnPs4d+5lJoADazT9k4k4GhEfJxHD1elJRPRVcr0RZ9aXu7e6kktTEmtrb/2ZVJa5u7qSi7p1Uoerhacj4qcPIo5nttZbWlqenSoU8gvV8nh57vJ4aWn5xKW5qZn8TH7+1MTk5MnTL54+tXex/v3r8pE/Pnn92Ldn/n3/qZsf/ZzEmThSnVcfx14ZjdHqe9KXvoX3eW2vK+uypNsNYFfSXbNnfS+PozEcPZVcE4Ob2YnljjQPAGiD9yJiDQA4YBLnfwA4YGqfA9xdXcnVUnc/keis269GxKH1+Gv3N9fn9Fbv2R2q3Acdupvcd2ckiYiRPah/NCK+/P6dr9MU1X5wLw3ohGvXI+LCyOjW43+y5ZmFnXp+u5lrA5WX0QcmH7TzD3TTD+n456VG47/MxvgnGox/Bhrsu7vx8P0/c2sPqmkqHf+9Uvds2726+KtGeqqlxypjvr7k4qVCPj22PR4RY9E3kJYnKos2HrmN3fnvTrP668d/f3367ldp/enr5hKZW70D968zPVWeetS4a25fj3imt1H8yUb/J03Gv+darOONlz/8otm8NP403lraGn97rd2IeK5h/2/2ZbLt84njlc1hvLZRNPDdb58PNat/9Fj/Rv+nKa2/di3QCWn/D20f/0hS/7xmaed1/HJj+Mdm8+q3/8bxN97++5O3K/n+6rSrU+XywkREf/Lm1uknN9etlWvLp/GPPdt4/1+vtvH2n14TXmgx/t7e+Gb38bdXGv/0jvp/55mb92Z7mtXfWv9PVnJj1SmtHP9abeCjvHcAAAAAAAAAAAAAAAAAAAAAAAAA0KpMRByJJJPdyGcy2ez6b3g/GUOZQrFUPn6xuDg/HZXfyh6Jvkztqy6H674PdaL6ffi18skHyi9ExBMR8dnAYKWczRUL090OHgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACqDjf5/f/U7wPdbh0A0DaHut0AAKDjnP8B4ODZ2fl/sG3tAAA6x/U/ABw8LZ//L7S3HQBA57j+BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM3OnT2bprV/VldyaXn6ytLibPHKiel8aTY7t5jL5ooLl7MzxeJMIZ/NFeea/qNr6y+FYvHyZMwvXh0v50vl8dLS8vm54uJ8+fyluamZ/Pl8X8ciAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDWlZaWZ6cKhfyCzLaZwf3RjH2T6Y190QyZh2QyEbG71euPEoPdO0ABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7HP/BwAA///F9Cf0") socket$inet_udp(0x2, 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r1, 0x8004587d, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x8000000000000, 0x6, 0x7fff}) quotactl$Q_SETQUOTA(0xffffffff80000802, &(0x7f0000000100)=@loop={'/dev/loop', 0x0}, 0xee00, 0x0) ioctl$LOOP_SET_FD(r0, 0x80045017, 0xffffffffffffffff) mq_open(0x0, 0x40, 0x60, 0x0) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000380), 0x4) syz_io_uring_setup(0x497, 0x0, 0x0, &(0x7f0000000480)) close(0x3) openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x200000, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x2000400c) ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(0xffffffffffffffff, 0x40505330, 0x0) 2.465866613s ago: executing program 2 (id=3840): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.throttle.io_serviced\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8=0x0, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r4, 0x0) r5 = socket(0xa, 0x1, 0x0) bind$inet6(r5, &(0x7f0000000080)={0xa, 0xe64, 0x3, @ipv4={'\x00', '\xff\xff', @empty}, 0x202}, 0x1c) 2.403728879s ago: executing program 3 (id=3841): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x28100, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_RUN(r4, 0xae80, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r5 = socket$inet_tcp(0x2, 0x1, 0x0) sendmmsg$inet(r5, &(0x7f0000000a40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40040) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) 2.39594425s ago: executing program 0 (id=3842): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendmmsg$inet(r2, &(0x7f0000000a40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40040) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000500), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r4, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, 0x0) 2.326520827s ago: executing program 2 (id=3843): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000005ec0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000005f00)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r4, &(0x7f0000006000)={0x0, 0x0, &(0x7f0000005fc0)={&(0x7f0000000000)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01002dbd0600ffdbdb252100000008000300", @ANYRES32=r6, @ANYBLOB="0600eb00000800000400ec000a0006"], 0x44}}, 0x28000) 2.325375737s ago: executing program 5 (id=3844): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmsg$sock(r2, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x4040000) sendmmsg$inet6(r3, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) socket$tipc(0x1e, 0x2, 0x0) 2.233645987s ago: executing program 3 (id=3845): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r5 = socket$tipc(0x1e, 0x5, 0x0) recvmsg(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000001780)=[{0x0}, {0x0}], 0x2}, 0x100) 2.213222308s ago: executing program 0 (id=3846): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r3, &(0x7f0000000440)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8014) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000000)={'pim6reg1\x00', 0x2}) 2.188503121s ago: executing program 5 (id=3847): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000480)='net/ip6_mr_cache\x00') preadv(r5, &(0x7f0000000400)=[{&(0x7f0000000340)=""/152, 0x98}], 0x1, 0x1, 0xe3d0) 2.181849051s ago: executing program 3 (id=3848): r0 = msgget(0x3, 0x240) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000380)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00'}, 0x10) write(0xffffffffffffffff, 0x0, 0x0) msgrcv(r0, 0x0, 0x0, 0x3, 0x1000) msgsnd(r0, &(0x7f00000008c0)={0x2}, 0x8, 0x800) 2.101149919s ago: executing program 2 (id=3849): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2) r7 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1) syz_kvm_setup_cpu$x86(r5, r7, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f0000000180)="66b9800000c00f326635008200000f3066b98804000066b89d6800006a17580000000000300fc76c000f224466b9800000c00f3266350100000066b85100000066ba0000000f3066b82d006600d3d3ba000000000f30f0281dba4000b006ee67dad5660f3880360400", 0x69}], 0x1, 0x40, 0x0, 0x14) ioctl$KVM_SET_REGS(r6, 0x4090ae82, &(0x7f0000000200)={[0x4, 0x800000008, 0x200000500, 0x2, 0x20000000009f99, 0x9, 0xfffffffffffffffd, 0x200005, 0xa, 0x100000002, 0x1000000000003, 0x5, 0x80000100962, 0x8, 0x8, 0x8], 0x10000, 0x132c0}) ioctl$KVM_RUN(r6, 0xae80, 0x0) 2.079160192s ago: executing program 0 (id=3850): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x13, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000180)={0xa, 0x4e22, 0x8, @loopback}, 0x1c) listen(r2, 0x5) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r3, 0x0, 0x0, 0x24040014, &(0x7f0000000000)={0xa, 0x4e22, 0x7, @empty, 0xfffffffe}, 0x1c) accept(r2, &(0x7f00000001c0)=@sco, 0x0) bind$netlink(0xffffffffffffffff, 0x0, 0x0) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) close_range(r4, 0xffffffffffffffff, 0x0) 1.079994292s ago: executing program 0 (id=3851): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) sendto$inet(r2, 0x0, 0x0, 0x80, 0x0, 0x0) write$UHID_CREATE2(0xffffffffffffffff, 0x0, 0x118) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r3, &(0x7f0000000500)={0xa, 0x4e22, 0xc, @ipv4={'\x00', '\xff\xff', @loopback}, 0x5}, 0x1c) connect$inet6(r3, &(0x7f0000000080)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0x106}, 0x1c) 1.079722762s ago: executing program 5 (id=3852): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32=r0, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') lseek(r5, 0xfffd, 0x0) 1.079396402s ago: executing program 2 (id=3853): syz_mount_image$cramfs(&(0x7f00000000c0), &(0x7f0000000000)='./file1\x00', 0x0, &(0x7f0000000040)=ANY=[], 0xfe, 0x163, &(0x7f00000003c0)="$eJzs0M+LEnEYx/H3d+braKgYZCAdUuhiiuAP6hbhRJKHEIounQQba2DESChvKdGtg9DVIOoawf4Funpa2L3s/hN78bawx12+47rLgv/BPq/LDJ/nmed5mOdPDvKKK8/6vY+fvMHAe5d71XrZeH08m9VN7sBw51p93T+vwwc0cw2rsRNmy2SErh94VqcfmLZVHaKAG8fkESAFxE2vm9aMNVQgtrnBNHT9wDLvqzHkH8Dibph5tbAK9zS4qXVWBs78W+GRIT/wKsAJYINSm9yx+d4sZu8oGE6L//+ZUc1S4an3o9qYPExk7OJX+IOrYtby/ZF98ZUZYZ61avVxrVyxeHQYDhxN0C8Sn+GtAj21zWX7e81SwSFzX7+Bbwp+ml3JX7sqCSx+n7Z60ct/Pfpi50Blp512JvK3nb5tYec1W4T71pXYtroQQgghhBBCCCGEEEIIIYQQQoib7jwAAP//XNpDlA==") r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x101000, 0x108) socket$nl_rdma(0x10, 0x3, 0x14) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setxattr$security_ima(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040), 0x0, 0x0, 0x1) getdents64(r0, &(0x7f0000000f80)=""/4096, 0x1000) 782.569172ms ago: executing program 3 (id=3854): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00), 0x4000259, 0x44) write(r0, 0x0, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r4, 0xaf01, 0x0) ioctl$VHOST_VSOCK_SET_RUNNING(r4, 0x4004af61, &(0x7f00000000c0)=0x1) 739.999456ms ago: executing program 5 (id=3855): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r0, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000280)={0x9}) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000003c0)={[0x60000000000, 0x4000d4, 0x146, 0x61, 0x200002000001, 0x80000000, 0x2004c8, 0x0, 0x0, 0x36ae, 0x5, 0x5, 0x3, 0x400000000], 0x80a0000}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 693.004951ms ago: executing program 3 (id=3856): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4000000) sendmmsg$inet6(r3, &(0x7f00000001c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4000041) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r4, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) syz_emit_ethernet(0xd9, &(0x7f00000003c0)={@random="e33110495bfd", @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "cb653e", 0xa3, 0x3a, 0xff, @dev, @local, {[], @ndisc_redir={0x89, 0x0, 0x0, '\x00', @rand_addr=' \x01\x00', @private1, [{0x4, 0xf, "9595f429ae08a565c9a41d413270a44d2e6f790a3872d50bb14d25344dc5b3a281f175f5ee04aab21301b94d966c72c15a143c69205625466855101cf44d89d9f6ee47d77c0d4e53e34b67c542fc6f6f6c60139c43b78286f5bb8f4f11d164af24e2633a45bf4ed944b0ef6a7b7167f73cf54e78686ac09402"}]}}}}}}, 0x0) 1.95539ms ago: executing program 3 (id=3857): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r2, &(0x7f0000000200)={0xa, 0x0, 0x2, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000140)=@gcm_128={{0x303}, "87ee8ac6c46dad33", "2607080d7f4fcf00fd4ef2dece6c7c58", '\x00', '#\x00'}, 0x28) writev(r2, &(0x7f0000000740)=[{&(0x7f0000000280)='X', 0x1}], 0x1) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x2, &(0x7f0000000680)=@gcm_128={{0x303}, "000037d7009400", "c0b6c5b29ca2b838d41ac2fc7ddf972d", "e9be1eae", "bb10000000000001"}, 0x28) readv(r2, &(0x7f00000006c0)=[{&(0x7f0000000440)=""/53, 0x35}, {0x0}], 0x2) 0s ago: executing program 0 (id=3858): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(r3, 0x4068aea3, &(0x7f00000001c0)={0x79, 0x0, 0x78b}) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2) ioctl$KVM_SET_MP_STATE(r4, 0x4004ae99, &(0x7f0000000040)=0x3) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000003, 0x13, r4, 0x0) ioctl$KVM_SET_LAPIC(r4, 0x4400ae8f, &(0x7f0000000480)={"43d064455ca79c3698dcca60005c1ba163b1d8f04d69d873792c0cbfc95dacc7cd39a49df12a052d0d8f1bd04b722b4f262437efc030e706916de618763f4600660b41f320706e06860fe29f1bb455ef507156d0a5738f130784a1aad99f74b3e592254eede14eb1b64af356cfaa8ff002c4deed28995dc5e6ee13c4a1b39ba72979c5f3ed91ff89e73e09f7f88fe58bce505f0500764c95c8bed7499213d10731b60ed6c8806ab094843295ac02f06dc46485bb56f2eb2eb3c5ef1e50a2431a2082b54c4b0e1357daaefd30e08322fb5f922f6d9fa3226faf7aeb9630aabe81617fe2b92fb80f07dfa9d831f4f7ef48923e287a3f0c31cf1343d4c0dddee937e639671ec2ceab9e5048d5bcd9f52a9c90ddd1fee1fda90a114fdf7298b7607c5294efdea04743a0045e96aae496fcb06636a8620f6e007e0002000000000000fb3a7820dbe2241b017e917eafb27d13feba7de3a28dd4c29c7959ae5c0724c848f8960fbea5f7b7a35ac32fa6bbf869430a1b61fb0d20a5631dcea68ffa7d456869c4e79f6033f38fa88ccd53dc1feb5381c01dd71ec0446e3633270b7fb961e04ad7e1f44e3fd0d96c724499e1ec2cff23a3d5a97952ec0a44dd967491dc45d4df48ad83027df0be02e35ca4c107bdf957f4c7a831df8a2e1302445dc02b5bc38f7c8a6260723e5350623114bb436c5d9f6bf35cbe24605821baf9ea6aaa31cb2dd74e29863a0c71e3367846cffe17c4a29a76eb635e95c6d7f4d846f3369affbfb70b3716c1c0234a0deb9abfac12686d55ba97952e8a50480c5f44e038b1a4d5cd9301d02b942afacfaa30b6ef315d72eaf41dddda4983608dc2f5d5e92392a141b0f2f8d34042d1a6cd45d9f9df4c83b8c8b55959d58843ab3564d3f49d81ed2ccd42bb8ad9c8e4b92c2df872c9383c88f4b1bbaf116fff233f55d99b43677eb29ad63e00ea4eee69c72a604b2cdd7641d9c682d1d4ea8e5bd0de857ac1a55b2d6374a4a18af8f27887ffb4b2168e764a5aa9b303a35873d2177de8c5a00be39726baa6d336b7a36b8ec6000054b4542f3fb3ca678a0ecca17ba7c2655931f38ed26219fde45ab8469db2a156953b028abec63c6b841c8bd9f9f0861e7aeb8195013444d2d326cad53718e40be06aea644573a9ef22b13692a17ed8a451af9e2de15b4bfce7c257063e28c07e4c3301a1bff37d72efc14d34ddabbb286f53264e0c8122f215de4f2e06f6e0472674c2476a61ad2e309abfed7e3367bc7373876507764e60b193e8c5abbe95f42adfc74dd25c9098dfba8272f7361d0000000000000000000000000000000000000000000000000000e000"}) rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x1]}}, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) kernel console output (not intermixed with test programs): r at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 158.815786][ T7874] binder_alloc: 7873: binder_alloc_buf, no vma [ 158.830221][ T7872] binder: 7871:7872 ioctl c0306201 200000000500 returned -14 [ 158.975019][ T7883] random: crng reseeded on system resumption [ 159.493141][ T7902] syzkaller0: create flow: hash 1890948114 index 1 [ 159.508068][ T7901] loop2: detected capacity change from 0 to 2048 [ 159.545452][ T7901] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 159.638332][ T7899] syzkaller0: delete flow: hash 1890948114 index 1 [ 159.660371][ T7901] EXT4-fs error (device loop2): __ext4_get_inode_loc:4489: comm syz.2.808: Invalid inode table block 8137801 in block_group 0 [ 159.704496][ T7901] EXT4-fs error (device loop2): __ext4_get_inode_loc:4489: comm syz.2.808: Invalid inode table block 8137801 in block_group 0 [ 159.733510][ T7901] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5916: Corrupt filesystem [ 159.744647][ T7901] EXT4-fs error (device loop2): ext4_dirty_inode:6120: inode #15: comm syz.2.808: mark_inode_dirty error [ 159.757732][ T7901] EXT4-fs error (device loop2): __ext4_get_inode_loc:4489: comm syz.2.808: Invalid inode table block 8137801 in block_group 0 [ 159.826744][ T49] EXT4-fs error (device loop2): __ext4_get_inode_loc:4489: comm kworker/u4:3: Invalid inode table block 8137801 in block_group 0 [ 159.885431][ T5778] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 160.096111][ T8] usb 1-1: USB disconnect, device number 6 [ 160.485191][ T7930] loop0: detected capacity change from 0 to 128 [ 160.739512][ T7930] FAT-fs (loop0): Unrecognized mount option "ÿÿ" or missing value [ 161.254729][ T7934] loop2: detected capacity change from 0 to 512 [ 162.627535][ T7930] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 162.933330][ T7956] loop3: detected capacity change from 0 to 128 [ 163.629159][ T8] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 163.819436][ T8] usb 1-1: Using ep0 maxpacket: 8 [ 163.839769][ T8] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 163.858275][ T7991] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 163.869698][ T8] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 163.888073][ T7996] random: crng reseeded on system resumption [ 163.895855][ T8] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 163.920908][ T8] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 163.948660][ T8] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 163.968016][ T8] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 164.199437][ T8] usb 1-1: GET_CAPABILITIES returned 0 [ 164.206951][ T8] usbtmc 1-1:16.0: can't read capabilities [ 164.454466][ T5837] usb 1-1: USB disconnect, device number 7 [ 164.940068][ T8025] 9pnet_fd: Insufficient options for proto=fd [ 165.108962][ T8031] random: crng reseeded on system resumption [ 166.409131][ T8] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 166.626260][ T8] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 166.637333][ T8] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 166.646934][ T8] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 166.661546][ T8] usb 1-1: config 0 descriptor?? [ 167.080211][ T8] keytouch 0003:0926:3333.0008: fixing up Keytouch IEC report descriptor [ 167.093163][ T8] input: HID 0926:3333 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0926:3333.0008/input/input17 [ 167.186469][ T8] keytouch 0003:0926:3333.0008: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.0-1/input0 [ 167.544808][ T5837] usb 1-1: USB disconnect, device number 8 [ 168.856355][ T8085] loop1: detected capacity change from 0 to 2048 [ 169.006661][ T8085] UDF-fs: error (device loop1): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 169.038258][ T8085] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 169.124889][ T23] usb 4-1: new full-speed USB device number 11 using dummy_hcd [ 169.400961][ T8090] syzkaller0: entered promiscuous mode [ 169.406488][ T8090] syzkaller0: entered allmulticast mode [ 169.417654][ T23] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 169.442209][ T23] usb 4-1: New USB device found, idVendor=056a, idProduct=005b, bcdDevice= 0.00 [ 169.459786][ T23] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 169.500264][ T23] usb 4-1: config 0 descriptor?? [ 169.509801][ T8074] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 169.552309][ T8094] loop1: detected capacity change from 0 to 512 [ 169.564213][ T8094] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem [ 169.586416][ T8094] EXT4-fs (loop1): invalid journal inode [ 169.606611][ T8094] EXT4-fs (loop1): can't get journal size [ 169.635138][ T8094] EXT4-fs (loop1): 1 truncate cleaned up [ 169.645685][ T8094] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 169.685861][ T8094] EXT4-fs warning (device loop1): verify_group_input:151: Cannot add at group 1073741833 (only 1 groups) [ 169.771016][ T8074] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 169.796029][ T8074] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 169.829827][ T5788] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 169.830674][ T23] usbhid 4-1:0.0: can't add hid device: -71 [ 169.860756][ T23] usbhid: probe of 4-1:0.0 failed with error -71 [ 169.883971][ T8103] loop2: detected capacity change from 0 to 64 [ 169.894911][ T23] usb 4-1: USB disconnect, device number 11 [ 170.474962][ T8121] binder: 8120:8121 ioctl c0306201 2000000001c0 returned -14 [ 170.722538][ T8128] loop0: detected capacity change from 0 to 512 [ 170.764277][ T8128] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 170.811953][ T8128] ext4 filesystem being mounted at /237/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 170.957829][ T5784] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 171.561387][ T8162] loop2: detected capacity change from 0 to 512 [ 171.609759][ T8162] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 171.669240][ T8162] ext4 filesystem being mounted at /239/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 171.681038][ T8168] input: syz1 as /devices/virtual/input/input18 [ 171.761695][ T23] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 171.811983][ T5778] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 171.956516][ T23] usb 4-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.00 [ 171.992578][ T23] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 172.007441][ T23] usb 4-1: Product: syz [ 172.022027][ T23] usb 4-1: Manufacturer: syz [ 172.026662][ T23] usb 4-1: SerialNumber: syz [ 172.037945][ T8178] binder: 8177:8178 ioctl c018620b 0 returned -14 [ 172.351201][ T23] rtl8150 4-1:1.0: couldn't reset the device [ 172.358437][ T23] rtl8150: probe of 4-1:1.0 failed with error -5 [ 172.386892][ T8187] netlink: 16 bytes leftover after parsing attributes in process `syz.2.912'. [ 172.392533][ T23] usb 4-1: USB disconnect, device number 12 [ 172.861269][ T8210] loop1: detected capacity change from 0 to 256 [ 175.209447][ T23] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 175.459221][ T23] usb 2-1: Using ep0 maxpacket: 16 [ 175.555510][ T23] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 175.713584][ T23] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 175.928548][ T23] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 175.942548][ T23] usb 2-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 175.959357][ T23] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 175.987210][ T23] usb 2-1: config 0 descriptor?? [ 176.437818][ T8237] random: crng reseeded on system resumption [ 176.575414][ T23] input: HID 0955:7214 Haptics as /devices/virtual/input/input19 [ 176.604250][ T8283] loop2: detected capacity change from 0 to 512 [ 176.634226][ T8283] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 176.658985][ T23] shield 0003:0955:7214.0009: Registered Thunderstrike controller [ 176.681971][ T23] shield 0003:0955:7214.0009: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.1-1/input0 [ 176.695997][ T8283] EXT4-fs (loop2): 1 truncate cleaned up [ 176.717329][ T8283] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 176.922567][ T5778] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 176.927808][ T5851] shield 0003:0955:7214.0009: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 176.947676][ T5837] usb 2-1: USB disconnect, device number 7 [ 177.006187][ T5851] shield 0003:0955:7214.0009: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 177.040154][ T5851] shield 0003:0955:7214.0009: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 177.070583][ T5851] shield 0003:0955:7214.0009: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 177.148264][ T8293] loop2: detected capacity change from 0 to 512 [ 177.173363][ T8293] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 177.200465][ T8293] EXT4-fs (loop2): invalid journal inode [ 177.206193][ T8293] EXT4-fs (loop2): can't get journal size [ 177.216027][ T8293] EXT4-fs (loop2): 1 truncate cleaned up [ 177.227702][ T8293] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 177.268759][ T8293] EXT4-fs warning (device loop2): verify_group_input:151: Cannot add at group 1073741833 (only 1 groups) [ 177.328706][ T5778] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 179.028860][ T8325] vxcan1: entered allmulticast mode [ 179.217256][ T8329] overlayfs: failed to clone upperpath [ 179.525426][ T8332] kvm: kvm [8330]: vcpu2, guest rIP: 0x9136 Unhandled WRMSR(0xc1) = 0x5 [ 179.539098][ T8332] kvm: kvm [8330]: vcpu2, guest rIP: 0x9136 Unhandled WRMSR(0xc2) = 0x5 [ 179.555894][ T8332] kvm: kvm [8330]: vcpu2, guest rIP: 0x9136 Unhandled WRMSR(0x11e) = 0x5 [ 179.564664][ T8344] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 179.579974][ T8332] kvm: kvm [8330]: vcpu2, guest rIP: 0x9136 Unhandled WRMSR(0x186) = 0x5 [ 179.598807][ T8332] kvm: kvm [8330]: vcpu2, guest rIP: 0x9136 Unhandled WRMSR(0x187) = 0x5 [ 179.620995][ T8332] kvm_intel: kvm [8330]: vcpu2, guest rIP: 0x9136 Unhandled WRMSR(0x1d9) = 0x5 [ 180.153941][ T27] audit: type=1804 audit(1763300113.419:63): pid=8359 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.973" name="/newroot/212/file1" dev="fuse" ino=1 res=1 errno=0 [ 180.194384][ T27] audit: type=1800 audit(1763300113.439:64): pid=8359 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.973" name="/" dev="fuse" ino=1 res=0 errno=0 [ 180.218511][ T27] audit: type=1800 audit(1763300113.439:65): pid=8355 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.973" name="/" dev="fuse" ino=1 res=0 errno=0 [ 180.327346][ T8364] loop3: detected capacity change from 0 to 256 [ 180.401348][ T8364] syz.3.976: attempt to access beyond end of device [ 180.401348][ T8364] loop3: rw=2049, sector=256, nr_sectors = 68 limit=256 [ 180.883746][ T8368] loop3: detected capacity change from 0 to 32768 [ 180.894057][ T8368] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 scanned by syz.3.978 (8368) [ 180.916753][ T8368] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 180.927464][ T8368] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 180.941231][ T8368] BTRFS info (device loop3): using free space tree [ 180.981939][ T8368] BTRFS info (device loop3): enabling ssd optimizations [ 180.989242][ T8368] BTRFS info (device loop3): auto enabling async discard [ 181.710153][ T5782] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 181.795360][ T8398] binder: 8396:8398 unknown command 1074553620 [ 181.821563][ T8398] binder: 8396:8398 ioctl c0306201 200000000640 returned -22 [ 182.227365][ T8410] loop3: detected capacity change from 0 to 512 [ 182.246120][ T51] Bluetooth: hci3: command 0x0405 tx timeout [ 182.263694][ T8410] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem [ 182.276602][ T8410] EXT4-fs (loop3): invalid journal inode [ 182.289322][ T8410] EXT4-fs (loop3): can't get journal size [ 182.353429][ T8410] EXT4-fs (loop3): 1 truncate cleaned up [ 182.382163][ T8410] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 182.562719][ T8410] EXT4-fs warning (device loop3): verify_group_input:151: Cannot add at group 1073741833 (only 1 groups) [ 182.656829][ T5782] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 183.902111][ T8473] tipc: Enabling of bearer rejected, failed to enable media [ 184.387190][ T8488] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1016'. [ 185.118105][ T8516] netlink: 'syz.1.1029': attribute type 3 has an invalid length. [ 185.148229][ T8516] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1029'. [ 185.949187][ T8524] overlayfs: The uuid=off requires a single fs for lower and upper, falling back to uuid=null. [ 186.229939][ T8] usb 4-1: new full-speed USB device number 13 using dummy_hcd [ 186.244986][ T8538] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1036'. [ 186.360953][ T8540] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 186.415085][ T8540] kvm: pic: non byte read [ 186.428532][ T8540] kvm: pic: level sensitive irq not supported [ 186.428727][ T8540] kvm: pic: non byte read [ 186.448207][ T8] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 186.469953][ T8] usb 4-1: New USB device found, idVendor=054c, idProduct=024b, bcdDevice= 0.00 [ 186.474579][ T8540] kvm: pic: level sensitive irq not supported [ 186.479429][ T8] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 186.500468][ T8] usb 4-1: config 0 descriptor?? [ 186.507610][ T8523] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 186.518803][ T8540] kvm: pic: non byte read [ 186.730130][ T8] usbhid 4-1:0.0: can't add hid device: -71 [ 186.744722][ T8] usbhid: probe of 4-1:0.0 failed with error -71 [ 186.763993][ T8] usb 4-1: USB disconnect, device number 13 [ 187.361657][ T8564] loop1: detected capacity change from 0 to 512 [ 187.377213][ T8564] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem [ 187.426929][ T8564] EXT4-fs (loop1): invalid journal inode [ 187.444775][ T8564] EXT4-fs (loop1): can't get journal size [ 187.485413][ T8564] EXT4-fs (loop1): 1 truncate cleaned up [ 187.508368][ T8564] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 187.547433][ T8564] EXT4-fs warning (device loop1): verify_group_input:151: Cannot add at group 1073741833 (only 1 groups) [ 187.721812][ T5788] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 188.726779][ T788] usb 4-1: new full-speed USB device number 14 using dummy_hcd [ 188.734817][ T8609] loop2: detected capacity change from 0 to 512 [ 188.846762][ T8611] tipc: Started in network mode [ 188.856927][ T8611] tipc: Node identity ac14142f, cluster identity 4711 [ 188.877115][ T8611] tipc: New replicast peer: 0.0.0.0 [ 188.885764][ T8609] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 188.888680][ T8611] tipc: Enabled bearer , priority 10 [ 188.898865][ T8609] ext4 filesystem being mounted at /290/file0/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 188.922971][ T788] usb 4-1: config 0 has an invalid interface number: 231 but max is 0 [ 188.931769][ T788] usb 4-1: config 0 has no interface number 0 [ 188.941298][ T788] usb 4-1: config 0 interface 231 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64 [ 188.952463][ T788] usb 4-1: config 0 interface 231 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 188.965858][ T788] usb 4-1: New USB device found, idVendor=067b, idProduct=27a1, bcdDevice=b0.9b [ 188.979526][ T788] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 188.994623][ T788] usb 4-1: Product: syz [ 189.004106][ T788] usb 4-1: Manufacturer: syz [ 189.008373][ T8609] EXT4-fs error (device loop2): ext4_do_update_inode:5244: inode #2: comm syz.2.1067: corrupted inode contents [ 189.021948][ T788] usb 4-1: SerialNumber: syz [ 189.033195][ T788] usb 4-1: config 0 descriptor?? [ 189.050254][ T8605] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 189.059278][ T788] plusb: probe of 4-1:0.231 failed with error -22 [ 189.075303][ T8609] EXT4-fs error (device loop2): ext4_dirty_inode:6120: inode #2: comm syz.2.1067: mark_inode_dirty error [ 189.108600][ T8609] EXT4-fs error (device loop2): ext4_do_update_inode:5244: inode #2: comm syz.2.1067: corrupted inode contents [ 189.130038][ T8609] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #2: comm syz.2.1067: mark_inode_dirty error [ 189.246772][ T5778] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 189.289809][ T8] usb 4-1: USB disconnect, device number 14 [ 190.027844][ T8644] binder: Unknown parameter 'c' [ 190.031640][ T5851] tipc: Node number set to 2886997039 [ 190.180117][ T8646] loop1: detected capacity change from 0 to 512 [ 190.402824][ T8646] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 190.476039][ T8646] EXT4-fs (loop1): 1 truncate cleaned up [ 190.488354][ T8646] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 191.486214][ T8653] loop2: detected capacity change from 0 to 2048 [ 191.508561][ T8653] EXT4-fs: Ignoring removed bh option [ 191.560749][ T8653] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 191.591973][ T8653] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 192.132317][ T5788] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 194.410518][ T1281] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.417216][ T1281] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.219640][ T8713] can0: slcan on ttyS3. [ 195.320915][ T8713] can0 (unregistered): slcan off ttyS3. [ 195.843637][ T8748] loop3: detected capacity change from 0 to 128 [ 195.885438][ T8748] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 196.012316][ T8748] ext4 filesystem being mounted at /245/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 196.106204][ T27] audit: type=1800 audit(1763300129.369:66): pid=8748 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1116" name="bus" dev="loop3" ino=13 res=0 errno=0 [ 196.500986][ T5782] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 196.828197][ T8790] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 197.263751][ T8818] loop1: detected capacity change from 0 to 128 [ 198.609573][ T8] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 199.009118][ T8] usb 3-1: Using ep0 maxpacket: 16 [ 199.021158][ T8] usb 3-1: config 0 has an invalid interface number: 147 but max is 0 [ 199.039630][ T8] usb 3-1: config 0 has no interface number 0 [ 199.046354][ T8] usb 3-1: config 0 interface 147 altsetting 0 bulk endpoint 0xA has invalid maxpacket 40 [ 199.089618][ T8] usb 3-1: config 0 interface 147 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 80 [ 199.121956][ T8] usb 3-1: New USB device found, idVendor=0525, idProduct=1080, bcdDevice=5b.44 [ 199.149107][ T8] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 199.169811][ T8] usb 3-1: Product: syz [ 199.174010][ T8] usb 3-1: Manufacturer: syz [ 199.189093][ T8] usb 3-1: SerialNumber: syz [ 199.205097][ T8] usb 3-1: config 0 descriptor?? [ 199.219827][ T8853] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 199.229691][ T8853] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 199.455778][ T8853] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 199.471567][ T8853] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 199.478276][ T8877] fuse: Bad value for 'fd' [ 199.541906][ T8] net1080 3-1:0.147 usb0: register 'net1080' at usb-dummy_hcd.2-1, NetChip TurboCONNECT, 7a:f4:2f:36:89:6a [ 199.710200][ T788] usb 3-1: USB disconnect, device number 8 [ 199.740468][ T788] net1080 3-1:0.147 usb0: unregister 'net1080' usb-dummy_hcd.2-1, NetChip TurboCONNECT [ 200.513814][ T8909] netlink: 'syz.1.1167': attribute type 12 has an invalid length. [ 200.876703][ T8925] overlayfs: workdir and upperdir must reside under the same mount [ 200.920959][ T8929] binder: Bad value for 'max' [ 201.156512][ T8934] binder_alloc: 8933: binder_alloc_buf failed to map page at 200000ffc000 in userspace [ 201.174735][ T8934] binder: 8933:8934 ioctl c0306201 0 returned -14 [ 201.414771][ T8947] can0: slcan on ttyS3. [ 201.563233][ T8946] can0 (unregistered): slcan off ttyS3. [ 202.139181][ T9] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 202.356592][ T9] usb 3-1: unable to get BOS descriptor or descriptor too short [ 202.367118][ T9] usb 3-1: unable to read config index 0 descriptor/start: -71 [ 202.390988][ T9] usb 3-1: can't read configurations, error -71 [ 202.436875][ T8988] syzkaller0: entered promiscuous mode [ 202.449223][ T8988] syzkaller0: entered allmulticast mode [ 203.568910][ T27] audit: type=1800 audit(1763300136.829:67): pid=9003 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1196" name="bus" dev="overlay" ino=1628 res=0 errno=0 [ 204.122079][ T9024] binfmt_misc: register: failed to install interpreter file ./cgroup [ 204.497002][ T9032] syzkaller0: entered promiscuous mode [ 204.503207][ T9032] syzkaller0: entered allmulticast mode [ 206.638173][ T9084] loop3: detected capacity change from 0 to 2048 [ 206.745872][ T9084] UDF-fs: error (device loop3): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 206.773891][ T9084] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 207.079347][ T5837] usb 2-1: new full-speed USB device number 8 using dummy_hcd [ 207.291136][ T5837] usb 2-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 207.316323][ T5837] usb 2-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 207.342334][ T5837] usb 2-1: config 0 interface 0 has no altsetting 0 [ 207.350610][ T5837] usb 2-1: New USB device found, idVendor=046d, idProduct=c24f, bcdDevice= 0.00 [ 207.378160][ T5837] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 207.406522][ T5837] usb 2-1: config 0 descriptor?? [ 207.422304][ T9082] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 207.655874][ T5837] usbhid 2-1:0.0: can't add hid device: -71 [ 207.692347][ T5837] usbhid: probe of 2-1:0.0 failed with error -71 [ 207.725160][ T5837] usb 2-1: USB disconnect, device number 8 [ 207.909422][ T9110] loop2: detected capacity change from 0 to 512 [ 207.977454][ T9110] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 208.024193][ T9110] EXT4-fs (loop2): 1 truncate cleaned up [ 208.036478][ T9110] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 209.845074][ T5778] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 211.660233][ T9186] loop3: detected capacity change from 0 to 128 [ 211.736011][ T9186] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 211.737626][ T9189] loop1: detected capacity change from 0 to 128 [ 211.759574][ T9186] ext4 filesystem being mounted at /288/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 211.801067][ T9189] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 211.818249][ T9189] ext4 filesystem being mounted at /290/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 211.891397][ T9189] binder: 9188:9189 ioctl c0306201 200000004a40 returned -14 [ 211.918982][ T5782] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 212.023453][ T5788] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 212.135748][ T9201] 9pnet_virtio: no channels available for device syz [ 213.339246][ T8] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 213.620710][ T8] usb 4-1: Using ep0 maxpacket: 16 [ 213.638794][ T8] usb 4-1: config 0 has an invalid interface number: 251 but max is 0 [ 213.660374][ T8] usb 4-1: config 0 has no interface number 0 [ 213.676754][ T8] usb 4-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16 [ 213.719145][ T8] usb 4-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64 [ 213.752117][ T8] usb 4-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4 [ 213.788376][ T8] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 213.816058][ T8] usb 4-1: Product: syz [ 213.833449][ T8] usb 4-1: Manufacturer: syz [ 213.867124][ T8] usb 4-1: SerialNumber: syz [ 213.887992][ T8] usb 4-1: config 0 descriptor?? [ 213.904142][ T9222] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 213.920855][ T9222] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 214.079307][ T23] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 214.199921][ T9222] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 214.207242][ T9222] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 214.293436][ T23] usb 3-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 214.312823][ T23] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 214.335157][ T23] usb 3-1: Product: syz [ 214.352532][ T23] usb 3-1: Manufacturer: syz [ 214.357168][ T23] usb 3-1: SerialNumber: syz [ 214.589333][ T23] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -71 [ 214.624785][ T23] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -71 [ 214.859198][ T23] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -71 [ 214.882461][ T23] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 214.900856][ T23] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 214.925034][ T9256] tipc: Started in network mode [ 214.930973][ T9256] tipc: Node identity 4, cluster identity 4711 [ 214.937387][ T9256] tipc: Node number set to 4 [ 215.096401][ T23] lan78xx: probe of 3-1:1.0 failed with error -71 [ 215.385684][ T23] usb 3-1: USB disconnect, device number 11 [ 217.414303][ T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 217.435671][ T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9 [ 217.451942][ T9270] syzkaller0: entered promiscuous mode [ 217.457448][ T9270] syzkaller0: entered allmulticast mode [ 217.495121][ T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 217.538461][ T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to enable software MII access [ 217.575778][ T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 217.599544][ T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 217.627747][ T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to enable software MII access [ 217.650823][ T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 217.686589][ T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 217.710006][ T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to enable software MII access [ 217.732148][ T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 217.763394][ T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 217.764485][ T9279] loop1: detected capacity change from 0 to 128 [ 217.799315][ T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to enable software MII access [ 217.828845][ T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 217.877851][ T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 217.903810][ T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to enable software MII access [ 217.915343][ T9279] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 217.931006][ T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 217.941849][ T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 217.953774][ T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to enable software MII access [ 217.967977][ T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 217.983703][ T9279] ext4 filesystem being mounted at /300/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 217.997540][ T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 218.018789][ T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to enable software MII access [ 218.039573][ T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 218.059489][ T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 218.079674][ T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to enable software MII access [ 218.123752][ T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 218.207833][ T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 218.288980][ T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to enable software MII access [ 218.303276][ T5788] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 218.980716][ T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 218.993026][ T9293] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1318'. [ 219.102292][ T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 219.112941][ T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to enable software MII access [ 219.119277][ T9293] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 219.130823][ T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 219.152027][ T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 219.194442][ T9293] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 219.197253][ T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to enable software MII access [ 219.233382][ T9293] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 219.241817][ T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 219.270777][ T9293] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 219.270835][ T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 219.318743][ T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to enable software MII access [ 219.345326][ T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 219.616340][ T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 219.616432][ T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to enable software MII access [ 219.630489][ T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 219.634791][ T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 219.634836][ T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to enable software MII access [ 219.647375][ T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 219.658466][ T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 219.658513][ T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to enable software MII access [ 219.664350][ T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 219.667777][ T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 219.667804][ T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to enable software MII access [ 219.670599][ T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 219.682855][ T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 219.682931][ T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to enable software MII access [ 219.708837][ T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 219.710948][ T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 219.710991][ T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to enable software MII access [ 219.727056][ T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 219.740814][ T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 219.740932][ T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to enable software MII access [ 219.743389][ T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 219.747812][ T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 219.747886][ T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to enable software MII access [ 219.766900][ T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 219.784927][ T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 219.785005][ T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to enable software MII access [ 219.801850][ T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 219.818133][ T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 219.818209][ T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to enable software MII access [ 219.822096][ T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 219.835811][ T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 219.835854][ T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to enable software MII access [ 219.886090][ T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 219.910964][ T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 219.910993][ T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to enable software MII access [ 219.949398][ T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 219.949817][ T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 219.949840][ T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to enable software MII access [ 219.955449][ T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 219.955766][ T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 219.955781][ T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to enable software MII access [ 219.958447][ T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 219.958766][ T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 219.958780][ T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to enable software MII access [ 219.964026][ T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 219.964346][ T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 219.964360][ T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to enable software MII access [ 219.965879][ T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 219.966207][ T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 219.966220][ T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to enable software MII access [ 219.968425][ T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 219.968837][ T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 219.968862][ T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to enable software MII access [ 219.970463][ T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 219.973556][ T8] asix 4-1:0.251 (unnamed net_device) (uninitialized): Could not register MDIO bus [ 219.973701][ T8] asix: probe of 4-1:0.251 failed with error -5 [ 219.978491][ T8] usb 4-1: USB disconnect, device number 15 [ 220.479209][ T5851] usb 3-1: new full-speed USB device number 12 using dummy_hcd [ 220.692918][ T5851] usb 3-1: unable to get BOS descriptor or descriptor too short [ 220.693419][ T5851] usb 3-1: not running at top speed; connect to a high speed hub [ 220.715312][ T5851] usb 3-1: config 1 has an invalid interface number: 138 but max is 0 [ 220.715341][ T5851] usb 3-1: config 1 has no interface number 0 [ 220.715383][ T5851] usb 3-1: config 1 interface 138 has no altsetting 0 [ 220.728098][ T5851] usb 3-1: New USB device found, idVendor=0cb8, idProduct=c90b, bcdDevice= d.ae [ 220.728126][ T5851] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 220.728146][ T5851] usb 3-1: Product: syz [ 220.728160][ T5851] usb 3-1: Manufacturer: syz [ 220.728174][ T5851] usb 3-1: SerialNumber: syz [ 220.937499][ T9325] loop3: detected capacity change from 0 to 16 [ 220.983495][ T9325] erofs: (device loop3): mounted with root inode @ nid 36. [ 221.012702][ T5851] usb 3-1: Quirk or no altest; falling back to MIDI 1.0 [ 221.545446][ T5851] usb 3-1: USB disconnect, device number 12 [ 221.710702][ T5783] udevd[5783]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.138/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 223.027328][ T9363] netlink: 'syz.2.1338': attribute type 3 has an invalid length. [ 223.049816][ T9363] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1338'. [ 223.759289][ T8] usb 3-1: new full-speed USB device number 13 using dummy_hcd [ 223.773935][ T9373] loop1: detected capacity change from 0 to 32768 [ 223.866332][ T9373] JBD2: Ignoring recovery information on journal [ 223.938579][ T9373] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 223.963179][ T8] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 223.996707][ T8] usb 3-1: New USB device found, idVendor=054c, idProduct=024b, bcdDevice= 0.00 [ 224.008643][ T9373] (syz.1.1343,9373,1):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #65: directory entry too close to end - offset=32, inode=17057, rec_len=280, name_len=10 [ 224.010064][ T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 224.035051][ T9373] (syz.1.1343,9373,0):ocfs2_prepare_dir_for_insert:4312 ERROR: status = -2 [ 224.047418][ T9373] (syz.1.1343,9373,0):ocfs2_mknod:298 ERROR: status = -2 [ 224.057003][ T9373] (syz.1.1343,9373,0):ocfs2_mknod:502 ERROR: status = -2 [ 224.065278][ T9373] (syz.1.1343,9373,1):ocfs2_create:676 ERROR: status = -2 [ 224.073555][ T8] usb 3-1: config 0 descriptor?? [ 224.084987][ T9377] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 224.137531][ T5788] ocfs2: Unmounting device (7,1) on (node local) [ 224.305410][ T8] usbhid 3-1:0.0: can't add hid device: -71 [ 224.326032][ T8] usbhid: probe of 3-1:0.0 failed with error -71 [ 224.362833][ T8] usb 3-1: USB disconnect, device number 13 [ 224.631629][ T9403] binder: 9402:9403 ioctl c0306201 200000000100 returned -14 [ 224.730997][ T9408] syz.0.1365[9408] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 224.731133][ T9408] syz.0.1365[9408] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 225.357817][ T9416] loop3: detected capacity change from 0 to 40427 [ 225.382021][ T9416] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 225.390855][ T9416] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 225.426679][ T9416] F2FS-fs (loop3): invalid crc value [ 225.454804][ T9416] F2FS-fs (loop3): Found nat_bits in checkpoint [ 225.535219][ T9416] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 225.543406][ T9416] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 226.251867][ T8] usb 3-1: new full-speed USB device number 14 using dummy_hcd [ 227.278343][ T8] usb 3-1: unable to get BOS descriptor or descriptor too short [ 227.288085][ T8] usb 3-1: not running at top speed; connect to a high speed hub [ 227.323735][ T8] usb 3-1: config 0 has no interfaces? [ 227.343073][ T8] usb 3-1: New USB device found, idVendor=077d, idProduct=627a, bcdDevice= 0.10 [ 227.359170][ T8] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 227.367194][ T8] usb 3-1: Product: syz [ 227.390044][ T8] usb 3-1: Manufacturer: syz [ 227.394673][ T8] usb 3-1: SerialNumber: syz [ 227.414804][ T8] usb 3-1: config 0 descriptor?? [ 227.656626][ T1206] usb 3-1: USB disconnect, device number 14 [ 227.666700][ T9486] syzkaller0: entered promiscuous mode [ 227.673287][ T9486] syzkaller0: entered allmulticast mode [ 228.161050][ T9502] loop1: detected capacity change from 0 to 256 [ 228.702051][ T9512] tipc: Enabled bearer , priority 0 [ 228.726133][ T9510] tipc: Disabling bearer [ 229.538020][ T9552] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1417'. [ 229.873549][ T9550] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1416'. [ 229.936842][ T9568] netlink: 'syz.1.1423': attribute type 4 has an invalid length. [ 230.177763][ T9576] binder: 9575:9576 ioctl 400c620e 0 returned -14 [ 230.440890][ T8] usb 2-1: new full-speed USB device number 9 using dummy_hcd [ 230.640989][ T8] usb 2-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xB3, skipping [ 230.671745][ T8] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 230.705038][ T8] usb 2-1: New USB device found, idVendor=172f, idProduct=0037, bcdDevice= 0.00 [ 230.714912][ T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 230.730915][ T8] usb 2-1: config 0 descriptor?? [ 230.755225][ T8] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 230.962334][ T8] usb 2-1: USB disconnect, device number 9 [ 231.300517][ T9611] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1439'. [ 231.751826][ T9623] loop3: detected capacity change from 0 to 256 [ 231.798863][ T9623] exFAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 231.860179][ T9623] exFAT-fs (loop3): Medium has reported failures. Some data may be lost. [ 231.921864][ T9623] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x44ede5da, utbl_chksum : 0xe619d30d) [ 232.164813][ T9634] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1450'. [ 232.724917][ T9650] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off. [ 232.744397][ T9650] overlayfs: missing 'lowerdir' [ 233.228533][ T9673] loop1: detected capacity change from 0 to 512 [ 233.269886][ T9673] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 233.329572][ T9673] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 233.365543][ T9673] ext4 filesystem being mounted at /346/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 233.413873][ T9673] EXT4-fs error (device loop1): ext4_do_update_inode:5244: inode #2: comm syz.1.1468: corrupted inode contents [ 233.499399][ T9673] EXT4-fs error (device loop1): ext4_dirty_inode:6120: inode #2: comm syz.1.1468: mark_inode_dirty error [ 233.527385][ T9673] EXT4-fs error (device loop1): ext4_do_update_inode:5244: inode #2: comm syz.1.1468: corrupted inode contents [ 233.559306][ T9673] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #2: comm syz.1.1468: mark_inode_dirty error [ 233.593472][ T9687] syzkaller0: entered promiscuous mode [ 233.598984][ T9687] syzkaller0: entered allmulticast mode [ 233.662885][ T5788] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 234.010590][ T9699] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1478'. [ 234.099807][ T5851] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 234.292424][ T5851] usb 2-1: Using ep0 maxpacket: 8 [ 234.302831][ T5851] usb 2-1: New USB device found, idVendor=0c45, idProduct=613e, bcdDevice=c4.6d [ 234.317406][ T5851] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 234.325946][ T5851] usb 2-1: Product: syz [ 234.339175][ T5851] usb 2-1: Manufacturer: syz [ 234.343789][ T5851] usb 2-1: SerialNumber: syz [ 234.371030][ T5851] usb 2-1: config 0 descriptor?? [ 234.380602][ T5851] gspca_main: sonixj-2.14.0 probing 0c45:613e [ 234.862107][ T9727] loop2: detected capacity change from 0 to 512 [ 234.885067][ T9727] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 234.951889][ T9727] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 234.968864][ T9727] ext4 filesystem being mounted at /385/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 235.109549][ T9727] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:478: comm syz.2.1490: Invalid block bitmap block 2653511513 in block_group 0 [ 235.141236][ T9727] EXT4-fs (loop2): Remounting filesystem read-only [ 235.198769][ T5778] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 235.491703][ T9742] loop3: detected capacity change from 0 to 8192 [ 236.395704][ T9762] netlink: 'syz.3.1503': attribute type 4 has an invalid length. [ 236.401559][ T9761] fuse: Bad value for 'fd' [ 236.403684][ T9762] netlink: 17 bytes leftover after parsing attributes in process `syz.3.1503'. [ 236.544305][ T9768] loop3: detected capacity change from 0 to 164 [ 236.617573][ T9768] rock: corrupted directory entry. extent=32, offset=0, size=65773 [ 236.818210][ T5851] gspca_sonixj: reg_w err -71 [ 236.839340][ T5851] sonixj: probe of 2-1:0.0 failed with error -71 [ 236.852157][ T5851] usb 2-1: USB disconnect, device number 10 [ 236.887059][ T9777] netlink: 'syz.3.1511': attribute type 3 has an invalid length. [ 236.900331][ T9777] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1511'. [ 237.463270][ T9790] loop1: detected capacity change from 0 to 256 [ 237.503423][ T9790] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 237.532794][ T9790] exFAT-fs (loop1): Medium has reported failures. Some data may be lost. [ 237.600051][ T9790] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x44ede5da, utbl_chksum : 0xe619d30d) [ 237.834819][ T9797] loop2: detected capacity change from 0 to 512 [ 237.908950][ T9797] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 237.960120][ T9797] ext4 filesystem being mounted at /393/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 238.104225][ T9808] Invalid ELF header magic: != ELF [ 238.242464][ T9797] EXT4-fs error (device loop2): ext4_xattr_delete_inode:2988: inode #14: comm syz.2.1521: corrupted xattr block 52: ea_inode specified without ea_inode feature enabled [ 238.342551][ T9797] EXT4-fs warning (device loop2): ext4_evict_inode:272: xattr delete (err -117) [ 238.454912][ T9814] loop1: detected capacity change from 0 to 128 [ 238.496993][ T5778] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 239.817716][ T9839] loop2: detected capacity change from 0 to 512 [ 239.982705][ T9839] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 240.701015][ T9839] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 240.757239][ T9839] ext4 filesystem being mounted at /395/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 240.848446][ T9839] EXT4-fs error (device loop2): ext4_do_update_inode:5244: inode #2: comm syz.2.1536: corrupted inode contents [ 240.893451][ T9839] EXT4-fs error (device loop2): ext4_dirty_inode:6120: inode #2: comm syz.2.1536: mark_inode_dirty error [ 240.932722][ T9839] EXT4-fs error (device loop2): ext4_do_update_inode:5244: inode #2: comm syz.2.1536: corrupted inode contents [ 240.955502][ T9839] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #2: comm syz.2.1536: mark_inode_dirty error [ 241.023004][ T5778] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 241.314014][ T9867] loop2: detected capacity change from 0 to 256 [ 241.669217][ T5837] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 241.869137][ T5837] usb 2-1: Using ep0 maxpacket: 16 [ 241.888386][ T5837] usb 2-1: config 1 has an invalid descriptor of length 97, skipping remainder of the config [ 241.912331][ T5837] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 241.929658][ T9888] bridge0: entered promiscuous mode [ 241.937957][ T9888] vlan2: entered promiscuous mode [ 241.955985][ T5837] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 241.965109][ T5837] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 241.979152][ T5837] usb 2-1: Product: syz [ 241.986350][ T5837] usb 2-1: Manufacturer: syz [ 241.997326][ T5837] usb 2-1: SerialNumber: syz [ 242.234765][ T5837] usb 2-1: 0:2 : does not exist [ 242.256244][ T5837] usb 2-1: 5:0: failed to get current value for ch 0 (-22) [ 242.318565][ T5837] usb 2-1: USB disconnect, device number 11 [ 242.404932][ T6604] udevd[6604]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 242.433162][ T9901] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1559'. [ 242.634547][ T9907] loop3: detected capacity change from 0 to 128 [ 242.664469][ T9907] FAT-fs (loop3): Directory bread(block 414) failed [ 242.675874][ T9907] FAT-fs (loop3): Directory bread(block 415) failed [ 242.683585][ T9907] FAT-fs (loop3): Directory bread(block 416) failed [ 242.691121][ T9907] FAT-fs (loop3): Directory bread(block 417) failed [ 242.697764][ T9907] FAT-fs (loop3): Directory bread(block 418) failed [ 242.705343][ T9907] FAT-fs (loop3): Directory bread(block 419) failed [ 242.712118][ T9907] FAT-fs (loop3): Directory bread(block 420) failed [ 242.718730][ T9907] FAT-fs (loop3): Directory bread(block 421) failed [ 242.947642][ T9916] loop3: detected capacity change from 0 to 512 [ 242.962521][ T9916] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 243.079891][ T9922] tipc: Started in network mode [ 243.084815][ T9922] tipc: Node identity fe80000000000000000000000000001, cluster identity 4711 [ 243.112784][ T9916] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 243.139842][ T9922] tipc: Enabled bearer , priority 10 [ 243.147311][ T9916] ext4 filesystem being mounted at /360/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 243.825812][ T9916] EXT4-fs error (device loop3): ext4_do_update_inode:5244: inode #2: comm syz.3.1563: corrupted inode contents [ 243.894934][ T9916] EXT4-fs error (device loop3): ext4_dirty_inode:6120: inode #2: comm syz.3.1563: mark_inode_dirty error [ 243.950889][ T9916] EXT4-fs error (device loop3): ext4_do_update_inode:5244: inode #2: comm syz.3.1563: corrupted inode contents [ 243.965178][ T9916] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #2: comm syz.3.1563: mark_inode_dirty error [ 244.077815][ T5782] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 244.150353][ T5837] tipc: Node number set to 4269801488 [ 244.393345][ T9944] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1579'. [ 244.410085][ T9944] bridge_slave_1: left allmulticast mode [ 244.415769][ T9944] bridge_slave_1: left promiscuous mode [ 244.429637][ T9944] bridge0: port 2(bridge_slave_1) entered disabled state [ 244.501568][ T9944] bridge_slave_0: left allmulticast mode [ 244.516581][ T9944] bridge_slave_0: left promiscuous mode [ 244.526874][ T9944] bridge0: port 1(bridge_slave_0) entered disabled state [ 246.189191][ T23] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 246.226637][T10011] warning: `syz.2.1605' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 246.259013][T10011] netlink: 'syz.2.1605': attribute type 10 has an invalid length. [ 246.389303][ T23] usb 2-1: Using ep0 maxpacket: 16 [ 246.404023][ T23] usb 2-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3 [ 246.419141][ T23] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 246.436879][ T23] usb 2-1: Product: syz [ 246.441432][ T23] usb 2-1: Manufacturer: syz [ 246.449502][ T23] usb 2-1: SerialNumber: syz [ 246.463093][ T23] usb 2-1: config 0 descriptor?? [ 246.483098][T10011] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 246.923959][ T23] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state. [ 246.937320][ T23] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 246.947968][ T23] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T) [ 246.957327][ T23] usb 2-1: media controller created [ 247.118311][T10000] Cannot find add_set index 0 as target [ 247.662831][ T23] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 248.730947][ T23] zl10353_read_register: readreg error (reg=127, ret==0) [ 248.738084][ T23] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T' [ 248.787741][ T23] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected. [ 248.899371][ T23] usb 2-1: USB disconnect, device number 12 [ 249.589405][ T23] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully deinitialized and disconnected. [ 251.075365][T10112] xt_time: unknown flags 0xc [ 251.929904][T10117] batadv_slave_1: entered promiscuous mode [ 251.959768][T10116] batadv_slave_1: left promiscuous mode [ 253.677102][T10141] loop3: detected capacity change from 0 to 512 [ 253.732431][T10141] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 253.777217][T10141] ext4 filesystem being mounted at /378/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 253.955266][ T5782] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 254.244004][T10156] loop1: detected capacity change from 0 to 4096 [ 254.283506][T10156] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 254.511559][T10156] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5916: Corrupt filesystem [ 254.529141][T10156] EXT4-fs error (device loop1): ext4_dirty_inode:6120: inode #18: comm syz.1.1658: mark_inode_dirty error [ 254.558564][T10156] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5916: Corrupt filesystem [ 254.579685][T10156] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm syz.1.1658: mark_inode_dirty error [ 254.599703][T10166] syzkaller0: entered promiscuous mode [ 254.605295][T10166] syzkaller0: entered allmulticast mode [ 254.611782][T10156] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5916: Corrupt filesystem [ 254.649036][T10156] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm syz.1.1658: mark_inode_dirty error [ 254.670397][T10156] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5916: Corrupt filesystem [ 254.693372][T10156] EXT4-fs error (device loop1): ext4_punch_hole:4134: inode #18: comm syz.1.1658: mark_inode_dirty error [ 254.880733][ T5788] EXT4-fs error (device loop1): ext4_map_blocks:608: inode #2: block 16: comm syz-executor: lblock 0 mapped to illegal pblock 16 (length 1) [ 254.922612][ T5788] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5916: Corrupt filesystem [ 255.512480][ T137] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 9 with max blocks 102 with error 117 [ 255.609258][ T137] EXT4-fs (loop1): This should not happen!! Data will be lost [ 255.609258][ T137] [ 255.687770][ T6517] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 255.902573][T10185] overlayfs: failed to clone upperpath [ 255.931699][ T1281] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.959765][ T1281] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.233720][T10183] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1669'. [ 256.353692][T10183] bridge_slave_1: left allmulticast mode [ 256.421627][T10183] bridge_slave_1: left promiscuous mode [ 256.433328][T10183] bridge0: port 2(bridge_slave_1) entered disabled state [ 256.506522][T10183] bridge_slave_0: left allmulticast mode [ 256.515728][T10183] bridge_slave_0: left promiscuous mode [ 256.528005][T10183] bridge0: port 1(bridge_slave_0) entered disabled state [ 256.913663][ T49] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 257.096654][ T49] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 257.126471][T10201] tipc: Enabling of bearer rejected, failed to enable media [ 257.167223][ T5793] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 257.177162][ T5793] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 257.189267][ T5793] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 257.198254][ T5793] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 257.206369][ T5793] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 257.214270][ T5793] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 257.292319][ T49] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 257.406168][ T49] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 257.885885][T10204] chnl_net:caif_netlink_parms(): no params data found [ 258.011874][ T49] tipc: Left network mode [ 258.528427][T10204] bridge0: port 1(bridge_slave_0) entered blocking state [ 258.545685][T10204] bridge0: port 1(bridge_slave_0) entered disabled state [ 258.571674][T10204] bridge_slave_0: entered allmulticast mode [ 258.592023][T10204] bridge_slave_0: entered promiscuous mode [ 258.611659][T10204] bridge0: port 2(bridge_slave_1) entered blocking state [ 258.627225][T10204] bridge0: port 2(bridge_slave_1) entered disabled state [ 258.646732][T10204] bridge_slave_1: entered allmulticast mode [ 258.668270][T10204] bridge_slave_1: entered promiscuous mode [ 258.903564][T10204] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 258.916646][T10204] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 259.032956][T10204] team0: Port device team_slave_0 added [ 259.053495][T10204] team0: Port device team_slave_1 added [ 259.291647][ T51] Bluetooth: hci3: command tx timeout [ 259.309280][T10254] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1686'. [ 259.337199][T10254] bridge_slave_1: left allmulticast mode [ 259.344919][T10260] binder: 10259:10260 unknown command 1074553620 [ 259.346889][T10254] bridge_slave_1: left promiscuous mode [ 259.351508][T10260] binder: 10259:10260 ioctl c0306201 200000000940 returned -22 [ 259.357707][T10254] bridge0: port 2(bridge_slave_1) entered disabled state [ 259.561641][T10204] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 259.568626][T10204] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 259.594659][T10204] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 259.607694][T10204] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 259.614817][T10204] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 259.640790][T10204] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 259.842852][T10204] hsr_slave_0: entered promiscuous mode [ 259.909900][T10204] hsr_slave_1: entered promiscuous mode [ 259.970166][T10204] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 259.999352][T10204] Cannot create hsr debugfs directory [ 260.091874][T10276] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off. [ 260.115380][T10276] overlayfs: missing 'lowerdir' [ 261.359387][ T51] Bluetooth: hci3: command tx timeout [ 261.598409][ T27] audit: type=1326 audit(1763300194.859:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10294 comm="syz.3.1699" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f660738f6c9 code=0x7fc00000 [ 261.672879][T10314] syz.0.1705 uses obsolete (PF_INET,SOCK_PACKET) [ 261.857122][ T49] hsr_slave_0: left promiscuous mode [ 261.913333][ T49] hsr_slave_1: left promiscuous mode [ 262.020730][ T49] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 262.039315][ T49] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 262.063124][ T49] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 262.085624][ T49] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 262.106208][ T49] dummy0: left allmulticast mode [ 262.117840][ T49] bridge0: port 3(dummy0) entered disabled state [ 262.161995][ T49] bridge_slave_1: left allmulticast mode [ 262.172478][ T49] bridge_slave_1: left promiscuous mode [ 262.185396][ T49] bridge0: port 2(bridge_slave_1) entered disabled state [ 262.241941][ T49] bridge_slave_0: left allmulticast mode [ 262.251712][ T49] bridge_slave_0: left promiscuous mode [ 262.257557][ T49] bridge0: port 1(bridge_slave_0) entered disabled state [ 262.429759][ T49] veth1_macvtap: left promiscuous mode [ 262.435789][ T49] veth0_macvtap: left promiscuous mode [ 262.442631][ T49] veth1_vlan: left promiscuous mode [ 262.448179][ T49] veth0_vlan: left promiscuous mode [ 263.449281][ T51] Bluetooth: hci3: command tx timeout [ 264.395385][ T49] team0 (unregistering): Port device team_slave_1 removed [ 264.603467][ T49] team0 (unregistering): Port device team_slave_0 removed [ 264.830903][ T49] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 265.050564][ T49] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 265.519363][ T51] Bluetooth: hci3: command tx timeout [ 267.593074][ T49] bond0 (unregistering): Released all slaves [ 267.825385][T10204] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 267.897237][T10204] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 267.962723][T10204] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 268.065091][T10204] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 268.484439][T10204] 8021q: adding VLAN 0 to HW filter on device bond0 [ 268.591167][T10204] 8021q: adding VLAN 0 to HW filter on device team0 [ 268.636353][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 268.643563][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 268.720398][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 268.727558][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 268.858030][T10204] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 269.375857][T10204] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 269.562284][T10428] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1728'. [ 270.025005][T10204] veth0_vlan: entered promiscuous mode [ 270.048292][T10204] veth1_vlan: entered promiscuous mode [ 270.156406][T10204] veth0_macvtap: entered promiscuous mode [ 270.193728][T10204] veth1_macvtap: entered promiscuous mode [ 270.248506][T10204] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 270.279087][T10204] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 270.288928][T10204] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 270.320905][T10204] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 270.343551][T10204] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 270.382320][T10204] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 270.419232][T10204] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 270.437416][T10204] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 270.479178][T10204] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 270.501232][T10204] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 270.531944][T10204] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 270.551219][T10204] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 270.575832][T10204] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 270.597815][T10204] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 270.720408][T10467] Driver unsupported XDP return value 0 on prog (id 62) dev N/A, expect packet loss! [ 270.843884][ T137] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 270.863172][ T137] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 270.965601][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 271.003873][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 271.337732][ T51] Bluetooth: hci1: unexpected event for opcode 0x0c20 [ 274.746840][T10590] loop4: detected capacity change from 0 to 512 [ 274.833655][T10595] kAFS: unable to lookup cell '' [ 274.987045][T10590] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 275.235153][T10590] EXT4-fs (loop4): 1 truncate cleaned up [ 275.422322][T10590] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 275.684650][T10204] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 278.822224][T10654] netlink: 'syz.0.1787': attribute type 10 has an invalid length. [ 278.839337][T10654] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1787'. [ 278.954560][T10654] team0: Port device geneve0 added [ 278.999139][ T23] usb 4-1: new full-speed USB device number 16 using dummy_hcd [ 279.192898][ T23] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 279.208008][ T23] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 279.217263][ T23] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 279.230855][ T23] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 279.252169][ T23] usb 4-1: config 0 descriptor?? [ 279.751451][ T5852] usb 4-1: USB disconnect, device number 16 [ 280.343737][T10672] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1791'. [ 280.457853][T10677] loop3: detected capacity change from 0 to 512 [ 280.506249][T10677] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 280.523857][T10681] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 280.555365][T10677] EXT4-fs (loop3): 1 truncate cleaned up [ 280.583143][T10677] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 280.766573][ T5782] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 281.945412][T10706] netlink: 'syz.0.1802': attribute type 4 has an invalid length. [ 282.202280][T10718] binder: Bad value for 'max' [ 282.276948][T10720] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 284.734889][T10787] loop4: detected capacity change from 0 to 128 [ 284.741527][T10789] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1829'. [ 284.787544][T10787] FAT-fs (loop4): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1) [ 289.746910][T10877] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1852'. [ 291.996423][T10923] loop4: detected capacity change from 0 to 1024 [ 292.004053][T10923] EXT4-fs: inline encryption not supported [ 292.137358][T10923] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a80ec018, mo2=0002] [ 292.164017][T10923] System zones: 0-1, 3-12 [ 292.183934][T10923] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 293.150047][T10923] loop4: detected capacity change from 1024 to 64 [ 293.170910][T10923] syz.4.1869: attempt to access beyond end of device [ 293.170910][T10923] loop4: rw=0, sector=224, nr_sectors = 2 limit=64 [ 293.268598][T10204] EXT4-fs error (device loop4): ext4_readdir:263: inode #2: block 16: comm syz-executor: path /27/file1: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=17104912, rec_len=26982, size=1024 fake=0 [ 293.387356][T10204] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 293.449858][T10926] kmmpd-loop4: attempt to access beyond end of device [ 293.449858][T10926] loop4: rw=14337, sector=128, nr_sectors = 2 limit=64 [ 293.477443][T10926] Buffer I/O error on dev loop4, logical block 64, lost sync page write [ 294.264804][ T8774] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 294.503369][ T8774] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 294.701909][ T8774] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 294.815842][T11013] loop3: detected capacity change from 0 to 2048 [ 294.900390][T11013] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none. [ 294.934159][ T8774] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 294.990640][ T5793] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 295.003993][ T5793] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 295.021570][ T5793] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 295.031953][ T5793] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 295.041249][ T5793] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 295.048823][ T5793] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 295.103468][T11013] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1215: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 295.127159][T11013] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 114 with error 28 [ 295.145686][T11013] EXT4-fs (loop3): This should not happen!! Data will be lost [ 295.145686][T11013] [ 295.156032][T11013] EXT4-fs (loop3): Total free blocks count 0 [ 295.162695][T11013] EXT4-fs (loop3): Free/Dirty block details [ 295.169482][T11013] EXT4-fs (loop3): free_blocks=2415919104 [ 295.175342][T11013] EXT4-fs (loop3): dirty_blocks=128 [ 295.185475][T11013] EXT4-fs (loop3): Block reservation details [ 295.199542][T11013] EXT4-fs (loop3): i_reserved_data_blocks=8 [ 295.627066][ T5782] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000900. [ 296.101220][T11022] chnl_net:caif_netlink_parms(): no params data found [ 296.430886][T11062] overlayfs: missing 'lowerdir' [ 296.930622][T11022] bridge0: port 1(bridge_slave_0) entered blocking state [ 296.960701][T11022] bridge0: port 1(bridge_slave_0) entered disabled state [ 296.976273][T11022] bridge_slave_0: entered allmulticast mode [ 296.994112][T11022] bridge_slave_0: entered promiscuous mode [ 297.094662][T11022] bridge0: port 2(bridge_slave_1) entered blocking state [ 297.102274][T11022] bridge0: port 2(bridge_slave_1) entered disabled state [ 297.110500][T11022] bridge_slave_1: entered allmulticast mode [ 297.117282][T11022] bridge_slave_1: entered promiscuous mode [ 297.123703][ T51] Bluetooth: hci3: command tx timeout [ 297.268979][T11022] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 297.384299][T11022] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 297.468586][T11022] team0: Port device team_slave_0 added [ 297.478817][T11022] team0: Port device team_slave_1 added [ 297.554761][T11022] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 297.569317][T11022] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 297.622220][T11022] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 297.637388][T11022] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 297.645290][T11022] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 297.707340][T11022] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 297.934570][T11022] hsr_slave_0: entered promiscuous mode [ 297.959793][T11022] hsr_slave_1: entered promiscuous mode [ 298.147877][ T8774] hsr_slave_0: left promiscuous mode [ 298.160411][ T8774] hsr_slave_1: left promiscuous mode [ 298.170466][T11105] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 298.185223][ T8774] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 298.193137][T11105] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 298.208655][ T8774] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 298.214403][T11105] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 298.230012][ T8774] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 298.244812][ T8774] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 298.249292][T11105] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 298.259892][ T8774] bridge_slave_1: left allmulticast mode [ 298.265436][T11105] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 298.284025][ T8774] bridge_slave_1: left promiscuous mode [ 298.303306][ T8774] bridge0: port 2(bridge_slave_1) entered disabled state [ 298.325430][T11105] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 298.361470][ T8774] bridge_slave_0: left allmulticast mode [ 298.367159][ T8774] bridge_slave_0: left promiscuous mode [ 298.409278][ T8774] bridge0: port 1(bridge_slave_0) entered disabled state [ 298.610002][ T8774] veth1_macvtap: left promiscuous mode [ 298.616017][ T8774] veth0_macvtap: left promiscuous mode [ 298.638225][ T8774] veth1_vlan: left promiscuous mode [ 298.650053][ T8774] veth0_vlan: left promiscuous mode [ 299.534199][ T51] Bluetooth: hci0: command 0x0c1a tx timeout [ 300.239400][ T51] Bluetooth: hci2: command 0x0c1a tx timeout [ 300.245468][ T51] Bluetooth: hci1: command 0x0c1a tx timeout [ 300.319795][ T51] Bluetooth: hci3: command 0x040f tx timeout [ 301.051818][T11214] overlayfs: failed to clone upperpath [ 301.401809][T11235] loop3: detected capacity change from 0 to 128 [ 301.743455][ T8774] team0 (unregistering): Port device team_slave_1 removed [ 301.898185][T11241] usb usb7: usbfs: process 11241 (syz.3.1954) did not claim interface 0 before use [ 301.923377][ T8774] team0 (unregistering): Port device team_slave_0 removed [ 302.179266][ T8774] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 302.409920][ T51] Bluetooth: hci3: command 0x040f tx timeout [ 302.471535][ T8774] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 304.479509][ T51] Bluetooth: hci3: command 0x040f tx timeout [ 305.131611][ T8774] bond0 (unregistering): Released all slaves [ 305.379170][T11249] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1957'. [ 305.740509][T11258] overlayfs: failed to clone upperpath [ 305.951739][T11266] binder: BINDER_SET_CONTEXT_MGR already set [ 306.100813][T11266] binder: 11262:11266 ioctl 4018620d 200000000140 returned -16 [ 306.569189][ T51] Bluetooth: hci3: command 0x040f tx timeout [ 306.570564][T11022] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 306.670066][T11022] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 306.721935][T11022] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 306.783622][T11022] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 307.108006][T11022] 8021q: adding VLAN 0 to HW filter on device bond0 [ 307.158113][T11022] 8021q: adding VLAN 0 to HW filter on device team0 [ 307.200010][ T8776] bridge0: port 1(bridge_slave_0) entered blocking state [ 307.208333][ T8776] bridge0: port 1(bridge_slave_0) entered forwarding state [ 307.253100][ T8774] bridge0: port 2(bridge_slave_1) entered blocking state [ 307.260337][ T8774] bridge0: port 2(bridge_slave_1) entered forwarding state [ 307.931478][T11022] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 308.639983][ T51] Bluetooth: hci3: command 0x040f tx timeout [ 308.664449][T11022] veth0_vlan: entered promiscuous mode [ 308.678493][T11022] veth1_vlan: entered promiscuous mode [ 308.718734][T11022] veth0_macvtap: entered promiscuous mode [ 308.747514][T11022] veth1_macvtap: entered promiscuous mode [ 308.827993][T11022] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 308.859948][T11022] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 308.879474][T11022] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 308.900374][T11022] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 308.930575][T11022] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 308.956872][T11022] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 308.993335][T11022] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 309.013356][T11022] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 309.039686][T11022] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 309.071752][T11022] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 309.091397][T11022] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 309.129556][T11022] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 309.149547][T11022] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 309.166992][T11022] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 309.388404][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 309.419415][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 309.484111][ T1094] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 309.503795][ T1094] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 310.142618][T11414] binder_alloc: 11410: binder_alloc_buf, no vma [ 310.171245][T11411] binder: 11410:11411 ioctl c0306201 200000000580 returned -14 [ 310.644417][T11428] 9pnet: Could not find request transport: f [ 311.101838][T11452] batadv_slave_1: entered promiscuous mode [ 311.123091][T11448] batadv_slave_1: left promiscuous mode [ 311.213956][T11451] syz.2.2011 (11451) used greatest stack depth: 17960 bytes left [ 311.319431][ T1206] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 311.524585][ T1206] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 311.548696][ T1206] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 311.568106][ T1206] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 311.577815][ T1206] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 311.590334][ T1206] usb 4-1: SerialNumber: syz [ 311.806503][ T1206] usb 4-1: 0:2 : does not exist [ 311.847215][ T1206] usb 4-1: USB disconnect, device number 17 [ 311.894266][T10354] udevd[10354]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 312.650036][ T8] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 313.079253][ T8] usb 6-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 313.120395][ T8] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 313.128440][ T8] usb 6-1: Product: syz [ 313.169529][ T8] usb 6-1: Manufacturer: syz [ 313.176102][ T8] usb 6-1: SerialNumber: syz [ 313.428457][ T8] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -32 [ 313.464842][ T8] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -32 [ 313.935205][T11540] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2030'. [ 314.704526][ T8] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -32 [ 315.156520][ T8] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): EEPROM read operation timeout [ 315.357218][ T8] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00001000. ret = -71 [ 315.373683][ T8] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00001004. ret = -71 [ 315.399593][ T8] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00001008. ret = -71 [ 315.413379][ T8] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00001020. ret = -71 [ 315.427091][ T8] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00001028. ret = -71 [ 315.444469][ T8] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00001030. ret = -71 [ 315.469815][ T8] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00001018. ret = -71 [ 315.493800][ T8] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 315.516228][ T8] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 315.561015][ T8] lan78xx: probe of 6-1:1.0 failed with error -71 [ 315.577211][ T8] usb 6-1: USB disconnect, device number 2 [ 316.184109][ T27] audit: type=1326 audit(1763300249.449:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11607 comm="syz.2.2048" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff547f8f6c9 code=0x7fc00000 [ 316.244238][ T27] audit: type=1326 audit(1763300249.509:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11607 comm="syz.2.2048" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff547f8f6c9 code=0x7fc00000 [ 316.304202][ T27] audit: type=1326 audit(1763300249.569:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11607 comm="syz.2.2048" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff547f8f6c9 code=0x7fc00000 [ 316.364234][ T27] audit: type=1326 audit(1763300249.629:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11607 comm="syz.2.2048" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff547f8f6c9 code=0x7fc00000 [ 316.439316][ T27] audit: type=1326 audit(1763300249.689:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11607 comm="syz.2.2048" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff547f8f6c9 code=0x7fc00000 [ 316.484289][ T27] audit: type=1326 audit(1763300249.749:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11607 comm="syz.2.2048" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff547f8f6c9 code=0x7fc00000 [ 316.544408][ T27] audit: type=1326 audit(1763300249.809:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11607 comm="syz.2.2048" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff547f8f6c9 code=0x7fc00000 [ 316.670527][ T27] audit: type=1326 audit(1763300249.929:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11607 comm="syz.2.2048" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff547f8f6c9 code=0x7fc00000 [ 316.784251][ T27] audit: type=1326 audit(1763300250.049:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11607 comm="syz.2.2048" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff547f8f6c9 code=0x7fc00000 [ 316.844775][ T27] audit: type=1326 audit(1763300250.109:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11607 comm="syz.2.2048" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff547f8f6c9 code=0x7fc00000 [ 317.282488][ T1281] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.289000][ T1281] ieee802154 phy1 wpan1: encryption failed: -22 [ 318.796366][T11672] binder: Bad value for 'max' [ 319.325760][ T1206] IPVS: starting estimator thread 0... [ 319.343765][T11702] input: syz0 as /devices/virtual/input/input22 [ 319.354969][T11696] loop3: detected capacity change from 0 to 2048 [ 319.444631][T11696] loop3: p1 < > p4 [ 319.450179][T11703] IPVS: using max 21 ests per chain, 50400 per kthread [ 319.453045][T11696] loop3: p4 size 8388608 extends beyond EOD, truncated [ 319.856121][T11721] binder: Bad value for 'max' [ 320.291025][T11746] netlink: 'syz.0.2102': attribute type 3 has an invalid length. [ 320.298881][T11746] netlink: 52 bytes leftover after parsing attributes in process `syz.0.2102'. [ 321.545330][T11775] loop5: detected capacity change from 0 to 16 [ 321.622174][T11775] erofs: (device loop5): mounted with root inode @ nid 36. [ 322.137541][T11804] binder: Bad value for 'max' [ 324.169903][T11864] 9pnet_virtio: no channels available for device [ 324.485028][T11878] netlink: 'syz.3.2151': attribute type 3 has an invalid length. [ 324.506323][T11878] netlink: 52 bytes leftover after parsing attributes in process `syz.3.2151'. [ 324.527022][T11883] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2153'. [ 325.388998][T11890] loop3: detected capacity change from 0 to 128 [ 325.524106][T10354] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 326.242400][T11931] binder: Bad value for 'max' [ 326.388665][T11936] netlink: 44 bytes leftover after parsing attributes in process `syz.5.2173'. [ 326.406305][T11936] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2173'. [ 326.769116][ T27] kauditd_printk_skb: 2 callbacks suppressed [ 326.769131][ T27] audit: type=1326 audit(1763300260.019:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11948 comm="syz.3.2176" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f660738f6c9 code=0x7fc00000 [ 326.866460][ T27] audit: type=1326 audit(1763300260.079:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11948 comm="syz.3.2176" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f660738f6c9 code=0x7fc00000 [ 326.908765][ T27] audit: type=1326 audit(1763300260.169:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11948 comm="syz.3.2176" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f660738f6c9 code=0x7fc00000 [ 327.472678][ T27] audit: type=1326 audit(1763300260.729:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11948 comm="syz.3.2176" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f660738f6c9 code=0x7fc00000 [ 328.037701][T12017] overlayfs: failed to clone upperpath [ 329.239379][ T1206] usb 4-1: new full-speed USB device number 18 using dummy_hcd [ 329.431144][ T1206] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 329.448877][ T1206] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 329.459321][ T1206] usb 4-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00 [ 329.468372][ T1206] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 329.503088][ T1206] usb 4-1: config 0 descriptor?? [ 330.150180][ T1206] hid-thrustmaster 0003:044F:B65D.000A: item fetching failed at offset 5/7 [ 330.226250][ T1206] hid-thrustmaster 0003:044F:B65D.000A: parse failed with error -22 [ 330.253274][ T1206] hid-thrustmaster: probe of 0003:044F:B65D.000A failed with error -22 [ 330.320580][ T1206] usb 4-1: USB disconnect, device number 18 [ 330.743752][T12109] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2221'. [ 331.131741][T12126] syzkaller0: entered promiscuous mode [ 331.146737][T12126] syzkaller0: entered allmulticast mode [ 332.315030][T12172] 9pnet_fd: Insufficient options for proto=fd [ 335.609032][T12220] mmap: syz.3.2251 (12220) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 337.309219][T12256] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 339.847776][T12334] libceph: resolve '4..' (ret=-3): failed [ 340.812611][T12379] netlink: 44 bytes leftover after parsing attributes in process `syz.5.2313'. [ 340.837555][T12379] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2313'. [ 340.998205][T12384] syzkaller0: entered promiscuous mode [ 341.007558][T12384] syzkaller0: entered allmulticast mode [ 341.699379][ T27] audit: type=1326 audit(1763300274.969:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12413 comm="syz.5.2325" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f310cd8f6c9 code=0x7ffc0000 [ 341.728250][ T27] audit: type=1326 audit(1763300274.989:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12413 comm="syz.5.2325" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f310cd8f6c9 code=0x7ffc0000 [ 341.777328][ T27] audit: type=1326 audit(1763300274.989:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12413 comm="syz.5.2325" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f310cd8f6c9 code=0x7ffc0000 [ 341.826674][ T27] audit: type=1326 audit(1763300274.989:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12413 comm="syz.5.2325" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f310cd8f6c9 code=0x7ffc0000 [ 341.850204][ T27] audit: type=1326 audit(1763300274.989:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12413 comm="syz.5.2325" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f310cd8f6c9 code=0x7ffc0000 [ 341.899812][ T27] audit: type=1326 audit(1763300274.989:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12413 comm="syz.5.2325" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f310cd8f6c9 code=0x7ffc0000 [ 341.939619][ T27] audit: type=1326 audit(1763300274.989:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12413 comm="syz.5.2325" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f310cd8f6c9 code=0x7ffc0000 [ 341.972923][ T27] audit: type=1326 audit(1763300274.989:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12413 comm="syz.5.2325" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f310cd8f6c9 code=0x7ffc0000 [ 341.997290][ T27] audit: type=1326 audit(1763300275.019:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12413 comm="syz.5.2325" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f310cd8f6c9 code=0x7ffc0000 [ 342.098107][ T27] audit: type=1326 audit(1763300275.019:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12413 comm="syz.5.2325" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f310cd8f6c9 code=0x7ffc0000 [ 343.364076][T12456] loop5: detected capacity change from 0 to 2048 [ 343.409796][T12456] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 354.148605][T12509] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2363'. [ 354.771923][T12534] @: renamed from vlan0 (while UP) [ 355.304242][T12540] netlink: 104 bytes leftover after parsing attributes in process `syz.2.2377'. [ 357.766581][T12609] netlink: 'syz.5.2405': attribute type 1 has an invalid length. [ 357.813260][T12609] netlink: 68 bytes leftover after parsing attributes in process `syz.5.2405'. [ 358.665926][T12649] overlayfs: failed to clone upperpath [ 359.035446][T12662] overlayfs: failed to resolve './file0': -2 [ 359.764740][T12696] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2440'. [ 359.773915][T12696] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2440'. [ 360.208043][T12714] loop3: detected capacity change from 0 to 128 [ 360.233328][T12714] FAT-fs (loop3): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1) [ 360.600672][T12728] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 362.064317][T12780] overlayfs: failed to clone upperpath [ 362.535557][T12789] netlink: 44 bytes leftover after parsing attributes in process `syz.5.2477'. [ 362.559158][T12789] netlink: 32 bytes leftover after parsing attributes in process `syz.5.2477'. [ 364.176531][T12847] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 365.268043][T12880] loop3: detected capacity change from 0 to 128 [ 366.769507][T12939] xt_nfacct: accounting object `syz1' does not exist [ 367.550705][T12943] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 367.559647][T12943] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 369.474795][T12998] loop5: detected capacity change from 0 to 256 [ 369.624743][T12998] syz.5.2566: attempt to access beyond end of device [ 369.624743][T12998] loop5: rw=2049, sector=256, nr_sectors = 4 limit=256 [ 369.647405][T12998] syz.5.2566: attempt to access beyond end of device [ 369.647405][T12998] loop5: rw=2049, sector=256, nr_sectors = 4 limit=256 [ 370.558339][T13013] netlink: 'syz.2.2571': attribute type 10 has an invalid length. [ 372.254115][T13045] binder: Bad value for 'stats' [ 374.955506][T13098] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2604'. [ 376.895594][T13135] loop5: detected capacity change from 0 to 128 [ 378.030044][T13146] veth1_macvtap: left promiscuous mode [ 378.035573][T13146] macsec0: entered promiscuous mode [ 378.087172][T13146] macsec0: entered allmulticast mode [ 378.121997][T13151] loop5: detected capacity change from 0 to 16 [ 378.151620][T13149] veth1_macvtap: entered promiscuous mode [ 378.157396][T13149] veth1_macvtap: entered allmulticast mode [ 378.177298][T13151] erofs: (device loop5): z_erofs_load_lz4_config: too large lz4 pclusterblks 16832 [ 378.191537][T13149] macsec0: left promiscuous mode [ 378.196665][T13149] macsec0: left allmulticast mode [ 378.205922][T13149] veth1_macvtap: left allmulticast mode [ 378.245248][T12498] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 378.730189][ T1281] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.736615][ T1281] ieee802154 phy1 wpan1: encryption failed: -22 [ 381.340429][ T9] IPVS: starting estimator thread 0... [ 381.449203][T13200] IPVS: using max 19 ests per chain, 45600 per kthread [ 382.623977][T13243] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2651'. [ 383.306336][T13270] netlink: 56 bytes leftover after parsing attributes in process `syz.3.2664'. [ 383.483984][T13280] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2670'. [ 383.594217][T13284] binder: 13283:13284 ioctl 4018620d 0 returned -22 [ 384.091941][T13300] overlayfs: failed to clone upperpath [ 384.547038][T13312] xt_socket: unknown flags 0x50 [ 385.362731][T13316] binder: 13315:13316 ioctl 4018620d 0 returned -22 [ 386.579040][T13357] overlayfs: failed to clone upperpath [ 387.577498][T13380] overlayfs: failed to resolve './file0': -2 [ 390.596038][T13420] netlink: 104 bytes leftover after parsing attributes in process `syz.3.2723'. [ 395.465705][T13516] netlink: 25 bytes leftover after parsing attributes in process `syz.3.2760'. [ 396.697295][ T27] kauditd_printk_skb: 23 callbacks suppressed [ 396.697310][ T27] audit: type=1326 audit(1763300329.959:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13542 comm="syz.5.2770" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f310cd8f6c9 code=0x7ffc0000 [ 396.729326][ T27] audit: type=1326 audit(1763300329.999:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13542 comm="syz.5.2770" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f310cd8f6c9 code=0x7ffc0000 [ 396.760249][ T27] audit: type=1326 audit(1763300329.999:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13542 comm="syz.5.2770" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f310cd8f6c9 code=0x7ffc0000 [ 396.787689][ T27] audit: type=1326 audit(1763300329.999:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13542 comm="syz.5.2770" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f310cd8f6c9 code=0x7ffc0000 [ 396.816924][ T27] audit: type=1326 audit(1763300329.999:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13542 comm="syz.5.2770" exe="/root/syz-executor" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7f310cd8f6c9 code=0x7ffc0000 [ 396.844280][ T27] audit: type=1326 audit(1763300330.019:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13542 comm="syz.5.2770" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f310cd8f6c9 code=0x7ffc0000 [ 396.871441][ T27] audit: type=1326 audit(1763300330.019:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13542 comm="syz.5.2770" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f310cd8f6c9 code=0x7ffc0000 [ 396.901280][ T27] audit: type=1326 audit(1763300330.019:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13542 comm="syz.5.2770" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f310cd8f6c9 code=0x7ffc0000 [ 396.930514][ T27] audit: type=1326 audit(1763300330.019:126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13542 comm="syz.5.2770" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f310cd8f6c9 code=0x7ffc0000 [ 396.961930][ T27] audit: type=1326 audit(1763300330.019:127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13542 comm="syz.5.2770" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f310cd8f6c9 code=0x7ffc0000 [ 399.175284][T13605] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2798'. [ 402.039890][T13639] bond0: entered allmulticast mode [ 402.045102][T13639] bond_slave_0: entered allmulticast mode [ 402.051020][T13639] bond_slave_1: entered allmulticast mode [ 404.022238][ T27] kauditd_printk_skb: 18 callbacks suppressed [ 404.022253][ T27] audit: type=1326 audit(1763300337.289:146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13702 comm="syz.2.2838" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff547f8f6c9 code=0x7ffc0000 [ 404.053763][ T27] audit: type=1326 audit(1763300337.289:147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13702 comm="syz.2.2838" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff547f8f6c9 code=0x7ffc0000 [ 404.077228][ T27] audit: type=1326 audit(1763300337.289:148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13702 comm="syz.2.2838" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7ff547f8f6c9 code=0x7ffc0000 [ 404.105910][ T27] audit: type=1326 audit(1763300337.289:149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13702 comm="syz.2.2838" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff547f8f6c9 code=0x7ffc0000 [ 404.135109][ T27] audit: type=1326 audit(1763300337.289:150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13702 comm="syz.2.2838" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff547f8f6c9 code=0x7ffc0000 [ 404.338561][T13719] overlayfs: failed to clone upperpath [ 406.728535][T13811] net_ratelimit: 1 callbacks suppressed [ 406.734307][T13811] openvswitch: netlink: Key 22 has unexpected len 2 expected 4 [ 407.821667][T13838] overlayfs: failed to clone upperpath [ 407.951333][T13848] netlink: 'syz.3.2893': attribute type 4 has an invalid length. [ 407.969300][T13848] netlink: 17 bytes leftover after parsing attributes in process `syz.3.2893'. [ 409.239846][T13878] tipc: Enabling of bearer rejected, failed to enable media [ 409.344813][ T51] Bluetooth: hci0: unknown advertising packet type: 0x6c [ 409.344934][ T51] Bluetooth: hci0: unknown advertising packet type: 0x20 [ 409.357508][ T51] Bluetooth: hci0: unknown advertising packet type: 0x40 [ 409.368483][ T51] Bluetooth: hci0: unknown advertising packet type: 0x09 [ 409.375907][ T51] Bluetooth: hci0: Malformed LE Event: 0x02 [ 412.674814][T13935] binder: Bad value for 'stats' [ 414.366459][T13966] netlink: 'syz.0.2945': attribute type 4 has an invalid length. [ 414.380331][T13966] netlink: 17 bytes leftover after parsing attributes in process `syz.0.2945'. [ 416.753813][T13998] netlink: 'syz.2.2952': attribute type 4 has an invalid length. [ 416.799360][T13998] netlink: 17 bytes leftover after parsing attributes in process `syz.2.2952'. [ 418.056748][T14011] overlayfs: failed to clone upperpath [ 419.232666][T14032] netlink: 'syz.2.2966': attribute type 4 has an invalid length. [ 419.358668][T14037] overlayfs: failed to clone upperpath [ 420.126282][T14051] netlink: 92 bytes leftover after parsing attributes in process `syz.0.2972'. [ 420.531036][T14054] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2974'. [ 421.092868][T14073] overlayfs: failed to clone upperpath [ 421.195803][T14078] batadv_slave_1: entered promiscuous mode [ 421.228641][T14077] batadv_slave_1: left promiscuous mode [ 422.625908][T14108] overlayfs: failed to clone upperpath [ 423.860807][T14126] overlayfs: failed to clone upperpath [ 424.396824][T14144] overlayfs: failed to clone upperpath [ 426.550402][T14171] loop5: detected capacity change from 0 to 4096 [ 426.579381][T14171] ntfs3: loop5: Different NTFS sector size (1024) and media sector size (512). [ 427.416323][T14171] ntfs3: loop5: Failed to initialize $Secure::$SDH (-22). [ 427.430792][T14171] ntfs3: loop5: Failed to initialize $Secure (-22). [ 427.734750][T14196] binder: 14195:14196 ioctl c0306201 2000000001c0 returned -14 [ 428.161662][T14219] binder: 14218:14219 ioctl 80089418 2000000000c0 returned -22 [ 430.618199][T14243] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3041'. [ 431.049674][T14256] overlayfs: failed to clone upperpath [ 431.938675][T14280] overlayfs: failed to clone upperpath [ 432.290296][T14286] netlink: 'syz.0.3056': attribute type 3 has an invalid length. [ 437.430333][T14344] overlayfs: failed to clone upperpath [ 439.321754][ T27] audit: type=1326 audit(1763300372.589:151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14376 comm="syz.0.3087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f27ce78f6c9 code=0x50000 [ 439.373319][ T27] audit: type=1326 audit(1763300372.589:152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14376 comm="syz.0.3087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f27ce78f6c9 code=0x50000 [ 439.426341][ T27] audit: type=1326 audit(1763300372.589:153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14376 comm="syz.0.3087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f27ce78f6c9 code=0x50000 [ 439.472477][ T27] audit: type=1326 audit(1763300372.589:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14376 comm="syz.0.3087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f27ce78f6c9 code=0x50000 [ 439.520359][ T27] audit: type=1326 audit(1763300372.589:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14376 comm="syz.0.3087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f27ce78f6c9 code=0x50000 [ 439.583129][ T27] audit: type=1326 audit(1763300372.589:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14376 comm="syz.0.3087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f27ce78f6c9 code=0x50000 [ 439.643604][ T27] audit: type=1326 audit(1763300372.589:157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14376 comm="syz.0.3087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f27ce78f6c9 code=0x50000 [ 439.678724][ T27] audit: type=1326 audit(1763300372.589:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14376 comm="syz.0.3087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f27ce78f6c9 code=0x50000 [ 439.705192][ T27] audit: type=1326 audit(1763300372.589:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14376 comm="syz.0.3087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f27ce78f6c9 code=0x50000 [ 439.728646][ T27] audit: type=1326 audit(1763300372.589:160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14376 comm="syz.0.3087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f27ce78f6c9 code=0x50000 [ 439.914815][T14387] loop5: detected capacity change from 0 to 512 [ 439.976563][T14387] EXT4-fs error (device loop5): __ext4_fill_super:5497: inode #2: comm syz.5.3091: inode has both inline data and extents flags [ 440.001924][T14387] EXT4-fs (loop5): get root inode failed [ 440.007604][T14387] EXT4-fs (loop5): mount failed [ 440.032647][T14393] overlayfs: failed to clone upperpath [ 440.165584][ T1281] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.172861][ T1281] ieee802154 phy1 wpan1: encryption failed: -22 [ 441.827131][T14439] overlayfs: failed to clone upperpath [ 442.151299][T14448] xt_CT: You must specify a L4 protocol and not use inversions on it [ 450.719483][ T23] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 450.902314][ T23] usb 6-1: Using ep0 maxpacket: 16 [ 450.916789][ T23] usb 6-1: unable to get BOS descriptor or descriptor too short [ 450.925904][ T23] usb 6-1: config 0 has no interfaces? [ 450.933720][ T23] usb 6-1: New USB device found, idVendor=04b8, idProduct=0202, bcdDevice= 0.40 [ 450.943174][ T23] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 450.951401][ T23] usb 6-1: Product: syz [ 450.955589][ T23] usb 6-1: Manufacturer: syz [ 450.960502][ T23] usb 6-1: SerialNumber: syz [ 450.966768][ T23] usb 6-1: config 0 descriptor?? [ 451.188059][ T5852] usb 6-1: USB disconnect, device number 3 [ 459.264429][T14741] @: renamed from vlan0 (while UP) [ 462.560809][T14806] overlayfs: missing 'lowerdir' [ 462.933177][T14815] @: renamed from vlan0 (while UP) [ 463.529570][ T5837] usb 6-1: new full-speed USB device number 4 using dummy_hcd [ 464.371039][ T5837] usb 6-1: config 0 has an invalid interface number: 133 but max is 0 [ 464.399221][ T5837] usb 6-1: config 0 has no interface number 0 [ 464.439172][ T5837] usb 6-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d [ 464.448258][ T5837] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 464.489118][ T5837] usb 6-1: Product: syz [ 464.493337][ T5837] usb 6-1: Manufacturer: syz [ 464.497942][ T5837] usb 6-1: SerialNumber: syz [ 464.550406][ T5837] usb 6-1: config 0 descriptor?? [ 464.801660][ T5837] keyspan 6-1:0.133: Keyspan 1 port adapter converter detected [ 464.841483][ T5837] keyspan 6-1:0.133: found no endpoint descriptor for endpoint 81 [ 464.863937][ T5837] keyspan 6-1:0.133: found no endpoint descriptor for endpoint 1 [ 464.889263][ T5837] keyspan 6-1:0.133: found no endpoint descriptor for endpoint 2 [ 464.919751][ T5837] usb 6-1: Keyspan 1 port adapter converter now attached to ttyUSB0 [ 464.957448][ T5837] usb 6-1: USB disconnect, device number 4 [ 465.000237][ T5837] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0 [ 465.030035][ T5837] keyspan 6-1:0.133: device disconnected [ 467.285527][T14855] xt_l2tp: v2 doesn't support IP mode [ 473.253480][T14934] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 474.293253][T14956] lo: entered allmulticast mode [ 474.307243][T14955] lo: left allmulticast mode [ 474.384397][T14958] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3294'. [ 476.151181][T14958] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 476.215178][T14958] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 476.271511][T14958] bond0 (unregistering): (slave wlan1): Releasing backup interface [ 476.320977][T14958] bond0 (unregistering): Released all slaves [ 477.763051][T15013] netlink: 'syz.2.3317': attribute type 1 has an invalid length. [ 478.196012][T15013] 8021q: adding VLAN 0 to HW filter on device bond0 [ 478.577216][T15023] loop5: detected capacity change from 0 to 256 [ 478.585785][T15018] veth3: entered promiscuous mode [ 478.615594][T15018] bond0: (slave veth3): Enslaving as a backup interface with a down link [ 479.014809][T15036] netlink: 36 bytes leftover after parsing attributes in process `syz.5.3324'. [ 479.036803][T15036] IPv6: sit1: Disabled Multicast RS [ 479.047812][T15036] sit1: entered allmulticast mode [ 482.065693][T15063] netlink: 64 bytes leftover after parsing attributes in process `syz.0.3333'. [ 482.939694][T15089] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3344'. [ 483.289748][T15105] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3347'. [ 483.449535][T15109] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3346'. [ 485.860042][T15122] fuse: Bad value for 'fd' [ 486.451709][T15135] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3354'. [ 490.076424][T15175] overlayfs: failed to clone upperpath [ 494.752590][T15235] loop5: detected capacity change from 0 to 7 [ 494.760876][T15235] Dev loop5: unable to read RDB block 7 [ 494.766545][T15235] loop5: unable to read partition table [ 494.772651][T15235] loop5: partition table beyond EOD, truncated [ 494.778929][T15235] loop_reread_partitions: partition scan of loop5 (úù) failed (rc=-5) [ 502.880699][ T1281] ieee802154 phy0 wpan0: encryption failed: -22 [ 502.887041][ T1281] ieee802154 phy1 wpan1: encryption failed: -22 [ 503.332838][T15309] netlink: 'syz.0.3411': attribute type 1 has an invalid length. [ 503.487774][T15311] bond2: (slave vxcan3): The slave device specified does not support setting the MAC address [ 503.557619][T15311] bond2: (slave vxcan3): Error -95 calling set_mac_address [ 503.644358][T15309] gretap1: entered promiscuous mode [ 503.663407][T15309] bond2: (slave gretap1): making interface the new active one [ 503.687890][T15309] bond2: (slave gretap1): Enslaving as an active interface with an up link [ 503.831998][T15309] macvlan2: entered promiscuous mode [ 503.851750][T15309] macvlan2: entered allmulticast mode [ 503.858122][T15309] bond2: entered promiscuous mode [ 503.886903][T15309] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 503.931011][T15309] bond2: (slave macvlan2): the slave hw address is in use by the bond; giving it the hw address of gretap1 [ 503.992685][T15309] bond2: left promiscuous mode [ 504.388678][T15334] netlink: 228 bytes leftover after parsing attributes in process `syz.0.3417'. [ 505.076436][T15337] loop5: detected capacity change from 0 to 7 [ 505.110102][T15337] Dev loop5: unable to read RDB block 7 [ 505.115716][T15337] loop5: unable to read partition table [ 505.149471][T15337] loop5: partition table beyond EOD, truncated [ 505.173999][T15337] loop_reread_partitions: partition scan of loop5 (úù) failed (rc=-5) [ 508.308138][T15377] batadv_slave_1: entered promiscuous mode [ 508.340042][T15374] batadv_slave_1: left promiscuous mode [ 508.491600][T15389] netlink: 'syz.2.3436': attribute type 1 has an invalid length. [ 508.616370][T15389] 8021q: adding VLAN 0 to HW filter on device bond1 [ 508.695176][T15389] bond1: (slave gretap1): making interface the new active one [ 508.705801][T15389] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 508.727639][T15393] macvlan2: entered promiscuous mode [ 508.779558][T15393] macvlan2: entered allmulticast mode [ 508.789795][T15393] bond1: entered promiscuous mode [ 508.819220][T15393] gretap1: entered promiscuous mode [ 508.825217][T15393] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 508.849418][T15393] bond1: (slave macvlan2): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened) [ 508.904349][T15393] bond1: left promiscuous mode [ 508.920964][T15393] gretap1: left promiscuous mode [ 512.505436][T15462] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3463'. [ 513.242830][T15482] fuse: Bad value for 'fd' [ 513.711616][T15462] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 513.754903][T15462] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 513.806554][T15462] bond0 (unregistering): Released all slaves [ 513.825519][T15468] veth0: entered promiscuous mode [ 513.831074][T15470] veth0: left promiscuous mode [ 514.855056][T15503] overlayfs: failed to clone upperpath [ 515.105614][T15510] loop5: detected capacity change from 0 to 128 [ 515.895478][T15517] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3482'. [ 517.123127][T15536] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3487'. [ 517.132245][T15536] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3487'. [ 517.209952][ T23] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 517.491205][ T23] usb 6-1: Using ep0 maxpacket: 16 [ 517.562888][ T23] usb 6-1: unable to get BOS descriptor or descriptor too short [ 517.659393][ T23] usb 6-1: config 11 has too many interfaces: 183, using maximum allowed: 32 [ 517.668221][ T23] usb 6-1: config 11 has an invalid descriptor of length 72, skipping remainder of the config [ 517.682506][ T23] usb 6-1: config 11 has 0 interfaces, different from the descriptor's value: 183 [ 517.694734][ T23] usb 6-1: New USB device found, idVendor=04b8, idProduct=0202, bcdDevice= 0.40 [ 517.728284][ T23] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 517.737001][ T23] usb 6-1: Product: syz [ 517.749614][ T23] usb 6-1: Manufacturer: syz [ 517.754252][ T23] usb 6-1: SerialNumber: syz [ 518.022713][ T23] usb 6-1: USB disconnect, device number 5 [ 518.035061][T15517] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 518.104331][T15517] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 518.152327][T15517] bond0 (unregistering): Released all slaves [ 518.298372][T15562] tipc: Enabling of bearer rejected, failed to enable media [ 519.695864][T15594] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3510'. [ 522.214379][T15594] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 522.262724][T15594] bond_slave_0: left allmulticast mode [ 522.338129][T15621] rdma_op ffff88807f3aa9f0 conn xmit_rdma 0000000000000000 [ 522.807751][T15594] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 522.850044][T15594] bond_slave_1: left allmulticast mode [ 522.862075][T15594] bond0 (unregistering): Released all slaves [ 522.889219][T15620] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3520'. [ 522.902090][T15620] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 523.172461][T15620] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 523.224871][T15629] loop5: detected capacity change from 0 to 512 [ 523.275776][T15629] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 523.303836][T15629] ext4 filesystem being mounted at /342/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 523.327475][T15629] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 523.685668][T15645] team_slave_0: entered promiscuous mode [ 523.691767][T15645] team_slave_1: entered promiscuous mode [ 523.698557][T15645] vlan0: entered promiscuous mode [ 523.705081][T15645] team0: entered promiscuous mode [ 523.752554][T15647] overlayfs: failed to clone upperpath [ 523.849283][ T23] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 524.036593][ T23] usb 6-1: Using ep0 maxpacket: 16 [ 524.050906][ T23] usb 6-1: config 0 has no interfaces? [ 524.068938][ T23] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 524.088491][ T23] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 524.110476][ T23] usb 6-1: Product: syz [ 524.121608][ T23] usb 6-1: Manufacturer: syz [ 524.136395][ T23] usb 6-1: SerialNumber: syz [ 524.148326][ T23] usb 6-1: config 0 descriptor?? [ 524.148846][T15659] batadv_slave_1: entered promiscuous mode [ 524.167535][T15658] batadv_slave_1: left promiscuous mode [ 524.395194][T15666] overlayfs: failed to clone upperpath [ 524.413146][ T23] usb 6-1: USB disconnect, device number 6 [ 524.665835][T15680] tipc: Started in network mode [ 524.670876][T15680] tipc: Node identity ac14142f, cluster identity 4711 [ 524.678928][T15680] tipc: New replicast peer: 0.0.0.0 [ 524.700221][T15680] tipc: Enabled bearer , priority 10 [ 524.841065][T15687] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 525.819266][ T5852] tipc: Node number set to 2886997039 [ 526.593908][T15743] overlayfs: failed to clone upperpath [ 528.128811][T15762] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3578'. [ 531.775996][T15859] overlayfs: failed to clone upperpath [ 533.761855][T15894] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3623'. [ 534.377084][T15901] overlayfs: failed to clone upperpath [ 534.589374][T15908] batadv_slave_1: entered promiscuous mode [ 534.610677][T15908] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3631'. [ 534.633674][T15907] batadv_slave_1: left promiscuous mode [ 535.033714][T15929] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma? [ 535.953510][T15944] netlink: 'syz.0.3644': attribute type 1 has an invalid length. [ 536.000775][T15944] 8021q: adding VLAN 0 to HW filter on device bond0 [ 536.085669][T15946] bond0: (slave veth5): Enslaving as an active interface with a down link [ 536.319922][T15944] vlan0: entered allmulticast mode [ 536.325061][T15944] veth1: entered allmulticast mode [ 536.362248][T15944] veth1: entered promiscuous mode [ 536.378913][T15944] veth1: left promiscuous mode [ 536.404298][T15944] bond0: (slave vlan0): making interface the new active one [ 536.425627][T15944] veth1: entered promiscuous mode [ 536.446988][T15944] vlan0: entered promiscuous mode [ 536.461636][T15944] bond0: (slave vlan0): Enslaving as an active interface with an up link [ 536.676981][T15957] overlayfs: failed to clone upperpath [ 537.241792][T15966] rdma_op ffff88805cf3b1f0 conn xmit_rdma 0000000000000000 [ 537.771470][T15977] tipc: Enabling of bearer rejected, failed to enable media [ 540.207999][T16018] netlink: 176 bytes leftover after parsing attributes in process `syz.5.3665'. [ 540.706044][T16033] loop5: detected capacity change from 0 to 7 [ 540.740134][T16033] Dev loop5: unable to read RDB block 7 [ 540.757624][T16033] loop5: unable to read partition table [ 540.767138][T16033] loop5: partition table beyond EOD, truncated [ 540.773507][T16033] loop_reread_partitions: partition scan of loop5 (úù) failed (rc=-5) [ 542.717463][T16071] loop5: detected capacity change from 0 to 128 [ 542.749885][T16071] EXT4-fs (loop5): Test dummy encryption mode enabled [ 542.793368][T16071] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 542.846773][T16071] ext4 filesystem being mounted at /376/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 542.999603][T11022] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 543.248184][T16087] binder: 16086:16087 ioctl c0306201 0 returned -14 [ 545.326805][T16110] loop5: detected capacity change from 0 to 128 [ 545.938041][T16127] overlayfs: failed to clone upperpath [ 549.191785][T16198] loop5: detected capacity change from 0 to 2048 [ 549.390580][T16198] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 549.408406][T16198] EXT4-fs (loop5): shut down requested (0) [ 549.616388][T11022] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 549.772799][ T49] vlan0: left promiscuous mode [ 551.134943][T16231] can0: slcan on ttyS3. [ 551.212934][T16230] can0 (unregistered): slcan off ttyS3. [ 555.284625][T16362] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3788'. [ 557.191833][T16397] loop5: detected capacity change from 0 to 2048 [ 557.258471][T16397] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 558.075456][T16415] EXT4-fs error (device loop5): ext4_validate_block_bitmap:439: comm syz.5.3801: bg 0: block 234: padding at end of block bitmap is not set [ 558.120328][T16415] EXT4-fs (loop5): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 978 with error 28 [ 558.132959][T16415] EXT4-fs (loop5): This should not happen!! Data will be lost [ 558.132959][T16415] [ 558.142656][T16415] EXT4-fs (loop5): Total free blocks count 0 [ 558.148655][T16415] EXT4-fs (loop5): Free/Dirty block details [ 558.154712][T16415] EXT4-fs (loop5): free_blocks=0 [ 558.160059][T16415] EXT4-fs (loop5): dirty_blocks=992 [ 558.165283][T16415] EXT4-fs (loop5): Block reservation details [ 558.171332][T16415] EXT4-fs (loop5): i_reserved_data_blocks=62 [ 558.338844][T11022] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 559.171218][T16454] overlayfs: failed to clone upperpath [ 559.366274][T16463] overlayfs: failed to clone upperpath [ 559.515921][T16467] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3832'. [ 560.113303][T16491] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3843'. [ 562.270094][ T11] ------------[ cut here ]------------ [ 562.276239][ T11] WARNING: CPU: 1 PID: 11 at io_uring/io_uring.c:3214 io_ring_exit_work+0x39e/0x7e0 [ 562.285736][ T11] Modules linked in: [ 562.289719][ T11] CPU: 1 PID: 11 Comm: kworker/u4:0 Not tainted syzkaller #0 [ 562.297269][ T11] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 562.307610][ T11] Workqueue: iou_exit io_ring_exit_work [ 562.313280][ T11] RIP: 0010:io_ring_exit_work+0x39e/0x7e0 [ 562.319019][ T11] Code: e8 07 28 1f f7 48 89 df 48 c7 c6 a0 5a 66 8a 4c 8b 24 24 4c 89 e2 b9 01 00 00 00 e8 8c b4 b4 f9 e9 64 ff ff ff e8 e2 27 1f f7 <0f> 0b b8 70 17 00 00 48 89 44 24 08 eb a6 89 d9 80 e1 07 80 c1 03 [ 562.339036][ T11] RSP: 0018:ffffc90000107a40 EFLAGS: 00010293 [ 562.345273][ T11] RAX: ffffffff8a6667ae RBX: 00000001000065b3 RCX: ffff88801be43c00 [ 562.353627][ T11] RDX: 0000000000000000 RSI: fffffffffffffffb RDI: 0000000000000000 [ 562.361885][ T11] RBP: ffffc90000107bb0 R08: ffffc900001079c7 R09: 1ffff92000020f38 [ 562.370155][ T11] R10: dffffc0000000000 R11: fffff52000020f39 R12: 00000001000065ae [ 562.378158][ T11] R13: ffff888031fd6288 R14: ffff888031fd6510 R15: dffffc0000000000 [ 562.386197][ T11] FS: 0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 [ 562.395321][ T11] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 562.402097][ T11] CR2: 00007f66075b6358 CR3: 000000000cb30000 CR4: 00000000003526e0 [ 562.410191][ T11] Call Trace: [ 562.413510][ T11] [ 562.416473][ T11] ? io_ring_ctx_wait_and_kill+0x2a0/0x2a0 [ 562.422366][ T11] ? _raw_spin_unlock_irq+0x23/0x50 [ 562.427584][ T11] ? process_scheduled_works+0x957/0x15b0 [ 562.433389][ T11] ? process_scheduled_works+0x957/0x15b0 [ 562.439172][ T11] process_scheduled_works+0xa45/0x15b0 [ 562.444766][ T11] ? assign_work+0x400/0x400 [ 562.449444][ T11] ? assign_work+0x39e/0x400 [ 562.454059][ T11] worker_thread+0xa55/0xfc0 [ 562.458696][ T11] kthread+0x2fa/0x390 [ 562.462836][ T11] ? pr_cont_work+0x560/0x560 [ 562.467536][ T11] ? kthread_blkcg+0xd0/0xd0 [ 562.472183][ T11] ret_from_fork+0x48/0x80 [ 562.476616][ T11] ? kthread_blkcg+0xd0/0xd0 [ 562.481376][ T11] ret_from_fork_asm+0x11/0x20 [ 562.486179][ T11] [ 562.489267][ T11] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 562.496553][ T11] CPU: 1 PID: 11 Comm: kworker/u4:0 Not tainted syzkaller #0 [ 562.503919][ T11] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 562.513962][ T11] Workqueue: iou_exit io_ring_exit_work [ 562.519504][ T11] Call Trace: [ 562.522772][ T11] [ 562.525690][ T11] dump_stack_lvl+0x16c/0x230 [ 562.530362][ T11] ? show_regs_print_info+0x20/0x20 [ 562.535548][ T11] ? load_image+0x3b0/0x3b0 [ 562.540046][ T11] panic+0x2c0/0x710 [ 562.543934][ T11] ? bpf_jit_dump+0xd0/0xd0 [ 562.548428][ T11] ? ret_from_fork_asm+0x11/0x20 [ 562.553360][ T11] __warn+0x2e0/0x470 [ 562.557326][ T11] ? io_ring_exit_work+0x39e/0x7e0 [ 562.562426][ T11] ? io_ring_exit_work+0x39e/0x7e0 [ 562.567520][ T11] report_bug+0x2be/0x4f0 [ 562.571842][ T11] ? io_ring_exit_work+0x39e/0x7e0 [ 562.576937][ T11] ? io_ring_exit_work+0x39e/0x7e0 [ 562.582030][ T11] ? io_ring_exit_work+0x3a0/0x7e0 [ 562.587128][ T11] handle_bug+0xcf/0x120 [ 562.591358][ T11] exc_invalid_op+0x1a/0x50 [ 562.595847][ T11] asm_exc_invalid_op+0x1a/0x20 [ 562.600690][ T11] RIP: 0010:io_ring_exit_work+0x39e/0x7e0 [ 562.606395][ T11] Code: e8 07 28 1f f7 48 89 df 48 c7 c6 a0 5a 66 8a 4c 8b 24 24 4c 89 e2 b9 01 00 00 00 e8 8c b4 b4 f9 e9 64 ff ff ff e8 e2 27 1f f7 <0f> 0b b8 70 17 00 00 48 89 44 24 08 eb a6 89 d9 80 e1 07 80 c1 03 [ 562.625982][ T11] RSP: 0018:ffffc90000107a40 EFLAGS: 00010293 [ 562.632035][ T11] RAX: ffffffff8a6667ae RBX: 00000001000065b3 RCX: ffff88801be43c00 [ 562.639996][ T11] RDX: 0000000000000000 RSI: fffffffffffffffb RDI: 0000000000000000 [ 562.647967][ T11] RBP: ffffc90000107bb0 R08: ffffc900001079c7 R09: 1ffff92000020f38 [ 562.655934][ T11] R10: dffffc0000000000 R11: fffff52000020f39 R12: 00000001000065ae [ 562.663895][ T11] R13: ffff888031fd6288 R14: ffff888031fd6510 R15: dffffc0000000000 [ 562.671865][ T11] ? io_ring_exit_work+0x39e/0x7e0 [ 562.676986][ T11] ? io_ring_ctx_wait_and_kill+0x2a0/0x2a0 [ 562.682790][ T11] ? _raw_spin_unlock_irq+0x23/0x50 [ 562.687977][ T11] ? process_scheduled_works+0x957/0x15b0 [ 562.693687][ T11] ? process_scheduled_works+0x957/0x15b0 [ 562.699395][ T11] process_scheduled_works+0xa45/0x15b0 [ 562.704950][ T11] ? assign_work+0x400/0x400 [ 562.709536][ T11] ? assign_work+0x39e/0x400 [ 562.714117][ T11] worker_thread+0xa55/0xfc0 [ 562.718712][ T11] kthread+0x2fa/0x390 [ 562.722798][ T11] ? pr_cont_work+0x560/0x560 [ 562.727464][ T11] ? kthread_blkcg+0xd0/0xd0 [ 562.732043][ T11] ret_from_fork+0x48/0x80 [ 562.736447][ T11] ? kthread_blkcg+0xd0/0xd0 [ 562.741034][ T11] ret_from_fork_asm+0x11/0x20 [ 562.745814][ T11] [ 562.749070][ T11] Kernel Offset: disabled [ 562.753474][ T11] Rebooting in 86400 seconds..