last executing test programs: 2m46.850208798s ago: executing program 3 (id=1320): r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r0, &(0x7f0000000140)='^', 0x34000, 0x0, &(0x7f0000004ff0)={0x2, 0x0, @rand_addr=0xfffffffffffffffe}, 0x10) connect$inet6(0xffffffffffffffff, &(0x7f0000000240)={0xa, 0x4e23, 0x3, @remote, 0x3}, 0x1c) r1 = syz_io_uring_setup(0x10e, &(0x7f0000000140)={0x0, 0x334e, 0x10, 0x3, 0x801}, &(0x7f00000003c0)=0x0, &(0x7f0000000300)=0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x1, 0x7}) write$UHID_CREATE2(r4, &(0x7f00000001c0)=ANY=[@ANYBLOB="06"], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r4, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0, 0x60, 0x185100}) io_uring_enter(r1, 0x7277, 0x0, 0x28, 0x0, 0x0) listen(r0, 0xfff) accept4(r0, 0x0, 0x0, 0x0) 2m44.411711376s ago: executing program 3 (id=1327): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f0000000ec0)={'batadv0\x00', 0x0}) r5 = syz_genetlink_get_family_id$batadv(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r3, &(0x7f0000000400)={0x0, 0x20, &(0x7f00000003c0)={&(0x7f0000000440)={0x1c, r5, 0x303, 0x0, 0xfffffffc, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r4}]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x0) 2m42.808214701s ago: executing program 3 (id=1329): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) mknod(0x0, 0x8001420, 0x0) poll(0x0, 0x0, 0x101) r1 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$sock_linger(r1, 0x1, 0x3c, &(0x7f0000000180)={0x200000000000001, 0x3}, 0x8) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0xfffffffd, @local, 0x2}, 0x1c) sendmmsg$inet6(r1, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00) 2m41.484103588s ago: executing program 3 (id=1334): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000440), 0xffffffffffffffff) sendmsg$L2TP_CMD_SESSION_GET(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000080)={0x28, r4, 0x1, 0x0, 0x0, {0x7}, [@L2TP_ATTR_IFNAME={0x14}]}, 0x28}}, 0x2) 2m39.796024648s ago: executing program 3 (id=1338): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000faffffff850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x36, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff1c, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000002c0)='generic_add_lease\x00', r3}, 0x18) r4 = openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0x2040, 0x0) fcntl$setlease(r4, 0x400, 0x0) 2m37.634990499s ago: executing program 3 (id=1343): openat$ptmx(0xffffffffffffff9c, 0x0, 0x100, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) getdents(0xffffffffffffffff, &(0x7f0000000140)=""/177, 0xb1) syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x20000023896) 2m21.783022066s ago: executing program 32 (id=1343): openat$ptmx(0xffffffffffffff9c, 0x0, 0x100, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) getdents(0xffffffffffffffff, &(0x7f0000000140)=""/177, 0xb1) syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x20000023896) 1m34.771523683s ago: executing program 5 (id=1468): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94) socket$inet_udp(0x2, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r3 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001000)="3504000030000511d25a80648c63940d1124fc60040035400c0002000a00002037153e373f04018006041000450055d64a12f76710989a119052acaa1100da3e813fa6ba1eb693d93f699e37af0d43f908fa7d995a8f6b056fcaff2467d336a00fc466eb85d6a4e1b691276cd9561767306b74b4098e9e71fa51bde29f26a2f3024d7bd115dd2919b06fb9b3ba96da0e93d5a402dc7fe462a6cc4718c94c1747fff68092705b44bb48dd2db4f3a6c0e03db227b65d459fa5c1232d7b62f12b65354b7e70d32998da02ae0dc289460384ab0000f682d97191d0b68697bac278c32a2972ca8ed35b61ee6831c78af85c6711cd687694ce3835a98387fcdb8616524ea04449dbedb3250fb366740d6b96307e1d2f0d85dd592ca2d8c2730ad1d16eb4d87cbb48d2f7c4eb7a490aee0493ffe3b72b508c9a8eb2ec9ed353d79ed29ffed1e48bf370bfb8af11085997d38210601155ec361cd6f3577da98c0a528a4d24ce75fbe297cb75f4b36719edd354ee6312c5527de7ea1a4233b9b0bba0ba2deac12f0257c64ceca8a0a62db179fdd9df7749da38624aab1865024e56a1b2a41e1c7e3a29c01adb31f1865bf6f44aa1e0fd6d827fbae1d57b5ff0026b580c890df83592aceb316f00"/466, 0x1d2}, {&(0x7f00000014c0)="d4fa0c511aad03aa5ed217677bc41c027d9c830c439c7f821ddd78b6915cb170e7603acf9e433c2903bb6773f4b0130668a1e5b5e08d21d0b69c28ca3455aed65855c86f3d1e5789d26375a0d85eaf5e92e19c9affcf76e7a94e76556d2b104ebf645747fadc91460f4b3c94e1a89b51be4a6aa4c65285f988329a8163b69c51b801500a5bacd0463976e2960e2679ef2feee5e6ce6bb78a51fb0e15820d13e4a5aa9e0742a6f8d677ad28fea304007bb550c8311b682d9003c82267a15aa7334bc53b65b9119a1a7d905c7dd365b85c23fcbad0d5d0a79819e11263781959a187cfdf782c6127d2d4281926ab0e22f7346b616fe28ed0b9f4a0c9fdac6d3a90a9c38b5e31448a45546388c95045bc2261c238a5159ea98db9c00aeef644ae98a8cb8da3ff3b7ba14d7971910b559623af829524d83bf19f18628464076329140e0203fc75859185960b8f51e04f006a4ed22c40297682ccd019302afb784e41e16cf2d31db7aba83d0f500ce25fc2d7f524a04cfaa0015ea8a297477a5517f8a4ac167083a321c78070974afc897fb738fbcfeac369844fd7fc11fff502c02b7607007ead2007a18006a6ca8dc2d0119f01d7083c2ab5760ac7b24d7bf26b9030cf455a08385f9e662cbe0c3ca6e6fd4ac0c8566c0fca996c68ef7016a11d3e44253b6f2d07d53505ed58b8ad410f89425046321b4a9b27b5e767bdfa0ebf7abf3d91b319129c48853d8e5cbc4a2c5c560b007eafe03e3332f601853164c7f602180aad23dfe5e770fe8855f45925e342b7dfd7ddaa68b65065465cdf4d5b8d995d6e6a7042ebea3d139c6a616232eb4efd1a50d0e6db3188a8e98375fda2a7ebd4cd", 0x263}], 0x2}, 0x4) 1m33.616369908s ago: executing program 5 (id=1470): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000000)=0x15) ioctl$TCSETS(r3, 0xc0384707, &(0x7f0000000040)={0x1, 0x2, 0x0, 0x800000, 0x4, "3eccd8f9d20000000000001000000200000500"}) close_range(r1, 0xffffffffffffffff, 0x0) 1m31.428106362s ago: executing program 5 (id=1472): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', 0x0, 0x84, 0x0) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) setregid(0xee00, 0xee00) syz_open_dev$cec(0x0, 0xffffffffffffffff, 0xc0c00) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x2000000000000022, 0x0, 0x0) open_by_handle_at(0xffffffffffffff9c, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x7, 0x1c, &(0x7f0000000d80)=ANY=[@ANYBLOB="1808000000000500000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bc8900000000000035090100000003009500000000000000b7080000000100007b9a00fe00000000b509ffffff1f0000c3aaf0fff1000000bf8600000000000007080000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018220000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608ebff76000000bf9800000000000056080000000000008500000000000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 1m27.960278601s ago: executing program 5 (id=1477): socket$netlink(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000400)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) capget(&(0x7f0000000240)={0x20071026, r0}, &(0x7f0000000280)={0x7, 0x9, 0x8, 0x8000, 0x8, 0x380000}) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) syz_mount_image$udf(&(0x7f0000000c40), &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='noadinicb,nostrict,mode=00000000000000000000004,uid=forget,noadinicb,umask=00000000000000040002000,lastblock=00000000000000000013,undelete,partition=00000000000000000005,\x00'], 0x43, 0xc11, &(0x7f0000000d00)="$eJzs3V1oXOl5B/DnnSOtRto00WYTb9Jm04GUxCi18VdsBZcgZxW1AccbIit0r6LRh51h5ZGR5MabtkFtSQu9Cd2b0psimi4t5KJX3V5WabaQUAol5CK9KAiaLHvRC10ECi0bhXPmHWlky7ayXlvS7u+3zP7PnHnO+P0YnzkCvzoBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAER89nOXTp1OB90KAOBxujL5pVNnff8DwLvKVT//AwAAAAAAAAAAAADAYZeiiGORYujVzTRdPe+oX261b92eGp/Y+7DBFClqUVT15aN++szZc586f2G0m/c//u324Xh+8uqlxnOLN24uzS8vz881ptqt2cW5+X2/w8Mef6eRagAaN168NXft2nLjzMmzu16+Pfz6wJPHhi9eOHF+tFs7NT4xMdlT09f/lv/0u9xrhccTUUQzUrw5/EZqRkQtHn4sHvDZedQGq06MVJ2YGp+oOrLQarZXyhdTLVfVIho9B411x+gxzMVDGYtYLZtfNnik7N7kzeZSc2ZhvvHF5tJKa6W12E61TmvL/jSiFqMpYi0iNgbufrv+KOKjkeLlU5tpJiKK7jh8sloY/OD21B5BH/ehbGejP2KtdgTm7BAbiCKuRIqfvXY8Zssxy4/4eMQXynw14pUyPxORyg/GuYif7vE54mjqiyL+PVIsps00V50PuueVy19ufL59bbGntnteOfLfD4/TIT831aOImeqMv5ne+sUOAAAAAAAAAAAAAAAAAG+3wSji25HiT579vWpdcVTr0t93cfQ9L/x275rxZx7wPmXtyYhYre1vTW5/XjqcauV/j6Bj7Es9ivhGXv/3RwfdGAAAAAAAAAAAAAAAAAAAgHe1Il6IFF85cTytRe89xVvt642rzZmFzl1hu/f+7d4zfWtra6uROjmWczrnas61nOs5N3JGLR+fcyzndM7VnGs513Nu5IwiH59zLOd0ztWcaznXc27kjL58fM6xnNM5V3Ou5VzPuZEzDsm9ewEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3klqUcTPI8W3vraZIkXEWMR0dHJ94KBbBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACU6qmIk5Fi/YV69XytFnE1In6+tbXVfUTEZpkP66D7CgAAAAAAAAAAAAAAAAAAAIdWKuJjkeLp/9tMjYi4Pfz6wJPHhi9eOHF+tIgiUlnSW//85NVLjecWb9xcml9enp9rTLVbs4tz8/v94+qXW+1bt6fGJx5JZx5o8BG3f7D+3OLNl5Za17+6sufrQ/VLM8srS83ZvV+OwahFTPfuGakaPDU+UTV6odVsV4em2j0aWIsY229nAAAAAAAAAAAAAAAAAAAAODSGUhGfixQ/+a9zqbtuvK+z5v9XOs+K7dpX/mDndwEs3JFdvb8/YD/bab8NHakW3jemxicmJnt29/XfXVq2KaUinokUn3j5Q9V6+BRDe66NL+veW9bdOJfrhn+trFvdVVUfmRqfaFxZbJ+4tLCwONtcac4szDcmbzZn9/2LAwAAAAAAAAAAAAAAAAAAAOA+hlIRP4oU//P3/5G6953P6//7Os961v//VrWEvlJPu3Nbtbb/vdXa/s72+y6ODn302XvtfxTr/8s2pVTENyPF2R99qLqffnf9//QdtWXdn0WKN579SK6rPVHWNbvd6bzjtdbC/Kmy9q8jxa+/2a2NqvZ6rn16p/Z0WTsYKf5yc3ftV3PtB3Zqz5S1xyPF9/5779oP7tSeLWt/Ein+6e8a3dqhsvb3c+2xndqTs4sLcw8a1nL+vxMp/vbK76Run+85/z2//2H1jtx215zff/vtmv/hnn2reV7/NM9/8wHzfz5SfKf+kVzXGfuZ/PpT1f935v8TkeI//2137bVc+/6d2tP77dZBK+f/25Hiu3/14+0+5/nPI7szQ73z/6t9u3P7U3JA8/9Uz77h3K7ZX3Is3o2WX/r6i82FhfklGzZs2NjeOOgzE49D+f3/55Hi/48VqXsdk7//39N5tnP997/f2Pn+v3hHbjug7//39+y7mK9a+vsi6is3bvY/E1FffunrJ1o3mtfnr8+3z5w+9elPnz996vT5/ie6F3c7W/seu3eCcv5/ECl++A8/3P45Zvf1397X/0N35LYDmv+ne/u067pm30PxrlTO/99Eiqc+++Ptnzfvd/3f/fn/+Md25/bfvwOa/w/07BvO7Wr9kmMBAAAAAAAAAABwlAylIv4iUvzuH/9m6q4h2s+//5u7I7cd0L//Otazb+4xrWvY9yADABwi5fXfByPFP299f3st9+7rv/iNbm3v9d+9HIb7/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwFGXoog/jBRDr26m9YHyeUf9cqt96/bU+MTehw2mSFGLoqovH/XTZ86e+9T5C6PdvP/xb7cPx/OTVy81nlu8cXNpfnl5fq4x1W7NLs7N7/sdHvb4O41UA9C48eKtuWvXlhtnTp7d9fLt4dcHnjw2fPHCifOj3dqp8YmJyZ6avv63/KffJd1j/xNRxPcjxZvDb6TvDkTU4uHH4gGfnUdtsOrESNWJqfGJqiMLrWZ7pXwx1XJVLaLRc9BYd4wew1w8lLGI1bL5ZYNHyu5N3mwuNWcW5htfbC6ttFZai+1U67S27E8jajGaItYiYmPg7rfrjyK+GSlePrWZ/mUgouiOwyevTH7p1NkHt6f2CPq4D2U7G/0Ra7UjMGeH2EAU8Y+R4mevHY/vDUT0RecRH4/4QpmvRrxS5mciUvnBOBfx0z0+RxxNfVHEuUixmDbTawPl+aB7Xrn85cbn29cWe2q755Uj//3wOB3yc1M9ivhBdcbfTP/q7zUAAAAAAAAAAAAAAADAIVLEWqT4yonjqVofvL2muNW+3rjanFnoLOvrrv3rrpne2traaqROjuWczrmacy3nes6NnFHLx+ccyzmdczXnWs71nBs5o8jH5xzLOZ1zNedazvWcGzmjLx+fcyzndM7VnGs513Nu5IxDsnYPAAAAAAAAAAAAAAAAAAB4Z6lFUd3F/Vtf20xbA537S09HJ9fdD/Qd7xcBAAD//0kCdPc=") socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000000040)={0x2, &(0x7f0000000140)=[{0x28, 0x1, 0x0, 0xfffff01c}, {0x6, 0x0, 0x0, 0x7}]}, 0x10) 1m25.140587063s ago: executing program 5 (id=1483): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x908, @mcast1, 0x1}, 0x1c) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000600)={0xa, 0x4e22, 0xfff, @ipv4={'\x00', '\xff\xff', @multicast1}, 0x40}, 0x1c) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22, 0x8, @ipv4={'\x00', '\xff\xff', @private=0xe0000000}, 0xfff}, 0x1c) 1m22.180443603s ago: executing program 5 (id=1488): r0 = getpid() mkdirat(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0xc5) mount$tmpfs(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000340), 0x0, &(0x7f0000003880)=ANY=[@ANYBLOB='huge=always']) chdir(&(0x7f0000000280)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events.local\x00', 0x275a, 0x0) ftruncate(r1, 0xde34) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x9, 0x12, r1, 0x0) syz_open_procfs$pagemap(0x0, &(0x7f0000000600)) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15) r2 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_FLUSH(r2, 0x29, 0xd4, &(0x7f0000000080)=0x4, 0x4) r3 = syz_pidfd_open(r0, 0x0) setns(r3, 0x24020000) umount2(&(0x7f0000000000)='./file0\x00', 0xb) 1m6.947148604s ago: executing program 33 (id=1488): r0 = getpid() mkdirat(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0xc5) mount$tmpfs(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000340), 0x0, &(0x7f0000003880)=ANY=[@ANYBLOB='huge=always']) chdir(&(0x7f0000000280)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events.local\x00', 0x275a, 0x0) ftruncate(r1, 0xde34) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x9, 0x12, r1, 0x0) syz_open_procfs$pagemap(0x0, &(0x7f0000000600)) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15) r2 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_FLUSH(r2, 0x29, 0xd4, &(0x7f0000000080)=0x4, 0x4) r3 = syz_pidfd_open(r0, 0x0) setns(r3, 0x24020000) umount2(&(0x7f0000000000)='./file0\x00', 0xb) 20.316888586s ago: executing program 2 (id=1603): mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040e06000d08"], 0x9) syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000080)='./file0\x00', 0xc8d0, &(0x7f0000000040)=ANY=[@ANYRES32=0x0], 0x1, 0x2ed, &(0x7f00000001c0)="$eJzs3E1PE10UwPHT0pZSAtPFk8doYrjRjW4mUPfGxkBibCJBanxJjANMtenYkk6DqTGCK7fGD+GCsGRHonwBNu5cuXHHxsSFLIhjOi+lQBEshRH4/xJyL5x7pvfOADl3kpn1+++elwq2XjBqEk0qiYiIbIikJSqBiN9G3X5CWi3I1f4fXy7effDwdjaXG51Qaiw7eS2jlBoc+vjiVZ8/bKVX1tKP179nvq39v3Z+/dfks6KtirYqV2rKUFOVrzVjyjLVTNEu6UqNW6Zhm6pYts2qF6948YJVmZ2tK6M8M5CarZq2rYxyXZXMuqpVVK1aV8ZTo1hWuq6rgZRgP/nFiQkj22HydJcngyNSrWaNHhHp2xXJL4YyIQAAECq//m9W+9FGSd9J/R9rW/8vXVqt9d9bHvTr/5VEo/4Xaan/n2wda1v9nxSRbfX/poh0u/7fXRGdLo7z5/ih6n+cEI36P+X//brePFoadjvU/wAAAAAAAAAAAAAAAAAAAAAAnAQbjqM5jqMFbfDVKyJJ9wkS7/uw54mjwfU/27Ze3BEbFLHezuXn8l7rD1gVEUtMGRZNNt3fB1+jnxDlDlINaflkzfv583P5HjeSLUjRzR8RTdI78x1n7FZudER5tufHJdWanxFN/mufn9mZH2+0CblyuSVfF00+T0tFLJnxn4wL8l+PKHXzTm7H5/e54wAAAAAAOA101dTcv/e2xvXdcW9/7MWb++u29we8/fVw2/19TC7Ewlo1AAAAAABni11/WTIsy6ye3E5P+1CwwoMeJ3iv8R5jIhLZK9SFTvDhoZ9My4wf6IxFO5rqUKLdRVn4y+MEt432GiPjnazd0UQOew7Pvf/ws0vXImJY15eT+6y0005iv5XGj+8/EAAAAIDjslX0Bz+5Ee6EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4g47jxXJhrxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4V/wOAAD//xznB3g=") syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e451204"], 0x9) r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = epoll_create1(0x0) r2 = fcntl$dupfd(r0, 0x406, r1) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r1, &(0x7f0000000000)={0x20000002}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000040)={0x20000001}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000001c0)={0x10000000}) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0f00000004004298f006ffff0800000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) socket(0x1, 0x2, 0x0) syz_read_part_table(0x5dd, &(0x7f0000000600)="$eJzs2z+rHFUYB+DfzO7O7EL0fgOzkMZCSGtzTUCSS7o09rY2FnaCcndRFARttBDUwtIU5gtoG4K1RRAkFqJ2YmWj98iZP3sv2AjXIMLzwJ4zc/Y973tm90x5wv9bOVqsh/6slDKMtPXTNqsp4OjPbGq/SnOY9MJz9T556d6t23e2d5tuGm9qzK+7MUeSZW265JnNYep26r9a5v17J+9+8NEbfZLd49MknyW7pPTz0pJNOyaoPr2w6mZOzn/r2aGd/4ppj6znb28cbq4nWSR9FodttEj3zqXr3z9+sK9VUpqUwYVtmtwcu3lBbU6vzSv97SyrdjvtpclPuZFvv9ztkuwvZOnTllK+eHrYkjVN3005Dy9F/QUe/nCafTe+N4++nifvhvb7zRhzKNZe+tEBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgCyuC959fT/edDu/w4TbKcg5bj9YvdMikPx1mbUkp2l65///jB0Vtvv9bm9eNXHr365o8nv6xr6UWun1wpfZ/kj1LjXk7fnc9aJu3ZpWtXpd/2w8UqydUyD2+zzzfXvrvaLtKVo/PwVTNGDvZ1pQAAAAAAAAAAAAAAAAAAAPAvuHX7zvZuu8l4CD5tpquS9d+Dy++llJs1oFkmn0yjm6TL4+Es/M8p85H4UkdrvqdqwGCdNFmcp/vwypN8Mv6JvwIAAP//SkZjiA==") 17.306533661s ago: executing program 4 (id=1607): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x40001e0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket(0x40000000015, 0x5, 0x0) bind$inet(r3, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r4, 0xffffffffffffffff, 0x0) 16.249965939s ago: executing program 4 (id=1608): syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100000b529708410e42416ed401020301090224000100"], 0x0) socket$key(0xf, 0x3, 0x2) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0xb7d1, 0x2) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) openat$yama_ptrace_scope(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec29, 0x800, 0x1, 0x40000337}, &(0x7f0000000dc0)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000300)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000600)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1}) io_uring_enter(r2, 0x847ba, 0x0, 0xe, 0x0, 0x0) 15.832093084s ago: executing program 2 (id=1610): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) ftruncate(0xffffffffffffffff, 0x8800000) socket$kcm(0x10, 0x2, 0x0) symlink(&(0x7f0000000040)='.\x00', &(0x7f0000000100)='./file0\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f00000004c0)='./bus\x00', 0x0) lsetxattr$security_ima(&(0x7f0000000140)='./file0\x00', 0x0, &(0x7f0000000280)=@ng={0x4, 0x5}, 0x2, 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000500)={[{@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) chdir(&(0x7f00000001c0)='./bus\x00') lchown(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) 14.45885836s ago: executing program 2 (id=1613): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, 0x0, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000000)=[@mss, @sack_perm, @window, @mss, @window, @window], 0x20000000000000e4) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0}, 0x18) socket$kcm(0x29, 0x2, 0x0) syz_open_dev$vim2m(&(0x7f0000000080), 0x3fe, 0x2) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000024c0)='highspeed\x00', 0xa) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000700), 0x4) sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x700, 0x0, 0xfffffffffffffd25) 11.718492105s ago: executing program 0 (id=1617): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x24, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10) r4 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r4, &(0x7f0000000280)={0x2, 0x0, @local}, 0x10) sendmmsg$inet(r4, &(0x7f0000004d00), 0x7fffffffffffd33, 0x20000890) 11.588097299s ago: executing program 1 (id=1618): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r4, 0x6, 0x22, &(0x7f0000000080)=0x1, 0x4) setsockopt$inet6_tcp_TCP_MD5SIG(r4, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x4e22, 0x0, @loopback, 0x7}}, 0x0, 0x0, 0x47, 0x0, "09be2271b78506e6dd938d324c415acd403a4480fd1afa34432bcdfa64d957e93efafd27ad06a6f589dc643f167cf0fcd370239aac93f6ded3c5032c96ead0cdc68474d402ab73e482db7ec1e0a57489"}, 0xd8) sendmmsg$inet6(r4, &(0x7f0000000b00)=[{{&(0x7f0000000100)={0xa, 0x4e20, 0x2, @empty, 0xfffffffe}, 0x1c, &(0x7f0000000580)=[{&(0x7f0000000280)}], 0x1}}], 0x1, 0x20080058) 10.514517445s ago: executing program 0 (id=1619): r0 = getpid() prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={0x0, r3}, 0x18) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000580)=@newlink={0x34, 0x10, 0x1, 0x170bd27, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x2100}, [@IFLA_GROUP={0x8}, @IFLA_AF_SPEC={0xc, 0x1a, 0x0, 0x1, [@AF_INET={0x8, 0x2, 0x0, 0x1, {0x4}}]}]}, 0x34}, 0x1, 0x0, 0x0, 0xc0}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) 10.462509526s ago: executing program 2 (id=1620): socket$nl_netfilter(0x10, 0x3, 0xc) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$setregset(0x4205, r0, 0x1, &(0x7f0000000100)={&(0x7f0000000040)="dcef58b7f29c1f7c93d183044aedba283413e674c7719c33a4b17f028f68610a6c55bb2bf8282853f3e16f8394a8676ff55a3507e2ad50248c6130863b0f7433c7fbc9b978a39eae88bffd05d139cedbee444f7c98e1f92b0f64462b4b470bedced2125e0b1f38fbaa348c6d75aa1a4011e9cdae15ecb9309b0101edbf6dd6d111d6132f1821a4e4cbec8438c571a70e7ca7b0451a6cc55c", 0x98}) ptrace$getregset(0x4204, r0, 0x200, &(0x7f0000000000)={&(0x7f0000000440)=""/176, 0xb0}) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000002c0), 0x80, 0x0) ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f00000000c0)={0xc}) socket$nl_xfrm(0x10, 0x3, 0x6) 10.285295002s ago: executing program 1 (id=1621): socket$nl_route(0x10, 0x3, 0x0) openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000300)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000000c0)=@newsa={0x104, 0x10, 0x7, 0x0, 0x0, {{@in6=@mcast2, @in=@multicast2, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xee00}, {@in6=@mcast1, 0x0, 0x2b}, @in6=@private0, {0x0, 0x0, 0x2}, {0x0, 0x200000, 0x7}, {0x40000, 0x0, 0xae8}, 0x0, 0x0, 0xa, 0x2, 0x0, 0x70}, [@coaddr={0x14, 0xe, @in6=@remote}]}, 0x104}}, 0x0) 9.862737976s ago: executing program 4 (id=1622): r0 = socket$netlink(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000200180000000000000000000850000007b00000095"], 0x0, 0x4, 0x93, &(0x7f00000003c0)=""/147}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000047c0)=ANY=[@ANYBLOB="140000003a00010100000000000204000a"], 0x14}}, 0x0) recvmmsg(r0, &(0x7f0000003700)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000280)=""/4085, 0xff5}], 0x1}}], 0x4000000000001a3, 0x140, 0x0) 8.732364878s ago: executing program 0 (id=1623): prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x400000000000088}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x50) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xfffffffffffffffe) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) fsopen(&(0x7f0000000040)='cgroup2\x00', 0x1) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) clock_gettime(0x4, 0x0) tgkill(0x0, 0x0, 0x9) ioctl$IOCTL_VMCI_VERSION2(0xffffffffffffffff, 0x7a7, 0x0) r1 = socket(0x25, 0x80000, 0x0) sendmsg$IPVS_CMD_GET_SERVICE(r1, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40000}, 0x24000044) 8.731819478s ago: executing program 1 (id=1624): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0100000001000000e27f000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x5}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0xb, 0xc3072, 0xffffffffffffffff, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 6.851109563s ago: executing program 1 (id=1625): sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r1, 0x0, 0xd}, 0x18) socket$can_bcm(0x1d, 0x2, 0x2) syz_open_dev$usbfs(0x0, 0x77, 0x103301) r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r2, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r3, 0x0, 0x0, 0x0, 0x0}) ioctl$IOMMU_HWPT_ALLOC$NONE(r2, 0x3b89, &(0x7f0000000180)={0x28, 0x1, r4, r3, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP$PAGES(r2, 0x3b85, &(0x7f0000000000)={0x28, 0x4, r3, 0x0, &(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x8}) ioctl$IOMMU_DESTROY$hwpt(r2, 0x3b80, &(0x7f0000000340)={0x8, r5}) 6.850173401s ago: executing program 4 (id=1626): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@ipv4_newrule={0x1c, 0x20, 0x301, 0x0, 0x0, {0x2, 0x0, 0x20, 0x4, 0x44, 0x0, 0x0, 0x1}}, 0x1c}, 0x1, 0x0, 0x0, 0x40001}, 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, 0x0, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=@newlink={0x3c, 0x10, 0x44b, 0x0, 0x0, {0x7a, 0x0, 0x0, 0x0, 0x1840}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8}]}}}]}, 0x3c}}, 0x0) 6.636833978s ago: executing program 0 (id=1627): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000240)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, 0x0) chdir(&(0x7f0000000140)='./file1\x00') r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0) quotactl_fd$Q_GETINFO(r3, 0xffffffff80000500, 0x0, &(0x7f00000002c0)) r4 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) write$FUSE_NOTIFY_RESEND(r4, &(0x7f00000000c0)={0x14}, 0x14) 1.980261268s ago: executing program 0 (id=1628): socket$kcm(0x10, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) socket$inet6(0xa, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="18"], 0x0}, 0x94) r0 = syz_io_uring_setup(0x10e, &(0x7f0000000300)={0x0, 0x334e, 0x100, 0x3, 0xc9}, &(0x7f00000003c0)=0x0, &(0x7f00000002c0)=0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0) syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index=0x7, 0x0, 0x0, 0x1, 0x7}) write$UHID_CREATE2(r3, &(0x7f00000001c0)=ANY=[@ANYBLOB="06"], 0x118) io_uring_register$IORING_REGISTER_NAPI(r0, 0x1b, &(0x7f0000000100)={0xffffff24, 0x7}, 0x1) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_OPENAT={0x12, 0xc, 0x0, 0xffffffffffffff9c, 0x0, 0x0, 0x60, 0x185100}) io_uring_enter(r0, 0x7277, 0x0, 0x28, 0x0, 0x0) 1.934408402s ago: executing program 2 (id=1629): syz_emit_ethernet(0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = open(&(0x7f0000000440)='./file1\x00', 0x84242, 0x1df2a23c5997fa7f) write$FUSE_CREATE_OPEN(r0, &(0x7f0000000180)={0xa0, 0x0, 0x0, {{0x4, 0x2, 0x5, 0x2, 0x3, 0x1, {0x400000080001, 0xff, 0x20fb, 0x8, 0xe, 0xd615, 0x9, 0x1, 0xfffffffe, 0x8000, 0x0, 0x0, 0x0, 0x5, 0x2000001}}, {0x0, 0x13}}}, 0xa0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18050000000000fe000000004b64ffec850000007d000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x18) sendfile(r0, r0, &(0x7f0000000080), 0x7f03) 1.909727241s ago: executing program 1 (id=1630): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[], 0x48) openat$tun(0xffffffffffffff9c, 0x0, 0x302, 0x0) mkdir(0x0, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f00000037c0)={0x0, 0x0, &(0x7f0000003780)={&(0x7f0000001840)=@newtaction={0x488, 0x30, 0x12f, 0x0, 0x0, {}, [{0x474, 0x1, [@m_police={0x470, 0x1, 0x0, 0x0, {{0xb}, {0x444, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, {0x7, 0x0, 0x0, 0x0, 0x0, 0x7}, {0x7, 0x0, 0x2, 0x0, 0x0, 0x7}, 0x9}}], [@TCA_POLICE_RATE={0x404, 0x2, [0x7, 0x6, 0xffffffff, 0x7f, 0x401, 0x2, 0x0, 0x2, 0x80000000, 0x4, 0x5, 0x8, 0x0, 0x7fff, 0x75ba, 0x7fffffff, 0x5, 0xffffffff, 0x7ff, 0x2, 0x9, 0x2, 0x0, 0x1000, 0x1, 0x3, 0x6, 0x0, 0xfa, 0x4, 0x0, 0xf, 0x80000001, 0x7, 0xfffffffb, 0x1, 0x20, 0x5, 0x8, 0x1, 0x2f2, 0x7fff, 0x0, 0x81, 0x206, 0x1ff, 0x7, 0x3, 0x5, 0x3, 0x9, 0x1000, 0x401, 0x1, 0x6, 0x7, 0x2, 0x4, 0x7f, 0x5, 0xfffffffb, 0x1, 0x4, 0x5, 0x8, 0x2000009, 0x9, 0x10, 0x9, 0x7, 0xffffff00, 0x97, 0x0, 0x4, 0x8, 0x8, 0x1, 0x958, 0x1fe, 0x4, 0x6, 0x7, 0x80, 0x5, 0xe53, 0x0, 0xfffffffe, 0x4, 0x8, 0x9, 0x7fff, 0x30, 0x8, 0xfffffff7, 0x4, 0x9, 0x1, 0x4, 0x7, 0x9, 0x5, 0x7, 0x6, 0x0, 0x5, 0x2, 0x7, 0x3, 0xcdd, 0x2, 0xd67, 0x7, 0x4, 0x25, 0x9dc5, 0x7, 0xfffffff7, 0x2, 0x400, 0x8, 0x0, 0x7, 0x5, 0x9, 0xa, 0xa, 0x9, 0x5, 0xdb5, 0x101, 0x4, 0x74e4, 0x7fff, 0x7, 0x7ff, 0x1, 0xd70, 0x1, 0x8, 0xa, 0x7, 0x1, 0x82, 0x52e, 0x7, 0x1, 0x5, 0x26, 0x1, 0x1b2a, 0x81, 0x9, 0x1c, 0x767, 0x7, 0x9, 0x10, 0xc2a, 0xff, 0x7, 0x6, 0x7, 0x3, 0xfffffff4, 0x8, 0x3, 0xfff, 0x8, 0x5, 0x5, 0x6, 0x3, 0xd7c3, 0x2, 0x10000, 0x7fff, 0x5, 0x5, 0x0, 0xfffffff7, 0x7, 0x2, 0x0, 0x6ee1847d, 0x10001, 0x7ff, 0x1, 0xf0, 0x7, 0x2, 0x7, 0x4, 0x6, 0x4, 0x7, 0x2, 0x0, 0x1, 0x4, 0x3, 0xfff, 0x80000001, 0x7, 0x676, 0x3, 0x9, 0x2, 0x4, 0x7fff, 0x4a5, 0x23, 0x4, 0x9, 0x8, 0x0, 0x8000, 0xa, 0x9, 0xca000000, 0x2, 0xfffffffa, 0x3, 0x7, 0x9, 0x7, 0x65fe, 0x9, 0x6, 0x4, 0x80000000, 0x5, 0x801, 0xb848, 0x6, 0x6, 0x800, 0x7, 0x1, 0xb, 0x80, 0x2, 0x3, 0x6, 0x9, 0x4, 0x4, 0xc, 0x80000001, 0x5, 0x5, 0x10000002, 0xb, 0x7, 0x5, 0x2, 0x4]}]]}, {0x4}, {0xc, 0xb}, {0xc, 0xa}}}]}]}, 0x488}}, 0x0) 1.687349661s ago: executing program 4 (id=1631): socket$inet6(0xa, 0x2, 0x0) socket$inet_udp(0x2, 0x2, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$pppl2tp(0x18, 0x1, 0x1) r0 = syz_io_uring_setup(0x10d, &(0x7f0000000200)={0x0, 0x9e74, 0x0, 0x4}, &(0x7f0000000340)=0x0, &(0x7f0000000100)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r4, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) recvmsg$unix(r3, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x100}, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r5, &(0x7f0000000180)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x9, 0x12, r5, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080), 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_WRITE={0x17, 0x0, 0x4007, @fd_index=0x7fffffd, 0x2, 0x0, 0x0, 0x0, 0x1}) io_uring_enter(r0, 0x3f70, 0x0, 0x0, 0x0, 0x0) 124.338749ms ago: executing program 2 (id=1632): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) setsockopt$packet_add_memb(0xffffffffffffffff, 0x107, 0x1, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) r3 = socket$inet6(0xa, 0x80002, 0x0) connect$inet6(r3, &(0x7f0000000000)={0xa, 0x4e2a, 0xffffffff, @mcast2, 0x9}, 0x1c) setsockopt$inet6_IPV6_DSTOPTS(r3, 0x29, 0x3b, &(0x7f0000000140)={0x3a}, 0x8) sendmmsg$inet6(r3, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00) 122.957543ms ago: executing program 0 (id=1633): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) memfd_create(&(0x7f0000000180)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\xa6Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\xca\xd7Uw\x00\xbc\xfa2\xb3\xbb\x8d\xac\xac\xbe\xe1}knh#\xcf)\x0f\xc8\xc0\"\x9cc\x10d\xee\xa9\x8b\x06\x97k\xde\xc5\xe96\xddU)\xc98M\xcd\xfb\xcc\x82n=\x7f=\xcdJx\xaa\xcf~\xb90a\xa9\xb2\x04\x1d\xa1\xce\x8b\x19\xea\xef\xe3\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) r4 = add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000280)={'syz', 0x1}, &(0x7f00000002c0)="1d", 0xfe3a, 0xfffffffffffffffe) keyctl$read(0xb, r4, &(0x7f0000001300)=""/4096, 0xffffffffffffffd2) 43.411834ms ago: executing program 1 (id=1634): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0x3, &(0x7f0000000740)=@framed, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x18) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r4, 0x84, 0x21, 0x0, 0x0) recvmmsg(r4, &(0x7f0000000840)=[{{0x0, 0x0, 0x0}}], 0x414, 0x0, 0x0) 0s ago: executing program 4 (id=1635): madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xe) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) socket$vsock_stream(0x28, 0x1, 0x0) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000240), 0x4000000044402, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000e, 0x13, r0, 0x0) io_setup(0x5, &(0x7f00000000c0)) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0) ioctl$DRM_IOCTL_ADD_MAP(0xffffffffffffffff, 0xc0186415, 0x0) connect$can_bcm(0xffffffffffffffff, 0x0, 0x0) sendmsg$can_bcm(0xffffffffffffffff, 0x0, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x6) kernel console output (not intermixed with test programs): a5b65a09. [ 102.578346][ T1106] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.690083][ T1106] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.980689][ T6042] overlayfs: statfs failed on './file0' [ 103.008223][ T6044] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 104.784642][ T6063] netlink: 24 bytes leftover after parsing attributes in process `syz.0.15'. [ 106.906312][ T5960] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 107.104409][ T5960] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 107.167775][ T5960] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 107.220244][ T5960] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 107.342195][ T5960] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 107.431846][ T5960] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 107.527680][ T5960] usb 1-1: config 0 descriptor?? [ 108.120750][ T5960] plantronics 0003:047F:FFFF.0001: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 108.276492][ T5960] usb 1-1: USB disconnect, device number 2 [ 108.480265][ T6092] fido_id[6092]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 108.936098][ T6101] loop3: detected capacity change from 0 to 128 [ 109.307063][ T6102] syz.3.25: attempt to access beyond end of device [ 109.307063][ T6102] loop3: rw=2049, sector=153, nr_sectors = 8 limit=128 [ 109.402960][ T6102] syz.3.25: attempt to access beyond end of device [ 109.402960][ T6102] loop3: rw=2049, sector=169, nr_sectors = 8 limit=128 [ 109.463666][ T6102] syz.3.25: attempt to access beyond end of device [ 109.463666][ T6102] loop3: rw=2049, sector=185, nr_sectors = 8 limit=128 [ 109.472667][ T6108] netlink: 4 bytes leftover after parsing attributes in process `syz.1.27'. [ 109.631991][ T6102] syz.3.25: attempt to access beyond end of device [ 109.631991][ T6102] loop3: rw=2049, sector=201, nr_sectors = 8 limit=128 [ 109.655573][ T6108] bridge_slave_1: left allmulticast mode [ 109.712471][ T6108] bridge_slave_1: left promiscuous mode [ 109.768229][ T6108] bridge0: port 2(bridge_slave_1) entered disabled state [ 109.907985][ T6108] bridge_slave_0: left allmulticast mode [ 109.913931][ T6108] bridge_slave_0: left promiscuous mode [ 109.934356][ T6108] bridge0: port 1(bridge_slave_0) entered disabled state [ 110.407462][ T5880] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 110.605415][ T5880] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 110.736131][ T5880] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 110.786996][ T5880] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 110.889962][ T5880] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 111.146643][ T5880] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 111.202846][ T5880] usb 6-1: config 0 descriptor?? [ 111.374602][ T6130] sctp: failed to load transform for md5: -2 [ 111.381107][ T6133] sctp: failed to load transform for md5: -2 [ 112.354033][ T5880] plantronics 0003:047F:FFFF.0002: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0 [ 112.519860][ T5880] usb 6-1: USB disconnect, device number 2 [ 112.665949][ T6152] loop0: detected capacity change from 0 to 512 [ 112.795742][ T6152] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 112.811082][ T6152] ext4 filesystem being mounted at /10/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 112.992379][ T6152] EXT4-fs error (device loop0): ext4_empty_dir:3080: inode #12: comm syz.0.38: Directory hole found for htree leaf block 0 [ 113.071577][ T6152] EXT4-fs (loop0): Remounting filesystem read-only [ 113.440002][ T6161] fido_id[6161]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory [ 113.514360][ T6167] overlayfs: statfs failed on './file0' [ 113.594026][ T5880] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 113.677921][ T5991] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 113.715069][ T5871] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 113.737164][ T5991] Quota error (device loop0): write_blk: dquota write failed [ 113.753032][ T5991] Quota error (device loop0): free_dqentry: Can't write quota data block 5 [ 113.807781][ T5991] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 113.848866][ T5991] Quota error (device loop0): write_blk: dquota write failed [ 113.875591][ T5991] Quota error (device loop0): free_dqentry: Can't write quota data block 5 [ 113.886611][ T5880] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 113.926906][ T5880] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 113.986374][ T5880] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 114.151379][ T5880] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 114.190411][ T5880] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 114.236474][ T5880] usb 3-1: config 0 descriptor?? [ 115.051189][ T5880] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 115.275490][ T1173] usb 3-1: USB disconnect, device number 2 [ 115.667159][ T6191] fido_id[6191]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory [ 115.730857][ T6194] loop1: detected capacity change from 0 to 8 [ 116.992800][ T6203] netlink: 6 bytes leftover after parsing attributes in process `syz.1.51'. [ 117.078132][ T6203] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 117.701986][ T1173] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 117.898344][ T1173] usb 1-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 117.950236][ T1173] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 117.985807][ T1173] usb 1-1: Product: syz [ 118.048040][ T1173] usb 1-1: Manufacturer: syz [ 118.091924][ T1173] usb 1-1: SerialNumber: syz [ 118.125809][ T1173] usb 1-1: config 0 descriptor?? [ 119.133291][ T6232] overlayfs: failed to resolve './file1': -2 [ 119.366986][ T6079] usb 1-1: USB disconnect, device number 3 [ 119.707361][ T6240] netlink: 14 bytes leftover after parsing attributes in process `syz.2.58'. [ 120.451707][ T6245] netlink: 12 bytes leftover after parsing attributes in process `syz.3.61'. [ 120.781913][ T1173] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 121.052751][ T1173] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 121.793821][ T1173] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 121.810130][ T1173] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 121.876858][ T1173] usb 5-1: config 0 descriptor?? [ 122.029445][ T6240] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 122.051418][ T6240] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 122.071723][ T6240] bond0 (unregistering): Released all slaves [ 122.264601][ T1173] usbhid 5-1:0.0: can't add hid device: -71 [ 122.276648][ T1173] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 122.313531][ T1173] usb 5-1: USB disconnect, device number 2 [ 122.891900][ T1173] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 123.223588][ T1173] usb 5-1: Using ep0 maxpacket: 32 [ 123.240202][ T1173] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 123.282767][ T1173] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40 [ 123.376146][ T1173] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 123.414695][ T1173] usb 5-1: config 0 descriptor?? [ 124.052699][ T1173] usb 5-1: can't set config #0, error -71 [ 124.183260][ T1173] usb 5-1: USB disconnect, device number 3 [ 125.651290][ T6293] loop1: detected capacity change from 0 to 256 [ 125.722867][ T6293] ======================================================= [ 125.722867][ T6293] WARNING: The mand mount option has been deprecated and [ 125.722867][ T6293] and is ignored by this kernel. Remove the mand [ 125.722867][ T6293] option from the mount to silence this warning. [ 125.722867][ T6293] ======================================================= [ 126.079523][ T6293] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x467a0815, utbl_chksum : 0xe619d30d) [ 126.130710][ T6293] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 126.463433][ T6302] CUSE: info not properly terminated [ 129.300453][ T6362] loop0: detected capacity change from 0 to 1024 [ 131.016831][ T6375] batman_adv: batadv0: Adding interface: dummy0 [ 131.023749][ T6375] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 131.049231][ T5960] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 131.142087][ T6375] batman_adv: batadv0: Interface activated: dummy0 [ 131.166161][ T6379] batadv0: mtu less than device minimum [ 131.179137][ T6379] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 131.191236][ T6379] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 131.203380][ T6379] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 131.215324][ T6379] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 131.227253][ T6379] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 131.239181][ T6379] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 131.251126][ T6379] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 131.263133][ T6379] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 131.274682][ T6379] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 131.452395][ T6375] netlink: 'syz.3.89': attribute type 10 has an invalid length. [ 131.488786][ T5960] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 131.527028][ T5960] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 131.528059][ T6375] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 131.610506][ T5960] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 131.671270][ T5960] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 131.716988][ T5960] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 131.725095][ T6375] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 131.973148][ T5960] usb 5-1: config 0 descriptor?? [ 132.802385][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.808813][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.092122][ T5960] usb 5-1: can't set config #0, error -71 [ 133.179872][ T5960] usb 5-1: USB disconnect, device number 4 [ 136.512600][ T6407] netlink: 'syz.5.98': attribute type 1 has an invalid length. [ 136.636156][ T6407] macvlan1: entered promiscuous mode [ 136.641619][ T6407] macvlan1: entered allmulticast mode [ 136.858418][ T6407] veth1_vlan: entered allmulticast mode [ 136.965366][ T6412] netlink: 24 bytes leftover after parsing attributes in process `syz.2.101'. [ 137.152712][ T6415] netlink: 4 bytes leftover after parsing attributes in process `syz.2.101'. [ 137.400475][ T6415] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 137.549594][ T6420] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 137.656534][ T6415] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 138.741914][ T5960] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 138.946133][ T5960] usb 6-1: Using ep0 maxpacket: 32 [ 138.966948][ T5960] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 138.982002][ T5960] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 139.101882][ T5960] usb 6-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 139.131625][ T5960] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 139.180633][ T5960] usb 6-1: config 0 descriptor?? [ 139.616226][ T5960] ft260 0003:0403:6030.0004: unknown main item tag 0x7 [ 139.813884][ T5960] ft260 0003:0403:6030.0004: chip code: 6424 8183 [ 140.014834][ T5960] ft260 0003:0403:6030.0004: USB HID v0.00 Device [HID 0403:6030] on usb-dummy_hcd.5-1/input0 [ 140.216860][ T5960] ft260 0003:0403:6030.0004: failed to retrieve status: -32, no wakeup [ 140.398129][ T6437] loop2: detected capacity change from 0 to 32768 [ 140.438587][ T6437] bcachefs: bch2_fs_parse_param() Error parsing option move_bytes_in_flight: option_value [ 140.456171][ T5960] ft260 0003:0403:6030.0004: failed to retrieve status: -32 [ 141.171059][ T6448] ft260 0003:0403:6030.0004: ft260_i2c_read: failed with -38 [ 142.032778][ T6452] ref_ctr_offset mismatch. inode: 0x9c offset: 0x0 ref_ctr_offset(old): 0x200000000100 ref_ctr_offset(new): 0x0 [ 142.676246][ T5960] usb 6-1: USB disconnect, device number 3 [ 143.526180][ T6469] Zero length message leads to an empty skb [ 143.534452][ T6470] netlink: 'syz.3.117': attribute type 4 has an invalid length. [ 143.951061][ T6455] syz.4.112 (6455): drop_caches: 2 [ 146.235679][ T6469] netlink: 'syz.1.118': attribute type 2 has an invalid length. [ 146.446554][ T6469] bond: entered promiscuous mode [ 149.375420][ T6520] ISOFS: Unable to identify CD-ROM format. [ 152.132713][ T6537] binder: 6536:6537 unknown command 0 [ 152.138121][ T6537] binder: 6536:6537 ioctl c0306201 200000000080 returned -22 [ 152.828884][ T6537] binder: BINDER_SET_CONTEXT_MGR already set [ 152.900711][ T6537] binder: 6536:6537 ioctl 4018620d 200000000040 returned -16 [ 153.044232][ T6533] netlink: 180 bytes leftover after parsing attributes in process `syz.4.137'. [ 153.148896][ T6539] netlink: 180 bytes leftover after parsing attributes in process `syz.4.137'. [ 153.201377][ T6539] netlink: 180 bytes leftover after parsing attributes in process `syz.4.137'. [ 153.323697][ T5880] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 153.962087][ T5880] usb 6-1: Using ep0 maxpacket: 32 [ 153.969363][ T5880] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 153.990963][ T5880] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 154.024316][ T5880] usb 6-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 154.092673][ T6555] loop3: detected capacity change from 0 to 2048 [ 154.102559][ T5880] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 154.131085][ T5880] usb 6-1: config 0 descriptor?? [ 154.234067][ T6555] EXT4-fs (loop3): mounted filesystem 00000800-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 154.328676][ T6555] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 154.347344][ T6555] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 2 with error 28 [ 154.362612][ T6555] EXT4-fs (loop3): This should not happen!! Data will be lost [ 154.362612][ T6555] [ 154.373330][ T6555] EXT4-fs (loop3): Total free blocks count 0 [ 154.380742][ T6555] EXT4-fs (loop3): Free/Dirty block details [ 154.392807][ T6564] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 2 with max blocks 1 with error 28 [ 154.408914][ T6555] EXT4-fs (loop3): free_blocks=2415919104 [ 154.415039][ T6555] EXT4-fs (loop3): dirty_blocks=16 [ 154.420506][ T6564] EXT4-fs (loop3): This should not happen!! Data will be lost [ 154.420506][ T6564] [ 154.439306][ T6555] EXT4-fs (loop3): Block reservation details [ 154.614460][ T5880] ft260 0003:0403:6030.0005: unknown main item tag 0x0 [ 154.648724][ T5880] ft260 0003:0403:6030.0005: unknown main item tag 0x0 [ 154.811761][ T5880] ft260 0003:0403:6030.0005: chip code: 6424 8183 [ 155.015334][ T5880] ft260 0003:0403:6030.0005: USB HID v0.00 Device [HID 0403:6030] on usb-dummy_hcd.5-1/input0 [ 155.223525][ T6579] netlink: 20 bytes leftover after parsing attributes in process `syz.3.145'. [ 155.361858][ T5880] ft260 0003:0403:6030.0005: failed to retrieve status: -32, no wakeup [ 155.405269][ T5880] ft260 0003:0403:6030.0005: failed to retrieve status: -32 [ 155.672423][ T6547] i2c i2c-1: adapter quirk: 2nd comb msg must be read (addr 0x0006, size 0, write) [ 155.839371][ T5960] usb 6-1: USB disconnect, device number 4 [ 156.202256][ T5939] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 156.573773][ T5939] usb 4-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 156.621954][ T5939] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 156.733674][ T5939] usb 4-1: config 0 descriptor?? [ 157.174968][ T6575] loop4: detected capacity change from 0 to 32768 [ 157.539931][ T6575] ocfs2: Mounting device (7,4) on (node local, slot 0) with writeback data mode. [ 157.800269][ T30] audit: type=1800 audit(1758447058.798:2): pid=6575 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.148" name="file1" dev="loop4" ino=17058 res=0 errno=0 [ 158.500994][ T6575] (syz.4.148,6575,0):ocfs2_check_set_options:1244 ERROR: Invalid heartbeat mount options [ 158.922016][ T5939] usb 4-1: Cannot set autoneg [ 158.945841][ T5939] MOSCHIP usb-ethernet driver 4-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71 [ 158.996274][ T5939] usb 4-1: USB disconnect, device number 2 [ 159.050152][ T6622] netlink: 'syz.0.156': attribute type 2 has an invalid length. [ 159.080837][ T5866] ocfs2: Unmounting device (7,4) on (node local) [ 159.102037][ T6622] netlink: 8 bytes leftover after parsing attributes in process `syz.0.156'. [ 159.817300][ T6631] process 'syz.2.159' launched './file0' with NULL argv: empty string added [ 160.358236][ T6637] loop4: detected capacity change from 0 to 2048 [ 160.511981][ T30] audit: type=1800 audit(1758447061.508:3): pid=6631 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.159" name="/" dev="fuse" ino=9 res=0 errno=0 [ 160.708793][ T6637] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 162.681139][ T5866] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 163.642406][ T6680] netlink: 12 bytes leftover after parsing attributes in process `syz.0.173'. [ 163.995128][ T6686] lo: entered allmulticast mode [ 167.603896][ T6716] netlink: 156 bytes leftover after parsing attributes in process `syz.2.184'. [ 168.487387][ T6723] loop4: detected capacity change from 0 to 40427 [ 168.550631][ T6723] F2FS-fs (loop4): invalid crc value [ 168.686119][ T6723] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 168.703524][ T6723] F2FS-fs (loop4): Start checkpoint disabled! [ 168.729975][ T6723] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6 [ 169.246369][ T6732] netlink: 'syz.3.189': attribute type 13 has an invalid length. [ 169.469842][ T6723] syz.4.187: attempt to access beyond end of device [ 169.469842][ T6723] loop4: rw=2049, sector=77824, nr_sectors = 8 limit=40427 [ 169.497427][ T6723] syz.4.187: attempt to access beyond end of device [ 169.497427][ T6723] loop4: rw=2049, sector=77832, nr_sectors = 2064 limit=40427 [ 169.525360][ T6723] syz.4.187: attempt to access beyond end of device [ 169.525360][ T6723] loop4: rw=2049, sector=79896, nr_sectors = 2024 limit=40427 [ 169.542370][ T6723] syz.4.187: attempt to access beyond end of device [ 169.542370][ T6723] loop4: rw=2049, sector=49152, nr_sectors = 8 limit=40427 [ 169.570864][ T6723] syz.4.187: attempt to access beyond end of device [ 169.570864][ T6723] loop4: rw=2049, sector=49160, nr_sectors = 3160 limit=40427 [ 169.591086][ T6723] syz.4.187: attempt to access beyond end of device [ 169.591086][ T6723] loop4: rw=2049, sector=52320, nr_sectors = 928 limit=40427 [ 169.607049][ T6723] syz.4.187: attempt to access beyond end of device [ 169.607049][ T6723] loop4: rw=2049, sector=57344, nr_sectors = 8 limit=40427 [ 169.640151][ T6723] syz.4.187: attempt to access beyond end of device [ 169.640151][ T6723] loop4: rw=2049, sector=57352, nr_sectors = 4064 limit=40427 [ 170.253897][ T49] kworker/u8:3: attempt to access beyond end of device [ 170.253897][ T49] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 170.289288][ T6732] bridge0: port 2(bridge_slave_1) entered disabled state [ 170.297027][ T6732] bridge0: port 1(bridge_slave_0) entered disabled state [ 170.374464][ T49] CPU: 1 UID: 0 PID: 49 Comm: kworker/u8:3 Not tainted syzkaller #0 PREEMPT(full) [ 170.374497][ T49] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 170.374513][ T49] Workqueue: writeback wb_workfn (flush-7:4) [ 170.374556][ T49] Call Trace: [ 170.374565][ T49] [ 170.374575][ T49] dump_stack_lvl+0x189/0x250 [ 170.374610][ T49] ? __pfx_dump_stack_lvl+0x10/0x10 [ 170.374640][ T49] ? __pfx_queue_work_on+0x10/0x10 [ 170.374665][ T49] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 170.374704][ T49] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 170.374757][ T49] f2fs_handle_critical_error+0x37c/0x540 [ 170.374803][ T49] f2fs_write_end_io+0x886/0xb60 [ 170.374848][ T49] __submit_merged_bio+0x27a/0x6a0 [ 170.374893][ T49] __submit_merged_write_cond+0x255/0x530 [ 170.374937][ T49] f2fs_write_data_pages+0x261d/0x3000 [ 170.374999][ T49] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 170.375108][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 170.375141][ T49] ? f2fs_write_meta_pages+0x357/0x450 [ 170.375174][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 170.375201][ T49] ? __lock_acquire+0xab9/0xd20 [ 170.375242][ T49] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 170.375268][ T49] do_writepages+0x32e/0x550 [ 170.375306][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 170.375333][ T49] ? reacquire_held_locks+0x127/0x1d0 [ 170.375358][ T49] ? writeback_sb_inodes+0x384/0x1010 [ 170.375399][ T49] __writeback_single_inode+0x145/0xff0 [ 170.375430][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 170.375457][ T49] ? do_raw_spin_unlock+0x122/0x240 [ 170.375492][ T49] writeback_sb_inodes+0x6c7/0x1010 [ 170.375559][ T49] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 170.375638][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 170.375665][ T49] ? rcu_is_watching+0x15/0xb0 [ 170.375689][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 170.375726][ T49] wb_writeback+0x43b/0xaf0 [ 170.375767][ T49] ? queue_io+0x381/0x590 [ 170.375802][ T49] ? __pfx_wb_writeback+0x10/0x10 [ 170.375842][ T49] ? _raw_spin_unlock_irq+0x23/0x50 [ 170.375885][ T49] wb_workfn+0x409/0xef0 [ 170.375929][ T49] ? __pfx_wb_workfn+0x10/0x10 [ 170.375959][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 170.375986][ T49] ? __lock_acquire+0xab9/0xd20 [ 170.376035][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 170.376065][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 170.376097][ T49] ? _raw_spin_unlock_irq+0x23/0x50 [ 170.376133][ T49] ? process_scheduled_works+0x9ef/0x17b0 [ 170.376156][ T49] ? process_scheduled_works+0x9ef/0x17b0 [ 170.376182][ T49] process_scheduled_works+0xae1/0x17b0 [ 170.376241][ T49] ? __pfx_process_scheduled_works+0x10/0x10 [ 170.376274][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 170.376311][ T49] worker_thread+0x8a0/0xda0 [ 170.376352][ T49] ? __kthread_parkme+0x7b/0x200 [ 170.376395][ T49] kthread+0x711/0x8a0 [ 170.376429][ T49] ? __pfx_worker_thread+0x10/0x10 [ 170.376453][ T49] ? __pfx_kthread+0x10/0x10 [ 170.376480][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 170.376511][ T49] ? _raw_spin_unlock_irq+0x23/0x50 [ 170.376554][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 170.376580][ T49] ? lockdep_hardirqs_on+0x9c/0x150 [ 170.376604][ T49] ? __pfx_kthread+0x10/0x10 [ 170.376636][ T49] ret_from_fork+0x439/0x7d0 [ 170.376665][ T49] ? __pfx_ret_from_fork+0x10/0x10 [ 170.376697][ T49] ? __switch_to_asm+0x39/0x70 [ 170.376727][ T49] ? __switch_to_asm+0x33/0x70 [ 170.376757][ T49] ? __pfx_kthread+0x10/0x10 [ 170.376789][ T49] ret_from_fork_asm+0x1a/0x30 [ 170.376841][ T49] [ 170.376850][ T49] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 170.994873][ T6732] batman_adv: batadv0: Interface deactivated: dummy0 [ 172.173702][ T6732] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 172.252921][ T6732] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 173.170258][ T6772] loop1: detected capacity change from 0 to 128 [ 173.530874][ T6781] syz.1.197: attempt to access beyond end of device [ 173.530874][ T6781] loop1: rw=2049, sector=145, nr_sectors = 8 limit=128 [ 174.168692][ T6353] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 174.244696][ T49] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 174.345453][ T49] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 174.423707][ T49] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 174.684139][ T6796] sg_write: data in/out 91/14 bytes for SCSI command 0x0-- guessing data in; [ 174.684139][ T6796] program syz.4.201 not setting count and/or reply_len properly [ 175.322206][ T6079] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 175.531967][ T6079] usb 6-1: Using ep0 maxpacket: 32 [ 175.556465][ T6079] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 175.609018][ T6079] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 175.661102][ T6079] usb 6-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 175.689805][ T6079] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 175.766859][ T6079] usb 6-1: config 0 descriptor?? [ 176.086700][ T6826] loop0: detected capacity change from 0 to 2048 [ 176.173725][ T6826] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 176.230750][ T6079] ft260 0003:0403:6030.0006: unknown main item tag 0x7 [ 176.572225][ T6079] ft260 0003:0403:6030.0006: chip code: 6424 8183 [ 176.625245][ T6079] ft260 0003:0403:6030.0006: USB HID v0.00 Device [HID 0403:6030] on usb-dummy_hcd.5-1/input0 [ 177.329191][ T6079] ft260 0003:0403:6030.0006: failed to retrieve status: -32, no wakeup [ 177.366105][ T6079] ft260 0003:0403:6030.0006: failed to retrieve status: -32 [ 177.624623][ T5880] usb 6-1: reset high-speed USB device number 5 using dummy_hcd [ 177.756194][ T5871] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 177.764758][ T6849] binder: BINDER_SET_CONTEXT_MGR already set [ 177.795864][ T6849] binder: 6846:6849 ioctl 4018620d 200000004a80 returned -16 [ 178.557047][ T6079] usb 6-1: USB disconnect, device number 5 [ 179.371917][ T6079] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 179.680157][ T6079] usb 1-1: Using ep0 maxpacket: 32 [ 179.704720][ T6079] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 179.933509][ T6079] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 179.973666][ T6079] usb 1-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 179.996230][ T6079] usb 1-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 180.119142][ T6079] usb 1-1: Product: syz [ 180.144174][ T6079] usb 1-1: Manufacturer: syz [ 180.186455][ T6079] usb 1-1: SerialNumber: syz [ 180.241745][ T6079] usb 1-1: config 0 descriptor?? [ 182.395973][ T6898] loop1: detected capacity change from 0 to 2048 [ 182.800198][ T6898] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 182.852302][ T5960] usb 1-1: USB disconnect, device number 4 [ 182.872269][ T6898] ext4 filesystem being mounted at /41/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 183.442800][ T6913] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 183.442800][ T6913] The task syz.0.229 (6913) triggered the difference, watch for misbehavior. [ 184.301778][ T5864] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 188.294228][ T6982] netlink: 'syz.1.250': attribute type 1 has an invalid length. [ 188.537330][ T6984] bond1: (slave bridge0): Enslaving as an active interface with a down link [ 188.630429][ T6982] bond1: (slave bridge1): Enslaving as an active interface with a down link [ 189.352900][ T5880] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 189.412023][ T6990] Driver unsupported XDP return value 0 on prog (id 35) dev N/A, expect packet loss! [ 189.817114][ T5880] usb 5-1: Using ep0 maxpacket: 16 [ 189.873235][ T5880] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 189.890474][ T5880] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 189.904156][ T5880] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 189.926198][ T5880] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 189.939955][ T5880] usb 5-1: Product: syz [ 189.956562][ T5880] usb 5-1: Manufacturer: syz [ 189.976606][ T5880] usb 5-1: SerialNumber: syz [ 190.070277][ T5880] usb 5-1: config 0 descriptor?? [ 190.113651][ T5880] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 190.181853][ T5880] em28xx 5-1:0.0: Audio interface 0 found (Vendor Class) [ 190.718312][ T5880] em28xx 5-1:0.0: unknown em28xx chip ID (0) [ 190.727060][ T5880] em28xx 5-1:0.0: Config register raw data: 0xfffffffb [ 191.136569][ T5880] em28xx 5-1:0.0: AC97 chip type couldn't be determined [ 191.151877][ T5880] em28xx 5-1:0.0: No AC97 audio processor [ 191.203600][ T5880] usb 5-1: USB disconnect, device number 5 [ 191.229722][ T5880] em28xx 5-1:0.0: Disconnecting em28xx [ 191.258840][ T5880] em28xx 5-1:0.0: Freeing device [ 192.658730][ T7029] capability: warning: `syz.5.267' uses deprecated v2 capabilities in a way that may be insecure [ 193.015389][ T7036] syz.0.268 uses obsolete (PF_INET,SOCK_PACKET) [ 193.263261][ T7043] binder: 7042:7043 unknown command 0 [ 193.269103][ T7043] binder: 7042:7043 ioctl c0306201 200000000080 returned -22 [ 193.488338][ T7045] netlink: 12 bytes leftover after parsing attributes in process `syz.0.273'. [ 193.566500][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 193.574494][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 193.933261][ T7054] netlink: 4 bytes leftover after parsing attributes in process `syz.5.276'. [ 193.962158][ T24] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 194.182588][ T24] usb 1-1: config index 0 descriptor too short (expected 8192, got 36) [ 194.200669][ T24] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 194.244730][ T24] usb 1-1: config 0 has no interfaces? [ 194.256006][ T24] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 194.310705][ T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 194.391353][ T24] usb 1-1: config 0 descriptor?? [ 194.667765][ T5946] usb 1-1: USB disconnect, device number 5 [ 196.086378][ T7069] loop3: detected capacity change from 0 to 256 [ 196.192700][ T7069] exfat: Unknown parameter 'ˆ-êÚ´gB•Bãgλý¹#©¬›;2’—!"ÙÅ|õêXaµXïð¦ç¥ýñÜг®ÝÇ©' [ 196.527259][ T7072] loop2: detected capacity change from 0 to 32768 [ 196.652206][ T7072] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 196.660484][ T7072] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 196.722432][ T7072] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms [ 196.735527][ T5939] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 196.751902][ T5939] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 197.002546][ T5939] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 250ms [ 197.011241][ T5939] gfs2: fsid=syz:syz.0: jid=0: Done [ 197.040029][ T7072] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 197.682404][ T7082] netlink: 'syz.1.284': attribute type 4 has an invalid length. [ 197.701991][ T5960] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 197.764336][ T7082] netlink: 'syz.1.284': attribute type 4 has an invalid length. [ 197.872177][ T5960] usb 1-1: Using ep0 maxpacket: 8 [ 197.918600][ T5960] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 198.045787][ T5960] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 198.104820][ T5960] usb 1-1: Product: syz [ 198.109011][ T5960] usb 1-1: Manufacturer: syz [ 198.114028][ T5960] usb 1-1: SerialNumber: syz [ 198.179194][ T5960] usb 1-1: config 0 descriptor?? [ 198.251958][ T7087] loop3: detected capacity change from 0 to 2048 [ 198.283924][ T7087] UDF-fs: error (device loop3): udf_process_sequence: Primary Volume Descriptor not found! [ 198.417486][ T5960] usb 1-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 198.427037][ T7087] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 199.474773][ T5960] dvb_usb_rtl28xxu 1-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 199.498724][ T5960] usb 1-1: USB disconnect, device number 6 [ 202.386793][ T7126] loop0: detected capacity change from 0 to 256 [ 202.519354][ T7126] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 202.646315][ T7133] loop3: detected capacity change from 0 to 1024 [ 202.768522][ T7133] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 202.842083][ T7133] ext4 filesystem being mounted at /45/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 203.043530][ T7133] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 203.226415][ T7142] netlink: 4 bytes leftover after parsing attributes in process `syz.0.303'. [ 204.112681][ T7162] overlayfs: failed to clone upperpath [ 204.192018][ T1173] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 204.539519][ T1173] usb 2-1: config 1 has an invalid descriptor of length 68, skipping remainder of the config [ 204.580387][ T1173] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 204.614626][ T1173] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 204.817533][ T1173] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 204.966240][ T1173] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 205.034042][ T1173] usb 2-1: Product: syz [ 205.055908][ T1173] usb 2-1: Manufacturer: syz [ 205.064617][ T1173] usb 2-1: SerialNumber: syz [ 205.306381][ T1173] cdc_ncm 2-1:1.0: CDC Union missing and no IAD found [ 205.383489][ T1173] cdc_ncm 2-1:1.0: bind() failure [ 205.398872][ T1173] usb 2-1: USB disconnect, device number 2 [ 206.176207][ T7160] loop5: detected capacity change from 0 to 32768 [ 206.219194][ T7160] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.310 (7160) [ 206.301953][ T6079] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 206.513872][ T6079] usb 5-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47 [ 206.538822][ T7160] BTRFS info (device loop5): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 206.538838][ T6079] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 206.594070][ T6079] usb 5-1: config 0 descriptor?? [ 206.634324][ T6079] gspca_main: STV06xx-2.14.0 probing 046d:0870 [ 206.811364][ T7160] BTRFS info (device loop5): using sha256 (sha256-lib) checksum algorithm [ 207.303399][ T7160] BTRFS error (device loop5): open_ctree failed: -4 [ 208.550909][ T6079] usb 5-1: USB disconnect, device number 6 [ 209.190915][ T7221] binder: 7219:7221 unknown command 0 [ 209.233642][ T7221] binder: 7219:7221 ioctl c0306201 200000000080 returned -22 [ 209.320436][ T7224] overlayfs: failed to clone lowerpath [ 210.421932][ T6079] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 210.473671][ T24] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 210.538167][ T7233] overlayfs: failed to resolve './file1': -2 [ 210.677160][ T6079] usb 5-1: Using ep0 maxpacket: 8 [ 210.734970][ T6079] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 210.750940][ T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 210.792670][ T6079] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 210.807291][ T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 210.893286][ T6079] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 210.929048][ T24] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 211.112106][ T6079] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 211.133036][ T24] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 211.180941][ T6079] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 211.190388][ T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 211.245954][ T6079] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 211.495760][ T24] usb 1-1: config 0 descriptor?? [ 211.815925][ T5884] Bluetooth: hci4: unexpected cc 0x204b length: 9 > 3 [ 211.837721][ T6079] usb 5-1: usb_control_msg returned -71 [ 211.881067][ T6079] usbtmc 5-1:16.0: can't read capabilities [ 212.769991][ T24] plantronics 0003:047F:FFFF.0007: hiddev1,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 212.783468][ T6079] usb 5-1: USB disconnect, device number 7 [ 212.998867][ T5939] usb 1-1: USB disconnect, device number 7 [ 213.376264][ T7261] fido_id[7261]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 214.906544][ T7277] loop0: detected capacity change from 0 to 512 [ 214.976798][ T7277] EXT4-fs error (device loop0): ext4_quota_enable:7128: inode #4: comm syz.0.345: iget: bad i_size value: 5910974510929920 [ 215.002609][ T7277] EXT4-fs error (device loop0): ext4_quota_enable:7131: comm syz.0.345: Bad quota inode: 4, type: 1 [ 215.022162][ T7277] EXT4-fs warning (device loop0): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 215.047565][ T7277] EXT4-fs (loop0): mount failed [ 215.536074][ T7290] netlink: 'syz.0.349': attribute type 12 has an invalid length. [ 215.920769][ T7260] loop2: detected capacity change from 0 to 40427 [ 215.961828][ T7260] F2FS-fs (loop2): invalid crc value [ 216.544009][ T5179] Bluetooth: hci2: command 0x0406 tx timeout [ 216.551909][ T5179] Bluetooth: hci4: command 0x0406 tx timeout [ 216.557922][ T5179] Bluetooth: hci1: command 0x0406 tx timeout [ 216.563996][ T5868] Bluetooth: hci3: command 0x0406 tx timeout [ 216.993338][ T7260] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 217.356750][ T7260] F2FS-fs (loop2): Start checkpoint disabled! [ 219.327016][ T30] audit: type=1800 audit(1758447120.328:4): pid=7331 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.361" name="/" dev="9p" ino=589826 res=0 errno=0 [ 219.788200][ T7336] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 219.891607][ T7337] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 220.073602][ T7336] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 225.568611][ T30] audit: type=1326 audit(1758447126.558:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7389 comm="syz.5.381" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f13b918ec29 code=0x0 [ 230.850969][ T7418] loop0: detected capacity change from 0 to 64 [ 230.895240][ T30] audit: type=1326 audit(1758447131.888:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7415 comm="syz.5.400" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f13b918ec29 code=0x0 [ 233.717068][ T30] audit: type=1326 audit(1758447134.708:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7435 comm="syz.1.394" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10f1b8ec29 code=0x7fc00000 [ 234.228147][ T30] audit: type=1326 audit(1758447135.218:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7445 comm="syz.4.397" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7feedf98ec29 code=0x0 [ 235.908114][ T7466] loop4: detected capacity change from 0 to 256 [ 235.928718][ T7465] overlayfs: failed to clone upperpath [ 236.087646][ T7466] loop4: detected capacity change from 0 to 512 [ 236.190874][ T7466] EXT4-fs: Ignoring removed bh option [ 236.256965][ T7466] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem [ 236.294627][ T7469] binder: 7468:7469 ioctl c0306201 200000000080 returned -14 [ 236.421273][ T7466] EXT4-fs (loop4): 1 truncate cleaned up [ 236.518800][ T7466] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 236.618295][ T30] audit: type=1800 audit(1758447137.618:9): pid=7466 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.404" name="file1" dev="loop4" ino=15 res=0 errno=0 [ 236.648482][ T7482] binder: BINDER_SET_CONTEXT_MGR already set [ 236.682220][ T7482] binder: 7475:7482 ioctl 4018620d 2000000002c0 returned -16 [ 236.713812][ T7482] binder: 7475:7482 ioctl c0306201 200000000680 returned -14 [ 236.828356][ T5866] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 236.961623][ T7486] overlayfs: failed to clone upperpath [ 237.263530][ T6079] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 237.472339][ T6079] usb 5-1: Using ep0 maxpacket: 32 [ 237.500953][ T6079] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 237.537482][ T6079] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 237.577988][ T6079] usb 5-1: New USB device found, idVendor=05ac, idProduct=0265, bcdDevice= 0.00 [ 237.591564][ T6079] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 237.665855][ T6079] usb 5-1: config 0 descriptor?? [ 238.228847][ T6079] magicmouse 0003:05AC:0265.0008: item fetching failed at offset 6/7 [ 238.251203][ T6079] magicmouse 0003:05AC:0265.0008: magicmouse hid parse failed [ 238.260365][ T6079] magicmouse 0003:05AC:0265.0008: probe with driver magicmouse failed with error -22 [ 238.438898][ T7519] loop1: detected capacity change from 0 to 128 [ 238.782280][ T24] usb 5-1: USB disconnect, device number 8 [ 238.873933][ T7519] bio_check_eod: 28 callbacks suppressed [ 238.873953][ T7519] syz.1.426: attempt to access beyond end of device [ 238.873953][ T7519] loop1: rw=2049, sector=145, nr_sectors = 3 limit=128 [ 239.481681][ T1106] kworker/u8:6: attempt to access beyond end of device [ 239.481681][ T1106] loop1: rw=1, sector=161, nr_sectors = 1 limit=128 [ 239.599663][ T7529] netlink: 'syz.0.429': attribute type 1 has an invalid length. [ 239.720865][ T7535] netlink: 4 bytes leftover after parsing attributes in process `syz.0.429'. [ 239.935279][ T7533] loop5: detected capacity change from 0 to 32768 [ 239.971983][ T7533] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.432 (7533) [ 240.010582][ T7533] BTRFS info (device loop5): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 240.020850][ T7533] BTRFS info (device loop5): using sha256 (sha256-lib) checksum algorithm [ 240.029559][ T7533] BTRFS warning (device loop5): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 240.042041][ T5882] Bluetooth: hci2: Opcode 0x206a failed: -110 [ 240.050723][ T5882] Bluetooth: hci2: command 0x0406 tx timeout [ 240.074895][ T7529] 8021q: adding VLAN 0 to HW filter on device bond1 [ 240.083431][ T7536] tipc: Started in network mode [ 240.125375][ T7536] tipc: Node identity ac1414aa, cluster identity 4711 [ 240.183765][ T7536] tipc: Enabled bearer , priority 10 [ 240.281425][ T7533] BTRFS info (device loop5): rebuilding free space tree [ 240.318720][ T7533] BTRFS info (device loop5): disabling free space tree [ 240.326247][ T7533] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 240.336091][ T7533] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 240.365781][ T7533] BTRFS info (device loop5): enabling ssd optimizations [ 240.372861][ T7533] BTRFS info (device loop5): turning on sync discard [ 240.379520][ T7533] BTRFS info (device loop5): enabling disk space caching [ 240.386593][ T7533] BTRFS info (device loop5): force clearing of disk cache [ 240.393723][ T7533] BTRFS info (device loop5): enabling auto defrag [ 240.400115][ T7533] BTRFS info (device loop5): doing ref verification [ 241.303665][ T5939] tipc: Node number set to 2886997162 [ 241.726960][ T5863] BTRFS info (device loop5): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 242.092135][ T7569] netlink: 8 bytes leftover after parsing attributes in process `syz.1.439'. [ 244.672574][ T7593] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 244.715239][ T7593] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 244.863588][ T24] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 245.051198][ T24] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 245.159297][ T24] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 246.093024][ T24] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 246.115730][ T24] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 246.125883][ T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 246.147476][ T24] usb 6-1: config 0 descriptor?? [ 246.988183][ T24] plantronics 0003:047F:FFFF.0009: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0 [ 247.178492][ T7619] loop1: detected capacity change from 0 to 1024 [ 249.252273][ T7640] netlink: 36 bytes leftover after parsing attributes in process `syz.2.459'. [ 249.301008][ T7640] netlink: 16 bytes leftover after parsing attributes in process `syz.2.459'. [ 249.394329][ T7640] netlink: 36 bytes leftover after parsing attributes in process `syz.2.459'. [ 249.453343][ T7640] netlink: 36 bytes leftover after parsing attributes in process `syz.2.459'. [ 249.886852][ T5946] usb 6-1: USB disconnect, device number 6 [ 250.123412][ T7647] macvlan1: left promiscuous mode [ 251.457594][ T7638] loop1: detected capacity change from 0 to 256 [ 252.092779][ T7638] FAT-fs (loop1): Directory bread(block 64) failed [ 252.177274][ T7638] FAT-fs (loop1): Directory bread(block 65) failed [ 252.222199][ T7638] FAT-fs (loop1): Directory bread(block 66) failed [ 252.426909][ T7638] FAT-fs (loop1): Directory bread(block 67) failed [ 252.457743][ T7638] FAT-fs (loop1): Directory bread(block 68) failed [ 252.641490][ T7638] FAT-fs (loop1): Directory bread(block 69) failed [ 252.691765][ T7638] FAT-fs (loop1): Directory bread(block 70) failed [ 252.721703][ T7638] FAT-fs (loop1): Directory bread(block 71) failed [ 252.838326][ T7638] FAT-fs (loop1): Directory bread(block 72) failed [ 252.881972][ T7638] FAT-fs (loop1): Directory bread(block 73) failed [ 254.152921][ T30] audit: type=1326 audit(1758447155.158:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7689 comm="syz.4.474" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feedf98ec29 code=0x7ffc0000 [ 254.282157][ T30] audit: type=1326 audit(1758447155.218:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7689 comm="syz.4.474" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feedf98ec29 code=0x7ffc0000 [ 254.357065][ T30] audit: type=1326 audit(1758447155.218:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7689 comm="syz.4.474" exe="/root/syz-executor" sig=0 arch=c000003e syscall=135 compat=0 ip=0x7feedf98ec29 code=0x7ffc0000 [ 254.488468][ T30] audit: type=1326 audit(1758447155.218:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7689 comm="syz.4.474" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feedf98ec29 code=0x7ffc0000 [ 254.740169][ T30] audit: type=1326 audit(1758447155.218:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7689 comm="syz.4.474" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feedf98ec29 code=0x7ffc0000 [ 254.772255][ T30] audit: type=1326 audit(1758447155.218:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7689 comm="syz.4.474" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7feedf98ec29 code=0x7ffc0000 [ 255.492713][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.499034][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.613290][ T30] audit: type=1326 audit(1758447155.218:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7689 comm="syz.4.474" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feedf98ec29 code=0x7ffc0000 [ 255.666837][ T30] audit: type=1326 audit(1758447155.218:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7689 comm="syz.4.474" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feedf98ec29 code=0x7ffc0000 [ 255.720013][ T30] audit: type=1326 audit(1758447155.218:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7689 comm="syz.4.474" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7feedf98ec29 code=0x7ffc0000 [ 256.262112][ T30] audit: type=1326 audit(1758447155.218:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7689 comm="syz.4.474" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feedf98ec29 code=0x7ffc0000 [ 256.306708][ T7694] syz.1.475 (7694): drop_caches: 2 [ 262.971927][ T5880] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 263.121912][ T5880] usb 1-1: Using ep0 maxpacket: 32 [ 263.365037][ T5880] usb 1-1: New USB device found, idVendor=04b4, idProduct=861f, bcdDevice=f9.d6 [ 263.499880][ T5880] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 263.915293][ T7765] loop1: detected capacity change from 0 to 1024 [ 263.950650][ T5880] usb 1-1: config 0 descriptor?? [ 263.961631][ T7765] EXT4-fs: Ignoring removed bh option [ 263.997019][ T7765] EXT4-fs (loop1): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 264.039567][ T5880] usb 1-1: dvb_usb_v2: found a 'Anysee' in warm state [ 264.118287][ T5880] usb 1-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 264.141151][ T5880] dvb_usb_anysee 1-1:0.0: probe with driver dvb_usb_anysee failed with error -22 [ 264.184569][ T7765] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 264.276691][ T7765] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2848: Unable to expand inode 12. Delete some EAs or run e2fsck. [ 264.373134][ T5880] IPVS: starting estimator thread 0... [ 264.410493][ T1173] usb 1-1: USB disconnect, device number 8 [ 264.512203][ T7774] IPVS: using max 32 ests per chain, 76800 per kthread [ 264.696522][ T5864] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 265.262911][ T5960] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 265.432172][ T5960] usb 2-1: Using ep0 maxpacket: 8 [ 265.452143][ T5960] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 265.531713][ T5960] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 265.597196][ T5960] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 265.633164][ T5960] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 265.682906][ T7795] netlink: 8 bytes leftover after parsing attributes in process `syz.5.505'. [ 265.696823][ T5960] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 265.706061][ T7795] netlink: 8 bytes leftover after parsing attributes in process `syz.5.505'. [ 265.732422][ T5960] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 265.999348][ T5960] usb 2-1: GET_CAPABILITIES returned 0 [ 266.026321][ T5960] usbtmc 2-1:16.0: can't read capabilities [ 266.717792][ T915] usb 2-1: USB disconnect, device number 3 [ 270.519061][ T7853] overlayfs: failed to clone upperpath [ 271.272190][ T915] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 271.315242][ T7863] loop1: detected capacity change from 0 to 512 [ 271.383875][ T7863] ext4: Unknown parameter 'nouser_xattr' [ 271.541938][ T915] usb 3-1: Using ep0 maxpacket: 8 [ 271.602018][ T915] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 271.668508][ T915] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 271.712676][ T7866] netlink: 48 bytes leftover after parsing attributes in process `syz.1.530'. [ 271.737874][ T915] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 271.774712][ T915] usb 3-1: config 0 descriptor?? [ 272.269013][ T915] iowarrior 3-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 272.325731][ T30] kauditd_printk_skb: 8 callbacks suppressed [ 272.325752][ T30] audit: type=1326 audit(1758447173.328:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7857 comm="syz.2.528" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7eff42f8ec29 code=0x0 [ 272.433541][ T915] usb 3-1: USB disconnect, device number 3 [ 272.996678][ T7807] syz.0.509 (7807): drop_caches: 2 [ 276.149803][ T7912] ptrace attach of "./syz-executor exec"[5866] was attempted by " Àÿ Ðÿ ð¥ Àÿ Àÿ Ðÿ àÿ ðÿ °ÿ Àÿ ÿÿÿÿ   8   € \x09   þÿÿú ÿÿÿÿ [ 276.306570][ T7914] loop1: detected capacity change from 0 to 512 [ 276.742840][ T7918] netlink: 8 bytes leftover after parsing attributes in process `syz.3.547'. [ 276.752474][ T7918] netlink: 8 bytes leftover after parsing attributes in process `syz.3.547'. [ 276.865590][ T7914] EXT4-fs error (device loop1): ext4_orphan_get:1392: inode #15: comm syz.1.546: casefold flag without casefold feature [ 276.934693][ T7914] EXT4-fs error (device loop1): ext4_orphan_get:1397: comm syz.1.546: couldn't read orphan inode 15 (err -117) [ 277.050005][ T7914] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 277.230252][ T7929] net_ratelimit: 13 callbacks suppressed [ 277.230273][ T7929] netlink: zone id is out of range [ 277.242210][ T7929] netlink: zone id is out of range [ 277.248964][ T7929] netlink: zone id is out of range [ 277.859367][ T5864] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 278.003744][ T7929] netlink: set zone limit has 4 unknown bytes [ 278.671910][ T5946] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 278.692702][ T7953] netlink: 'syz.3.560': attribute type 17 has an invalid length. [ 278.735337][ T7953] netlink: 148 bytes leftover after parsing attributes in process `syz.3.560'. [ 278.832481][ T5946] usb 3-1: Using ep0 maxpacket: 16 [ 278.843460][ T5946] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 278.859761][ T5946] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 278.886999][ T5946] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 278.897904][ T5946] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 278.908019][ T5946] usb 3-1: Product: syz [ 278.912299][ T5946] usb 3-1: Manufacturer: syz [ 278.937215][ T5946] usb 3-1: SerialNumber: syz [ 278.989095][ T5946] usb 3-1: config 0 descriptor?? [ 279.001762][ T5946] em28xx 3-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 279.023030][ T7946] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 279.039343][ T5946] em28xx 3-1:0.0: Audio interface 0 found (Vendor Class) [ 279.591732][ T7946] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 279.782526][ T5946] em28xx 3-1:0.0: unknown em28xx chip ID (0) [ 280.384119][ T5946] em28xx 3-1:0.0: Config register raw data: 0xfffffffb [ 280.774870][ T7946] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 281.457758][ T5946] em28xx 3-1:0.0: Unknown AC97 audio processor detected! [ 281.763077][ T7946] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 281.874851][ T5946] em28xx 3-1:0.0: couldn't setup AC97 register 2 [ 281.920629][ T5946] em28xx 3-1:0.0: couldn't setup AC97 register 4 [ 281.949348][ T5946] em28xx 3-1:0.0: couldn't setup AC97 register 6 [ 282.237018][ T5946] em28xx 3-1:0.0: couldn't setup AC97 register 54 [ 282.274202][ T5946] em28xx 3-1:0.0: couldn't setup AC97 register 56 [ 282.300755][ T5946] usb 3-1: USB disconnect, device number 4 [ 282.840573][ T6338] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 282.867933][ T6338] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 282.969271][ T6338] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 283.322241][ T6353] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 283.771962][ T30] audit: type=1326 audit(1758447184.768:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8003 comm="syz.5.574" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f13b918ec29 code=0x0 [ 286.141981][ T8017] ptrace attach of "./syz-executor exec"[5870] was attempted by "./syz-executor exec"[8017] [ 286.588951][ T8028] batadv_slave_1: entered promiscuous mode [ 286.865949][ T8027] batadv_slave_1: left promiscuous mode [ 287.271926][ T5880] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 287.350271][ T8042] loop5: detected capacity change from 0 to 512 [ 287.398638][ T8042] EXT4-fs: Ignoring removed mblk_io_submit option [ 287.427592][ T8042] EXT4-fs: inline encryption not supported [ 287.438890][ T8042] EXT4-fs: Ignoring removed mblk_io_submit option [ 287.458708][ T5880] usb 3-1: New USB device found, idVendor=046d, idProduct=08b6, bcdDevice=ca.8e [ 287.459263][ T8042] EXT4-fs (loop5): Test dummy encryption mode enabled [ 287.488201][ T8044] evm: overlay not supported [ 287.494594][ T8042] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 287.507849][ T5880] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 287.604951][ T5880] pwc: Logitech/Cisco VT Camera webcam detected. [ 287.612273][ T8042] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 287.734979][ T8042] EXT4-fs (loop5): 1 truncate cleaned up [ 287.774691][ T8042] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 288.328456][ T8037] netlink: 'syz.2.584': attribute type 5 has an invalid length. [ 288.616349][ T8037] netdevsim netdevsim2 netdevsim0: entered promiscuous mode [ 288.644541][ T5863] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 288.662192][ T8037] macsec1: entered promiscuous mode [ 288.915291][ T8037] netdevsim netdevsim2 netdevsim0: left promiscuous mode [ 289.667898][ T5880] pwc: send_video_command error -71 [ 289.687282][ T5880] pwc: Failed to set video mode VGA@30 fps; return code = -71 [ 289.733762][ T5880] Philips webcam 3-1:127.0: probe with driver Philips webcam failed with error -71 [ 289.895091][ T5880] usb 3-1: USB disconnect, device number 5 [ 291.759232][ T8085] MTD: Attempt to mount non-MTD device "/dev/nullb0" [ 291.778858][ T8085] cramfs: wrong magic [ 294.571253][ T8099] bridge: RTM_NEWNEIGH with invalid ether address [ 296.770525][ T8125] overlayfs: failed to clone upperpath [ 298.892919][ T8147] loop5: detected capacity change from 0 to 256 [ 299.619644][ T8147] FAT-fs (loop5): Directory bread(block 64) failed [ 299.626243][ T8147] FAT-fs (loop5): Directory bread(block 65) failed [ 299.632818][ T8147] FAT-fs (loop5): Directory bread(block 66) failed [ 299.639307][ T8147] FAT-fs (loop5): Directory bread(block 67) failed [ 299.645913][ T8147] FAT-fs (loop5): Directory bread(block 68) failed [ 299.653005][ T8147] FAT-fs (loop5): Directory bread(block 69) failed [ 299.659548][ T8147] FAT-fs (loop5): Directory bread(block 70) failed [ 299.666203][ T8147] FAT-fs (loop5): Directory bread(block 71) failed [ 299.672789][ T8147] FAT-fs (loop5): Directory bread(block 72) failed [ 299.679278][ T8147] FAT-fs (loop5): Directory bread(block 73) failed [ 303.352328][ T8174] loop2: detected capacity change from 0 to 1024 [ 304.204012][ T8176] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 306.031165][ T8179] Bluetooth: MGMT ver 1.23 [ 306.096923][ T8189] netlink: 8 bytes leftover after parsing attributes in process `syz.5.630'. [ 307.596704][ C0] vxcan1: j1939_tp_rxtimer: 0xffff888032522800: rx timeout, send abort [ 308.106278][ C0] vxcan1: j1939_tp_rxtimer: 0xffff888032522800: abort rx timeout. Force session deactivation [ 308.372333][ T5885] Bluetooth: hci5: command 0x0406 tx timeout [ 310.503639][ T8232] binder: BINDER_SET_CONTEXT_MGR already set [ 310.593084][ T8232] binder: 8229:8232 ioctl 4018620d 2000000002c0 returned -16 [ 310.663690][ T8237] binder: 8229:8237 ioctl c0306201 200000000680 returned -14 [ 311.032490][ T8245] netlink: 12 bytes leftover after parsing attributes in process `syz.5.650'. [ 316.446389][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 316.452766][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 319.742815][ T8336] overlayfs: failed to clone upperpath [ 325.159461][ T8379] loop1: detected capacity change from 0 to 4096 [ 325.481338][ T8388] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 326.270845][ T8395] loop4: detected capacity change from 0 to 512 [ 326.519761][ T8395] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 219 vs 220 free clusters [ 326.687820][ T8395] EXT4-fs (loop4): Remounting filesystem read-only [ 326.774200][ T8395] EXT4-fs (loop4): 1 truncate cleaned up [ 326.845822][ T8395] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 326.912883][ T30] audit: type=1326 audit(1758447227.888:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8401 comm="syz.5.703" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f13b918ec29 code=0x0 [ 327.218060][ T5866] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 329.409645][ T8435] loop5: detected capacity change from 0 to 512 [ 329.826260][ T8435] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 329.878265][ T8435] ext4 filesystem being mounted at /137/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 330.122966][ T8435] EXT4-fs (loop5): shut down requested (0) [ 330.885972][ T5863] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 330.925673][ T8447] loop2: detected capacity change from 0 to 4096 [ 331.202354][ T8448] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 331.375680][ T8450] netlink: 159784 bytes leftover after parsing attributes in process `syz.5.715'. [ 332.776373][ T8467] loop2: detected capacity change from 0 to 256 [ 332.839486][ T8467] vfat: Unknown parameter 'smackfsfloor' [ 334.695402][ T8499] binder: 8498:8499 unknown command 0 [ 334.746507][ T8499] binder: 8498:8499 ioctl c0306201 200000000080 returned -22 [ 336.035097][ T8506] loop5: detected capacity change from 0 to 4096 [ 337.182037][ T8514] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 339.058864][ T8532] netlink: 'syz.2.739': attribute type 11 has an invalid length. [ 340.981938][ T5880] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 341.415182][ T5880] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 341.430570][ T5880] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 341.470277][ T5880] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 341.557663][ T5880] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 341.754722][ T5880] usb 2-1: SerialNumber: syz [ 342.059954][ T5880] usb 2-1: 0:2 : does not exist [ 342.308853][ T5880] usb 2-1: unit 253 not found! [ 342.317817][ T5960] Process accounting resumed [ 342.371253][ T8566] loop4: detected capacity change from 0 to 512 [ 342.473718][ T8566] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #13: comm syz.4.751: invalid indirect mapped block 27 (level 1) [ 342.489548][ T5880] usb 2-1: USB disconnect, device number 4 [ 342.536699][ T8566] EXT4-fs (loop4): Remounting filesystem read-only [ 342.662292][ T8566] EXT4-fs (loop4): 1 truncate cleaned up [ 342.741572][ T6082] udevd[6082]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 342.764664][ T8566] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 342.938515][ T8566] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 344.525045][ T5939] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 344.804320][ T5939] usb 6-1: New USB device found, idVendor=0eb1, idProduct=7007, bcdDevice= 2.00 [ 344.870624][ T5939] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 344.928176][ T5939] usb 6-1: config 0 descriptor?? [ 344.965655][ T5939] go7007 6-1:0.0: probe with driver go7007 failed with error -12 [ 345.231702][ T5939] usb 6-1: USB disconnect, device number 7 [ 345.966215][ T8601] 8021q: adding VLAN 0 to HW filter on device bond0 [ 345.989397][ T8601] 8021q: adding VLAN 0 to HW filter on device team0 [ 346.035234][ T8601] batman_adv: batadv0: Interface activated: dummy0 [ 346.203062][ T8601] batadv0: mtu less than device minimum [ 347.099588][ T8601] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 347.111604][ T8601] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 347.123204][ T8601] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 347.134761][ T8601] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 347.146292][ T8601] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 347.157855][ T8601] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 347.169385][ T8601] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 347.180911][ T8601] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 347.192487][ T8601] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 347.226038][ T8608] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 347.839743][ T8620] input: syz1 as /devices/virtual/input/input5 [ 347.894025][ T5960] IPVS: starting estimator thread 0... [ 348.002684][ T8625] IPVS: using max 32 ests per chain, 76800 per kthread [ 348.067394][ T8630] loop4: detected capacity change from 0 to 256 [ 348.089194][ T8630] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 351.698620][ T8663] binder: BINDER_SET_CONTEXT_MGR already set [ 351.713454][ T8663] binder: 8656:8663 ioctl 4018620d 200000004a80 returned -16 [ 351.875571][ T6079] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 352.108952][ T6079] usb 1-1: Using ep0 maxpacket: 8 [ 352.124187][ T6079] usb 1-1: config 0 has no interfaces? [ 352.129801][ T6079] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 352.171908][ T6079] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 352.248875][ T6079] usb 1-1: config 0 descriptor?? [ 352.754525][ T6079] usb 1-1: USB disconnect, device number 9 [ 355.695978][ T8690] loop0: detected capacity change from 0 to 4096 [ 356.062280][ T8692] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 358.724795][ T8722] tmpfs: Bad value for 'mpol' [ 359.521903][ T5939] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 360.504073][ T5939] usb 6-1: config 0 interface 0 altsetting 185 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 360.754344][ T5939] usb 6-1: config 0 interface 0 has no altsetting 0 [ 360.802358][ T5939] usb 6-1: New USB device found, idVendor=04d8, idProduct=f002, bcdDevice= 0.00 [ 360.883447][ T5939] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 361.012885][ T5939] usb 6-1: config 0 descriptor?? [ 361.764415][ T5939] hid-picolcd 0003:04D8:F002.000A: item fetching failed at offset 2/5 [ 362.172284][ T5939] hid-picolcd 0003:04D8:F002.000A: device report parse failed [ 362.191034][ T5939] hid-picolcd 0003:04D8:F002.000A: probe with driver hid-picolcd failed with error -22 [ 362.349627][ T5939] usb 6-1: USB disconnect, device number 8 [ 369.010308][ T8807] loop5: detected capacity change from 0 to 32768 [ 369.268466][ T8807] bcachefs (loop5): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names [ 369.268490][ T8807] allowing incompatible features above 0.0: (unknown version) [ 369.268501][ T8807] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 369.313950][ T8807] bcachefs (loop5): Using encoding defined by superblock: utf8-12.1.0 [ 369.322228][ T8807] bcachefs (loop5): initializing new filesystem [ 369.334892][ T8807] bcachefs (loop5): going read-write [ 369.432865][ T8807] bcachefs (loop5): marking superblocks [ 369.449894][ T8807] bcachefs (loop5): initializing freespace [ 369.459562][ T8807] bcachefs (loop5): done initializing freespace [ 369.468163][ T8807] bcachefs (loop5): reading snapshots table [ 369.474151][ T8807] bcachefs (loop5): reading snapshots done [ 369.574758][ T8807] bcachefs (loop5): done starting filesystem [ 370.112877][ T8807] syz.5.827 (8807) used greatest stack depth: 17448 bytes left [ 370.505969][ T5863] bcachefs (loop5): shutting down [ 370.546793][ T5863] bcachefs (loop5): going read-only [ 370.572367][ T5863] bcachefs (loop5): finished waiting for writes to stop [ 370.692316][ T5863] bcachefs (loop5): flushing journal and stopping allocators, journal seq 3 [ 370.883926][ T5863] bcachefs (loop5): flushing journal and stopping allocators complete, journal seq 3 [ 370.965769][ T8817] bch-reclaim/loo (8817) used greatest stack depth: 16728 bytes left [ 370.978399][ T5863] bcachefs (loop5): clean shutdown complete, journal seq 4 [ 370.997089][ T5863] bcachefs (loop5): marking filesystem clean [ 371.165518][ T5863] bcachefs (loop5): shutdown complete [ 374.441407][ T8848] loop4: detected capacity change from 0 to 1764 [ 374.869567][ T8847] iso9660: Corrupted directory entry in block 2 of inode 1920 [ 376.341196][ T8869] netlink: 'syz.3.844': attribute type 3 has an invalid length. [ 376.351250][ T8869] netlink: 'syz.3.844': attribute type 3 has an invalid length. [ 377.072641][ T8874] pim6reg1: entered promiscuous mode [ 377.111917][ T8874] pim6reg1: entered allmulticast mode [ 377.902482][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 377.908800][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 380.766761][ T8896] loop2: detected capacity change from 0 to 164 [ 380.952315][ T30] audit: type=1804 audit(1758447281.788:31): pid=8893 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.849" name="/newroot/109/bus" dev="tmpfs" ino=593 res=1 errno=0 [ 381.117449][ T8896] Unable to read rock-ridge attributes [ 381.372946][ T8899] Unable to read rock-ridge attributes [ 383.991586][ T8913] netlink: 64 bytes leftover after parsing attributes in process `syz.0.855'. [ 389.621961][ T30] audit: type=1326 audit(1758447290.608:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8982 comm="syz.4.874" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7feedf98ec29 code=0x0 [ 389.851022][ T8991] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 389.916891][ T8991] 9pnet_fd: Insufficient options for proto=fd [ 389.932526][ T5880] usb 6-1: new full-speed USB device number 9 using dummy_hcd [ 390.085520][ T5880] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 390.115853][ T5880] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 188, setting to 64 [ 390.139785][ T8995] loop2: detected capacity change from 0 to 2048 [ 390.148328][ T5880] usb 6-1: New USB device found, idVendor=1870, idProduct=0001, bcdDevice=94.47 [ 390.161383][ T8995] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024) [ 390.188186][ T5880] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 390.221933][ T5880] usb 6-1: Product: syz [ 390.226105][ T5880] usb 6-1: Manufacturer: syz [ 390.254821][ T8999] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 390.273541][ T5880] usb 6-1: SerialNumber: syz [ 390.286959][ T8995] NILFS error (device loop2): __nilfs_read_inode: invalid file type bits in mode 0177777 for inode 12 [ 390.314657][ T5880] usb 6-1: config 0 descriptor?? [ 390.320318][ T8987] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 390.333821][ T8995] Remounting filesystem read-only [ 390.912033][ T8987] loop5: detected capacity change from 0 to 256 [ 390.985319][ T8987] exFAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 391.063881][ T8987] exFAT-fs (loop5): Medium has reported failures. Some data may be lost. [ 391.068645][ T9006] loop1: detected capacity change from 0 to 65536 [ 391.112412][ T8987] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 391.154211][ T9006] XFS (loop1): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 391.252858][ T30] audit: type=1800 audit(1758447292.188:33): pid=8987 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.875" name="file1" dev="loop5" ino=1048626 res=0 errno=0 [ 391.441419][ T9006] XFS (loop1): Ending clean mount [ 392.138876][ T5939] usb 6-1: USB disconnect, device number 9 [ 392.165478][ T30] audit: type=1326 audit(1758447292.998:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8986 comm="syz.5.875" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f13b918ec29 code=0x7ffc0000 [ 392.329696][ T30] audit: type=1326 audit(1758447293.108:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8986 comm="syz.5.875" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f13b918ec29 code=0x7ffc0000 [ 392.393618][ T5864] XFS (loop1): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 392.410522][ T30] audit: type=1326 audit(1758447293.108:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8986 comm="syz.5.875" exe="/root/syz-executor" sig=0 arch=c000003e syscall=291 compat=0 ip=0x7f13b918ec29 code=0x7ffc0000 [ 392.462020][ T30] audit: type=1326 audit(1758447293.108:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8986 comm="syz.5.875" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f13b918ec29 code=0x7ffc0000 [ 392.484713][ T30] audit: type=1326 audit(1758447293.108:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8986 comm="syz.5.875" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f13b918ec29 code=0x7ffc0000 [ 392.510608][ T30] audit: type=1326 audit(1758447293.108:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8986 comm="syz.5.875" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f13b918ec29 code=0x7ffc0000 [ 392.697333][ T30] audit: type=1326 audit(1758447293.118:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8986 comm="syz.5.875" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f13b918ec29 code=0x7ffc0000 [ 392.721393][ T30] audit: type=1326 audit(1758447293.128:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8986 comm="syz.5.875" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f13b918ec29 code=0x7ffc0000 [ 396.360127][ T9063] loop2: detected capacity change from 0 to 8192 [ 402.098754][ T9117] netlink: 'syz.5.912': attribute type 10 has an invalid length. [ 402.221438][ T9117] netlink: 40 bytes leftover after parsing attributes in process `syz.5.912'. [ 402.358863][ T9120] loop2: detected capacity change from 0 to 512 [ 402.374130][ T9117] team0: Failed to send options change via netlink (err -105) [ 402.647415][ T9117] team0: Port device geneve0 added [ 405.943835][ T9131] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6) [ 405.950582][ T9131] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 406.024216][ T9134] vhci_hcd vhci_hcd.0: pdev(0) rhport(1) sockfd(9) [ 406.030740][ T9134] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 406.480319][ T9134] vhci_hcd vhci_hcd.0: Device attached [ 406.487694][ T9131] vhci_hcd vhci_hcd.0: Device attached [ 406.566366][ T9130] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 406.576555][ T9130] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 406.586802][ T9138] vhci_hcd: connection closed [ 406.602765][ T9132] vhci_hcd: connection closed [ 406.608401][ T5990] vhci_hcd: stop threads [ 406.621962][ T5880] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 406.638399][ T5990] vhci_hcd: release socket [ 406.695719][ T5990] vhci_hcd: disconnect device [ 406.733908][ T1173] usb 33-1: new low-speed USB device number 2 using vhci_hcd [ 406.772416][ T5990] vhci_hcd: stop threads [ 406.776682][ T5990] vhci_hcd: release socket [ 406.820903][ T5990] vhci_hcd: disconnect device [ 406.866371][ T5880] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 407.106769][ T5880] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 408.033804][ T5880] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 408.592184][ T5880] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 408.601244][ T5880] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 408.615841][ T5880] usb 5-1: Product: syz [ 408.622317][ T5880] usb 5-1: Manufacturer: syz [ 408.626908][ T5880] usb 5-1: SerialNumber: syz [ 408.732409][ T5880] cdc_ncm 5-1:1.0: CDC Union missing and no IAD found [ 409.335385][ T5880] cdc_ncm 5-1:1.0: bind() failure [ 410.819692][ T5946] usb 5-1: USB disconnect, device number 9 [ 412.062131][ T1173] vhci_hcd: vhci_device speed not set [ 414.402232][ T6035] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 414.973314][ T6035] usb 5-1: New USB device found, idVendor=5543, idProduct=3031, bcdDevice= 0.00 [ 415.021887][ T6035] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 415.073881][ T6035] usb 5-1: config 0 descriptor?? [ 415.449399][ T6035] usbhid 5-1:0.0: can't add hid device: -71 [ 415.477931][ T6035] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 415.502847][ T6035] usb 5-1: USB disconnect, device number 10 [ 415.844792][ T30] kauditd_printk_skb: 10 callbacks suppressed [ 415.844812][ T30] audit: type=1326 audit(1758447316.848:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9211 comm="syz.1.941" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10f1b8ec29 code=0x7ffc0000 [ 416.369790][ T30] audit: type=1326 audit(1758447316.878:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9211 comm="syz.1.941" exe="/root/syz-executor" sig=0 arch=c000003e syscall=228 compat=0 ip=0x7f10f1b8ec29 code=0x7ffc0000 [ 416.451903][ T30] audit: type=1326 audit(1758447316.878:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9211 comm="syz.1.941" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10f1b8ec29 code=0x7ffc0000 [ 416.587493][ T30] audit: type=1326 audit(1758447316.878:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9211 comm="syz.1.941" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10f1b8ec29 code=0x7ffc0000 [ 417.423786][ T30] audit: type=1326 audit(1758447316.888:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9211 comm="syz.1.941" exe="/root/syz-executor" sig=0 arch=c000003e syscall=227 compat=0 ip=0x7f10f1b8ec29 code=0x7ffc0000 [ 417.716194][ T9229] binder_alloc: 9224: binder_alloc_buf, no vma [ 417.733218][ T30] audit: type=1326 audit(1758447316.888:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9211 comm="syz.1.941" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10f1b8ec29 code=0x7ffc0000 [ 417.953871][ T9233] fuse: Invalid rootmode [ 418.686794][ T9235] workqueue: Failed to create a rescuer kthread for wq "xfs-conv/nullb0": -EINTR [ 418.799652][ T30] audit: type=1326 audit(1758447316.888:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9211 comm="syz.1.941" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10f1b8ec29 code=0x7ffc0000 [ 421.030954][ T9249] loop1: detected capacity change from 0 to 256 [ 421.870961][ T9249] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d) [ 421.972943][ T9249] mmap: syz.1.951 (9249) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 428.654375][ T9310] loop0: detected capacity change from 0 to 8 [ 429.386772][ T9315] netlink: 'syz.0.968': attribute type 11 has an invalid length. [ 429.438894][ T9315] netlink: 224 bytes leftover after parsing attributes in process `syz.0.968'. [ 430.121154][ T9322] loop1: detected capacity change from 0 to 512 [ 430.138667][ T9322] EXT4-fs (loop1): Invalid default hash set in the superblock [ 430.176198][ T9308] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 432.634621][ T9345] RDS: rds_bind could not find a transport for 0:0:4::1, load rds_tcp or rds_rdma? [ 432.747703][ T9341] loop0: detected capacity change from 0 to 256 [ 432.755352][ T9341] udf: Unknown parameter 'qsvÇá' [ 435.024866][ T9350] overlayfs: statfs failed on './file0' [ 435.141946][ T30] audit: type=1804 audit(1758447336.138:59): pid=9358 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.982" name="bus" dev="ramfs" ino=20250 res=1 errno=0 [ 435.288964][ T30] audit: type=1804 audit(1758447336.148:60): pid=9358 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.982" name="bus" dev="ramfs" ino=20250 res=1 errno=0 [ 437.498071][ T9375] overlayfs: failed to clone upperpath [ 439.328846][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 439.341886][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 439.760734][ T9400] loop0: detected capacity change from 0 to 4096 [ 439.812194][ T9400] ext4: Unknown parameter 'uid' [ 440.034989][ T9408] F2FS-fs: Value of option "test_dummy_encryption" is unrecognized [ 444.475915][ T9437] netlink: 168 bytes leftover after parsing attributes in process `syz.2.1006'. [ 447.441485][ T9462] netlink: 212408 bytes leftover after parsing attributes in process `syz.0.1012'. [ 447.451368][ T9462] net_ratelimit: 11 callbacks suppressed [ 447.451407][ T9462] netlink: zone id is out of range [ 447.462677][ T9462] netlink: zone id is out of range [ 447.467885][ T9462] netlink: get zone limit has 8 unknown bytes [ 450.051883][ T5946] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 450.284146][ T5946] usb 1-1: Using ep0 maxpacket: 16 [ 450.348552][ T5946] usb 1-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 450.443650][ T5946] usb 1-1: config 0 interface 0 has no altsetting 0 [ 450.450294][ T5946] usb 1-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00 [ 450.535382][ T5946] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 450.629897][ T5946] usb 1-1: config 0 descriptor?? [ 450.749547][ T30] audit: type=1326 audit(1758447351.748:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9484 comm="syz.1.1020" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10f1b8ec29 code=0x7ffc0000 [ 450.872100][ T30] audit: type=1326 audit(1758447351.748:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9484 comm="syz.1.1020" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10f1b8ec29 code=0x7ffc0000 [ 450.962415][ T30] audit: type=1326 audit(1758447351.788:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9484 comm="syz.1.1020" exe="/root/syz-executor" sig=0 arch=c000003e syscall=14 compat=0 ip=0x7f10f1b8ec29 code=0x7ffc0000 [ 451.069578][ T30] audit: type=1326 audit(1758447351.788:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9484 comm="syz.1.1020" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10f1b8ec29 code=0x7ffc0000 [ 451.142739][ T5946] nzxt-smart2 0003:1E71:2009.000B: hidraw0: USB HID v0.05 Device [HID 1e71:2009] on usb-dummy_hcd.0-1/input0 [ 451.218265][ T30] audit: type=1326 audit(1758447351.788:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9484 comm="syz.1.1020" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10f1b8ec29 code=0x7ffc0000 [ 451.395905][ T30] audit: type=1326 audit(1758447351.808:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9484 comm="syz.1.1020" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f10f1b8ec29 code=0x7ffc0000 [ 451.520728][ T30] audit: type=1326 audit(1758447351.808:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9484 comm="syz.1.1020" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10f1b8ec29 code=0x7ffc0000 [ 451.632173][ T6035] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 451.642043][ T30] audit: type=1326 audit(1758447351.808:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9484 comm="syz.1.1020" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10f1b8ec29 code=0x7ffc0000 [ 451.921388][ T30] audit: type=1326 audit(1758447351.818:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9484 comm="syz.1.1020" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f10f1b8ec29 code=0x7ffc0000 [ 451.960576][ T30] audit: type=1326 audit(1758447351.828:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9484 comm="syz.1.1020" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10f1b8ec29 code=0x7ffc0000 [ 452.735327][ T6035] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 452.805024][ T6035] usb 2-1: New USB device found, idVendor=0c12, idProduct=0005, bcdDevice= 0.00 [ 452.847639][ T915] usb 1-1: USB disconnect, device number 10 [ 452.865992][ T6035] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 453.737794][ T6035] usb 2-1: config 0 descriptor?? [ 454.047540][ T9504] loop0: detected capacity change from 0 to 256 [ 454.126080][ T9508] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1027'. [ 454.780616][ T6035] zeroplus 0003:0C12:0005.000C: item fetching failed at offset 0/3 [ 454.849211][ T6035] zeroplus 0003:0C12:0005.000C: parse failed [ 454.872270][ T6035] zeroplus 0003:0C12:0005.000C: probe with driver zeroplus failed with error -22 [ 454.928646][ T9504] FAT-fs (loop0): Directory bread(block 64) failed [ 455.212092][ T5946] usb 2-1: USB disconnect, device number 5 [ 455.366706][ T9518] netlink: zone id is out of range [ 455.377433][ T9518] netlink: zone id is out of range [ 455.382639][ T9518] netlink: zone id is out of range [ 455.388730][ T9518] netlink: zone id is out of range [ 455.394731][ T9518] netlink: zone id is out of range [ 455.402656][ T9518] netlink: zone id is out of range [ 455.413083][ T9518] netlink: zone id is out of range [ 455.420462][ T9518] netlink: zone id is out of range [ 455.425656][ T9518] netlink: zone id is out of range [ 455.431393][ T9518] netlink: zone id is out of range [ 456.053836][ T9504] FAT-fs (loop0): Directory bread(block 65) failed [ 456.060467][ T9504] FAT-fs (loop0): Directory bread(block 66) failed [ 456.412016][ T9504] FAT-fs (loop0): Directory bread(block 67) failed [ 456.472500][ T9504] FAT-fs (loop0): Directory bread(block 68) failed [ 456.479017][ T9504] FAT-fs (loop0): Directory bread(block 69) failed [ 457.451074][ T9504] FAT-fs (loop0): Directory bread(block 70) failed [ 457.461519][ T9504] FAT-fs (loop0): Directory bread(block 71) failed [ 457.469119][ T9504] FAT-fs (loop0): Directory bread(block 72) failed [ 457.479552][ T9504] FAT-fs (loop0): Directory bread(block 73) failed [ 458.810575][ T9535] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 458.818094][ T9535] IPv6: NLM_F_CREATE should be set when creating new route [ 458.825390][ T9535] IPv6: NLM_F_CREATE should be set when creating new route [ 458.832630][ T9535] IPv6: NLM_F_CREATE should be set when creating new route [ 459.122881][ T9540] overlayfs: failed to clone upperpath [ 460.364376][ T9547] loop0: detected capacity change from 0 to 512 [ 461.018446][ T9547] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 461.189387][ T9547] ext4 filesystem being mounted at /178/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 462.054939][ T9558] loop1: detected capacity change from 0 to 8192 [ 462.126105][ T9558] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 462.170143][ T5871] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 466.119802][ T9603] tipc: Started in network mode [ 466.124897][ T9603] tipc: Node identity ac14140f, cluster identity 4711 [ 466.132213][ T9603] tipc: Enabled bearer , priority 10 [ 467.131922][ T5946] tipc: Node number set to 2886997007 [ 467.308226][ T9609] loop0: detected capacity change from 0 to 256 [ 468.603960][ T9609] FAT-fs (loop0): Directory bread(block 64) failed [ 468.711958][ T9609] FAT-fs (loop0): Directory bread(block 65) failed [ 468.762084][ T9609] FAT-fs (loop0): Directory bread(block 66) failed [ 468.836324][ T9609] FAT-fs (loop0): Directory bread(block 67) failed [ 468.888037][ T9609] FAT-fs (loop0): Directory bread(block 68) failed [ 468.942210][ T9609] FAT-fs (loop0): Directory bread(block 69) failed [ 468.966119][ T9609] FAT-fs (loop0): Directory bread(block 70) failed [ 469.186626][ T9609] FAT-fs (loop0): Directory bread(block 71) failed [ 469.202981][ T9609] FAT-fs (loop0): Directory bread(block 72) failed [ 469.731404][ T9609] FAT-fs (loop0): Directory bread(block 73) failed [ 472.823083][ T9659] overlayfs: failed to clone upperpath [ 472.905589][ T9666] binder: 9664:9666 ioctl c0306201 2000000005c0 returned -14 [ 478.490795][ T9696] loop5: detected capacity change from 0 to 1024 [ 479.452305][ T9696] ext4: Bad value for 'journal_dev' [ 479.764951][ T9708] IPVS: length: 24 != 30744 [ 480.243070][ T9701] loop1: detected capacity change from 0 to 4096 [ 480.684197][ T9701] ntfs3(loop1): Mark volume as dirty due to NTFS errors [ 480.719701][ T9701] ntfs3(loop1): Failed to initialize $Extend/$ObjId. [ 480.906915][ T9709] loop2: detected capacity change from 0 to 4096 [ 486.130214][ T9758] loop2: detected capacity change from 0 to 256 [ 486.914398][ T9758] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256 [ 487.020308][ T9758] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=512, location=512 [ 487.092758][ T9758] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [ 487.200661][ T9758] UDF-fs: Scanning with blocksize 512 failed [ 487.232411][ T9758] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256 [ 487.490165][ T9758] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 488.782006][ T6035] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 488.984693][ T6035] usb 3-1: Using ep0 maxpacket: 16 [ 489.042110][ T6035] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 255, changing to 7 [ 489.213706][ T6035] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 489.275882][ T6035] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 489.296040][ T6035] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 490.064474][ T6035] usb 3-1: Product: syz [ 490.068667][ T6035] usb 3-1: SerialNumber: syz [ 490.257956][ T6035] usb 3-1: can't set config #1, error -71 [ 490.983229][ T6035] usb 3-1: USB disconnect, device number 6 [ 501.526315][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.535224][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 501.962404][ T9875] netlink: 'syz.3.1137': attribute type 4 has an invalid length. [ 502.204641][ T9880] netlink: 'syz.3.1137': attribute type 4 has an invalid length. [ 508.779982][ T5882] Bluetooth: hci5: unexpected event for opcode 0x041c [ 511.788587][ T9962] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1158'. [ 512.463046][ T9959] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1160'. [ 514.742544][ T9993] GUP no longer grows the stack in syz.4.1170 (9993): 200000003000-20000000a000 (200000001000) [ 514.897179][ T9993] CPU: 0 UID: 0 PID: 9993 Comm: syz.4.1170 Not tainted syzkaller #0 PREEMPT(full) [ 514.897206][ T9993] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 514.897217][ T9993] Call Trace: [ 514.897225][ T9993] [ 514.897233][ T9993] dump_stack_lvl+0x189/0x250 [ 514.897265][ T9993] ? __pfx_dump_stack_lvl+0x10/0x10 [ 514.897288][ T9993] ? __pfx__printk+0x10/0x10 [ 514.897311][ T9993] ? find_vma+0xe7/0x160 [ 514.897336][ T9993] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 514.897375][ T9993] ? srso_alias_return_thunk+0x5/0xfbef5 [ 514.897403][ T9993] __get_user_pages+0x24d0/0x2ce0 [ 514.897427][ T9993] ? srso_alias_return_thunk+0x5/0xfbef5 [ 514.897448][ T9993] ? __bpf_trace_mmap_lock_acquire_returned+0x13b/0x190 [ 514.897498][ T9993] ? srso_alias_return_thunk+0x5/0xfbef5 [ 514.897518][ T9993] ? rcu_is_watching+0x15/0xb0 [ 514.897542][ T9993] __gup_longterm_locked+0xde9/0x1660 [ 514.897570][ T9993] ? srso_alias_return_thunk+0x5/0xfbef5 [ 514.897597][ T9993] ? srso_alias_return_thunk+0x5/0xfbef5 [ 514.897617][ T9993] ? sanity_check_pinned_pages+0x123a/0x1300 [ 514.897649][ T9993] gup_fast_fallback+0x1e6a/0x2010 [ 514.897703][ T9993] ? __pfx_gup_fast_fallback+0x10/0x10 [ 514.897730][ T9993] ? srso_alias_return_thunk+0x5/0xfbef5 [ 514.897753][ T9993] ? srso_alias_return_thunk+0x5/0xfbef5 [ 514.897777][ T9993] ? srso_alias_return_thunk+0x5/0xfbef5 [ 514.897798][ T9993] ? pin_user_pages_fast+0x4d/0xb0 [ 514.897823][ T9993] iov_iter_extract_pages+0x35a/0x5e0 [ 514.897858][ T9993] extract_iter_to_sg+0xe46/0x24e0 [ 514.897894][ T9993] ? __pfx_extract_iter_to_sg+0x10/0x10 [ 514.897931][ T9993] ? srso_alias_return_thunk+0x5/0xfbef5 [ 514.897951][ T9993] ? __asan_memset+0x22/0x50 [ 514.897975][ T9993] af_alg_get_rsgl+0x436/0x810 [ 514.898019][ T9993] aead_recvmsg+0x4a6/0x1440 [ 514.898042][ T9993] ? aa_sk_perm+0x81e/0x950 [ 514.898083][ T9993] ? __pfx_aead_recvmsg+0x10/0x10 [ 514.898106][ T9993] ? __pfx_aead_recvmsg+0x10/0x10 [ 514.898128][ T9993] sock_recvmsg_nosec+0x186/0x1c0 [ 514.898161][ T9993] ____sys_recvmsg+0x3aa/0x460 [ 514.898195][ T9993] ? __pfx_____sys_recvmsg+0x10/0x10 [ 514.898234][ T9993] ? srso_alias_return_thunk+0x5/0xfbef5 [ 514.898254][ T9993] ? import_iovec+0x74/0xa0 [ 514.898282][ T9993] ___sys_recvmsg+0x1b5/0x510 [ 514.898312][ T9993] ? __pfx____sys_recvmsg+0x10/0x10 [ 514.898362][ T9993] ? srso_alias_return_thunk+0x5/0xfbef5 [ 514.898389][ T9993] ? __might_fault+0xb0/0x130 [ 514.898418][ T9993] do_recvmmsg+0x307/0x770 [ 514.898451][ T9993] ? __pfx_do_recvmmsg+0x10/0x10 [ 514.898473][ T9993] ? __ia32_sys_rt_sigreturn+0x6a2/0x7b0 [ 514.898514][ T9993] ? __pfx_do_futex+0x10/0x10 [ 514.898554][ T9993] __x64_sys_recvmmsg+0x190/0x240 [ 514.898582][ T9993] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 514.898605][ T9993] ? rcu_is_watching+0x15/0xb0 [ 514.898628][ T9993] ? do_syscall_64+0xbe/0x3b0 [ 514.898653][ T9993] do_syscall_64+0xfa/0x3b0 [ 514.898672][ T9993] ? lockdep_hardirqs_on+0x9c/0x150 [ 514.898691][ T9993] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 514.898708][ T9993] ? srso_alias_return_thunk+0x5/0xfbef5 [ 514.898727][ T9993] ? exc_page_fault+0x9f/0xf0 [ 514.898748][ T9993] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 514.898765][ T9993] RIP: 0033:0x7feedf98ec29 [ 514.898782][ T9993] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 514.898796][ T9993] RSP: 002b:00007feee0809038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 514.898815][ T9993] RAX: ffffffffffffffda RBX: 00007feedfbd5fa0 RCX: 00007feedf98ec29 [ 514.898828][ T9993] RDX: 0000000000000002 RSI: 0000200000000180 RDI: 0000000000000007 [ 514.898840][ T9993] RBP: 00007feedfa11e41 R08: 0000000000000000 R09: 0000000000000000 [ 514.898851][ T9993] R10: 0000000000000101 R11: 0000000000000246 R12: 0000000000000000 [ 514.898862][ T9993] R13: 00007feedfbd6038 R14: 00007feedfbd5fa0 R15: 00007fffd816be28 [ 514.898891][ T9993] [ 518.496287][T10022] loop1: detected capacity change from 0 to 512 [ 518.544079][T10022] EXT4-fs (loop1): Test dummy encryption mode enabled [ 518.576447][T10022] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 519.088361][T10022] EXT4-fs error (device loop1): xattr_find_entry:333: inode #15: comm syz.1.1178: corrupted xattr entries [ 519.221009][T10022] EXT4-fs (loop1): 1 orphan inode deleted [ 519.264167][T10022] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 519.425404][T10022] fscrypt: AES-256-CBC-CTS using implementation "cts-cbc-aes-aesni" [ 520.654611][T10022] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 521.275289][ T5882] Bluetooth: hci1: unexpected event for opcode 0x0c2d [ 524.847586][T10070] loop4: detected capacity change from 0 to 256 [ 524.863323][T10075] ref_ctr going negative. vaddr: 0x200000ffd000, curr val: -19135, delta: 1 [ 524.872524][T10075] ref_ctr increment failed for inode: 0x455 offset: 0x5 ref_ctr_offset: 0x1000 of mm: 0xffff8880226b60c0 [ 529.414851][T10116] fuse: Bad value for 'fd' [ 533.639960][T10152] loop4: detected capacity change from 0 to 40427 [ 533.667925][T10152] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 533.675720][T10152] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 533.702898][T10152] F2FS-fs (loop4): invalid crc value [ 533.766489][T10152] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 533.781247][T10152] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 533.788405][T10152] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 537.403906][T10177] overlayfs: failed to clone upperpath [ 539.782833][T10204] netlink: 'syz.1.1230': attribute type 29 has an invalid length. [ 539.801512][T10204] netlink: 'syz.1.1230': attribute type 3 has an invalid length. [ 539.828367][T10204] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1230'. [ 540.856330][T10215] comedi comedi3: 8255: I/O port conflict (0x40404f26,4) [ 540.880157][T10215] comedi comedi3: 8255: I/O port conflict (0x5,4) [ 540.887571][T10215] comedi comedi3: 8255: I/O port conflict (0x2,4) [ 540.908047][T10215] comedi comedi3: 8255: I/O port conflict (0xc,4) [ 540.915537][T10215] comedi comedi3: 8255: I/O port conflict (0x9,4) [ 541.127121][T10215] comedi comedi3: 8255: I/O port conflict (0x5c95239c,4) [ 541.140057][T10215] comedi comedi3: 8255: I/O port conflict (0x5,4) [ 541.148476][T10215] comedi comedi3: 8255: I/O port conflict (0x3bf,4) [ 541.157973][T10215] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 541.165818][T10215] comedi comedi3: 8255: I/O port conflict (0x20000001,4) [ 541.227520][T10225] ecryptfs_validate_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README [ 541.242624][T10225] Error validating options; rc = [-22] [ 541.881439][T10215] comedi comedi3: 8255: I/O port conflict (0x9,4) [ 541.931842][T10215] comedi comedi3: 8255: I/O port conflict (0x6,4) [ 551.681447][T10292] loop5: detected capacity change from 0 to 1024 [ 555.025555][ T24] libceph: connect (1)[c::]:6789 error -101 [ 555.038277][ T24] libceph: mon0 (1)[c::]:6789 connect error [ 555.205555][T10315] ceph: No mds server is up or the cluster is laggy [ 556.108380][ T24] libceph: connect (1)[c::]:6789 error -101 [ 556.171625][ T24] libceph: mon0 (1)[c::]:6789 connect error [ 558.023115][ T6341] hfsplus: bad catalog file entry [ 558.028349][ T6341] hfsplus: b-tree write err: -5, ino 3 [ 559.223732][T10353] loop4: detected capacity change from 0 to 32768 [ 559.238625][T10353] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.1271 (10353) [ 559.268181][T10353] BTRFS info (device loop4): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 559.281170][T10353] BTRFS info (device loop4): using sha256 (sha256-lib) checksum algorithm [ 560.430929][T10353] BTRFS info (device loop4): rebuilding free space tree [ 560.482124][T10353] BTRFS info (device loop4): disabling free space tree [ 560.489055][T10353] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 560.498731][T10353] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 560.551032][T10353] BTRFS info (device loop4): enabling ssd optimizations [ 560.558110][T10353] BTRFS info (device loop4): force clearing of disk cache [ 560.565253][T10353] BTRFS info (device loop4): enabling auto defrag [ 560.572050][T10353] BTRFS info (device loop4): doing ref verification [ 560.735877][ T30] kauditd_printk_skb: 20 callbacks suppressed [ 560.735900][ T30] audit: type=1800 audit(1758447461.726:91): pid=10353 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1271" name="file1" dev="loop4" ino=260 res=0 errno=0 [ 561.551701][ T6345] af_packet: tpacket_rcv: packet too big, clamped from 24 to 4294967272. macoff=96 [ 561.735971][ T5866] BTRFS info (device loop4): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 562.257738][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 562.302295][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 566.203128][T10425] overlayfs: failed to clone upperpath [ 573.595028][T10498] loop4: detected capacity change from 0 to 16 [ 573.757148][T10498] MTD: Attempt to mount non-MTD device "/dev/loop4" [ 576.618734][T10515] loop4: detected capacity change from 0 to 512 [ 577.443006][T10515] EXT4-fs: Ignoring removed i_version option [ 577.449022][T10515] EXT4-fs: Ignoring removed bh option [ 577.683660][T10515] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 577.731966][T10515] ext4 filesystem being mounted at /179/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 578.928959][ T30] audit: type=1800 audit(1758447479.936:92): pid=10527 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.1313" name="file1" dev="loop4" ino=15 res=0 errno=0 [ 578.949461][T10534] loop5: detected capacity change from 0 to 512 [ 579.032894][T10537] netlink: 'syz.2.1317': attribute type 1 has an invalid length. [ 579.265400][ T5866] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 579.342427][T10534] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a842c01c, mo2=0002] [ 579.350537][T10534] System zones: 0-7 [ 579.364377][T10539] bond0: (slave gretap1): making interface the new active one [ 579.462954][T10539] bond0: (slave gretap1): Enslaving as an active interface with an up link [ 579.543772][T10534] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 579.622665][T10540] vlan2: entered allmulticast mode [ 579.646346][T10540] bond0: entered allmulticast mode [ 579.667806][T10540] gretap1: entered allmulticast mode [ 579.689582][T10540] bond0: (slave vlan2): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened) [ 581.777096][ T5863] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 584.560833][T10588] loop5: detected capacity change from 0 to 512 [ 584.578166][T10588] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 584.701578][T10588] EXT4-fs (loop5): 1 truncate cleaned up [ 584.746537][T10588] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 589.360567][ T5863] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 591.544786][T10648] loop5: detected capacity change from 0 to 16 [ 591.769751][T10648] erofs: Unknown parameter 'Õ' [ 603.648274][T10748] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1378'. [ 604.906177][T10756] netlink: 'syz.1.1381': attribute type 1 has an invalid length. [ 604.981912][T10756] netlink: 'syz.1.1381': attribute type 1 has an invalid length. [ 605.022661][T10756] netlink: 'syz.1.1381': attribute type 1 has an invalid length. [ 609.213305][T10784] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 609.252746][T10784] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 609.265166][T10784] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 609.273114][T10784] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 609.301039][T10784] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 611.574879][T10784] Bluetooth: hci2: command tx timeout [ 614.650571][T10784] Bluetooth: hci2: command tx timeout [ 615.015153][T10824] loop4: detected capacity change from 0 to 1024 [ 615.077034][T10824] EXT4-fs: Ignoring removed orlov option [ 615.126357][ T9977] bridge_slave_1: left allmulticast mode [ 615.159345][ T9977] bridge_slave_1: left promiscuous mode [ 615.169309][T10824] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 615.232442][ T9977] bridge0: port 2(bridge_slave_1) entered disabled state [ 615.515913][ T30] audit: type=1800 audit(1758447516.516:93): pid=10824 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1401" name="file1" dev="loop4" ino=15 res=0 errno=0 [ 616.863640][T10784] Bluetooth: hci2: command tx timeout [ 617.328430][ T9977] bridge_slave_0: left allmulticast mode [ 617.445867][ T9977] bridge_slave_0: left promiscuous mode [ 617.456546][ T30] audit: type=1804 audit(1758447518.456:94): pid=10836 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.1401" name="/newroot/193/file1/file1" dev="loop4" ino=15 res=1 errno=0 [ 617.773489][ T30] audit: type=1800 audit(1758447518.466:95): pid=10836 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1401" name="file1" dev="loop4" ino=15 res=0 errno=0 [ 617.814083][ T9977] bridge0: port 1(bridge_slave_0) entered disabled state [ 619.303555][T10784] Bluetooth: hci2: command tx timeout [ 619.933129][ T5866] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 623.660636][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 623.667103][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 625.965554][T10908] loop5: detected capacity change from 0 to 64 [ 626.288321][T10910] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1420'. [ 627.045170][T10908] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 627.261909][ T30] audit: type=1326 audit(1758447528.236:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10914 comm="syz.1.1421" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10f1b8ec29 code=0x7ffc0000 [ 627.342129][ T30] audit: type=1326 audit(1758447528.236:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10914 comm="syz.1.1421" exe="/root/syz-executor" sig=0 arch=c000003e syscall=277 compat=0 ip=0x7f10f1b8ec29 code=0x7ffc0000 [ 627.421076][ T30] audit: type=1326 audit(1758447528.236:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10914 comm="syz.1.1421" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10f1b8ec29 code=0x7ffc0000 [ 627.479832][ T30] audit: type=1326 audit(1758447528.236:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10914 comm="syz.1.1421" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10f1b8ec29 code=0x7ffc0000 [ 629.781941][T10934] IPv6: NLM_F_REPLACE set, but no existing node found! [ 631.547677][ T9977] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 631.655414][ T9977] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 631.948175][ T9977] bond0 (unregistering): (slave batadv0): Releasing backup interface [ 632.836045][ T9977] net_ratelimit: 17 callbacks suppressed [ 632.836061][ T9977] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:2a [ 633.097160][ T9977] bond0 (unregistering): Released all slaves [ 636.928908][T10782] chnl_net:caif_netlink_parms(): no params data found [ 640.341998][T10782] bridge0: port 1(bridge_slave_0) entered blocking state [ 640.349102][T10782] bridge0: port 1(bridge_slave_0) entered disabled state [ 640.425607][T10782] bridge_slave_0: entered allmulticast mode [ 640.462066][T10782] bridge_slave_0: entered promiscuous mode [ 641.032075][ T9977] hsr_slave_0: left promiscuous mode [ 641.157756][ T9977] hsr_slave_1: left promiscuous mode [ 641.198592][ T9977] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 641.594834][ T9977] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 641.694769][ T9977] batman_adv: batadv0: Interface deactivated: dummy0 [ 641.714162][ T9977] batman_adv: batadv0: Removing interface: dummy0 [ 646.118288][T11055] overlayfs: failed to resolve './file0': -2 [ 649.688519][T11079] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1462'. [ 652.021978][T11095] netlink: 1041 bytes leftover after parsing attributes in process `syz.5.1468'. [ 659.149574][ T30] audit: type=1326 audit(1758447560.156:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11130 comm="syz.4.1478" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7feedf98ec29 code=0x0 [ 660.559707][T11141] loop5: detected capacity change from 0 to 2048 [ 660.884437][T11141] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 664.339078][T11163] loop4: detected capacity change from 0 to 1024 [ 665.412945][T11178] hfsplus: keylen 65060 too large [ 666.132688][ T30] audit: type=1804 audit(1758447567.126:101): pid=11163 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.1485" name="/newroot/207/file1/file1" dev="loop4" ino=20 res=1 errno=0 [ 666.202219][T11178] hfsplus: xattr searching failed [ 666.244128][T11163] hfsplus: keylen 65060 too large [ 666.319318][T11163] hfsplus: xattr searching failed [ 666.350265][T11182] hfsplus: keylen 65060 too large [ 666.376286][ T9977] team0 (unregistering): Port device team_slave_1 removed [ 669.009576][ T9977] team0 (unregistering): Port device team_slave_0 removed [ 669.040122][ T5882] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 669.072178][ T5882] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 669.090139][ T5882] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 669.201964][ T5882] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 669.312081][ T5882] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 671.642100][T10784] Bluetooth: hci6: command tx timeout [ 673.985875][ T5882] Bluetooth: hci6: command tx timeout [ 677.011991][ T5882] Bluetooth: hci6: command tx timeout [ 678.402584][T11250] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1507'. [ 679.092352][ T5882] Bluetooth: hci6: command tx timeout [ 682.116290][T10784] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 682.126223][T10784] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 682.139038][T10784] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 682.157747][T10784] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 682.168746][T10784] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 682.176812][T10782] bridge0: port 2(bridge_slave_1) entered blocking state [ 682.198489][T10782] bridge0: port 2(bridge_slave_1) entered disabled state [ 682.208192][T10782] bridge_slave_1: entered allmulticast mode [ 682.216079][T10782] bridge_slave_1: entered promiscuous mode [ 684.203765][T10784] Bluetooth: hci7: command tx timeout [ 685.898459][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 685.905530][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 686.281987][T10784] Bluetooth: hci7: command tx timeout [ 687.545757][T11328] netlink: 277 bytes leftover after parsing attributes in process `syz.4.1526'. [ 688.432265][T10784] Bluetooth: hci7: command tx timeout [ 690.153675][T11344] netlink: 'syz.1.1530': attribute type 1 has an invalid length. [ 690.442713][T10784] Bluetooth: hci7: command tx timeout [ 691.470158][T11348] bond2: (slave ip6gretap1): Enslaving as a backup interface with an up link [ 691.707135][T11351] veth3: entered promiscuous mode [ 691.752746][T11351] bond2: (slave veth3): Enslaving as a backup interface with a down link [ 691.782995][T11373] overlayfs: missing 'lowerdir' [ 693.266076][T11199] chnl_net:caif_netlink_parms(): no params data found [ 694.179513][ T9977] IPVS: stop unused estimator thread 0... [ 694.953741][T11279] chnl_net:caif_netlink_parms(): no params data found [ 695.563332][T11199] bridge0: port 1(bridge_slave_0) entered blocking state [ 695.612041][T11199] bridge0: port 1(bridge_slave_0) entered disabled state [ 695.619333][T11199] bridge_slave_0: entered allmulticast mode [ 695.722059][T11199] bridge_slave_0: entered promiscuous mode [ 695.897183][T11199] bridge0: port 2(bridge_slave_1) entered blocking state [ 695.932221][T11199] bridge0: port 2(bridge_slave_1) entered disabled state [ 695.941050][T11199] bridge_slave_1: entered allmulticast mode [ 695.949058][T11199] bridge_slave_1: entered promiscuous mode [ 695.956241][ T9977] bridge_slave_1: left allmulticast mode [ 696.331991][T11419] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1543'. [ 696.352810][ T9977] bridge_slave_1: left promiscuous mode [ 696.358834][ T9977] bridge0: port 2(bridge_slave_1) entered disabled state [ 696.400746][ T9977] bridge_slave_0: left allmulticast mode [ 696.425242][ T9977] bridge_slave_0: left promiscuous mode [ 696.455763][ T9977] bridge0: port 1(bridge_slave_0) entered disabled state [ 697.764099][ T9977] bond0 (unregistering): Released all slaves [ 697.978107][T11441] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -12 [ 697.989565][T11441] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -12 [ 697.999554][T11441] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 699.270896][T11462] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1554'. [ 700.169372][T11470] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1554'. [ 700.299896][T11279] bridge0: port 1(bridge_slave_0) entered blocking state [ 700.310568][T11279] bridge0: port 1(bridge_slave_0) entered disabled state [ 700.317966][T11279] bridge_slave_0: entered allmulticast mode [ 700.386320][T11475] trusted_key: encrypted_key: keyword 'new' not allowed when called from .update method [ 700.578101][T11279] bridge_slave_0: entered promiscuous mode [ 701.256437][T11199] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 701.334481][T11199] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 701.462340][T11482] loop4: detected capacity change from 0 to 256 [ 701.527876][T11482] exFAT-fs (loop4): failed to load upcase table (idx : 0x00011a39, chksum : 0xd54015fb, utbl_chksum : 0xe619d30d) [ 701.737155][T11486] netlink: 'syz.1.1560': attribute type 3 has an invalid length. [ 701.926580][T11279] bridge0: port 2(bridge_slave_1) entered blocking state [ 701.946599][T11279] bridge0: port 2(bridge_slave_1) entered disabled state [ 701.988470][T11279] bridge_slave_1: entered allmulticast mode [ 702.512750][T11279] bridge_slave_1: entered promiscuous mode [ 704.735274][T11199] team0: Port device team_slave_0 added [ 704.939698][T11511] loop4: detected capacity change from 0 to 1024 [ 705.967894][T11279] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 707.104241][T11199] team0: Port device team_slave_1 added [ 707.514719][T11279] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 709.634808][ T6348] hfsplus: b-tree write err: -5, ino 4 [ 709.787643][T11199] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 709.852342][T11199] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 710.119794][T11199] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 710.920119][T11279] team0: Port device team_slave_0 added [ 710.993008][T11279] team0: Port device team_slave_1 added [ 711.514025][T11199] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 711.551596][T11199] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 711.649356][T11199] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 715.319610][T11279] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 715.337746][T11279] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 715.575713][T11279] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 715.588521][T11279] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 715.595509][T11279] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 715.622993][T11279] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 716.390668][T10784] Bluetooth: hci4: unexpected cc 0x203e length: 2 > 1 [ 716.398998][T10784] Bluetooth: hci4: unexpected event for opcode 0x203e [ 716.445482][T11623] veth3: left promiscuous mode [ 716.661376][T11625] loop4: detected capacity change from 0 to 4096 [ 716.677809][T11625] EXT4-fs: Conflicting test_dummy_encryption options [ 717.422117][T11199] hsr_slave_0: entered promiscuous mode [ 717.449453][T11199] hsr_slave_1: entered promiscuous mode [ 717.459751][T11199] debugfs: 'hsr0' already exists in 'hsr' [ 717.479999][T11199] Cannot create hsr debugfs directory [ 718.125886][T11637] rdma_op ffff8880536049f0 conn xmit_rdma 0000000000000000 [ 720.451965][T10784] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0 [ 720.460431][T10784] Bluetooth: hci4: Injecting HCI hardware error event [ 720.485385][ T5882] Bluetooth: hci4: hardware error 0x00 [ 720.583237][T11652] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1593'. [ 720.704274][T11279] hsr_slave_0: entered promiscuous mode [ 720.999273][T11652] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1593'. [ 721.011290][T11279] hsr_slave_1: entered promiscuous mode [ 721.029500][T11279] debugfs: 'hsr0' already exists in 'hsr' [ 721.044479][T11279] Cannot create hsr debugfs directory [ 722.602169][ T5882] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 726.032560][ T5882] Bluetooth: hci5: unexpected event for opcode 0x080d [ 730.075080][ T5882] Bluetooth: hci5: Controller not accepting commands anymore: ncmd = 0 [ 730.083757][ T5882] Bluetooth: hci5: Injecting HCI hardware error event [ 730.092483][ T5882] Bluetooth: hci5: hardware error 0x00 [ 730.664333][T11279] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 730.768965][T11731] overlayfs: failed to clone upperpath [ 730.852009][ T5946] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 731.578137][T11279] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 731.657243][T11738] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 731.675755][T11738] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 731.684668][T11738] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 731.692764][T11738] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 731.701041][T11738] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 731.733355][ T5946] usb 5-1: Using ep0 maxpacket: 8 [ 731.783754][ T5946] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 731.804221][T11279] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 731.857372][ T5946] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 731.892847][T11279] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 731.897303][ T5946] usb 5-1: New USB device found, idVendor=0e41, idProduct=4142, bcdDevice=d4.6e [ 731.932041][ T5946] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 731.985493][ T5946] usb 5-1: Product: syz [ 731.999963][ T5946] usb 5-1: Manufacturer: syz [ 732.028103][ T5946] usb 5-1: SerialNumber: syz [ 732.050427][ T5946] usb 5-1: config 0 descriptor?? [ 732.362067][ T5882] Bluetooth: hci5: Opcode 0x0c03 failed: -110 [ 733.485119][T11769] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1616'. [ 734.202381][ T5882] Bluetooth: hci0: command tx timeout [ 734.462031][ T915] usb 5-1: USB disconnect, device number 11 [ 736.282797][ T5882] Bluetooth: hci0: command tx timeout [ 738.470470][ T5882] Bluetooth: hci0: command tx timeout [ 739.530156][T11279] 8021q: adding VLAN 0 to HW filter on device bond0 [ 740.801910][ T5882] Bluetooth: hci0: command tx timeout [ 746.519186][ T12] ------------[ cut here ]------------ [ 746.533441][ T12] WARNING: CPU: 1 PID: 12 at io_uring/io_uring.c:2980 io_ring_exit_work+0x4ed/0x930 [ 746.543254][ T12] Modules linked in: [ 746.545527][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 746.547422][ T12] CPU: 1 UID: 0 PID: 12 Comm: kworker/u8:0 Not tainted syzkaller #0 PREEMPT(full) [ 746.563136][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 746.573303][ T12] Workqueue: iou_exit io_ring_exit_work [ 746.579036][ T12] RIP: 0010:io_ring_exit_work+0x4ed/0x930 [ 746.584984][ T12] Code: c6 05 e0 09 62 0e 01 48 c7 c7 a0 69 e2 8b be 24 00 00 00 48 c7 c2 40 69 e2 8b e8 ee 1e 72 00 e9 7b fe ff ff e8 04 44 94 00 90 <0f> 0b 90 b8 70 17 00 00 48 89 44 24 38 e9 5f ff ff ff 89 d9 80 e1 [ 746.604938][ T12] RSP: 0018:ffffc900001178e0 EFLAGS: 00010293 [ 746.611240][ T12] RAX: ffffffff812b698c RBX: 000000010000adff RCX: ffff88801cab5a00 [ 746.619545][ T12] RDX: 0000000000000000 RSI: fffffffffffffffc RDI: 0000000000000000 [ 746.627659][ T12] RBP: ffffc90000117a70 R08: ffffc90000117867 R09: 1ffff92000022f0c [ 746.637743][ T12] R10: dffffc0000000000 R11: fffff52000022f0d R12: 000000010000adfb [ 746.645958][ T12] R13: ffff88807c1a0310 R14: ffff88807c1a0480 R15: dffffc0000000000 [ 746.654120][ T12] FS: 0000000000000000(0000) GS:ffff888125d13000(0000) knlGS:0000000000000000 [ 746.663214][ T12] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 746.669918][ T12] CR2: 00007f3037cab008 CR3: 0000000069759000 CR4: 0000000000350ef0 [ 746.678112][ T12] Call Trace: [ 746.681461][ T12] [ 746.684706][ T12] ? __pfx_io_ring_exit_work+0x10/0x10 [ 746.690338][ T12] ? srso_alias_return_thunk+0x5/0xfbef5 [ 746.696179][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 746.701468][ T12] ? process_scheduled_works+0x9ef/0x17b0 [ 746.707375][ T12] ? process_scheduled_works+0x9ef/0x17b0 [ 746.713296][ T12] process_scheduled_works+0xae1/0x17b0 [ 746.719106][ T12] ? __pfx_process_scheduled_works+0x10/0x10 [ 746.725320][ T12] ? srso_alias_return_thunk+0x5/0xfbef5 [ 746.732749][ T12] worker_thread+0x8a0/0xda0 [ 746.737562][ T12] kthread+0x711/0x8a0 [ 746.741741][ T12] ? __pfx_worker_thread+0x10/0x10 [ 746.746936][ T12] ? __pfx_kthread+0x10/0x10 [ 746.752074][ T12] ? srso_alias_return_thunk+0x5/0xfbef5 [ 746.757829][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 746.763178][ T12] ? srso_alias_return_thunk+0x5/0xfbef5 [ 746.769711][ T12] ? lockdep_hardirqs_on+0x9c/0x150 [ 746.775021][ T12] ? __pfx_kthread+0x10/0x10 [ 746.779704][ T12] ret_from_fork+0x439/0x7d0 [ 746.784538][ T12] ? __pfx_ret_from_fork+0x10/0x10 [ 746.789792][ T12] ? __switch_to_asm+0x39/0x70 [ 746.794698][ T12] ? __switch_to_asm+0x33/0x70 [ 746.799607][ T12] ? __pfx_kthread+0x10/0x10 [ 746.804345][ T12] ret_from_fork_asm+0x1a/0x30 [ 746.809434][ T12] [ 746.812544][ T12] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 746.819821][ T12] CPU: 1 UID: 0 PID: 12 Comm: kworker/u8:0 Not tainted syzkaller #0 PREEMPT(full) [ 746.829111][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 746.839174][ T12] Workqueue: iou_exit io_ring_exit_work [ 746.844743][ T12] Call Trace: [ 746.848019][ T12] [ 746.850950][ T12] dump_stack_lvl+0x99/0x250 [ 746.855549][ T12] ? __asan_memcpy+0x40/0x70 [ 746.860149][ T12] ? __pfx_dump_stack_lvl+0x10/0x10 [ 746.865356][ T12] ? __pfx__printk+0x10/0x10 [ 746.869976][ T12] ? srso_alias_return_thunk+0x5/0xfbef5 [ 746.875622][ T12] vpanic+0x281/0x750 [ 746.879612][ T12] ? __pfx__printk+0x10/0x10 [ 746.884213][ T12] ? __pfx_vpanic+0x10/0x10 [ 746.888720][ T12] ? srso_alias_return_thunk+0x5/0xfbef5 [ 746.894359][ T12] ? is_bpf_text_address+0x26/0x2b0 [ 746.899577][ T12] ? srso_alias_return_thunk+0x5/0xfbef5 [ 746.905228][ T12] panic+0xb9/0xc0 [ 746.908965][ T12] ? __pfx_panic+0x10/0x10 [ 746.913418][ T12] __warn+0x31b/0x4b0 [ 746.917408][ T12] ? io_ring_exit_work+0x4ed/0x930 [ 746.922535][ T12] ? io_ring_exit_work+0x4ed/0x930 [ 746.927659][ T12] report_bug+0x2be/0x4f0 [ 746.932000][ T12] ? io_ring_exit_work+0x4ed/0x930 [ 746.937128][ T12] ? io_ring_exit_work+0x4ed/0x930 [ 746.942256][ T12] ? io_ring_exit_work+0x4ef/0x930 [ 746.947378][ T12] handle_bug+0x84/0x160 [ 746.951632][ T12] exc_invalid_op+0x1a/0x50 [ 746.956146][ T12] asm_exc_invalid_op+0x1a/0x20 [ 746.961000][ T12] RIP: 0010:io_ring_exit_work+0x4ed/0x930 [ 746.966730][ T12] Code: c6 05 e0 09 62 0e 01 48 c7 c7 a0 69 e2 8b be 24 00 00 00 48 c7 c2 40 69 e2 8b e8 ee 1e 72 00 e9 7b fe ff ff e8 04 44 94 00 90 <0f> 0b 90 b8 70 17 00 00 48 89 44 24 38 e9 5f ff ff ff 89 d9 80 e1 [ 746.986340][ T12] RSP: 0018:ffffc900001178e0 EFLAGS: 00010293 [ 746.992419][ T12] RAX: ffffffff812b698c RBX: 000000010000adff RCX: ffff88801cab5a00 [ 747.000394][ T12] RDX: 0000000000000000 RSI: fffffffffffffffc RDI: 0000000000000000 [ 747.008370][ T12] RBP: ffffc90000117a70 R08: ffffc90000117867 R09: 1ffff92000022f0c [ 747.016342][ T12] R10: dffffc0000000000 R11: fffff52000022f0d R12: 000000010000adfb [ 747.024316][ T12] R13: ffff88807c1a0310 R14: ffff88807c1a0480 R15: dffffc0000000000 [ 747.032307][ T12] ? io_ring_exit_work+0x4ec/0x930 [ 747.037467][ T12] ? __pfx_io_ring_exit_work+0x10/0x10 [ 747.042963][ T12] ? srso_alias_return_thunk+0x5/0xfbef5 [ 747.048606][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 747.053821][ T12] ? process_scheduled_works+0x9ef/0x17b0 [ 747.059540][ T12] ? process_scheduled_works+0x9ef/0x17b0 [ 747.065265][ T12] process_scheduled_works+0xae1/0x17b0 [ 747.070854][ T12] ? __pfx_process_scheduled_works+0x10/0x10 [ 747.076847][ T12] ? srso_alias_return_thunk+0x5/0xfbef5 [ 747.082507][ T12] worker_thread+0x8a0/0xda0 [ 747.087139][ T12] kthread+0x711/0x8a0 [ 747.091222][ T12] ? __pfx_worker_thread+0x10/0x10 [ 747.096340][ T12] ? __pfx_kthread+0x10/0x10 [ 747.100937][ T12] ? srso_alias_return_thunk+0x5/0xfbef5 [ 747.106586][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 747.111802][ T12] ? srso_alias_return_thunk+0x5/0xfbef5 [ 747.117439][ T12] ? lockdep_hardirqs_on+0x9c/0x150 [ 747.122642][ T12] ? __pfx_kthread+0x10/0x10 [ 747.127260][ T12] ret_from_fork+0x439/0x7d0 [ 747.131865][ T12] ? __pfx_ret_from_fork+0x10/0x10 [ 747.136992][ T12] ? __switch_to_asm+0x39/0x70 [ 747.141769][ T12] ? __switch_to_asm+0x33/0x70 [ 747.146554][ T12] ? __pfx_kthread+0x10/0x10 [ 747.151156][ T12] ret_from_fork_asm+0x1a/0x30 [ 747.155965][ T12] [ 747.159175][ T12] Kernel Offset: disabled [ 747.163496][ T12] Rebooting in 86400 seconds..