last executing test programs: 1m55.173980924s ago: executing program 0 (id=2435): r0 = socket$inet(0x2, 0x2, 0x1) sendmsg$inet(r0, &(0x7f00000000c0)={&(0x7f0000000040)={0x2, 0x0, @rand_addr=0x64010102}, 0x10, &(0x7f0000000540)=[{&(0x7f0000000280)="08001efbb07d5a6e", 0x2a}], 0x1, &(0x7f0000002240)=ANY=[], 0xa}, 0x4850) 1m54.991525777s ago: executing program 0 (id=2437): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r0}, 0x18) (async) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) (async) r1 = getpid() r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDEL6RD(r2, 0x89fa, &(0x7f00000001c0)={'sit0\x00', &(0x7f0000000100)={@loopback, @private=0xa010100, 0x5, 0x20}}) (async) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000756000/0x1000)=nil, 0x1000, 0x2000002, 0x30, r2, 0xf273b000) (async) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) (async) ioctl$FAT_IOCTL_SET_ATTRIBUTES(r0, 0x40047211, &(0x7f0000000040)) (async) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) sched_setscheduler(0x0, 0x0, &(0x7f0000000000)=0x6) (async) syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000740)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xc000, &(0x7f00000006c0), 0x2, 0x246, &(0x7f0000000ac0)="$eJzs3T9oM2UcB/DvXRJf+75BXnURxD8gIloor5vg8rooFKQUEUGFioiL0gq1xa1xcnHQWaWTSxE3q6N0KS6K4FS1Q10ELQ4WBx0iybVS24ja1Jz0Ph+43l3vee73HLnvkyyXBGisq0muJ2klmU7SSVIcb3B3tVw93F2f2l5I+v0nfiqG7ar9ylG/K0l6SR5KslUWeamdrG4+s/fLzmP3vbnSuff9zaenJnqRh/b3dh8/eG/ujY9mH1z94qsf5opcT/dP13X+ihH/axfJLf9Fsf+Jol33CPgn5l/78OtB7m9Ncs8w/52UqV68t5Zv2OrkgXf/qu/bP355+yTHCpy/fr8zeA/s9YHGKZN0U5QzSartspyZqT7Df9O6XL68tPzq9ItLK4sv1D1TAeelm+w++smlj6+cyP/3rSr/wMU1yP+T8xvfDrYPWnWPBpiIO6rVIP/Tz63dH/mHxpF/aC75h+aSf2gu+Yfmkn9oLvmHC6xztNEbeVj+obnkH5pL/qG5jucfAGiW/qW6n0AG6lL3/AMAAAAAAAAAAAAAAAAAAJy2PrW9cLRMquZn7yT7jyRpj6rfGv4ecXLj8O/ln4tBsz8UVbexPHvXmCcY0wc1P31903f11v/8znrrry0mvdeTXGu3T99/xeH9d3Y3/83xzvNjFviXihP7Dz812fon/bZRb/3ZneTTwfxzbdT8U+a24Xr0/NM9/hXLZ/TKr2OeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIn5PQAA//8PK23M") mkdir(&(0x7f00000020c0)='./file0\x00', 0xf8) r5 = open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r5, 0x800c6613, &(0x7f0000000140)=@v1={0x0, @adiantum, 0x3, @desc3}) (async) chdir(&(0x7f0000000000)='./file0\x00') (async) creat(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x1b) r6 = socket$netlink(0x10, 0x3, 0x15) writev(r6, &(0x7f00000000c0)=[{&(0x7f0000000180)="39000000130003470fbb65e1c3e4ffff060060001600000056000000250000001900b3c0b6d20300070a0000000084db26b9e4e20000000000", 0x39}], 0x1) (async) r7 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0) (async) r8 = fsopen(&(0x7f0000000440)='nfsd\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r8, 0x6, 0x0, 0x0, 0x0) (async) close_range(r7, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$nl80211(0x0, r6) 1m54.567067006s ago: executing program 0 (id=2438): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) preadv2(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}], 0x1, 0x0, 0x0, 0x0) openat$uinput(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000001b80)=ANY=[@ANYBLOB="0600000004000000080000000100000080000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000020000000000000000000000000000000000000000000000a8f72a6c2e314ec2776dc544fca0d945581beff79deeb04e3aaf402390b8e955a29160cc04edc153bf364db907c1a0b798908644f0707d11b257d1a6e406c29b8a39d7798a38f795ecc598eab5d9bdbc0565ce457a9bb74468468d6c96a06cd952970e9fd76a2561a82892a88e5302cb9f4b9e890611f1de"], 0x48) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x7, 0x4, 0x6, 0xfffa}, 0x1d, [0x6, 0xc95a, 0xfffffff3, 0x9, 0x7f, 0x7, 0x10001, 0x7f, 0x6, 0x4d, 0xfffffff2, 0x5f, 0x3, 0x40000003, 0xffff2d37, 0x1dd2, 0x6, 0x7, 0x2, 0x80000001, 0x7, 0x9, 0xffff, 0x3c5b, 0x1, 0x24, 0x3, 0xfffffffe, 0x1f461e2c, 0x2, 0xfffffffa, 0x3, 0x3, 0x3, 0x7fff, 0x4c74, 0xf, 0x8001, 0x4, 0xa, 0x0, 0x80071, 0x5, 0xfffff000, 0x103, 0x0, 0x5, 0x3c, 0x4, 0x1, 0x1000, 0x3, 0x5, 0x4, 0x8, 0x0, 0x80, 0x2, 0x5, 0xa, 0x8, 0x7, 0x1, 0xfffffffe], [0x10000007, 0xfffd, 0xfff, 0x8000, 0xc, 0xfffffff5, 0x129432e6, 0x3, 0x6, 0x0, 0x2bf, 0x8, 0x9, 0xffff7ffe, 0x3, 0x4002, 0x101, 0x5, 0x2f, 0xe, 0xfff, 0x78, 0x10000ea3, 0xa, 0xe, 0x0, 0x8000, 0xb, 0x400, 0x101, 0x200, 0xfffffffd, 0xff, 0x1005, 0x7ff, 0x5f31, 0xc, 0x6000000, 0x6, 0x2, 0xc, 0x4, 0x9, 0x8, 0x9, 0x6, 0x5, 0x0, 0x1, 0x0, 0xffff, 0x2000002, 0x7f, 0xb, 0xfff, 0x1000, 0x4, 0x143, 0x7, 0xb, 0x9, 0x48c93690, 0x2, 0x3], [0x7, 0x4, 0x0, 0x64e, 0xfffffdfe, 0x5, 0x8d2, 0x9, 0x5, 0xfffffff7, 0x0, 0x5, 0xb, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x86, 0x2, 0x10000009, 0x3ea, 0xb, 0x5, 0x6, 0x2, 0xf, 0x88, 0x0, 0xc, 0x5, 0x3b, 0x3, 0x5, 0x80, 0x3, 0xfffffffe, 0x202, 0x0, 0xa2, 0x7, 0x53cf697b, 0x1, 0x6, 0x54fe12d2, 0xbf, 0x200, 0x0, 0x400002, 0x3, 0x4, 0x5, 0xf23, 0x0, 0x6, 0xfffffffb, 0x120000, 0x3, 0x6, 0x9, 0x4, 0x3], [0x9, 0x7e06, 0x3, 0xb, 0x5, 0x938, 0x6, 0x3, 0x0, 0x5, 0xce7, 0x1ff, 0x6, 0x9, 0x5, 0x0, 0x101, 0x10003, 0x2006, 0x7fff, 0x8ffff, 0x6, 0x2, 0x5, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x6, 0x400007, 0x2, 0x5, 0x735, 0x8, 0x3, 0x50fd, 0x10001, 0x3, 0x9, 0x100, 0x9602, 0xa, 0x2, 0x80000007, 0x6, 0x1, 0x10000, 0xfffffffe, 0x8, 0x2b94, 0xa1f, 0x8, 0x9, 0x1, 0x6c1b, 0x2d513b50, 0x4, 0x5, 0x4b1c, 0x1, 0xa, 0xffff7441, 0xfff]}, 0x45c) socket$nl_route(0x10, 0x3, 0x0) r3 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_tcp_buf(r3, 0x6, 0xd, &(0x7f0000000080), 0x0) getsockopt$IPT_SO_GET_INFO(r3, 0x0, 0x40, &(0x7f0000000400)={'filter\x00', 0x0, [0x1, 0x1, 0x7, 0xc, 0x80010001]}, &(0x7f00000003c0)=0x54) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x275a, 0x0) 1m53.84388972s ago: executing program 0 (id=2439): r0 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2a, &(0x7f0000000080)={0x8, {{0xa, 0x0, 0x7, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @mcast1, 0x2}}}, 0x108) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000034000)={0x1, {{0xa, 0x0, 0x0, @mcast2}}}, 0x88) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000680)={0x9e, {{0xa, 0x4e20, 0x8, @mcast1, 0x3}}, {{0xa, 0x4e23, 0x10000, @ipv4={'\x00', '\xff\xff', @multicast1}, 0x2}}}, 0x108) 1m53.663363713s ago: executing program 0 (id=2442): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) preadv2(0xffffffffffffffff, &(0x7f0000000440), 0x0, 0x0, 0x0, 0x0) openat$uinput(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r3 = signalfd(0xffffffffffffffff, &(0x7f00000001c0), 0x8) mkdir(&(0x7f0000000140)='./control\x00', 0x5) fcntl$setown(r3, 0x8, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000001b80)=ANY=[@ANYBLOB="0600000004000000080000000100000080000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000020000000000000000000000000000000000000000000000a8f72a6c2e314ec2776dc544fca0d945581beff79deeb04e3aaf402390b8e955a29160cc04edc153bf364db907c1a0b798908644f0707d11b257d1a6e406c29b8a39d7798a38f795ecc598eab5d9bdbc0565ce457a9bb74468468d6c96a06cd952970e9fd76a2561a82892a88e5302cb9f4b9e890611f1de"], 0x48) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x7, 0x4, 0x6, 0xfffa}, 0x1d, [0x6, 0xc95a, 0xfffffff3, 0x9, 0x7f, 0x7, 0x10001, 0x7f, 0x6, 0x4d, 0xfffffff2, 0x5f, 0x3, 0x40000003, 0xffff2d37, 0x1dd2, 0x6, 0x7, 0x2, 0x80000001, 0x7, 0x9, 0xffff, 0x3c5b, 0x1, 0x24, 0x3, 0xfffffffe, 0x1f461e2c, 0x2, 0xfffffffa, 0x3, 0x3, 0x3, 0x7fff, 0x4c74, 0xf, 0x8001, 0x4, 0xa, 0x0, 0x80071, 0x5, 0xfffff000, 0x103, 0x0, 0x5, 0x3c, 0x4, 0x1, 0x1000, 0x3, 0x5, 0x4, 0x8, 0x0, 0x80, 0x2, 0x5, 0xa, 0x8, 0x7, 0x1, 0xfffffffe], [0x10000007, 0xfffd, 0xfff, 0x8000, 0xc, 0xfffffff5, 0x129432e6, 0x3, 0x6, 0x0, 0x2bf, 0x8, 0x9, 0xffff7ffe, 0x3, 0x4002, 0x101, 0x5, 0x2f, 0xe, 0xfff, 0x78, 0x10000ea3, 0xa, 0xe, 0x0, 0x8000, 0xb, 0x400, 0x101, 0x200, 0xfffffffd, 0xff, 0x1005, 0x7ff, 0x5f31, 0xc, 0x6000000, 0x6, 0x2, 0xc, 0x4, 0x9, 0x8, 0x9, 0x6, 0x5, 0x0, 0x1, 0x0, 0xffff, 0x2000002, 0x7f, 0xb, 0xfff, 0x1000, 0x4, 0x143, 0x7, 0xb, 0x9, 0x48c93690, 0x2, 0x3], [0x7, 0x4, 0x0, 0x64e, 0xfffffdfe, 0x5, 0x8d2, 0x9, 0x5, 0xfffffff7, 0x0, 0x5, 0xb, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x86, 0x2, 0x10000009, 0x3ea, 0xb, 0x5, 0x6, 0x2, 0xf, 0x88, 0x0, 0xc, 0x5, 0x3b, 0x3, 0x5, 0x80, 0x3, 0xfffffffe, 0x202, 0x0, 0xa2, 0x7, 0x53cf697b, 0x1, 0x6, 0x54fe12d2, 0xbf, 0x200, 0x0, 0x400002, 0x3, 0x4, 0x5, 0xf23, 0x0, 0x6, 0xfffffffb, 0x120000, 0x3, 0x6, 0x9, 0x4, 0x3], [0x9, 0x7e06, 0x3, 0xb, 0x5, 0x938, 0x6, 0x3, 0x0, 0x5, 0xce7, 0x1ff, 0x6, 0x9, 0x5, 0x0, 0x101, 0x10003, 0x2006, 0x7fff, 0x8ffff, 0x6, 0x2, 0x5, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x6, 0x400007, 0x2, 0x5, 0x735, 0x8, 0x3, 0x50fd, 0x10001, 0x3, 0x9, 0x100, 0x9602, 0xa, 0x2, 0x80000007, 0x6, 0x1, 0x10000, 0xfffffffe, 0x8, 0x2b94, 0xa1f, 0x8, 0x9, 0x1, 0x6c1b, 0x2d513b50, 0x4, 0x5, 0x4b1c, 0x1, 0xa, 0xffff7441, 0xfff]}, 0x45c) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000180)={'bond0\x00'}) r6 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_tcp_buf(r6, 0x6, 0xd, &(0x7f0000000080), 0x0) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200)=0x10001, 0x12) 1m52.692134503s ago: executing program 0 (id=2448): r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x3c1, 0x8000000, 0x4e8, 0x0, 0x168, 0x10, 0x0, 0xb, 0x418, 0x250, 0x250, 0x418, 0x250, 0x3, 0x0, {[{{@ipv6={@remote, @rand_addr=' \x01\x00', [], [0xffffff00], 'pimreg\x00', 'veth1_to_hsr\x00', {}, {}, 0x3a}, 0x6000000, 0x128, 0x190, 0x0, {0x0, 0x28e}, [@common=@icmp6={{0x28}, {0x0, 'K\r'}}, @common=@inet=@hashlimit1={{0x58}, {'netdevsim0\x00', {0x0, 0x0, 0x9, 0x1, 0x0, 0x10000, 0x80000001, 0x80}}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x1, 'pptp\x00', 'syz1\x00', {0x4}}}}, {{@uncond, 0x0, 0x160, 0x288, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x5}}, @common=@srh1={{0x90}, {0x2b, 0xac, 0x8, 0x9, 0x7ff, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010102}, @empty, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, [0xff, 0x0, 0xff000000, 0xff], [0xffffff00, 0xffffff00], [0xff000000, 0xffffffff, 0xff000000, 0xff000000], 0x8, 0x100}}]}, @common=@unspec=@SECMARK={0x128, 'SECMARK\x00', 0x0, {0x0, 0x0, 'system_u:object_r:usb_device_t:s0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x548) 1m37.519600579s ago: executing program 32 (id=2448): r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x3c1, 0x8000000, 0x4e8, 0x0, 0x168, 0x10, 0x0, 0xb, 0x418, 0x250, 0x250, 0x418, 0x250, 0x3, 0x0, {[{{@ipv6={@remote, @rand_addr=' \x01\x00', [], [0xffffff00], 'pimreg\x00', 'veth1_to_hsr\x00', {}, {}, 0x3a}, 0x6000000, 0x128, 0x190, 0x0, {0x0, 0x28e}, [@common=@icmp6={{0x28}, {0x0, 'K\r'}}, @common=@inet=@hashlimit1={{0x58}, {'netdevsim0\x00', {0x0, 0x0, 0x9, 0x1, 0x0, 0x10000, 0x80000001, 0x80}}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x1, 'pptp\x00', 'syz1\x00', {0x4}}}}, {{@uncond, 0x0, 0x160, 0x288, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x5}}, @common=@srh1={{0x90}, {0x2b, 0xac, 0x8, 0x9, 0x7ff, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010102}, @empty, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, [0xff, 0x0, 0xff000000, 0xff], [0xffffff00, 0xffffff00], [0xff000000, 0xffffffff, 0xff000000, 0xff000000], 0x8, 0x100}}]}, @common=@unspec=@SECMARK={0x128, 'SECMARK\x00', 0x0, {0x0, 0x0, 'system_u:object_r:usb_device_t:s0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x548) 11.942016457s ago: executing program 1 (id=2787): setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, 0x0, 0x0) ioctl$sock_netdev_private(0xffffffffffffffff, 0x8914, 0x0) r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) socketpair$unix(0x1, 0x5, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0xc054) ioctl$sock_rose_SIOCADDRT(r0, 0x8917, &(0x7f0000000380)={@dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x6, @null, @bpq0, 0x3, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default]}) sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x2000c000) 11.773796481s ago: executing program 1 (id=2789): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan0\x00'}) socket$inet(0x2, 0x2, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x3b, &(0x7f0000000000)='/proc/sys/net/ipv4\x00\x00s/sync_\x00le\xf44.\xab%nN\xd4\xa2\x88\x00\xd11=\x11\xc8\xdd\x15\xcc\xd2\xf1d\'%\x11c\x91l,'}, 0x30) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$HCIINQUIRY(r1, 0x400448ca, 0x0) bind$bt_hci(r1, &(0x7f0000000040)={0x1f, 0x0, 0x1}, 0x6) write$bt_hci(r1, &(0x7f0000000000)=ANY=[@ANYBLOB="01422006020607f6"], 0xa) bind$bt_hci(r1, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$netlink(0x10, 0x3, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) sendmsg$NFT_BATCH(r2, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) 11.677194663s ago: executing program 1 (id=2791): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)={0x34, r1, 0x7, 0x0, 0x0, {}, [@ETHTOOL_A_LINKMODES_OURS={0x8, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_NOMASK={0x4}]}, @ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}]}, 0x34}}, 0x0) 11.543725775s ago: executing program 1 (id=2792): r0 = syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f00000001c0)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) syz_usb_ep_write$ath9k_ep2(r0, 0x83, 0x8, &(0x7f0000000700)=@generic={0x7, 0x2, 0x0, "a4a67c11"}) 11.016344306s ago: executing program 1 (id=2797): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f00000000c0)={0x2, &(0x7f0000000080)=[{0x28, 0x9, 0x8, 0xfffff034}, {0x6, 0x0, 0x6c, 0xfffffffe}]}, 0x8) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet6(r1, &(0x7f0000000000)={&(0x7f0000000080)={0xa, 0xc627, 0x5, @dev={0xfe, 0x80, '\x00', 0x23}, 0x9}, 0x1c, &(0x7f00000001c0)=[{&(0x7f00000003c0)=' ', 0x1}], 0x1}, 0xc0001) 10.039065195s ago: executing program 1 (id=2800): syz_open_dev$tty20(0xc, 0x4, 0x0) io_uring_enter(0xffffffffffffffff, 0x627, 0x4c1, 0x43, 0x0, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x10000, &(0x7f0000000280), 0x3, 0x4cd, &(0x7f0000002200)="$eJzs3M9vFGUfAPDvbHdpgZfXioiCKAU0Nia2UFA4eMHExIMmRjzIsWkrQRYwtAchREpi8Ezi3Xg03jTxqkfjyT8ADx5MDAkxXABPa2Z3pt3ur+7CtqXs55Ns+zwzz8zzPDPzzD77PDsbwMAaS/8kEf+LiFsR8VQtujLBWO3f/btXZx7cvToTi5XKqX+Sarp7aTyTb7c9i4wXIgpfJg07rJm/fOXcdLk8dymLTy6c/2xy/vKV18+enz4zd2buwtSJE8eOHjn+5tQbvVeqRX5pve7t/eLivj3vnr75/kwxXz6S/a+vR1vF3oox1mHdK73t6rG3oy6cNB+na+taGLo2kl3WpbT9Xy0fPL3RBQLWTaVSqQy3X71YaXS9aQmwaSWx0SUANkb+Rp9+/s1f69T1eCzcOVn7AJTW+372qq0pRiFLU2r4fNtPYxHx8eK/36Sv6DQO8ecaFQAAGDi/nMx7go39v0Lsrkv3/2wOZTQino6InRHxTETsiohnI6ppn4uI5xszSCIqHfLf1RBfzv/HbBahcPuRK9lB2v97K5vbWtn/y3t/MTqUxXZE5B3mucPZMRmP0vAnZ8tzR9rsf8sq+df3/9JXmn/eF8zKcbvYMEA3O70w/XC1bXbnesTeYmP9k2J64vJpnCQi9kTE3h72O1oXPvvad/uWIqWV6Vavf1WlxZRez/NxrVS+jXi1dv4XY8X5X84x6Tw/OTkS5bnDk+lVcLhlHr/9fuODdvmvWv+f/mrc5J3jP5961GovSc//trrrP/L52+X6jyYRydJ87XxEZai3PG788VV1v2OHmtc97PW/JfmoGs7b1+fTCwuXjkRsSd5rXj61vG0ez9On9R8/1Lr978y2SY/ECxGRXsQvRsRLEbE/K/uBiDgYES2qtuTXt1/+tN26Lq//NZPWf7bl/W/F+V+er+8ykG+cLhk6d+DWgzY3j+7O/7FqaDxb0vr+l6y4RXRb0kc7egAAALA5FKL63f/CxFK4UJiYqI0B7YpthfLF+YX9EXFhtvaMwGiUCvlIV208uJTk45+jdfGphvjRbNz466Gt1fjEzMXy7EZXHgbc9mqbT5raf+rvHsd5gU2oD/NowCa1WvvffXOdCgKsO+//MLjq2v9imySLvikDTybv/zC4WrX/a/F9x2cX3DNg86toyzDQtH8YXMX4cClcfey55dO2wJPI+z8MpF6f6+8tUBluvWokWvxiwMjaFGNri7w2JJD2rPq4w1JEdJd468NkkXcB2//CQ6G3HQ5H86qh6LRV0sPvOOSB9KismvjM7r5f/PlvovT7svlhuZ2WujzdfQpsyO0IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACg7/4LAAD///QJ1ng=") r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec8500000075000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000040), 0x208e24b) fdatasync(r1) 4.347718115s ago: executing program 2 (id=2845): r0 = syz_open_dev$dri(&(0x7f0000000000), 0x29, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000380)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r0, 0xc05064a7, &(0x7f0000000440)={&(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000002c0), 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, r1}) 4.284170297s ago: executing program 2 (id=2846): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x18, 0xb, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000730000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="44000000020605000000000000000000000000000c000300686173683a69700005000400000000000900020073797a31000000000500050002000000050001"], 0x44}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x44, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast1=0xe0004001}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x10000047}, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) 3.487664152s ago: executing program 2 (id=2851): syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000d00)={[{@utf8no}, {@uni_xlateno}, {@fat=@errors_remount}, {@fat=@nfs}, {@fat=@codepage={'codepage', 0x3d, '1255'}}, {@shortname_lower}, {@numtail}, {@numtail}, {@numtail}, {@utf8no}, {@uni_xlate}, {@iocharset={'iocharset', 0x3d, 'cp860'}}, {@uni_xlateno}]}, 0x2a, 0x35a, &(0x7f0000000780)="$eJzs3T1onHUYAPDn+l5yaaEmoFB0Ot0EKW3EQV0SSgrFDFo5/Fo8bOpH7izk8CAZcs2iOCougk5uHXRw6CwOIm4OrlaQqrjYLdDiK3fvm7v3PtJG5VKLv98QHp7//7n///0g9ybknry6FOsXZuLijRvXY26uFOWlM0uxW4qFOBJJZC7HBOVJSQDgXrCbpvFHmrnz7A+P7UWzU94XADA9vff/148PEpW7uRsA4DAc8Of/ZydmL01tWwDAFO3GyPv/I0PDI7/mL/f/JgAAuHc9/9LLzyyvRpyvVucimu+1a+1aPDUYX74Yb0Yj1uJUzMetiOxBIXta6H49e2515VS165eFqHUr2rWIZqddy54UlpNefSVOx3ws5PVpvz45O7e6crpXX42Iy53e+tEstWszcSxf/8djsRaLMR8PjNVHnFtdWazmL1Br7tV3InZibu8guvs/GfPx/WtxKRpxIbq1g/1vn65Wz6SrQ/XtK5XePAAAAAAAAAAAAAAAAAAAAAAAmIaT1b6Ffv+btNlpv3t+dMJC1I4U+vtkw3l/oJ2sP1Ba2evO834y2h9ouD9Pu1aOI3f1yAEAAAAAAAAAAAAAAAAAAOC/o7U5G/VGY22jtbm1Xgw6hczb337+9dEYnfNWMshEOXu5oTl5LgpVSfTL0355mgzNyYMkYjD5ytX+jotzKv2j2NprJlB8nUo2VMiU8j3VG43jD//8ydiim1vrfw4ySYydluGgNL5o874sdZuq/YPFO8y5lqbpfuXbH29urc/E0OpRiiiPXbh/E8zmwTfX33jw8daJJ3pDX+VNHx59bP6Fax999tt6vRH5qWk0Zjdat9J/slZkl2Bwb5Ty81yacCdMDnYGmZ2N1mY9+eH3Fx/64LuRyUlMLE+LmXf2X+uL0cxsFnS3uXF/drPdbqszE27+CcHTX9Zfudm/e//+FTzx6VL96vZPvx60qvBNQqMOAAAAAAAAAAAAAAAAAAA4FIWPWx9I9tnrJ5+b7q4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4HAN/v9/IdgZyxwkuNmJ8aHK2kZr38WPHuqhAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwP/ZXAAAA//+XsmyE") openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) 3.003423202s ago: executing program 2 (id=2855): ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) openat(0xffffffffffffffff, &(0x7f0000000100)='./file1\x00', 0x40, 0x169) execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x0) mount$nfs(&(0x7f0000000380)='@\a\x0e%\x8d\xfa\x998\xbd\x80\xe2u\xa0\xdb,\b{\x0e\x82\x9b\x91~h9\xaa.\x8b1L\xb3', &(0x7f0000000340)='./file0\x00', 0x0, 0x1885f, 0x0) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)={0x30, r0, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x994}], @NL80211_ATTR_CH_SWITCH_BLOCK_TX={0x4}, @NL80211_ATTR_CH_SWITCH_COUNT={0x8, 0xb7, 0x99}]}, 0x30}}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x48, r6, 0x1, 0x70bd26, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_FRAME={0x24, 0x33, @reassoc_resp={{{0x0, 0x0, 0x3, 0x0, 0x0, 0x1}, {}, @broadcast, @device_a, @random="37e6fc966e04", {0x0, 0x7}}, 0x4c00, 0x5d, @default, @val, @void}}, @NL80211_ATTR_CSA_C_OFFSETS_TX={0x8, 0xcd, [0x1, 0x0]}]}, 0x48}, 0x1, 0x0, 0x0, 0xc0}, 0x0) 1.764013076s ago: executing program 2 (id=2864): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_mreqsrc(r2, 0x0, 0x27, &(0x7f0000000280)={@multicast2, @local, @local}, 0xc) sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000780)={0x54, r1, 0x1, 0x14, 0x0, {0x3}, [@TIPC_NLA_BEARER={0x40, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @local}}, {0x14, 0x2, @in={0x2, 0x0, @multicast2}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x48000}, 0x0) 1.761573206s ago: executing program 3 (id=2865): creat(&(0x7f0000000300)='./file0\x00', 0x28) syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000000)='./file0\x00', 0x80a, &(0x7f0000001a40)={[{@iocharset={'iocharset', 0x3d, 'cp855'}}, {@discard}, {@zero_size_dir}, {@sys_tz}, {@utf8}, {@discard}, {@keep_last_dots}, {@utf8}, {@gid}, {@sys_tz}]}, 0x1, 0x152f, &(0x7f0000000400)="$eJzs3AuYTtX6APD3XWvtMSS+JrkMa6138yWXRZLkkiSXJEmSJLeEpEmOJCSGkKQhCcllSGIIyWVi0rjf75eEJGmSJCS3ZP2fiXmcTp3/Oed/Ovk/Z97f8+zHemftd+13z/t98+29Dd92G1a7aZ0ajYkI/i148Y9EAIgFgEEAkBcAAgCoEFchLnM+p8TEf+8g7I/1YMqVroBdSdz/7I37n71x/7M37n/2xv3P3rj/2Rv3P3vj/jOWnW2eXuga3rLvxs//szP+/P8vklFm3Jdry1zXHSDmn03h/mdv3P//WsE/sxP3P3vj/mdXsVe6APb/AL//s4Mcf3eG+5+9cf8Zy86u9PPnK71B5P/Z9+BozouN+bPOnzHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYY+xOc8ZcpAMgaX+m6GGOMMcYYY4wx9sfxOf73+ZzBn1UJY4wxxhhjjDHG/nMQBEhQEEAM5IBYyAm5QADA1ZAH8kIEroE4uBbywXWQHwpAQSgE8VAYioAGAxYIQigKxSAK10NxuAFKQEkoBaXBQRkoCzdCObgJysPNUAFugYpwK1SCylAFqsJtUA1uh+pwB9SAO6Em1ILaUAfugrpwN9SDe6A+3AsN4D5oCPdDI3gAGsOD0AQegqbwMDSDR6A5tICW0Apa/5/yn4de8AL0hj6QCH2hH7wI/WEADISXYBC8DIPhFRgCr0ISDIVh8BoMh9dhBLwBI2EUjIY3YQy8BWNhHIyHCZAME2ESvA2T4R2YAu/CVJgGKTAdZsB7MBNmwWx4H+bABzAX5sF8WACp8CEshEWQBh/BYvgY0mEJLIVlsBxWwEpYBathDayFdbAeNsBG2ASbYQtshW2wHXbATvgEdsGnsBv2wF74DPbB5/9i/um/ye+OgIACBSpUGIMxGIuxmAtzYW7MjXkwD0YwgnEYh/kwH+bH/FgQC2I8xmMRLIIGDRISFsWiGMUoFsfiWAJLYCkshQ4dlsWyWA5vwvJYHitgBayIFbESVsbKWBWrYjWshtWxOtbAGlgTa2JtrI134V3YF+thPayP9bEBNsh6PIWNsTE2wSbYFJtiM2yGzbE5tsSW2BpbYxtsg22xLbbH9tgBO2BH7IgJmICdsBN2xs7YBbtgV+yK3bAbdsce2CPj+RyAL+AL2Adrir7YD/thf0zKMRBfwpfwZRyMr+Ar+Com4VAchq/ha/g6jsBTOBJH4WgcjdXEWzgWxyGJCZiMyTgJJ+FknIyZhb6L0zAFp+MMnIEzcRbOwvdxDn6AH+A8nIcLMBVTcSEuwjRMw8V4GtNxCS7FZbgcV+ByXIWrcRWuxXW4FjfgBtyEm3ALbsFtuA134A78BBUAfop7cA8m4T7ch/txPx7AA3gQD2IGZuAhPISH8TAewSN4FI/iMTyOJ/A4nsSTeApP4xk8g+fwHJ7HZ+O/bvJJyTVJIDIpoUSMiBGxIlbkErlEbpFb5BF5RERERJyIE/lEPpFf5BcFRUERL+JFEVFEGGEEiTAGAERUREVxUVyUECVEKVFKOOFEWVFWlBPlRHlRXlQQt4iK4lZRSVQW7VxVUVVUE+1ddXGHqCFqiJqilqgt6og6oq6oK+qJeqK+qC8aiAaiobhfNBJ9cSA+KDI701QMxWZiGDYXLYS89BOsjRiBbUU70V48LkbhSOwo2rgE8ZToJMZiZ/EXMQ6fEV3FBOwmnhPdRQ/RUzwveom2rrfoI6ZgX9FPTMP+YoAYKF4SM7GWeB/n5KwtXhVJYqgYJl4TC/B1MUK8IUaKUWK0eFOMEW+JsWKcGC8miGQxUUwSb4vJ4h0xRbwrpoppIkVMFzPEe2KmmCVmi/fFHPGBmCvmifligUgVH4qFYpFIEx+JxeJjkS6WiKVimVguVoiVYpVYLdaItWKdWC82iI1ik9gstoitYpvYLnaIneITsUt8KnaLPWKv+EzsE5+L/eILcUB8KQ6Kr0SG+FocEt+Iw+JbcUR8J46K78UxcVycED+Ik+JHcUqcFmfEWXFO/CTOi5/FBeEFSJRCSqlkIGNkDhkrc8pc8iqZW2Y9+L1GxslrZT55ncwvC8iCspCMl4VlEamlkVaSDGVRWUxG5fWyuLxBlpAlZSlZWjpZRpaVN8py8iZZXt4sK8hbZEV5q6wkK8sqsqq8TVaTt0uIXDxGTVlL1pZ15F0yEe6W9eQ9sr68VzaQ98mG8n7ZSD4gG8sHZRP5kGwqH5bN5COyuWwhW8pWsrV8VLaRj8m2sp1sLx+XHeQTsqN8UibIp2Qn6S+9RJ6RXeWzspt8TnaXPWRP+bO8IL3sLftI6Auyn3xR9pcD5MBYAJAvy8HyFTlEviqT5FA5TL4mh8vX5Qj5hhwpR8nR8k05Rr4lx8pxcrycIJPlRDlJvi0ny3fkFPmunCqnyRQ5XQ6Ug35ZabaU/zD/7d/JH/LL0TfJzXKL3Cq3ye1yh9wpP5G75C65W+6We+VeuU/uk/vlfnlAHpAH5UGZITPkIXlIHpaH5RF5RB6VR+UxeVyelT/Ik/JHeUqelqflWXlOnpPnL30PQKESSiqlAhWjcqhYlVPlUlep3OpqlUflVRF1jYpT16p86jqVXxVQBVUhFa8KqyJKK6OsIhWqoqqYiqrr8dILRpVSpZVTZVRZdeO/kq+KqxtUCVXyV/lZ9SX+nfpaq9aqjWqj2qq2qr1qrzqoDqqj6qgSVILqpDqpzqqz6qK6qK6qq+qmuqnuqrvqqXqqXqqX6q16q0SVqPqpF1V/NUANVC+pQeplNVgNVkPUEJWkktQwNUwNV8PVCDVCjVQj1Wg1Wo1RY9RYNVaNV+NVskpWk9QkNVlNVlPUFDVVTVUpKkXNUDPUTDVTzVaz1Rw1R81Vc9V8NV+lqlS1UC1UaSpNLVaLVbpaopaoZWqZWqFWqFVqlVqj1qh1ap3aoDaodLVZbVZb1Va1XW1XO9VOtUvtUrvVbrVX7VX71D61X+1XB9QBdVAdVBkqQx1Sh9RhdVgdUUfUUXVUHVPH1Al1Qp1UJ9UpdUqdUWfUOXVOnVfn1QV1IfOyLxCBCFSggpggJogNYoNcQa4gd5A7yBPkCSJBJIgL4oJ8wXVB/qBAUDAoFMQHhYMigQ5MYANxqenR4PqgeHBDUCIoGZQKSgcuKBOUDW4MygU3BeWDm4MKwS1BxeDWoFJQOagSVA1uC6oFtwfVgzuCGsGdQc2gVlA7qBPcFdQN7g7qBfcE9YN7gwbBfUHD4P6gUfBA0Dh4MGgSPBQ0DR4OmgWPBM2DFkHLoFXQ+g9d3/tTBR5zvXUfnaj76n76Rd1fD9AD9Ut6kH5ZD9av6CH6VZ2kh+ph+jU9XL+uR+g39Eg9So/Wb+ox+i09Vo/T4/UEnawn6kn6bT1Zv6On6Hf1VD1Np+jpeoZ+T8/Us/Rs/b6eoz/Qc/U8PV8v0Kn6Q71QL9Jp+iO9WH+s0/USvVQv08v1Cr1Sr9Kr9Rq9Vq/T6/UGvVFv0pv1Fr1Vb9Pb9Q69U3+id+lP9W69R+/Vn+l9+nO9X3+hD+gv9UH9lc7QX+tD+ht9WH+rj+jv9FH9vT6mj+sT+gd9Uv+oT+nT+ow+q8/pn/R5/bO+oH3mxX3mx7tRRpkYE2NiTazJZXKZ3Ca3yWPymIiJmDgTZ/KZfCa/yW8KmoIm3sSbIqaIyUSGTFFT1ERN1BQ3xU0JU8KUMqWMM86UNWVNOVPOlDflTQVTwVQ0FU0lU8lUMVXMbeY2c7u53dxh7jB3mjtNLVPL1DF1TF1T19Qz9Ux9U980MA1MQ9PQNDKNTGPT2DQxTUxT09Q0M81Mc9PctDQtTWvT2rQxbUxb09a0N+1NB9PBdDQdTYJJMJ1MJ9PZdDZdTBfT1XQ13Uw30910Nz1NT9PL9DK9TW+TaBJNP9PP9Df9zUAz0Awyg8xgM9gMMUNMkkkyw8wwM9wMNyPMCDPSjDKjMy9UzVtmrBlnxpsJJtkkm0lmkplsJpspZoqZaqaaFJNiZpgZZqaZaWab2WaOmWPmmrlmvplvUk2qWWgWmjSTZhabxSbdpJulZqlZbpablWalWW1Wm7VmrVkP681Gs9FsNpvNVrPVbDfbzU6z0+wyu8xus9vsNXvNPrPP7Df7zQFzwBw0B02GyTCHzCFz2Bw2R8wRc9QcNcfMMXPCnDAnzUlzypwyZ8wZc84UuPR56U2szWlz2atsbnu1zWPz2r+NC9pCNt4WtkWstvltgV/Fxlpbwpa0pWxp62wZW9be+Ju4kq1sq9iq9jZbzd5uq/8mrmvvtvXsPba+vdfWsXf9Km5g77MN7cO2ESKAbWGb2Fa2qX3YNrOP2Oa2hW1pW9kO9gnb0T5pE+xTtpN9+jfxQrvIrrZr7Fq7zu62e+wZe9Yett/ac/Yn29v2sYPsy3awfcUOsa/aJDv0N/Fo+6YdY9+yY+04O95O+E081U6zKXa6nWHfszPtrN/EqfZDO8em2bl2np1vF/wSZ9aUZj+yi+3HNt0GsNQus8vtCrvSrsqq1ee1G+xGu8nusp/arXab3W532J1ZF8J2j91rP7P77Of2kP3GHrBf2oP2iM2wX/8SZ57fEfudPWq/t8fscXvC/mBP2h9VVnbmuf9gf7YXrLdASECSFAUUQzkolnJSLrqKctPVlIfyUoSuoTi6lvLRdZSfClBBKkTxVJiKkCZDlohCKkrFKErXU1Z5pag0OSpDZelGKkc3UXm6mSrQLVSRbqVKVJmqUFW6jarR7VSd7qAadCfVpFpUm+rQXVSX7qZ6dA/Vp3upAd1HDel+akQPUGN6kJrQQ9SUHqZm9Ag1pxbUklpRa3qU2tBj1JbaUXt6nDrQE9SRnqQEeoo60dPUmf5CXegZ6krPUjd6jrpTD+pJz1MveoF6Ux9KpL7Uj16k/jSABtJLNIhepsH0Cg2hVymJhtIweo2G0+s0gt6gkTSKRtObNIbeorE0jsbTBEqmiTSJ3qbJ9A5NoXdpKk2jFJpOM+g9mkmzaDa9T3PoA5pL82g+LaBU+pAW0iJKo49oMX1M6bSEltIyWk4raCWtotW0htbSOlpPG2gjbaLNtIW20jbaTjtoJ31Cu+hT2k17aC99Rvvoc9pPX9AB+pIO0leUQV/TIfqGDtO3dIS+833oezpGx+kE/UAn6Uc6RafpDJ2lc/QTnaef6QJ5ghBDEcpQhUEYE+YIY8OcYa7wqjB3eHWYJ8wbRsJrwrjw2jBfeF2YPywQFgwLhfFh4bBIqEMT2pDCMCwaFguj4fVh8fCGsERYMiwVlg5dWCYsG94YlgtvCsuHN4cVwlvCiuGtYaWwcvjwvVXD28Jq4e1h9fCOsEZ4Z1gzrBXWDuuEd4V1w7vDeuE9Yf3w3rB8eF/YMLw/bBQ+EDYOHwybhA+FTcOHw2bhI2HzsEXYMmwVtg4fDduEj4Vtw3Zh+/DxsEP4RNgxfDJMCJ8KO4VP/zJ/36K/P58Y9g37hS+GL4be3yPnRxdEU6MfRhdGF0XToh9FF0c/jqZHl0SXRpdFl0dXRFdGV0VXR9dE10bXRddHN0Q3RjdFva+TAxw64aRTLnAxLoeLdTldLneVy+2udnlcXhdx17g4d63L565z+V0BV9AVcvGusCvitDPOOnKhK+qKuai73hV3N7gSrqQr5Uo758q4sq6Va+1auzbuMdfWtXPt3ePucfeEe8I96Z500nVyT7vO7i+ui3vGdXXPumfdc6676+F6uuddLzcxz8X3ZKLr5/q5/q6/G+gGukFukBvsBrshbohLcklumBvmhrvhboQb4Ua6kW60G+3GuDFurBvrxrvxLtklu0lukpvsJrspboqb6qa6FJfiZrgZbqab6arNuniUuW6um+/mu1SX6ha6zGvGNLfYLXbpLt0tdUvdcrfcrXQr3Wq32q11a916t95tdBvdZrfZbXVb3Xa33e10O90ut8vt9nkvLur2uf1uvzvgDriD7iuX4b52h9w37rD71h1x37mj7nt3zB13J9wP7qT70Z1yp90Zd9adcz+58+5nd8F5lxyZGJkUeTsyOfJOZErk3cjUyLRISmR6ZEbkvcjMyKzI7Mj7kTmRDyJzI/Mi8yMLIqmRDyMLI4siaZGPIosjH0fSI0siSyPLIssjKyLeF94a+qK+mI/6631xf4Mv4Uv6Ur60d76ML+tv9OX8Tb68v9lX8Lf4iv5WX8lX9lX8I765b+Fb+la+tX/Ut/GP+ba+nW/vH/cd/BO+o3/SJ/infCf/tO/s/+K7+Gd8V/+s7+af8919D9/TP+97+Rd8b9/HJ/q+vp9/0ff3A/xA/5If5F/2g/0rfoh/1Sf5oX6Yf80P96/7Ef4NP9KP8qNj3vRjsm6RYYJP9hP9JP+2n+zf8VP8u36qn+ZT/HQ/w7/nZ/pZfrZ/38/xH/i5fp6f7xf4VP+hX+gX+TT/kV/sP/bpfknWQ2W/0q/yq/0av9av8+v9Br/Rb/Kb/Ra/1W/z2/0Ov9N/4nf5T/1uv8fv9Z/5ff5zv99/4Q/4L/1B/5XP8F/7Q/4bf9h/64/47/xR/70/5o/7E/4Hf9L/6E/50/6MP+vP+Z/8ef+zv8D/Zo0xxhhj7J8y8fJQ/Hrm4uP8vr+TI/5q534AcPW2Qhl/PZ95Rbk+/8XxABHfIQIAT/Xp9mDWVrNmYmLipX3TJQTF5gFk/U1Qphi4HC+B9vAEJEA7KPe79Q8QPc7RP1g/egtArr/KiYXL8eX1vwDAxN9Z/9HHRy+sGJ6J+1/WnwdQotjlnJxwOV4C7X95vtIOyv+d+gu0+Qf15/wyGaDtX+Xkhsvx5frLwmPwNCT8ak/GGGOMMcYYY+yiAaJKl6z7z6zf+Py9+/N4dTknB1yO/9H9OWOMMcYYY4wxxq68Z3r0fPLRhIR2Xf71QfX/U9Y/PWgG/6mVefC7A+8Bsr6iAODfXBAgcyD/zLPY8qccK+nSW+dvp5af9QH8gcfK+hWbK/SSuII/lBhjjDHGGGP/EZcv+n/9dXWlCmKMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxrKhP+O/E7vS58gYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4xdaf8TAAD//+cz+s0=") 1.760970246s ago: executing program 5 (id=2866): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f00000001c0)={0x79, 0x0, 0xc73}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_INTERRUPT(r2, 0x4004ae86, &(0x7f00000023c0)=0x5) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000003, 0x13, r2, 0x0) 1.460843142s ago: executing program 5 (id=2868): bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="183001000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0xff, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 1.448397122s ago: executing program 5 (id=2869): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'rng\x00', 0x0, 0x0, 'ansi_cprng\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000180)="93378e66cf9b48cb59638401fcd1730172853a9fa89527986442ab60ae29f9c1", 0x20) r1 = accept4(r0, 0x0, 0x0, 0x80800) recvmmsg$unix(r1, &(0x7f00000024c0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x10, 0x0) 1.445876532s ago: executing program 4 (id=2870): socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'virt_wifi0\x00'}) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0xfffffffffffffd51, &(0x7f0000000000)='cgroup\x00', 0x0}, 0x30) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000040)='cpu.max\x00', 0x2, 0x0) write$cgroup_subtree(r2, &(0x7f00000002c0)=ANY=[@ANYRESDEC=r0], 0x8) 1.364379334s ago: executing program 2 (id=2871): syz_usb_connect(0x0, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000009b768405e0483020b9901e40201090227000100000000090400fb015c"], 0x0) openat$adsp1(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_INIT(r0, 0x0, 0xc8, &(0x7f0000003d40), 0x4) setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f0000003d80)={0x0, 0x0, 0x3, 0x0, @vifc_lcl_addr=@local, @local}, 0x10) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$igmp(0x2, 0x3, 0x2) setsockopt$inet_mreq(r1, 0x0, 0x23, &(0x7f0000000000)={@multicast1=0xe0000300, @local}, 0x8) syz_emit_ethernet(0x2a, &(0x7f0000000240)={@local, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0xfb, 0x2, 0x0, @empty, @multicast1=0xe0000300}, @echo_reply={0x0, 0x0, 0x0, 0x64, 0xd2}}}}}, 0x0) setsockopt$MRT_ADD_MFC_PROXY(r2, 0x0, 0xd2, &(0x7f0000000200)={@empty, @multicast2=0xe0000300, 0x0, "028a3f6c58b274e6d8451697efe42811ee1df06e9264f7d866b1970548fc3c7b", 0xb2, 0xfffffff7, 0x4, 0x40000006}, 0x3c) 1.337221754s ago: executing program 3 (id=2872): r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x80) fchdir(r1) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1/file4\x00', 0x1c0) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file4/file6\x00', 0x1c0) mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file1/file4/file7\x00', 0x1c0) renameat2(0xffffffffffffff9c, &(0x7f0000000580)='./file1/file4/file6\x00', 0xffffffffffffff9c, &(0x7f00000005c0)='./file1/file4/file7/file6\x00', 0x0) 1.301708455s ago: executing program 5 (id=2873): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000b40)) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000001c0)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(aes)\x00'}, 0x4c) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d05c164a534308", 0x10) r1 = accept4(r0, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000fc0)) socket$nl_generic(0x10, 0x3, 0x10) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) recvmsg$can_raw(r1, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x1) 1.172799827s ago: executing program 4 (id=2874): syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./bus\x00', 0xc, &(0x7f0000000140)={[{@utf8no}, {@shortname_winnt}, {@uni_xlate}, {@iocharset={'iocharset', 0x3d, 'iso8859-2'}}, {@shortname_mixed}, {@shortname_lower}, {@utf8no}, {@uni_xlate}, {@iocharset={'iocharset', 0x3d, 'cp737'}}, {@utf8}, {@shortname_mixed}, {@shortname_winnt}, {@utf8no}, {@uni_xlateno}, {@shortname_win95}, {@iocharset={'iocharset', 0x3d, 'cp861'}}, {@uni_xlate}, {@utf8no}]}, 0x1, 0x36b, &(0x7f0000000880)="$eJzs3U1oY0UcAPB/+tKkXdD2JgpC9CZo2e5NL7ZIFxZ7UQl+HMTgdlWSKrRYbA+b1oPiUfCoJ28KevAgHkVQxJsHr64gq+JB97bg4kjy8vGapN3uYivF3w+aTGfmP/N/HySv4WX6wlI0L07HpWvXrsbMTCnKS48txfVSzEcWfbsxrjKhDgA4Ha6nFH+m3GjbzOSQ0gmkBQAco+77/0sRUYv5vObNrw/rn7z7A8Cp1/v7f/awPgd8DhDx2rGkBAAcs7HP/+/f11zp/pT7v5YLdwUAAKfVU88+9/jyasSTtdpMxPrbW/WtejwybF++FK9EK9bibMzFjYj8QqHzUOo+nr+wunK2Vqu145f5qEfEVC+wnl8pLGfd+GosxlzM9+J7Vxsppez8Z6sri7WuiNhtd+eP9dJWfTrO9Ob/8UysDS88+oN0nyIurK6cq/UGqK/349sRe8MbFTr5L8RcfP/iYJiU+ncwrq5cXuwnPYzfqlfj4mAvHPgJCAAAAAAAAAAAAAAAAAAAAAAA3JaF2sD8YP2c1HnOV8pZWJjQ3l0fJ4/vrQ+0l68PlKopUvrjjYfq72Sxb32g0fV5tiwkCAAAAAAAAAAAAAAAAAAAAAOb25VotFprG5vbO81iob2xuT0VEZ2aV7/95KvZGO9zk0I5n6IaMZii1pt2p9lIWb9zyiLGw7PO5P2ajz4fZFzsUx1sxcQ0qgc3tVp33Pfz+8Oae7P+yH8P+2QxeQOzQhqPjoy8fmee0q3sqEHhXLGmOj77lZRSoeatYvjl58cHjFJE+dYP3E5zKg7ukzqFb66+fHd/7ze+TLkHHpx7+sp7H/7WbLQ6M0f3CFY2Nm+kZqPU73yE2XvDpe4hGJ4bpcgLpeKZUD5swL39NY3sh9+fuefd7462E1Kx5vXO+TzSJ8s359PR8Epe6KQ50jQ7DJ/ubURrbXrCyX+zwm0c07s++OLjlH769chTDE2NvWyU/p1XHwAAAAAAAAAAAAAAAAAAoKjwXfHel67becP0YVEPP3FC6QEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAiRj+//9CYW83RmqOUvirPSGquraxGVH5rzcTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID/uX8CAAD//3wwZok=") syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0) 1.139385168s ago: executing program 3 (id=2875): r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000280)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000000)={0x1d, r1, 0x1, {0x0, 0x0, 0x4}}, 0x18) r2 = socket$can_j1939(0x1d, 0x2, 0x7) bind$can_j1939(r2, &(0x7f0000000240)={0x1d, r1, 0x2, {0x0, 0xf0, 0x1}, 0xff}, 0x18) 1.018702831s ago: executing program 3 (id=2876): socket$packet(0x11, 0x2, 0x300) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/packet\x00') preadv(r0, &(0x7f0000000000)=[{&(0x7f0000000480)=""/187, 0xbb}], 0x1, 0x4c, 0x0) 803.752685ms ago: executing program 3 (id=2877): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080), r2) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x305200, 0x0) close(r4) r5 = socket$unix(0x1, 0x1, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0xb}, {0xffff, 0xffff}, {0xb}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0xa, 0x7f61, 0x1, 0xc5, 0xe23, 0x1, 0x1, 0x7fff, 0x1}}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x20008001}, 0x0) r8 = accept4$unix(r5, 0x0, 0x0, 0x0) bind$unix(r8, 0x0, 0x0) sendmsg$nl_route_sched(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0x80000, {0x0, 0x0, 0x0, r7, {0x0, 0x9}, {0xffe6, 0xb}, {0xffe0, 0x3}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x4}}]}, 0x38}, 0x1, 0x0, 0x0, 0x2000c061}, 0x4008000) bind$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x4e21, 0x2, @dev={0xfe, 0x80, '\x00', 0x2d}, 0x98}, 0x1c) bind$inet6(0xffffffffffffffff, 0x0, 0x0) listen(0xffffffffffffffff, 0x200204) socket$netlink(0x10, 0x3, 0x4) ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) 597.668139ms ago: executing program 4 (id=2878): add_key$fscrypt_provisioning(&(0x7f0000000000), 0x0, &(0x7f0000000080)={0x2}, 0x8, 0xfffffffffffffffe) 491.508001ms ago: executing program 4 (id=2879): r0 = syz_init_net_socket$ax25(0x3, 0x3, 0x0) r1 = dup(r0) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$int_in(r2, 0x40000000af01, 0x0) ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000000340)) ioctl$VHOST_NET_SET_BACKEND(r2, 0x4008af30, &(0x7f00000002c0)={0x0, r1}) 383.712763ms ago: executing program 3 (id=2880): r0 = inotify_init1(0x0) syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, &(0x7f0000000540)={0x24, &(0x7f0000000240)=ANY=[@ANYBLOB="000a11"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = inotify_add_watch(r0, &(0x7f0000000200)='.\x00', 0x400) r2 = dup(r0) r3 = syz_io_uring_setup(0x10e, &(0x7f0000000140)={0x0, 0xd093, 0x10, 0x3, 0x13f}, &(0x7f00000003c0)=0x0, &(0x7f0000000300)=0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x1, 0x7}) write$UHID_CREATE2(r6, &(0x7f00000001c0)=ANY=[@ANYBLOB="06"], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r6, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0, 0x60, 0x185100}) io_uring_enter(r3, 0x409c, 0x3, 0x28, 0x0, 0x0) inotify_rm_watch(r2, r1) 360.025613ms ago: executing program 5 (id=2881): syz_mount_image$minix(&(0x7f00000000c0), &(0x7f00000001c0)='./file0\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0032006c00ae1ecebf96fccb8a69f4a8ea113bda4a1e87a726a9dcf01d4bf4543b835eb2b9e6066dc6b060d90b6ca4385a4244aa53e0a0acaebd0c1dd5d380385e85b29008b29f2fb4a93ebe5ace1c105e684d1fd61659e8decea319f675e039904905a8130e2f3c8d5c7a22b4487a331c727612ff1ddd6aabd0e4ab29212632a15e835fac77a7c827"], 0x1, 0x174, &(0x7f0000000240)="$eJzs281uElEYgOFvAH/iysSdcWfV+lMGCpou9VKadmwap2qsmzYu9Aq8Bq/M3oALb0BMR8BEGCaRyAnyPKsvvEzmsDjM2UwAm6vzPLLIYutyvnP95udbWeoVASsySnz/HyMgnfZF6hUAaXx7EXEREV+/fziI9tbM8/myf5z01r3Z/inidmfcs/vx4I8++hLVZ7/69tzrb0z7w7l9++7k/o/icTyJnehGHr3oj/vh9PrhkqcRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADZVFt2mvvALrXh5XBa92n6l6v3afrXquw19UNuvVb178KY8XLRMYI7Wkvu/3bD/Ow37H0jn9Oz81X5ZFu8MBoNhOqT+ZwL+tfz9ydv89Ox85/hk/6g4Kl4P+8Nne4PB3tNeXp3s88Xne2B9/X7op14JAAAAAAAAAPC3dqP+3RoAAOD/sorXiVL/RgAAAAAAAAAAAAAAWHc/AwAA//8c7qwa") r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) ioctl$LOOP_SET_STATUS64(r1, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x8005, 0x0, 0x0, 0x15, 0x1c, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x204]}) write$binfmt_elf32(r0, &(0x7f0000000640)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x81, 0xfa, 0x63, 0x7, 0x2, 0x5, 0xfffff848, 0x254, 0x34, 0x16c, 0x1, 0x2, 0x20, 0x1, 0xe593, 0x3, 0xbfb7}, [{0x7, 0x80000000, 0x7fffffff, 0x8, 0x56d2, 0x9, 0x7, 0x5}], "e9fc85f95f15e8a92fcdc75b301a843cf10b815950cdad62625b1e651797deaf052ec8a0d2e3b9f4fdbb7eebd07d7ac459028ffb6ddbf2696b098b9a6f50fd624800efc0e108a28e75b4c98f2feaf3cc72b72a478795bd7e12970011459c40530a20", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x6b6) 265.119995ms ago: executing program 4 (id=2882): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB=',rootmode=00']) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=@updpolicy={0xb4, 0x19, 0x1, 0x0, 0x1, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x1}}, 0xb4}, 0x1, 0x0, 0x0, 0x1}, 0x4000) ptrace$getregset(0x4205, 0x0, 0x2, &(0x7f0000000080)={0x0}) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000000)=@arm64={0x8, 0x2, 0x2, '\x00', 0x2}) 71.661789ms ago: executing program 4 (id=2883): mkdirat(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', 0x1c0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002040), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000002080)='./file0\x00', &(0x7f00000020c0), 0x0, &(0x7f0000002100)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r2 = getpid() lstat(&(0x7f0000000240)='./file0\x00', 0x0) ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000300)={0xe}) open(&(0x7f0000000000)='.\x00', 0x0, 0x0) r3 = syz_pidfd_open(r2, 0x0) setns(r3, 0x24020000) umount2(&(0x7f0000000040)='.\x00', 0x2) close_range(r1, 0xffffffffffffffff, 0x0) 0s ago: executing program 5 (id=2884): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000180)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000001400000008000a"], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0) kernel console output (not intermixed with test programs): _write+0xd00/0xd00 [ 125.320547][ T5417] ? lockdep_hardirqs_on+0x94/0x140 [ 125.325773][ T5417] do_syscall_64+0x4c/0xa0 [ 125.330191][ T5417] ? clear_bhb_loop+0x30/0x80 [ 125.334875][ T5417] ? clear_bhb_loop+0x30/0x80 [ 125.339589][ T5417] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 125.345512][ T5417] RIP: 0033:0x7fc8daf4b63c [ 125.349931][ T5417] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 125.369542][ T5417] RSP: 002b:00007fc8d91b4030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 125.377958][ T5417] RAX: ffffffffffffffda RBX: 00007fc8db193fa0 RCX: 00007fc8daf4b63c [ 125.385929][ T5417] RDX: 000000000000000f RSI: 00007fc8d91b40a0 RDI: 0000000000000004 [ 125.393898][ T5417] RBP: 00007fc8d91b4090 R08: 0000000000000000 R09: 0000000000000000 [ 125.401888][ T5417] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 125.409856][ T5417] R13: 00007fc8db194038 R14: 00007fc8db193fa0 R15: 00007ffe3a9a56f8 [ 125.417837][ T5417] [ 125.897642][ T5445] netlink: 'syz.0.389': attribute type 1 has an invalid length. [ 126.860183][ T5486] ALSA: mixer_oss: invalid OSS volume '' [ 126.967006][ T5488] netlink: 'syz.1.404': attribute type 1 has an invalid length. [ 127.048702][ T5456] netlink: 36 bytes leftover after parsing attributes in process `syz.3.392'. [ 127.160887][ T5486] loop4: detected capacity change from 0 to 8192 [ 127.193732][ T5486] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 127.389176][ T5498] loop4: detected capacity change from 0 to 1024 [ 127.478001][ T5498] misc userio: Invalid payload size [ 130.367441][ T5534] ALSA: mixer_oss: invalid OSS volume '' [ 130.540185][ T5534] loop4: detected capacity change from 0 to 8192 [ 130.571882][ T5537] overlayfs: failed to clone upperpath [ 130.716021][ T5539] overlayfs: failed to clone upperpath [ 130.750191][ T5534] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 131.011204][ T5545] loop4: detected capacity change from 0 to 1024 [ 131.023294][ T5543] overlayfs: failed to clone upperpath [ 131.079070][ T5545] misc userio: Invalid payload size [ 132.675600][ T1420] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.682109][ T1420] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.742756][ T5577] overlayfs: failed to clone upperpath [ 132.832833][ T5557] netlink: 24 bytes leftover after parsing attributes in process `syz.1.428'. [ 133.793626][ T5624] netlink: 19 bytes leftover after parsing attributes in process `syz.1.457'. [ 133.851578][ T5624] netlink: 19 bytes leftover after parsing attributes in process `syz.1.457'. [ 134.264979][ T5642] overlayfs: failed to clone upperpath [ 134.324752][ T5617] netlink: 8 bytes leftover after parsing attributes in process `syz.2.454'. [ 134.335190][ T5617] netlink: 4 bytes leftover after parsing attributes in process `syz.2.454'. [ 134.344062][ T5617] netlink: 'syz.2.454': attribute type 14 has an invalid length. [ 134.351910][ T5617] netlink: 'syz.2.454': attribute type 11 has an invalid length. [ 136.299699][ T5679] overlayfs: failed to clone upperpath [ 136.434301][ T5688] loop4: detected capacity change from 0 to 8192 [ 136.538629][ T5688] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 138.262360][ T5718] overlayfs: failed to clone upperpath [ 139.672884][ T5754] capability: warning: `syz.1.504' uses 32-bit capabilities (legacy support in use) [ 139.800159][ T5743] Invalid ELF header magic: != ELF [ 139.976074][ T5763] netlink: 'syz.1.510': attribute type 16 has an invalid length. [ 140.015404][ T5763] netlink: 'syz.1.510': attribute type 17 has an invalid length. [ 140.099476][ T5763] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 140.165676][ T5763] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 140.193672][ T5763] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 140.260850][ T5763] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 141.560646][ C0] sched: RT throttling activated [ 142.367761][ T5807] overlayfs: failed to clone upperpath [ 143.301468][ T5823] Invalid ELF header magic: != ELF [ 143.515492][ T5839] FAULT_INJECTION: forcing a failure. [ 143.515492][ T5839] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 143.528682][ T5839] CPU: 0 PID: 5839 Comm: syz.4.535 Not tainted syzkaller #0 [ 143.535998][ T5839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 143.546090][ T5839] Call Trace: [ 143.549386][ T5839] [ 143.552313][ T5839] dump_stack_lvl+0x168/0x230 [ 143.557003][ T5839] ? show_regs_print_info+0x20/0x20 [ 143.562204][ T5839] ? load_image+0x3b0/0x3b0 [ 143.566721][ T5839] ? __lock_acquire+0x7c60/0x7c60 [ 143.571779][ T5839] should_fail+0x38c/0x4c0 [ 143.576216][ T5839] _copy_to_user+0x2e/0x130 [ 143.580738][ T5839] simple_read_from_buffer+0xe3/0x150 [ 143.586156][ T5839] proc_fail_nth_read+0x19a/0x210 [ 143.591213][ T5839] ? proc_fault_inject_write+0x2f0/0x2f0 [ 143.596863][ T5839] ? fsnotify_perm+0x254/0x560 [ 143.601654][ T5839] ? proc_fault_inject_write+0x2f0/0x2f0 [ 143.607295][ T5839] vfs_read+0x2f6/0xcf0 [ 143.611468][ T5839] ? kernel_read+0x1e0/0x1e0 [ 143.616106][ T5839] ? __fget_files+0x40f/0x480 [ 143.620851][ T5839] ? mutex_lock_nested+0x17/0x20 [ 143.625798][ T5839] ? __fdget_pos+0x2bf/0x370 [ 143.630407][ T5839] ? ksys_read+0x71/0x250 [ 143.634743][ T5839] ksys_read+0x14d/0x250 [ 143.638998][ T5839] ? vfs_write+0xd00/0xd00 [ 143.643423][ T5839] ? lockdep_hardirqs_on+0x94/0x140 [ 143.648630][ T5839] do_syscall_64+0x4c/0xa0 [ 143.653072][ T5839] ? clear_bhb_loop+0x30/0x80 [ 143.657890][ T5839] ? clear_bhb_loop+0x30/0x80 [ 143.662569][ T5839] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 143.668470][ T5839] RIP: 0033:0x7fc8daf4b63c [ 143.672893][ T5839] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 143.692509][ T5839] RSP: 002b:00007fc8d9193030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 143.700930][ T5839] RAX: ffffffffffffffda RBX: 00007fc8db194090 RCX: 00007fc8daf4b63c [ 143.708919][ T5839] RDX: 000000000000000f RSI: 00007fc8d91930a0 RDI: 0000000000000007 [ 143.716901][ T5839] RBP: 00007fc8d9193090 R08: 0000000000000000 R09: 0000000000000000 [ 143.724879][ T5839] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 143.732864][ T5839] R13: 00007fc8db194128 R14: 00007fc8db194090 R15: 00007ffe3a9a56f8 [ 143.740882][ T5839] [ 145.107821][ T5867] netlink: 60 bytes leftover after parsing attributes in process `syz.1.547'. [ 145.129188][ T5864] overlayfs: failed to clone upperpath [ 145.415646][ T5856] loop4: detected capacity change from 0 to 32768 [ 145.489810][ T5882] virtio-fs: tag not found [ 145.508183][ T5882] 9pnet: p9_errstr2errno: server reported unknown error @0x0000000000000002 [ 145.525348][ T5856] XFS (loop4): Mounting V5 Filesystem [ 145.597618][ T5856] XFS (loop4): Ending clean mount [ 145.628396][ T5856] XFS (loop4): Quotacheck needed: Please wait. [ 145.879991][ T5856] XFS (loop4): Quotacheck: Done. [ 146.755797][ T4186] XFS (loop4): Unmounting Filesystem [ 146.945833][ T5915] Zero length message leads to an empty skb [ 146.952176][ T5915] netlink: 'syz.2.560': attribute type 1 has an invalid length. [ 147.033491][ T5915] 8021q: adding VLAN 0 to HW filter on device bond2 [ 147.866635][ T5934] can: request_module (can-proto-0) failed. [ 151.108952][ T6002] netlink: 4 bytes leftover after parsing attributes in process `syz.0.588'. [ 151.347145][ T5996] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 151.376833][ T5996] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 153.796296][ T6050] loop4: detected capacity change from 0 to 1024 [ 153.880831][ T6050] misc userio: Invalid payload size [ 158.231338][ T6121] loop4: detected capacity change from 0 to 512 [ 158.315988][ T6121] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 158.452109][ T6132] overlayfs: failed to clone upperpath [ 158.459811][ T6121] ext4 filesystem being mounted at /92/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 158.551286][ T6121] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 158.608584][ T6142] netlink: 'syz.1.635': attribute type 30 has an invalid length. [ 158.979950][ T6139] xt_CT: No such helper "snmp_trap" [ 159.617956][ T6165] loop4: detected capacity change from 0 to 512 [ 159.693563][ T6165] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 159.704816][ T6165] ext4 filesystem being mounted at /93/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 160.103618][ T6181] overlayfs: failed to clone upperpath [ 161.909196][ T6205] syz.1.655 (6205) used greatest stack depth: 17504 bytes left [ 162.981641][ T6231] overlayfs: failed to clone upperpath [ 163.151786][ T6252] dccp_xmit_packet: Payload too large (65475) for featneg. [ 163.332371][ T6266] ALSA: mixer_oss: invalid OSS volume '' [ 163.458023][ T6266] loop4: detected capacity change from 0 to 8192 [ 163.871983][ T6266] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 165.713303][ T6306] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 165.721586][ T6306] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 165.789627][ T6312] overlayfs: failed to clone upperpath [ 165.976795][ T6330] capability: warning: `syz.2.700' uses deprecated v2 capabilities in a way that may be insecure [ 166.188585][ T6341] loop4: detected capacity change from 0 to 1024 [ 166.915904][ T6341] EXT4-fs (loop4): mounted filesystem without journal. Opts: errors=remount-ro,noinit_itable,. Quota mode: none. [ 167.270896][ T21] usb 5-1: new full-speed USB device number 4 using dummy_hcd [ 167.358313][ T6376] overlayfs: failed to clone upperpath [ 168.861352][ T21] usb 5-1: not running at top speed; connect to a high speed hub [ 169.030986][ T21] usb 5-1: config 95 has an invalid interface number: 1 but max is 0 [ 169.045986][ T21] usb 5-1: config 95 has no interface number 0 [ 169.073142][ T21] usb 5-1: config 95 interface 1 has no altsetting 0 [ 169.270877][ T21] usb 5-1: New USB device found, idVendor=0763, idProduct=2031, bcdDevice=ad.3f [ 169.290219][ T21] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 169.320810][ T21] usb 5-1: Product: syz [ 169.382296][ T21] usb 5-1: can't set config #95, error -71 [ 169.408976][ T21] usb 5-1: USB disconnect, device number 4 [ 169.723323][ T6438] loop4: detected capacity change from 0 to 128 [ 169.763469][ T6438] EXT4-fs (loop4): mounted filesystem without journal. Opts: usrquota,acl,,errors=continue. Quota mode: writeback. [ 169.791409][ T6438] ext4 filesystem being mounted at /104/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 169.878640][ T6438] netlink: 12 bytes leftover after parsing attributes in process `syz.4.737'. [ 170.170912][ T5399] usb 5-1: new full-speed USB device number 5 using dummy_hcd [ 171.494624][ T6480] overlayfs: failed to clone upperpath [ 171.751456][ T5399] usb 5-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f [ 171.782368][ T5399] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 171.825053][ T5399] usb 5-1: Product: syz [ 171.853714][ T5399] usb 5-1: Manufacturer: syz [ 171.880841][ T5399] usb 5-1: SerialNumber: syz [ 171.993644][ T5399] usb 5-1: config 0 descriptor?? [ 172.700767][ T5399] airspy 5-1:0.0: Board ID: 00 [ 172.705880][ T5399] airspy 5-1:0.0: Firmware version: [ 173.811590][ T6529] netlink: 24 bytes leftover after parsing attributes in process `syz.3.773'. [ 174.045533][ T6532] overlayfs: failed to clone upperpath [ 174.900951][ T5399] airspy 5-1:0.0: usb_control_msg() failed -71 request 10 [ 174.940171][ T5399] airspy 5-1:0.0: Registered as swradio24 [ 174.945985][ T5399] airspy 5-1:0.0: SDR API is still slightly experimental and functionality changes may follow [ 175.687693][ T5399] usb 5-1: USB disconnect, device number 5 [ 176.162477][ T6564] netlink: 24 bytes leftover after parsing attributes in process `syz.4.784'. [ 177.459340][ T6580] FAULT_INJECTION: forcing a failure. [ 177.459340][ T6580] name failslab, interval 1, probability 0, space 0, times 0 [ 177.472494][ T6580] CPU: 1 PID: 6580 Comm: syz.4.790 Not tainted syzkaller #0 [ 177.479781][ T6580] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 177.489845][ T6580] Call Trace: [ 177.493143][ T6580] [ 177.496072][ T6580] dump_stack_lvl+0x168/0x230 [ 177.500755][ T6580] ? is_dynamic_key+0x1f0/0x1f0 [ 177.505605][ T6580] ? show_regs_print_info+0x20/0x20 [ 177.510806][ T6580] ? load_image+0x3b0/0x3b0 [ 177.515329][ T6580] ? mark_lock+0x94/0x320 [ 177.519666][ T6580] ? __lock_acquire+0x13ad/0x7c60 [ 177.524696][ T6580] should_fail+0x38c/0x4c0 [ 177.529123][ T6580] should_failslab+0x5/0x20 [ 177.533621][ T6580] slab_pre_alloc_hook+0x51/0xc0 [ 177.538573][ T6580] ? xas_create+0x5d0/0x1620 [ 177.543162][ T6580] kmem_cache_alloc+0x3d/0x290 [ 177.547929][ T6580] xas_create+0x5d0/0x1620 [ 177.552353][ T6580] xas_store+0xa2/0x19f0 [ 177.556595][ T6580] ? xas_find_marked+0x197/0x1010 [ 177.561628][ T6580] __xa_alloc+0x13f/0x210 [ 177.565965][ T6580] __xa_alloc_cyclic+0x8d/0x2d0 [ 177.570819][ T6580] io_register_personality+0x150/0x270 [ 177.576281][ T6580] ? io_probe+0x530/0x530 [ 177.580621][ T6580] __se_sys_io_uring_register+0x53e/0xe40 [ 177.586359][ T6580] ? lockdep_hardirqs_on+0x94/0x140 [ 177.591558][ T6580] do_syscall_64+0x4c/0xa0 [ 177.595972][ T6580] ? clear_bhb_loop+0x30/0x80 [ 177.600652][ T6580] ? clear_bhb_loop+0x30/0x80 [ 177.605348][ T6580] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 177.611241][ T6580] RIP: 0033:0x7fc8daf4cc29 [ 177.615657][ T6580] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 177.635264][ T6580] RSP: 002b:00007fc8d91b4038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ab [ 177.643678][ T6580] RAX: ffffffffffffffda RBX: 00007fc8db193fa0 RCX: 00007fc8daf4cc29 [ 177.651650][ T6580] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 0000000000000009 [ 177.659619][ T6580] RBP: 00007fc8d91b4090 R08: 0000000000000000 R09: 0000000000000000 [ 177.667589][ T6580] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 177.675577][ T6580] R13: 00007fc8db194038 R14: 00007fc8db193fa0 R15: 00007ffe3a9a56f8 [ 177.683562][ T6580] [ 178.151797][ T6597] netlink: 24 bytes leftover after parsing attributes in process `syz.3.798'. [ 178.190862][ T4229] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 178.851004][ T4229] usb 5-1: Using ep0 maxpacket: 32 [ 179.547931][ T4229] usb 5-1: config 0 has an invalid interface number: 20 but max is 0 [ 179.556185][ T4229] usb 5-1: config 0 has no interface number 0 [ 180.461394][ T4229] usb 5-1: New USB device found, idVendor=1485, idProduct=0001, bcdDevice=3e.65 [ 180.476365][ T4229] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 180.717934][ T4229] usb 5-1: Product: syz [ 180.723946][ T4229] usb 5-1: Manufacturer: syz [ 180.728760][ T4229] usb 5-1: SerialNumber: syz [ 181.311746][ T4229] usb 5-1: config 0 descriptor?? [ 181.517198][ T4229] usb 5-1: can't set config #0, error -71 [ 181.531190][ T4229] usb 5-1: USB disconnect, device number 6 [ 182.256232][ T6694] fuse: Bad value for 'fd' [ 183.322404][ T6708] FAULT_INJECTION: forcing a failure. [ 183.322404][ T6708] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 183.356375][ T6708] CPU: 1 PID: 6708 Comm: syz.4.842 Not tainted syzkaller #0 [ 183.363722][ T6708] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 183.373825][ T6708] Call Trace: [ 183.377131][ T6708] [ 183.380088][ T6708] dump_stack_lvl+0x168/0x230 [ 183.384798][ T6708] ? show_regs_print_info+0x20/0x20 [ 183.390030][ T6708] ? load_image+0x3b0/0x3b0 [ 183.394576][ T6708] ? __lock_acquire+0x7c60/0x7c60 [ 183.399643][ T6708] should_fail+0x38c/0x4c0 [ 183.404098][ T6708] _copy_from_iter+0x22a/0x1150 [ 183.408993][ T6708] ? __lock_acquire+0x7c60/0x7c60 [ 183.414062][ T6708] ? copy_mc_pipe_to_iter+0x7d0/0x7d0 [ 183.419483][ T6708] ? __virt_addr_valid+0x3c6/0x470 [ 183.424626][ T6708] ? __phys_addr+0xb6/0x170 [ 183.429158][ T6708] ? __phys_addr_symbol+0x2b/0x70 [ 183.434232][ T6708] ? __check_object_size+0x30c/0x410 [ 183.439605][ T6708] pfkey_sendmsg+0x1e4/0xff0 [ 183.444245][ T6708] ? __might_sleep+0xf0/0xf0 [ 183.448868][ T6708] ? pfkey_release+0x310/0x310 [ 183.453681][ T6708] ? aa_sk_perm+0x7b4/0x8f0 [ 183.458221][ T6708] ? aa_af_perm+0x2b0/0x2b0 [ 183.462749][ T6708] ? tomoyo_socket_sendmsg_permission+0x1dd/0x2f0 [ 183.469206][ T6708] ? aa_sock_msg_perm+0x94/0x150 [ 183.474179][ T6708] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 183.479495][ T6708] ? security_socket_sendmsg+0x7c/0xa0 [ 183.484990][ T6708] ? pfkey_release+0x310/0x310 [ 183.489794][ T6708] ____sys_sendmsg+0x5a2/0x8c0 [ 183.494604][ T6708] ? memset+0x1e/0x40 [ 183.498631][ T6708] ? __sys_sendmsg_sock+0x30/0x30 [ 183.503694][ T6708] ? import_iovec+0x6f/0xa0 [ 183.508233][ T6708] ___sys_sendmsg+0x1f0/0x260 [ 183.512943][ T6708] ? __sys_sendmsg+0x250/0x250 [ 183.517774][ T6708] ? __fdget+0x18b/0x210 [ 183.522040][ T6708] __sys_sendmmsg+0x27c/0x4a0 [ 183.526751][ T6708] ? __ia32_sys_sendmsg+0x80/0x80 [ 183.531806][ T6708] ? __context_tracking_exit+0x4c/0x80 [ 183.537304][ T6708] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 183.543320][ T6708] ? lock_chain_count+0x20/0x20 [ 183.548194][ T6708] ? vtime_user_exit+0x2dc/0x400 [ 183.553169][ T6708] __x64_sys_sendmmsg+0x9c/0xb0 [ 183.558066][ T6708] do_syscall_64+0x4c/0xa0 [ 183.562499][ T6708] ? clear_bhb_loop+0x30/0x80 [ 183.567199][ T6708] ? clear_bhb_loop+0x30/0x80 [ 183.571894][ T6708] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 183.577806][ T6708] RIP: 0033:0x7fc8daf4cc29 [ 183.582252][ T6708] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 183.602862][ T6708] RSP: 002b:00007fc8d91b4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 183.611309][ T6708] RAX: ffffffffffffffda RBX: 00007fc8db193fa0 RCX: 00007fc8daf4cc29 [ 183.619307][ T6708] RDX: 00000000000003ef RSI: 0000200000000180 RDI: 0000000000000003 [ 183.627297][ T6708] RBP: 00007fc8d91b4090 R08: 0000000000000000 R09: 0000000000000000 [ 183.635289][ T6708] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 183.643274][ T6708] R13: 00007fc8db194038 R14: 00007fc8db193fa0 R15: 00007ffe3a9a56f8 [ 183.651279][ T6708] [ 185.175710][ T6742] overlayfs: failed to clone upperpath [ 185.654140][ T6766] netlink: 4 bytes leftover after parsing attributes in process `syz.2.859'. [ 186.339019][ T1108] Bluetooth: hci0: command 0x0406 tx timeout [ 186.345198][ T1108] Bluetooth: hci3: command 0x0406 tx timeout [ 186.351403][ T1108] Bluetooth: hci2: command 0x0406 tx timeout [ 186.358008][ T1108] Bluetooth: hci4: command 0x0406 tx timeout [ 186.370159][ T1108] Bluetooth: hci1: command 0x0406 tx timeout [ 186.512347][ T6769] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 186.524534][ T6769] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 187.356301][ T6791] loop4: detected capacity change from 0 to 4096 [ 187.378064][ T6791] ntfs3: Unknown parameter '@' [ 189.084233][ T6827] loop4: detected capacity change from 0 to 8192 [ 189.991962][ T6827] REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal [ 190.042079][ T6827] REISERFS (device loop4): using ordered data mode [ 190.064041][ T6827] reiserfs: using flush barriers [ 190.096736][ T6827] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 190.151923][ T6827] REISERFS (device loop4): checking transaction log (loop4) [ 190.178633][ T6827] REISERFS (device loop4): Using r5 hash to sort names [ 192.500167][ T6876] loop4: detected capacity change from 0 to 4096 [ 192.523773][ T6876] ntfs3: Unknown parameter '@' [ 194.170445][ T1420] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.176897][ T1420] ieee802154 phy1 wpan1: encryption failed: -22 [ 196.218312][ T6958] sch_fq: defrate 0 ignored. [ 197.401662][ T6972] netlink: 24 bytes leftover after parsing attributes in process `syz.3.935'. [ 197.415881][ T6934] loop4: detected capacity change from 0 to 65536 [ 197.452575][ T6973] netlink: 7 bytes leftover after parsing attributes in process `syz.3.935'. [ 197.658848][ T6975] IPVS: set_ctl: invalid protocol: 43 255.255.255.255:20002 [ 197.689229][ T6975] device sit0 entered promiscuous mode [ 197.771687][ T6975] netlink: 'syz.3.935': attribute type 1 has an invalid length. [ 197.779457][ T6975] netlink: 1 bytes leftover after parsing attributes in process `syz.3.935'. [ 199.054334][ T7024] fuse: Unknown parameter 'rhYode' [ 201.737837][ T7079] sch_fq: defrate 0 ignored. [ 205.105198][ T7112] loop4: detected capacity change from 0 to 4096 [ 205.275633][ T7112] ntfs: (device loop4): ntfs_read_locked_inode(): $DATA attribute is missing. [ 205.412905][ T7127] sch_fq: defrate 0 ignored. [ 205.489636][ T7112] ntfs: (device loop4): ntfs_read_locked_inode(): Failed with error code -2. Marking corrupt inode 0xa as bad. Run chkdsk. [ 206.060792][ T7112] ntfs: (device loop4): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 206.141129][ T7112] ntfs: volume version 3.1. [ 206.384370][ T7134] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 206.422835][ T7134] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 206.815770][ T7140] netlink: 32 bytes leftover after parsing attributes in process `syz.1.991'. [ 208.170526][ T4186] ntfs: (device loop4): ntfs_put_super(): Volume has errors. Leaving volume marked dirty. Run chkdsk. [ 208.216832][ T7165] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1002'. [ 208.671865][ T7181] overlayfs: failed to resolve './file1': -2 [ 209.929139][ T7206] loop4: detected capacity change from 0 to 512 [ 210.077764][ T7206] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 210.089453][ T7206] ext4 filesystem being mounted at /133/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 211.382894][ T7228] overlayfs: failed to resolve './file1': -2 [ 212.479776][ T7260] autofs4:pid:7260:autofs_fill_super: called with bogus options [ 212.618062][ T7256] loop4: detected capacity change from 0 to 1024 [ 213.252310][ T7244] misc userio: Invalid payload size [ 213.407722][ T7263] overlayfs: failed to resolve './file1': -2 [ 216.028183][ T7309] overlayfs: failed to clone upperpath [ 217.706173][ T7331] netlink: 'syz.4.1055': attribute type 32 has an invalid length. [ 219.027284][ T7352] overlayfs: failed to clone upperpath [ 219.271292][ T7350] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 219.384067][ T7350] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 224.345576][ T7402] overlayfs: failed to clone upperpath [ 231.496205][ T7497] uffd: Set unprivileged_userfaultfd sysctl knob to 1 if kernel faults must be handled without obtaining CAP_SYS_PTRACE capability [ 233.420505][ T7524] netlink: 332 bytes leftover after parsing attributes in process `syz.0.1118'. [ 237.274880][ T7585] overlayfs: failed to clone upperpath [ 237.384831][ T7570] loop4: detected capacity change from 0 to 32768 [ 237.444190][ T7570] (syz.4.1131,7570,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 237.461216][ T7570] (syz.4.1131,7570,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 237.517767][ T7570] JBD2: Ignoring recovery information on journal [ 237.616621][ T7570] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 237.978971][ T4186] ocfs2: Unmounting device (7,4) on (node local) [ 240.833680][ T7634] overlayfs: failed to clone upperpath [ 243.045514][ T7685] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1171'. [ 243.112253][ T7654] loop4: detected capacity change from 0 to 40427 [ 243.284233][ T7654] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 243.304226][ T7654] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 243.338939][ T7654] F2FS-fs (loop4): invalid crc value [ 244.151832][ T7654] F2FS-fs (loop4): Found nat_bits in checkpoint [ 244.316843][ T7654] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 244.327615][ T7654] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 246.602758][ T7743] overlayfs: overlapping lowerdir path [ 247.859357][ T7765] loop4: detected capacity change from 0 to 1024 [ 248.221374][ T7765] EXT4-fs (loop4): inodes count not valid: 1 vs 32 [ 250.730333][ T7789] sch_fq: defrate 0 ignored. [ 251.406624][ T7803] loop4: detected capacity change from 0 to 4096 [ 251.421647][ T7803] ntfs3: Unknown parameter '@' [ 255.058747][ T7830] sch_fq: defrate 0 ignored. [ 255.621194][ T1420] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.627575][ T1420] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.709815][ T7856] loop4: detected capacity change from 0 to 1024 [ 258.653858][ T7914] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1248'. [ 259.212958][ T7927] infiniband syz0: set active [ 259.238620][ T7927] infiniband syz0: added bond_slave_1 [ 259.344093][ T7939] loop4: detected capacity change from 0 to 1024 [ 259.383937][ T7927] RDS/IB: syz0: added [ 259.411580][ T7927] smc: adding ib device syz0 with port count 1 [ 259.418054][ T7927] smc: ib device syz0 port 1 has pnetid [ 259.466348][ T7939] misc userio: Invalid payload size [ 261.431610][ T7979] loop4: detected capacity change from 0 to 128 [ 261.720102][ T7988] loop4: detected capacity change from 0 to 1024 [ 261.742293][ T7988] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (51269!=20869) [ 261.762564][ T7988] EXT4-fs error (device loop4): ext4_get_journal_inode:5160: inode #32: comm syz.4.1277: iget: special inode unallocated [ 261.796094][ T7988] EXT4-fs (loop4): no journal found [ 261.806188][ T7988] EXT4-fs (loop4): can't get journal size [ 261.831919][ T7988] EXT4-fs (loop4): filesystem is read-only [ 261.861012][ T7988] EXT4-fs (loop4): mounted filesystem without journal. Opts: errors=remount-ro,noload,noblock_validity,bsdgroups,nobarrier,. Quota mode: none. [ 262.028780][ T7988] EXT4-fs error (device loop4): ext4_lookup:1850: inode #2: comm syz.4.1277: bad inode number: 15 [ 263.109825][ T8010] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 263.132874][ T8010] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 263.318436][ T8031] FAULT_INJECTION: forcing a failure. [ 263.318436][ T8031] name failslab, interval 1, probability 0, space 0, times 0 [ 263.360851][ T8031] CPU: 1 PID: 8031 Comm: syz.4.1296 Not tainted syzkaller #0 [ 263.368281][ T8031] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 263.378367][ T8031] Call Trace: [ 263.381762][ T8031] [ 263.384887][ T8031] dump_stack_lvl+0x168/0x230 [ 263.389644][ T8031] ? show_regs_print_info+0x20/0x20 [ 263.394874][ T8031] ? load_image+0x3b0/0x3b0 [ 263.399510][ T8031] ? __might_sleep+0xf0/0xf0 [ 263.404168][ T8031] ? __lock_acquire+0x7c60/0x7c60 [ 263.409231][ T8031] should_fail+0x38c/0x4c0 [ 263.413691][ T8031] should_failslab+0x5/0x20 [ 263.418217][ T8031] slab_pre_alloc_hook+0x51/0xc0 [ 263.423170][ T8031] ? __alloc_file+0x25/0x240 [ 263.427775][ T8031] kmem_cache_alloc+0x3d/0x290 [ 263.432561][ T8031] __alloc_file+0x25/0x240 [ 263.436992][ T8031] alloc_empty_file+0x90/0x180 [ 263.441778][ T8031] alloc_file+0x5b/0x4f0 [ 263.446057][ T8031] ? do_raw_spin_unlock+0x11d/0x230 [ 263.451271][ T8031] alloc_file_pseudo+0x17a/0x1f0 [ 263.456224][ T8031] ? alloc_empty_file_noaccount+0x80/0x80 [ 263.461971][ T8031] __shmem_file_setup+0x1cf/0x290 [ 263.467004][ T8031] ? shmem_file_setup+0x13/0x30 [ 263.471866][ T8031] __se_sys_memfd_create+0x290/0x430 [ 263.477162][ T8031] ? __x64_sys_memfd_create+0x60/0x60 [ 263.482543][ T8031] ? lockdep_hardirqs_on+0x94/0x140 [ 263.487751][ T8031] do_syscall_64+0x4c/0xa0 [ 263.492197][ T8031] ? clear_bhb_loop+0x30/0x80 [ 263.496877][ T8031] ? clear_bhb_loop+0x30/0x80 [ 263.501557][ T8031] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 263.507465][ T8031] RIP: 0033:0x7fc8daf4cc29 [ 263.511899][ T8031] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 263.531600][ T8031] RSP: 002b:00007fc8d91b3e18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f [ 263.540025][ T8031] RAX: ffffffffffffffda RBX: 00000000000004bc RCX: 00007fc8daf4cc29 [ 263.548007][ T8031] RDX: 00007fc8d91b3ef0 RSI: 0000000000000000 RDI: 00007fc8dafd0810 [ 263.555983][ T8031] RBP: 0000200000000a40 R08: 00007fc8d91b3bb7 R09: 00007fc8d91b3e40 [ 263.563976][ T8031] R10: 000000000000000a R11: 0000000000000202 R12: 0000200000000500 [ 263.571951][ T8031] R13: 00007fc8d91b3ef0 R14: 00007fc8d91b3eb0 R15: 00002000000001c0 [ 263.579940][ T8031] [ 263.692224][ T8043] loop4: detected capacity change from 0 to 512 [ 263.853468][ T8043] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 263.885488][ T8043] ext4 filesystem being mounted at /167/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 265.097894][ T8085] mmap: syz.1.1314 (8085) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst. [ 265.296416][ T8092] loop4: detected capacity change from 0 to 256 [ 267.599831][ T8128] sch_fq: defrate 0 ignored. [ 269.645174][ T8161] loop4: detected capacity change from 0 to 512 [ 269.920671][ T8161] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 269.931855][ T8161] ext4 filesystem being mounted at /177/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 270.237521][ T8180] loop4: detected capacity change from 0 to 128 [ 274.796936][ T8284] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 274.820796][ T8284] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 275.193334][ T8294] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 275.203930][ T8294] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 277.558644][ T8363] loop4: detected capacity change from 0 to 1024 [ 277.616916][ T8363] misc userio: Invalid payload size [ 279.298067][ T8402] sch_fq: defrate 0 ignored. [ 280.133526][ T8404] ALSA: mixer_oss: invalid OSS volume '' [ 281.079702][ T8404] loop4: detected capacity change from 0 to 8192 [ 281.261188][ T8404] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 282.659269][ T8443] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 282.702582][ T8443] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 284.102920][ T8492] overlayfs: failed to clone upperpath [ 284.208276][ T8498] loop4: detected capacity change from 0 to 512 [ 284.291272][ T8498] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 284.302600][ T8498] ext4 filesystem being mounted at /201/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 286.505018][ T8515] sch_fq: defrate 0 ignored. [ 286.905762][ T8523] loop4: detected capacity change from 0 to 8192 [ 287.147265][ T8523] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 287.617289][ T8536] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 287.660346][ T8536] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 288.148755][ T8553] sch_fq: defrate 0 ignored. [ 289.173537][ T8557] overlayfs: failed to clone upperpath [ 290.644699][ T8578] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 290.661238][ T8578] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 293.952656][ T8649] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 293.999261][ T8660] overlayfs: failed to clone upperpath [ 294.025968][ T8649] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 296.019234][ T8716] overlayfs: failed to clone upperpath [ 296.851379][ T8715] sch_fq: defrate 0 ignored. [ 300.072345][ T8772] loop4: detected capacity change from 0 to 1024 [ 300.195659][ T8772] hfsplus: bad catalog file entry [ 300.214940][ T8772] hfsplus: failed to load root directory [ 300.570327][ T21] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 300.921167][ T21] usb 5-1: device descriptor read/64, error -71 [ 301.210753][ T21] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 301.440845][ T21] usb 5-1: device descriptor read/64, error -71 [ 301.628996][ T21] usb usb5-port1: attempt power cycle [ 301.827653][ T8841] sch_fq: defrate 0 ignored. [ 302.591417][ T21] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 302.711057][ T21] usb 5-1: device descriptor read/8, error -71 [ 302.991185][ T21] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 303.346127][ T21] usb 5-1: device not accepting address 10, error -71 [ 303.353260][ T21] usb usb5-port1: unable to enumerate USB device [ 303.480368][ T8879] sch_fq: defrate 0 ignored. [ 305.937316][ T8925] sch_fq: defrate 0 ignored. [ 306.767317][ T8931] ALSA: mixer_oss: invalid OSS volume '' [ 306.938720][ T8931] loop4: detected capacity change from 0 to 8192 [ 306.998176][ T8931] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 307.628006][ T8955] sch_fq: defrate 0 ignored. [ 309.635289][ T8985] ALSA: mixer_oss: invalid OSS volume '' [ 309.880431][ T8985] loop4: detected capacity change from 0 to 8192 [ 310.152259][ T8985] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 310.636755][ T8996] loop4: detected capacity change from 0 to 8192 [ 310.829270][ T9004] sch_fq: defrate 0 ignored. [ 311.611270][ T8996] REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal [ 311.640825][ T8996] REISERFS (device loop4): using ordered data mode [ 311.651000][ T8996] reiserfs: using flush barriers [ 311.698133][ T8996] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 311.753579][ T8996] REISERFS (device loop4): checking transaction log (loop4) [ 311.763163][ T8996] REISERFS (device loop4): Using r5 hash to sort names [ 311.773618][ T8996] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage. [ 311.888612][ T8996] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1642'. [ 311.929753][ T8996] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 3 0(1) DIR], item_len 35, item_location 2057, free_space(entry_count) 2 [ 311.981555][ T8996] REISERFS error (device loop4): vs-5150 search_by_key: invalid format found in block 564. Fsck? [ 312.047992][ T8996] REISERFS (device loop4): Remounting filesystem read-only [ 312.070719][ T8996] REISERFS error (device loop4): vs-13050 reiserfs_update_sd_size: i/o failure occurred trying to update [2 3 0x0 SD] stat data [ 312.140077][ T9020] REISERFS warning (device loop4): clm-6006 reiserfs_dirty_inode: writing inode 2 on readonly FS [ 312.623333][ T9028] ALSA: mixer_oss: invalid OSS volume '' [ 312.960023][ T9028] loop4: detected capacity change from 0 to 8192 [ 313.215491][ T9037] sch_fq: defrate 0 ignored. [ 313.365199][ T9028] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 316.770745][ T9093] netlink: 'syz.2.1672': attribute type 25 has an invalid length. [ 316.789119][ T9093] netlink: 'syz.2.1672': attribute type 1 has an invalid length. [ 316.819587][ T9093] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1672'. [ 316.848803][ T9093] bridge0: port 1(bridge_slave_0) entered learning state [ 316.994563][ T1420] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.000946][ T1420] ieee802154 phy1 wpan1: encryption failed: -22 [ 318.148127][ T9115] sch_fq: defrate 0 ignored. [ 318.846037][ T9122] loop4: detected capacity change from 0 to 256 [ 318.963398][ T9122] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d) [ 321.125810][ T9166] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 321.180695][ T9166] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 324.471393][ T9240] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1724'. [ 326.681436][ T9275] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1735'. [ 326.706101][ T9275] overlayfs: failed to clone lowerpath [ 327.520060][ T9292] sch_fq: defrate 0 ignored. [ 328.768773][ T9297] tipc: Started in network mode [ 328.805233][ T9297] tipc: Node identity , cluster identity 4711 [ 329.108131][ T9311] ODEBUG: Out of memory. ODEBUG disabled [ 330.242749][ T9319] binder: BINDER_SET_CONTEXT_MGR already set [ 330.290266][ T9319] binder: 9318:9319 ioctl 4018620d 200000004a80 returned -16 [ 330.854888][ T9332] sch_fq: defrate 0 ignored. [ 332.672296][ T9371] sch_fq: defrate 0 ignored. [ 334.118086][ T9380] loop4: detected capacity change from 0 to 128 [ 334.125220][ T9389] netlink: 'syz.0.1773': attribute type 4 has an invalid length. [ 334.561882][ T9401] overlayfs: failed to clone upperpath [ 334.596563][ T9404] overlayfs: failed to clone upperpath [ 336.204814][ T9447] overlayfs: failed to clone upperpath [ 336.393503][ T9448] overlayfs: failed to clone upperpath [ 337.563519][ T9472] loop4: detected capacity change from 0 to 8192 [ 337.609187][ T9472] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 337.985732][ T9488] overlayfs: failed to clone upperpath [ 338.245316][ T9503] IPVS: length: 24 != 600 [ 339.515439][ T9534] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1823'. [ 340.243021][ T9548] overlayfs: failed to clone upperpath [ 341.850156][ T9586] overlayfs: failed to clone upperpath [ 344.085414][ T9615] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1850'. [ 344.303883][ T9622] overlayfs: failed to clone upperpath [ 345.126078][ T9641] loop4: detected capacity change from 0 to 512 [ 346.332517][ T9641] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 346.343792][ T9641] ext4 filesystem being mounted at /255/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 347.767957][ T9680] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1870'. [ 347.980598][ T9687] overlayfs: failed to clone upperpath [ 348.585567][ T9702] loop4: detected capacity change from 0 to 512 [ 349.562159][ T9702] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 349.573752][ T9702] ext4 filesystem being mounted at /258/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 351.205895][ T9742] overlayfs: failed to clone upperpath [ 351.745642][ T9757] sch_fq: defrate 0 ignored. [ 353.002908][ T9772] sch_fq: defrate 0 ignored. [ 353.736840][ T9773] loop4: detected capacity change from 0 to 1024 [ 353.813206][ T9770] misc userio: Invalid payload size [ 355.814949][ T9808] sch_fq: defrate 0 ignored. [ 356.468625][ T9804] overlayfs: failed to clone upperpath [ 358.371731][ T9857] sch_fq: defrate 0 ignored. [ 359.322015][ T9856] overlayfs: failed to clone upperpath [ 359.444094][ T9866] loop4: detected capacity change from 0 to 1024 [ 359.483800][ T9866] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 359.515113][ T9866] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (42152!=20869) [ 359.600767][ T9866] EXT4-fs error (device loop4): ext4_get_journal_inode:5160: inode #32: comm syz.4.1926: iget: special inode unallocated [ 359.637492][ T9866] EXT4-fs (loop4): no journal found [ 359.646549][ T9866] EXT4-fs (loop4): can't get journal size [ 359.659792][ T9866] EXT4-fs (loop4): mounted filesystem without journal. Opts: noblock_validity,stripe=0x0000000000000002,norecovery,min_batch_time=0x000000000000071d,abort,,errors=continue. Quota mode: writeback. [ 361.812988][ T9907] sch_fq: defrate 0 ignored. [ 361.904825][ T9906] overlayfs: failed to clone upperpath [ 363.112219][ T9924] sch_fq: defrate 0 ignored. [ 364.631077][ T9938] overlayfs: failed to clone upperpath [ 366.114184][ T9975] loop4: detected capacity change from 0 to 1024 [ 366.162201][ T9975] hfsplus: unable to parse mount options [ 366.182696][ T9975] netlink: 'syz.4.1963': attribute type 1 has an invalid length. [ 366.200651][ T9975] netlink: 'syz.4.1963': attribute type 3 has an invalid length. [ 366.211176][ T9975] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1963'. [ 366.233572][ T9975] NCSI netlink: No device for ifindex 2986344450 [ 366.683051][ T9983] overlayfs: failed to clone upperpath [ 369.571306][T10039] overlayfs: failed to clone upperpath [ 370.178361][T10047] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 370.206502][T10047] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 370.419500][T10055] sch_fq: defrate 0 ignored. [ 372.409059][T10082] loop4: detected capacity change from 0 to 4096 [ 372.465163][T10082] ntfs3: Unknown parameter '@' [ 372.921406][T10091] sch_fq: defrate 0 ignored. [ 373.293040][T10102] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 373.318175][T10102] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 375.839349][T10119] loop4: detected capacity change from 0 to 8192 [ 375.914555][T10119] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 376.214751][T10130] sch_fq: defrate 0 ignored. [ 376.298531][T10132] overlayfs: failed to clone upperpath [ 377.906103][T10155] sch_fq: defrate 0 ignored. [ 378.554404][ T1420] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.554512][ T1420] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.055333][T10165] loop4: detected capacity change from 0 to 2048 [ 379.144276][T10045] udevd[10045]: incorrect nilfs2 checksum on /dev/loop4 [ 380.439575][T10192] sch_fq: defrate 0 ignored. [ 381.644018][T10200] sch_fq: defrate 0 ignored. [ 384.697322][T10212] loop4: detected capacity change from 0 to 8192 [ 384.823736][T10212] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 385.561760][T10232] overlayfs: failed to clone upperpath [ 387.945254][T10279] overlayfs: failed to clone upperpath [ 388.508829][T10291] sch_fq: defrate 0 ignored. [ 391.045427][T10315] sch_fq: defrate 0 ignored. [ 392.742488][T10337] sch_fq: defrate 0 ignored. [ 394.449374][T10364] overlayfs: failed to clone upperpath [ 397.469491][T10382] sch_fq: defrate 0 ignored. [ 397.917279][T10380] loop4: detected capacity change from 0 to 8192 [ 398.079468][T10380] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 398.618807][T10405] overlayfs: failed to clone upperpath [ 398.680713][ T4243] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 399.061669][ T4243] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 399.090461][ T4243] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 399.176220][ T4243] usb 5-1: New USB device found, idVendor=056a, idProduct=0336, bcdDevice= 0.00 [ 399.423543][ T4243] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 399.436719][ T4243] usb 5-1: config 0 descriptor?? [ 399.774593][T10411] overlayfs: failed to clone upperpath [ 400.064330][T10395] loop4: detected capacity change from 0 to 2048 [ 400.540801][ T4243] usbhid 5-1:0.0: can't add hid device: -71 [ 400.548257][ T4243] usbhid: probe of 5-1:0.0 failed with error -71 [ 400.575382][ T4243] usb 5-1: USB disconnect, device number 11 [ 401.682705][T10436] sch_fq: defrate 0 ignored. [ 402.020344][T10441] overlayfs: failed to clone upperpath [ 404.022828][T10467] sch_fq: defrate 0 ignored. [ 404.367677][T10477] netlink: 64 bytes leftover after parsing attributes in process `syz.4.2126'. [ 406.194265][T10505] sch_fq: defrate 0 ignored. [ 407.395016][T10535] overlayfs: failed to clone upperpath [ 408.620608][T10552] sch_fq: defrate 0 ignored. [ 408.982468][T10559] netem: change failed [ 409.795540][T10556] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2152'. [ 410.096037][T10571] overlayfs: failed to clone upperpath [ 410.208310][T10569] ceph: No source [ 411.272834][T10579] overlayfs: failed to clone upperpath [ 411.529686][T10591] sch_fq: defrate 0 ignored. [ 412.202736][T10599] sch_fq: defrate 0 ignored. [ 413.467948][T10613] overlayfs: failed to clone upperpath [ 413.897524][T10616] netlink: 'syz.4.2171': attribute type 1 has an invalid length. [ 414.052997][T10616] netlink: 'syz.4.2171': attribute type 2 has an invalid length. [ 414.246421][T10631] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2166'. [ 414.291301][T10632] sch_fq: defrate 0 ignored. [ 414.913161][T10653] 9pnet: Insufficient options for proto=fd [ 415.011660][ T26] audit: type=1326 audit(1758354112.376:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10648 comm="syz.1.2180" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3e53a0cc29 code=0x0 [ 415.073653][T10614] loop4: detected capacity change from 0 to 32768 [ 415.232768][T10660] sch_fq: defrate 0 ignored. [ 416.009035][T10614] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 417.069886][T10672] overlayfs: failed to clone upperpath [ 417.166391][T10676] netlink: 96 bytes leftover after parsing attributes in process `syz.0.2186'. [ 417.185742][ T4186] ocfs2: Unmounting device (7,4) on (node local) [ 417.735855][T10683] sch_fq: defrate 0 ignored. [ 418.249448][T10681] loop4: detected capacity change from 0 to 32768 [ 418.302702][T10681] resize option for remount only [ 418.386663][T10697] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 419.149960][T10712] netlink: 'syz.1.2198': attribute type 10 has an invalid length. [ 419.193733][T10712] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 419.258240][T10715] overlayfs: failed to clone upperpath [ 419.370385][T10720] device geneve2 entered promiscuous mode [ 420.390873][T10731] sp0: Synchronizing with TNC [ 421.054388][T10735] loop4: detected capacity change from 0 to 32768 [ 421.104126][T10746] sch_fq: defrate 0 ignored. [ 421.208734][T10735] XFS (loop4): Mounting V5 Filesystem [ 421.407155][T10735] XFS (loop4): Ending clean mount [ 421.457028][T10730] [U] [ 421.702150][ T4186] XFS (loop4): Unmounting Filesystem [ 422.304949][T10775] overlayfs: failed to clone upperpath [ 422.383877][T10778] vxcan1: MTU too low for tipc bearer [ 422.405720][T10778] tipc: Enabling of bearer rejected, failed to enable media [ 422.505875][T10784] gfs2: path_lookup on c::: returned error -2 [ 422.538370][T10785] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2216'. [ 422.751279][T10788] overlayfs: failed to clone upperpath [ 423.090773][T10794] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 423.129824][T10794] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 423.307350][T10796] overlayfs: failed to clone upperpath [ 425.664324][T10829] overlayfs: failed to clone upperpath [ 426.769958][T10782] Set syz1 is full, maxelem 65536 reached [ 428.152765][T10870] overlayfs: failed to clone upperpath [ 428.199293][T10856] loop4: detected capacity change from 0 to 32768 [ 428.336252][T10856] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 scanned by syz.4.2240 (10856) [ 428.398478][T10856] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [ 428.464553][T10856] BTRFS info (device loop4): turning on sync discard [ 428.503432][T10856] BTRFS info (device loop4): enabling disk space caching [ 428.548024][T10856] BTRFS warning (device loop4): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 428.604512][T10856] BTRFS info (device loop4): trying to use backup root at mount time [ 428.618385][T10856] BTRFS info (device loop4): force clearing of disk cache [ 428.626139][T10856] BTRFS info (device loop4): disk space caching is enabled [ 428.633945][T10856] BTRFS info (device loop4): has skinny extents [ 428.892786][T10856] BTRFS info (device loop4): clearing free space tree [ 428.914858][T10856] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 428.930742][T10856] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 429.283376][T10922] sch_fq: defrate 0 ignored. [ 431.414349][T10947] overlayfs: failed to clone upperpath [ 432.197584][T10986] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 432.215117][T10986] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 432.340065][T10960] usb 5-1: new low-speed USB device number 12 using dummy_hcd [ 432.540807][T10960] usb 5-1: device descriptor read/64, error -71 [ 432.810765][T10960] usb 5-1: new low-speed USB device number 13 using dummy_hcd [ 433.110708][T10960] usb 5-1: device descriptor read/64, error -71 [ 433.230914][T10960] usb usb5-port1: attempt power cycle [ 433.660655][T10960] usb 5-1: new low-speed USB device number 14 using dummy_hcd [ 433.744175][T11015] overlayfs: failed to clone upperpath [ 433.770908][T10960] usb 5-1: device descriptor read/8, error -71 [ 434.050704][T10960] usb 5-1: new low-speed USB device number 15 using dummy_hcd [ 434.150911][T10960] usb 5-1: device descriptor read/8, error -71 [ 434.270822][T10960] usb usb5-port1: unable to enumerate USB device [ 435.661971][T11050] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2291'. [ 435.691677][T11047] loop4: detected capacity change from 0 to 1024 [ 435.734803][T11047] misc userio: Invalid payload size [ 436.737260][T11063] overlayfs: failed to clone upperpath [ 437.350148][T11075] sch_fq: defrate 0 ignored. [ 439.873214][ T1420] ieee802154 phy0 wpan0: encryption failed: -22 [ 439.879610][ T1420] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.407746][T11119] overlayfs: failed to clone upperpath [ 441.150102][T11133] IPv6: sit1: Disabled Multicast RS [ 441.526932][T11137] sch_fq: defrate 0 ignored. [ 442.484227][T11133] netlink: 'syz.3.2316': attribute type 1 has an invalid length. [ 442.492630][T11133] netlink: 'syz.3.2316': attribute type 1 has an invalid length. [ 443.750818][T11160] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 443.782963][T11160] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 443.948174][T11163] overlayfs: failed to clone upperpath [ 447.798749][T11232] device syzkaller1 entered promiscuous mode [ 447.839388][T11232] sch_fq: defrate 0 ignored. [ 448.046829][T11217] overlayfs: failed to clone upperpath [ 451.393701][T11276] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2366'. [ 451.955930][T11284] loop4: detected capacity change from 0 to 128 [ 452.050637][T11284] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 452.089778][T11284] hpfs: filesystem error: improperly stopped [ 452.098643][T11284] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 452.116994][T11284] hpfs: You really don't want any checks? You are crazy... [ 452.135251][T11284] hpfs: hpfs_map_sector(): read error [ 452.144868][T11284] hpfs: code page support is disabled [ 452.161434][T11284] hpfs: hpfs_map_4sectors(): unaligned read [ 452.188105][T11284] hpfs: hpfs_map_4sectors(): unaligned read [ 452.194499][T11284] hpfs: filesystem error: unable to find root dir [ 452.215160][T11284] hpfs: hpfs_map_4sectors(): unaligned read [ 452.235351][T11284] hpfs: hpfs_map_sector(): read error [ 452.242427][T11281] overlayfs: failed to clone upperpath [ 452.256159][T11284] hpfs: hpfs_map_4sectors(): unaligned read [ 452.278924][T11284] hpfs: hpfs_map_sector(): read error [ 457.161495][T11340] overlayfs: failed to clone upperpath [ 460.415226][T11387] overlayfs: failed to clone upperpath [ 464.189152][T11436] sch_fq: defrate 0 ignored. [ 464.347214][T11439] loop4: detected capacity change from 0 to 1024 [ 464.380048][T11439] EXT4-fs (loop4): inodes count not valid: 4 vs 32 [ 464.577357][T11432] overlayfs: failed to clone upperpath [ 464.811744][T11448] FAULT_INJECTION: forcing a failure. [ 464.811744][T11448] name failslab, interval 1, probability 0, space 0, times 0 [ 464.845123][T11448] CPU: 1 PID: 11448 Comm: syz.4.2420 Not tainted syzkaller #0 [ 464.852646][T11448] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 464.862737][T11448] Call Trace: [ 464.866078][T11448] [ 464.869056][T11448] dump_stack_lvl+0x168/0x230 [ 464.873785][T11448] ? show_regs_print_info+0x20/0x20 [ 464.879023][T11448] ? load_image+0x3b0/0x3b0 [ 464.883564][T11448] ? __might_sleep+0xf0/0xf0 [ 464.888236][T11448] ? __lock_acquire+0x7c60/0x7c60 [ 464.893300][T11448] ? mark_lock+0x94/0x320 [ 464.897678][T11448] should_fail+0x38c/0x4c0 [ 464.902144][T11448] should_failslab+0x5/0x20 [ 464.906685][T11448] slab_pre_alloc_hook+0x51/0xc0 [ 464.911664][T11448] __kmalloc+0x6b/0x330 [ 464.915854][T11448] ? tomoyo_realpath_from_path+0x118/0x610 [ 464.921801][T11448] tomoyo_realpath_from_path+0x118/0x610 [ 464.927604][T11448] tomoyo_path_number_perm+0x1d5/0x5d0 [ 464.933160][T11448] ? verify_lock_unused+0x140/0x140 [ 464.938408][T11448] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 464.943915][T11448] ? ksys_write+0x1c7/0x250 [ 464.948607][T11448] security_file_ioctl+0x6c/0xa0 [ 464.953584][T11448] __se_sys_ioctl+0x48/0x170 [ 464.958211][T11448] do_syscall_64+0x4c/0xa0 [ 464.962658][T11448] ? clear_bhb_loop+0x30/0x80 [ 464.967361][T11448] ? clear_bhb_loop+0x30/0x80 [ 464.972082][T11448] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 464.978320][T11448] RIP: 0033:0x7fc8daf4cc29 [ 464.982781][T11448] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 465.002899][T11448] RSP: 002b:00007fc8d9193038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 465.011364][T11448] RAX: ffffffffffffffda RBX: 00007fc8db194090 RCX: 00007fc8daf4cc29 [ 465.019375][T11448] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006 [ 465.027378][T11448] RBP: 00007fc8d9193090 R08: 0000000000000000 R09: 0000000000000000 [ 465.035386][T11448] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 465.043950][T11448] R13: 00007fc8db194128 R14: 00007fc8db194090 R15: 00007ffe3a9a56f8 [ 465.052496][T11448] [ 465.185048][T11448] ERROR: Out of memory at tomoyo_realpath_from_path. [ 467.232670][T11468] loop4: detected capacity change from 0 to 8192 [ 467.269216][T11468] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 468.036435][T11504] overlayfs: failed to clone upperpath [ 469.098242][T11513] sch_fq: defrate 0 ignored. [ 471.356140][T11546] overlayfs: failed to clone upperpath [ 471.517467][T11553] 9p: Unknown uid 00000000004294967295 [ 471.549766][T11553] fuse: Unknown parameter 'subj_role' [ 471.577009][T11553] syz.1.2454 uses obsolete (PF_INET,SOCK_PACKET) [ 472.666944][T11571] sch_fq: defrate 0 ignored. [ 473.662601][T11585] tipc: Started in network mode [ 473.667794][T11585] tipc: Node identity ac1414aa, cluster identity 4711 [ 473.678999][T11585] tipc: Enabled bearer , priority 10 [ 474.518014][T11597] overlayfs: failed to clone upperpath [ 474.730880][ T4228] tipc: Node number set to 2886997162 [ 475.856809][T11621] loop4: detected capacity change from 0 to 512 [ 475.942676][T11621] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 476.027245][T11621] ext4 filesystem being mounted at /346/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 476.121798][T11630] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2476'. [ 477.721949][T11651] overlayfs: failed to clone upperpath [ 478.233186][T11658] sch_fq: defrate 0 ignored. [ 481.499357][T11687] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2493'. [ 482.401084][T11695] overlayfs: failed to clone upperpath [ 485.569208][T11735] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2509'. [ 486.314233][ T9] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 486.621920][ T9] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 486.791422][ T9] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 487.387340][ T9] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 487.861993][T11738] chnl_net:caif_netlink_parms(): no params data found [ 487.950784][T10960] Bluetooth: hci2: command 0x0409 tx timeout [ 488.104632][T11738] bridge0: port 1(bridge_slave_0) entered blocking state [ 488.128673][T11738] bridge0: port 1(bridge_slave_0) entered disabled state [ 488.171009][T11738] device bridge_slave_0 entered promiscuous mode [ 488.202066][T11738] bridge0: port 2(bridge_slave_1) entered blocking state [ 488.209168][T11738] bridge0: port 2(bridge_slave_1) entered disabled state [ 488.263946][T11738] device bridge_slave_1 entered promiscuous mode [ 489.311307][T11789] FAULT_INJECTION: forcing a failure. [ 489.311307][T11789] name failslab, interval 1, probability 0, space 0, times 0 [ 489.324141][T11789] CPU: 1 PID: 11789 Comm: syz.4.2517 Not tainted syzkaller #0 [ 489.331911][T11789] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 489.342105][T11789] Call Trace: [ 489.345421][T11789] [ 489.348379][T11789] dump_stack_lvl+0x168/0x230 [ 489.353105][T11789] ? is_dynamic_key+0x1f0/0x1f0 [ 489.358014][T11789] ? show_regs_print_info+0x20/0x20 [ 489.363253][T11789] ? load_image+0x3b0/0x3b0 [ 489.367792][T11789] ? mark_lock+0x94/0x320 [ 489.372164][T11789] ? __lock_acquire+0x13ad/0x7c60 [ 489.377231][T11789] should_fail+0x38c/0x4c0 [ 489.381692][T11789] should_failslab+0x5/0x20 [ 489.386223][T11789] slab_pre_alloc_hook+0x51/0xc0 [ 489.391186][T11789] ? xas_create+0x5d0/0x1620 [ 489.395855][T11789] kmem_cache_alloc+0x3d/0x290 [ 489.400654][T11789] xas_create+0x5d0/0x1620 [ 489.405120][T11789] xas_store+0xa2/0x19f0 [ 489.409390][T11789] ? xas_find_marked+0x197/0x1010 [ 489.414471][T11789] __xa_alloc+0x13f/0x210 [ 489.419369][T11789] __xa_alloc_cyclic+0x8d/0x2d0 [ 489.424535][T11789] io_register_personality+0x150/0x270 [ 489.430131][T11789] ? io_probe+0x530/0x530 [ 489.434513][T11789] __se_sys_io_uring_register+0x53e/0xe40 [ 489.440271][T11789] ? lockdep_hardirqs_on+0x94/0x140 [ 489.445545][T11789] do_syscall_64+0x4c/0xa0 [ 489.449991][T11789] ? clear_bhb_loop+0x30/0x80 [ 489.454781][T11789] ? clear_bhb_loop+0x30/0x80 [ 489.459486][T11789] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 489.465409][T11789] RIP: 0033:0x7fc8daf4cc29 [ 489.469850][T11789] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 489.489600][T11789] RSP: 002b:00007fc8d91b4038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ab [ 489.498057][T11789] RAX: ffffffffffffffda RBX: 00007fc8db193fa0 RCX: 00007fc8daf4cc29 [ 489.506162][T11789] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 0000000000000006 [ 489.514188][T11789] RBP: 00007fc8d91b4090 R08: 0000000000000000 R09: 0000000000000000 [ 489.522268][T11789] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 489.530253][T11789] R13: 00007fc8db194038 R14: 00007fc8db193fa0 R15: 00007ffe3a9a56f8 [ 489.538733][T11789] [ 489.623911][T11738] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 489.696765][T11738] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 489.730868][T11803] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2521'. [ 489.815143][T11803] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2521'. [ 489.893653][T11738] team0: Port device team_slave_0 added [ 489.923548][T11738] team0: Port device team_slave_1 added [ 490.030621][T10958] Bluetooth: hci2: command 0x041b tx timeout [ 490.060396][T11738] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 490.085680][T11738] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 490.670158][T11738] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 491.070147][T11738] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 491.118977][T11738] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 491.382907][T11822] overlayfs: failed to clone upperpath [ 491.422648][T11738] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 491.547628][T11738] device hsr_slave_0 entered promiscuous mode [ 491.574075][T11738] device hsr_slave_1 entered promiscuous mode [ 491.598525][T11738] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 491.634284][T11738] Cannot create hsr debugfs directory [ 492.342072][T10957] Bluetooth: hci2: command 0x040f tx timeout [ 492.430358][T11738] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 492.550754][T11738] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 492.561607][T11738] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 492.594871][T11738] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 492.977387][T11738] 8021q: adding VLAN 0 to HW filter on device bond0 [ 493.078719][T11738] 8021q: adding VLAN 0 to HW filter on device team0 [ 493.865704][T11738] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 493.905647][T11738] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 493.922166][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 493.937866][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 493.971458][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 493.981462][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 494.002894][ T154] bridge0: port 1(bridge_slave_0) entered blocking state [ 494.010370][ T154] bridge0: port 1(bridge_slave_0) entered forwarding state [ 494.029942][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 494.050952][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 494.070302][ T154] bridge0: port 2(bridge_slave_1) entered blocking state [ 494.077842][ T154] bridge0: port 2(bridge_slave_1) entered forwarding state [ 494.131011][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 494.153499][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 494.181109][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 494.211296][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 494.232126][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 494.372928][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 494.438508][T10949] Bluetooth: hci2: command 0x0419 tx timeout [ 494.449900][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 494.459570][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 494.471566][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 494.482285][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 494.687264][T11888] overlayfs: failed to clone upperpath [ 495.241435][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 495.282174][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 495.290412][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 495.326671][ T9] device hsr_slave_0 left promiscuous mode [ 495.350464][ T9] device hsr_slave_1 left promiscuous mode [ 495.360119][ T9] device bridge_slave_1 left promiscuous mode [ 495.366955][ T9] bridge0: port 2(bridge_slave_1) entered disabled state [ 495.399218][ T9] device bridge_slave_0 left promiscuous mode [ 495.431980][ T9] bridge0: port 1(bridge_slave_0) entered disabled state [ 495.516941][ T9] device veth1_macvtap left promiscuous mode [ 495.526145][ T9] device veth0_macvtap left promiscuous mode [ 495.536174][ T9] device veth1_vlan left promiscuous mode [ 495.542876][ T9] device veth0_vlan left promiscuous mode [ 495.675180][T11907] loop4: detected capacity change from 0 to 512 [ 495.696664][T11907] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 495.872312][T11907] EXT4-fs error (device loop4): ext4_do_update_inode:5204: inode #16: comm syz.4.2541: corrupted inode contents [ 495.894783][T11907] EXT4-fs error (device loop4): ext4_dirty_inode:6040: inode #16: comm syz.4.2541: mark_inode_dirty error [ 495.907280][ T9] bond2 (unregistering): Released all slaves [ 495.922883][T11907] EXT4-fs error (device loop4): ext4_do_update_inode:5204: inode #16: comm syz.4.2541: corrupted inode contents [ 495.949136][T11907] EXT4-fs error (device loop4): __ext4_ext_dirty:183: inode #16: comm syz.4.2541: mark_inode_dirty error [ 495.964095][ T9] bond1 (unregistering): Released all slaves [ 496.023861][T11907] EXT4-fs error (device loop4): ext4_do_update_inode:5204: inode #16: comm syz.4.2541: corrupted inode contents [ 496.058395][T11907] EXT4-fs error (device loop4) in ext4_orphan_del:305: Corrupt filesystem [ 496.090613][T11907] EXT4-fs error (device loop4): ext4_do_update_inode:5204: inode #16: comm syz.4.2541: corrupted inode contents [ 496.123666][T11907] EXT4-fs error (device loop4): ext4_truncate:4273: inode #16: comm syz.4.2541: mark_inode_dirty error [ 496.165686][T11907] EXT4-fs error (device loop4) in ext4_process_orphan:347: Corrupt filesystem [ 496.219076][T11907] EXT4-fs (loop4): 1 truncate cleaned up [ 496.232597][T11907] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 496.259064][ T9] team0 (unregistering): Port device team_slave_1 removed [ 496.269004][T11907] ext4 filesystem being mounted at /361/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 496.328983][T11907] EXT4-fs error (device loop4): ext4_map_blocks:629: inode #3: block 41: comm syz.4.2541: lblock 1 mapped to illegal pblock 41 (length 1) [ 496.329368][ T9] team0 (unregistering): Port device team_slave_0 removed [ 496.370115][T11907] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 496.370397][ T9] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 496.390151][T11907] EXT4-fs error (device loop4): ext4_acquire_dquot:6209: comm syz.4.2541: Failed to acquire dquot type 0 [ 496.408443][ T9] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 496.558869][ T9] bond0 (unregistering): Released all slaves [ 496.602571][T11912] loop4: detected capacity change from 0 to 1024 [ 497.090039][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 497.140790][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 497.174688][T11936] loop4: detected capacity change from 0 to 2048 [ 497.198842][T11738] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 497.278603][T11936] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 497.309654][T11942] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2547'. [ 497.428274][T11936] UDF-fs: error (device loop4): udf_read_inode: (ino 1347) failed !bh [ 497.761646][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 497.782793][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 497.871588][T11738] device veth0_vlan entered promiscuous mode [ 497.885114][T11738] device veth1_vlan entered promiscuous mode [ 497.975065][T11738] device veth0_macvtap entered promiscuous mode [ 498.030052][T11738] device veth1_macvtap entered promiscuous mode [ 498.617269][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 498.788739][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 498.844932][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 498.986784][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 499.055338][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 499.104302][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 499.139479][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 499.197482][T11738] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 499.251875][T11738] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 499.293433][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 499.320229][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 499.350423][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 499.384459][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 499.426345][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 499.466062][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 499.512535][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 499.531659][T11738] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 499.563608][T11738] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 499.605985][T11738] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 499.639735][T11738] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 499.918892][ T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 499.975720][ T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 500.049723][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 500.089625][ T144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 500.132385][ T144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 500.179752][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 501.320917][ T1420] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.327269][ T1420] ieee802154 phy1 wpan1: encryption failed: -22 [ 502.763157][T12032] loop4: detected capacity change from 0 to 64 [ 503.141184][T12032] attempt to access beyond end of device [ 503.141184][T12032] loop4: rw=2049, want=268435470, limit=64 [ 503.153520][T12032] Buffer I/O error on dev loop4, logical block 134217734, lost async page write [ 503.858240][T12052] overlayfs: failed to clone upperpath [ 506.383559][T12103] overlayfs: failed to clone upperpath [ 507.318916][T12111] sch_fq: defrate 0 ignored. [ 508.388043][T12119] loop5: detected capacity change from 0 to 32768 [ 508.587653][T12119] XFS: attr2 mount option is deprecated. [ 508.784477][T12119] XFS (loop5): Mounting V5 Filesystem [ 508.951856][T12119] XFS (loop5): Ending clean mount [ 509.066998][T12119] XFS (loop5): Quotacheck needed: Please wait. [ 509.303794][T12119] XFS (loop5): Quotacheck: Done. [ 509.353298][T11738] XFS (loop5): Unmounting Filesystem [ 509.552552][T12169] overlayfs: failed to clone upperpath [ 510.662770][T12191] device veth1_macvtap left promiscuous mode [ 510.752725][T12191] device macsec0 entered promiscuous mode [ 510.855831][T12192] bridge0: port 2(bridge_slave_1) entered disabled state [ 510.863419][T12192] bridge0: port 1(bridge_slave_0) entered disabled state [ 512.397010][T12216] loop5: detected capacity change from 0 to 256 [ 512.614719][T12216] FAT-fs (loop5): Directory bread(block 64) failed [ 512.623282][T12216] FAT-fs (loop5): Directory bread(block 65) failed [ 512.630389][T12216] FAT-fs (loop5): Directory bread(block 66) failed [ 512.637929][T12216] FAT-fs (loop5): Directory bread(block 67) failed [ 512.650585][T12216] FAT-fs (loop5): Directory bread(block 68) failed [ 512.658515][T12216] FAT-fs (loop5): Directory bread(block 69) failed [ 512.666890][T12216] FAT-fs (loop5): Directory bread(block 70) failed [ 512.674263][T12216] FAT-fs (loop5): Directory bread(block 71) failed [ 512.682387][T12216] FAT-fs (loop5): Directory bread(block 72) failed [ 512.690410][T12216] FAT-fs (loop5): Directory bread(block 73) failed [ 513.483555][T12229] loop5: detected capacity change from 0 to 128 [ 513.605332][T12227] overlayfs: failed to clone upperpath [ 513.681475][T12229] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 513.720170][T12229] ext4 filesystem being mounted at /4/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 514.063387][T12236] sch_fq: defrate 0 ignored. [ 515.433890][T12254] syz.5.2619 sent an empty control message without MSG_MORE. [ 515.880842][T10949] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 516.200603][T10949] usb 6-1: Using ep0 maxpacket: 16 [ 516.350887][T10949] usb 6-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 516.543336][T10949] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 516.849724][T10949] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 518.030926][T10949] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 518.076869][T10949] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 518.173499][T10949] usb 6-1: Product: syz [ 518.226321][T10949] usb 6-1: Manufacturer: syz [ 518.278610][T10949] usb 6-1: SerialNumber: syz [ 518.510657][T12275] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 518.522330][T10949] usb 6-1: can't set config #1, error -71 [ 518.734519][T12281] overlayfs: failed to resolve './file0': -2 [ 518.867801][T10949] usb 6-1: USB disconnect, device number 2 [ 521.852737][T12324] ALSA: mixer_oss: invalid OSS volume '' [ 522.403481][T12329] loop5: detected capacity change from 0 to 8192 [ 522.463800][T12329] FAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 522.702998][T12338] overlayfs: failed to clone upperpath [ 523.093611][T12343] sch_fq: defrate 0 ignored. [ 523.295211][T12357] ceph: No source [ 526.850301][T12405] overlayfs: failed to resolve './file1': -2 [ 528.132903][T12417] loop5: detected capacity change from 0 to 512 [ 528.276816][T12432] loop4: detected capacity change from 0 to 1764 [ 528.442308][T12417] EXT4-fs (loop5): mounted filesystem without journal. Opts: grpquota,nogrpid,quota,,errors=continue. Quota mode: writeback. [ 528.460755][T12417] ext4 filesystem being mounted at /11/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 529.551570][ T26] audit: type=1800 audit(1758354226.917:3): pid=12417 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.2656" name="file1" dev="loop5" ino=15 res=0 errno=0 [ 529.657165][T12459] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2667'. [ 530.446664][T12470] sch_fq: defrate 0 ignored. [ 531.795805][T12473] overlayfs: failed to resolve './file1': -2 [ 532.816603][T12489] sch_fq: defrate 0 ignored. [ 533.569894][T12500] loop5: detected capacity change from 0 to 1024 [ 533.796862][T12500] misc userio: Invalid payload size [ 536.846982][T12541] sch_fq: defrate 0 ignored. [ 537.666828][T12546] IPv6: sit1: Disabled Multicast RS [ 538.860224][T12546] loop5: detected capacity change from 0 to 32768 [ 538.905392][T12561] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 539.008503][T12546] XFS (loop5): Mounting V5 Filesystem [ 539.215121][T12546] XFS (loop5): Ending clean mount [ 539.252452][T12546] netlink: 'syz.5.2679': attribute type 1 has an invalid length. [ 539.260300][T12546] netlink: 'syz.5.2679': attribute type 1 has an invalid length. [ 539.342576][ T154] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 539.517232][T11738] XFS (loop5): Unmounting Filesystem [ 539.692655][ T154] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 540.038393][ T154] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 540.165266][ T154] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 540.438027][T12590] loop5: detected capacity change from 0 to 1764 [ 540.562066][T12560] chnl_net:caif_netlink_parms(): no params data found [ 541.309844][T10959] Bluetooth: hci3: command 0x0409 tx timeout [ 541.399493][ T154] tipc: Disabling bearer [ 541.541093][ T154] tipc: Left network mode [ 541.808233][T12560] bridge0: port 1(bridge_slave_0) entered blocking state [ 542.002800][T12560] bridge0: port 1(bridge_slave_0) entered disabled state [ 542.018319][T12560] device bridge_slave_0 entered promiscuous mode [ 542.039570][T12560] bridge0: port 2(bridge_slave_1) entered blocking state [ 542.047534][T12560] bridge0: port 2(bridge_slave_1) entered disabled state [ 542.063350][T12560] device bridge_slave_1 entered promiscuous mode [ 542.681195][T12618] sch_fq: defrate 0 ignored. [ 542.915018][T12560] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 542.950034][T12560] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 543.831693][T10958] Bluetooth: hci3: command 0x041b tx timeout [ 544.107099][T12560] team0: Port device team_slave_0 added [ 544.988130][T12628] IPv6: sit1: Disabled Multicast RS [ 545.086808][T12560] team0: Port device team_slave_1 added [ 545.198043][T12628] netlink: 'syz.1.2698': attribute type 1 has an invalid length. [ 545.208862][T12628] netlink: 'syz.1.2698': attribute type 1 has an invalid length. [ 545.228358][T12560] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 545.259001][T12560] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 545.479210][T12560] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 545.609650][T12560] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 545.664074][T12560] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 545.709421][T12560] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 545.863266][T12560] device hsr_slave_0 entered promiscuous mode [ 545.894026][T10958] Bluetooth: hci3: command 0x040f tx timeout [ 545.969806][T12560] device hsr_slave_1 entered promiscuous mode [ 545.991065][T12560] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 546.030569][T12560] Cannot create hsr debugfs directory [ 546.319652][T12661] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2705'. [ 547.200782][ T23] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 547.440579][ T23] usb 6-1: Using ep0 maxpacket: 32 [ 547.561286][ T23] usb 6-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 547.577145][ T23] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 547.601303][ T23] usb 6-1: config 1 interface 0 altsetting 10 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 547.614832][ T23] usb 6-1: config 1 interface 0 has no altsetting 0 [ 547.644831][T12643] loop4: detected capacity change from 0 to 40427 [ 547.666431][T12560] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 547.733831][ T154] device hsr_slave_0 left promiscuous mode [ 547.743457][ T154] device hsr_slave_1 left promiscuous mode [ 547.751411][ T154] device bridge_slave_1 left promiscuous mode [ 547.760186][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 547.769863][ T154] device bridge_slave_0 left promiscuous mode [ 547.776328][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 547.795459][ T154] device veth0_macvtap left promiscuous mode [ 547.808602][T12643] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 547.823135][T12643] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 547.834611][ T154] device veth1_vlan left promiscuous mode [ 547.841568][ T154] device veth0_vlan left promiscuous mode [ 547.861404][ T23] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 547.879071][T12643] F2FS-fs (loop4): invalid crc value [ 547.885266][ T23] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 547.897620][ T23] usb 6-1: Product: syz [ 547.904026][ T23] usb 6-1: Manufacturer: syz [ 547.909587][ T23] usb 6-1: SerialNumber: syz [ 547.915073][T12643] F2FS-fs (loop4): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 39874397669) [ 548.479838][ T23] cdc_ether 6-1:1.0: skipping garbage [ 548.527599][ T23] cdc_ether 6-1:1.0: skipping garbage [ 548.535693][T12643] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 548.571375][ T23] cdc_ether: probe of 6-1:1.0 failed with error -22 [ 548.671815][T10958] Bluetooth: hci3: command 0x0419 tx timeout [ 548.782860][ T23] usb 6-1: USB disconnect, device number 3 [ 550.053964][ T154] bond2 (unregistering): Released all slaves [ 550.107834][ T154] bond1 (unregistering): Released all slaves [ 552.244349][ T154] team0 (unregistering): Port device team_slave_1 removed [ 552.281239][ T154] team0 (unregistering): Port device team_slave_0 removed [ 552.309684][ T154] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 552.350112][ T154] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 552.456497][ T154] bond0 (unregistering): Released all slaves [ 552.616057][T12560] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 552.625876][T12560] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 552.635666][T12722] sch_fq: defrate 0 ignored. [ 552.645154][T12560] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 553.669451][T12754] loop4: detected capacity change from 0 to 1764 [ 555.176449][T12560] 8021q: adding VLAN 0 to HW filter on device bond0 [ 555.194327][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 555.217799][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 555.235028][T12560] 8021q: adding VLAN 0 to HW filter on device team0 [ 555.255702][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 555.312096][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 555.617192][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 555.624429][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 556.127460][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 556.158452][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 556.177929][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 556.249292][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 556.256488][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 556.264355][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 556.561516][T12560] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 556.668149][T12560] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 556.806610][ T4343] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 556.819829][T12790] loop5: detected capacity change from 0 to 128 [ 556.838539][ T4343] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 556.884530][ T4343] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 556.915927][T12790] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=256, location=256 [ 556.964377][ T4343] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 557.031773][ T4343] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 557.083580][ T4343] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 557.110213][ T4343] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 557.149814][ T4343] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 557.223972][ T4343] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 557.265135][ T4343] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 557.327386][ T4343] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 557.575461][ T4343] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 557.590843][ T4287] usb 6-1: new full-speed USB device number 4 using dummy_hcd [ 557.608868][ T4343] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 557.659344][T12560] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 558.394179][ T4343] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 558.425577][ T4343] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 558.490158][ T4343] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 558.512898][ T4343] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 558.547556][T12560] device veth0_vlan entered promiscuous mode [ 558.631382][ T4343] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 558.650205][ T4343] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 558.703015][T12560] device veth1_vlan entered promiscuous mode [ 558.763986][ T4287] usb 6-1: config 0 has no interfaces? [ 558.770306][ T4287] usb 6-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 558.781120][ T5546] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 558.971931][ T5546] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 558.980221][ T5546] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 558.998796][ T4287] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 559.021739][ T5546] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 559.058094][ T4287] usb 6-1: config 0 descriptor?? [ 559.367569][ T4287] usb 6-1: USB disconnect, device number 4 [ 559.382369][T12560] device veth0_macvtap entered promiscuous mode [ 559.399800][T12560] device veth1_macvtap entered promiscuous mode [ 559.411893][ T4343] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 559.421618][ T4343] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 559.534053][T12560] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 559.608423][T12560] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 559.643518][T12560] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 559.652276][ T5298] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 559.674449][T12832] overlayfs: failed to clone upperpath [ 559.681710][ T5298] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 559.709133][T12560] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 559.722638][T12560] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 559.753379][T12560] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 559.816251][ T5298] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 559.831659][ T5298] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 559.865913][T12560] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 559.891108][T12560] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 559.900146][T12560] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 559.929879][T12560] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 559.942317][T12836] loop4: detected capacity change from 0 to 8192 [ 559.986905][T12839] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 559.991316][T12836] UDF-fs: warning (device loop4): udf_load_vrs: No VRS found [ 560.088380][T12836] UDF-fs: Scanning with blocksize 512 failed [ 560.335076][T12836] UDF-fs: warning (device loop4): udf_load_vrs: No VRS found [ 560.353664][T12836] UDF-fs: Scanning with blocksize 1024 failed [ 560.760265][T12836] UDF-fs: warning (device loop4): udf_load_vrs: No VRS found [ 560.833930][T12836] UDF-fs: Scanning with blocksize 2048 failed [ 561.092865][T12778] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 561.111196][T12778] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 561.125274][T12836] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 561.352487][ T4718] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 561.366865][ T5298] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 561.404232][ T4718] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 561.436052][ T5298] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 561.913080][ T26] audit: type=1800 audit(1758354259.217:4): pid=12861 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2738" name="file1" dev="loop4" ino=818 res=0 errno=0 [ 561.947150][T12858] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 562.766054][ T1420] ieee802154 phy0 wpan0: encryption failed: -22 [ 562.772457][ T1420] ieee802154 phy1 wpan1: encryption failed: -22 [ 562.885302][T12888] virtio-fs: tag not found [ 564.433836][T12891] chnl_net:caif_netlink_parms(): no params data found [ 564.529495][ T154] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 564.819727][ T154] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 564.974707][ T154] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 565.000524][T12891] bridge0: port 1(bridge_slave_0) entered blocking state [ 565.007883][T12891] bridge0: port 1(bridge_slave_0) entered disabled state [ 565.016321][T12891] device bridge_slave_0 entered promiscuous mode [ 565.027316][T12891] bridge0: port 2(bridge_slave_1) entered blocking state [ 565.034757][T12891] bridge0: port 2(bridge_slave_1) entered disabled state [ 565.043330][T12891] device bridge_slave_1 entered promiscuous mode [ 565.076669][T12891] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 565.088966][T12891] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 565.146934][T10949] Bluetooth: hci0: command 0x0409 tx timeout [ 565.188772][T12891] team0: Port device team_slave_0 added [ 565.204932][T12891] team0: Port device team_slave_1 added [ 565.223780][ T154] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 565.246548][T12891] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 565.255867][T12891] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 565.580320][T12891] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 565.938460][T12891] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 565.991969][T12891] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 566.246000][T12891] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 566.397565][T12891] device hsr_slave_0 entered promiscuous mode [ 566.432741][T12947] loop4: detected capacity change from 0 to 128 [ 566.581242][ T4229] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 566.604548][T12891] device hsr_slave_1 entered promiscuous mode [ 567.362136][T10949] Bluetooth: hci0: command 0x041b tx timeout [ 567.608047][T12963] IPVS: set_ctl: invalid protocol: 92 172.20.20.11:21 [ 567.657523][T12963] IPVS: set_ctl: invalid protocol: 44 10.1.1.1:20001 [ 567.675415][T12963] ipt_CLUSTERIP: Please specify destination IP [ 567.918249][T12974] loop2: detected capacity change from 0 to 64 [ 568.272104][T12976] loop4: detected capacity change from 0 to 40427 [ 568.336383][T12976] F2FS-fs (loop4): Wrong NAT boundary, start(2560) end(3584) blocks(512) [ 568.344999][T12976] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 568.357816][T12976] F2FS-fs (loop4): invalid crc value [ 568.389805][T12985] Core dump to core aborted: cannot preserve file permissions [ 568.414343][T12976] F2FS-fs (loop4): Found nat_bits in checkpoint [ 568.482608][T12976] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 568.489797][T12976] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 568.726385][ T26] audit: type=1800 audit(1758354266.087:5): pid=12976 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2777" name="file1" dev="loop4" ino=10 res=0 errno=0 [ 568.784762][ T4186] attempt to access beyond end of device [ 568.784762][ T4186] loop4: rw=2049, want=45104, limit=40427 [ 568.940750][T12891] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 568.981520][T12891] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 569.019181][T12891] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 569.632233][T10958] Bluetooth: hci0: command 0x040f tx timeout [ 569.693034][T12891] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 569.789477][T13002] loop5: detected capacity change from 0 to 1764 [ 570.997593][T12891] 8021q: adding VLAN 0 to HW filter on device bond0 [ 571.072712][ T4343] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 571.082267][ T4343] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 571.104944][T12891] 8021q: adding VLAN 0 to HW filter on device team0 [ 571.131660][ T4343] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 571.150916][ T4343] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 571.159678][ T4343] bridge0: port 1(bridge_slave_0) entered blocking state [ 571.166856][ T4343] bridge0: port 1(bridge_slave_0) entered forwarding state [ 571.204371][ T4343] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 571.213824][ T4343] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 571.223966][ T4343] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 571.234205][ T4343] bridge0: port 2(bridge_slave_1) entered blocking state [ 571.241348][ T4343] bridge0: port 2(bridge_slave_1) entered forwarding state [ 571.270618][ T4343] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 571.280659][T10957] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 571.301028][ T4343] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 571.310206][ T4343] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 571.346769][ T4343] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 571.373839][ T4343] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 571.376238][ T4343] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 571.377169][ T4343] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 571.395624][ T154] device hsr_slave_0 left promiscuous mode [ 571.396351][ T154] device hsr_slave_1 left promiscuous mode [ 571.397053][ T154] device bridge_slave_1 left promiscuous mode [ 571.397181][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 571.399227][ T154] device bridge_slave_0 left promiscuous mode [ 571.399367][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 571.413322][ T154] device veth1_macvtap left promiscuous mode [ 571.413436][ T154] device veth0_macvtap left promiscuous mode [ 571.413589][ T154] device veth1_vlan left promiscuous mode [ 571.413651][ T154] device veth0_vlan left promiscuous mode [ 571.590652][T10957] usb 6-1: Using ep0 maxpacket: 16 [ 571.721509][T10949] Bluetooth: hci0: command 0x0419 tx timeout [ 571.766292][ T154] team0 (unregistering): Port device team_slave_1 removed [ 571.774432][T10957] usb 6-1: unable to get BOS descriptor or descriptor too short [ 571.797411][ T154] team0 (unregistering): Port device team_slave_0 removed [ 571.832269][ T154] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 571.849918][ T154] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 571.874936][T10957] usb 6-1: config 1 interface 0 altsetting 127 endpoint 0x81 has an invalid bInterval 39, changing to 9 [ 571.899649][T13062] loop4: detected capacity change from 0 to 512 [ 571.905647][T10957] usb 6-1: config 1 interface 0 altsetting 127 endpoint 0x81 has invalid maxpacket 1536, setting to 1024 [ 571.933216][T10957] usb 6-1: config 1 interface 0 altsetting 127 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 571.966282][T13062] EXT4-fs error (device loop4): ext4_orphan_get:1401: inode #15: comm syz.4.2796: casefold flag without casefold feature [ 571.980622][T10957] usb 6-1: config 1 interface 0 has no altsetting 0 [ 571.984302][T13062] EXT4-fs error (device loop4): ext4_orphan_get:1406: comm syz.4.2796: couldn't read orphan inode 15 (err -117) [ 572.000896][T13062] EXT4-fs (loop4): mounted filesystem without journal. Opts: min_batch_time=0x0000000000000004,noquota,,errors=continue. Quota mode: none. [ 572.064807][ T154] bond0 (unregistering): Released all slaves [ 572.126031][ T4343] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 572.137939][ T4343] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 572.146641][ T4343] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 572.155835][ T4343] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 572.166368][T12891] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 572.231161][T10957] usb 6-1: New USB device found, idVendor=05ac, idProduct=0242, bcdDevice= 0.40 [ 572.240383][T10957] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 572.269846][T10957] usb 6-1: Product: syz [ 572.274864][T10957] usb 6-1: Manufacturer: syz [ 572.279629][T10957] usb 6-1: SerialNumber: syz [ 572.338792][T13031] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 572.386348][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 572.395780][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 572.425041][T12891] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 572.440673][T10960] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 572.453948][ T4343] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 572.467412][ T4343] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 572.494222][ T4343] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 572.519799][ T4343] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 572.532261][T12891] device veth0_vlan entered promiscuous mode [ 572.541225][ T4343] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 572.567554][ T4343] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 572.579708][T10957] input: bcm5974 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/input/input6 [ 572.619233][T12891] device veth1_vlan entered promiscuous mode [ 572.669920][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 572.681038][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 572.689533][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 572.698499][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 572.711395][T12891] device veth0_macvtap entered promiscuous mode [ 572.714229][T10960] usb 5-1: Using ep0 maxpacket: 16 [ 572.726196][T12891] device veth1_macvtap entered promiscuous mode [ 572.746909][T12891] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 572.758461][T12891] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 572.768894][T12891] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 572.779876][T12891] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 572.792384][T12891] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 572.800328][T12778] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 572.809987][T12778] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 572.818707][T12778] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 572.836753][T12778] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 572.850843][T10960] usb 5-1: config 0 has an invalid interface number: 68 but max is 0 [ 572.850933][T12891] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 572.869278][T10960] usb 5-1: config 0 has no interface number 0 [ 572.876293][T10960] usb 5-1: config 0 interface 68 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 1023 [ 572.878888][T12891] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 572.900847][T12891] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 572.917490][T12891] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 572.936536][T12891] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 572.963974][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 572.983549][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 572.995408][T10949] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 573.040419][T12891] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 573.049317][T12891] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 573.084778][T10960] usb 5-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=dc.c4 [ 573.104474][T10960] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 573.128470][T12891] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 573.136995][T10960] usb 5-1: Product: syz [ 573.147673][T12891] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 573.164188][T10960] usb 5-1: Manufacturer: syz [ 573.184051][T10960] usb 5-1: SerialNumber: syz [ 573.231760][T13031] binder_alloc: 13030: pid 13030 spamming oneway? 1 buffers allocated for a total size of 4096 [ 573.254782][T10960] usb 5-1: config 0 descriptor?? [ 573.270712][T10949] usb 3-1: Using ep0 maxpacket: 16 [ 573.291194][T13062] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 573.300864][ T3545] bcm5974 6-1:1.0: could not read from device [ 573.305017][ T4243] usb 6-1: USB disconnect, device number 5 [ 573.332862][ T3545] bcm5974 6-1:1.0: could not read from device [ 573.385594][T12518] bcm5974 6-1:1.0: could not read from device [ 573.390189][T10960] usb 5-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 573.469492][T12778] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 573.484762][T12778] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 573.536404][T13062] udc-core: couldn't find an available UDC or it's busy [ 573.556398][ T5298] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 573.559883][T13062] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 573.583482][ T2856] usb 5-1: USB disconnect, device number 16 [ 573.590714][ T9] usb 5-1: Failed to submit usb control message: -71 [ 573.600922][T10949] usb 3-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice=10.00 [ 573.620606][T10949] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 573.628648][T10949] usb 3-1: Product: syz [ 573.629222][ T9] usb 5-1: unable to send the bmi data to the device: -71 [ 573.640511][T10949] usb 3-1: Manufacturer: syz [ 573.656214][T10949] usb 3-1: SerialNumber: syz [ 573.680790][T10949] usb 3-1: config 0 descriptor?? [ 573.686243][T12778] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 573.693399][ T9] usb 5-1: unable to get target info from device [ 573.701411][T12778] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 573.717828][ T5298] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 573.761839][ T9] usb 5-1: could not get target info (-71) [ 573.762492][T10949] ftdi_sio 3-1:0.0: FTDI USB Serial Device converter detected [ 573.768544][ T9] usb 5-1: could not probe fw (-71) [ 573.802555][T10949] usb 3-1: Detected FT-X [ 573.945929][T13086] loop5: detected capacity change from 0 to 256 [ 573.998929][T13086] exfat: Unknown parameter 'sys_tz' [ 574.006883][T10949] ftdi_sio ttyUSB0: Unable to read latency timer: -5 [ 574.202137][T10949] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 574.244319][T10949] ftdi_sio 3-1:0.0: GPIO initialisation failed: -71 [ 574.316862][T13092] loop4: detected capacity change from 0 to 16 [ 574.330168][T10949] usb 3-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 574.382446][T10949] usb 3-1: USB disconnect, device number 2 [ 574.421420][T13092] erofs: Unknown parameter '' [ 574.451719][T10949] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 574.474022][T10949] ftdi_sio 3-1:0.0: device disconnected [ 574.576103][T13096] overlayfs: overlapping lowerdir path [ 574.609056][T13094] loop5: detected capacity change from 0 to 4096 [ 574.779030][T13094] ntfs3: loop5: ino=3, Correct links count -> 2. [ 575.109699][T13105] loop3: detected capacity change from 0 to 256 [ 575.201325][T13105] exfat: Deprecated parameter 'namecase' [ 575.208604][T13105] exfat: Unknown parameter 'keep_last_dots' [ 575.499382][ T4198] Bluetooth: Wrong link type (-57) [ 576.123796][T13136] netlink: 580 bytes leftover after parsing attributes in process `syz.2.2821'. [ 576.223951][T13095] chnl_net:caif_netlink_parms(): no params data found [ 576.267158][T13143] loop2: detected capacity change from 0 to 64 [ 576.322556][T13140] loop4: detected capacity change from 0 to 4096 [ 576.379105][ T26] audit: type=1800 audit(1758354273.747:6): pid=13143 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.2824" name="file1" dev="loop2" ino=5 res=0 errno=0 [ 576.402255][ T26] audit: type=1800 audit(1758354273.767:7): pid=13143 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.2824" name="file1" dev="loop2" ino=5 res=0 errno=0 [ 576.434348][T13148] netlink: 'syz.5.2826': attribute type 4 has an invalid length. [ 576.458787][T13140] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found [ 576.487225][T13140] UDF-fs: Scanning with blocksize 512 failed [ 576.580697][T10958] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 576.596931][T13140] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 576.670614][ T23] Bluetooth: hci5: command 0x0409 tx timeout [ 576.696719][T13095] bridge0: port 1(bridge_slave_0) entered blocking state [ 576.724387][T13140] UDF-fs: error (device loop4): udf_fiiter_advance_blk: extent after position 0 not allocated in directory (ino 1328) [ 576.763955][T13095] bridge0: port 1(bridge_slave_0) entered disabled state [ 576.774915][T13155] loop2: detected capacity change from 0 to 1024 [ 576.782302][T13140] UDF-fs: error (device loop4): udf_verify_fi: directory (ino 1328) has too big (2088) entry at pos 0 [ 576.787657][T13095] device bridge_slave_0 entered promiscuous mode [ 576.808034][T13095] bridge0: port 2(bridge_slave_1) entered blocking state [ 576.849778][T13157] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 576.860407][T13095] bridge0: port 2(bridge_slave_1) entered disabled state [ 576.861440][T10958] usb 4-1: Using ep0 maxpacket: 32 [ 576.874393][T13095] device bridge_slave_1 entered promiscuous mode [ 576.986300][T13095] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 576.999272][ T9] hfsplus: b-tree write err: -5, ino 4 [ 577.033796][T13095] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 577.053362][T10958] usb 4-1: config index 0 descriptor too short (expected 1316, got 36) [ 577.099814][T10958] usb 4-1: config 0 has an invalid interface number: 0 but max is -1 [ 577.155377][T10958] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 0 [ 577.177704][T10958] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 577.189709][T10958] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 577.200385][T10958] usb 4-1: New USB device found, idVendor=04b4, idProduct=bca1, bcdDevice= 0.00 [ 577.210822][T10958] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 577.260661][T10958] usb 4-1: config 0 descriptor?? [ 577.279594][ T154] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 577.303368][T13168] loop5: detected capacity change from 0 to 512 [ 577.346585][T13095] team0: Port device team_slave_0 added [ 577.366502][T13095] team0: Port device team_slave_1 added [ 577.403329][T13095] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 577.410634][T13095] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 577.420600][ T23] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 577.438195][T13095] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 577.457942][T13168] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 577.469188][T13168] ext4 filesystem being mounted at /43/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 577.525826][ T154] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 577.548325][T13095] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 577.557810][T13095] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 577.584400][T13095] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 577.626065][ T154] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 577.701508][ T154] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 577.732559][T13095] device hsr_slave_0 entered promiscuous mode [ 577.740924][ T23] usb 5-1: Using ep0 maxpacket: 8 [ 577.756720][T13095] device hsr_slave_1 entered promiscuous mode [ 577.767593][T10958] cypress 0003:04B4:BCA1.0001: item fetching failed at offset 2/5 [ 577.781671][T10958] cypress 0003:04B4:BCA1.0001: parse failed [ 577.787644][T10958] cypress: probe of 0003:04B4:BCA1.0001 failed with error -22 [ 577.817827][T13095] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 577.834907][T13095] Cannot create hsr debugfs directory [ 577.852141][T13177] loop2: detected capacity change from 0 to 128 [ 578.012720][ T4229] usb 4-1: USB disconnect, device number 2 [ 578.020751][ T23] usb 5-1: New USB device found, idVendor=0867, idProduct=9812, bcdDevice=94.07 [ 578.043106][ T23] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 578.065432][ T23] usb 5-1: Product: syz [ 578.069980][ T23] usb 5-1: Manufacturer: syz [ 578.099038][ T23] usb 5-1: SerialNumber: syz [ 578.114928][ T23] usb 5-1: config 0 descriptor?? [ 578.138270][T13181] device wlan1 entered promiscuous mode [ 578.147568][T13182] attempt to access beyond end of device [ 578.147568][T13182] loop2: rw=2049, want=857, limit=128 [ 578.162604][T13181] device macsec1 entered promiscuous mode [ 578.179211][ T23] comedi comedi5: Wrong number of endpoints [ 578.194612][T13181] device wlan1 left promiscuous mode [ 578.198409][ T23] dt9812 5-1:0.0: driver 'dt9812' failed to auto-configure device. [ 578.399741][ T4229] usb 5-1: USB disconnect, device number 17 [ 578.535641][T13194] loop5: detected capacity change from 0 to 512 [ 578.698020][T13194] EXT4-fs error (device loop5): ext4_xattr_inode_iget:404: comm syz.5.2841: inode #1: comm syz.5.2841: iget: illegal inode # [ 578.751083][ T4229] Bluetooth: hci5: command 0x041b tx timeout [ 578.807225][T13194] EXT4-fs error (device loop5): ext4_xattr_inode_iget:409: comm syz.5.2841: error while reading EA inode 1 err=-117 [ 578.860717][ T23] usb 4-1: new full-speed USB device number 3 using dummy_hcd [ 578.896690][T13194] EXT4-fs warning (device loop5): ext4_expand_extra_isize_ea:2825: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 578.994709][T13194] EXT4-fs error (device loop5): ext4_xattr_inode_iget:404: comm syz.5.2841: inode #1: comm syz.5.2841: iget: illegal inode # [ 579.042949][T13194] EXT4-fs error (device loop5): ext4_xattr_inode_iget:409: comm syz.5.2841: error while reading EA inode 1 err=-117 [ 579.059588][T13194] EXT4-fs (loop5): 1 orphan inode deleted [ 579.082559][T13194] EXT4-fs (loop5): mounted filesystem without journal. Opts: minixdf,stripe=0x0000000000000003,norecovery,noinit_itable,max_batch_time=0x0000000000000006,minixdf,usrjquota=,debug_want_extra_isize=0x000000000000005c,errors=continue,dioread_lock,noblock_validity,noquota,,errors=continue. Quota mode: none. [ 579.111218][ C1] vkms_vblank_simulate: vblank timer overrun [ 579.176837][ T26] audit: type=1800 audit(1758354276.547:8): pid=13194 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.2841" name="file1" dev="loop5" ino=18 res=0 errno=0 [ 579.240709][ T23] usb 4-1: config 0 has an invalid interface number: 168 but max is 0 [ 579.259179][ T23] usb 4-1: config 0 has no interface number 0 [ 579.279456][ T23] usb 4-1: New USB device found, idVendor=05ab, idProduct=0060, bcdDevice=11.06 [ 579.304016][ T23] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 579.333846][ T23] usb 4-1: config 0 descriptor?? [ 579.388476][ T154] bond0: (slave wlan1): Releasing backup interface [ 579.523787][T13229] loop2: detected capacity change from 0 to 256 [ 579.585779][ T4198] Bluetooth: hci0: Unknown advertising packet type: 0x112 [ 579.591083][ T4287] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 579.620614][ T23] usb 4-1: string descriptor 0 read error: -71 [ 579.636934][T13095] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 579.663513][ T23] usb-storage 4-1:0.168: USB Mass Storage device detected [ 579.730194][T13095] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 579.744021][T13229] FAT-fs (loop2): Directory bread(block 64) failed [ 579.758176][T13229] FAT-fs (loop2): Directory bread(block 65) failed [ 579.771924][T13229] FAT-fs (loop2): Directory bread(block 66) failed [ 579.772520][ T23] usb-storage 4-1:0.168: Quirks match for vid 05ab pid 0060: 2 [ 579.778598][T13229] FAT-fs (loop2): Directory bread(block 67) failed [ 579.797516][T13095] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 579.829167][T13229] FAT-fs (loop2): Directory bread(block 68) failed [ 579.836958][T13095] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 579.844147][T13229] FAT-fs (loop2): Directory bread(block 69) failed [ 579.852564][T13229] FAT-fs (loop2): Directory bread(block 70) failed [ 579.859904][T13229] FAT-fs (loop2): Directory bread(block 71) failed [ 579.869561][T13229] FAT-fs (loop2): Directory bread(block 72) failed [ 579.876716][T13229] FAT-fs (loop2): Directory bread(block 73) failed [ 579.901233][ T4287] usb 5-1: Using ep0 maxpacket: 8 [ 579.943764][ T23] usb 4-1: USB disconnect, device number 3 [ 580.065145][ T4287] usb 5-1: config 0 has no interfaces? [ 580.082680][ T154] device hsr_slave_0 left promiscuous mode [ 580.127616][ T154] device hsr_slave_1 left promiscuous mode [ 580.166231][ T4287] usb 5-1: config 0 has no interfaces? [ 580.175919][ T154] device bridge_slave_1 left promiscuous mode [ 580.216304][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 580.254156][ T154] device bridge_slave_0 left promiscuous mode [ 580.260875][ T4287] usb 5-1: config 0 has no interfaces? [ 580.269510][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 580.286058][ T154] rdma_rxe: ignoring netdev event = 10 for bond_slave_1 [ 580.322311][ T154] device veth1_macvtap left promiscuous mode [ 580.342309][ T154] device veth0_macvtap left promiscuous mode [ 580.358098][ T154] device veth1_vlan left promiscuous mode [ 580.374507][ T154] device veth0_vlan left promiscuous mode [ 580.440901][ T4287] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 580.460266][ T4287] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 580.496383][ T4287] usb 5-1: Product: syz [ 580.501687][ T4287] usb 5-1: Manufacturer: syz [ 580.517348][ T4287] usb 5-1: SerialNumber: syz [ 580.547646][T13270] loop3: detected capacity change from 0 to 1024 [ 580.567611][ T154] infiniband syz0: set down [ 580.568388][ T4287] usb 5-1: config 0 descriptor?? [ 580.610291][T13273] loop5: detected capacity change from 0 to 128 [ 580.663246][T13270] hfsplus: catalog searching failed [ 580.674338][T13270] Unsupported ieee802154 address type: 0 [ 580.736071][ T154] bond1 (unregistering): Released all slaves [ 580.830559][ T4229] Bluetooth: hci5: command 0x040f tx timeout [ 580.868711][ T4243] usb 5-1: USB disconnect, device number 18 [ 580.953180][ T154] team0 (unregistering): Port device team_slave_1 removed [ 580.968400][ T154] team0 (unregistering): Port device team_slave_0 removed [ 580.982184][ T154] rdma_rxe: ignoring netdev event = 27 for bond_slave_1 [ 580.989492][ T154] rdma_rxe: ignoring netdev event = 26 for bond_slave_1 [ 580.996987][ T154] rdma_rxe: ignoring netdev event = 21 for bond_slave_1 [ 581.004433][ T154] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 581.015071][ T154] rdma_rxe: ignoring netdev event = 9 for bond_slave_1 [ 581.022489][ T154] rdma_rxe: ignoring netdev event = 8 for bond_slave_1 [ 581.036916][ T5546] smc: removing ib device syz0 [ 581.043240][ T154] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 581.115804][ T154] bond0 (unregistering): Released all slaves [ 581.247636][T12778] hfsplus: b-tree write err: -5, ino 8 [ 581.370017][T13095] 8021q: adding VLAN 0 to HW filter on device bond0 [ 581.391278][T13279] tipc: Started in network mode [ 581.405759][T13279] tipc: Node identity ac1414aa, cluster identity 4711 [ 581.420725][T13284] loop3: detected capacity change from 0 to 256 [ 581.442012][T13279] tipc: Enabled bearer , priority 10 [ 581.468042][T13095] 8021q: adding VLAN 0 to HW filter on device team0 [ 581.505035][ T4343] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 581.513984][T13284] exfat: Unknown parameter 'zero_size_dir' [ 581.529058][ T4343] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 581.560619][ T4343] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 581.624248][ T4343] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 581.661742][ T4343] bridge0: port 1(bridge_slave_0) entered blocking state [ 581.669723][ T4343] bridge0: port 1(bridge_slave_0) entered forwarding state [ 581.709005][ T4343] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 581.739768][ T4343] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 581.801284][ T4343] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 581.809855][ T4343] bridge0: port 2(bridge_slave_1) entered blocking state [ 581.816999][ T4343] bridge0: port 2(bridge_slave_1) entered forwarding state [ 581.859057][T13300] loop4: detected capacity change from 0 to 256 [ 581.877726][T12778] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 581.897184][T12778] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 581.925313][ T4250] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 581.935585][T12778] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 581.957242][T12778] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 581.987705][T12778] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 582.009198][T12778] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 582.025032][T13300] FAT-fs (loop4): Directory bread(block 64) failed [ 582.037668][T13300] FAT-fs (loop4): Directory bread(block 65) failed [ 582.049484][T12778] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 582.063300][T13300] FAT-fs (loop4): Directory bread(block 66) failed [ 582.076505][T12778] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 582.091735][T13300] FAT-fs (loop4): Directory bread(block 67) failed [ 582.131974][T13095] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 582.144882][T13300] FAT-fs (loop4): Directory bread(block 68) failed [ 582.153524][T13300] FAT-fs (loop4): Directory bread(block 69) failed [ 582.161410][T13095] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 582.169708][T12778] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 582.186406][T13300] FAT-fs (loop4): Directory bread(block 70) failed [ 582.195376][T12778] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 582.206458][T12778] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 582.215042][T13300] FAT-fs (loop4): Directory bread(block 71) failed [ 582.223155][T13300] FAT-fs (loop4): Directory bread(block 72) failed [ 582.247307][T13307] tipc: Started in network mode [ 582.253946][T13307] tipc: Node identity 625ca187102a, cluster identity 4711 [ 582.263552][T13300] FAT-fs (loop4): Directory bread(block 73) failed [ 582.270407][T13307] tipc: Enabled bearer , priority 0 [ 582.285745][T13307] device syzkaller0 entered promiscuous mode [ 582.290781][ T4250] usb 3-1: config index 0 descriptor too short (expected 39, got 27) [ 582.317381][ T4250] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 582.335921][T13307] tipc: Resetting bearer [ 582.358091][T13306] tipc: Resetting bearer [ 582.360638][ T4250] usb 3-1: config 0 interface 0 altsetting 251 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 582.390996][T13306] tipc: Disabling bearer [ 582.420593][ T4250] usb 3-1: config 0 interface 0 has no altsetting 0 [ 582.457959][T10960] tipc: Node number set to 2886997162 [ 582.580736][ T4250] usb 3-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 582.589876][ T4250] usb 3-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 582.619370][ T4250] usb 3-1: Product: syz [ 582.631927][ T4250] usb 3-1: Manufacturer: syz [ 582.638605][ T4250] usb 3-1: SerialNumber: syz [ 582.655566][ T4250] usb 3-1: config 0 descriptor?? [ 582.695706][ T4420] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 582.711216][ T4420] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 582.722764][T13095] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 582.737503][T13320] loop5: detected capacity change from 0 to 128 [ 582.742110][ T4250] hub 3-1:0.0: bad descriptor, ignoring hub [ 582.750204][ T4250] hub: probe of 3-1:0.0 failed with error -5 [ 582.787687][ T5298] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 582.824329][ T5298] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 582.896139][ T5298] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 582.908444][T13320] loop_set_status: loop5 () has still dirty pages (nrpages=1) [ 582.910796][ T4243] Bluetooth: hci5: command 0x0419 tx timeout [ 582.920718][ T5298] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 582.947891][ T5298] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 582.967680][ T5298] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 582.988493][T13095] device veth0_vlan entered promiscuous mode [ 583.021820][T13294] [ 583.024327][T13294] ============================= [ 583.042050][T13294] WARNING: suspicious RCU usage [ 583.046962][T13294] syzkaller #0 Not tainted [ 583.047770][ T4250] snd-usb-audio: probe of 3-1:0.0 failed with error -22 [ 583.090602][T13294] ----------------------------- [ 583.096282][T13294] include/linux/rhashtable.h:594 suspicious rcu_dereference_check() usage! [ 583.160321][T13294] [ 583.160321][T13294] other info that might help us debug this: [ 583.160321][T13294] [ 583.176232][T13331] netlink: 64 bytes leftover after parsing attributes in process `syz.5.2884'. [ 583.178639][T12410] udevd[12410]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 583.235725][T13294] [ 583.235725][T13294] rcu_scheduler_active = 2, debug_locks = 1 [ 583.290600][T13294] 1 lock held by syz.2.2871/13294: [ 583.296027][T13294] #0: ffffffff8d238048 (rtnl_mutex){+.+.}-{3:3}, at: ip_mroute_setsockopt+0x105/0x11a0 [ 583.311647][T13294] [ 583.311647][T13294] stack backtrace: [ 583.326262][T13294] CPU: 1 PID: 13294 Comm: syz.2.2871 Not tainted syzkaller #0 [ 583.333790][T13294] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 583.343886][T13294] Call Trace: [ 583.347206][T13294] [ 583.350158][T13294] dump_stack_lvl+0x168/0x230 [ 583.354887][T13294] ? load_image+0x3b0/0x3b0 [ 583.359443][T13294] ? show_regs_print_info+0x20/0x20 [ 583.364704][T13294] ? lockdep_rcu_suspicious+0x110/0x180 [ 583.370286][T13294] ? local_bh_enable+0x20/0x20 [ 583.375087][T13294] rhltable_lookup+0x77b/0x790 [ 583.379906][T13294] ? mr_mfc_find_parent+0x190/0x190 [ 583.385141][T13294] ? mark_lock+0x94/0x320 [ 583.389545][T13294] ? local_bh_enable+0x20/0x20 [ 583.395122][T13294] ? mark_lock+0x94/0x320 [ 583.399491][T13294] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 583.405522][T13294] ? lock_chain_count+0x20/0x20 [ 583.410522][T13294] mr_mfc_find_any_parent+0xb6/0x1e0 [ 583.415996][T13294] ? local_bh_enable+0x20/0x20 [ 583.420896][T13294] ip_mr_forward+0x24c/0xf90 [ 583.425524][T13294] ipmr_mfc_add+0x2466/0x2eb0 [ 583.430480][T13294] ? ipmr_mfc_delete+0x5c0/0x5c0 [ 583.435827][T13294] ? __lock_acquire+0x7c60/0x7c60 [ 583.440888][T13294] ip_mroute_setsockopt+0xe33/0x11a0 [ 583.446198][T13294] ? ipmr_rule_default+0x70/0x70 [ 583.451374][T13294] ? __might_sleep+0xf0/0xf0 [ 583.455989][T13294] ip_setsockopt+0x4ad/0x3070 [ 583.460681][T13294] ? ipv4_pktinfo_prepare+0x6f0/0x6f0 [ 583.466058][T13294] ? aa_sk_perm+0x7b4/0x8f0 [ 583.470574][T13294] ? aa_af_perm+0x2b0/0x2b0 [ 583.475094][T13294] ? __fget_files+0x40f/0x480 [ 583.479807][T13294] ? aa_sock_opt_perm+0x74/0x100 [ 583.484769][T13294] ? sock_common_setsockopt+0x32/0xb0 [ 583.490169][T13294] ? raw_setsockopt+0xc5/0x180 [ 583.494938][T13294] ? sock_common_recvmsg+0x1b0/0x1b0 [ 583.500322][T13294] __sys_setsockopt+0x2bf/0x3d0 [ 583.505184][T13294] __x64_sys_setsockopt+0xb1/0xc0 [ 583.510234][T13294] do_syscall_64+0x4c/0xa0 [ 583.514658][T13294] ? clear_bhb_loop+0x30/0x80 [ 583.519426][T13294] ? clear_bhb_loop+0x30/0x80 [ 583.524108][T13294] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 583.530010][T13294] RIP: 0033:0x7fc0ea519c29 [ 583.534434][T13294] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 583.554069][T13294] RSP: 002b:00007fc0e8781038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 583.562524][T13294] RAX: ffffffffffffffda RBX: 00007fc0ea760fa0 RCX: 00007fc0ea519c29 [ 583.570614][T13294] RDX: 00000000000000d2 RSI: 0000000000000000 RDI: 0000000000000006 [ 583.578597][T13294] RBP: 00007fc0ea59ce41 R08: 000000000000003c R09: 0000000000000000 [ 583.586584][T13294] R10: 0000200000000200 R11: 0000000000000246 R12: 0000000000000000 [ 583.594941][T13294] R13: 00007fc0ea761038 R14: 00007fc0ea760fa0 R15: 00007fff038bacd8 [ 583.602966][T13294] [ 583.606123][ C1] vkms_vblank_simulate: vblank timer overrun [ 583.615350][T13294] [ 583.617740][T13294] ============================= [ 583.622948][T13294] WARNING: suspicious RCU usage [ 583.627849][T13294] syzkaller #0 Not tainted [ 583.632460][T13294] ----------------------------- [ 583.637357][T13294] include/linux/rhashtable.h:369 suspicious rcu_dereference_check() usage! [ 583.646102][T13294] [ 583.646102][T13294] other info that might help us debug this: [ 583.646102][T13294] [ 583.656435][T13294] [ 583.656435][T13294] rcu_scheduler_active = 2, debug_locks = 1 [ 583.664643][T13294] 1 lock held by syz.2.2871/13294: [ 583.669777][T13294] #0: ffffffff8d238048 (rtnl_mutex){+.+.}-{3:3}, at: ip_mroute_setsockopt+0x105/0x11a0 [ 583.679806][T13294] [ 583.679806][T13294] stack backtrace: [ 583.685834][T13294] CPU: 1 PID: 13294 Comm: syz.2.2871 Not tainted syzkaller #0 [ 583.693367][T13294] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 583.703456][T13294] Call Trace: [ 583.706752][T13294] [ 583.709711][T13294] dump_stack_lvl+0x168/0x230 [ 583.714409][T13294] ? load_image+0x3b0/0x3b0 [ 583.718958][T13294] ? show_regs_print_info+0x20/0x20 [ 583.724177][T13294] ? lockdep_rcu_suspicious+0x110/0x180 [ 583.729736][T13294] ? local_bh_enable+0x20/0x20 [ 583.734545][T13294] rhltable_lookup+0x504/0x790 [ 583.739331][T13294] ? local_bh_enable+0x20/0x20 [ 583.744134][T13294] ? mr_mfc_find_parent+0x190/0x190 [ 583.749455][T13294] ? mark_lock+0x94/0x320 [ 583.753807][T13294] ? local_bh_enable+0x20/0x20 [ 583.758620][T13294] ? mark_lock+0x94/0x320 [ 583.762970][T13294] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 583.769007][T13294] ? lock_chain_count+0x20/0x20 [ 583.773880][T13294] mr_mfc_find_any_parent+0xb6/0x1e0 [ 583.779203][T13294] ? local_bh_enable+0x20/0x20 [ 583.783984][T13294] ip_mr_forward+0x24c/0xf90 [ 583.788602][T13294] ipmr_mfc_add+0x2466/0x2eb0 [ 583.793313][T13294] ? ipmr_mfc_delete+0x5c0/0x5c0 [ 583.798710][T13294] ? __lock_acquire+0x7c60/0x7c60 [ 583.803772][T13294] ip_mroute_setsockopt+0xe33/0x11a0 [ 583.809465][T13294] ? ipmr_rule_default+0x70/0x70 [ 583.814437][T13294] ? __might_sleep+0xf0/0xf0 [ 583.819040][T13294] ip_setsockopt+0x4ad/0x3070 [ 583.823761][T13294] ? ipv4_pktinfo_prepare+0x6f0/0x6f0 [ 583.829146][T13294] ? aa_sk_perm+0x7b4/0x8f0 [ 583.833756][T13294] ? aa_af_perm+0x2b0/0x2b0 [ 583.838729][T13294] ? __fget_files+0x40f/0x480 [ 583.843526][T13294] ? aa_sock_opt_perm+0x74/0x100 [ 583.848503][T13294] ? sock_common_setsockopt+0x32/0xb0 [ 583.853922][T13294] ? raw_setsockopt+0xc5/0x180 [ 583.858766][T13294] ? sock_common_recvmsg+0x1b0/0x1b0 [ 583.864078][T13294] __sys_setsockopt+0x2bf/0x3d0 [ 583.868949][T13294] __x64_sys_setsockopt+0xb1/0xc0 [ 583.874012][T13294] do_syscall_64+0x4c/0xa0 [ 583.878437][T13294] ? clear_bhb_loop+0x30/0x80 [ 583.883145][T13294] ? clear_bhb_loop+0x30/0x80 [ 583.887846][T13294] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 583.893878][T13294] RIP: 0033:0x7fc0ea519c29 [ 583.898992][T13294] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 583.918832][T13294] RSP: 002b:00007fc0e8781038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 583.927275][T13294] RAX: ffffffffffffffda RBX: 00007fc0ea760fa0 RCX: 00007fc0ea519c29 [ 583.935491][T13294] RDX: 00000000000000d2 RSI: 0000000000000000 RDI: 0000000000000006 [ 583.943482][T13294] RBP: 00007fc0ea59ce41 R08: 000000000000003c R09: 0000000000000000 [ 583.951484][T13294] R10: 0000200000000200 R11: 0000000000000246 R12: 0000000000000000 [ 583.959469][T13294] R13: 00007fc0ea761038 R14: 00007fc0ea760fa0 R15: 00007fff038bacd8 [ 583.967996][T13294] [ 583.971050][ C1] vkms_vblank_simulate: vblank timer overrun [ 583.984401][T13294] [ 583.986967][T13294] ============================= [ 583.991973][T13294] WARNING: suspicious RCU usage [ 583.998283][T13294] syzkaller #0 Not tainted [ 584.003013][T13294] ----------------------------- [ 584.007922][T13294] include/linux/rhashtable.h:614 suspicious rcu_dereference_check() usage! [ 584.016621][T13294] [ 584.016621][T13294] other info that might help us debug this: [ 584.016621][T13294] [ 584.026920][T13294] [ 584.026920][T13294] rcu_scheduler_active = 2, debug_locks = 1 [ 584.035612][T13294] 1 lock held by syz.2.2871/13294: [ 584.041293][T13294] #0: ffffffff8d238048 (rtnl_mutex){+.+.}-{3:3}, at: ip_mroute_setsockopt+0x105/0x11a0 [ 584.051357][T13294] [ 584.051357][T13294] stack backtrace: [ 584.057383][T13294] CPU: 1 PID: 13294 Comm: syz.2.2871 Not tainted syzkaller #0 [ 584.064849][T13294] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 584.074918][T13294] Call Trace: [ 584.078333][T13294] [ 584.081272][T13294] dump_stack_lvl+0x168/0x230 [ 584.085966][T13294] ? load_image+0x3b0/0x3b0 [ 584.090505][T13294] ? show_regs_print_info+0x20/0x20 [ 584.095869][T13294] ? lockdep_rcu_suspicious+0x110/0x180 [ 584.101636][T13294] ? local_bh_enable+0x20/0x20 [ 584.106454][T13294] rhltable_lookup+0x5f8/0x790 [ 584.111252][T13294] ? local_bh_enable+0x20/0x20 [ 584.116063][T13294] ? mr_mfc_find_parent+0x190/0x190 [ 584.121295][T13294] ? mark_lock+0x94/0x320 [ 584.125637][T13294] ? local_bh_enable+0x20/0x20 [ 584.130516][T13294] ? mark_lock+0x94/0x320 [ 584.134869][T13294] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 584.140870][T13294] ? lock_chain_count+0x20/0x20 [ 584.145743][T13294] mr_mfc_find_any_parent+0xb6/0x1e0 [ 584.151059][T13294] ? local_bh_enable+0x20/0x20 [ 584.155835][T13294] ip_mr_forward+0x24c/0xf90 [ 584.160447][T13294] ipmr_mfc_add+0x2466/0x2eb0 [ 584.165175][T13294] ? ipmr_mfc_delete+0x5c0/0x5c0 [ 584.170229][T13294] ? __lock_acquire+0x7c60/0x7c60 [ 584.175284][T13294] ip_mroute_setsockopt+0xe33/0x11a0 [ 584.180591][T13294] ? ipmr_rule_default+0x70/0x70 [ 584.185592][T13294] ? __might_sleep+0xf0/0xf0 [ 584.190252][T13294] ip_setsockopt+0x4ad/0x3070 [ 584.195063][T13294] ? ipv4_pktinfo_prepare+0x6f0/0x6f0 [ 584.201147][T13294] ? aa_sk_perm+0x7b4/0x8f0 [ 584.206077][T13294] ? aa_af_perm+0x2b0/0x2b0 [ 584.210609][T13294] ? __fget_files+0x40f/0x480 [ 584.215329][T13294] ? aa_sock_opt_perm+0x74/0x100 [ 584.220306][T13294] ? sock_common_setsockopt+0x32/0xb0 [ 584.225695][T13294] ? raw_setsockopt+0xc5/0x180 [ 584.230485][T13294] ? sock_common_recvmsg+0x1b0/0x1b0 [ 584.235922][T13294] __sys_setsockopt+0x2bf/0x3d0 [ 584.240826][T13294] __x64_sys_setsockopt+0xb1/0xc0 [ 584.245892][T13294] do_syscall_64+0x4c/0xa0 [ 584.250406][T13294] ? clear_bhb_loop+0x30/0x80 [ 584.255108][T13294] ? clear_bhb_loop+0x30/0x80 [ 584.259792][T13294] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 584.265713][T13294] RIP: 0033:0x7fc0ea519c29 [ 584.270168][T13294] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 584.289938][T13294] RSP: 002b:00007fc0e8781038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 584.298516][T13294] RAX: ffffffffffffffda RBX: 00007fc0ea760fa0 RCX: 00007fc0ea519c29 [ 584.306512][T13294] RDX: 00000000000000d2 RSI: 0000000000000000 RDI: 0000000000000006 [ 584.314507][T13294] RBP: 00007fc0ea59ce41 R08: 000000000000003c R09: 0000000000000000 [ 584.322508][T13294] R10: 0000200000000200 R11: 0000000000000246 R12: 0000000000000000 [ 584.330506][T13294] R13: 00007fc0ea761038 R14: 00007fc0ea760fa0 R15: 00007fff038bacd8 [ 584.338524][T13294] [ 584.341718][ C1] vkms_vblank_simulate: vblank timer overrun [ 584.353538][T13095] device veth1_vlan entered promiscuous mode [ 584.360860][ T4718] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 584.411919][T13095] device veth0_macvtap entered promiscuous mode [ 584.419110][T12778] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 584.436364][T12778] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 584.445445][T12778] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 584.469749][T13095] device veth1_macvtap entered promiscuous mode [ 584.491853][T13095] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 584.504683][T13095] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 584.521419][T13095] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 584.532275][T13095] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 584.542211][T13095] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 584.552733][T13095] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 584.564354][T13095] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 584.573862][ T5546] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 584.582730][ T5546] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 584.592728][T10958] usb 3-1: USB disconnect, device number 3 [ 584.602710][ T5546] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 584.619109][T13095] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 584.630244][T13095] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 584.641290][T13095] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 584.653209][T13095] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 584.663117][T13095] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 584.674029][T13095] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 584.685518][T13095] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 584.693557][ T5546] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 584.704313][ T5546] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 584.718861][T13095] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 584.728369][T13095] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 584.737745][T13095] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 584.746821][T13095] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 584.836602][T12778] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 584.857842][T12778] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 584.857941][ T5546] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 584.871421][ T5298] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 584.883496][ T5546] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 584.894592][ T5546] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready